last executing test programs: 1.418911036s ago: executing program 1 (id=12): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x6}, 0x1c) 1.3268075s ago: executing program 0 (id=14): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r0, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000040)={0xa, 0x0, 0xd99, @empty}, 0x4b) recvmmsg(r0, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) 1.27344253s ago: executing program 3 (id=15): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f00003be000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x7, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 1.267673069s ago: executing program 1 (id=16): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x1e, 0x1f, 0x101, &(0x7f0000000080)}) 1.204206095s ago: executing program 0 (id=17): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88203, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) 1.093439755s ago: executing program 0 (id=18): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000000)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x20000000000005, 0x3a, '!L\xf0!\\+Jj\x95\xa27W\xfd\xe3aE\xa9b;\xca\x84\xec\xa2i6\xc2<\xa73\xec&N(\xf8;L\x7fu\xae', 0x3a, '\x00\x15W\x8ck\xab\xc7\xf8ZW7\x99\x98Dc\x0fvA\x88\xdb{5k\xe6\xe3TB\x8f\x16\x8f}\x13\xe3|\x16o)^', 0x3a, './file0'}, 0x74) 1.09319693s ago: executing program 1 (id=19): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)) 1.071647795s ago: executing program 0 (id=20): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) fcntl$notify(r0, 0x402, 0x6) getdents64(r0, 0x0, 0x0) 933.680518ms ago: executing program 1 (id=22): io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 933.069616ms ago: executing program 2 (id=23): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0xdddd0000, 0xe, 0xf0, 0x40, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x7}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x0, 0x6, 0x5}, {0x8000000, 0x0, 0x8, 0xfc, 0x3, 0x46, 0xff, 0xd, 0x6, 0x3, 0x0, 0x1}, {0x100000, 0x0, 0x9, 0x1, 0x3, 0x9, 0x47, 0x5, 0x5, 0x44, 0xe, 0x4b}, {0xf000, 0xeeee8000, 0x0, 0x7, 0x3, 0x6c, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0x1000, 0xf, 0x9d, 0x9, 0x0, 0x0, 0xb, 0x5, 0x7, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x8, 0xa, 0x9, 0x4, 0x6, 0x2, 0x7}, {0xeeee8000, 0x5}, {0x2, 0x209}, 0x40010000, 0x0, 0xf000, 0x300, 0x5, 0x0, 0xe6e70c00, [0xffffffffffffff47, 0x401, 0x5, 0xc5]}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000003e08"]) 809.51491ms ago: executing program 1 (id=24): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x4, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f0000000000)='./file0\x00', 0x8a41, 0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x400) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 762.252882ms ago: executing program 2 (id=25): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f00000000c0)={0x3, 0x9, 0xf801}) 756.494962ms ago: executing program 1 (id=26): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0xfffffffffffffe1a, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0xcc825, 0x0, 0x15) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080)=0x2, 0x4) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000002200), 0x0, 0x0, 0x0, 0x407006}, 0x104) 681.514018ms ago: executing program 2 (id=27): syslog(0x4, &(0x7f0000000080)=""/17, 0x11) 618.908502ms ago: executing program 2 (id=28): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x4e24, @empty}], 0x10) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x5, @empty, 0x2d}}, 0x4, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c) 575.544368ms ago: executing program 3 (id=29): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000180)=@ethtool_ringparam={0x11, 0x0, 0x20040003, 0x2, 0x3f, 0x0, 0x0, 0x192, 0x3ffffd}}) 515.173438ms ago: executing program 3 (id=30): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2100b066eeb9e00a00000f"], 0x56}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000002340)={0x1, 0x0, @pic={0x7, 0x10, 0x4, 0x81, 0x0, 0xb, 0x7, 0x9, 0x5d, 0x1, 0x8, 0x40, 0x9, 0x0, 0x5, 0x4b}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 353.520227ms ago: executing program 3 (id=31): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000002200), r1}}, 0x18) 339.624988ms ago: executing program 3 (id=32): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0xa68f, 0x2, [0x8, 0x0]}, 0xc) 272.717451ms ago: executing program 3 (id=33): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000200)=[@wr_crn={0x46, 0x20, {0x2, 0x8}}, @code={0xa, 0x6c, {"26660f3881437d66baf80cb87ce5e58def66bafc0cecc744240027010000c7442402e3000000ff2c2466420f388149000f01c9660fc7b3377e1d76b9800000c00f3235008000000f30400fc0e16526660f3881abfc0000000f2194"}}, @wrmsr={0x1e, 0x20, {0x8a3, 0x8000000000000001}}, @code={0xa, 0x73, {"2e660f388174b32f400f23de0f20e035000002000f22e066b841000f00d0650f01c43e260f009bf2000000b9800000c00f3235008000000f30c744240000000080c74424028b000000c7442406000000000f011424c4e27d1a3e360fc79d3a2f97a9"}}, @cpuid={0x14, 0x18, {0x4}}, @rdmsr={0x32, 0x18, {0xaea}}, @cpuid={0x14, 0x18, {0xf, 0xc}}, @rdmsr={0x32, 0x18, {0x2f5}}, @cpuid={0x14, 0x18, {0x7, 0x4}}], 0x197}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000180)="440f20c03505000000440f22c0f26df20f38f17a64b805000000b9e10d00000f01d9d8dd0f01728eb8010000000f01d94c0fc71d000000003ef245dbed410fc7f7", 0x41}], 0x1, 0x72, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x1, 0x0, 0x0, 0x4, 0x0, 0x10, 0x1, 0x0, 0x2, 0x9, 0xd, 0x0, 0x0, 0x1049, 0x0, 0xff, 0xef, 0x0, '\x00', 0x70}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 84.413103ms ago: executing program 0 (id=34): creat(&(0x7f0000000180)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {0x1, 0x2}, [{0x2, 0x2}], {0x4, 0x1}, [], {}, {0x20, 0x7}}, 0x2c, 0x1) chmod(&(0x7f0000001f40)='./file0\x00', 0x100) 84.245485ms ago: executing program 2 (id=35): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8947, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="080000000000000084000040"]) 63.856293ms ago: executing program 0 (id=36): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(0x0, 0x0, 0x0) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000280)={0xa0, 0x24, 0x0, {{0x0, 0x1, 0x5, 0x6, 0xffc, 0x6, {0x1, 0x1, 0x65d1, 0x0, 0xffffffffffff15ef, 0x3ff, 0x7, 0x7fff, 0x7, 0x2000, 0x8, 0x0, 0x0, 0x2, 0x10000}}, {0x0, 0x1}}}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,']) newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x800) 0s ago: executing program 2 (id=37): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x1, 0x1fbe, 0x9}}, 0x30) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) creat(&(0x7f00000002c0)='./file0/file0\x00', 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. [ 62.506483][ T5850] cgroup: Unknown subsys name 'net' [ 62.615991][ T5850] cgroup: Unknown subsys name 'cpuset' [ 62.623670][ T5850] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.889638][ T5850] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.910263][ T5868] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.923055][ T5868] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.929372][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.937682][ T5873] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.943219][ T5868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.945556][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.958033][ T5874] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.959559][ T5873] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.973420][ T5868] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.974343][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.981206][ T5874] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.988131][ T5875] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.995287][ T5874] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.002573][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.017720][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.017777][ T5874] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.025439][ T5873] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.032727][ T5874] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.039984][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.049773][ T5874] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.315882][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 66.385357][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 66.407743][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 66.475484][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 66.484928][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.492056][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.499445][ T5865] bridge_slave_0: entered allmulticast mode [ 66.506370][ T5865] bridge_slave_0: entered promiscuous mode [ 66.516886][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.524427][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.531739][ T5865] bridge_slave_1: entered allmulticast mode [ 66.538940][ T5865] bridge_slave_1: entered promiscuous mode [ 66.597471][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.624513][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.633966][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.641205][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.648780][ T5859] bridge_slave_0: entered allmulticast mode [ 66.655497][ T5859] bridge_slave_0: entered promiscuous mode [ 66.665215][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.672609][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.680269][ T5860] bridge_slave_0: entered allmulticast mode [ 66.687731][ T5860] bridge_slave_0: entered promiscuous mode [ 66.706059][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.713414][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.720628][ T5859] bridge_slave_1: entered allmulticast mode [ 66.727346][ T5859] bridge_slave_1: entered promiscuous mode [ 66.739423][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.747577][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.754822][ T5860] bridge_slave_1: entered allmulticast mode [ 66.761368][ T5860] bridge_slave_1: entered promiscuous mode [ 66.776811][ T5865] team0: Port device team_slave_0 added [ 66.801178][ T5865] team0: Port device team_slave_1 added [ 66.815350][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.824653][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.831789][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.839417][ T5862] bridge_slave_0: entered allmulticast mode [ 66.846648][ T5862] bridge_slave_0: entered promiscuous mode [ 66.853933][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.861193][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.868803][ T5862] bridge_slave_1: entered allmulticast mode [ 66.875481][ T5862] bridge_slave_1: entered promiscuous mode [ 66.884510][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.901173][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.931407][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.948744][ T5859] team0: Port device team_slave_0 added [ 66.968655][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.975698][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.002463][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.016020][ T5859] team0: Port device team_slave_1 added [ 67.022227][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.029934][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.056333][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.068934][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.080557][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.112193][ T5860] team0: Port device team_slave_0 added [ 67.126093][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.134235][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.160856][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.178773][ T5860] team0: Port device team_slave_1 added [ 67.192536][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.199853][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.225912][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.237937][ T5862] team0: Port device team_slave_0 added [ 67.260222][ T5862] team0: Port device team_slave_1 added [ 67.272753][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.280292][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.306545][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.327773][ T5865] hsr_slave_0: entered promiscuous mode [ 67.334263][ T5865] hsr_slave_1: entered promiscuous mode [ 67.346306][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.353323][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.379631][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.408387][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.415494][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.441680][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.454254][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.461220][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.487852][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.532346][ T5859] hsr_slave_0: entered promiscuous mode [ 67.538417][ T5859] hsr_slave_1: entered promiscuous mode [ 67.544735][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 67.550564][ T5859] Cannot create hsr debugfs directory [ 67.563256][ T5860] hsr_slave_0: entered promiscuous mode [ 67.569578][ T5860] hsr_slave_1: entered promiscuous mode [ 67.575825][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 67.581656][ T5860] Cannot create hsr debugfs directory [ 67.648574][ T5862] hsr_slave_0: entered promiscuous mode [ 67.654669][ T5862] hsr_slave_1: entered promiscuous mode [ 67.660586][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 67.667413][ T5862] Cannot create hsr debugfs directory [ 67.850186][ T5865] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.860779][ T5865] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 67.872826][ T5865] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 67.885412][ T5865] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 67.914175][ T5862] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 67.924734][ T5862] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 67.936130][ T5862] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 67.946643][ T5862] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 67.994012][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.008646][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.018434][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.035778][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.076946][ T5860] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 68.084107][ T5873] Bluetooth: hci1: command tx timeout [ 68.084456][ T5874] Bluetooth: hci0: command tx timeout [ 68.089650][ T5866] Bluetooth: hci2: command tx timeout [ 68.095233][ T5874] Bluetooth: hci3: command tx timeout [ 68.108484][ T5860] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 68.117689][ T5860] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.128000][ T5860] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.177443][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.209105][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.235209][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.249666][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.267799][ T2957] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.275379][ T2957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.285518][ T2957] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.292618][ T2957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.307255][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.314422][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.356503][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.366787][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.374172][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.405706][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.428107][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.440642][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.458887][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.466050][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.476803][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.483950][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.500167][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.507461][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.530086][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.537255][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.760155][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.825877][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.888626][ T5862] veth0_vlan: entered promiscuous mode [ 68.910805][ T5862] veth1_vlan: entered promiscuous mode [ 68.926836][ T5865] veth0_vlan: entered promiscuous mode [ 68.940923][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.953749][ T5865] veth1_vlan: entered promiscuous mode [ 68.962534][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.006607][ T5862] veth0_macvtap: entered promiscuous mode [ 69.017059][ T5862] veth1_macvtap: entered promiscuous mode [ 69.036043][ T5865] veth0_macvtap: entered promiscuous mode [ 69.049541][ T5860] veth0_vlan: entered promiscuous mode [ 69.057682][ T5865] veth1_macvtap: entered promiscuous mode [ 69.079561][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.092159][ T5860] veth1_vlan: entered promiscuous mode [ 69.099769][ T5859] veth0_vlan: entered promiscuous mode [ 69.108073][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.119415][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.132110][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.147873][ T5859] veth1_vlan: entered promiscuous mode [ 69.164628][ T3484] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.175334][ T3484] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.196848][ T3484] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.208034][ T3484] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.227378][ T3484] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.243898][ T5859] veth0_macvtap: entered promiscuous mode [ 69.253114][ T3484] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.262063][ T3484] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.271626][ T3484] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.295741][ T5859] veth1_macvtap: entered promiscuous mode [ 69.310563][ T5860] veth0_macvtap: entered promiscuous mode [ 69.329442][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.339699][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.370233][ T5860] veth1_macvtap: entered promiscuous mode [ 69.386718][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.395128][ T3484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.405328][ T3484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.426534][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.437308][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.439563][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.458536][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.478787][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.492803][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.508707][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 69.527906][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.538684][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.559026][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.568348][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.579741][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.599675][ T5948] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 69.599764][ T3012] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.661569][ T3012] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.670571][ T3012] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.695177][ T3012] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.751539][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.776647][ T5951] batadv_slave_0: entered promiscuous mode [ 69.782805][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.815137][ T5952] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1946294017 (31140704272 ns) > initial count (4518400576 ns). Using initial count to start timer. [ 69.822732][ T3012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.844363][ T3012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.863434][ T5949] batadv_slave_0: left promiscuous mode [ 69.890145][ T3012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.904586][ T3012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.935942][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.949703][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.042848][ T5959] ======================================================= [ 70.042848][ T5959] WARNING: The mand mount option has been deprecated and [ 70.042848][ T5959] and is ignored by this kernel. Remove the mand [ 70.042848][ T5959] option from the mount to silence this warning. [ 70.042848][ T5959] ======================================================= [ 70.165623][ T5866] Bluetooth: hci2: command tx timeout [ 70.165658][ T5874] Bluetooth: hci3: command tx timeout [ 70.171085][ T5188] Bluetooth: hci0: command tx timeout [ 70.183412][ T5873] Bluetooth: hci1: command tx timeout [ 70.708870][ T30] audit: type=1326 audit(1756521898.278:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz.0.20" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efdb478ebe9 code=0x0 [ 71.606141][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.612608][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.687930][ T6032] ------------[ cut here ]------------ [ 71.696116][ T6032] UBSAN: shift-out-of-bounds in fs/9p/vfs_super.c:57:22 [ 71.703758][ T6032] shift exponent 32 is too large for 32-bit type 'int' [ 71.711026][ T6032] CPU: 0 UID: 0 PID: 6032 Comm: syz.0.36 Not tainted syzkaller #0 PREEMPT(full) [ 71.711054][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 71.711066][ T6032] Call Trace: [ 71.711073][ T6032] [ 71.711081][ T6032] dump_stack_lvl+0x189/0x250 [ 71.711116][ T6032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.711143][ T6032] ? __pfx__printk+0x10/0x10 [ 71.711173][ T6032] ubsan_epilogue+0xa/0x40 [ 71.711193][ T6032] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 71.711220][ T6032] ? __pfx_v9fs_set_super+0x10/0x10 [ 71.711242][ T6032] v9fs_get_tree+0x957/0xa90 [ 71.711265][ T6032] ? __pfx_v9fs_get_tree+0x10/0x10 [ 71.711291][ T6032] vfs_get_tree+0x8f/0x2b0 [ 71.711312][ T6032] do_new_mount+0x2a2/0xa30 [ 71.711344][ T6032] ? ns_capable+0x8a/0xf0 [ 71.711364][ T6032] ? __pfx_do_new_mount+0x10/0x10 [ 71.711385][ T6032] ? path_mount+0x61c/0xfe0 [ 71.711405][ T6032] ? user_path_at+0x44/0x60 [ 71.711433][ T6032] __se_sys_mount+0x317/0x410 [ 71.711458][ T6032] ? __pfx___se_sys_mount+0x10/0x10 [ 71.711480][ T6032] ? rcu_is_watching+0x15/0xb0 [ 71.711499][ T6032] ? __x64_sys_mount+0x20/0xc0 [ 71.711521][ T6032] do_syscall_64+0xfa/0xfa0 [ 71.711546][ T6032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.711565][ T6032] ? clear_bhb_loop+0x60/0xb0 [ 71.711584][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.711602][ T6032] RIP: 0033:0x7efdb478ebe9 [ 71.711619][ T6032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.711635][ T6032] RSP: 002b:00007efdb29f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 71.711658][ T6032] RAX: ffffffffffffffda RBX: 00007efdb49c5fa0 RCX: 00007efdb478ebe9 [ 71.711671][ T6032] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 71.711684][ T6032] RBP: 00007efdb4811e19 R08: 0000200000000580 R09: 0000000000000000 [ 71.711696][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.711707][ T6032] R13: 00007efdb49c6038 R14: 00007efdb49c5fa0 R15: 00007ffca3d8d298 [ 71.711728][ T6032] [ 71.711734][ T6032] ---[ end trace ]--- [ 71.932994][ T6032] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 71.940240][ T6032] CPU: 1 UID: 0 PID: 6032 Comm: syz.0.36 Not tainted syzkaller #0 PREEMPT(full) [ 71.949357][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 71.959515][ T6032] Call Trace: [ 71.962808][ T6032] [ 71.965766][ T6032] dump_stack_lvl+0x99/0x250 [ 71.970372][ T6032] ? __asan_memcpy+0x40/0x70 [ 71.974967][ T6032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.980356][ T6032] ? __pfx__printk+0x10/0x10 [ 71.984957][ T6032] vpanic+0x281/0x750 [ 71.988945][ T6032] ? __pfx_vpanic+0x10/0x10 [ 71.993455][ T6032] panic+0xb9/0xc0 [ 71.997185][ T6032] ? __pfx_panic+0x10/0x10 [ 72.001693][ T6032] ? __pfx__printk+0x10/0x10 [ 72.006316][ T6032] check_panic_on_warn+0x89/0xb0 [ 72.011266][ T6032] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 72.017862][ T6032] ? __pfx_v9fs_set_super+0x10/0x10 [ 72.023062][ T6032] v9fs_get_tree+0x957/0xa90 [ 72.027676][ T6032] ? __pfx_v9fs_get_tree+0x10/0x10 [ 72.032794][ T6032] vfs_get_tree+0x8f/0x2b0 [ 72.037338][ T6032] do_new_mount+0x2a2/0xa30 [ 72.041941][ T6032] ? ns_capable+0x8a/0xf0 [ 72.046496][ T6032] ? __pfx_do_new_mount+0x10/0x10 [ 72.051642][ T6032] ? path_mount+0x61c/0xfe0 [ 72.056366][ T6032] ? user_path_at+0x44/0x60 [ 72.060974][ T6032] __se_sys_mount+0x317/0x410 [ 72.065661][ T6032] ? __pfx___se_sys_mount+0x10/0x10 [ 72.070870][ T6032] ? rcu_is_watching+0x15/0xb0 [ 72.075724][ T6032] ? __x64_sys_mount+0x20/0xc0 [ 72.080501][ T6032] do_syscall_64+0xfa/0xfa0 [ 72.085103][ T6032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.091344][ T6032] ? clear_bhb_loop+0x60/0xb0 [ 72.096115][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.102384][ T6032] RIP: 0033:0x7efdb478ebe9 [ 72.106829][ T6032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.126793][ T6032] RSP: 002b:00007efdb29f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.135395][ T6032] RAX: ffffffffffffffda RBX: 00007efdb49c5fa0 RCX: 00007efdb478ebe9 [ 72.143560][ T6032] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 72.151567][ T6032] RBP: 00007efdb4811e19 R08: 0000200000000580 R09: 0000000000000000 [ 72.159549][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.168402][ T6032] R13: 00007efdb49c6038 R14: 00007efdb49c5fa0 R15: 00007ffca3d8d298 [ 72.176475][ T6032] [ 72.179898][ T6032] Kernel Offset: disabled [ 72.184328][ T6032] Rebooting in 86400 seconds..