last executing test programs: 405.414631ms ago: executing program 3 (id=4): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES32], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d14"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x0, 0x0, 0xd1}) 107.529636ms ago: executing program 0 (id=1): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x800) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setown(r1, 0x8, r2) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r4 = syz_open_procfs$pagemap(r3, &(0x7f0000000100)) syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000302000040"], 0x0) dup2(r1, r4) 70.48182ms ago: executing program 1 (id=2): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000240)=0x52, 0x4) 67.714843ms ago: executing program 2 (id=3): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x50, 0x0, 0x0, 0x0, 0x10, 0x4d9, 0xa081, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x8}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0xf, "0176b195"}, @main=@item_012={0x2, 0x0, 0xa, ')_'}]}}, 0x0}, 0xfffffffffffffffc) 0s ago: executing program 1 (id=5): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x40) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x4000, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chmod(&(0x7f0000000180)='./file0\x00', 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.240' (ED25519) to the list of known hosts. [ 65.820270][ T5850] cgroup: Unknown subsys name 'net' [ 65.989810][ T5850] cgroup: Unknown subsys name 'cpuset' [ 65.997104][ T5850] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.158609][ T5850] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.114868][ T5870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.122128][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.126601][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.129732][ T5870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.143850][ T5870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.151086][ T5874] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.152966][ T5872] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.158336][ T5870] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.165427][ T5872] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.173076][ T5874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.179748][ T5872] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.186550][ T5874] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.193670][ T5872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.200295][ T5870] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.207399][ T5872] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.220997][ T5870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.229557][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.237877][ T5872] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.238632][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.252834][ T5869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.514343][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 69.534634][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 69.573231][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 69.604317][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 69.652530][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.659755][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.666861][ T5859] bridge_slave_0: entered allmulticast mode [ 69.673937][ T5859] bridge_slave_0: entered promiscuous mode [ 69.699056][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.706172][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.713475][ T5859] bridge_slave_1: entered allmulticast mode [ 69.720322][ T5859] bridge_slave_1: entered promiscuous mode [ 69.746606][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.754007][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.761134][ T5860] bridge_slave_0: entered allmulticast mode [ 69.767647][ T5860] bridge_slave_0: entered promiscuous mode [ 69.789213][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.796430][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.803750][ T5860] bridge_slave_1: entered allmulticast mode [ 69.810339][ T5860] bridge_slave_1: entered promiscuous mode [ 69.830918][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.841884][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.864389][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.871527][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.879119][ T5862] bridge_slave_0: entered allmulticast mode [ 69.885605][ T5862] bridge_slave_0: entered promiscuous mode [ 69.911422][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.919497][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.926574][ T5861] bridge_slave_0: entered allmulticast mode [ 69.933408][ T5861] bridge_slave_0: entered promiscuous mode [ 69.940605][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.947862][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.954965][ T5862] bridge_slave_1: entered allmulticast mode [ 69.961575][ T5862] bridge_slave_1: entered promiscuous mode [ 69.969142][ T5859] team0: Port device team_slave_0 added [ 69.982705][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.992006][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.999425][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.006516][ T5861] bridge_slave_1: entered allmulticast mode [ 70.013083][ T5861] bridge_slave_1: entered promiscuous mode [ 70.020552][ T5859] team0: Port device team_slave_1 added [ 70.034068][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.073198][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.089696][ T5860] team0: Port device team_slave_0 added [ 70.096859][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.113719][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.123915][ T5860] team0: Port device team_slave_1 added [ 70.137371][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.154033][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.161008][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.186957][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.198690][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.205657][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.231655][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.270384][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.277365][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.303435][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.315229][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.322275][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.348391][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.360154][ T5861] team0: Port device team_slave_0 added [ 70.368094][ T5862] team0: Port device team_slave_0 added [ 70.378056][ T5861] team0: Port device team_slave_1 added [ 70.391936][ T5862] team0: Port device team_slave_1 added [ 70.423742][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.430736][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.456812][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.474029][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.481441][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.507523][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.524630][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.531651][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.557575][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.570946][ T5859] hsr_slave_0: entered promiscuous mode [ 70.576998][ T5859] hsr_slave_1: entered promiscuous mode [ 70.589782][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.596804][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.623135][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.661310][ T5860] hsr_slave_0: entered promiscuous mode [ 70.667274][ T5860] hsr_slave_1: entered promiscuous mode [ 70.673265][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 70.679307][ T5860] Cannot create hsr debugfs directory [ 70.717233][ T5862] hsr_slave_0: entered promiscuous mode [ 70.723933][ T5862] hsr_slave_1: entered promiscuous mode [ 70.730348][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 70.736075][ T5862] Cannot create hsr debugfs directory [ 70.762721][ T5861] hsr_slave_0: entered promiscuous mode [ 70.769682][ T5861] hsr_slave_1: entered promiscuous mode [ 70.775532][ T5861] debugfs: 'hsr0' already exists in 'hsr' [ 70.781320][ T5861] Cannot create hsr debugfs directory [ 70.976260][ T5859] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.985319][ T5859] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.997221][ T5859] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.009696][ T5859] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.035824][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.046575][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.059878][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.072292][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.122373][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.132369][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.141935][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.159593][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.209940][ T5862] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.220640][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.227031][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.233661][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.243370][ T5862] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.252058][ T5862] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.261331][ T5862] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.272505][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.292880][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.299565][ T5188] Bluetooth: hci3: command tx timeout [ 71.299593][ T5188] Bluetooth: hci1: command tx timeout [ 71.299616][ T5188] Bluetooth: hci0: command tx timeout [ 71.300944][ T5869] Bluetooth: hci2: command tx timeout [ 71.323299][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.330407][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.342487][ T3015] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.349581][ T3015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.362963][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.382487][ T3015] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.389587][ T3015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.401530][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.408624][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.447153][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.472336][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.494988][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.502084][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.520115][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.527180][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.582104][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.612689][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.662347][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.706247][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.713374][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.733989][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.741085][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.800102][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.865430][ T5859] veth0_vlan: entered promiscuous mode [ 71.876575][ T5859] veth1_vlan: entered promiscuous mode [ 71.892584][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.926086][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.943015][ T5859] veth0_macvtap: entered promiscuous mode [ 71.964225][ T5859] veth1_macvtap: entered promiscuous mode [ 72.000755][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.011719][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.031874][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.046945][ T5861] veth0_vlan: entered promiscuous mode [ 72.054935][ T5860] veth0_vlan: entered promiscuous mode [ 72.065865][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.080970][ T5860] veth1_vlan: entered promiscuous mode [ 72.088573][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.098520][ T5861] veth1_vlan: entered promiscuous mode [ 72.108959][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.117763][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.177528][ T5862] veth0_vlan: entered promiscuous mode [ 72.193030][ T5860] veth0_macvtap: entered promiscuous mode [ 72.200951][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.203295][ T5862] veth1_vlan: entered promiscuous mode [ 72.210274][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.227890][ T5861] veth0_macvtap: entered promiscuous mode [ 72.238255][ T5860] veth1_macvtap: entered promiscuous mode [ 72.256648][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.270972][ T5862] veth0_macvtap: entered promiscuous mode [ 72.282350][ T5861] veth1_macvtap: entered promiscuous mode [ 72.296911][ T5862] veth1_macvtap: entered promiscuous mode [ 72.305380][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.316724][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.324634][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.334348][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.342308][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.353789][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.373098][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.391348][ T1108] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.406044][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 72.406912][ T1108] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.442061][ T1108] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.451144][ T1108] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.463539][ T1108] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.473493][ T1108] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.513480][ T1108] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.535363][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.544190][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.556843][ T1108] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.572365][ T1108] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.583121][ T1108] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.606818][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.615434][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.624289][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.633089][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.651970][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.662675][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.684852][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.693619][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.713382][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.722426][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.746817][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.755338][ T5929] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 72.769091][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.897407][ T5961] ------------[ cut here ]------------ [ 72.904183][ T5961] UBSAN: shift-out-of-bounds in fs/9p/vfs_super.c:57:22 [ 72.912253][ T5961] shift exponent 32 is too large for 32-bit type 'int' [ 72.920403][ T5961] CPU: 0 UID: 0 PID: 5961 Comm: syz.1.5 Not tainted syzkaller #0 PREEMPT(full) [ 72.920419][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 72.920427][ T5961] Call Trace: [ 72.920431][ T5961] [ 72.920436][ T5961] dump_stack_lvl+0x189/0x250 [ 72.920460][ T5961] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.920480][ T5961] ? __pfx__printk+0x10/0x10 [ 72.920501][ T5961] ubsan_epilogue+0xa/0x40 [ 72.920517][ T5961] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 72.920535][ T5961] ? __pfx_v9fs_set_super+0x10/0x10 [ 72.920550][ T5961] v9fs_get_tree+0x957/0xa90 [ 72.920565][ T5961] ? __pfx_v9fs_get_tree+0x10/0x10 [ 72.920582][ T5961] vfs_get_tree+0x8f/0x2b0 [ 72.920596][ T5961] do_new_mount+0x2a2/0xa30 [ 72.920611][ T5961] ? ns_capable+0x8a/0xf0 [ 72.920624][ T5961] ? __pfx_do_new_mount+0x10/0x10 [ 72.920637][ T5961] ? path_mount+0x61c/0xfe0 [ 72.920650][ T5961] ? user_path_at+0x44/0x60 [ 72.920673][ T5961] __se_sys_mount+0x317/0x410 [ 72.920689][ T5961] ? __pfx___se_sys_mount+0x10/0x10 [ 72.920704][ T5961] ? rcu_is_watching+0x15/0xb0 [ 72.920717][ T5961] ? __x64_sys_mount+0x20/0xc0 [ 72.920732][ T5961] do_syscall_64+0xfa/0xfa0 [ 72.920749][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.920762][ T5961] ? clear_bhb_loop+0x60/0xb0 [ 72.920775][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.920787][ T5961] RIP: 0033:0x7f55c218ebe9 [ 72.920804][ T5961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.920815][ T5961] RSP: 002b:00007f55c30db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.920828][ T5961] RAX: ffffffffffffffda RBX: 00007f55c23c5fa0 RCX: 00007f55c218ebe9 [ 72.920838][ T5961] RDX: 00002000000001c0 RSI: 0000200000000040 RDI: 0000000000000000 [ 72.920846][ T5961] RBP: 00007f55c2211e19 R08: 0000200000000440 R09: 0000000000000000 [ 72.920854][ T5961] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000000 [ 72.920862][ T5961] R13: 00007f55c23c6038 R14: 00007f55c23c5fa0 R15: 00007fffc0e9cf98 [ 72.920876][ T5961] [ 72.920880][ T5961] ---[ end trace ]--- [ 72.941938][ T5929] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 72.945279][ T5961] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 72.945297][ T5961] CPU: 0 UID: 0 PID: 5961 Comm: syz.1.5 Not tainted syzkaller #0 PREEMPT(full) [ 72.945321][ T5961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 72.945333][ T5961] Call Trace: [ 72.945341][ T5961] [ 72.945350][ T5961] dump_stack_lvl+0x99/0x250 [ 72.945386][ T5961] ? __asan_memcpy+0x40/0x70 [ 72.945415][ T5961] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.945445][ T5961] ? __pfx__printk+0x10/0x10 [ 72.945481][ T5961] vpanic+0x281/0x750 [ 72.945506][ T5961] ? __pfx_vpanic+0x10/0x10 [ 72.945537][ T5961] panic+0xb9/0xc0 [ 72.945560][ T5961] ? __pfx_panic+0x10/0x10 [ 72.945585][ T5961] ? __pfx__printk+0x10/0x10 [ 72.945618][ T5961] check_panic_on_warn+0x89/0xb0 [ 72.945651][ T5961] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 72.945680][ T5961] ? __pfx_v9fs_set_super+0x10/0x10 [ 72.945706][ T5961] v9fs_get_tree+0x957/0xa90 [ 72.945733][ T5961] ? __pfx_v9fs_get_tree+0x10/0x10 [ 72.945760][ T5961] vfs_get_tree+0x8f/0x2b0 [ 72.945782][ T5961] do_new_mount+0x2a2/0xa30 [ 72.945806][ T5961] ? ns_capable+0x8a/0xf0 [ 72.945828][ T5961] ? __pfx_do_new_mount+0x10/0x10 [ 72.945850][ T5961] ? path_mount+0x61c/0xfe0 [ 72.945869][ T5961] ? user_path_at+0x44/0x60 [ 72.945902][ T5961] __se_sys_mount+0x317/0x410 [ 72.945936][ T5961] ? __pfx___se_sys_mount+0x10/0x10 [ 72.945962][ T5961] ? rcu_is_watching+0x15/0xb0 [ 72.945984][ T5961] ? __x64_sys_mount+0x20/0xc0 [ 72.946008][ T5961] do_syscall_64+0xfa/0xfa0 [ 72.946037][ T5961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.946056][ T5961] ? clear_bhb_loop+0x60/0xb0 [ 72.946079][ T5961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.946101][ T5961] RIP: 0033:0x7f55c218ebe9 [ 72.946118][ T5961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.946135][ T5961] RSP: 002b:00007f55c30db038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.946158][ T5961] RAX: ffffffffffffffda RBX: 00007f55c23c5fa0 RCX: 00007f55c218ebe9 [ 72.946173][ T5961] RDX: 00002000000001c0 RSI: 0000200000000040 RDI: 0000000000000000 [ 72.946187][ T5961] RBP: 00007f55c2211e19 R08: 0000200000000440 R09: 0000000000000000 [ 72.946200][ T5961] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000000 [ 72.946213][ T5961] R13: 00007f55c23c6038 R14: 00007f55c23c5fa0 R15: 00007fffc0e9cf98 [ 72.946236][ T5961] [ 72.947444][ T5961] Kernel Offset: disabled