syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1342]
Subsystems
🐞 Fixed [7118]
🐞 Invalid [18803]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

BUG: soft lockup in tipc_accept

Status: moderation: reported on 2026/05/25 11:03
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+7e7b6a2e6887fb57edaf@syzkaller.appspotmail.com
First crash: 5d21h, last: 5d21h

Sample crash report:
watchdog: BUG: soft lockup - CPU#0 stuck for 31s! [kworker/u8:6:1374]
Modules linked in:
irq event stamp: 1581021
hardirqs last  enabled at (1581021): [<ffff800080308254>] __local_bh_enable_ip+0x1ec/0x35c kernel/softirq.c:455
hardirqs last disabled at (1581019): [<ffff8000803081d4>] __local_bh_enable_ip+0x16c/0x35c kernel/softirq.c:432
softirqs last  enabled at (1581020): [<ffff800084abdd3c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (1581020): [<ffff800084abdd3c>] lock_sock_nested+0xb0/0x110 net/core/sock.c:3806
softirqs last disabled at (1581018): [<ffff800084abdcfc>] spin_lock_bh include/linux/spinlock.h:348 [inline]
softirqs last disabled at (1581018): [<ffff800084abdcfc>] lock_sock_nested+0x70/0x110 net/core/sock.c:3802
CPU: 0 UID: 0 PID: 1374 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: tipc_rcv tipc_topsrv_accept
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : lock_acquire+0x16c/0x368 arch/arm64/include/asm/irqflags.h:-1
lr : lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
lr : lock_acquire+0x14c/0x368 kernel/locking/lockdep.c:5870
sp : ffff800094737490
x29: ffff8000947374e0 x28: 0000000000000000 x27: 0000000000000000
x26: ffff800088890230 x25: 0000000000000000 x24: 0000000000000001
x23: 0000000000000000 x22: ffff800088be7480 x21: ffff800080aa3ce4
x20: 0000000000000000 x19: 0000000000000000 x18: 00000000ffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
x11: 00000000000038af x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff80008047caa0
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008048cd74
x2 : 0000000100000000 x1 : ffff0000c9511d00 x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 lock_acquire+0x16c/0x368 kernel/locking/lockdep.c:5871 (P)
 fs_reclaim_acquire+0xb8/0x110 mm/page_alloc.c:4342
 might_alloc include/linux/sched/mm.h:317 [inline]
 slab_pre_alloc_hook mm/slub.c:4520 [inline]
 slab_alloc_node mm/slub.c:4875 [inline]
 kmem_cache_alloc_noprof+0x58/0x610 mm/slub.c:4905
 sk_prot_alloc+0x60/0x1ec net/core/sock.c:2241
 sk_alloc+0x44/0x3a0 net/core/sock.c:2303
 tipc_sk_create+0xd0/0x1b90 net/tipc/socket.c:486
 tipc_accept+0x3ec/0xd14 net/tipc/socket.c:2740
 kernel_accept+0x178/0x2c8 net/socket.c:3705
 tipc_topsrv_accept+0xcc/0x250 net/tipc/topsrv.c:472
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397
 worker_thread+0x754/0xba0 kernel/workqueue.c:3478
 kthread+0x2f8/0x3c8 kernel/kthread.c:436
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 18509 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
pc : _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198
lr : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
lr : _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198
sp : ffff8000950b6fa0
x29: ffff8000950b6fa0 x28: 1fffffbff896a660 x27: dfff800000000000
x26: ffff00012d4cd000 x25: 0000000000000000 x24: 0000000000000001
x23: ffff00012d4cc000 x22: 0000000000000002 x21: 0000000000000000
x20: ffff80008e753a38 x19: 0000000000000000 x18: 1fffe00035c23420
x17: 0000000000000002 x16: 0000000000000000 x15: 000000000000e43d
x14: 1fffe00035c26a20 x13: 0000000000000001 x12: 0000000000000000
x11: ffff800080154b2c x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff800081941b2c
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800080154bd4
x2 : 0000000000000000 x1 : ffff0000da530000 x0 : ffff80008675f3d4
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] (P)
 _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198 (P)
 __debug_check_no_obj_freed lib/debugobjects.c:1125 [inline]
 debug_check_no_obj_freed+0x2e4/0x3c0 lib/debugobjects.c:1146
 __free_pages_prepare mm/page_alloc.c:1409 [inline]
 free_unref_folios+0x568/0x1410 mm/page_alloc.c:3004
 folios_put_refs+0x7c8/0x8c4 mm/swap.c:1008
 free_pages_and_swap_cache+0x368/0x3e0 mm/swap_state.c:404
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:417 [inline]
 tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424
 tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549
 exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313
 __mmput+0xe4/0x2f0 kernel/fork.c:1178
 mmput+0x70/0xa8 kernel/fork.c:1201
 exit_mm+0x190/0x26c kernel/exit.c:582
 do_exit+0x518/0x1a6c kernel/exit.c:964
 do_group_exit+0x194/0x22c kernel/exit.c:1119
 get_signal+0xfb0/0x1094 kernel/signal.c:3037
 arch_do_signal_or_restart+0x290/0x43a0 arch/arm64/kernel/signal.c:1665
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x70/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:741
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/21 10:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 4b4362973b6f e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: soft lockup in tipc_accept
* Struck through repros no longer work on HEAD.