last executing test programs:

2.677855343s ago: executing program 2 (id=3):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000200)=[{0x28, 0x0, 0x4, 0xfffff034}]}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
sendto$inet6(r1, &(0x7f0000000040), 0x3000, 0x0, 0x0, 0x0)

1.485552983s ago: executing program 2 (id=5):
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7, 0x3})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, 0x0, 0x0)

1.450303249s ago: executing program 3 (id=4):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)=ANY=[@ANYRES16=r1, @ANYBLOB="cd3e0000000002000000010000000800020005000000ce00010043ecf8a077157cd8bc73e1b93314cdcb"], 0x114}}, 0x0)

1.103551827s ago: executing program 2 (id=6):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getpid()
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x2000001c})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000)

755.479133ms ago: executing program 3 (id=7):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x59, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000c80)="91", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000140)="242b2aec80a58aaa1af9338ab93073ef905fa43406c9b24e4e41adfd41310eb3db3647f843e4d9cf4bdd7b54f2da9fe221d480bf7a95b50ce131acdf72d2818407c7caf4bbfa0db2fdbc6683a79868a23352a2098acbb5f4f00aeac1b5ecaedfba3df5c7d26ccb9802664c856c6ab1aba41ada7718d27623ed7790153548fc11e3695f083ac391ce06f7963cba32ae205cfe9762f524f56605cbab", 0x9b}], 0x1}}], 0x2, 0x2090)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

538.773026ms ago: executing program 3 (id=8):
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, 0x0, 0x90)

224.532811ms ago: executing program 1 (id=2):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4)
sendto$inet6(r0, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
recvmmsg(r0, &(0x7f0000008180)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010163, 0x0)

0s ago: executing program 3 (id=9):
r0 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x3)

kernel console output (not intermixed with test programs):

[   92.158085][ T1248] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts.
[   97.404089][ T5601] cgroup: Unknown subsys name 'net'
[   97.646054][ T5601] cgroup: Unknown subsys name 'cpuset'
[   97.700121][ T5601] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   99.848427][ T5601] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.734452][ T5631] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  102.762881][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  102.818266][ T5634] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.832055][ T5631] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  102.858506][ T5638] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  102.873442][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  102.879112][ T5636] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  102.888850][ T5636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  102.891512][ T5631] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  102.892754][ T5631] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  102.907402][ T5631] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  102.925908][ T5631] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.929869][ T5636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.930198][ T5636] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  102.930347][ T5636] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  102.943961][ T5636] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  102.979543][ T5631] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  102.980431][ T5631] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  102.983706][ T5631] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.992570][ T5628] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.100993][ T5625] Bluetooth: hci3: command tx timeout
[  105.101435][ T5625] Bluetooth: hci0: command tx timeout
[  105.180170][ T4928] Bluetooth: hci2: command tx timeout
[  105.260663][ T4928] Bluetooth: hci1: command tx timeout
[  105.542543][ T5621] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.544160][ T5621] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.544666][ T5621] bridge_slave_0: entered allmulticast mode
[  105.547486][ T5621] bridge_slave_0: entered promiscuous mode
[  105.627152][ T5621] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.627470][ T5621] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.627734][ T5621] bridge_slave_1: entered allmulticast mode
[  105.646944][ T5621] bridge_slave_1: entered promiscuous mode
[  105.723338][ T5620] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.723678][ T5620] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.723891][ T5620] bridge_slave_0: entered allmulticast mode
[  105.726426][ T5620] bridge_slave_0: entered promiscuous mode
[  105.817843][ T5620] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.818145][ T5620] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.818403][ T5620] bridge_slave_1: entered allmulticast mode
[  105.829071][ T5620] bridge_slave_1: entered promiscuous mode
[  105.904386][ T5621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.934155][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.934504][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.934736][ T5623] bridge_slave_0: entered allmulticast mode
[  105.937535][ T5623] bridge_slave_0: entered promiscuous mode
[  105.947834][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.948999][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.964751][ T5622] bridge_slave_0: entered allmulticast mode
[  105.976052][ T5622] bridge_slave_0: entered promiscuous mode
[  105.998228][ T5621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.030356][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.030620][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.030870][ T5623] bridge_slave_1: entered allmulticast mode
[  106.033435][ T5623] bridge_slave_1: entered promiscuous mode
[  106.034835][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.035196][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.035458][ T5622] bridge_slave_1: entered allmulticast mode
[  106.038861][ T5622] bridge_slave_1: entered promiscuous mode
[  106.115537][ T5620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.186200][ T5620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.236739][ T5621] team0: Port device team_slave_0 added
[  106.270624][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.276948][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.287623][ T5621] team0: Port device team_slave_1 added
[  106.338361][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.352732][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.385975][ T5620] team0: Port device team_slave_0 added
[  106.456166][ T5620] team0: Port device team_slave_1 added
[  106.503751][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.503766][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.503787][ T5621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.574856][ T5623] team0: Port device team_slave_0 added
[  106.578977][ T5622] team0: Port device team_slave_0 added
[  106.591760][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.591774][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.591795][ T5621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.647668][ T5623] team0: Port device team_slave_1 added
[  106.656200][ T5622] team0: Port device team_slave_1 added
[  106.677181][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.677196][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.677217][ T5620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.755600][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.755614][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.755635][ T5620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.846973][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.846987][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.847007][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.851239][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.851251][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.851272][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.945221][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.945235][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.945256][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.947374][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.947385][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.947406][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.181181][ T5625] Bluetooth: hci3: command tx timeout
[  107.181202][ T4928] Bluetooth: hci0: command tx timeout
[  107.259566][ T4928] Bluetooth: hci2: command tx timeout
[  107.332121][ T5621] hsr_slave_0: entered promiscuous mode
[  107.334264][ T5621] hsr_slave_1: entered promiscuous mode
[  107.341094][ T4928] Bluetooth: hci1: command tx timeout
[  107.412183][ T5620] hsr_slave_0: entered promiscuous mode
[  107.414389][ T5620] hsr_slave_1: entered promiscuous mode
[  107.416019][ T5620] debugfs: 'hsr0' already exists in 'hsr'
[  107.416126][ T5620] Cannot create hsr debugfs directory
[  107.563713][ T5623] hsr_slave_0: entered promiscuous mode
[  107.565484][ T5623] hsr_slave_1: entered promiscuous mode
[  107.567129][ T5623] debugfs: 'hsr0' already exists in 'hsr'
[  107.567157][ T5623] Cannot create hsr debugfs directory
[  107.594779][ T5622] hsr_slave_0: entered promiscuous mode
[  107.597118][ T5622] hsr_slave_1: entered promiscuous mode
[  107.598596][ T5622] debugfs: 'hsr0' already exists in 'hsr'
[  107.598628][ T5622] Cannot create hsr debugfs directory
[  108.745738][ T5621] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  108.786965][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  108.809016][ T5621] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  108.833979][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  108.851278][ T5621] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  108.896755][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  108.928845][ T5621] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  108.966882][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  109.138574][ T5623] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  109.167983][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  109.177496][ T5623] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  109.217130][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  109.232660][ T5623] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  109.259882][ T4928] Bluetooth: hci3: command tx timeout
[  109.269844][ T4928] Bluetooth: hci0: command tx timeout
[  109.289176][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  109.325384][ T5623] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  109.339752][ T4928] Bluetooth: hci2: command tx timeout
[  109.364159][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  109.419615][ T4928] Bluetooth: hci1: command tx timeout
[  109.551324][ T5620] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.601524][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  109.626320][ T5620] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.678110][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  109.697952][ T5620] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.750205][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  109.797149][ T5620] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.826652][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  110.017625][ T5622] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  110.048883][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  110.070685][ T5622] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  110.104276][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  110.114706][ T5622] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  110.154130][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  110.186773][ T5622] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  110.229167][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  110.306512][ T5621] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.495260][ T5621] 8021q: adding VLAN 0 to HW filter on device team0
[  110.550182][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.550617][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.673040][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.673212][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.705261][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.855811][ T5623] 8021q: adding VLAN 0 to HW filter on device team0
[  110.897487][ T5620] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.918993][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.919188][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.002344][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.002495][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.091889][ T5620] 8021q: adding VLAN 0 to HW filter on device team0
[  111.157059][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.231244][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.231425][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.332775][ T1497] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.332949][ T1497] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.339596][ T4928] Bluetooth: hci0: command tx timeout
[  111.339633][ T4928] Bluetooth: hci3: command tx timeout
[  111.429516][ T4928] Bluetooth: hci2: command tx timeout
[  111.468385][ T5622] 8021q: adding VLAN 0 to HW filter on device team0
[  111.510013][ T4928] Bluetooth: hci1: command tx timeout
[  111.565217][ T1007] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.565388][ T1007] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.633314][ T1007] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.633489][ T1007] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.557315][ T5621] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.910363][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.205513][ T5621] veth0_vlan: entered promiscuous mode
[  113.337396][ T5621] veth1_vlan: entered promiscuous mode
[  113.443265][ T5620] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.479794][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.514617][ T5623] veth0_vlan: entered promiscuous mode
[  113.572629][ T5623] veth1_vlan: entered promiscuous mode
[  113.650534][ T5621] veth0_macvtap: entered promiscuous mode
[  113.682678][ T5621] veth1_macvtap: entered promiscuous mode
[  113.813760][ T5620] veth0_vlan: entered promiscuous mode
[  113.829172][ T5622] veth0_vlan: entered promiscuous mode
[  113.847730][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.875111][ T5623] veth0_macvtap: entered promiscuous mode
[  113.898879][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.926825][ T5620] veth1_vlan: entered promiscuous mode
[  113.937986][ T5623] veth1_macvtap: entered promiscuous mode
[  113.953002][ T5622] veth1_vlan: entered promiscuous mode
[  113.997853][ T1497] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.026328][ T1497] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.045424][ T1497] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.075213][ T1497] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.187371][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.339932][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.525470][ T1439] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.559909][ T1439] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.567215][ T1439] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.568797][ T5620] veth0_macvtap: entered promiscuous mode
[  114.612283][ T1439] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.638034][ T5622] veth0_macvtap: entered promiscuous mode
[  114.703153][ T5620] veth1_macvtap: entered promiscuous mode
[  114.763213][ T5622] veth1_macvtap: entered promiscuous mode
[  114.886130][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.886156][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.116986][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.138663][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.213618][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.286791][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.301396][ T1497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.301420][ T1497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.400857][ T1497] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.408567][ T1497] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.480526][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.480549][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.481696][ T1497] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.488837][ T1497] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.574383][ T1497] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.576354][ T1497] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.618317][ T1497] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.635447][ T1497] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.032779][   T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.032804][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.210405][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.210459][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.455009][ T5773] capability: warning: `syz.2.5' uses deprecated v2 capabilities in a way that may be insecure
[  117.542096][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.542120][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.734910][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.734934][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.036709][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.036729][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.743923][ T5780] ==================================================================
[  118.743945][ T5780] BUG: KASAN: slab-use-after-free in clear_tfile_check_list+0x114/0x380
[  118.743990][ T5780] Read of size 8 at addr ffff888037c38a28 by task syz.2.6/5780
[  118.744011][ T5780] 
[  118.744038][ T5780] CPU: 0 UID: 0 PID: 5780 Comm: syz.2.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  118.744065][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  118.744089][ T5780] Call Trace:
[  118.744102][ T5780]  <TASK>
[  118.744112][ T5780]  dump_stack_lvl+0xe8/0x150
[  118.744142][ T5780]  print_address_description+0x55/0x1e0
[  118.744175][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.744209][ T5780]  print_report+0x58/0x70
[  118.744238][ T5780]  kasan_report+0x117/0x150
[  118.744270][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.744311][ T5780]  clear_tfile_check_list+0x114/0x380
[  118.744347][ T5780]  ? clear_tfile_check_list+0x22/0x380
[  118.744384][ T5780]  do_epoll_ctl_file+0x8fd/0xed0
[  118.744416][ T5780]  ? do_epoll_ctl_file+0xac3/0xed0
[  118.744449][ T5780]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  118.744483][ T5780]  ? __fget_files+0x3a6/0x420
[  118.744509][ T5780]  ? __fget_files+0x2a/0x420
[  118.744539][ T5780]  __se_sys_epoll_ctl+0x14e/0x210
[  118.744578][ T5780]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  118.744615][ T5780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.744640][ T5780]  do_syscall_64+0x174/0x580
[  118.744686][ T5780]  ? trace_irq_disable+0x3b/0x140
[  118.744713][ T5780]  ? clear_bhb_loop+0x40/0x90
[  118.744739][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.744762][ T5780] RIP: 0033:0x7fe9a26bce59
[  118.744789][ T5780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.744808][ T5780] RSP: 002b:00007fe9a04b1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  118.744839][ T5780] RAX: ffffffffffffffda RBX: 00007fe9a2936270 RCX: 00007fe9a26bce59
[  118.744857][ T5780] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  118.744871][ T5780] RBP: 00007fe9a2752d6f R08: 0000000000000000 R09: 0000000000000000
[  118.744886][ T5780] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.744902][ T5780] R13: 00007fe9a2936308 R14: 00007fe9a2936270 R15: 00007ffd975125e8
[  118.744929][ T5780]  </TASK>
[  118.744937][ T5780] 
[  118.744943][ T5780] Allocated by task 5779:
[  118.744953][ T5780]  kasan_save_track+0x3e/0x80
[  118.744976][ T5780]  __kasan_slab_alloc+0x6c/0x80
[  118.745001][ T5780]  kmem_cache_alloc_noprof+0x33b/0x680
[  118.745026][ T5780]  ep_insert+0x512/0x1820
[  118.745053][ T5780]  do_epoll_ctl_file+0x8bb/0xed0
[  118.745081][ T5780]  __se_sys_epoll_ctl+0x14e/0x210
[  118.745110][ T5780]  do_syscall_64+0x174/0x580
[  118.745142][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.745290][ T5780] 
[  118.745297][ T5780] Freed by task 5777:
[  118.745312][ T5780]  kasan_save_track+0x3e/0x80
[  118.745337][ T5780]  kasan_save_free_info+0x46/0x50
[  118.745369][ T5780]  __kasan_slab_free+0x5c/0x80
[  118.745390][ T5780]  kmem_cache_free+0x187/0x6c0
[  118.745415][ T5780]  eventpoll_release_file+0xc2/0x240
[  118.745443][ T5780]  __fput+0x83c/0xa70
[  118.745466][ T5780]  task_work_run+0x1d9/0x270
[  118.745490][ T5780]  get_signal+0x11eb/0x1330
[  118.745520][ T5780]  arch_do_signal_or_restart+0xbc/0x840
[  118.745542][ T5780]  exit_to_user_mode_loop+0xa9/0x680
[  118.745567][ T5780]  do_syscall_64+0x353/0x580
[  118.745601][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.745623][ T5780] 
[  118.745629][ T5780] The buggy address belongs to the object at ffff888037c38a20
[  118.745629][ T5780]  which belongs to the cache ep_head of size 16
[  118.745649][ T5780] The buggy address is located 8 bytes inside of
[  118.745649][ T5780]  freed 16-byte region [ffff888037c38a20, ffff888037c38a30)
[  118.745674][ T5780] 
[  118.745680][ T5780] The buggy address belongs to the physical page:
[  118.745713][ T5780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888037c38be0 pfn:0x37c38
[  118.745736][ T5780] memcg:ffff88802c444001
[  118.745758][ T5780] flags: 0x80000000000200(workingset|node=0|zone=1)
[  118.745789][ T5780] page_type: f5(slab)
[  118.745811][ T5780] raw: 0080000000000200 ffff88814041cdc0 ffffea0000fbe690 ffff88801af68088
[  118.745834][ T5780] raw: ffff888037c38be0 0000000800800036 00000000f5000000 ffff88802c444001
[  118.745846][ T5780] page dumped because: kasan: bad access detected
[  118.745864][ T5780] page_owner tracks the page as allocated
[  118.745873][ T5780] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4979, tgid 4979 (udevd), ts 35257315242, free_ts 0
[  118.745913][ T5780]  post_alloc_hook+0x1f9/0x250
[  118.745938][ T5780]  get_page_from_freelist+0x265c/0x26e0
[  118.745969][ T5780]  __alloc_frozen_pages_noprof+0x18d/0x380
[  118.745999][ T5780]  allocate_slab+0x74/0x5e0
[  118.746030][ T5780]  refill_objects+0x33c/0x3d0
[  118.746060][ T5780]  __pcs_replace_empty_main+0x373/0x720
[  118.746095][ T5780]  kmem_cache_alloc_noprof+0x433/0x680
[  118.746119][ T5780]  ep_insert+0x512/0x1820
[  118.746145][ T5780]  do_epoll_ctl_file+0x8bb/0xed0
[  118.746172][ T5780]  __se_sys_epoll_ctl+0x14e/0x210
[  118.746198][ T5780]  do_syscall_64+0x174/0x580
[  118.746230][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.746251][ T5780] page_owner free stack trace missing
[  118.746258][ T5780] 
[  118.746263][ T5780] Memory state around the buggy address:
[  118.746274][ T5780]  ffff888037c38900: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  118.746293][ T5780]  ffff888037c38980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  118.746311][ T5780] >ffff888037c38a00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  118.746324][ T5780]                                   ^
[  118.746336][ T5780]  ffff888037c38a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  118.746351][ T5780]  ffff888037c38b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[  118.746364][ T5780] ==================================================================
[  118.860442][ T5780] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  118.860470][ T5780] CPU: 1 UID: 0 PID: 5780 Comm: syz.2.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  118.860510][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  118.860525][ T5780] Call Trace:
[  118.860534][ T5780]  <TASK>
[  118.860543][ T5780]  vpanic+0x56c/0xa60
[  118.860584][ T5780]  ? __pfx_vpanic+0x10/0x10
[  118.860615][ T5780]  ? __pfx___schedule+0x10/0x10
[  118.860647][ T5780]  panic+0xc5/0xd0
[  118.860674][ T5780]  ? __pfx_panic+0x10/0x10
[  118.860701][ T5780]  ? preempt_schedule_thunk+0x16/0x40
[  118.860735][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.860765][ T5780]  check_panic_on_warn+0x89/0xb0
[  118.860787][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.860815][ T5780]  end_report+0x73/0x170
[  118.860839][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.860864][ T5780]  kasan_report+0x128/0x150
[  118.860887][ T5780]  ? clear_tfile_check_list+0x114/0x380
[  118.860917][ T5780]  clear_tfile_check_list+0x114/0x380
[  118.860945][ T5780]  ? clear_tfile_check_list+0x22/0x380
[  118.860972][ T5780]  do_epoll_ctl_file+0x8fd/0xed0
[  118.860999][ T5780]  ? do_epoll_ctl_file+0xac3/0xed0
[  118.861024][ T5780]  ? __pfx_do_epoll_ctl_file+0x10/0x10
[  118.861049][ T5780]  ? __fget_files+0x3a6/0x420
[  118.861071][ T5780]  ? __fget_files+0x2a/0x420
[  118.861095][ T5780]  __se_sys_epoll_ctl+0x14e/0x210
[  118.861123][ T5780]  ? __pfx___se_sys_epoll_ctl+0x10/0x10
[  118.861151][ T5780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.861171][ T5780]  do_syscall_64+0x174/0x580
[  118.861201][ T5780]  ? trace_irq_disable+0x3b/0x140
[  118.861222][ T5780]  ? clear_bhb_loop+0x40/0x90
[  118.861243][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.861262][ T5780] RIP: 0033:0x7fe9a26bce59
[  118.861280][ T5780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.861297][ T5780] RSP: 002b:00007fe9a04b1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  118.861319][ T5780] RAX: ffffffffffffffda RBX: 00007fe9a2936270 RCX: 00007fe9a26bce59
[  118.861333][ T5780] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006
[  118.861345][ T5780] RBP: 00007fe9a2752d6f R08: 0000000000000000 R09: 0000000000000000
[  118.861357][ T5780] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.861369][ T5780] R13: 00007fe9a2936308 R14: 00007fe9a2936270 R15: 00007ffd975125e8
[  118.861392][ T5780]  </TASK>
[  118.866837][ T5780] Kernel Offset: disabled