Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. 2026/04/18 15:22:54 parsed 1 programs [ 104.032605][ T5848] cgroup: Unknown subsys name 'net' [ 104.305215][ T5848] cgroup: Unknown subsys name 'cpuset' [ 104.359722][ T5848] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 105.936462][ T5848] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 112.433891][ T5901] chnl_net:caif_netlink_parms(): no params data found [ 112.732779][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.734379][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.734580][ T5901] bridge_slave_0: entered allmulticast mode [ 112.737845][ T5901] bridge_slave_0: entered promiscuous mode [ 112.755019][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.755272][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.755473][ T5901] bridge_slave_1: entered allmulticast mode [ 112.761093][ T5901] bridge_slave_1: entered promiscuous mode [ 112.815664][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.818815][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.867183][ T5901] team0: Port device team_slave_0 added [ 112.870662][ T5901] team0: Port device team_slave_1 added [ 112.903460][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.903470][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.903483][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.905998][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.906006][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.906019][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.007637][ T5901] hsr_slave_0: entered promiscuous mode [ 113.008864][ T5901] hsr_slave_1: entered promiscuous mode [ 113.399809][ T5901] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.447453][ T5901] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 113.448095][ T5901] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.482322][ T5901] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 113.760699][ T5901] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.784275][ T5901] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 113.786517][ T5901] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.806440][ T5901] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 113.916028][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.974809][ T5901] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.990719][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.990969][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.018307][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.018880][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.235213][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.292983][ T5901] veth0_vlan: entered promiscuous mode [ 114.305591][ T5901] veth1_vlan: entered promiscuous mode [ 114.354303][ T5901] veth0_macvtap: entered promiscuous mode [ 114.361576][ T5901] veth1_macvtap: entered promiscuous mode [ 114.392122][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.412462][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.434933][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.438342][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.438383][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.438414][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.113730][ T1192] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.383111][ T1192] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.494903][ T2382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.494921][ T2382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.568493][ T2382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.568510][ T2382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.195749][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 116.198890][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 116.216042][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 116.221201][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 116.221832][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 116.311107][ T1192] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/04/18 15:23:10 executed programs: 0 [ 117.255111][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 117.274331][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 117.275302][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 117.277891][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 117.278520][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 117.447504][ T1192] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.685682][ T5958] chnl_net:caif_netlink_parms(): no params data found [ 117.869332][ T5958] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.869606][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.869815][ T5958] bridge_slave_0: entered allmulticast mode [ 117.872293][ T5958] bridge_slave_0: entered promiscuous mode [ 118.169703][ T1192] bridge_slave_1: left allmulticast mode [ 118.169859][ T1192] bridge_slave_1: left promiscuous mode [ 118.175438][ T1192] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.250429][ T1192] bridge_slave_0: left allmulticast mode [ 118.250448][ T1192] bridge_slave_0: left promiscuous mode [ 118.250616][ T1192] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.029903][ T1192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.089786][ T1192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.111027][ T1192] bond0 (unregistering): Released all slaves [ 119.149765][ T5958] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.149918][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.150093][ T5958] bridge_slave_1: entered allmulticast mode [ 119.151734][ T5958] bridge_slave_1: entered promiscuous mode [ 119.218774][ T5958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.226261][ T5958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.277411][ T5958] team0: Port device team_slave_0 added [ 119.287676][ T5958] team0: Port device team_slave_1 added [ 119.381393][ T5147] Bluetooth: hci0: command tx timeout [ 119.499421][ T1192] hsr_slave_0: left promiscuous mode [ 119.540819][ T1192] hsr_slave_1: left promiscuous mode [ 119.541684][ T1192] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.541741][ T1192] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.581152][ T1192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.581177][ T1192] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.682141][ T1192] veth1_macvtap: left promiscuous mode [ 119.682292][ T1192] veth0_macvtap: left promiscuous mode [ 119.682459][ T1192] veth1_vlan: left promiscuous mode [ 119.682620][ T1192] veth0_vlan: left promiscuous mode [ 120.339778][ T1192] team0 (unregistering): Port device team_slave_1 removed [ 120.380633][ T1192] team0 (unregistering): Port device team_slave_0 removed [ 120.542590][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.542601][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 120.542615][ T5958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.545121][ T5493] 8021q: adding VLAN 0 to HW filter on device eth1 [ 120.701114][ T5958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.701124][ T5958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 120.701138][ T5958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.775683][ T5958] hsr_slave_0: entered promiscuous mode [ 120.777302][ T5958] hsr_slave_1: entered promiscuous mode [ 121.372946][ T5493] 8021q: adding VLAN 0 to HW filter on device eth2 [ 121.462134][ T5147] Bluetooth: hci0: command tx timeout [ 122.742713][ T5958] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 122.785694][ T5958] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 122.786462][ T5958] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 122.822099][ T5958] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 122.822918][ T5958] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 122.867878][ T5958] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 122.868690][ T5958] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 122.918138][ T5958] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 123.121645][ T5958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.160859][ T5958] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.196623][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.196720][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.225832][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.225946][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.306297][ T5958] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.539491][ T5147] Bluetooth: hci0: command tx timeout [ 123.781195][ T5958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.903946][ T5958] veth0_vlan: entered promiscuous mode [ 123.914091][ T5958] veth1_vlan: entered promiscuous mode [ 124.430309][ T5958] veth0_macvtap: entered promiscuous mode [ 124.531431][ T5958] veth1_macvtap: entered promiscuous mode [ 124.621894][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.657236][ T5958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.683554][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.686640][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.688590][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.695827][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.104653][ T1487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.104671][ T1487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.162394][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.162411][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/04/18 15:23:18 executed programs: 2 [ 125.295833][ T6047] netlink: 'syz.0.17': attribute type 2 has an invalid length. [ 125.435611][ C1] [ 125.435620][ C1] ====================================================== [ 125.435623][ C1] WARNING: possible circular locking dependency detected [ 125.435635][ C1] syzkaller #0 Not tainted [ 125.435641][ C1] ------------------------------------------------------ [ 125.435644][ C1] syz.0.17/6048 is trying to acquire lock: [ 125.435650][ C1] ffff88803d8a5160 (slock-AF_PHONET/1){+.+.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0 [ 125.435682][ C1] [ 125.435682][ C1] but task is already holding lock: [ 125.435685][ C1] ffff888032b362e0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 125.435705][ C1] [ 125.435705][ C1] which lock already depends on the new lock. [ 125.435705][ C1] [ 125.435708][ C1] [ 125.435708][ C1] the existing dependency chain (in reverse order) is: [ 125.435711][ C1] [ 125.435711][ C1] -> #1 (slock-AF_PHONET){+...}-{3:3}: [ 125.435723][ C1] rt_spin_lock+0x83/0x400 [ 125.435736][ C1] __sk_receive_skb+0x1f1/0x9e0 [ 125.435745][ C1] phonet_rcv+0x781/0xc40 [ 125.435755][ C1] process_backlog+0x5e1/0xc60 [ 125.435765][ C1] __napi_poll+0xab/0x550 [ 125.435772][ C1] net_rx_action+0x696/0xe00 [ 125.435781][ C1] handle_softirqs+0x1de/0x6d0 [ 125.435790][ C1] __local_bh_enable_ip+0x170/0x2b0 [ 125.435798][ C1] netif_rx+0xb9/0xf0 [ 125.435809][ C1] pn_send+0x62a/0x8e0 [ 125.435819][ C1] pn_skb_send+0x218/0x530 [ 125.435830][ C1] pipe_snd_status+0x1f1/0x320 [ 125.435841][ C1] pipe_do_rcv+0xf15/0x16a0 [ 125.435853][ C1] __sk_receive_skb+0x962/0x9e0 [ 125.435862][ C1] pep_do_rcv+0x685/0xaa0 [ 125.435874][ C1] __release_sock+0x2a9/0x3d0 [ 125.435886][ C1] release_sock+0x1be/0x290 [ 125.435894][ C1] pep_sock_accept+0xd47/0x11e0 [ 125.435906][ C1] pn_socket_accept+0xc1/0x310 [ 125.435915][ C1] do_accept+0x6ca/0x930 [ 125.435924][ C1] __sys_accept4+0x139/0x230 [ 125.435933][ C1] __x64_sys_accept4+0x9a/0xb0 [ 125.435942][ C1] do_syscall_64+0x15f/0xf80 [ 125.435951][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.435960][ C1] [ 125.435960][ C1] -> #0 (slock-AF_PHONET/1){+.+.}-{3:3}: [ 125.435973][ C1] __lock_acquire+0x15a5/0x2cf0 [ 125.435985][ C1] lock_acquire+0x106/0x350 [ 125.435994][ C1] rt_spin_lock_nested+0x81/0x3f0 [ 125.436006][ C1] __sk_receive_skb+0x1bf/0x9e0 [ 125.436014][ C1] pep_do_rcv+0x685/0xaa0 [ 125.436026][ C1] __sk_receive_skb+0x962/0x9e0 [ 125.436035][ C1] phonet_rcv+0x781/0xc40 [ 125.436045][ C1] process_backlog+0x5e1/0xc60 [ 125.436054][ C1] __napi_poll+0xab/0x550 [ 125.436061][ C1] net_rx_action+0x696/0xe00 [ 125.436070][ C1] handle_softirqs+0x1de/0x6d0 [ 125.436078][ C1] __local_bh_enable_ip+0x170/0x2b0 [ 125.436085][ C1] netif_rx+0xb9/0xf0 [ 125.436096][ C1] pn_send+0x62a/0x8e0 [ 125.436106][ C1] pn_skb_send+0x218/0x530 [ 125.436116][ C1] pipe_skb_send+0x2f7/0x540 [ 125.436128][ C1] pep_sendmsg+0x9ca/0xb00 [ 125.436145][ C1] pn_socket_sendmsg+0x1e5/0x250 [ 125.436155][ C1] sock_sendmsg_nosec+0x112/0x150 [ 125.436163][ C1] sock_write_iter+0x308/0x410 [ 125.436175][ C1] vfs_write+0x629/0xba0 [ 125.436187][ C1] ksys_write+0x156/0x270 [ 125.436199][ C1] do_syscall_64+0x15f/0xf80 [ 125.436214][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.436230][ C1] [ 125.436230][ C1] other info that might help us debug this: [ 125.436230][ C1] [ 125.436235][ C1] Possible unsafe locking scenario: [ 125.436235][ C1] [ 125.436240][ C1] CPU0 CPU1 [ 125.436245][ C1] ---- ---- [ 125.436250][ C1] lock(slock-AF_PHONET); [ 125.436260][ C1] lock(slock-AF_PHONET/1); [ 125.436276][ C1] lock(slock-AF_PHONET); [ 125.436288][ C1] lock(slock-AF_PHONET/1); [ 125.436297][ C1] [ 125.436297][ C1] *** DEADLOCK *** [ 125.436297][ C1] [ 125.436299][ C1] 6 locks held by syz.0.17/6048: [ 125.436305][ C1] #0: ffff888032b35ad8 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sendmsg+0x7b6/0xb00 [ 125.436330][ C1] #1: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 125.436355][ C1] #2: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 125.436377][ C1] #3: ffff888032b362e0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 125.436400][ C1] #4: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 125.436424][ C1] #5: ffff888032b36398 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 125.436447][ C1] [ 125.436447][ C1] stack backtrace: [ 125.436462][ C1] CPU: 1 UID: 0 PID: 6048 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 125.436472][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 125.436483][ C1] Call Trace: [ 125.436489][ C1] [ 125.436493][ C1] dump_stack_lvl+0xe8/0x150 [ 125.436504][ C1] print_circular_bug+0x2e1/0x300 [ 125.436519][ C1] check_noncircular+0x12e/0x150 [ 125.436533][ C1] __lock_acquire+0x15a5/0x2cf0 [ 125.436545][ C1] ? try_to_take_rt_mutex+0x840/0xb00 [ 125.436562][ C1] ? __sk_receive_skb+0x1bf/0x9e0 [ 125.436571][ C1] lock_acquire+0x106/0x350 [ 125.436581][ C1] ? __sk_receive_skb+0x1bf/0x9e0 [ 125.436591][ C1] ? sk_filter_trim_cap+0x8f1/0xce0 [ 125.436606][ C1] rt_spin_lock_nested+0x81/0x3f0 [ 125.436618][ C1] ? __sk_receive_skb+0x1bf/0x9e0 [ 125.436627][ C1] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 125.436640][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 125.436650][ C1] ? __pfx_rt_spin_lock_nested+0x10/0x10 [ 125.436664][ C1] ? rt_spin_lock+0x1e0/0x400 [ 125.436677][ C1] __sk_receive_skb+0x1bf/0x9e0 [ 125.436688][ C1] pep_do_rcv+0x685/0xaa0 [ 125.436701][ C1] ? __pfx_pep_do_rcv+0x10/0x10 [ 125.436715][ C1] ? __pfx_pep_do_rcv+0x10/0x10 [ 125.436727][ C1] ? phonet_rcv+0x781/0xc40 [ 125.436738][ C1] __sk_receive_skb+0x962/0x9e0 [ 125.436749][ C1] phonet_rcv+0x781/0xc40 [ 125.436760][ C1] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 125.436772][ C1] ? __pfx_phonet_rcv+0x10/0x10 [ 125.436785][ C1] ? process_backlog+0x271/0xc60 [ 125.436794][ C1] ? process_backlog+0x271/0xc60 [ 125.436803][ C1] ? __pfx_phonet_rcv+0x10/0x10 [ 125.436815][ C1] process_backlog+0x5e1/0xc60 [ 125.436828][ C1] __napi_poll+0xab/0x550 [ 125.436837][ C1] net_rx_action+0x696/0xe00 [ 125.436849][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 125.436858][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 125.436869][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 125.436883][ C1] ? enqueue_to_backlog+0x340/0xcb0 [ 125.436894][ C1] handle_softirqs+0x1de/0x6d0 [ 125.436904][ C1] __local_bh_enable_ip+0x170/0x2b0 [ 125.436914][ C1] netif_rx+0xb9/0xf0 [ 125.436926][ C1] pn_send+0x62a/0x8e0 [ 125.436938][ C1] pn_skb_send+0x218/0x530 [ 125.436951][ C1] pipe_skb_send+0x2f7/0x540 [ 125.436964][ C1] pep_sendmsg+0x9ca/0xb00 [ 125.436979][ C1] ? __pfx_pep_sendmsg+0x10/0x10 [ 125.436992][ C1] ? __pfx_woken_wake_function+0x10/0x10 [ 125.437004][ C1] ? pn_socket_bind+0x40d/0x550 [ 125.437016][ C1] pn_socket_sendmsg+0x1e5/0x250 [ 125.437027][ C1] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 125.437038][ C1] ? __pfx_aa_file_perm+0x10/0x10 [ 125.437050][ C1] ? __pfx_futex_wake_mark+0x10/0x10 [ 125.437059][ C1] ? aa_sock_msg_perm+0x122/0x200 [ 125.437070][ C1] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 125.437081][ C1] sock_sendmsg_nosec+0x112/0x150 [ 125.437090][ C1] sock_write_iter+0x308/0x410 [ 125.437104][ C1] ? __pfx_sock_write_iter+0x10/0x10 [ 125.437121][ C1] vfs_write+0x629/0xba0 [ 125.437139][ C1] ? __pfx_vfs_write+0x10/0x10 [ 125.437152][ C1] ? __fget_files+0x2a/0x420 [ 125.437165][ C1] ksys_write+0x156/0x270 [ 125.437177][ C1] ? __pfx_ksys_write+0x10/0x10 [ 125.437191][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.437200][ C1] do_syscall_64+0x15f/0xf80 [ 125.437209][ C1] ? trace_irq_disable+0x3b/0x140 [ 125.437219][ C1] ? clear_bhb_loop+0x40/0x90 [ 125.437229][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.437238][ C1] RIP: 0033:0x7f9b7184c819 [ 125.437253][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.437261][ C1] RSP: 002b:00007f9b70e8d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 125.437270][ C1] RAX: ffffffffffffffda RBX: 00007f9b71ac6090 RCX: 00007f9b7184c819 [ 125.437277][ C1] RDX: 00000000000003db RSI: 0000200000000480 RDI: 0000000000000006 [ 125.437283][ C1] RBP: 00007f9b718e2c91 R08: 0000000000000000 R09: 0000000000000000 [ 125.437288][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.437294][ C1] R13: 00007f9b71ac6128 R14: 00007f9b71ac6090 R15: 00007ffdd858bb58 [ 125.437303][ C1] [ 125.551108][ T6051] netlink: 'syz.0.18': attribute type 2 has an invalid length. [ 125.619264][ T5147] Bluetooth: hci0: command tx timeout [ 126.431328][ T6055] netlink: 'syz.0.19': attribute type 2 has an invalid length. [ 127.310173][ T6059] netlink: 'syz.0.20': attribute type 2 has an invalid length. [ 128.171125][ T6063] netlink: 'syz.0.21': attribute type 2 has an invalid length. [ 129.055612][ T6067] netlink: 'syz.0.22': attribute type 2 has an invalid length. [ 129.918847][ T6071] netlink: 'syz.0.23': attribute type 2 has an invalid length. 2026/04/18 15:23:24 executed programs: 9 [ 130.798731][ T6075] netlink: 'syz.0.24': attribute type 2 has an invalid length. [ 131.678602][ T6079] netlink: 'syz.0.25': attribute type 2 has an invalid length. [ 131.878946][ T6083] netlink: 'syz.0.26': attribute type 2 has an invalid length. [ 132.741208][ T1337] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.741252][ T1337] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.764545][ T6087] netlink: 'syz.0.27': attribute type 2 has an invalid length. [ 133.638741][ T6091] netlink: 'syz.0.28': attribute type 2 has an invalid length. [ 134.519361][ T6095] netlink: 'syz.0.29': attribute type 2 has an invalid length. [ 135.398524][ T6099] netlink: 'syz.0.30': attribute type 2 has an invalid length.