last executing test programs:
0s ago: executing program 3 (id=4):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x48)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x3}}, './bus\x00'})
socket$can_raw(0x1d, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, 0x0)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0xffffffffffffffff}, 0xc)
lchown(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r4, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00"}, 0x60)
getsockopt$nfc_llcp(r4, 0x118, 0x3, &(0x7f0000000140)=""/192, 0x20000057)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {}, 0xa}}, 0x26)
sendmmsg$inet(r3, 0x0, 0x0, 0x8040)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000000)='./file0/file0\x00', 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts.
syzkaller login: [ 58.647183][ T5215] cgroup: Unknown subsys name 'net'
[ 58.784142][ T5215] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 60.306516][ T5215] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 62.581090][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 62.612754][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 62.622460][ T5244] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 62.625538][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 62.630076][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 62.638514][ T5244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 62.645408][ T5237] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 62.650609][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 62.658227][ T5237] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 62.673886][ T5237] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 62.681651][ T5244] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 62.682278][ T5237] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 62.695810][ T5247] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 62.696338][ T5237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 62.711239][ T5244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 62.714108][ T5237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 62.725301][ T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 62.730267][ T5246] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 62.743402][ T5244] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 62.743993][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 62.757780][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 62.760301][ T5237] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 62.772097][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 62.773941][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 62.787626][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 62.790442][ T5237] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 62.795280][ T5244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 62.804054][ T5237] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 62.809161][ T5244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 62.815990][ T5237] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 63.275404][ T5235] chnl_net:caif_netlink_parms(): no params data found
[ 63.343928][ T5228] chnl_net:caif_netlink_parms(): no params data found
[ 63.363808][ T5226] chnl_net:caif_netlink_parms(): no params data found
[ 63.376161][ T5225] chnl_net:caif_netlink_parms(): no params data found
[ 63.491727][ T5238] chnl_net:caif_netlink_parms(): no params data found
[ 63.513491][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.522754][ T5235] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.530353][ T5235] bridge_slave_0: entered allmulticast mode
[ 63.537618][ T5235] bridge_slave_0: entered promiscuous mode
[ 63.550759][ T5235] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.557913][ T5235] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.565079][ T5235] bridge_slave_1: entered allmulticast mode
[ 63.572077][ T5235] bridge_slave_1: entered promiscuous mode
[ 63.680725][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.688933][ T5228] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.696058][ T5228] bridge_slave_0: entered allmulticast mode
[ 63.705818][ T5228] bridge_slave_0: entered promiscuous mode
[ 63.734562][ T5235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 63.744446][ T5228] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.755543][ T5228] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.762903][ T5228] bridge_slave_1: entered allmulticast mode
[ 63.770656][ T5228] bridge_slave_1: entered promiscuous mode
[ 63.792623][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.800938][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.811429][ T5226] bridge_slave_0: entered allmulticast mode
[ 63.819012][ T5226] bridge_slave_0: entered promiscuous mode
[ 63.826403][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.834471][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.841966][ T5226] bridge_slave_1: entered allmulticast mode
[ 63.849298][ T5226] bridge_slave_1: entered promiscuous mode
[ 63.862666][ T5235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 63.888959][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.896103][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.906790][ T5225] bridge_slave_0: entered allmulticast mode
[ 63.913460][ T5225] bridge_slave_0: entered promiscuous mode
[ 63.921765][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.929124][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.936282][ T5225] bridge_slave_1: entered allmulticast mode
[ 63.943168][ T5225] bridge_slave_1: entered promiscuous mode
[ 63.978032][ T5228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 63.989684][ T5228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 64.026275][ T5235] team0: Port device team_slave_0 added
[ 64.053642][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 64.067803][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 64.077676][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state
[ 64.084790][ T5238] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.092583][ T5238] bridge_slave_0: entered allmulticast mode
[ 64.099533][ T5238] bridge_slave_0: entered promiscuous mode
[ 64.109132][ T5235] team0: Port device team_slave_1 added
[ 64.116716][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 64.131344][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 64.156120][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state
[ 64.163364][ T5238] bridge0: port 2(bridge_slave_1) entered disabled state
[ 64.170694][ T5238] bridge_slave_1: entered allmulticast mode
[ 64.177690][ T5238] bridge_slave_1: entered promiscuous mode
[ 64.210095][ T5228] team0: Port device team_slave_0 added
[ 64.222195][ T5225] team0: Port device team_slave_0 added
[ 64.262702][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.269959][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.296766][ T5235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.309994][ T5228] team0: Port device team_slave_1 added
[ 64.318917][ T5225] team0: Port device team_slave_1 added
[ 64.327043][ T5226] team0: Port device team_slave_0 added
[ 64.343991][ T5238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 64.353723][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 64.365688][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.391954][ T5235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 64.420367][ T5226] team0: Port device team_slave_1 added
[ 64.428262][ T5238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 64.487436][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.494422][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.521038][ T5228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.533985][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.543533][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.569857][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.604790][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 64.614815][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.641028][ T5228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 64.652698][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 64.659902][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.685897][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 64.702565][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.710170][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.736224][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.747999][ T5243] Bluetooth: hci1: command tx timeout
[ 64.750110][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 64.760604][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.786673][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 64.800597][ T5238] team0: Port device team_slave_0 added
[ 64.814092][ T5235] hsr_slave_0: entered promiscuous mode
[ 64.820999][ T5235] hsr_slave_1: entered promiscuous mode
[ 64.845770][ T5238] team0: Port device team_slave_1 added
[ 64.892806][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.900363][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.908061][ T5243] Bluetooth: hci4: command tx timeout
[ 64.927083][ T4620] Bluetooth: hci2: command tx timeout
[ 64.932663][ T5243] Bluetooth: hci3: command tx timeout
[ 64.938524][ T5237] Bluetooth: hci0: command tx timeout
[ 64.947658][ T5238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.982796][ T5225] hsr_slave_0: entered promiscuous mode
[ 64.989308][ T5225] hsr_slave_1: entered promiscuous mode
[ 64.995519][ T5225] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 65.004205][ T5225] Cannot create hsr debugfs directory
[ 65.027499][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.034504][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.060966][ T5238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.092701][ T5226] hsr_slave_0: entered promiscuous mode
[ 65.099822][ T5226] hsr_slave_1: entered promiscuous mode
[ 65.105853][ T5226] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 65.113773][ T5226] Cannot create hsr debugfs directory
[ 65.146853][ T5228] hsr_slave_0: entered promiscuous mode
[ 65.153062][ T5228] hsr_slave_1: entered promiscuous mode
[ 65.160644][ T5228] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 65.169127][ T5228] Cannot create hsr debugfs directory
[ 65.283938][ T5238] hsr_slave_0: entered promiscuous mode
[ 65.291157][ T5238] hsr_slave_1: entered promiscuous mode
[ 65.297423][ T5238] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 65.305005][ T5238] Cannot create hsr debugfs directory
[ 65.555025][ T5235] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 65.571038][ T5235] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 65.595310][ T5235] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 65.613022][ T5235] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 65.679277][ T5225] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 65.697834][ T5225] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 65.721618][ T5225] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 65.734422][ T5225] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 65.812869][ T5228] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.839302][ T5228] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.850511][ T5228] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.864545][ T5228] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.931326][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.941723][ T5226] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 65.972535][ T5226] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 65.999867][ T5226] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 66.011838][ T5226] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 66.046183][ T5235] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.074668][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.082022][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.105729][ T5238] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 66.125079][ T1070] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.132246][ T1070] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.146609][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.154533][ T5238] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 66.183685][ T5238] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 66.194426][ T5238] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 66.254003][ T5225] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.284014][ T5235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 66.325571][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.333151][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.364018][ T5228] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.393228][ T3039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.400397][ T3039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.485547][ T5228] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.523469][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.561688][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.568796][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.589661][ T3039] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.596805][ T3039] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.619831][ T5226] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.648432][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.685518][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.692705][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.706098][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.713275][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.740729][ T5238] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.785398][ T5238] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.826010][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.833373][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.838122][ T5237] Bluetooth: hci1: command tx timeout
[ 66.883835][ T5235] veth0_vlan: entered promiscuous mode
[ 66.915211][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.922390][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.988592][ T5237] Bluetooth: hci0: command tx timeout
[ 66.994154][ T5237] Bluetooth: hci2: command tx timeout
[ 66.999678][ T5243] Bluetooth: hci4: command tx timeout
[ 67.000466][ T4620] Bluetooth: hci3: command tx timeout
[ 67.023729][ T5238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 67.054637][ T5235] veth1_vlan: entered promiscuous mode
[ 67.123328][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.206483][ T5235] veth0_macvtap: entered promiscuous mode
[ 67.244587][ T5235] veth1_macvtap: entered promiscuous mode
[ 67.330064][ T5228] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.358569][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.400349][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 67.441558][ T5238] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.452494][ T5235] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.465879][ T5235] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.475604][ T5235] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.487611][ T5235] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.591191][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.615483][ T5238] veth0_vlan: entered promiscuous mode
[ 67.627162][ T5228] veth0_vlan: entered promiscuous mode
[ 67.669493][ T5228] veth1_vlan: entered promiscuous mode
[ 67.681317][ T5238] veth1_vlan: entered promiscuous mode
[ 67.761510][ T3013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.775554][ T3013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.792368][ T5226] veth0_vlan: entered promiscuous mode
[ 67.831158][ T5238] veth0_macvtap: entered promiscuous mode
[ 67.855510][ T5228] veth0_macvtap: entered promiscuous mode
[ 67.865779][ T5226] veth1_vlan: entered promiscuous mode
[ 67.875093][ T5238] veth1_macvtap: entered promiscuous mode
[ 67.887974][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.895829][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.904802][ T5228] veth1_macvtap: entered promiscuous mode
[ 67.913666][ T5225] veth0_vlan: entered promiscuous mode
[ 67.942376][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 67.953696][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 67.972154][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.993230][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 68.011478][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 68.024454][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 68.041156][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 68.052320][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.070159][ T5225] veth1_vlan: entered promiscuous mode
[ 68.081407][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 68.092875][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 68.104901][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.133536][ T5238] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.143339][ T5238] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.153514][ T5238] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.164171][ T5238] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.232427][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 68.305251][ T5313] overlayfs: failed to resolve './file0': -2
[ 68.917417][ T4620] Bluetooth: hci1: command tx timeout
[ 69.071975][ T4620] Bluetooth: hci3: command tx timeout
[ 69.079030][ T4620] Bluetooth: hci0: command tx timeout
[ 69.087031][ T4620] Bluetooth: hci2: command tx timeout
[ 69.094969][ T4620] Bluetooth: hci4: command tx timeout
[ 70.120844][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 70.274903][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 70.290933][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 70.348971][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 70.986865][ T4620] Bluetooth: hci1: command tx timeout
[ 71.147963][ T4620] Bluetooth: hci0: command tx timeout
[ 71.155558][ T4620] Bluetooth: hci3: command tx timeout
[ 71.332037][ T5225] veth0_macvtap: entered promiscuous mode
[ 71.344036][ T5225] veth1_macvtap: entered promiscuous mode
[ 71.353203][ T3039] ==================================================================
[ 71.361373][ T3039] BUG: KASAN: slab-use-after-free in sched_core_enqueue+0x15b/0x580
[ 71.369535][ T3039] Read of size 8 at addr ffff88801cfebed8 by task kworker/u8:9/3039
[ 71.377501][ T3039]
[ 71.379829][ T3039] CPU: 0 UID: 0 PID: 3039 Comm: kworker/u8:9 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
[ 71.390156][ T3039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 71.400208][ T3039] Workqueue: events_unbound linkwatch_event
[ 71.406294][ T3039] Call Trace:
[ 71.409570][ T3039]
[ 71.412528][ T3039] dump_stack_lvl+0x241/0x360
[ 71.417211][ T3039] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.422408][ T3039] ? __pfx__printk+0x10/0x10
[ 71.426993][ T3039] ? _printk+0xd5/0x120
[ 71.431141][ T3039] ? __virt_addr_valid+0x183/0x530
[ 71.436244][ T3039] ? __virt_addr_valid+0x183/0x530
[ 71.441371][ T3039] print_report+0x169/0x550
[ 71.445870][ T3039] ? __virt_addr_valid+0x183/0x530
[ 71.450972][ T3039] ? __virt_addr_valid+0x183/0x530
[ 71.456091][ T3039] ? __virt_addr_valid+0x45f/0x530
[ 71.461193][ T3039] ? __phys_addr+0xba/0x170
[ 71.465689][ T3039] ? sched_core_enqueue+0x15b/0x580
[ 71.470883][ T3039] kasan_report+0x143/0x180
[ 71.475380][ T3039] ? sched_core_enqueue+0x15b/0x580
[ 71.480596][ T3039] sched_core_enqueue+0x15b/0x580
[ 71.485619][ T3039] ttwu_do_activate+0x1d1/0x7e0
[ 71.490574][ T3039] try_to_wake_up+0x8bc/0x1480
[ 71.495340][ T3039] ? __pfx_lock_acquire+0x10/0x10
[ 71.500361][ T3039] ? __pfx_try_to_wake_up+0x10/0x10
[ 71.505572][ T3039] ? __pfx_lock_release+0x10/0x10
[ 71.510682][ T3039] ? do_raw_spin_lock+0x14f/0x370
[ 71.515710][ T3039] ? do_raw_spin_unlock+0x13c/0x8b0
[ 71.520926][ T3039] wake_up_q+0xc8/0x120
[ 71.525098][ T3039] __mutex_unlock_slowpath+0x6f9/0x750
[ 71.530555][ T3039] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 71.536551][ T3039] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 71.542529][ T3039] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 71.548870][ T3039] ? _raw_spin_lock_irq+0xdf/0x120
[ 71.554088][ T3039] __rtnl_unlock+0x6c/0xf0
[ 71.558587][ T3039] netdev_run_todo+0x375/0x1000
[ 71.563455][ T3039] ? lockdep_hardirqs_on+0x99/0x150
[ 71.568768][ T3039] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.573958][ T3039] ? __linkwatch_run_queue+0x67a/0x6c0
[ 71.579412][ T3039] ? __pfx_netdev_run_todo+0x10/0x10
[ 71.584713][ T3039] ? __pfx___linkwatch_run_queue+0x10/0x10
[ 71.590537][ T3039] ? process_scheduled_works+0x976/0x1850
[ 71.596274][ T3039] process_scheduled_works+0xa63/0x1850
[ 71.601826][ T3039] ? __pfx_process_scheduled_works+0x10/0x10
[ 71.607830][ T3039] ? assign_work+0x364/0x3d0
[ 71.612419][ T3039] worker_thread+0x86d/0xd10
[ 71.617008][ T3039] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 71.622895][ T3039] ? __kthread_parkme+0x169/0x1d0
[ 71.627919][ T3039] ? __pfx_worker_thread+0x10/0x10
[ 71.633026][ T3039] kthread+0x2f0/0x390
[ 71.637108][ T3039] ? __pfx_worker_thread+0x10/0x10
[ 71.642215][ T3039] ? __pfx_kthread+0x10/0x10
[ 71.646793][ T3039] ret_from_fork+0x4b/0x80
[ 71.651206][ T3039] ? __pfx_kthread+0x10/0x10
[ 71.655785][ T3039] ret_from_fork_asm+0x1a/0x30
[ 71.660554][ T3039]
[ 71.663585][ T3039]
[ 71.665896][ T3039] Allocated by task 5311:
[ 71.670229][ T3039] kasan_save_track+0x3f/0x80
[ 71.674899][ T3039] __kasan_slab_alloc+0x66/0x80
[ 71.679743][ T3039] kmem_cache_alloc_node_noprof+0x16b/0x320
[ 71.685633][ T3039] dup_task_struct+0x57/0x8c0
[ 71.690313][ T3039] copy_process+0x5d1/0x3d50
[ 71.694899][ T3039] kernel_clone+0x226/0x8f0
[ 71.699398][ T3039] __se_sys_clone3+0x2cb/0x350
[ 71.704159][ T3039] do_syscall_64+0xf3/0x230
[ 71.708657][ T3039] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.714549][ T3039]
[ 71.716866][ T3039] Freed by task 5225:
[ 71.720849][ T3039] kasan_save_track+0x3f/0x80
[ 71.725538][ T3039] kasan_save_free_info+0x40/0x50
[ 71.730562][ T3039] __kasan_slab_free+0x59/0x70
[ 71.735315][ T3039] kmem_cache_free+0x195/0x3d0
[ 71.740094][ T3039] delayed_put_task_struct+0x125/0x300
[ 71.745542][ T3039] rcu_core+0xaaa/0x17a0
[ 71.749781][ T3039] handle_softirqs+0x2c5/0x980
[ 71.754540][ T3039] do_softirq+0x11b/0x1e0
[ 71.758862][ T3039] __local_bh_enable_ip+0x1bb/0x200
[ 71.764098][ T3039] __dev_open+0x34a/0x450
[ 71.768453][ T3039] __dev_change_flags+0x1e2/0x6f0
[ 71.773477][ T3039] dev_change_flags+0x8b/0x1a0
[ 71.778238][ T3039] do_setlink+0xcd0/0x41f0
[ 71.782649][ T3039] rtnl_newlink+0x180d/0x20a0
[ 71.787329][ T3039] rtnetlink_rcv_msg+0x73f/0xcf0
[ 71.792258][ T3039] netlink_rcv_skb+0x1e3/0x430
[ 71.797037][ T3039] netlink_unicast+0x7f6/0x990
[ 71.801790][ T3039] netlink_sendmsg+0x8e4/0xcb0
[ 71.806549][ T3039] __sock_sendmsg+0x221/0x270
[ 71.811215][ T3039] __sys_sendto+0x3a8/0x500
[ 71.815711][ T3039] __x64_sys_sendto+0xde/0x100
[ 71.820468][ T3039] do_syscall_64+0xf3/0x230
[ 71.824964][ T3039] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.830850][ T3039]
[ 71.833160][ T3039] Last potentially related work creation:
[ 71.838859][ T3039] kasan_save_stack+0x3f/0x60
[ 71.843523][ T3039] __kasan_record_aux_stack+0xac/0xc0
[ 71.848892][ T3039] call_rcu+0x167/0xa70
[ 71.853035][ T3039] __schedule+0x1852/0x4b30
[ 71.857529][ T3039] preempt_schedule_irq+0xfb/0x1c0
[ 71.862656][ T3039] irqentry_exit+0x5e/0x90
[ 71.867086][ T3039] asm_sysvec_reschedule_ipi+0x1a/0x20
[ 71.872596][ T3039]
[ 71.874915][ T3039] Second to last potentially related work creation:
[ 71.881486][ T3039] kasan_save_stack+0x3f/0x60
[ 71.886162][ T3039] __kasan_record_aux_stack+0xac/0xc0
[ 71.891540][ T3039] task_work_add+0xb8/0x450
[ 71.896037][ T3039] sched_tick+0x322/0x610
[ 71.900358][ T3039] update_process_times+0x202/0x230
[ 71.905554][ T3039] tick_nohz_handler+0x37c/0x500
[ 71.910513][ T3039] __hrtimer_run_queues+0x551/0xd50
[ 71.915793][ T3039] hrtimer_interrupt+0x396/0x990
[ 71.920738][ T3039] __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 71.926724][ T3039] sysvec_apic_timer_interrupt+0xa1/0xc0
[ 71.932364][ T3039] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 71.938350][ T3039]
[ 71.940668][ T3039] The buggy address belongs to the object at ffff88801cfebc00
[ 71.940668][ T3039] which belongs to the cache task_struct of size 7424
[ 71.954891][ T3039] The buggy address is located 728 bytes inside of
[ 71.954891][ T3039] freed 7424-byte region [ffff88801cfebc00, ffff88801cfed900)
[ 71.968768][ T3039]
[ 71.971082][ T3039] The buggy address belongs to the physical page:
[ 71.977514][ T3039] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cfe8
[ 71.986275][ T3039] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 71.994764][ T3039] memcg:ffff888025186d81
[ 71.998992][ T3039] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.006964][ T3039] page_type: 0xfdffffff(slab)
[ 72.011632][ T3039] raw: 00fff00000000040 ffff8880166fb500 0000000000000000 dead000000000001
[ 72.020226][ T3039] raw: 0000000000000000 0000000080040004 00000001fdffffff ffff888025186d81
[ 72.028887][ T3039] head: 00fff00000000040 ffff8880166fb500 0000000000000000 dead000000000001
[ 72.037548][ T3039] head: 0000000000000000 0000000080040004 00000001fdffffff ffff888025186d81
[ 72.046210][ T3039] head: 00fff00000000003 ffffea000073fa01 ffffffffffffffff 0000000000000000
[ 72.055041][ T3039] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 72.063697][ T3039] page dumped because: kasan: bad access detected
[ 72.070103][ T3039] page_owner tracks the page as allocated
[ 72.075802][ T3039] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 7882471527, free_ts 0
[ 72.095343][ T3039] post_alloc_hook+0x1f3/0x230
[ 72.100099][ T3039] get_page_from_freelist+0x3004/0x30c0
[ 72.105636][ T3039] __alloc_pages_noprof+0x29e/0x780
[ 72.110841][ T3039] alloc_slab_page+0x5f/0x120
[ 72.115511][ T3039] allocate_slab+0x5a/0x2f0
[ 72.120006][ T3039] ___slab_alloc+0xcd1/0x14b0
[ 72.124684][ T3039] __slab_alloc+0x58/0xa0
[ 72.129007][ T3039] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 72.134915][ T3039] dup_task_struct+0x57/0x8c0
[ 72.139587][ T3039] copy_process+0x5d1/0x3d50
[ 72.144191][ T3039] kernel_clone+0x226/0x8f0
[ 72.148714][ T3039] kernel_thread+0x1bc/0x240
[ 72.153309][ T3039] kthreadd+0x60d/0x810
[ 72.157463][ T3039] ret_from_fork+0x4b/0x80
[ 72.161877][ T3039] ret_from_fork_asm+0x1a/0x30
[ 72.166637][ T3039] page_owner free stack trace missing
[ 72.171989][ T3039]
[ 72.174301][ T3039] Memory state around the buggy address:
[ 72.179924][ T3039] ffff88801cfebd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.187992][ T3039] ffff88801cfebe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.196048][ T3039] >ffff88801cfebe80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.204119][ T3039] ^
[ 72.211057][ T3039] ffff88801cfebf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.219113][ T3039] ffff88801cfebf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.227169][ T3039] ==================================================================
[ 72.235220][ T3039] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.242417][ T3039] CPU: 0 UID: 0 PID: 3039 Comm: kworker/u8:9 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
[ 72.252740][ T3039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 72.262800][ T3039] Workqueue: events_unbound linkwatch_event
[ 72.268699][ T3039] Call Trace:
[ 72.271972][ T3039]
[ 72.274895][ T3039] dump_stack_lvl+0x241/0x360
[ 72.279590][ T3039] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.284792][ T3039] ? __pfx__printk+0x10/0x10
[ 72.289380][ T3039] ? rcu_is_watching+0x15/0xb0
[ 72.294135][ T3039] ? vscnprintf+0x5d/0x90
[ 72.298470][ T3039] panic+0x349/0x870
[ 72.302378][ T3039] ? __pfx_lock_release+0x10/0x10
[ 72.307401][ T3039] ? check_panic_on_warn+0x21/0xb0
[ 72.312528][ T3039] ? __pfx_panic+0x10/0x10
[ 72.316939][ T3039] ? do_raw_spin_unlock+0x13c/0x8b0
[ 72.322151][ T3039] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 72.328054][ T3039] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 72.334395][ T3039] check_panic_on_warn+0x86/0xb0
[ 72.339323][ T3039] ? sched_core_enqueue+0x15b/0x580
[ 72.344515][ T3039] end_report+0x77/0x160
[ 72.348765][ T3039] kasan_report+0x154/0x180
[ 72.353269][ T3039] ? sched_core_enqueue+0x15b/0x580
[ 72.358464][ T3039] sched_core_enqueue+0x15b/0x580
[ 72.363488][ T3039] ttwu_do_activate+0x1d1/0x7e0
[ 72.368338][ T3039] try_to_wake_up+0x8bc/0x1480
[ 72.373093][ T3039] ? __pfx_lock_acquire+0x10/0x10
[ 72.378201][ T3039] ? __pfx_try_to_wake_up+0x10/0x10
[ 72.383395][ T3039] ? __pfx_lock_release+0x10/0x10
[ 72.388598][ T3039] ? do_raw_spin_lock+0x14f/0x370
[ 72.393712][ T3039] ? do_raw_spin_unlock+0x13c/0x8b0
[ 72.398913][ T3039] wake_up_q+0xc8/0x120
[ 72.403067][ T3039] __mutex_unlock_slowpath+0x6f9/0x750
[ 72.408533][ T3039] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 72.414599][ T3039] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 72.420591][ T3039] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 72.426917][ T3039] ? _raw_spin_lock_irq+0xdf/0x120
[ 72.432037][ T3039] __rtnl_unlock+0x6c/0xf0
[ 72.436458][ T3039] netdev_run_todo+0x375/0x1000
[ 72.441310][ T3039] ? lockdep_hardirqs_on+0x99/0x150
[ 72.446517][ T3039] ? _raw_spin_unlock_irq+0x2e/0x50
[ 72.451705][ T3039] ? __linkwatch_run_queue+0x67a/0x6c0
[ 72.457159][ T3039] ? __pfx_netdev_run_todo+0x10/0x10
[ 72.462449][ T3039] ? __pfx___linkwatch_run_queue+0x10/0x10
[ 72.468253][ T3039] ? process_scheduled_works+0x976/0x1850
[ 72.473975][ T3039] process_scheduled_works+0xa63/0x1850
[ 72.479538][ T3039] ? __pfx_process_scheduled_works+0x10/0x10
[ 72.485518][ T3039] ? assign_work+0x364/0x3d0
[ 72.490106][ T3039] worker_thread+0x86d/0xd10
[ 72.494702][ T3039] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 72.500587][ T3039] ? __kthread_parkme+0x169/0x1d0
[ 72.505611][ T3039] ? __pfx_worker_thread+0x10/0x10
[ 72.510746][ T3039] kthread+0x2f0/0x390
[ 72.514818][ T3039] ? __pfx_worker_thread+0x10/0x10
[ 72.519927][ T3039] ? __pfx_kthread+0x10/0x10
[ 72.524508][ T3039] ret_from_fork+0x4b/0x80
[ 72.528931][ T3039] ? __pfx_kthread+0x10/0x10
[ 72.533510][ T3039] ret_from_fork_asm+0x1a/0x30
[ 72.538279][ T3039]
[ 73.649347][ T3039] Shutting down cpus with NMI
[ 73.654382][ T3039] Kernel Offset: disabled
[ 73.658712][ T3039] Rebooting in 86400 seconds..