last executing test programs:

1m11.264891702s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

59.050872423s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

46.925191091s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

33.349896293s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

27.425760029s ago: executing program 2 (id=13136):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}], 0x1c)

27.232340801s ago: executing program 2 (id=13139):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r0, 0x2, 0x0, 0x7, &(0x7f0000000140)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

27.09645244s ago: executing program 2 (id=13141):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r2, 0x5}, 0x8)

26.963035938s ago: executing program 2 (id=13142):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x11, 0x3, 0x4000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'ip6gretap0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
getsockname$packet(r1, 0x0, &(0x7f0000000140))

22.422073795s ago: executing program 1 (id=13192):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0)

22.230978873s ago: executing program 1 (id=13195):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}, {{&(0x7f0000001180)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000004d00)='f', 0x1}], 0x1}}], 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r2=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={r2, 0x5}, 0x8)

22.016266391s ago: executing program 1 (id=13197):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000ac0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="02"], 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)

21.796522718s ago: executing program 1 (id=13200):
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..'])
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

21.270136145s ago: executing program 1 (id=13208):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x2, {}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x2, 0x1, 0x0, 0x0, "6ac6acd41ff800"}}, 0x48}}, 0x20000400)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x1, 0x0, 0xfffffff8, {0x77359400}, {0x0, 0xea60}, {0x4, 0x1, 0x1}, 0x1, @can={{0x2, 0x1, 0x0, 0x1}, 0x5, 0x3, 0x0, 0x0, "e1d1f55a4351ea72"}}, 0x48}, 0x1, 0x0, 0x0, 0x20018840}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)

19.663033088s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

13.836332278s ago: executing program 2 (id=13142):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x11, 0x3, 0x4000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'ip6gretap0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
getsockname$packet(r1, 0x0, &(0x7f0000000140))

4.228603333s ago: executing program 1 (id=13208):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x2, {}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{}, 0x2, 0x1, 0x0, 0x0, "6ac6acd41ff800"}}, 0x48}}, 0x20000400)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x1, 0x0, 0xfffffff8, {0x77359400}, {0x0, 0xea60}, {0x4, 0x1, 0x1}, 0x1, @can={{0x2, 0x1, 0x0, 0x1}, 0x5, 0x3, 0x0, 0x0, "e1d1f55a4351ea72"}}, 0x48}, 0x1, 0x0, 0x0, 0x20018840}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)

3.624013618s ago: executing program 0 (id=12500):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xfdef)

2.214908649s ago: executing program 4 (id=13312):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f0000000440)="a6e2", 0x2, 0x24040055, 0x0, 0x0)
recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000780)=""/243, 0x11000}], 0x1}, 0x142)

2.067181933s ago: executing program 4 (id=13313):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x804)

2.028736267s ago: executing program 3 (id=13314):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$can_raw(r1, &(0x7f00000052c0)={0x0, 0x0, &(0x7f0000005280)={&(0x7f0000005240)=@can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "c52b9724163ca92b"}, 0x10}, 0x1, 0x0, 0x0, 0x8040}, 0x4004000)
recvmmsg(r1, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}, 0x2000001}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)=""/236, 0xec}], 0x1}}], 0x2, 0x60, 0x0)

1.936856919s ago: executing program 4 (id=13315):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000024c0)={0x68, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x42, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x10}, @device_b, @device_a, @initial, {0xc, 0x9}, @value=@ver_80211n={0x0, 0x60, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x2f20, 0x2, {}, @void, @val={0x2d, 0x1a, {0x80, 0x2, 0x2, 0x0, {0xf, 0x9, 0x0, 0x9, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x8, 0x3, 0x5}}}}]}, 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

1.915772505s ago: executing program 3 (id=13316):
connect$caif(0xffffffffffffffff, &(0x7f00000001c0)=@util={0x25, "54aae270be68106906485a82fbac51e9"}, 0x18)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x3]}})
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x1}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xe4}]}, 0x3c}}, 0x0)

1.612968689s ago: executing program 4 (id=13317):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000001180), r1)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000001240)={0x4c, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040005}, 0x895)

1.575984645s ago: executing program 3 (id=13318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r2, 0x0, 0xb9b}, 0x18)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

1.380481891s ago: executing program 4 (id=13319):
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e21, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x5, 0x14, 0x0, &(0x7f0000000000)='%', 0x0, 0x7fffffff, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x24048062)

1.250806397s ago: executing program 3 (id=13320):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/69, 0x45}], 0x1}, 0x3}], 0x1, 0x120, 0x0)

1.089079733s ago: executing program 3 (id=13321):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32=r3, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x0)

292.558916ms ago: executing program 4 (id=13322):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000009c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000980)='%pB    \x00'}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f0000000440)=""/91}, 0x20)

153.580525ms ago: executing program 3 (id=13323):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)={0x44, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

0s ago: executing program 2 (id=13142):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x11, 0x3, 0x4000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'ip6gretap0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
getsockname$packet(r1, 0x0, &(0x7f0000000140))

kernel console output (not intermixed with test programs):

 link
[  393.397263][T23691] netlink: 'syz.0.8418': attribute type 1 has an invalid length.
[  393.424887][T23691] netlink: 'syz.0.8418': attribute type 3 has an invalid length.
[  393.453203][T23691] netlink: 224 bytes leftover after parsing attributes in process `syz.0.8418'.
[  393.553759][T23700] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8421'.
[  394.136946][T23739] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  394.157463][T23739] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  395.200585][T23810] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  395.261241][T23812] validate_nla: 1 callbacks suppressed
[  395.261261][T23812] netlink: 'syz.2.8476': attribute type 11 has an invalid length.
[  396.459899][T23878] netlink: 'syz.3.8508': attribute type 5 has an invalid length.
[  397.222702][T23913] syz.0.8525 (23913) used obsolete PPPIOCDETACH ioctl
[  397.393708][T23927] __nla_validate_parse: 11 callbacks suppressed
[  397.393724][T23927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8532'.
[  397.492971][T23935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8535'.
[  397.547489][T23935] netlink: 'syz.1.8535': attribute type 30 has an invalid length.
[  397.556957][T23939] netlink: 18 bytes leftover after parsing attributes in process `syz.0.8538'.
[  397.574564][T23935] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8535'.
[  398.485830][T23991] netlink: 64 bytes leftover after parsing attributes in process `syz.0.8560'.
[  398.628616][T24000] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.8566'.
[  398.749435][T24009] netlink: 'syz.0.8570': attribute type 1 has an invalid length.
[  398.759669][T24009] netlink: 236 bytes leftover after parsing attributes in process `syz.0.8570'.
[  398.905199][T24014] sit1: entered promiscuous mode
[  398.913776][T24014] sit1: entered allmulticast mode
[  398.921017][T24015] IPVS: Error joining to the multicast group
[  399.228665][T24035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8583'.
[  400.170066][T24089] bridge0: port 1(batadv_slave_1) entered blocking state
[  400.203307][T24089] bridge0: port 1(batadv_slave_1) entered disabled state
[  400.213947][T24089] batadv_slave_1: entered allmulticast mode
[  400.225876][T24089] batadv_slave_1: entered promiscuous mode
[  400.237051][T24089] bridge0: port 1(batadv_slave_1) entered blocking state
[  400.244534][T24089] bridge0: port 1(batadv_slave_1) entered forwarding state
[  400.351014][T24102] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8615'.
[  400.431506][T24108] netlink: 'syz.1.8618': attribute type 2 has an invalid length.
[  400.557059][T24114] erspan0: left allmulticast mode
[  400.647762][T24114] bridge0: port 1(batadv_slave_1) entered disabled state
[  400.802425][T24114] A link change request failed with some changes committed already. Interface veth1_to_bridge may have been left with an inconsistent configuration, please check.
[  401.265946][T24160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8643'.
[  401.667501][T24186] smc: net device erspan0 applied user defined pnetid SYZ0
[  402.003900][T24208] netlink: 'syz.2.8667': attribute type 13 has an invalid length.
[  402.390766][T24233] pim6reg: entered allmulticast mode
[  402.536697][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  402.720658][T24253] openvswitch: netlink: IPv6 tunnel dst address is zero
[  403.056253][T24270] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  403.649307][T24309] netlink: 'syz.2.8712': attribute type 4 has an invalid length.
[  403.675869][T24309] __nla_validate_parse: 2 callbacks suppressed
[  403.675886][T24309] netlink: 17 bytes leftover after parsing attributes in process `syz.2.8712'.
[  403.737168][T24316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8717'.
[  403.783486][T24316] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  403.812595][T24316] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  404.070257][T24336] netlink: 'syz.1.8727': attribute type 2 has an invalid length.
[  404.977705][T24391] netlink: 'syz.2.8754': attribute type 1 has an invalid length.
[  405.012030][T24391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8754'.
[  405.399247][ T5944] IPVS: starting estimator thread 0...
[  405.503523][T24420] IPVS: using max 28 ests per chain, 67200 per kthread
[  406.015481][T24460] vlan3: entered promiscuous mode
[  406.020651][T24460] gretap0: entered promiscuous mode
[  406.059391][T24465] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8789'.
[  406.227089][T24474] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8794'.
[  406.525863][T24494] netlink: 'syz.3.8804': attribute type 11 has an invalid length.
[  406.809075][T24511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8812'.
[  407.547474][T24561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8835'.
[  407.561158][T24561] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  407.577205][T24561] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  408.631295][T24621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8864'.
[  408.635547][T24623] netlink: 312 bytes leftover after parsing attributes in process `syz.3.8865'.
[  408.671102][T24621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8864'.
[  408.682496][T24621] netlink: 'syz.0.8864': attribute type 14 has an invalid length.
[  408.782892][T24629] netlink: 'syz.3.8868': attribute type 33 has an invalid length.
[  409.589224][T24682] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8893'.
[  409.605677][T24682] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8893'.
[  409.931423][T24702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8903'.
[  409.958214][T24702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8903'.
[  410.613359][T24741] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  410.670215][T24747] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  410.715792][T24747] team0: Device macvtap1 is already an upper device of the team interface
[  410.800313][T24750] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8927'.
[  411.249594][T24760] bond0: left allmulticast mode
[  411.835889][T24760] ipvlan0: left promiscuous mode
[  411.840892][T24760] ipvlan0: left allmulticast mode
[  411.846925][T24760] veth0_vlan: left allmulticast mode
[  411.986809][T24760] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.014177][T24760] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.023982][T24760] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.032875][T24760] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.217995][T24760] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  412.227014][T24760] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  412.236096][T24760] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  412.245232][T24760] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  412.283864][T24760] vlan2: left promiscuous mode
[  412.288662][T24760] bridge0: left promiscuous mode
[  413.120858][T24848] netlink: 212364 bytes leftover after parsing attributes in process `syz.2.8966'.
[  413.142345][T24848] openvswitch: netlink: Message has 5 unknown bytes.
[  413.507854][T24873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8976'.
[  413.557520][T24878] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  413.684374][T24886] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8981'.
[  413.717573][T24883] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8981'.
[  414.708464][T24938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9007'.
[  414.731433][T24938] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9007'.
[  414.754488][T24938] netlink: 'syz.4.9007': attribute type 14 has an invalid length.
[  414.762481][T24938] netlink: 'syz.4.9007': attribute type 13 has an invalid length.
[  414.955372][T24944] : entered promiscuous mode
[  415.460960][T24974] netlink: 'syz.2.9024': attribute type 2 has an invalid length.
[  415.882135][T25007] netlink: 'syz.1.9040': attribute type 29 has an invalid length.
[  415.894074][T25007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9040'.
[  415.916697][T25007] netlink: 'syz.1.9040': attribute type 29 has an invalid length.
[  415.925458][T25007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9040'.
[  416.112043][T25015] IPVS: Scheduler module ip_vs_sip not found
[  416.328659][T24978] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  416.335814][T25034] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9053'.
[  416.623017][T25052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9059'.
[  417.147340][T25087] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9077'.
[  417.249727][T25095] openvswitch: netlink: IPv6 tunnel dst address is zero
[  417.854136][T25125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9096'.
[  417.951076][T25130] tipc: Started in network mode
[  417.970155][T25130] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  417.989665][T25130] tipc: Enabled bearer <eth:ipvlan0>, priority 10
[  418.187141][T25147] netlink: 176 bytes leftover after parsing attributes in process `syz.0.9105'.
[  418.223598][T25147] netlink: 32 bytes leftover after parsing attributes in process `syz.0.9105'.
[  418.420599][T25160] pim6reg527: entered allmulticast mode
[  418.753925][T25180] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  418.796205][T25180] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  418.889335][T25190] tipc: Enabled bearer <eth:team0>, priority 0
[  419.104181][ T5944] tipc: Node number set to 10136234
[  419.192240][T25217] netlink: 'syz.2.9140': attribute type 32 has an invalid length.
[  419.612629][T25244] netlink: 'syz.0.9150': attribute type 4 has an invalid length.
[  419.903505][T25255] __nla_validate_parse: 1 callbacks suppressed
[  419.903522][T25255] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9155'.
[  420.441029][T25294] netlink: 'syz.4.9174': attribute type 3 has an invalid length.
[  420.901371][T25324] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  420.916089][T25324] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9189'.
[  420.926398][T25324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9189'.
[  421.252336][T25340] Bluetooth: MGMT ver 1.23
[  421.682675][T25364] tipc: Enabling of bearer <u˩:s> rejected, media not registered
[  421.782515][T25372] netlink: 100 bytes leftover after parsing attributes in process `syz.0.9210'.
[  422.589803][T25428] netlink: 'syz.2.9238': attribute type 1 has an invalid length.
[  422.855351][T25447] netlink: 'syz.0.9248': attribute type 1 has an invalid length.
[  422.873797][T25447] netlink: 236 bytes leftover after parsing attributes in process `syz.0.9248'.
[  423.181968][T25467] netlink: 'syz.0.9256': attribute type 2 has an invalid length.
[  423.199352][T25470] xt_hashlimit: max too large, truncated to 1048576
[  423.223447][T25467] netlink: 'syz.0.9256': attribute type 2 has an invalid length.
[  423.444885][T25488] netlink: 'syz.3.9266': attribute type 3 has an invalid length.
[  423.850419][T25514] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  425.159260][T25596] netlink: 'syz.1.9323': attribute type 1 has an invalid length.
[  425.210530][T25603] sctp: [Deprecated]: syz.0.9320 (pid 25603) Use of int in maxseg socket option.
[  425.210530][T25603] Use struct sctp_assoc_value instead
[  425.815604][T25646] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  426.108592][T25663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9352'.
[  426.810009][T25699] netlink: 'syz.4.9368': attribute type 3 has an invalid length.
[  426.844141][T25699] netlink: 766 bytes leftover after parsing attributes in process `syz.4.9368'.
[  427.572686][T25753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9391'.
[  427.582251][T25755] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.9393'.
[  427.634245][T25753] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9391'.
[  427.966918][T25781] netlink: 'syz.2.9405': attribute type 1 has an invalid length.
[  427.984986][T25781] netlink: 204 bytes leftover after parsing attributes in process `syz.2.9405'.
[  428.037175][T25786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9408'.
[  428.066470][T25786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9408'.
[  428.748554][T25835] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  428.806111][T25837] netlink: 240 bytes leftover after parsing attributes in process `syz.0.9432'.
[  428.823983][T25839] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.9433'.
[  429.756348][T25900] netlink: 'syz.4.9463': attribute type 1 has an invalid length.
[  429.766834][T25900] netlink: 'syz.4.9463': attribute type 1 has an invalid length.
[  429.974673][T25915] : renamed from hsr0 (while UP)
[  432.387325][T26052] macvlan2: entered promiscuous mode
[  432.399034][T26052] macvlan2: entered allmulticast mode
[  432.858247][T26083] __nla_validate_parse: 8 callbacks suppressed
[  432.858265][T26083] netlink: 212404 bytes leftover after parsing attributes in process `syz.4.9551'.
[  433.264509][T26115] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.9564'.
[  433.552691][T26135] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.9571'.
[  433.578163][T26130] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.9571'.
[  434.210273][T26178] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  434.647566][T26205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9608'.
[  434.771228][T26212] netlink: 'syz.2.9611': attribute type 32 has an invalid length.
[  434.806208][T26212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9611'.
[  434.848437][T26212] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  435.604411][T26266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9636'.
[  435.955718][T26289] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  436.355072][T26317] netlink: 32 bytes leftover after parsing attributes in process `syz.4.9661'.
[  436.588044][T26330] net veth1_virt_wifi .: renamed from virt_wifi0
[  436.705511][T26338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9671'.
[  436.901604][T26351] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9677'.
[  437.351157][T26381] atomic_op ffff888063034198 conn xmit_atomic 0000000000000000
[  438.112130][T26428] netlink: 'syz.4.9713': attribute type 1 has an invalid length.
[  439.140017][T26496] __nla_validate_parse: 4 callbacks suppressed
[  439.140038][T26496] netlink: 96 bytes leftover after parsing attributes in process `syz.1.9746'.
[  439.199437][T26496] vlan3: entered allmulticast mode
[  439.216493][T26496] gretap0: entered allmulticast mode
[  439.327738][T26508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9751'.
[  439.505386][T26521] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  439.774612][T26538] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  439.888329][T26542] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9768'.
[  439.904876][T26542] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9768'.
[  439.930197][T26531] syz.0.9763 (26531) used greatest stack depth: 17992 bytes left
[  439.933478][T26542] netlink: 'syz.3.9768': attribute type 15 has an invalid length.
[  439.949758][T26548] tipc: Failed to obtain node identity
[  439.957991][T26548] tipc: Enabling of bearer <ib:gretap0> rejected, failed to enable media
[  440.109928][T26557] veth0: entered promiscuous mode
[  440.117939][T26556] veth0: left promiscuous mode
[  440.148220][T26559] netlink: 'syz.3.9774': attribute type 1 has an invalid length.
[  440.169264][T26559] netlink: 172 bytes leftover after parsing attributes in process `syz.3.9774'.
[  441.411884][T26646] netlink: 64 bytes leftover after parsing attributes in process `syz.0.9814'.
[  442.610464][T26728] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9853'.
[  442.659409][T26730] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9855'.
[  443.042950][T26753] sch_tbf: burst 8 is lower than device ip6tnl0 mtu (65485) !
[  443.090059][T26758] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9868'.
[  443.180273][T26762] netlink: 'syz.2.9870': attribute type 9 has an invalid length.
[  443.194163][T26762] netlink: 212260 bytes leftover after parsing attributes in process `syz.2.9870'.
[  443.940128][T26797] netlink: 'syz.3.9886': attribute type 29 has an invalid length.
[  443.956028][T26797] netlink: 'syz.3.9886': attribute type 29 has an invalid length.
[  443.969275][T26797] netlink: 'syz.3.9886': attribute type 29 has an invalid length.
[  444.010525][T26800] tap0: tun_chr_ioctl cmd 2148553947
[  445.619568][T26911] openvswitch: netlink: IP tunnel TTL not specified.
[  445.822896][T26925] __nla_validate_parse: 3 callbacks suppressed
[  445.822914][T26925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9945'.
[  446.317863][T26957] netlink: 'syz.0.9961': attribute type 5 has an invalid length.
[  446.519873][T26968] netlink: 'syz.3.9966': attribute type 6 has an invalid length.
[  446.940422][T26995] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9979'.
[  447.078469][T27006] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9984'.
[  447.334094][T27025] dvmrp0: entered allmulticast mode
[  447.360327][T27025] dvmrp0: left allmulticast mode
[  448.372708][T27095] netlink: 'syz.0.10023': attribute type 14 has an invalid length.
[  448.520705][T27103] syz.0.10026: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  448.541989][T27103] CPU: 1 UID: 0 PID: 27103 Comm: syz.0.10026 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) 
[  448.542017][T27103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  448.542036][T27103] Call Trace:
[  448.542045][T27103]  <TASK>
[  448.542054][T27103]  dump_stack_lvl+0x189/0x250
[  448.542092][T27103]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.542128][T27103]  ? __pfx__printk+0x10/0x10
[  448.542149][T27103]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  448.542170][T27103]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  448.542193][T27103]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  448.542216][T27103]  warn_alloc+0x214/0x310
[  448.542238][T27103]  ? stack_depot_save_flags+0x40/0x900
[  448.542266][T27103]  ? __pfx_warn_alloc+0x10/0x10
[  448.542289][T27103]  ? kasan_save_track+0x4f/0x80
[  448.542317][T27103]  ? xskq_create+0x56/0x170
[  448.542341][T27103]  ? xsk_init_queue+0xb0/0x110
[  448.542364][T27103]  ? xsk_setsockopt+0x43f/0x710
[  448.542386][T27103]  ? do_sock_setsockopt+0x257/0x3e0
[  448.542405][T27103]  ? __x64_sys_setsockopt+0x18b/0x220
[  448.542424][T27103]  ? do_syscall_64+0xfa/0x3b0
[  448.542439][T27103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.542465][T27103]  __vmalloc_node_range_noprof+0x125/0x12f0
[  448.542515][T27103]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  448.542538][T27103]  ? xskq_create+0x56/0x170
[  448.542565][T27103]  ? __kasan_kmalloc+0x93/0xb0
[  448.542586][T27103]  vmalloc_user_noprof+0xad/0xf0
[  448.542606][T27103]  ? xskq_create+0xbf/0x170
[  448.542633][T27103]  xskq_create+0xbf/0x170
[  448.542662][T27103]  xsk_init_queue+0xb0/0x110
[  448.542689][T27103]  xsk_setsockopt+0x43f/0x710
[  448.542716][T27103]  ? __pfx_xsk_setsockopt+0x10/0x10
[  448.542739][T27103]  ? __lock_acquire+0xab9/0xd20
[  448.542774][T27103]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  448.542797][T27103]  ? __pfx_xsk_setsockopt+0x10/0x10
[  448.542823][T27103]  do_sock_setsockopt+0x257/0x3e0
[  448.542847][T27103]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  448.542874][T27103]  ? __fget_files+0x2a/0x420
[  448.542907][T27103]  __x64_sys_setsockopt+0x18b/0x220
[  448.542935][T27103]  do_syscall_64+0xfa/0x3b0
[  448.542950][T27103]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.542976][T27103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.542994][T27103]  ? clear_bhb_loop+0x60/0xb0
[  448.543017][T27103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.543040][T27103] RIP: 0033:0x7f4a2f78e929
[  448.543061][T27103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.543078][T27103] RSP: 002b:00007f4a306c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  448.543103][T27103] RAX: ffffffffffffffda RBX: 00007f4a2f9b5fa0 RCX: 00007f4a2f78e929
[  448.543117][T27103] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  448.543128][T27103] RBP: 00007f4a2f810b39 R08: 0000000000000004 R09: 0000000000000000
[  448.543140][T27103] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  448.543152][T27103] R13: 0000000000000000 R14: 00007f4a2f9b5fa0 R15: 00007ffc86f792a8
[  448.543182][T27103]  </TASK>
[  448.855510][T27103] Mem-Info:
[  448.882782][T27103] active_anon:5672 inactive_anon:0 isolated_anon:0
[  448.882782][T27103]  active_file:1140 inactive_file:39973 isolated_file:0
[  448.882782][T27103]  unevictable:768 dirty:331 writeback:0
[  448.882782][T27103]  slab_reclaimable:11737 slab_unreclaimable:117676
[  448.882782][T27103]  mapped:29040 shmem:1388 pagetables:1420
[  448.882782][T27103]  sec_pagetables:0 bounce:0
[  448.882782][T27103]  kernel_misc_reclaimable:0
[  448.882782][T27103]  free:1306522 free_pcp:15812 free_cma:0
[  448.950231][T27103] Node 0 active_anon:22788kB inactive_anon:0kB active_file:4560kB inactive_file:159692kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116160kB dirty:1320kB writeback:0kB shmem:4016kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12876kB pagetables:5832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  448.992586][T27103] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  449.050119][T27103] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  449.115831][T27103] lowmem_reserve[]: 0 2500 2502 2502 2502
[  449.152763][T27103] Node 0 DMA32 free:1306936kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22840kB inactive_anon:0kB active_file:4560kB inactive_file:157852kB unevictable:1536kB writepending:1320kB present:3129332kB managed:2561004kB mlocked:0kB bounce:0kB free_pcp:44140kB local_pcp:21444kB free_cma:0kB
[  449.212353][T27103] lowmem_reserve[]: 0 0 1 1 1
[  449.224046][T27103] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  449.303408][T27103] lowmem_reserve[]: 0 0 0 0 0
[  449.308871][T27103] Node 1 Normal free:3902076kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19876kB local_pcp:10016kB free_cma:0kB
[  449.382339][T27103] lowmem_reserve[]: 0 0 0 0 0
[  449.404197][T27103] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  449.436781][T27103] Node 0 DMA32: 398*4kB (UME) 1030*8kB (UM) 777*16kB (UM) 859*32kB (UME) 719*64kB (UME) 438*128kB (UM) 450*256kB (UME) 326*512kB (UME) 193*1024kB (UM) 1*2048kB (M) 164*4096kB (UM) = 1305368kB
[  449.491960][T27103] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  449.517222][T27103] Node 1 Normal: 205*4kB (UE) 47*8kB (UME) 43*16kB (UME) 77*32kB (UME) 26*64kB (UME) 8*128kB (UME) 5*256kB (UME) 3*512kB (ME) 3*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902076kB
[  449.544098][T27103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  449.556281][T27103] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  449.568480][T27103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  449.579334][T27103] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  449.590084][T27103] 42497 total pagecache pages
[  449.596222][T27103] 0 pages in swap cache
[  449.600555][T27103] Free swap  = 124996kB
[  449.605791][T27103] Total swap = 124996kB
[  449.610035][T27103] 2097051 pages RAM
[  449.614891][T27103] 0 pages HighMem/MovableOnly
[  449.619648][T27103] 424694 pages reserved
[  449.625481][T27103] 0 pages cma reserved
[  449.742629][T27144] netlink: 1036 bytes leftover after parsing attributes in process `syz.1.10041'.
[  449.759924][T27145] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  449.804462][T27144] sch_tbf: burst 0 is lower than device lo mtu (39799) !
[  450.229534][T27170] macvtap1: entered promiscuous mode
[  450.249328][T27170] vlan0: entered promiscuous mode
[  450.264155][T27170] macvtap1: entered allmulticast mode
[  450.273964][T27170] vlan0: entered allmulticast mode
[  450.280718][T27170] veth0_vlan: entered allmulticast mode
[  450.309740][T27169] gtp0: entered promiscuous mode
[  450.324350][T27169] gtp0: entered allmulticast mode
[  451.043642][T27212] netlink: 48 bytes leftover after parsing attributes in process `syz.4.10077'.
[  451.153220][T27222] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  451.193921][T27226] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10082'.
[  451.700632][T27262] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.10101'.
[  451.715299][T27259] tun0: tun_chr_ioctl cmd 1074025675
[  451.720623][T27259] tun0: persist disabled
[  451.919188][T27275] netlink: 104 bytes leftover after parsing attributes in process `syz.0.10107'.
[  452.550856][T27316] tap0: tun_chr_ioctl cmd 1074025677
[  452.561582][T27316] tap0: linktype set to 65534
[  452.858602][T27331] sctp: [Deprecated]: syz.1.10133 (pid 27331) Use of struct sctp_assoc_value in delayed_ack socket option.
[  452.858602][T27331] Use struct sctp_sack_info instead
[  452.991640][T27342] openvswitch: netlink: IP tunnel dst address not specified
[  453.138202][T27352] netlink: 'syz.4.10142': attribute type 6 has an invalid length.
[  454.624888][T27438] netlink: 64 bytes leftover after parsing attributes in process `syz.3.10183'.
[  455.317659][T27483] sch_tbf: burst 4 is lower than device ip6tnl0 mtu (1452) !
[  455.334241][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  455.351990][T27485] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10205'.
[  455.856463][T27514] netlink: 'syz.0.10220': attribute type 39 has an invalid length.
[  456.068168][T27524] block nbd0: Unsupported socket: shutdown callout must be supported.
[  456.176379][T27532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10225'.
[  456.353875][T27537] sctp: [Deprecated]: syz.1.10231 (pid 27537) Use of int in max_burst socket option deprecated.
[  456.353875][T27537] Use struct sctp_assoc_value instead
[  456.752029][T27570] vxcan1: tx address claim with dlc 0
[  457.094741][T27591] netlink: 104 bytes leftover after parsing attributes in process `syz.1.10256'.
[  457.434524][T27615] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10265'.
[  457.475889][T27615] batadv0: entered promiscuous mode
[  457.487480][T27615] team0: entered promiscuous mode
[  457.515584][T27615] hsr1: entered promiscuous mode
[  457.533785][T27615] hsr1: entered allmulticast mode
[  457.555395][T27624] netlink: 'syz.3.10268': attribute type 16 has an invalid length.
[  457.563385][T27615] batadv0: entered allmulticast mode
[  457.568697][T27615] team0: entered allmulticast mode
[  457.582885][T27624] netlink: 'syz.3.10268': attribute type 17 has an invalid length.
[  457.600066][T27621] tipc: Resetting bearer <eth:xfrm0>
[  457.607594][T27621] tipc: Resetting bearer <eth:xfrm0>
[  457.630478][T27628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10271'.
[  457.693295][T27628] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10271'.
[  457.741417][T27631] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10273'.
[  458.347969][T27668] netlink: 2 bytes leftover after parsing attributes in process `syz.1.10291'.
[  459.041143][T27718] lo: entered allmulticast mode
[  459.291042][T27732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10321'.
[  459.328061][T27736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10322'.
[  459.341712][T27736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10322'.
[  459.442057][T27744] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  459.844668][T27769] veth0: entered promiscuous mode
[  459.850401][T27768] veth0: left promiscuous mode
[  460.735925][T27828] openvswitch: netlink: IP tunnel TTL not specified.
[  460.870281][T27837] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  460.908308][T27837] openvswitch: netlink: Duplicate key (type 0).
[  461.377796][T27874] __nla_validate_parse: 2 callbacks suppressed
[  461.377814][T27874] netlink: 284 bytes leftover after parsing attributes in process `syz.4.10385'.
[  461.410752][T27876] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10386'.
[  461.805424][T27895] block nbd0: server does not support multiple connections per device.
[  461.831033][T27895] block nbd0: shutting down sockets
[  462.018677][T27912] netlink: 104 bytes leftover after parsing attributes in process `syz.0.10403'.
[  462.326139][T27935] netlink: 'syz.2.10414': attribute type 3 has an invalid length.
[  462.338471][T27935] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  462.341997][T27937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10415'.
[  462.479339][T27943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10418'.
[  462.889715][T27959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10425'.
[  462.956417][T27963] netlink: 88 bytes leftover after parsing attributes in process `syz.4.10427'.
[  462.980321][T27963] netem: invalid attributes len -24
[  462.992022][T27963] netem: change failed
[  463.528524][T27998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10445'.
[  463.550681][T27998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10445'.
[  463.561355][T27998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10445'.
[  463.575936][T28001] sch_tbf: burst 0 is lower than device lo mtu (80) !
[  463.951937][T28029] netlink: 'syz.3.10461': attribute type 83 has an invalid length.
[  464.715416][T28079] netlink: 'syz.3.10483': attribute type 10 has an invalid length.
[  466.461765][T28185] netlink: 'syz.4.10534': attribute type 83 has an invalid length.
[  467.186463][T28231] __nla_validate_parse: 10 callbacks suppressed
[  467.186485][T28231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10556'.
[  467.272527][T28239] 8021q: adding VLAN 0 to HW filter on device team0
[  467.292660][T28239] tipc: Resetting bearer <eth:team0>
[  467.312339][T28239] team0: Cannot enslave team device to itself
[  467.418154][T28243] netlink: 104 bytes leftover after parsing attributes in process `syz.0.10563'.
[  467.557023][T28253] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10568'.
[  467.608667][T28253] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10568'.
[  467.639923][T28253] netlink: 'syz.4.10568': attribute type 1 has an invalid length.
[  467.679355][T28253] nbd: error processing sock list
[  468.605923][T28321] netem: change failed
[  468.610068][T28322] netlink: 10 bytes leftover after parsing attributes in process `syz.0.10600'.
[  468.956165][T28345] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10611'.
[  469.271061][T28366] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10622'.
[  469.397615][T28374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10626'.
[  469.789607][T28404] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[  469.801734][T28404] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[  470.244917][T28435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10653'.
[  470.639514][T28461] netlink: 100 bytes leftover after parsing attributes in process `syz.3.10667'.
[  470.931671][T28484] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  471.093797][   T30] audit: type=1804 audit(1751364146.500:2): pid=28490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.10680" name="/newroot/2124/cgroup.controllers" dev="tmpfs" ino=10663 res=1 errno=0
[  471.131316][   T30] audit: type=1800 audit(1751364146.500:3): pid=28490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.10680" name="cgroup.controllers" dev="tmpfs" ino=10663 res=0 errno=0
[  471.476934][T28515] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  471.488923][T28515] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  471.737401][T28523] bridge0: port 3(gretap0) entered disabled state
[  471.822494][T28523] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.829989][T28523] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.909125][T28523] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  472.087869][T28550] vxcan1: entered allmulticast mode
[  472.093804][T28550] vxcan1: left allmulticast mode
[  472.320114][T28560] __nla_validate_parse: 3 callbacks suppressed
[  472.320133][T28560] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10708'.
[  472.498097][T28573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10715'.
[  472.518997][T28573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10715'.
[  473.401444][T28632] netlink: 'syz.2.10742': attribute type 4 has an invalid length.
[  473.494543][T28637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10744'.
[  473.607446][T28644] netlink: 'syz.4.10748': attribute type 58 has an invalid length.
[  473.626851][T28644] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10748'.
[  474.044482][T28672] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10762'.
[  474.527344][T28706] netlink: 'syz.1.10777': attribute type 1 has an invalid length.
[  474.549514][T28706] netlink: 172 bytes leftover after parsing attributes in process `syz.1.10777'.
[  474.566382][T28706] netlink: 'syz.1.10777': attribute type 1 has an invalid length.
[  474.776514][T28718] netlink: 52 bytes leftover after parsing attributes in process `syz.0.10784'.
[  475.150785][T28734] netlink: 48 bytes leftover after parsing attributes in process `syz.0.10792'.
[  475.269580][T28736] xt_CT: No such helper "snmp"
[  475.410966][T28750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10799'.
[  475.688361][T28758] bond0 (unregistering): Released all slaves
[  476.942326][T28847] team0: Device gtp0 is up. Set it down before adding it as a team port
[  477.524318][T28887] __nla_validate_parse: 3 callbacks suppressed
[  477.524336][T28887] netlink: 100 bytes leftover after parsing attributes in process `syz.2.10861'.
[  477.932933][T28916] macvtap1: entered allmulticast mode
[  477.940289][T28916] veth0_macvtap: entered allmulticast mode
[  478.420681][T28939] netlink: 92 bytes leftover after parsing attributes in process `syz.3.10886'.
[  478.462970][T28941] netlink: 'syz.4.10889': attribute type 1 has an invalid length.
[  478.493869][T28941] netlink: 172 bytes leftover after parsing attributes in process `syz.4.10889'.
[  478.557430][T28947] netlink: 104 bytes leftover after parsing attributes in process `syz.3.10891'.
[  478.638637][T28949] netlink: 104 bytes leftover after parsing attributes in process `syz.0.10892'.
[  478.690033][T28955] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10895'.
[  478.828911][T28961] netlink: 576 bytes leftover after parsing attributes in process `syz.4.10897'.
[  479.061390][T28971] netlink: 'syz.2.10902': attribute type 2 has an invalid length.
[  479.094618][T28973] unknown channel width for channel at 909000KHz?
[  479.199105][T28979] netlink: 'syz.3.10907': attribute type 21 has an invalid length.
[  479.239002][T28979] netlink: 128 bytes leftover after parsing attributes in process `syz.3.10907'.
[  479.264054][T28979] netlink: 'syz.3.10907': attribute type 4 has an invalid length.
[  479.280066][T28979] netlink: 'syz.3.10907': attribute type 5 has an invalid length.
[  479.290498][T28986] netlink: 'syz.3.10907': attribute type 21 has an invalid length.
[  479.333828][T28979] netlink: 3 bytes leftover after parsing attributes in process `syz.3.10907'.
[  479.346397][T28986] netlink: 128 bytes leftover after parsing attributes in process `syz.3.10907'.
[  479.382206][T28986] netlink: 'syz.3.10907': attribute type 4 has an invalid length.
[  479.404569][T28986] netlink: 'syz.3.10907': attribute type 5 has an invalid length.
[  479.430677][T28992] netlink: 'syz.0.10913': attribute type 1 has an invalid length.
[  479.831404][T29021] openvswitch: netlink: VXLAN extension message has 3 unknown bytes.
[  480.474909][T29065] veth0: entered promiscuous mode
[  480.494232][T29064] veth0: left promiscuous mode
[  480.919511][T29092] bond0: entered promiscuous mode
[  480.927932][T29092] bond0: entered allmulticast mode
[  480.934516][T29092] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.062526][T29092] bond0 (unregistering): Released all slaves
[  482.318938][T29179] sch_fq: defrate 0 ignored.
[  483.136317][T29236] tipc: Started in network mode
[  483.154164][T29236] tipc: Node identity , cluster identity 4711
[  483.471628][T29251] __nla_validate_parse: 7 callbacks suppressed
[  483.471645][T29251] netlink: 232 bytes leftover after parsing attributes in process `syz.1.11035'.
[  483.533055][T29253] openvswitch: netlink: IPv4 tunnel dst address is zero
[  483.816950][T29268] netlink: 52 bytes leftover after parsing attributes in process `syz.2.11043'.
[  483.847718][T29268] netlink: 52 bytes leftover after parsing attributes in process `syz.2.11043'.
[  483.986215][T29275] netlink: 104 bytes leftover after parsing attributes in process `syz.3.11047'.
[  484.362195][T29291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11054'.
[  485.090508][T29332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11072'.
[  485.236958][T29339] netlink: 'syz.0.11075': attribute type 5 has an invalid length.
[  485.901255][T29373] netlink: 'syz.3.11091': attribute type 83 has an invalid length.
[  485.977208][T29375] netlink: 'syz.1.11092': attribute type 1 has an invalid length.
[  485.997104][T29375] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11092'.
[  487.256631][T29444] netlink: 'syz.0.11124': attribute type 1 has an invalid length.
[  487.278256][T29444] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11124'.
[  487.408448][T29452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11129'.
[  489.233983][T29558] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11175'.
[  489.256436][T29558] netlink: 10 bytes leftover after parsing attributes in process `syz.4.11175'.
[  490.131599][T29602] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11194'.
[  490.414579][T29618] netem: change failed
[  491.111233][T29657] netlink: 'syz.1.11218': attribute type 11 has an invalid length.
[  491.275202][T29668] netlink: 236 bytes leftover after parsing attributes in process `syz.4.11220'.
[  491.317371][T29670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11224'.
[  491.391558][T29672] netlink: 'syz.2.11225': attribute type 83 has an invalid length.
[  491.637903][T29684] netlink: 165 bytes leftover after parsing attributes in process `syz.3.11233'.
[  491.733671][T29691] xt_bpf: check failed: parse error
[  492.035716][T29711] batman_adv: batadv0: Adding interface: ipvlan2
[  492.053216][T29711] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  492.080436][T29711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.097630][T29711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.108698][T29711] batman_adv: batadv0: Interface activated: ipvlan2
[  492.269300][T29726] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11251'.
[  492.341255][T29733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11254'.
[  492.632797][T29752] netlink: 'syz.1.11261': attribute type 4 has an invalid length.
[  492.642746][T29755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11263'.
[  492.865981][T29767] netlink: 'syz.2.11270': attribute type 83 has an invalid length.
[  493.357879][T29801] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11285'.
[  494.322114][T29859] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  494.383806][T29864] tap0: tun_chr_ioctl cmd 1074025676
[  494.397513][T29864] tap0: owner set to 0
[  494.518644][T29872] netlink: 'syz.4.11318': attribute type 1 has an invalid length.
[  494.545498][T29872] __nla_validate_parse: 1 callbacks suppressed
[  494.545515][T29872] netlink: 224 bytes leftover after parsing attributes in process `syz.4.11318'.
[  494.722943][T29885] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  495.179096][T29910] netlink: 32 bytes leftover after parsing attributes in process `syz.0.11340'.
[  495.217832][T29915] netlink: 16 bytes leftover after parsing attributes in process `syz.4.11338'.
[  495.878053][T29961] netlink: 160 bytes leftover after parsing attributes in process `syz.4.11358'.
[  496.000618][T29969] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.796273][T30022] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11387'.
[  497.215986][T30046] netlink: 176 bytes leftover after parsing attributes in process `syz.2.11398'.
[  497.241990][T30046] netlink: 176 bytes leftover after parsing attributes in process `syz.2.11398'.
[  497.248936][T30049] netlink: 'syz.0.11399': attribute type 83 has an invalid length.
[  497.465236][T30064] netlink: 'syz.0.11406': attribute type 2 has an invalid length.
[  498.335863][T30112] netlink: 'syz.4.11428': attribute type 1 has an invalid length.
[  498.353716][T30112] netlink: 'syz.4.11428': attribute type 3 has an invalid length.
[  498.361564][T30112] netlink: 216 bytes leftover after parsing attributes in process `syz.4.11428'.
[  498.374677][T30116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11430'.
[  498.400038][T30112] NCSI netlink: No device for ifindex 813332851
[  498.498270][T30118] netlink: 'syz.4.11431': attribute type 28 has an invalid length.
[  498.573891][T30118] netlink: 'syz.4.11431': attribute type 3 has an invalid length.
[  498.627436][T30118] netlink: 132 bytes leftover after parsing attributes in process `syz.4.11431'.
[  499.560619][T30172] __nla_validate_parse: 1 callbacks suppressed
[  499.560636][T30172] netlink: 152064 bytes leftover after parsing attributes in process `syz.4.11456'.
[  499.596079][T30172] netlink: zone id is out of range
[  499.610998][T30172] netlink: zone id is out of range
[  499.636954][T30172] netlink: zone id is out of range
[  499.646621][T30178] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11458'.
[  499.652339][T30172] netlink: zone id is out of range
[  499.676050][T30172] netlink: zone id is out of range
[  499.681201][T30172] netlink: zone id is out of range
[  499.700595][T30172] netlink: zone id is out of range
[  499.706498][T30172] netlink: zone id is out of range
[  499.722217][T30172] netlink: zone id is out of range
[  499.743900][T30172] netlink: zone id is out of range
[  499.908029][T30193] veth1_macvtap: left promiscuous mode
[  500.302198][T30217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11477'.
[  501.080301][T30259] blkio.reset_stats is deprecated
[  501.442048][T30273] xt_CT: No such helper "snmp"
[  501.739170][T30288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11508'.
[  502.255920][T30324] netlink: 165 bytes leftover after parsing attributes in process `syz.3.11525'.
[  503.578515][T30412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11566'.
[  503.650536][T30417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11565'.
[  504.187447][T30455] netlink: 52 bytes leftover after parsing attributes in process `syz.3.11585'.
[  504.275296][T30460] netlink: 340 bytes leftover after parsing attributes in process `syz.1.11588'.
[  504.354153][T30464] netlink: 'syz.2.11589': attribute type 1 has an invalid length.
[  504.852408][T30503] netlink: 'syz.3.11606': attribute type 1 has an invalid length.
[  504.876003][T30503] netlink: 172 bytes leftover after parsing attributes in process `syz.3.11606'.
[  504.889386][T30507] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11608'.
[  505.552241][T30540] 8021q: adding VLAN 0 to HW filter on device bond4
[  505.563614][T30540] bond0: (slave bond4): Enslaving as an active interface with an up link
[  506.177402][T30582] netlink: 71 bytes leftover after parsing attributes in process `syz.2.11644'.
[  506.437958][T30589] sctp: [Deprecated]: syz.4.11647 (pid 30589) Use of int in maxseg socket option.
[  506.437958][T30589] Use struct sctp_assoc_value instead
[  506.690345][T30603] tap0: tun_chr_ioctl cmd 1074025672
[  506.702104][T30603] tap0: ignored: set checksum disabled
[  506.729190][T30610] netlink: 'syz.2.11655': attribute type 2 has an invalid length.
[  506.744783][T30610] netlink: 84 bytes leftover after parsing attributes in process `syz.2.11655'.
[  506.866275][T30614] bridge: RTM_NEWNEIGH with invalid state 0x8
[  506.961515][T30620] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11660'.
[  507.123600][T30628] netlink: 104 bytes leftover after parsing attributes in process `syz.4.11664'.
[  507.273848][T30634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11667'.
[  507.365554][T30640] netlink: 'syz.1.11670': attribute type 83 has an invalid length.
[  507.439173][T30644] bridge4: entered promiscuous mode
[  507.446789][T30644] bridge4: entered allmulticast mode
[  507.503396][T30651] bridge0: entered allmulticast mode
[  507.574256][   T36] wlan1: Trigger new scan to find an IBSS to join
[  507.667160][T30656] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0
[  507.689319][T30661] ip6gre1: entered allmulticast mode
[  508.489556][T30715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11707'.
[  508.524203][T30715] vlan4: entered allmulticast mode
[  508.885402][T30740] siw: device registration error -23
[  509.203493][T30763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11725'.
[  509.491173][T30780] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11735'.
[  509.917796][T30802] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11745'.
[  509.973988][T30802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11745'.
[  510.003911][T30808] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11750'.
[  510.018665][T30808] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11750'.
[  510.104294][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  510.112289][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  510.135390][ T5955] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  510.363310][ T5955] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  510.539151][ T3500] wlan1: Trigger new scan to find an IBSS to join
[  511.013321][T28539] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  511.166025][T30890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11782'.
[  511.520072][T30905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11790'.
[  511.550181][T30905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11790'.
[  511.583692][T30905] bridge0: port 1(vlan3) entered blocking state
[  511.598281][T30905] bridge0: port 1(vlan3) entered disabled state
[  511.606305][T30905] vlan3: entered allmulticast mode
[  511.620716][T30905] vlan3: left allmulticast mode
[  512.403912][T30950] netlink: 108 bytes leftover after parsing attributes in process `syz.0.11808'.
[  512.516955][T30957] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11809'.
[  513.540122][T31007] net_ratelimit: 220 callbacks suppressed
[  513.540140][T31007] openvswitch: netlink: Multiple metadata blocks provided
[  513.573279][   T36] wlan1: Trigger new scan to find an IBSS to join
[  514.140479][T31038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11846'.
[  514.293260][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  514.482518][ T3525] wlan1: Creating new IBSS network, BSSID e6:e6:5f:f2:2b:67
[  514.670071][T31074] xfrm2: entered promiscuous mode
[  514.675451][T31074] xfrm2: entered allmulticast mode
[  514.690815][T31076] IPv6: NLM_F_CREATE should be specified when creating new route
[  514.797507][T31079] tipc: Started in network mode
[  514.809179][T31079] tipc: Node identity ac14140f, cluster identity 4711
[  514.817075][T31079] tipc: New replicast peer: 255.255.255.255
[  514.823559][T31079] tipc: Enabled bearer <udp:syz2>, priority 10
[  515.404986][T31119] __nla_validate_parse: 4 callbacks suppressed
[  515.405006][T31119] netlink: 232 bytes leftover after parsing attributes in process `syz.4.11884'.
[  515.574252][T31130] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  515.776051][T31139] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.11894'.
[  515.943400][ T5955] tipc: Node number set to 2886997007
[  516.179756][T31159] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.11901'.
[  516.358610][T31169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11905'.
[  516.474599][T31174] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11909'.
[  516.610992][T31184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11912'.
[  516.963534][T31204] openvswitch: netlink: IPv4 tun info is not correct
[  517.370357][T31234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11936'.
[  517.394994][T31232] netlink: 36 bytes leftover after parsing attributes in process `syz.4.11935'.
[  517.461337][T31234] macvtap2: entered promiscuous mode
[  517.471297][T31234] macvtap2: entered allmulticast mode
[  517.480575][T31236] veth0: entered promiscuous mode
[  517.501006][T31239] veth0: left promiscuous mode
[  517.607923][T31243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11940'.
[  517.617873][T31245] netlink: 'syz.3.11941': attribute type 5 has an invalid length.
[  517.676321][T31248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11943'.
[  517.872425][T31262] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  519.331621][T31336] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  520.848329][T31430] __nla_validate_parse: 10 callbacks suppressed
[  520.848348][T31430] netlink: 84 bytes leftover after parsing attributes in process `syz.1.12021'.
[  520.885349][T31435] netlink: 'syz.3.12024': attribute type 1 has an invalid length.
[  520.899014][T31435] netlink: 212 bytes leftover after parsing attributes in process `syz.3.12024'.
[  520.915791][T31435] netlink: 'syz.3.12024': attribute type 1 has an invalid length.
[  521.065134][T31444] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12029'.
[  521.073204][   T30] audit: type=1107 audit(1751364196.480:4): pid=31441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  521.185586][T31451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12032'.
[  521.486387][T31465] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12039'.
[  521.554092][T31469] netlink: 104 bytes leftover after parsing attributes in process `syz.0.12041'.
[  522.378876][T31515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12063'.
[  522.587692][T31524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12067'.
[  522.816955][T31535] netlink: 'syz.2.12071': attribute type 1 has an invalid length.
[  522.877670][T31535] netlink: 172 bytes leftover after parsing attributes in process `syz.2.12071'.
[  522.933282][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  523.520078][T31574] sch_fq: defrate 0 ignored.
[  524.334971][T31629] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12114'.
[  526.932251][T31802] __nla_validate_parse: 2 callbacks suppressed
[  526.932277][T31802] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12191'.
[  527.360665][T31830] netlink: 1044 bytes leftover after parsing attributes in process `syz.0.12202'.
[  527.692121][T31852] netlink: 212296 bytes leftover after parsing attributes in process `syz.0.12211'.
[  527.747311][T31855] netlink: 188 bytes leftover after parsing attributes in process `syz.4.12213'.
[  528.096099][T31871] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.12219'.
[  528.862922][T31931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12246'.
[  528.947476][T31934] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12248'.
[  528.985474][T31937] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12249'.
[  529.266850][T31955] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.12256'.
[  530.324122][T32027] netlink: 'syz.2.12287': attribute type 4 has an invalid length.
[  530.452068][T32034] bridge_slave_0: invalid flags given to default FDB implementation
[  531.073953][T32075] veth0: entered promiscuous mode
[  531.091796][T32074] veth0: left promiscuous mode
[  532.331752][T32158] netlink: 'syz.0.12343': attribute type 10 has an invalid length.
[  534.313815][T32244] netlink: 'syz.0.12373': attribute type 18 has an invalid length.
[  534.429045][T32250] team0: No ports can be present during mode change
[  534.865739][T32268] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.12383'.
[  535.078358][T32287] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12391'.
[  535.315306][T32287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12391'.
[  535.402481][T32302] netlink: 'syz.1.12395': attribute type 29 has an invalid length.
[  535.438836][T32302] netlink: 'syz.1.12395': attribute type 29 has an invalid length.
[  535.525676][T32302] netlink: 'syz.1.12395': attribute type 29 has an invalid length.
[  535.535649][T32302] netlink: 'syz.1.12395': attribute type 29 has an invalid length.
[  535.920606][T32333] netlink: 36 bytes leftover after parsing attributes in process `syz.3.12407'.
[  537.035669][T32399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12433'.
[  537.242535][T32408] netlink: 'syz.3.12436': attribute type 1 has an invalid length.
[  537.289730][T32408] netlink: 'syz.3.12436': attribute type 10 has an invalid length.
[  537.309340][T32408] netlink: 236 bytes leftover after parsing attributes in process `syz.3.12436'.
[  538.500220][T32472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12459'.
[  538.575472][T32478] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12461'.
[  538.614481][T32478] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12461'.
[  538.752991][T32486] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12464'.
[  540.122271][T32566] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.213218][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  541.022752][T30742] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  541.034435][T30742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  541.042185][T30742] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  541.052011][T30742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  541.060798][T30742] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  541.322135][T32620] __nla_validate_parse: 1 callbacks suppressed
[  541.322152][T32620] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.12519'.
[  541.710469][T32627] syzkaller1: entered promiscuous mode
[  541.734145][T32627] syzkaller1: entered allmulticast mode
[  541.833577][T32634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12525'.
[  542.395875][T32608] chnl_net:caif_netlink_parms(): no params data found
[  542.798234][T32608] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.813401][T32608] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.821713][T32608] bridge_slave_0: entered allmulticast mode
[  542.840828][T32608] bridge_slave_0: entered promiscuous mode
[  542.887696][T32608] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.908050][T32608] bridge0: port 2(bridge_slave_1) entered disabled state
[  542.926037][T32608] bridge_slave_1: entered allmulticast mode
[  542.948563][T32608] bridge_slave_1: entered promiscuous mode
[  543.086447][T32608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  543.096609][   T51] Bluetooth: hci2: command tx timeout
[  543.106198][T32705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12552'.
[  543.166259][T32608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  543.289637][T32608] team0: Port device team_slave_0 added
[  543.361394][T32608] team0: Port device team_slave_1 added
[  543.510850][T32720] syzkaller1: entered promiscuous mode
[  543.521065][T32720] syzkaller1: entered allmulticast mode
[  543.544831][T32608] batman_adv: batadv0: Adding interface: batadv_slave_0
[  543.555956][T32608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  543.594375][T32608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  543.627372][T32608] batman_adv: batadv0: Adding interface: batadv_slave_1
[  543.641134][T32608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  543.768015][T32608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  543.879760][T32738] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12558'.
[  543.933665][T32738] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12558'.
[  544.332835][T32608] hsr_slave_0: entered promiscuous mode
[  544.363874][T32608] hsr_slave_1: entered promiscuous mode
[  544.382686][T32608] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  544.403964][T32608] Cannot create hsr debugfs directory
[  544.810853][T32608] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.853847][T32608] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  544.979797][T32608] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.018103][T32608] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  545.077944][T32761] veth0: entered promiscuous mode
[  545.105943][T32761] veth0: left promiscuous mode
[  545.174000][   T51] Bluetooth: hci2: command tx timeout
[  545.181901][T32608] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.225019][T32608] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  545.330542][T32608] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.363116][T32608] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  545.826983][T32608] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  545.868714][T32608] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  545.904086][T32608] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  545.932559][T32608] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  546.060774][  T314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12575'.
[  546.310666][T32608] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.395641][T32608] 8021q: adding VLAN 0 to HW filter on device team0
[  546.411225][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.418405][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  546.456700][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.463880][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  546.613741][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  546.892923][T32608] 8021q: adding VLAN 0 to HW filter on device batadv0
[  547.021265][T32608] veth0_vlan: entered promiscuous mode
[  547.062144][T32608] veth1_vlan: entered promiscuous mode
[  547.152406][T32608] veth0_macvtap: entered promiscuous mode
[  547.167211][T32608] veth1_macvtap: entered promiscuous mode
[  547.188977][  T359] netlink: 'syz.1.12595': attribute type 4 has an invalid length.
[  547.201117][T32608] batman_adv: batadv0: Interface activated: batadv_slave_0
[  547.235672][T32608] batman_adv: batadv0: Interface activated: batadv_slave_1
[  547.255313][   T51] Bluetooth: hci2: command tx timeout
[  547.264871][T32608] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  547.279703][T32608] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  547.290869][T32608] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  547.312414][T32608] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  548.345503][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.380435][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.461343][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.480234][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.518922][  T395] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  548.582727][  T395] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[  549.140044][  T430] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  549.212166][ T3500] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.755260][ T3500] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.019732][ T3500] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.071949][T30742] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  550.089203][T30742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  550.098302][T30742] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  550.106800][T30742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  550.122596][T30742] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  550.167131][ T3500] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.317993][  T478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12648'.
[  550.327914][  T478] netlink: 'syz.1.12648': attribute type 7 has an invalid length.
[  550.336626][  T478] netlink: 'syz.1.12648': attribute type 8 has an invalid length.
[  550.345155][  T478] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12648'.
[  550.438204][ T3500] bridge_slave_1: left allmulticast mode
[  550.467616][ T3500] bridge_slave_1: left promiscuous mode
[  550.484028][ T3500] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.544287][ T3500] bridge_slave_0: left allmulticast mode
[  550.574818][ T3500] bridge_slave_0: left promiscuous mode
[  550.580690][ T3500] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.166379][ T3500] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  551.178530][ T3500] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  551.189742][ T3500] bond0 (unregistering): Released all slaves
[  551.769453][  T517] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12662'.
[  551.790220][  T517] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12662'.
[  552.219323][T30742] Bluetooth: hci2: command tx timeout
[  552.278773][  T543] netlink: 'syz.1.12670': attribute type 1 has an invalid length.
[  552.797219][  T471] chnl_net:caif_netlink_parms(): no params data found
[  553.159715][  T576] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.12679'.
[  553.491768][  T471] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.513958][  T471] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.521151][  T471] bridge_slave_0: entered allmulticast mode
[  553.551698][  T471] bridge_slave_0: entered promiscuous mode
[  553.563613][  T590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12686'.
[  553.656800][  T471] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.671411][  T471] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.679557][  T471] bridge_slave_1: entered allmulticast mode
[  553.687940][  T471] bridge_slave_1: entered promiscuous mode
[  553.700495][ T3500] hsr_slave_0: left promiscuous mode
[  553.712030][ T3500] hsr_slave_1: left promiscuous mode
[  553.730443][ T3500] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  553.750814][ T3500] batman_adv: batadv0: Removing interface: batadv_slave_0
[  553.761940][ T3500] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  553.777024][ T3500] batman_adv: batadv0: Removing interface: batadv_slave_1
[  553.820207][ T3500] veth1_macvtap: left promiscuous mode
[  553.830198][ T3500] veth0_macvtap: left promiscuous mode
[  553.839076][ T3500] veth1_vlan: left promiscuous mode
[  553.847786][ T3500] veth0_vlan: left promiscuous mode
[  554.298483][T30742] Bluetooth: hci2: command tx timeout
[  554.458956][ T3500] team0 (unregistering): Port device team_slave_1 removed
[  554.497996][ T3500] team0 (unregistering): Port device team_slave_0 removed
[  554.967162][  T471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.107559][  T471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.145214][  T626] netlink: 'syz.1.12694': attribute type 4 has an invalid length.
[  555.319166][  T471] team0: Port device team_slave_0 added
[  555.383006][  T471] team0: Port device team_slave_1 added
[  555.601043][  T471] batman_adv: batadv0: Adding interface: batadv_slave_0
[  555.626580][  T471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.715755][  T471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  555.747783][  T471] batman_adv: batadv0: Adding interface: batadv_slave_1
[  555.777054][  T471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.823628][  T471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  556.080563][   T30] audit: type=1800 audit(1751364231.490:5): pid=641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.12698" name="cgroup.controllers" dev="tmpfs" ino=13016 res=0 errno=0
[  556.337478][  T663] netlink: 'syz.4.12704': attribute type 4 has an invalid length.
[  556.373755][T30742] Bluetooth: hci2: command tx timeout
[  556.446274][  T471] hsr_slave_0: entered promiscuous mode
[  556.457922][  T471] hsr_slave_1: entered promiscuous mode
[  556.466342][  T471] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  556.475310][  T471] Cannot create hsr debugfs directory
[  556.726911][  T674] netlink: 'syz.4.12709': attribute type 29 has an invalid length.
[  556.778383][  T674] netlink: 'syz.4.12709': attribute type 29 has an invalid length.
[  556.834066][  T680] netlink: 500 bytes leftover after parsing attributes in process `syz.4.12709'.
[  557.068612][  T690] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.12714'.
[  557.701122][  T721] netlink: 'syz.4.12724': attribute type 1 has an invalid length.
[  557.746589][  T721] bond1: entered promiscuous mode
[  557.755288][  T721] 8021q: adding VLAN 0 to HW filter on device bond1
[  557.794239][  T724] 8021q: adding VLAN 0 to HW filter on device bond2
[  557.804342][  T724] bond1: (slave bond2): making interface the new active one
[  557.811799][  T724] bond2: entered promiscuous mode
[  557.818406][  T724] bond1: (slave bond2): Enslaving as an active interface with an up link
[  557.856440][  T471] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  557.881725][  T471] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  557.907165][  T471] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  557.928315][  T471] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  558.237373][  T471] 8021q: adding VLAN 0 to HW filter on device bond0
[  558.325714][  T471] 8021q: adding VLAN 0 to HW filter on device team0
[  558.351135][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.358401][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  558.404759][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.412003][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  558.454115][T30742] Bluetooth: hci2: command tx timeout
[  558.493516][  T754] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12735'.
[  558.550661][  T471] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  558.602642][  T471] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  559.248532][  T471] 8021q: adding VLAN 0 to HW filter on device batadv0
[  559.370438][  T471] veth0_vlan: entered promiscuous mode
[  559.401041][  T471] veth1_vlan: entered promiscuous mode
[  559.498159][  T471] veth0_macvtap: entered promiscuous mode
[  559.519956][  T471] veth1_macvtap: entered promiscuous mode
[  559.600343][  T471] batman_adv: batadv0: Interface activated: batadv_slave_0
[  559.656154][  T471] batman_adv: batadv0: Interface activated: batadv_slave_1
[  559.686061][  T471] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  559.712039][  T471] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  559.741099][  T471] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  559.762799][  T471] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.137380][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.158450][  T839] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  560.168425][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.260984][  T846] openvswitch: netlink: IPv4 tun info is not correct
[  560.367752][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.397395][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.155265][  T887] netlink: 27 bytes leftover after parsing attributes in process `syz.1.12778'.
[  561.430881][ T1518] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.552897][ T1518] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.727263][ T1518] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  562.016380][ T1518] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  562.411966][ T1518] bridge_slave_1: left allmulticast mode
[  562.436726][ T1518] bridge_slave_1: left promiscuous mode
[  562.467241][ T1518] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.483685][  T955] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12793'.
[  562.511789][ T1518] bridge_slave_0: left allmulticast mode
[  562.543795][ T1518] bridge_slave_0: left promiscuous mode
[  562.557516][ T1518] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.589122][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  562.602829][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  562.617085][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  562.635306][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  562.644265][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  563.211627][ T1518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  563.247198][ T1518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  563.282282][ T1518] bond0 (unregistering): Released all slaves
[  563.657536][  T990] netlink: 'syz.3.12799': attribute type 17 has an invalid length.
[  563.683787][  T990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12799'.
[  563.704200][  T990] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12799'.
[  564.319857][ T1023] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12808'.
[  564.366945][ T1023] gtp1: entered promiscuous mode
[  564.382438][ T1023] gtp1: entered allmulticast mode
[  564.579184][ T1030] syzkaller1: entered promiscuous mode
[  564.600245][ T1030] syzkaller1: entered allmulticast mode
[  564.612956][ T1033] netlink: 104 bytes leftover after parsing attributes in process `syz.4.12810'.
[  564.703210][   T51] Bluetooth: hci2: command tx timeout
[  564.802643][ T1036] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  564.908949][ T1040] netlink: 'syz.1.12813': attribute type 29 has an invalid length.
[  564.927770][ T1046] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12812'.
[  564.991560][ T1040] netlink: 'syz.1.12813': attribute type 29 has an invalid length.
[  565.035387][ T1040] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12813'.
[  565.087803][ T1518] hsr_slave_0: left promiscuous mode
[  565.130183][ T1518] hsr_slave_1: left promiscuous mode
[  565.150378][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  565.184695][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.202804][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  565.225236][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_1
[  565.305571][ T1518] veth1_macvtap: left promiscuous mode
[  565.311277][ T1518] veth0_macvtap: left promiscuous mode
[  565.338081][ T1518] veth1_vlan: left promiscuous mode
[  565.348504][ T1518] veth0_vlan: left promiscuous mode
[  565.819324][ T1518] team0 (unregistering): Port device team_slave_1 removed
[  565.855656][ T1518] team0 (unregistering): Port device team_slave_0 removed
[  566.609525][  T958] chnl_net:caif_netlink_parms(): no params data found
[  566.776065][   T51] Bluetooth: hci2: command tx timeout
[  567.100461][  T958] bridge0: port 1(bridge_slave_0) entered blocking state
[  567.117034][  T958] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.149408][  T958] bridge_slave_0: entered allmulticast mode
[  567.180186][  T958] bridge_slave_0: entered promiscuous mode
[  567.228521][  T958] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.251240][  T958] bridge0: port 2(bridge_slave_1) entered disabled state
[  567.270190][  T958] bridge_slave_1: entered allmulticast mode
[  567.288144][  T958] bridge_slave_1: entered promiscuous mode
[  567.371234][  T958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  567.391471][  T958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  567.470045][  T958] team0: Port device team_slave_0 added
[  567.492728][  T958] team0: Port device team_slave_1 added
[  567.599083][  T958] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.611393][  T958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.639799][  T958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.650969][ T1156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12849'.
[  567.672775][  T958] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.689605][  T958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.753953][  T958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  567.917710][  T958] hsr_slave_0: entered promiscuous mode
[  567.935854][  T958] hsr_slave_1: entered promiscuous mode
[  567.942095][  T958] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  567.970953][  T958] Cannot create hsr debugfs directory
[  568.625733][ T1205] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.12867'.
[  568.854205][   T51] Bluetooth: hci2: command tx timeout
[  569.587310][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  569.593223][  T958] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  569.615454][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  569.651967][  T958] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  569.701472][  T958] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  569.750802][  T958] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  570.084304][  T958] 8021q: adding VLAN 0 to HW filter on device bond0
[  570.130590][  T958] 8021q: adding VLAN 0 to HW filter on device team0
[  570.189195][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.196485][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.247778][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.254961][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.934175][   T51] Bluetooth: hci2: command tx timeout
[  571.027364][  T958] 8021q: adding VLAN 0 to HW filter on device batadv0
[  571.207955][  T958] veth0_vlan: entered promiscuous mode
[  571.255583][  T958] veth1_vlan: entered promiscuous mode
[  571.429408][  T958] veth0_macvtap: entered promiscuous mode
[  571.480921][  T958] veth1_macvtap: entered promiscuous mode
[  571.571108][  T958] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.602595][  T958] batman_adv: batadv0: Interface activated: batadv_slave_1
[  571.652740][  T958] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.676674][  T958] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.696294][  T958] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.717453][  T958] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.869061][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.892186][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.942196][ T1379] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.12922'.
[  571.999337][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  572.020440][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.141880][ T1385] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12924'.
[  572.533405][ T3525] wlan1: Trigger new scan to find an IBSS to join
[  573.451210][ T1397] netlink: 'syz.4.12927': attribute type 2 has an invalid length.
[  574.134278][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  574.238361][ T1417] netlink: 'syz.1.12929': attribute type 4 has an invalid length.
[  574.320072][ T1421] netlink: 'syz.2.12930': attribute type 39 has an invalid length.
[  574.626092][T30742] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  574.639934][T30742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  574.652211][T30742] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  574.666137][T30742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  574.678412][T30742] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  575.536525][ T3561] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.579279][ T3500] wlan1: Trigger new scan to find an IBSS to join
[  575.659810][ T1440] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.12937'.
[  575.862972][ T3561] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.397858][ T3561] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.429960][ T1474] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.12954'.
[  576.627042][ T3561] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.773884][   T51] Bluetooth: hci2: command tx timeout
[  577.298069][ T3561] bridge_slave_1: left allmulticast mode
[  577.337034][ T3561] bridge_slave_1: left promiscuous mode
[  577.342901][ T3561] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.466468][ T3561] bridge_slave_0: left allmulticast mode
[  577.472309][ T3561] bridge_slave_0: left promiscuous mode
[  577.547800][ T3561] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.781320][ T1520] sctp: [Deprecated]: syz.3.12969 (pid 1520) Use of struct sctp_assoc_value in delayed_ack socket option.
[  577.781320][ T1520] Use struct sctp_sack_info instead
[  577.806982][ T1520] sctp: [Deprecated]: syz.3.12969 (pid 1520) Use of struct sctp_assoc_value in delayed_ack socket option.
[  577.806982][ T1520] Use struct sctp_sack_info instead
[  578.311045][ T3561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  578.327286][ T3561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  578.340091][ T3561] bond0 (unregistering): Released all slaves
[  578.362906][ T1504] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  578.387514][ T1504] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  578.400514][ T1504] gretap1: entered promiscuous mode
[  578.412617][ T1504] gretap1: entered allmulticast mode
[  578.486099][ T1429] chnl_net:caif_netlink_parms(): no params data found
[  578.614784][ T1518] wlan1: Trigger new scan to find an IBSS to join
[  578.798156][ T1559] sock: sock_set_timeout: `syz.4.12980' (pid 1559) tries to set negative timeout
[  578.856116][   T51] Bluetooth: hci2: command tx timeout
[  579.010348][ T1429] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.043486][ T1429] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.051202][ T1429] bridge_slave_0: entered allmulticast mode
[  579.125001][ T1429] bridge_slave_0: entered promiscuous mode
[  579.154571][ T1429] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.161804][ T1429] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.192804][ T1429] bridge_slave_1: entered allmulticast mode
[  579.221241][ T1429] bridge_slave_1: entered promiscuous mode
[  579.443758][ T1429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.530745][ T1429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.620569][ T3525] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  579.794269][ T1429] team0: Port device team_slave_0 added
[  579.832389][ T3561] hsr_slave_0: left promiscuous mode
[  579.860955][ T3561] hsr_slave_1: left promiscuous mode
[  579.876827][ T3561] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  579.909797][ T3561] batman_adv: batadv0: Removing interface: batadv_slave_0
[  579.929529][ T3561] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  579.944402][ T3561] batman_adv: batadv0: Removing interface: batadv_slave_1
[  580.007878][ T3561] veth1_macvtap: left promiscuous mode
[  580.014454][ T3561] veth0_macvtap: left promiscuous mode
[  580.020447][ T3561] veth1_vlan: left promiscuous mode
[  580.029192][ T3561] veth0_vlan: left promiscuous mode
[  580.100762][ T1612] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12998'.
[  580.934549][   T51] Bluetooth: hci2: command tx timeout
[  581.100320][ T1644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13006'.
[  581.157349][ T3561] team0 (unregistering): Port device team_slave_1 removed
[  581.204984][ T3561] team0 (unregistering): Port device team_slave_0 removed
[  581.924875][ T1429] team0: Port device team_slave_1 added
[  581.952314][ T1625] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  582.107756][ T1429] batman_adv: batadv0: Adding interface: batadv_slave_0
[  582.120075][ T1429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.148181][ T1429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  582.209295][ T1429] batman_adv: batadv0: Adding interface: batadv_slave_1
[  582.219856][ T1429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  582.267746][ T1429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  582.480453][ T1429] hsr_slave_0: entered promiscuous mode
[  582.512310][ T1429] hsr_slave_1: entered promiscuous mode
[  582.538108][ T1429] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  582.567467][ T1429] Cannot create hsr debugfs directory
[  582.793531][ T1705] syzkaller1: entered promiscuous mode
[  582.809356][ T1705] syzkaller1: entered allmulticast mode
[  582.827295][ T1705] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[  582.961845][ T1710] syzkaller1: entered promiscuous mode
[  582.983647][ T1710] syzkaller1: entered allmulticast mode
[  583.013738][   T51] Bluetooth: hci2: command tx timeout
[  583.268582][ T1721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13022'.
[  583.287263][ T1721] netlink: 'syz.4.13022': attribute type 1 has an invalid length.
[  583.299445][ T1721] netlink: 'syz.4.13022': attribute type 2 has an invalid length.
[  583.668844][ T1739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13029'.
[  583.850417][ T1429] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  583.861638][ T1749] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.13035'.
[  583.887005][ T1429] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  583.940351][ T1429] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  584.000805][ T1429] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  584.147202][ T1768] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  584.342515][ T1429] 8021q: adding VLAN 0 to HW filter on device bond0
[  584.429239][ T1429] 8021q: adding VLAN 0 to HW filter on device team0
[  584.509508][T17024] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.516727][T17024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  584.581384][T17024] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.588569][T17024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  585.199129][ T1429] 8021q: adding VLAN 0 to HW filter on device batadv0
[  585.310689][ T1429] veth0_vlan: entered promiscuous mode
[  585.351467][ T1429] veth1_vlan: entered promiscuous mode
[  585.625794][ T1429] veth0_macvtap: entered promiscuous mode
[  585.667704][ T1429] veth1_macvtap: entered promiscuous mode
[  585.837780][ T1429] batman_adv: batadv0: Interface activated: batadv_slave_0
[  585.869035][ T1429] batman_adv: batadv0: Interface activated: batadv_slave_1
[  585.925697][ T1429] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  585.944113][ T1429] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  585.952855][ T1429] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  586.005258][ T1429] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  586.297200][T17024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.305833][T17024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.375530][ T1872] xt_hashlimit: size too large, truncated to 1048576
[  586.419338][T17024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.444327][T17024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.145437][ T1902] netlink: 'syz.1.13087': attribute type 4 has an invalid length.
[  587.328670][ T1518] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.522241][ T1518] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.659704][ T1518] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.762451][ T1518] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.999101][ T1518] bridge_slave_1: left allmulticast mode
[  588.010993][ T1518] bridge_slave_1: left promiscuous mode
[  588.016922][ T1518] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.043794][ T1933] xt_hashlimit: size too large, truncated to 1048576
[  588.094784][ T1518] bridge_slave_0: left allmulticast mode
[  588.118726][ T1518] bridge_slave_0: left promiscuous mode
[  588.138365][ T1518] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.157328][ T1939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13089'.
[  588.801799][T30742] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  588.820163][T30742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  588.829100][T30742] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  588.838262][T30742] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  588.848657][T30742] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  588.933839][ T1963] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.13097'.
[  589.133413][ T1518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  589.150392][ T1518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  589.175489][ T1518] bond0 (unregistering): Released all slaves
[  590.095350][ T2010] netlink: 'syz.4.13112': attribute type 29 has an invalid length.
[  590.934116][   T51] Bluetooth: hci2: command tx timeout
[  591.098805][ T2040] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13120'.
[  591.262900][ T1518] hsr_slave_0: left promiscuous mode
[  591.313230][ T1518] hsr_slave_1: left promiscuous mode
[  591.319277][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  591.353168][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_0
[  591.381604][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  591.403137][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_1
[  591.427272][ T1518] veth1_macvtap: left promiscuous mode
[  591.432863][ T1518] veth0_macvtap: left promiscuous mode
[  591.438510][ T1518] veth1_vlan: left promiscuous mode
[  591.444162][ T1518] veth0_vlan: left promiscuous mode
[  591.821455][ T1518] team0 (unregistering): Port device team_slave_1 removed
[  591.857128][ T1518] team0 (unregistering): Port device team_slave_0 removed
[  592.189214][ T1955] chnl_net:caif_netlink_parms(): no params data found
[  592.343493][ T2054] netlink: 'syz.4.13127': attribute type 11 has an invalid length.
[  592.374665][ T2057] netlink: 36 bytes leftover after parsing attributes in process `syz.2.13126'.
[  592.709752][ T2075] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.13132'.
[  592.731931][ T1955] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.743289][ T1955] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.778595][ T1955] bridge_slave_0: entered allmulticast mode
[  592.789715][ T1955] bridge_slave_0: entered promiscuous mode
[  592.824148][ T1955] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.831452][ T1955] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.844184][ T1955] bridge_slave_1: entered allmulticast mode
[  592.865273][ T1955] bridge_slave_1: entered promiscuous mode
[  593.024882][   T51] Bluetooth: hci2: command tx timeout
[  593.089974][ T1955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  593.160865][ T1955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  593.328319][ T1955] team0: Port device team_slave_0 added
[  593.377948][ T1955] team0: Port device team_slave_1 added
[  593.545733][ T1955] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.552821][ T1955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.589775][ T1955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.652722][ T1955] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.671093][ T1955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.706688][ T1955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.017056][ T1955] hsr_slave_0: entered promiscuous mode
[  594.041160][ T1955] hsr_slave_1: entered promiscuous mode
[  594.069761][ T1955] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  594.101237][ T1955] Cannot create hsr debugfs directory
[  594.589103][T30742] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  594.598863][T30742] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  594.613712][T30742] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  594.622217][T30742] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  594.630157][T30742] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  594.742738][ T2138] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13151'.
[  595.093991][   T51] Bluetooth: hci2: command tx timeout
[  595.824950][ T2166] syzkaller1: entered promiscuous mode
[  595.836289][ T2166] syzkaller1: entered allmulticast mode
[  596.021493][ T2185] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  596.056469][ T1955] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  596.139038][ T2190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13166'.
[  596.192166][ T1955] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  596.253152][ T1955] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  596.342157][ T1955] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  596.695813][   T51] Bluetooth: hci0: command tx timeout
[  596.718819][ T1955] 8021q: adding VLAN 0 to HW filter on device bond0
[  596.762317][ T2131] chnl_net:caif_netlink_parms(): no params data found
[  596.917943][ T1955] 8021q: adding VLAN 0 to HW filter on device team0
[  597.008005][T17024] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.015295][T17024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  597.100102][ T2131] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.121657][ T2131] bridge0: port 1(bridge_slave_0) entered disabled state
[  597.147939][ T2131] bridge_slave_0: entered allmulticast mode
[  597.169663][ T2131] bridge_slave_0: entered promiscuous mode
[  597.189464][   T51] Bluetooth: hci2: command tx timeout
[  597.204972][T17024] bridge0: port 2(bridge_slave_1) entered blocking state
[  597.212139][T17024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  597.264340][ T2131] bridge0: port 2(bridge_slave_1) entered blocking state
[  597.271571][ T2131] bridge0: port 2(bridge_slave_1) entered disabled state
[  597.302861][ T2131] bridge_slave_1: entered allmulticast mode
[  597.358033][ T2131] bridge_slave_1: entered promiscuous mode
[  597.362851][ T2250] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13181'.
[  597.394560][ T2250] netlink: 'syz.1.13181': attribute type 7 has an invalid length.
[  597.402404][ T2250] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13181'.
[  597.529063][ T2131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  597.586281][ T2131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  597.791478][ T2131] team0: Port device team_slave_0 added
[  597.833907][ T2131] team0: Port device team_slave_1 added
[  598.029129][ T2131] batman_adv: batadv0: Adding interface: batadv_slave_0
[  598.044593][ T2131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.081641][ T2131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  598.108579][ T2131] batman_adv: batadv0: Adding interface: batadv_slave_1
[  598.118476][ T2131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.175083][ T2131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  598.390513][ T2131] hsr_slave_0: entered promiscuous mode
[  598.428897][ T2131] hsr_slave_1: entered promiscuous mode
[  598.464791][ T2131] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  598.488366][ T2131] Cannot create hsr debugfs directory
[  598.778558][   T51] Bluetooth: hci0: command tx timeout
[  598.942932][ T1955] 8021q: adding VLAN 0 to HW filter on device batadv0
[  599.188828][ T1955] veth0_vlan: entered promiscuous mode
[  599.248673][ T1955] veth1_vlan: entered promiscuous mode
[  599.380541][ T1955] veth0_macvtap: entered promiscuous mode
[  599.431133][ T1955] veth1_macvtap: entered promiscuous mode
[  599.492533][ T1955] batman_adv: batadv0: Interface activated: batadv_slave_0
[  599.549459][ T1955] batman_adv: batadv0: Interface activated: batadv_slave_1
[  599.588013][ T1955] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  599.606478][ T1955] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  599.633888][ T1955] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  599.659186][ T1955] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  599.965009][ T2341] syzkaller1: entered promiscuous mode
[  599.984419][ T2341] syzkaller1: entered allmulticast mode
[  600.028989][ T2131] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  600.052247][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.089153][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.119092][ T2131] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  600.166788][ T2131] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  600.204904][ T2131] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  600.303395][T30742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  600.321896][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.344040][T30742] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  600.348059][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.375338][T30742] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  600.390335][T30742] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  600.398112][T30742] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  600.508473][ T2131] 8021q: adding VLAN 0 to HW filter on device bond0
[  600.607678][ T2131] 8021q: adding VLAN 0 to HW filter on device team0
[  600.635430][T17024] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.642671][T17024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  600.681370][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.688608][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  600.790326][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.854561][T30742] Bluetooth: hci0: command tx timeout
[  600.912479][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.077063][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.210412][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.297074][ T2131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.461744][ T2131] veth0_vlan: entered promiscuous mode
[  601.501490][   T36] bridge_slave_1: left allmulticast mode
[  601.507478][   T36] bridge_slave_1: left promiscuous mode
[  601.514310][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.524576][   T36] bridge_slave_0: left allmulticast mode
[  601.530219][   T36] bridge_slave_0: left promiscuous mode
[  601.536737][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.014410][ T2386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13222'.
[  602.050338][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  602.069340][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  602.080832][   T36] bond0 (unregistering): Released all slaves
[  602.156498][ T2131] veth1_vlan: entered promiscuous mode
[  602.215713][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  602.226410][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  602.241261][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  602.256694][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  602.273850][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  602.463935][T30742] Bluetooth: hci3: command tx timeout
[  602.558537][ T2131] veth0_macvtap: entered promiscuous mode
[  602.706351][ T2353] chnl_net:caif_netlink_parms(): no params data found
[  602.743354][ T2131] veth1_macvtap: entered promiscuous mode
[  602.907760][ T2131] batman_adv: batadv0: Interface activated: batadv_slave_0
[  602.933997][T30742] Bluetooth: hci0: command tx timeout
[  603.004527][ T2131] batman_adv: batadv0: Interface activated: batadv_slave_1
[  603.052859][ T2131] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  603.074518][ T2131] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  603.094740][ T2131] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  603.113676][ T2131] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  603.136002][ T2353] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.162221][ T2353] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.193977][ T2353] bridge_slave_0: entered allmulticast mode
[  603.240711][ T2353] bridge_slave_0: entered promiscuous mode
[  603.272954][ T2353] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.310324][ T2353] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.323432][ T2353] bridge_slave_1: entered allmulticast mode
[  603.346060][ T2353] bridge_slave_1: entered promiscuous mode
[  603.467018][ T2353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  603.512870][ T2353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  603.638450][ T2353] team0: Port device team_slave_0 added
[  603.664548][ T2353] team0: Port device team_slave_1 added
[  603.851897][ T2353] batman_adv: batadv0: Adding interface: batadv_slave_0
[  603.878688][ T2353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  603.956854][ T2353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  604.015529][   T36] hsr_slave_0: left promiscuous mode
[  604.026084][   T36] hsr_slave_1: left promiscuous mode
[  604.032173][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  604.046068][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  604.059987][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  604.067647][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  604.120209][   T36] veth1_macvtap: left promiscuous mode
[  604.140218][   T36] veth0_macvtap: left promiscuous mode
[  604.160423][   T36] veth1_vlan: left promiscuous mode
[  604.179267][   T36] veth0_vlan: left promiscuous mode
[  604.293807][T30742] Bluetooth: hci2: command tx timeout
[  604.533686][T30742] Bluetooth: hci3: command tx timeout
[  604.951193][   T36] team0 (unregistering): Port device team_slave_1 removed
[  605.011612][   T36] team0 (unregistering): Port device team_slave_0 removed
[  605.369531][ T2353] batman_adv: batadv0: Adding interface: batadv_slave_1
[  605.380308][ T2353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  605.422684][ T2353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  605.561268][T17024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.585784][T17024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.746411][ T2353] hsr_slave_0: entered promiscuous mode
[  605.789746][ T2353] hsr_slave_1: entered promiscuous mode
[  605.798759][ T2353] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  605.838084][ T2353] Cannot create hsr debugfs directory
[  606.018197][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.042695][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.345324][ T2500] netlink: 'syz.3.13245': attribute type 1 has an invalid length.
[  606.379761][T30742] Bluetooth: hci2: command tx timeout
[  606.385239][ T2500] netlink: 'syz.3.13245': attribute type 2 has an invalid length.
[  606.409681][ T2504] netlink: 'syz.3.13245': attribute type 1 has an invalid length.
[  606.417650][ T2504] netlink: 'syz.3.13245': attribute type 2 has an invalid length.
[  606.590922][ T2353] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.613936][T30742] Bluetooth: hci3: command tx timeout
[  606.694588][ T2389] chnl_net:caif_netlink_parms(): no params data found
[  606.816171][   T64] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.909411][ T2353] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.109621][   T64] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.197343][ T2353] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.229752][ T2529] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13253'.
[  607.284960][   T64] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.330544][ T2353] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.363798][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  607.380861][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  607.393483][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  607.403965][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  607.415734][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  607.455738][   T64] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.484167][ T2389] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.492668][ T2389] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.512358][ T2389] bridge_slave_0: entered allmulticast mode
[  607.528497][ T2389] bridge_slave_0: entered promiscuous mode
[  607.563966][ T2389] bridge0: port 2(bridge_slave_1) entered blocking state
[  607.571135][ T2389] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.602803][ T2389] bridge_slave_1: entered allmulticast mode
[  607.616169][ T2389] bridge_slave_1: entered promiscuous mode
[  607.761205][ T2389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  607.806412][ T2389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  608.002057][ T2389] team0: Port device team_slave_0 added
[  608.010867][ T2389] team0: Port device team_slave_1 added
[  608.219090][   T64] bridge_slave_1: left allmulticast mode
[  608.245493][   T64] bridge_slave_1: left promiscuous mode
[  608.251449][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.302609][   T64] bridge_slave_0: left allmulticast mode
[  608.313749][   T64] bridge_slave_0: left promiscuous mode
[  608.325925][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.453478][T30742] Bluetooth: hci2: command tx timeout
[  608.694704][T30742] Bluetooth: hci3: command tx timeout
[  608.804377][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  608.821013][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  608.832243][   T64] bond0 (unregistering): Released all slaves
[  608.848322][ T2389] batman_adv: batadv0: Adding interface: batadv_slave_0
[  608.864168][ T2389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  608.891656][ T2389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  608.985251][ T2576] syzkaller1: entered promiscuous mode
[  608.990918][ T2576] syzkaller1: entered allmulticast mode
[  608.998116][ T2353] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  609.009407][ T2564] unknown channel width for channel at 909000KHz?
[  609.010115][ T2389] batman_adv: batadv0: Adding interface: batadv_slave_1
[  609.021578][ T2564] unknown channel width for channel at 909000KHz?
[  609.025184][ T2389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  609.056902][ T2389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  609.149586][ T2582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13261'.
[  609.163672][ T2353] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  609.207398][ T2389] hsr_slave_0: entered promiscuous mode
[  609.231625][ T2389] hsr_slave_1: entered promiscuous mode
[  609.242556][ T2389] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  609.254836][ T2389] Cannot create hsr debugfs directory
[  609.267719][ T2353] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  609.412411][ T2353] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  609.499206][T30742] Bluetooth: hci0: command tx timeout
[  609.515063][ T2593] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 1
[  610.204068][   T64] hsr_slave_0: left promiscuous mode
[  610.224002][   T64] hsr_slave_1: left promiscuous mode
[  610.231597][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  610.247935][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  610.268490][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  610.283981][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  610.329497][   T64] veth1_macvtap: left promiscuous mode
[  610.340086][   T64] veth0_macvtap: left promiscuous mode
[  610.346674][   T64] veth1_vlan: left promiscuous mode
[  610.352008][   T64] veth0_vlan: left promiscuous mode
[  610.533723][T30742] Bluetooth: hci2: command tx timeout
[  610.877818][   T64] team0 (unregistering): Port device team_slave_1 removed
[  610.918025][   T64] team0 (unregistering): Port device team_slave_0 removed
[  611.573517][T30742] Bluetooth: hci0: command tx timeout
[  611.586606][ T2543] chnl_net:caif_netlink_parms(): no params data found
[  611.680432][ T2660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13278'.
[  611.891707][ T2543] bridge0: port 1(bridge_slave_0) entered blocking state
[  611.901545][ T2543] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.909649][ T2543] bridge_slave_0: entered allmulticast mode
[  611.920795][ T2543] bridge_slave_0: entered promiscuous mode
[  611.945148][ T2543] bridge0: port 2(bridge_slave_1) entered blocking state
[  611.952320][ T2543] bridge0: port 2(bridge_slave_1) entered disabled state
[  611.979143][ T2543] bridge_slave_1: entered allmulticast mode
[  611.987356][ T2543] bridge_slave_1: entered promiscuous mode
[  612.087486][ T2543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.126235][ T2543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.141124][ T2353] 8021q: adding VLAN 0 to HW filter on device bond0
[  612.186175][ T2543] team0: Port device team_slave_0 added
[  612.226933][ T2543] team0: Port device team_slave_1 added
[  612.241879][ T2353] 8021q: adding VLAN 0 to HW filter on device team0
[  612.250235][ T2389] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  612.304984][ T2543] batman_adv: batadv0: Adding interface: batadv_slave_0
[  612.311942][ T2543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.338479][ T2543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  612.357171][ T2389] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  612.372820][ T2389] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  612.394903][ T2389] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  612.414831][ T2543] batman_adv: batadv0: Adding interface: batadv_slave_1
[  612.421796][ T2543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.448167][ T2543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  612.474200][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.481302][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[  612.511311][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.518454][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  612.560838][ T2543] hsr_slave_0: entered promiscuous mode
[  612.567432][ T2543] hsr_slave_1: entered promiscuous mode
[  612.578904][ T2543] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  612.587192][ T2543] Cannot create hsr debugfs directory
[  613.065298][ T2389] 8021q: adding VLAN 0 to HW filter on device bond0
[  613.178993][ T2389] 8021q: adding VLAN 0 to HW filter on device team0
[  613.219179][T17024] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.226382][T17024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  613.376037][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.383314][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state
[  613.490012][ T2353] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.653885][T30742] Bluetooth: hci0: command tx timeout
[  613.889231][ T2543] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  613.942150][ T2543] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  613.976769][ T2543] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  614.005383][ T2543] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  614.155443][ T2353] veth0_vlan: entered promiscuous mode
[  614.217391][ T2353] veth1_vlan: entered promiscuous mode
[  614.242469][ T2389] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.413085][ T2353] veth0_macvtap: entered promiscuous mode
[  614.482515][ T2353] veth1_macvtap: entered promiscuous mode
[  614.499309][ T2389] veth0_vlan: entered promiscuous mode
[  614.540081][ T2389] veth1_vlan: entered promiscuous mode
[  614.607234][ T2353] batman_adv: batadv0: Interface activated: batadv_slave_0
[  614.640313][ T2543] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.666648][ T2353] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.681202][ T2543] 8021q: adding VLAN 0 to HW filter on device team0
[  614.700897][ T2389] veth0_macvtap: entered promiscuous mode
[  614.712040][ T2353] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.724479][ T2353] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.734102][ T2353] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.742900][ T2353] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  614.762938][ T2389] veth1_macvtap: entered promiscuous mode
[  614.776940][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.784059][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.802644][T17024] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.809818][T17024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  614.965113][ T2389] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.130058][ T2389] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.168295][ T2389] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.203371][ T2389] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.223152][ T2389] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.231951][ T2389] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.310389][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.324186][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.436844][ T3561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.482216][ T3561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.680000][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.704965][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.733375][T30742] Bluetooth: hci0: command tx timeout
[  615.782463][T17024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.817173][T17024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.364091][ T1518] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.462498][ T2543] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.625567][ T1518] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.779028][ T1518] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.876051][ T2543] veth0_vlan: entered promiscuous mode
[  616.925871][ T1518] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.962444][ T2543] veth1_vlan: entered promiscuous mode
[  616.997941][ T2543] veth0_macvtap: entered promiscuous mode
[  617.008484][ T2543] veth1_macvtap: entered promiscuous mode
[  617.071676][ T2543] batman_adv: batadv0: Interface activated: batadv_slave_0
[  617.096001][ T2543] batman_adv: batadv0: Interface activated: batadv_slave_1
[  617.111355][ T2543] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  617.122535][ T2543] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  617.131745][ T2543] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  617.142568][ T2543] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  617.418333][ T1518] bridge_slave_1: left allmulticast mode
[  617.429884][ T1518] bridge_slave_1: left promiscuous mode
[  617.430250][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  617.436199][ T1518] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.456719][ T1518] bridge_slave_0: left allmulticast mode
[  617.462399][ T1518] bridge_slave_0: left promiscuous mode
[  617.475510][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  617.476128][ T1518] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.497841][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  617.508026][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  617.519156][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  617.784379][ T2826] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13306'.
[  618.245111][T30742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  618.270314][T30742] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  618.283779][T30742] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  618.292077][T30742] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  618.312542][T30742] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  618.590597][ T1518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  618.610063][ T1518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  618.630011][ T1518] bond0 (unregistering): Released all slaves
[  618.678635][T17024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.710326][T17024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  618.856829][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.888374][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.338052][ T2898] netlink: 'syz.3.13321': attribute type 11 has an invalid length.
[  619.574364][   T51] Bluetooth: hci2: command tx timeout
[  620.374040][   T51] Bluetooth: hci3: command tx timeout
[  620.401980][ T2924] ------------[ cut here ]------------
[  620.408192][ T2924] WARNING: CPU: 1 PID: 2924 at ./include/net/mac80211.h:7748 _ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  620.419189][ T2924] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  620.423592][ T2924] CPU: 1 UID: 0 PID: 2924 Comm: syz.3.13323 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) 
[  620.435817][ T2924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  620.446371][ T2924] RIP: 0010:_ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  620.453357][ T2924] Code: 00 00 00 eb 49 41 83 fd 05 74 30 41 83 fd 0d 75 13 e8 b0 50 e5 f6 b8 04 00 00 00 eb 31 e8 a4 50 e5 f6 eb 28 e8 9d 50 e5 f6 90 <0f> 0b 90 eb 1d e8 92 50 e5 f6 b8 02 00 00 00 eb 13 e8 86 50 e5 f6
[  620.473434][ T2924] RSP: 0018:ffffc90003e8ef48 EFLAGS: 00010287
[  620.480099][ T2924] RAX: ffffffff8adafdd3 RBX: ffff888054334000 RCX: 0000000000080000
[  620.488592][ T2924] RDX: ffffc9000d5ba000 RSI: 0000000000000364 RDI: 0000000000000365
[  620.496658][ T2924] RBP: 0000000000000000 R08: ffff888026180000 R09: 0000000000000007
[  620.504899][ T2924] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000
[  620.512905][ T2924] R13: 0000000000000007 R14: ffff888054334180 R15: 1ffff1100a866830
[  620.520968][ T2924] FS:  00007f86d24266c0(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000
[  620.529993][ T2924] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  620.537037][ T2924] CR2: 00007f612b10fe9c CR3: 0000000048cdc000 CR4: 00000000003526f0
[  620.545109][ T2924] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  620.553180][ T2924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  620.561178][ T2924] Call Trace:
[  620.565123][ T2924]  <TASK>
[  620.568090][ T2924]  __ieee80211_vht_handle_opmode+0x3c0/0x850
[  620.574486][ T2924]  ? ieee80211_get_link_sband+0x5f/0x3e0
[  620.580165][ T2924]  ? __pfx___ieee80211_vht_handle_opmode+0x10/0x10
[  620.586825][ T2924]  ? ieee80211_get_link_sband+0x5f/0x3e0
[  620.592494][ T2924]  ? ieee80211_sta_init_nss+0x8dd/0xbe0
[  620.598149][ T2924]  ? ieee80211_get_link_sband+0x335/0x3e0
[  620.603949][ T2924]  sta_link_apply_parameters+0xbb8/0xec0
[  620.609643][ T2924]  sta_apply_parameters+0x944/0x15b0
[  620.615589][ T2924]  ieee80211_add_station+0x424/0x6a0
[  620.620923][ T2924]  rdev_add_station+0x105/0x290
[  620.626128][ T2924]  nl80211_new_station+0x1723/0x1b40
[  620.631471][ T2924]  ? __pfx_nl80211_new_station+0x10/0x10
[  620.637216][ T2924]  ? netdev_run_todo+0xe1d/0xea0
[  620.642214][ T2924]  ? nl80211_pre_doit+0x4f1/0x930
[  620.647340][ T2924]  genl_family_rcv_msg_doit+0x212/0x300
[  620.652938][ T2924]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  620.659158][ T2924]  ? bpf_lsm_capable+0x9/0x20
[  620.663930][ T2924]  ? security_capable+0x7e/0x2e0
[  620.669455][ T2924]  genl_rcv_msg+0x60e/0x790
[  620.674383][ T2924]  ? __pfx_genl_rcv_msg+0x10/0x10
[  620.679446][ T2924]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  620.684895][ T2924]  ? __pfx_nl80211_new_station+0x10/0x10
[  620.690561][ T2924]  ? __pfx_nl80211_post_doit+0x10/0x10
[  620.696224][ T2924]  netlink_rcv_skb+0x208/0x470
[  620.701039][ T2924]  ? __pfx_genl_rcv_msg+0x10/0x10
[  620.706172][ T2924]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  620.711518][ T2924]  ? down_read+0x1ad/0x2e0
[  620.716087][ T2924]  genl_rcv+0x28/0x40
[  620.720110][ T2924]  netlink_unicast+0x75b/0x8d0
[  620.724980][ T2924]  netlink_sendmsg+0x805/0xb30
[  620.729796][ T2924]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.735200][ T2924]  ? aa_sock_msg_perm+0x94/0x160
[  620.740183][ T2924]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  620.745547][ T2924]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.750864][ T2924]  __sock_sendmsg+0x21c/0x270
[  620.755641][ T2924]  ____sys_sendmsg+0x505/0x830
[  620.760453][ T2924]  ? __pfx_____sys_sendmsg+0x10/0x10
[  620.765838][ T2924]  ? import_iovec+0x74/0xa0
[  620.770921][ T2924]  ___sys_sendmsg+0x21f/0x2a0
[  620.776553][ T2924]  ? __pfx____sys_sendmsg+0x10/0x10
[  620.781968][ T2924]  ? __fget_files+0x2a/0x420
[  620.786663][ T2924]  ? __fget_files+0x3a0/0x420
[  620.791382][ T2924]  __x64_sys_sendmsg+0x19b/0x260
[  620.796534][ T2924]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  620.802035][ T2924]  ? rcu_is_watching+0x15/0xb0
[  620.807020][ T2924]  ? do_syscall_64+0xbe/0x3b0
[  620.811741][ T2924]  do_syscall_64+0xfa/0x3b0
[  620.816360][ T2924]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.821593][ T2924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.827768][ T2924]  ? clear_bhb_loop+0x60/0xb0
[  620.832473][ T2924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.838464][ T2924] RIP: 0033:0x7f86d158e929
[  620.842904][ T2924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.863303][ T2924] RSP: 002b:00007f86d2426038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  620.872305][ T2924] RAX: ffffffffffffffda RBX: 00007f86d17b5fa0 RCX: 00007f86d158e929
[  620.880728][ T2924] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[  620.888801][ T2924] RBP: 00007f86d1610b39 R08: 0000000000000000 R09: 0000000000000000
[  620.896871][ T2924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  620.904913][ T2924] R13: 0000000000000000 R14: 00007f86d17b5fa0 R15: 00007ffe3a981468
[  620.912927][ T2924]  </TASK>
[  620.916046][ T2924] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  620.923343][ T2924] CPU: 1 UID: 0 PID: 2924 Comm: syz.3.13323 Not tainted 6.16.0-rc3-syzkaller-00131-g72fb83735c71 #0 PREEMPT(full) 
[  620.935429][ T2924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  620.945486][ T2924] Call Trace:
[  620.948767][ T2924]  <TASK>
[  620.951701][ T2924]  dump_stack_lvl+0x99/0x250
[  620.956312][ T2924]  ? __asan_memcpy+0x40/0x70
[  620.960916][ T2924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.966127][ T2924]  ? __pfx__printk+0x10/0x10
[  620.970760][ T2924]  panic+0x2db/0x790
[  620.974684][ T2924]  ? __pfx_panic+0x10/0x10
[  620.979128][ T2924]  ? show_trace_log_lvl+0x4fb/0x550
[  620.984389][ T2924]  __warn+0x31b/0x4b0
[  620.988392][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  620.994208][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  621.000021][ T2924]  report_bug+0x2be/0x4f0
[  621.004358][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  621.010168][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  621.015982][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x526/0x6e0
[  621.021817][ T2924]  handle_bug+0x84/0x160
[  621.026068][ T2924]  exc_invalid_op+0x1a/0x50
[  621.030574][ T2924]  asm_exc_invalid_op+0x1a/0x20
[  621.035427][ T2924] RIP: 0010:_ieee80211_sta_cur_vht_bw+0x524/0x6e0
[  621.041851][ T2924] Code: 00 00 00 eb 49 41 83 fd 05 74 30 41 83 fd 0d 75 13 e8 b0 50 e5 f6 b8 04 00 00 00 eb 31 e8 a4 50 e5 f6 eb 28 e8 9d 50 e5 f6 90 <0f> 0b 90 eb 1d e8 92 50 e5 f6 b8 02 00 00 00 eb 13 e8 86 50 e5 f6
[  621.061553][ T2924] RSP: 0018:ffffc90003e8ef48 EFLAGS: 00010287
[  621.067638][ T2924] RAX: ffffffff8adafdd3 RBX: ffff888054334000 RCX: 0000000000080000
[  621.075612][ T2924] RDX: ffffc9000d5ba000 RSI: 0000000000000364 RDI: 0000000000000365
[  621.083591][ T2924] RBP: 0000000000000000 R08: ffff888026180000 R09: 0000000000000007
[  621.091566][ T2924] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000
[  621.099540][ T2924] R13: 0000000000000007 R14: ffff888054334180 R15: 1ffff1100a866830
[  621.107529][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x523/0x6e0
[  621.113355][ T2924]  ? _ieee80211_sta_cur_vht_bw+0x523/0x6e0
[  621.119168][ T2924]  __ieee80211_vht_handle_opmode+0x3c0/0x850
[  621.125159][ T2924]  ? ieee80211_get_link_sband+0x5f/0x3e0
[  621.130812][ T2924]  ? __pfx___ieee80211_vht_handle_opmode+0x10/0x10
[  621.137356][ T2924]  ? ieee80211_get_link_sband+0x5f/0x3e0
[  621.142998][ T2924]  ? ieee80211_sta_init_nss+0x8dd/0xbe0
[  621.148586][ T2924]  ? ieee80211_get_link_sband+0x335/0x3e0
[  621.154314][ T2924]  sta_link_apply_parameters+0xbb8/0xec0
[  621.159967][ T2924]  sta_apply_parameters+0x944/0x15b0
[  621.165275][ T2924]  ieee80211_add_station+0x424/0x6a0
[  621.170602][ T2924]  rdev_add_station+0x105/0x290
[  621.175465][ T2924]  nl80211_new_station+0x1723/0x1b40
[  621.180775][ T2924]  ? __pfx_nl80211_new_station+0x10/0x10
[  621.186435][ T2924]  ? netdev_run_todo+0xe1d/0xea0
[  621.191404][ T2924]  ? nl80211_pre_doit+0x4f1/0x930
[  621.196439][ T2924]  genl_family_rcv_msg_doit+0x212/0x300
[  621.201997][ T2924]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  621.208081][ T2924]  ? bpf_lsm_capable+0x9/0x20
[  621.212769][ T2924]  ? security_capable+0x7e/0x2e0
[  621.217720][ T2924]  genl_rcv_msg+0x60e/0x790
[  621.222238][ T2924]  ? __pfx_genl_rcv_msg+0x10/0x10
[  621.227271][ T2924]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  621.232649][ T2924]  ? __pfx_nl80211_new_station+0x10/0x10
[  621.238293][ T2924]  ? __pfx_nl80211_post_doit+0x10/0x10
[  621.243780][ T2924]  netlink_rcv_skb+0x208/0x470
[  621.248551][ T2924]  ? __pfx_genl_rcv_msg+0x10/0x10
[  621.253584][ T2924]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  621.258884][ T2924]  ? down_read+0x1ad/0x2e0
[  621.263340][ T2924]  genl_rcv+0x28/0x40
[  621.267327][ T2924]  netlink_unicast+0x75b/0x8d0
[  621.272108][ T2924]  netlink_sendmsg+0x805/0xb30
[  621.276894][ T2924]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.282200][ T2924]  ? aa_sock_msg_perm+0x94/0x160
[  621.287149][ T2924]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  621.292443][ T2924]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.297737][ T2924]  __sock_sendmsg+0x21c/0x270
[  621.302426][ T2924]  ____sys_sendmsg+0x505/0x830
[  621.307197][ T2924]  ? __pfx_____sys_sendmsg+0x10/0x10
[  621.312505][ T2924]  ? import_iovec+0x74/0xa0
[  621.317014][ T2924]  ___sys_sendmsg+0x21f/0x2a0
[  621.321697][ T2924]  ? __pfx____sys_sendmsg+0x10/0x10
[  621.326941][ T2924]  ? __fget_files+0x2a/0x420
[  621.331565][ T2924]  ? __fget_files+0x3a0/0x420
[  621.336268][ T2924]  __x64_sys_sendmsg+0x19b/0x260
[  621.341219][ T2924]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  621.346702][ T2924]  ? rcu_is_watching+0x15/0xb0
[  621.351490][ T2924]  ? do_syscall_64+0xbe/0x3b0
[  621.356172][ T2924]  do_syscall_64+0xfa/0x3b0
[  621.360673][ T2924]  ? lockdep_hardirqs_on+0x9c/0x150
[  621.365877][ T2924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.371946][ T2924]  ? clear_bhb_loop+0x60/0xb0
[  621.376632][ T2924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.382533][ T2924] RIP: 0033:0x7f86d158e929
[  621.386955][ T2924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.406567][ T2924] RSP: 002b:00007f86d2426038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  621.414984][ T2924] RAX: ffffffffffffffda RBX: 00007f86d17b5fa0 RCX: 00007f86d158e929
[  621.422956][ T2924] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[  621.430937][ T2924] RBP: 00007f86d1610b39 R08: 0000000000000000 R09: 0000000000000000
[  621.438927][ T2924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  621.446898][ T2924] R13: 0000000000000000 R14: 00007f86d17b5fa0 R15: 00007ffe3a981468
[  621.454888][ T2924]  </TASK>
[  621.458253][ T2924] Kernel Offset: disabled
[  621.462589][ T2924] Rebooting in 86400 seconds..