syzbot

 sign-in | mailing list | source | docs
🐞 Open [457]
🐞 Fixed [23]
🐞 Invalid [192]
Missing Backports [18]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in sendmsg

Status: upstream: reported on 2025/07/31 17:16
Reported-by: syzbot+e8d3f56cde2a4d5e38ae@syzkaller.appspotmail.com
First crash: 249d, last: 6h30m
Similar bugs (21)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 INFO: rcu detected stall in sendmsg (5) origin:upstream 1 syz 18 7h24m 287d 0/3 upstream: reported syz repro on 2025/06/23 07:43
linux-6.1 INFO: rcu detected stall in sendmsg (3) 1 4 552d 619d 0/3 auto-obsoleted due to no activity on 2025/01/09 18:13
upstream INFO: rcu detected stall in sendmsg net 1 1 1644d 1644d 0/29 auto-closed as invalid on 2022/01/03 17:11
linux-6.1 INFO: rcu detected stall in sendmsg (4) 1 2 391d 402d 0/3 auto-obsoleted due to no activity on 2025/06/19 03:57
linux-6.1 INFO: rcu detected stall in sendmsg (2) 1 1 741d 741d 0/3 auto-obsoleted due to no activity on 2024/07/04 03:49
upstream INFO: rcu detected stall in sendmsg (2) batman 1 1 1514d 1514d 0/29 auto-closed as invalid on 2022/05/13 12:25
upstream INFO: rcu detected stall in sendmsg (4) mm 1 C error error 63 32d 682d 0/29 upstream: reported C repro on 2024/05/24 06:18
upstream INFO: rcu detected stall in sendmsg (3) net 1 4 791d 875d 0/29 auto-obsoleted due to no activity on 2024/05/05 18:15
linux-5.15 INFO: rcu detected stall in sys_sendmsg origin:upstream 1 C error 41 6d20h 748d 0/3 upstream: reported C repro on 2024/03/19 21:37
linux-6.1 INFO: rcu detected stall in sendmsg 1 1 976d 976d 0/3 auto-obsoleted due to no activity on 2023/11/12 19:28
upstream BUG: soft lockup in sys_sendmsg (2) block 1 C error 45 1d18h 305d 0/29 upstream: reported C repro on 2025/06/05 02:15
upstream INFO: rcu detected stall in sys_sendmsg (2) cgroups mm 1 5 2315d 2317d 0/29 closed as invalid on 2019/12/04 14:14
upstream INFO: rcu detected stall in sys_sendmsg (3) kernel 1 1 2280d 2280d 0/29 closed as invalid on 2020/01/08 05:33
linux-6.1 INFO: rcu detected stall in sys_sendmsg 1 6 555d 641d 0/3 auto-obsoleted due to no activity on 2025/01/06 11:24
upstream INFO: rcu detected stall in sys_sendmsg net 1 C done 2 2396d 2397d 13/29 fixed on 2019/10/09 10:54
android-6-1 BUG: soft lockup in sys_sendmsg origin:upstream 1 C 3 700d 727d 0/2 upstream: reported C repro on 2024/04/09 06:46
linux-6.1 BUG: soft lockup in sys_sendmsg 1 2 1029d 1035d 0/3 auto-obsoleted due to no activity on 2023/09/20 17:26
android-5-10 BUG: soft lockup in sys_sendmsg 1 C error 63 8d22h 745d 0/2 upstream: reported C repro on 2024/03/22 10:41
upstream BUG: soft lockup in sys_sendmsg tipc batman 1 C 3 743d 784d 25/29 fixed on 2024/05/22 23:36
android-5-15 BUG: soft lockup in sys_sendmsg origin:upstream 1 C error 13 571d 745d 0/2 upstream: reported C repro on 2024/03/22 10:44
linux-6.1 BUG: soft lockup in sys_sendmsg (2) origin:upstream 1 C done 1 730d 730d 3/3 fixed on 2024/05/15 09:17

Sample crash report:
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-....: (10402 ticks this GP) idle=37fc/1/0x4000000000000000 softirq=29059/29067 fqs=231
rcu: 	         hardirqs   softirqs   csw/system
rcu: 	 number:  2096553         44            0
rcu: 	cputime:    43706       8148           14   ==> 51860(ms)
rcu: 	(t=10500 jiffies g=35797 q=205 ncpus=2)
rcu: rcu_preempt kthread starved for 290 jiffies! g35797 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26984 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x313/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3382 Comm: kworker/R-bat_e Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: bat_events batadv_dat_purge
RIP: 0010:kasan_mem_to_shadow include/linux/kasan.h:60 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:178 [inline]
RIP: 0010:kasan_check_range+0x52/0x290 mm/kasan/generic.c:187
Code: f9 49 c1 e9 2f 41 81 f9 ff ff 01 00 0f 82 ff 01 00 00 49 89 ff 49 c1 ef 03 49 ba 00 00 00 00 00 fc ff df 4f 8d 1c 17 49 ff c8 <4d> 89 c1 49 c1 e9 03 48 bb 01 00 00 00 00 fc ff df 4d 8d 34 19 4d
RSP: 0018:ffffc90000006828 EFLAGS: 00000082
RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff81683d13
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff911c4500
RBP: ffffc90000006aa8 R08: ffffffff911c4507 R09: 000000000001ffff
R10: dffffc0000000000 R11: fffffbfff22388a0 R12: 0000000000000002
R13: ffff88802d599e00 R14: ffff88802d59a980 R15: 1ffffffff22388a0
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555596c94e8 CR3: 000000000cf32000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 __lock_acquire+0xdb3/0x7d40 kernel/locking/lockdep.c:5107
 lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
 rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 rcu_read_lock include/linux/rcupdate.h:786 [inline]
 page_ext_get+0x3e/0x2b0 mm/page_ext.c:508
 __page_table_check_zero+0x138/0x4b0 mm/page_table_check.c:148
 prep_new_page mm/page_alloc.c:1588 [inline]
 get_page_from_freelist+0x1951/0x19e0 mm/page_alloc.c:3220
 __alloc_pages+0x1f0/0x460 mm/page_alloc.c:4500
 alloc_slab_page+0x5d/0x160 mm/slub.c:1881
 allocate_slab mm/slub.c:2028 [inline]
 new_slab+0x87/0x2d0 mm/slub.c:2081
 ___slab_alloc+0xc5d/0x12f0 mm/slub.c:3253
 __slab_alloc mm/slub.c:3339 [inline]
 __slab_alloc_node mm/slub.c:3392 [inline]
 slab_alloc_node mm/slub.c:3485 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x1b3/0x2d0 mm/slub.c:3519
 skb_ext_maybe_cow net/core/skbuff.c:6664 [inline]
 skb_ext_add+0x1b3/0x8e0 net/core/skbuff.c:6738
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:165 [inline]
 br_nf_forward_ip+0xc6/0x1110 net/bridge/br_netfilter_hooks.c:709
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 __br_forward+0x433/0x610 net/bridge/br_forward.c:115
 br_handle_frame_finish+0x13c5/0x18f0 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
 __netif_receive_skb_one_core net/core/dev.c:5632 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5748
 process_backlog+0x391/0x6f0 net/core/dev.c:6076
 __napi_poll+0xc0/0x460 net/core/dev.c:6638
 napi_poll net/core/dev.c:6705 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6841
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 do_softirq+0xfa/0x1a0 kernel/softirq.c:479
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x184/0x1c0 kernel/softirq.c:406
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:186 [inline]
 batadv_dat_purge+0x2da/0x3c0 net/batman-adv/distributed-arp-table.c:205
 process_one_work kernel/workqueue.c:2653 [inline]
 process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
 rescuer_thread+0x74e/0x10d0 kernel/workqueue.c:2927
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
CPU: 1 PID: 9572 Comm: syz.3.1201 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:unwind_next_frame+0x1622/0x2970 arch/x86/kernel/unwind_orc.c:590
Code: 00 49 89 c6 48 8b 44 24 40 42 80 3c 28 00 48 8b 5c 24 20 74 08 48 89 df e8 7b 0b a4 00 4c 89 33 48 8b 44 24 68 42 80 3c 28 00 <48> 8b 5c 24 60 74 08 48 89 df e8 5f 0b a4 00 48 8b 44 24 08 48 89
RSP: 0018:ffffc900001f0118 EFLAGS: 00000246
RAX: 1ffff9200003e044 RBX: ffffc900001f0230 RCX: ffff88807bef0000
RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffffc90004a77590
RBP: ffffc900001f0238 R08: ffff88807bef0000 R09: 0000000000000003
R10: 0000000000000004 R11: 0000000000000100 R12: ffffc900001f01e8
R13: dffffc0000000000 R14: ffffffff88b52689 R15: ffffffff8f8e4eb0
FS:  00007f0a17ae86c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c330042 CR3: 00000000764da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4b0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11a/0x2d0 mm/slub.c:3519
 __skb_ext_alloc net/core/skbuff.c:6646 [inline]
 skb_ext_add+0x145/0x8e0 net/core/skbuff.c:6749
 nf_bridge_alloc include/net/netfilter/br_netfilter.h:12 [inline]
 br_nf_pre_routing_ipv6+0x131/0x6b0 net/bridge/br_netfilter_ipv6.c:172
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
 __netif_receive_skb_one_core net/core/dev.c:5632 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5748
 process_backlog+0x391/0x6f0 net/core/dev.c:6076
 __napi_poll+0xc0/0x460 net/core/dev.c:6638
 napi_poll net/core/dev.c:6705 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6841
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:skip_atoi+0x0/0xe0 lib/vsprintf.c:164
Code: 41 5d 41 5e 41 5f 5d c3 44 89 e1 80 e1 07 38 c1 0f 8c 82 db ff ff 4c 89 e7 e8 1c 1f 68 f7 e9 75 db ff ff e8 22 eb 0e 00 66 90 <55> 41 57 41 56 41 55 41 54 53 50 48 89 fb 49 bc 00 00 00 00 00 fc
RSP: 0018:ffffc90004a76850 EFLAGS: 00000283
RAX: ffffffff8a76b64a RBX: dffffc0000000000 RCX: 0000000000080000
RDX: ffffc9000d30b000 RSI: 0000000000034c0a RDI: ffffc90004a76890
RBP: 00000000000000fb R08: ffff88807bef0000 R09: 0000000000000005
R10: 0000000000000030 R11: 0000000000000002 R12: 0000000000000035
R13: 1ffffffff1597168 R14: ffffffff8acb8b42 R15: 0000000000000000
 format_decode+0x8c4/0x1400 lib/vsprintf.c:2591
 vsnprintf+0xeb/0x1ba0 lib/vsprintf.c:2775
 sprintf+0xe8/0x140 lib/vsprintf.c:3027
 print_time kernel/printk/printk.c:1327 [inline]
 info_print_prefix+0x16c/0x360 kernel/printk/printk.c:1353
 record_print_text+0x177/0x450 kernel/printk/printk.c:1402
 printk_get_next_message+0x2ab/0x980 kernel/printk/printk.c:2876
 console_emit_next_record kernel/printk/printk.c:2911 [inline]
 console_flush_all+0x3a8/0xd20 kernel/printk/printk.c:3000
 console_unlock+0xad/0x350 kernel/printk/printk.c:3069
 vprintk_emit+0x497/0x610 kernel/printk/printk.c:2341
 _printk+0xde/0x130 kernel/printk/printk.c:2366
 tipc_net_init+0xb2/0x170 net/tipc/net.c:117
 __tipc_nl_net_set+0x3e4/0x610 net/tipc/net.c:265
 tipc_nl_net_set+0x22/0x30 net/tipc/net.c:287
 genl_family_rcv_msg_doit+0x211/0x310 net/netlink/genetlink.c:971
 genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]
 genl_rcv_msg+0x619/0x7a0 net/netlink/genetlink.c:1066
 netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1075
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
 ___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
 __sys_sendmsg net/socket.c:2677 [inline]
 __do_sys_sendmsg net/socket.c:2686 [inline]
 __se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0a16b9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a17ae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0a16e15fa0 RCX: 00007f0a16b9c819
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b
RBP: 00007f0a16c32c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0a16e16038 R14: 00007f0a16e15fa0 R15: 00007ffe353d5eb8
 </TASK>
net_ratelimit: 22975 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 22885 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 22965 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 23181 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 23271 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 23254 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 22989 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 22996 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 22943 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
NMI backtrace for cpu 1
CPU: 1 PID: 9572 Comm: syz.3.1201 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:trace_event_get_offsets_lock_acquire include/trace/events/lock.h:24 [inline]
RIP: 0010:perf_trace_lock_acquire+0xb3/0x410 include/trace/events/lock.h:24
Code: 00 00 00 00 43 c6 44 34 08 04 c7 84 24 80 00 00 00 00 00 00 00 48 89 74 24 38 48 8d 5e 18 48 89 d8 48 c1 e8 03 48 89 44 24 28 <42> 80 3c 30 00 74 08 48 89 df e8 3e 03 78 00 48 89 5c 24 30 48 8b
RSP: 0018:ffffc900001ef3c0 EFLAGS: 00000806
RAX: 1ffffffff1a2976c RBX: ffffffff8d14bb60 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8d14bb48 RDI: ffffffff8cffd240
RBP: ffffc900001ef4c0 R08: 0000000000000002 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff1d16186 R12: 1ffff9200003de80
R13: ffffffff8d14bb48 R14: dffffc0000000000 R15: ffffffff8cffd240
FS:  00007f0a17ae86c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c330042 CR3: 00000000764da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x3ef/0x420 kernel/locking/lockdep.c:5725
 seqcount_lockdep_reader_access+0xd1/0x1d0 include/linux/seqlock.h:102
 ktime_get+0x35/0x280 kernel/time/timekeeping.c:846
 clockevents_program_event+0xe6/0x310 kernel/time/clockevents.c:326
 hrtimer_interrupt+0x5a1/0x9c0 kernel/time/hrtimer.c:1889
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:slab_free_freelist_hook+0x99/0x1a0 mm/slub.c:1850
Code: 31 c9 e8 ea 27 00 00 b0 01 e9 13 01 00 00 49 89 d5 49 89 f7 48 c7 06 00 00 00 00 48 c7 02 00 00 00 00 eb 11 48 8b 04 24 ff 08 <48> 3b 6c 24 10 0f 84 d2 00 00 00 4c 89 f5 8b 43 28 4e 8b 34 30 0f
RSP: 0018:ffffc900001ef940 EFLAGS: 00000246
RAX: ffffc900001ef99c RBX: ffff88801ee56a00 RCX: 97bbff60211ceb00
RDX: dffffc0000000000 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8de0
RBP: ffff888082e0a100 R08: ffffffff911c4507 R09: 1ffffffff22388a0
R10: dffffc0000000000 R11: fffffbfff22388a1 R12: 0000000000000000
R13: ffffc900001ef9a0 R14: 0000000000000000 R15: ffffc900001ef9a8
 slab_free mm/slub.c:3830 [inline]
 kmem_cache_free+0xf8/0x270 mm/slub.c:3852
 skb_ext_del include/linux/skbuff.h:4830 [inline]
 nf_bridge_info_free net/bridge/br_netfilter_hooks.c:152 [inline]
 br_nf_dev_queue_xmit+0x492/0x1b80 net/bridge/br_netfilter_hooks.c:-1
 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
 br_nf_post_routing+0xb41/0xfb0 net/bridge/br_netfilter_hooks.c:977
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 br_forward_finish+0xd3/0x130 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1184 [inline]
 br_nf_forward_finish+0xa51/0xe80 net/bridge/br_netfilter_hooks.c:684
 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
 br_nf_forward_ip+0xcc1/0x1110 net/bridge/br_netfilter_hooks.c:754
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
 __br_forward+0x433/0x610 net/bridge/br_forward.c:115
 br_handle_frame_finish+0x13c5/0x18f0 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:304 [inline]
 br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5528
 __netif_receive_skb_one_core net/core/dev.c:5632 [inline]
 __netif_receive_skb+0x74/0x290 net/core/dev.c:5748
 process_backlog+0x391/0x6f0 net/core/dev.c:6076
 __napi_poll+0xc0/0x460 net/core/dev.c:6638
 napi_poll net/core/dev.c:6705 [inline]
 net_rx_action+0x616/0xc40 net/core/dev.c:6841
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:check_kcov_mode kernel/kcov.c:184 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x30/0x60 kernel/kcov.c:216
Code: 04 24 65 48 8b 0d e0 93 7c 7e 65 8b 15 e1 93 7c 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 00 74 2c <8b> 91 f8 15 00 00 83 fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48
RSP: 0018:ffffc90004a767b8 EFLAGS: 00000246
RAX: ffffffff8a76e150 RBX: 0000000000000032 RCX: ffff88807bef0000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000018
RBP: ffffc90004a768c8 R08: ffffc90004a76857 R09: 0000000000000000
R10: ffffc90004a76840 R11: fffff5200094ed0b R12: ffffc90004a76bac
R13: dffffc0000000000 R14: ffffc90004a76bac R15: 0000000000000000
 number+0xbb0/0xf60 lib/vsprintf.c:563
 vsnprintf+0x14c6/0x1ba0 lib/vsprintf.c:2889
 sprintf+0xe8/0x140 lib/vsprintf.c:3027
 print_time kernel/printk/printk.c:1327 [inline]
 info_print_prefix+0x16c/0x360 kernel/printk/printk.c:1353
 record_print_text+0x177/0x450 kernel/printk/printk.c:1402
 printk_get_next_message+0x2ab/0x980 kernel/printk/printk.c:2876
 console_emit_next_record kernel/printk/printk.c:2911 [inline]
 console_flush_all+0x3a8/0xd20 kernel/printk/printk.c:3000
 console_unlock+0xad/0x350 kernel/printk/printk.c:3069
 vprintk_emit+0x497/0x610 kernel/printk/printk.c:2341
 _printk+0xde/0x130 kernel/printk/printk.c:2366
 tipc_net_init+0xb2/0x170 net/tipc/net.c:117
 __tipc_nl_net_set+0x3e4/0x610 net/tipc/net.c:265
 tipc_nl_net_set+0x22/0x30 net/tipc/net.c:287
 genl_family_rcv_msg_doit+0x211/0x310 net/netlink/genetlink.c:971
 genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]
 genl_rcv_msg+0x619/0x7a0 net/netlink/genetlink.c:1066
 netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1075
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
 ___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
 __sys_sendmsg net/socket.c:2677 [inline]
 __do_sys_sendmsg net/socket.c:2686 [inline]
 __se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f0a16b9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a17ae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0a16e15fa0 RCX: 00007f0a16b9c819
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b
RBP: 00007f0a16c32c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0a16e16038 R14: 00007f0a16e15fa0 R15: 00007ffe353d5eb8
 </TASK>

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/06 18:30 linux-6.6.y 80de0a958133 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2026/03/22 20:57 linux-6.6.y 4fc00fe35d46 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2026/03/04 08:13 linux-6.6.y 7a137e9bfa0e 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2026/02/03 20:45 linux-6.6.y 2cf6f68313dc 6df4c87a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2025/12/14 05:51 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2025/11/19 17:46 linux-6.6.y 0a805b6ea8cd 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2025/08/22 19:57 linux-6.6.y bb9c90ab9c5a bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
2025/07/31 17:15 linux-6.6.y dbcb8d8e4163 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sendmsg
* Struck through repros no longer work on HEAD.