syzkaller
syzkaller login: [ 14.940996][ T28] kauditd_printk_skb: 31 callbacks suppressed
[ 14.941012][ T28] audit: type=1400 audit(1761737163.678:59): avc: denied { transition } for pid=224 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.945310][ T28] audit: type=1400 audit(1761737163.678:60): avc: denied { noatsecure } for pid=224 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.948326][ T28] audit: type=1400 audit(1761737163.678:61): avc: denied { write } for pid=224 comm="sh" path="pipe:[13194]" dev="pipefs" ino=13194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 14.952105][ T28] audit: type=1400 audit(1761737163.678:62): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.955156][ T28] audit: type=1400 audit(1761737163.678:63): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 212.322198][ T269] sshd-session (269) used greatest stack depth: 21408 bytes left
Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts.
2025/10/29 11:29:41 parsed 1 programs
[ 232.702107][ T28] audit: type=1400 audit(1761737381.438:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 232.723218][ T28] audit: type=1400 audit(1761737381.438:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 233.884085][ T28] audit: type=1400 audit(1761737382.618:66): avc: denied { mounton } for pid=290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 233.886215][ T290] cgroup: Unknown subsys name 'net'
[ 233.906912][ T28] audit: type=1400 audit(1761737382.618:67): avc: denied { mount } for pid=290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 233.934467][ T28] audit: type=1400 audit(1761737382.648:68): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 233.954438][ T290] cgroup: Unknown subsys name 'devices'
[ 234.082871][ T290] cgroup: Unknown subsys name 'hugetlb'
[ 234.088597][ T290] cgroup: Unknown subsys name 'rlimit'
[ 234.202723][ T28] audit: type=1400 audit(1761737382.938:69): avc: denied { setattr } for pid=290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 234.225965][ T28] audit: type=1400 audit(1761737382.938:70): avc: denied { create } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 234.246678][ T28] audit: type=1400 audit(1761737382.938:71): avc: denied { write } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 234.258005][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 234.267100][ T28] audit: type=1400 audit(1761737382.938:72): avc: denied { read } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 234.295929][ T28] audit: type=1400 audit(1761737382.938:73): avc: denied { mounton } for pid=290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 234.352182][ T290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 235.066760][ T297] request_module fs-gadgetfs succeeded, but still no fs?
[ 235.304541][ T311] bridge0: port 1(bridge_slave_0) entered blocking state
[ 235.311659][ T311] bridge0: port 1(bridge_slave_0) entered disabled state
[ 235.319163][ T311] device bridge_slave_0 entered promiscuous mode
[ 235.326211][ T311] bridge0: port 2(bridge_slave_1) entered blocking state
[ 235.333419][ T311] bridge0: port 2(bridge_slave_1) entered disabled state
[ 235.340923][ T311] device bridge_slave_1 entered promiscuous mode
[ 235.404411][ T311] bridge0: port 2(bridge_slave_1) entered blocking state
[ 235.411485][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 235.418791][ T311] bridge0: port 1(bridge_slave_0) entered blocking state
[ 235.425879][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 235.452224][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 235.460208][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 235.467438][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 235.480658][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 235.489087][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 235.496161][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 235.505516][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 235.513981][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 235.521093][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 235.535321][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 235.544871][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 235.560643][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 235.575986][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 235.584765][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 235.592689][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 235.602028][ T311] device veth0_vlan entered promiscuous mode
[ 235.613228][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 235.625370][ T311] device veth1_macvtap entered promiscuous mode
[ 235.635357][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 235.645922][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 236.286011][ T43] device bridge_slave_1 left promiscuous mode
[ 236.292334][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 236.300673][ T43] device bridge_slave_0 left promiscuous mode
[ 236.306896][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 236.314957][ T43] device veth1_macvtap left promiscuous mode
[ 236.321036][ T43] device veth0_vlan left promiscuous mode
2025/10/29 11:29:45 executed programs: 0
[ 236.675463][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 236.685056][ T364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 236.692603][ T364] device bridge_slave_0 entered promiscuous mode
[ 236.699559][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 236.706762][ T364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 236.714534][ T364] device bridge_slave_1 entered promiscuous mode
[ 236.769036][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 236.776240][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 236.783586][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 236.790648][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 236.812175][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 236.819925][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 236.827294][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 236.836490][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 236.844784][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 236.851845][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 236.871422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 236.879750][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 236.888033][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 236.895084][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 236.902604][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 236.911022][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 236.922527][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 236.930618][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 236.938031][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 236.946645][ T364] device veth0_vlan entered promiscuous mode
[ 236.957325][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 236.966636][ T364] device veth1_macvtap entered promiscuous mode
[ 236.976435][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 236.986729][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 337.469956][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[ 337.476616][ C0] rcu: 0-...!: (10000 ticks this GP) idle=f094/1/0x4000000000000000 softirq=2907/2907 fqs=39
[ 337.486875][ C0] (t=10002 jiffies g=1437 q=100 ncpus=2)
[ 337.493148][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 9924 jiffies! g1437 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 337.505381][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=893
[ 337.513086][ C0] rcu: rcu_preempt kthread starved for 9927 jiffies! g1437 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[ 337.524272][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 337.534318][ C0] rcu: RCU grace-period kthread stack dump:
[ 337.540201][ C0] task:rcu_preempt state:I stack:28528 pid:14 ppid:2 flags:0x00004000
[ 337.549414][ C0] Call Trace:
[ 337.552696][ C0]
[ 337.555639][ C0] __schedule+0xb87/0x14e0
[ 337.560080][ C0] ? release_firmware_map_entry+0x194/0x194
[ 337.566061][ C0] ? __mod_timer+0x7ae/0xb30
[ 337.570654][ C0] schedule+0xbd/0x170
[ 337.574730][ C0] schedule_timeout+0x12c/0x2e0
[ 337.579587][ C0] ? __cfi_schedule_timeout+0x10/0x10
[ 337.585060][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 337.590519][ C0] ? __cfi_process_timeout+0x10/0x10
[ 337.595807][ C0] ? prepare_to_swait_event+0x308/0x320
[ 337.601369][ C0] rcu_gp_fqs_loop+0x2d8/0x10a0
[ 337.607182][ C0] ? __cfi_rcu_implicit_dynticks_qs+0x10/0x10
[ 337.613259][ C0] ? rcu_gp_init+0xf10/0xf10
[ 337.617971][ C0] rcu_gp_kthread+0x95/0x370
[ 337.622564][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10
[ 337.627765][ C0] ? set_cpus_allowed_ptr+0x82/0xc0
[ 337.632961][ C0] ? __kasan_check_read+0x11/0x20
[ 337.637982][ C0] ? __kthread_parkme+0x142/0x180
[ 337.643008][ C0] kthread+0x281/0x320
[ 337.647095][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10
[ 337.652293][ C0] ? __cfi_kthread+0x10/0x10
[ 337.656886][ C0] ret_from_fork+0x1f/0x30
[ 337.661305][ C0]
[ 337.664319][ C0] rcu: Stack dump where RCU GP kthread last ran:
[ 337.670642][ C0] Sending NMI from CPU 0 to CPUs 1:
[ 337.675873][ C1] NMI backtrace for cpu 1
[ 337.675884][ C1] CPU: 1 PID: 395 Comm: syz.2.24 Not tainted syzkaller #0
[ 337.675901][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 337.675911][ C1] RIP: 0010:kvm_wait+0xf2/0x140
[ 337.675941][ C1] Code: 96 13 04 f4 eb 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 40 38 f0 75 10 66 90 0f 00 2d 20 96 13 04 fb f4 71 ff ff ff fb e9 6b ff ff ff e8 ae c9 b8 03 89 f9 80 e1 07 38
[ 337.675955][ C1] RSP: 0018:ffffc900009c78a0 EFLAGS: 00000246
[ 337.675971][ C1] RAX: 0000000000000003 RBX: ffff88810f480098 RCX: ffffffff84f43dc2
[ 337.675983][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810f480098
[ 337.675996][ C1] RBP: ffffc900009c7930 R08: dffffc0000000000 R09: ffffed1021e90014
[ 337.676009][ C1] R10: ffffed1021e90014 R11: 1ffff11021e90013 R12: 1ffff1103ee20001
[ 337.676022][ C1] R13: ffff8881f7138cd4 R14: dffffc0000000000 R15: 1ffff92000138f14
[ 337.676035][ C1] FS: 0000555579906500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 337.676051][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 337.676063][ C1] CR2: 00007f51bffbcf98 CR3: 000000010fd75000 CR4: 00000000003506a0
[ 337.676078][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 337.676088][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 337.676099][ C1] Call Trace:
[ 337.676104][ C1]
[ 337.676110][ C1] ? __cfi_kvm_wait+0x10/0x10
[ 337.676132][ C1] ? __pv_queued_spin_lock_slowpath+0x632/0xc40
[ 337.676156][ C1] __pv_queued_spin_lock_slowpath+0x690/0xc40
[ 337.676180][ C1] ? __cfi___pv_queued_spin_lock_slowpath+0x10/0x10
[ 337.676202][ C1] ? __stack_depot_save+0x36/0x480
[ 337.676221][ C1] queued_spin_lock_slowpath+0x47/0x50
[ 337.676248][ C1] _raw_spin_lock_bh+0xd8/0xe0
[ 337.676266][ C1] ? __cfi__raw_spin_lock_bh+0x10/0x10
[ 337.676283][ C1] ? do_syscall_64+0x4c/0xa0
[ 337.676303][ C1] lock_sock_nested+0x92/0x280
[ 337.676327][ C1] ? __cfi_lock_sock_nested+0x10/0x10
[ 337.676351][ C1] ? __cfi_locks_remove_file+0x10/0x10
[ 337.676368][ C1] tipc_release+0xb2/0x1650
[ 337.676385][ C1] ? rwsem_write_trylock+0x130/0x300
[ 337.676411][ C1] ? __cfi_tipc_release+0x10/0x10
[ 337.676427][ C1] ? task_work_add+0x2b1/0x330
[ 337.676448][ C1] sock_close+0xf1/0x290
[ 337.676471][ C1] ? __cfi_sock_close+0x10/0x10
[ 337.676494][ C1] __fput+0x1fc/0x8f0
[ 337.676514][ C1] ? _raw_spin_unlock+0x4c/0x70
[ 337.676532][ C1] ____fput+0x15/0x20
[ 337.676550][ C1] task_work_run+0x1db/0x240
[ 337.676570][ C1] ? __cfi_task_work_run+0x10/0x10
[ 337.676590][ C1] ? __cfi___close_range+0x10/0x10
[ 337.676607][ C1] exit_to_user_mode_loop+0x9b/0xb0
[ 337.676627][ C1] exit_to_user_mode_prepare+0x5a/0xa0
[ 337.676645][ C1] syscall_exit_to_user_mode+0x1a/0x30
[ 337.676669][ C1] do_syscall_64+0x58/0xa0
[ 337.676685][ C1] ? clear_bhb_loop+0x30/0x80
[ 337.676707][ C1] ? clear_bhb_loop+0x30/0x80
[ 337.676729][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 337.676757][ C1] RIP: 0033:0x7f51bf18efc9
[ 337.676777][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 337.676790][ C1] RSP: 002b:00007ffc55161a38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 337.676807][ C1] RAX: 0000000000000000 RBX: 00007f51bf3e7da0 RCX: 00007f51bf18efc9
[ 337.676818][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 337.676828][ C1] RBP: 00007f51bf3e7da0 R08: 0000000000000000 R09: 0000000655161d2f
[ 337.676840][ C1] R10: 00007f51bf3e7cb0 R11: 0000000000000246 R12: 000000000003a2a1
[ 337.676851][ C1] R13: 00007f51bf3e6090 R14: ffffffffffffffff R15: 00007ffc55161b50
[ 337.676866][ C1]
[ 337.677867][ C0] CPU: 0 PID: 396 Comm: syz.2.24 Not tainted syzkaller #0
[ 338.064057][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 338.074116][ C0] RIP: 0010:tipc_sk_lookup+0x4fc/0x620
[ 338.079690][ C0] Code: 0f 85 25 01 00 00 41 0f b7 07 49 29 c4 74 62 49 8d 9c 24 80 00 00 00 48 89 df be 04 00 00 00 e8 9a 40 e7 fc 41 be 01 00 00 00 45 0f c1 b4 24 80 00 00 00 31 ff 44 89 f6 e8 b0 d2 a2 fc 45 85
[ 338.099393][ C0] RSP: 0018:ffffc900009e6880 EFLAGS: 00000256
[ 338.105479][ C0] RAX: 0000000000000301 RBX: ffff88810f480080 RCX: ffffffff84cd4f76
[ 338.113445][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88810f480080
[ 338.121414][ C0] RBP: ffffc900009e6970 R08: dffffc0000000000 R09: ffffed1021e90011
[ 338.129394][ C0] R10: ffffed1021e90011 R11: 1ffff11021e90010 R12: ffff88810f480000
[ 338.137566][ C0] R13: 00000000000003f0 R14: 0000000000000001 R15: ffff888122a010de
[ 338.145556][ C0] FS: 00007f51bffde6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 338.154485][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 338.161079][ C0] CR2: 00007f51bffbdd58 CR3: 000000010fd75000 CR4: 00000000003506b0
[ 338.169500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 338.177582][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 338.185552][ C0] Call Trace:
[ 338.188827][ C0]
[ 338.191760][ C0] ? tipc_sk_rcv+0x2cc0/0x2cc0
[ 338.198242][ C0] tipc_sk_rcv+0x419/0x2cc0
[ 338.203034][ C0] ? __stack_depot_save+0x445/0x480
[ 338.208321][ C0] ? kasan_set_track+0x60/0x70
[ 338.213113][ C0] ? kasan_set_track+0x4b/0x70
[ 338.217962][ C0] ? kasan_save_free_info+0x31/0x50
[ 338.223177][ C0] ? ____kasan_slab_free+0x132/0x180
[ 338.228477][ C0] ? __kasan_slab_free+0x11/0x20
[ 338.233419][ C0] ? slab_free_freelist_hook+0xc2/0x190
[ 338.238971][ C0] ? kmem_cache_free+0x12d/0x300
[ 338.243911][ C0] ? kfree_skbmem+0x10c/0x180
[ 338.248640][ C0] ? kfree_skb_reason+0xdc/0x230
[ 338.253612][ C0] ? tipc_msg_reverse+0x6db/0x940
[ 338.258662][ C0] ? tipc_node_xmit+0x257/0xd00
[ 338.263530][ C0] ? tipc_release+0xd32/0x1650
[ 338.268297][ C0] ? syscall_exit_to_user_mode+0x1a/0x30
[ 338.273932][ C0] ? do_syscall_64+0x58/0xa0
[ 338.278541][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 338.284624][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 338.289582][ C0] tipc_node_xmit+0x257/0xd00
[ 338.294259][ C0] ? ____kasan_slab_free+0x13d/0x180
[ 338.299543][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 338.304827][ C0] ? slab_free_freelist_hook+0xc2/0x190
[ 338.310465][ C0] ? kfree_skbmem+0x10c/0x180
[ 338.315249][ C0] ? kmem_cache_free+0x12d/0x300
[ 338.320201][ C0] tipc_node_xmit_skb+0xe9/0x130
[ 338.325150][ C0] ? kfree_skb_reason+0xdc/0x230
[ 338.330091][ C0] ? __cfi_tipc_node_xmit_skb+0x10/0x10
[ 338.335648][ C0] ? trace_tipc_sk_rej_msg+0x25/0x150
[ 338.341030][ C0] tipc_sk_rcv+0x1def/0x2cc0
[ 338.345641][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 338.351724][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 338.358325][ C0] ? __kernel_text_address+0xd/0x30
[ 338.365815][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 338.373294][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 338.378341][ C0] tipc_node_xmit+0x257/0xd00
[ 338.383032][ C0] ? is_bpf_text_address+0x177/0x190
[ 338.388409][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 338.393786][ C0] ? kernel_text_address+0xa0/0xd0
[ 338.398917][ C0] ? __kernel_text_address+0xd/0x30
[ 338.404310][ C0] ? unwind_get_return_address+0x4d/0x90
[ 338.410132][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 338.417599][ C0] ? arch_stack_walk+0xfc/0x150
[ 338.423100][ C0] tipc_sk_filter_rcv+0x155f/0x2c80
[ 338.428327][ C0] ? tipc_sk_publish+0x440/0x440
[ 338.433371][ C0] ? __kasan_check_write+0x14/0x20
[ 338.438693][ C0] ? _raw_spin_lock_bh+0x8e/0xe0
[ 338.443661][ C0] tipc_sk_rcv+0x7d9/0x2cc0
[ 338.448194][ C0] ? tipc_msg_reverse+0x6db/0x940
[ 338.453224][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 338.458164][ C0] ? tipc_sk_filter_rcv+0x2a1c/0x2c80
[ 338.463622][ C0] tipc_node_xmit+0x257/0xd00
[ 338.468302][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 338.473504][ C0] ? kasan_quarantine_put+0x34/0x190
[ 338.478788][ C0] tipc_node_distr_xmit+0x292/0x390
[ 338.483989][ C0] ? __cfi_tipc_node_distr_xmit+0x10/0x10
[ 338.489715][ C0] ? kfree_skbmem+0x10c/0x180
[ 338.494387][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0
[ 338.499493][ C0] ? __cfi_tipc_sk_backlog_rcv+0x10/0x10
[ 338.505211][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 338.510683][ C0] __release_sock+0x154/0x380
[ 338.515375][ C0] release_sock+0x60/0x1c0
[ 338.519792][ C0] tipc_release+0xd32/0x1650
[ 338.524382][ C0] ? __cfi_tipc_release+0x10/0x10
[ 338.529417][ C0] sock_close+0xf1/0x290
[ 338.533675][ C0] ? __cfi_sock_close+0x10/0x10
[ 338.538739][ C0] __fput+0x1fc/0x8f0
[ 338.542742][ C0] ____fput+0x15/0x20
[ 338.548315][ C0] task_work_run+0x1db/0x240
[ 338.553006][ C0] ? __cfi_task_work_run+0x10/0x10
[ 338.558135][ C0] ? __kasan_check_write+0x14/0x20
[ 338.563259][ C0] exit_to_user_mode_loop+0x9b/0xb0
[ 338.568462][ C0] exit_to_user_mode_prepare+0x5a/0xa0
[ 338.574025][ C0] syscall_exit_to_user_mode+0x1a/0x30
[ 338.579495][ C0] do_syscall_64+0x58/0xa0
[ 338.583914][ C0] ? clear_bhb_loop+0x30/0x80
[ 338.588623][ C0] ? clear_bhb_loop+0x30/0x80
[ 338.593306][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 338.599316][ C0] RIP: 0033:0x7f51bf18efc9
[ 338.603730][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 338.623946][ C0] RSP: 002b:00007f51bffde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 338.632659][ C0] RAX: 00000000000203a0 RBX: 00007f51bf3e5fa0 RCX: 00007f51bf18efc9
[ 338.640747][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 338.649077][ C0] RBP: 00007f51bf211f91 R08: 0000000000000000 R09: 0000000000000000
[ 338.657144][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 338.665116][ C0] R13: 00007f51bf3e6038 R14: 00007f51bf3e5fa0 R15: 00007ffc551618d8
[ 338.673098][ C0]
[ 485.275756][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 245s! [syz.2.24:396]
[ 485.283917][ C0] Modules linked in:
[ 485.287842][ C0] CPU: 0 PID: 396 Comm: syz.2.24 Not tainted syzkaller #0
[ 485.295014][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 485.305064][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x30/0x60
[ 485.311331][ C0] Code: 45 08 65 48 8b 0d 90 4f 92 7e 65 8b 15 91 4f 92 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 6c 0b 00 00 00 74 2c <8b> 91 48 0b 00 00 83 fa 02 75 21 48 8b 91 50 0b 00 00 48 8b 32 48
[ 485.331018][ C0] RSP: 0018:ffffc900009e6870 EFLAGS: 00000246
[ 485.337151][ C0] RAX: ffffffff84cd4c8e RBX: 000000000f2bb43c RCX: ffff8881156da880
[ 485.345128][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 485.353098][ C0] RBP: ffffc900009e6870 R08: 0000000000000004 R09: 0000000000000003
[ 485.361066][ C0] R10: fffff5200013cd20 R11: 1ffff9200013cd20 R12: dffffc0000000000
[ 485.369050][ C0] R13: ffff888122a010de R14: 000000000000006a R15: 0000000000000000
[ 485.377117][ C0] FS: 00007f51bffde6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 485.386226][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 485.393818][ C0] CR2: 00007f51bffbdd58 CR3: 000000010fd75000 CR4: 00000000003506b0
[ 485.401893][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 485.409963][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 485.418386][ C0] Call Trace:
[ 485.421724][ C0]
[ 485.424679][ C0] tipc_sk_lookup+0x20e/0x620
[ 485.429449][ C0] ? _raw_spin_lock_bh+0x8e/0xe0
[ 485.434416][ C0] ? tipc_sk_rcv+0x2cc0/0x2cc0
[ 485.439185][ C0] tipc_sk_rcv+0x419/0x2cc0
[ 485.443693][ C0] ? __stack_depot_save+0x445/0x480
[ 485.448941][ C0] ? kasan_set_track+0x60/0x70
[ 485.453765][ C0] ? kasan_set_track+0x4b/0x70
[ 485.458665][ C0] ? kasan_save_free_info+0x31/0x50
[ 485.463882][ C0] ? ____kasan_slab_free+0x132/0x180
[ 485.469346][ C0] ? __kasan_slab_free+0x11/0x20
[ 485.474307][ C0] ? slab_free_freelist_hook+0xc2/0x190
[ 485.479994][ C0] ? kmem_cache_free+0x12d/0x300
[ 485.484952][ C0] ? kfree_skbmem+0x10c/0x180
[ 485.489696][ C0] ? kfree_skb_reason+0xdc/0x230
[ 485.494653][ C0] ? tipc_msg_reverse+0x6db/0x940
[ 485.499704][ C0] ? tipc_node_xmit+0x257/0xd00
[ 485.504669][ C0] ? tipc_release+0xd32/0x1650
[ 485.509430][ C0] ? syscall_exit_to_user_mode+0x1a/0x30
[ 485.515162][ C0] ? do_syscall_64+0x58/0xa0
[ 485.519753][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.525859][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 485.530813][ C0] tipc_node_xmit+0x257/0xd00
[ 485.535492][ C0] ? ____kasan_slab_free+0x13d/0x180
[ 485.540889][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 485.546108][ C0] ? slab_free_freelist_hook+0xc2/0x190
[ 485.551680][ C0] ? kfree_skbmem+0x10c/0x180
[ 485.556361][ C0] ? kmem_cache_free+0x12d/0x300
[ 485.561304][ C0] tipc_node_xmit_skb+0xe9/0x130
[ 485.566333][ C0] ? kfree_skb_reason+0xdc/0x230
[ 485.571356][ C0] ? __cfi_tipc_node_xmit_skb+0x10/0x10
[ 485.576917][ C0] ? trace_tipc_sk_rej_msg+0x25/0x150
[ 485.582311][ C0] tipc_sk_rcv+0x1def/0x2cc0
[ 485.587010][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.593093][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.599161][ C0] ? __kernel_text_address+0xd/0x30
[ 485.604476][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.610546][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 485.615494][ C0] tipc_node_xmit+0x257/0xd00
[ 485.620179][ C0] ? is_bpf_text_address+0x177/0x190
[ 485.625582][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 485.630786][ C0] ? kernel_text_address+0xa0/0xd0
[ 485.636025][ C0] ? __kernel_text_address+0xd/0x30
[ 485.641265][ C0] ? unwind_get_return_address+0x4d/0x90
[ 485.646906][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 485.653235][ C0] ? arch_stack_walk+0xfc/0x150
[ 485.658092][ C0] tipc_sk_filter_rcv+0x155f/0x2c80
[ 485.663307][ C0] ? tipc_sk_publish+0x440/0x440
[ 485.668264][ C0] ? __kasan_check_write+0x14/0x20
[ 485.673477][ C0] ? _raw_spin_lock_bh+0x8e/0xe0
[ 485.678425][ C0] tipc_sk_rcv+0x7d9/0x2cc0
[ 485.682943][ C0] ? tipc_msg_reverse+0x6db/0x940
[ 485.687980][ C0] ? __cfi_tipc_sk_rcv+0x10/0x10
[ 485.692928][ C0] ? tipc_sk_filter_rcv+0x2a1c/0x2c80
[ 485.698310][ C0] tipc_node_xmit+0x257/0xd00
[ 485.703004][ C0] ? __cfi_tipc_node_xmit+0x10/0x10
[ 485.708291][ C0] ? kasan_quarantine_put+0x34/0x190
[ 485.713604][ C0] tipc_node_distr_xmit+0x292/0x390
[ 485.718895][ C0] ? __cfi_tipc_node_distr_xmit+0x10/0x10
[ 485.724614][ C0] ? kfree_skbmem+0x10c/0x180
[ 485.729395][ C0] tipc_sk_backlog_rcv+0x16f/0x1f0
[ 485.734522][ C0] ? __cfi_tipc_sk_backlog_rcv+0x10/0x10
[ 485.740183][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 485.745662][ C0] __release_sock+0x154/0x380
[ 485.750515][ C0] release_sock+0x60/0x1c0
[ 485.754999][ C0] tipc_release+0xd32/0x1650
[ 485.759649][ C0] ? __cfi_tipc_release+0x10/0x10
[ 485.764850][ C0] sock_close+0xf1/0x290
[ 485.769177][ C0] ? __cfi_sock_close+0x10/0x10
[ 485.774030][ C0] __fput+0x1fc/0x8f0
[ 485.778076][ C0] ____fput+0x15/0x20
[ 485.782057][ C0] task_work_run+0x1db/0x240
[ 485.788060][ C0] ? __cfi_task_work_run+0x10/0x10
[ 485.793292][ C0] ? __kasan_check_write+0x14/0x20
[ 485.798416][ C0] exit_to_user_mode_loop+0x9b/0xb0
[ 485.803679][ C0] exit_to_user_mode_prepare+0x5a/0xa0
[ 485.809254][ C0] syscall_exit_to_user_mode+0x1a/0x30
[ 485.814726][ C0] do_syscall_64+0x58/0xa0
[ 485.819292][ C0] ? clear_bhb_loop+0x30/0x80
[ 485.824069][ C0] ? clear_bhb_loop+0x30/0x80
[ 485.828763][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.835191][ C0] RIP: 0033:0x7f51bf18efc9
[ 485.839790][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 485.859933][ C0] RSP: 002b:00007f51bffde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 485.868556][ C0] RAX: 00000000000203a0 RBX: 00007f51bf3e5fa0 RCX: 00007f51bf18efc9
[ 485.876534][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 485.884516][ C0] RBP: 00007f51bf211f91 R08: 0000000000000000 R09: 0000000000000000
[ 485.892589][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 485.900576][ C0] R13: 00007f51bf3e6038 R14: 00007f51bf3e5fa0 R15: 00007ffc551618d8
[ 485.908752][ C0]
[ 485.911792][ C0] Sending NMI from CPU 0 to CPUs 1:
[ 485.917029][ C1] NMI backtrace for cpu 1
[ 485.917040][ C1] CPU: 1 PID: 395 Comm: syz.2.24 Not tainted syzkaller #0
[ 485.917057][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 485.917067][ C1] RIP: 0010:kvm_wait+0xf2/0x140
[ 485.917094][ C1] Code: 96 13 04 f4 eb 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 40 38 f0 75 10 66 90 0f 00 2d 20 96 13 04 fb f4 71 ff ff ff fb e9 6b ff ff ff e8 ae c9 b8 03 89 f9 80 e1 07 38
[ 485.917109][ C1] RSP: 0018:ffffc900009c78a0 EFLAGS: 00000246
[ 485.917124][ C1] RAX: 0000000000000003 RBX: ffff88810f480098 RCX: ffffffff84f43dc2
[ 485.917137][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810f480098
[ 485.917149][ C1] RBP: ffffc900009c7930 R08: dffffc0000000000 R09: ffffed1021e90014
[ 485.917162][ C1] R10: ffffed1021e90014 R11: 1ffff11021e90013 R12: 1ffff1103ee20001
[ 485.917175][ C1] R13: ffff8881f7138cd4 R14: dffffc0000000000 R15: 1ffff92000138f14
[ 485.917187][ C1] FS: 0000555579906500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 485.917203][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 485.917215][ C1] CR2: 00007f51bffbcf98 CR3: 000000010fd75000 CR4: 00000000003506a0
[ 485.917231][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 485.917246][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 485.917257][ C1] Call Trace:
[ 485.917262][ C1]
[ 485.917269][ C1] ? __cfi_kvm_wait+0x10/0x10
[ 485.917291][ C1] ? __pv_queued_spin_lock_slowpath+0x632/0xc40
[ 485.917314][ C1] __pv_queued_spin_lock_slowpath+0x690/0xc40
[ 485.917338][ C1] ? __cfi___pv_queued_spin_lock_slowpath+0x10/0x10
[ 485.917359][ C1] ? __stack_depot_save+0x36/0x480
[ 485.917378][ C1] queued_spin_lock_slowpath+0x47/0x50
[ 485.917405][ C1] _raw_spin_lock_bh+0xd8/0xe0
[ 485.917422][ C1] ? __cfi__raw_spin_lock_bh+0x10/0x10
[ 485.917439][ C1] ? do_syscall_64+0x4c/0xa0
[ 485.917458][ C1] lock_sock_nested+0x92/0x280
[ 485.917482][ C1] ? __cfi_lock_sock_nested+0x10/0x10
[ 485.917506][ C1] ? __cfi_locks_remove_file+0x10/0x10
[ 485.917583][ C1] tipc_release+0xb2/0x1650
[ 485.917601][ C1] ? rwsem_write_trylock+0x130/0x300
[ 485.917626][ C1] ? __cfi_tipc_release+0x10/0x10
[ 485.917643][ C1] ? task_work_add+0x2b1/0x330
[ 485.917664][ C1] sock_close+0xf1/0x290
[ 485.917686][ C1] ? __cfi_sock_close+0x10/0x10
[ 485.917710][ C1] __fput+0x1fc/0x8f0
[ 485.917730][ C1] ? _raw_spin_unlock+0x4c/0x70
[ 485.917748][ C1] ____fput+0x15/0x20
[ 485.917766][ C1] task_work_run+0x1db/0x240
[ 485.917786][ C1] ? __cfi_task_work_run+0x10/0x10
[ 485.917806][ C1] ? __cfi___close_range+0x10/0x10
[ 485.917844][ C1] exit_to_user_mode_loop+0x9b/0xb0
[ 485.917863][ C1] exit_to_user_mode_prepare+0x5a/0xa0
[ 485.917881][ C1] syscall_exit_to_user_mode+0x1a/0x30
[ 485.917905][ C1] do_syscall_64+0x58/0xa0
[ 485.917921][ C1] ? clear_bhb_loop+0x30/0x80
[ 485.917943][ C1] ? clear_bhb_loop+0x30/0x80
[ 485.917973][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 485.917994][ C1] RIP: 0033:0x7f51bf18efc9
[ 485.918008][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 485.918021][ C1] RSP: 002b:00007ffc55161a38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 485.918038][ C1] RAX: 0000000000000000 RBX: 00007f51bf3e7da0 RCX: 00007f51bf18efc9
[ 485.918050][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 485.918060][ C1] RBP: 00007f51bf3e7da0 R08: 0000000000000000 R09: 0000000655161d2f
[ 485.918071][ C1] R10: 00007f51bf3e7cb0 R11: 0000000000000246 R12: 000000000003a2a1
[ 485.918082][ C1] R13: 00007f51bf3e6090 R14: ffffffffffffffff R15: 00007ffc55161b50
[ 485.918098][ C1]