Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts. 2026/03/21 14:40:47 parsed 1 programs [ 41.134361][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 41.134372][ T24] audit: type=1400 audit(1774104047.620:104): avc: denied { unlink } for pid=403 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 41.212512][ T403] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.702541][ T24] audit: type=1401 audit(1774104048.190:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 42.005789][ T444] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.013445][ T444] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.021137][ T444] device bridge_slave_0 entered promiscuous mode [ 42.028405][ T444] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.035438][ T444] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.043294][ T444] device bridge_slave_1 entered promiscuous mode [ 42.073639][ T444] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.080865][ T444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.088408][ T444] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.095514][ T444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.111919][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.119630][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.126882][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.137049][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.145383][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.152455][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.161186][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.169526][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.176671][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.193557][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.201942][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.214634][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.225555][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.233877][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.241446][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.250117][ T444] device veth0_vlan entered promiscuous mode [ 42.259825][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.268837][ T444] device veth1_macvtap entered promiscuous mode [ 42.277860][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.287500][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.398016][ T24] audit: type=1400 audit(1774104048.890:106): avc: denied { create } for pid=459 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 2026/03/21 14:40:49 executed programs: 0 [ 42.530128][ T24] audit: type=1400 audit(1774104049.020:107): avc: denied { write } for pid=397 comm="syz-execprog" path="pipe:[14871]" dev="pipefs" ino=14871 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 42.570554][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.577786][ T464] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.585048][ T464] device bridge_slave_0 entered promiscuous mode [ 42.591881][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.599258][ T464] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.606542][ T464] device bridge_slave_1 entered promiscuous mode [ 42.643263][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.650364][ T464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.657756][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.664862][ T464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.687051][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.694647][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.702528][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.711285][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.719499][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.726607][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.739586][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.747820][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.754985][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.766279][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.775234][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.788852][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.797352][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.814571][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.823566][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.839154][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.847438][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.855642][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.863278][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.871580][ T464] device veth0_vlan entered promiscuous mode [ 42.886778][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.895123][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.904581][ T464] device veth1_macvtap entered promiscuous mode [ 42.913830][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.922099][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.930557][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.946329][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.954642][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.982250][ T24] audit: type=1400 audit(1774104049.470:108): avc: denied { create } for pid=469 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 43.003041][ T24] audit: type=1400 audit(1774104049.490:109): avc: denied { write } for pid=469 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 43.053545][ T24] audit: type=1400 audit(1774104049.540:110): avc: denied { setopt } for pid=469 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 143.136874][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 143.143642][ C1] rcu: 1-...!: (10001 ticks this GP) idle=c56/1/0x4000000000000000 softirq=2795/2796 fqs=38 last_accelerate: 9b5c/c26d dyntick_enabled: 1 [ 143.157783][ C1] (t=10000 jiffies g=1489 q=52) [ 143.162968][ C1] rcu: rcu_preempt kthread starved for 9924 jiffies! g1489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 143.175036][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 143.185035][ C1] rcu: RCU grace-period kthread stack dump: [ 143.191085][ C1] task:rcu_preempt state:I stack: 0 pid: 13 ppid: 2 flags:0x00004000 [ 143.200263][ C1] Call Trace: [ 143.203699][ C1] __schedule+0xb53/0x1320 [ 143.208151][ C1] ? __sched_text_start+0x8/0x8 [ 143.213016][ C1] ? __mod_timer+0x7da/0xb50 [ 143.217727][ C1] schedule+0x13c/0x1d0 [ 143.222065][ C1] schedule_timeout+0x159/0x330 [ 143.226943][ C1] ? console_conditional_schedule+0x10/0x10 [ 143.233462][ C1] ? run_local_timers+0x160/0x160 [ 143.238475][ C1] ? prepare_to_swait_event+0x320/0x340 [ 143.244158][ C1] rcu_gp_kthread+0x1045/0x2730 [ 143.248993][ C1] ? dyntick_save_progress_counter+0x1b0/0x1b0 [ 143.255142][ C1] ? rcu_barrier_callback+0x50/0x50 [ 143.260498][ C1] ? __kasan_check_read+0x11/0x20 [ 143.265675][ C1] ? __kthread_parkme+0xb9/0x1c0 [ 143.270615][ C1] kthread+0x346/0x3d0 [ 143.274663][ C1] ? rcu_barrier_callback+0x50/0x50 [ 143.279836][ C1] ? kthread_blkcg+0xd0/0xd0 [ 143.284425][ C1] ret_from_fork+0x1f/0x30 [ 143.288859][ C1] NMI backtrace for cpu 1 [ 143.293272][ C1] CPU: 1 PID: 480 Comm: syz.2.17 Not tainted syzkaller #0 [ 143.300440][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.310471][ C1] Call Trace: [ 143.313747][ C1] [ 143.316610][ C1] __dump_stack+0x21/0x24 [ 143.320919][ C1] dump_stack_lvl+0x1a7/0x208 [ 143.325669][ C1] ? show_regs_print_info+0x18/0x18 [ 143.330846][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 143.336277][ C1] ? _raw_spin_lock+0xf0/0xf0 [ 143.341045][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 143.347095][ C1] dump_stack+0x15/0x1c [ 143.351245][ C1] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 143.357478][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 143.363351][ C1] rcu_dump_cpu_stacks+0x19c/0x2c0 [ 143.368624][ C1] rcu_sched_clock_irq+0xf88/0x1880 [ 143.373893][ C1] ? rcutree_dead_cpu+0x310/0x310 [ 143.378897][ C1] ? hrtimer_run_queues+0x166/0x430 [ 143.384105][ C1] update_process_times+0x198/0x200 [ 143.389386][ C1] tick_sched_timer+0x17c/0x240 [ 143.394216][ C1] ? tick_setup_sched_timer+0x450/0x450 [ 143.399760][ C1] __hrtimer_run_queues+0x34f/0x820 [ 143.404937][ C1] ? hrtimer_interrupt+0xdc0/0xdc0 [ 143.410138][ C1] ? ktime_get_update_offsets_now+0x293/0x2b0 [ 143.416180][ C1] hrtimer_interrupt+0x3a6/0xdc0 [ 143.421095][ C1] ? sched_clock_cpu+0x1b/0x3d0 [ 143.425951][ C1] ? do_sync_core+0x22/0x30 [ 143.430574][ C1] __sysvec_apic_timer_interrupt+0xfa/0x3f0 [ 143.436653][ C1] asm_call_irq_on_stack+0xf/0x20 [ 143.441676][ C1] [ 143.444616][ C1] sysvec_apic_timer_interrupt+0x85/0xe0 [ 143.450422][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 143.456487][ C1] RIP: 0010:__rcu_read_unlock+0x34/0xa0 [ 143.462027][ C1] Code: be 00 00 00 00 00 fc ff df 65 48 8b 3d 85 ce af 7e 48 8d 9f 08 04 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 2e ff 0b <75> 1c 48 8d 9f 0c 04 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 30 84 [ 143.482038][ C1] RSP: 0018:ffffc900023b6978 EFLAGS: 00000246 [ 143.488300][ C1] RAX: 0000000000000000 RBX: ffff888117f9e6c8 RCX: ffff888117f9e2c0 [ 143.496264][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888117f9e2c0 [ 143.504232][ C1] RBP: ffffc900023b6990 R08: ffff888115518f83 R09: 1ffff11022aa31f0 [ 143.512190][ C1] R10: dffffc0000000000 R11: ffffed1022aa31f1 R12: dffffc0000000000 [ 143.520155][ C1] R13: ffff888115518f00 R14: dffffc0000000000 R15: fffffffffffffc18 [ 143.528553][ C1] tipc_sk_lookup+0x544/0x5f0 [ 143.533210][ C1] ? tipc_sk_rcv+0x1dc0/0x1dc0 [ 143.537974][ C1] ? tipc_sk_rcv+0x18fe/0x1dc0 [ 143.542834][ C1] tipc_sk_rcv+0x350/0x1dc0 [ 143.547436][ C1] ? __stack_depot_save+0x47d/0x4c0 [ 143.552638][ C1] ? kasan_set_track+0x5b/0x70 [ 143.557401][ C1] ? kasan_set_track+0x4a/0x70 [ 143.562235][ C1] ? ____kasan_slab_free+0x125/0x160 [ 143.567502][ C1] ? __kasan_slab_free+0x11/0x20 [ 143.572436][ C1] ? slab_free_freelist_hook+0xc5/0x190 [ 143.577961][ C1] ? kmem_cache_free+0x100/0x2d0 [ 143.582884][ C1] ? kfree_skbmem+0x10c/0x180 [ 143.587629][ C1] ? kfree_skb+0xc1/0x2f0 [ 143.592132][ C1] ? tipc_msg_reverse+0x698/0x900 [ 143.597146][ C1] ? tipc_node_xmit+0x26c/0xd80 [ 143.602152][ C1] ? tipc_sk_filter_rcv+0x15e5/0x3910 [ 143.607591][ C1] ? tipc_sk_rcv+0x742/0x1dc0 [ 143.612329][ C1] ? tipc_node_xmit+0x26c/0xd80 [ 143.617283][ C1] ? exit_to_user_mode_prepare+0x76/0xa0 [ 143.622929][ C1] ? syscall_exit_to_user_mode+0x1d/0x40 [ 143.628628][ C1] ? do_syscall_64+0x3d/0x40 [ 143.633375][ C1] ? __skb_queue_purge+0x170/0x170 [ 143.638487][ C1] tipc_node_xmit+0x26c/0xd80 [ 143.643158][ C1] ? kmem_cache_free+0x100/0x2d0 [ 143.648097][ C1] ? ____kasan_slab_free+0x130/0x160 [ 143.653367][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 143.659107][ C1] ? slab_free_freelist_hook+0xc5/0x190 [ 143.664660][ C1] ? kfree_skbmem+0x10c/0x180 [ 143.669433][ C1] ? kmem_cache_free+0x100/0x2d0 [ 143.674366][ C1] tipc_node_xmit_skb+0xf7/0x150 [ 143.679287][ C1] ? kfree_skb+0xc1/0x2f0 [ 143.683613][ C1] ? __skb_queue_purge+0x170/0x170 [ 143.688885][ C1] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 143.694601][ C1] tipc_sk_rcv+0x1c46/0x1dc0 [ 143.699284][ C1] ? __skb_queue_purge+0x170/0x170 [ 143.704390][ C1] tipc_node_xmit+0x26c/0xd80 [ 143.709080][ C1] ? is_bpf_text_address+0x177/0x190 [ 143.714366][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 143.719894][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 143.725335][ C1] ? _raw_spin_lock+0xf0/0xf0 [ 143.730005][ C1] tipc_sk_filter_rcv+0x15e5/0x3910 [ 143.735213][ C1] ? tipc_sk_dump+0xfc0/0xfc0 [ 143.739879][ C1] ? __kasan_check_write+0x14/0x20 [ 143.745096][ C1] ? _raw_spin_lock_bh+0x94/0xf0 [ 143.750028][ C1] tipc_sk_rcv+0x742/0x1dc0 [ 143.754530][ C1] ? kfree_skbmem+0x10c/0x180 [ 143.759342][ C1] ? __skb_queue_purge+0x170/0x170 [ 143.764437][ C1] ? tipc_sk_filter_rcv+0x30d7/0x3910 [ 143.769899][ C1] ? ____fput+0x15/0x20 [ 143.774121][ C1] ? task_work_run+0x127/0x190 [ 143.778873][ C1] tipc_node_xmit+0x26c/0xd80 [ 143.783682][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 143.789313][ C1] tipc_node_distr_xmit+0x2a3/0x3b0 [ 143.794514][ C1] ? tipc_node_xmit_skb+0x150/0x150 [ 143.799721][ C1] tipc_sk_backlog_rcv+0x17d/0x210 [ 143.804814][ C1] ? tipc_sk_timeout+0x990/0x990 [ 143.809734][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 143.815174][ C1] __release_sock+0x146/0x360 [ 143.819842][ C1] ? _raw_write_lock_irq+0xf0/0xf0 [ 143.825198][ C1] release_sock+0x60/0x1b0 [ 143.829591][ C1] tipc_release+0xbd4/0x1490 [ 143.834184][ C1] ? down_read_killable+0xe0/0xe0 [ 143.839189][ C1] sock_close+0xe0/0x270 [ 143.843522][ C1] ? sock_mmap+0xa0/0xa0 [ 143.847746][ C1] __fput+0x2fb/0x770 [ 143.851709][ C1] ____fput+0x15/0x20 [ 143.855668][ C1] task_work_run+0x127/0x190 [ 143.860237][ C1] exit_to_user_mode_loop+0xcb/0xe0 [ 143.865607][ C1] exit_to_user_mode_prepare+0x76/0xa0 [ 143.871129][ C1] syscall_exit_to_user_mode+0x1d/0x40 [ 143.876658][ C1] do_syscall_64+0x3d/0x40 [ 143.881168][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 143.887139][ C1] RIP: 0033:0x7fb9ff26a3b9 [ 143.891550][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.911677][ C1] RSP: 002b:00007fb9fecd9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.920085][ C1] RAX: 00000000000203a0 RBX: 00007fb9ff46ffa0 RCX: 00007fb9ff26a3b9 [ 143.928129][ C1] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 143.936113][ C1] RBP: 00007fb9ff2f5974 R08: 0000000000000000 R09: 0000000000000000 [ 143.944111][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.952167][ C1] R13: 0000000000000000 R14: 00007fb9ff46ffa0 R15: 00007ffce9789f18 [ 176.928535][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz.2.17:479] [ 176.936721][ C0] Modules linked in: [ 176.940710][ C0] CPU: 0 PID: 479 Comm: syz.2.17 Not tainted syzkaller #0 [ 176.947949][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 176.958024][ C0] RIP: 0010:kvm_wait+0xce/0x130 [ 176.962874][ C0] Code: 38 f0 75 26 41 f7 c4 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d 33 1e b8 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d 24 1e b8 03 fb f4 <4c> 89 64 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 4b c7 04 [ 176.982655][ C0] RSP: 0018:ffffc900023a79a0 EFLAGS: 00000246 [ 176.988894][ C0] RAX: 0000000000000003 RBX: ffff888115518f88 RCX: ffffffff814bebea [ 176.996957][ C0] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888115518f88 [ 177.005063][ C0] RBP: ffffc900023a7a50 R08: ffff888115518f88 R09: 1ffff11022aa31f1 [ 177.013052][ C0] R10: dffffc0000000000 R11: ffffed1022aa31f2 R12: 0000000000000246 [ 177.021019][ C0] R13: 1ffff11022aa31f1 R14: dffffc0000000000 R15: 1ffff92000474f38 [ 177.028988][ C0] FS: 0000555591148500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 177.037918][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.044496][ C0] CR2: 00007fb9ff2b7b00 CR3: 0000000117faa000 CR4: 00000000003506b0 [ 177.052561][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 177.060528][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 177.068502][ C0] Call Trace: [ 177.071801][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 177.078037][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 177.083148][ C0] ? __pv_queued_spin_lock_slowpath+0x6ba/0xb70 [ 177.089400][ C0] __pv_queued_spin_lock_slowpath+0x714/0xb70 [ 177.095463][ C0] ? __pv_queued_spin_unlock_slowpath+0x280/0x280 [ 177.101960][ C0] ? kasan_save_stack+0x49/0x60 [ 177.107241][ C0] ? __kasan_record_aux_stack+0xd2/0x100 [ 177.112865][ C0] ? kasan_record_aux_stack+0xe/0x10 [ 177.118143][ C0] ? task_work_add+0x27/0x1e0 [ 177.122818][ C0] ? fput+0x1a/0x20 [ 177.126618][ C0] ? filp_close+0x105/0x150 [ 177.131119][ C0] ? __close_range+0x1f4/0x450 [ 177.135883][ C0] ? __x64_sys_close_range+0x7a/0x90 [ 177.141166][ C0] queued_spin_lock_slowpath+0x47/0x50 [ 177.146618][ C0] _raw_spin_lock_bh+0xe4/0xf0 [ 177.151486][ C0] ? _raw_spin_lock_irq+0xf0/0xf0 [ 177.156509][ C0] lock_sock_nested+0x90/0x2a0 [ 177.161467][ C0] ? sock_init_data+0xc0/0xc0 [ 177.166323][ C0] ? fsnotify+0x19ab/0x1a70 [ 177.170929][ C0] tipc_release+0x56/0x1490 [ 177.175516][ C0] ? down_read_killable+0xe0/0xe0 [ 177.180720][ C0] sock_close+0xe0/0x270 [ 177.184966][ C0] ? sock_mmap+0xa0/0xa0 [ 177.189267][ C0] __fput+0x2fb/0x770 [ 177.193248][ C0] ____fput+0x15/0x20 [ 177.197322][ C0] task_work_run+0x127/0x190 [ 177.201908][ C0] exit_to_user_mode_loop+0xcb/0xe0 [ 177.207100][ C0] exit_to_user_mode_prepare+0x76/0xa0 [ 177.212573][ C0] syscall_exit_to_user_mode+0x1d/0x40 [ 177.218088][ C0] do_syscall_64+0x3d/0x40 [ 177.222503][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 177.228493][ C0] RIP: 0033:0x7fb9ff26a3b9 [ 177.232905][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.252513][ C0] RSP: 002b:00007ffce978a078 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 177.261073][ C0] RAX: 0000000000000000 RBX: 00007fb9ff471ba0 RCX: 00007fb9ff26a3b9 [ 177.269056][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 177.277126][ C0] RBP: 00007fb9ff471ba0 R08: 0000000000000001 R09: ffffffffffffffff [ 177.285094][ C0] R10: 00007fb9ff471ac0 R11: 0000000000000246 R12: 000000000000ab6a [ 177.293514][ C0] R13: 00007fb9ff470080 R14: 0000000000000032 R15: ffffffffffffffff [ 177.301758][ C0] Sending NMI from CPU 0 to CPUs 1: [ 177.307670][ C1] NMI backtrace for cpu 1 [ 177.307675][ C1] CPU: 1 PID: 480 Comm: syz.2.17 Not tainted syzkaller #0 [ 177.307680][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 177.307683][ C1] RIP: 0010:__kasan_check_write+0x1/0x20 [ 177.307691][ C1] Code: da 02 45 31 ff eb d1 00 00 55 48 89 e5 89 f6 48 8b 4d 08 31 d2 e8 af ed ff ff 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 <48> 89 e5 89 f6 48 8b 4d 08 ba 01 00 00 00 e8 8c ed ff ff 5d c3 66 [ 177.307695][ C1] RSP: 0018:ffffc900023b6990 EFLAGS: 00000286 [ 177.307702][ C1] RAX: 00000000000003e8 RBX: ffff888115518f80 RCX: 0000000000000000 [ 177.307706][ C1] RDX: ffff888117f9e2c0 RSI: 0000000000000004 RDI: ffff888115518f80 [ 177.307710][ C1] RBP: ffffc900023b6a90 R08: 0000000000000004 R09: 00000000023b6a03 [ 177.307714][ C1] R10: dffffc0000000000 R11: fffff52000476d44 R12: dffffc0000000000 [ 177.307718][ C1] R13: ffff888115518f00 R14: 0000000000000000 R15: fffffffffffffc18 [ 177.307723][ C1] FS: 00007fb9fecd96c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 177.307726][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.307730][ C1] CR2: 0000000020009000 CR3: 0000000117faa000 CR4: 00000000003506a0 [ 177.307734][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 177.307739][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 177.307741][ C1] Call Trace: [ 177.307744][ C1] ? tipc_sk_lookup+0x4dd/0x5f0 [ 177.307747][ C1] ? tipc_sk_rcv+0x1dc0/0x1dc0 [ 177.307750][ C1] tipc_sk_rcv+0x350/0x1dc0 [ 177.307753][ C1] ? __stack_depot_save+0x47d/0x4c0 [ 177.307756][ C1] ? kasan_set_track+0x5b/0x70 [ 177.307759][ C1] ? kasan_set_track+0x4a/0x70 [ 177.307762][ C1] ? ____kasan_slab_free+0x125/0x160 [ 177.307765][ C1] ? __kasan_slab_free+0x11/0x20 [ 177.307768][ C1] ? slab_free_freelist_hook+0xc5/0x190 [ 177.307771][ C1] ? kmem_cache_free+0x100/0x2d0 [ 177.307774][ C1] ? kfree_skbmem+0x10c/0x180 [ 177.307776][ C1] ? kfree_skb+0xc1/0x2f0 [ 177.307779][ C1] ? tipc_msg_reverse+0x698/0x900 [ 177.307782][ C1] ? tipc_node_xmit+0x26c/0xd80 [ 177.307786][ C1] ? tipc_sk_filter_rcv+0x15e5/0x3910 [ 177.307788][ C1] ? tipc_sk_rcv+0x742/0x1dc0 [ 177.307791][ C1] ? tipc_node_xmit+0x26c/0xd80 [ 177.307795][ C1] ? exit_to_user_mode_prepare+0x76/0xa0 [ 177.307798][ C1] ? syscall_exit_to_user_mode+0x1d/0x40 [ 177.307801][ C1] ? do_syscall_64+0x3d/0x40 [ 177.307804][ C1] ? __skb_queue_purge+0x170/0x170 [ 177.307807][ C1] tipc_node_xmit+0x26c/0xd80 [ 177.307810][ C1] ? kmem_cache_free+0x100/0x2d0 [ 177.307813][ C1] ? ____kasan_slab_free+0x130/0x160 [ 177.307816][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 177.307819][ C1] ? slab_free_freelist_hook+0xc5/0x190 [ 177.307822][ C1] ? kfree_skbmem+0x10c/0x180 [ 177.307825][ C1] ? kmem_cache_free+0x100/0x2d0 [ 177.307828][ C1] tipc_node_xmit_skb+0xf7/0x150 [ 177.307831][ C1] ? kfree_skb+0xc1/0x2f0 [ 177.307834][ C1] ? __skb_queue_purge+0x170/0x170 [ 177.307851][ C1] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 177.307854][ C1] tipc_sk_rcv+0x1c46/0x1dc0 [ 177.307857][ C1] ? __skb_queue_purge+0x170/0x170 [ 177.307860][ C1] tipc_node_xmit+0x26c/0xd80 [ 177.307863][ C1] ? is_bpf_text_address+0x177/0x190 [ 177.307867][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 177.307870][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 177.307872][ C1] ? _raw_spin_lock+0xf0/0xf0 [ 177.307876][ C1] tipc_sk_filter_rcv+0x15e5/0x3910 [ 177.307878][ C1] ? tipc_sk_dump+0xfc0/0xfc0 [ 177.307881][ C1] ? __kasan_check_write+0x14/0x20 [ 177.307884][ C1] ? _raw_spin_lock_bh+0x94/0xf0 [ 177.307887][ C1] tipc_sk_rcv+0x742/0x1dc0 [ 177.307890][ C1] ? kfree_skbmem+0x10c/0x180 [ 177.307893][ C1] ? __skb_queue_purge+0x170/0x170 [ 177.307896][ C1] ? tipc_sk_filter_rcv+0x30d7/0x3910 [ 177.307899][ C1] ? ____fput+0x15/0x20 [ 177.307902][ C1] ? task_work_run+0x127/0x190 [ 177.307904][ C1] tipc_node_xmit+0x26c/0xd80 [ 177.307908][ C1] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 177.307911][ C1] tipc_node_distr_xmit+0x2a3/0x3b0 [ 177.307914][ C1] ? tipc_node_xmit_skb+0x150/0x150 [ 177.307917][ C1] tipc_sk_backlog_rcv+0x17d/0x210 [ 177.307920][ C1] ? tipc_sk_timeout+0x990/0x990 [ 177.307923][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 177.307926][ C1] __release_sock+0x146/0x360 [ 177.307929][ C1] ? _raw_write_lock_irq+0xf0/0xf0 [ 177.307932][ C1] release_sock+0x60/0x1b0 [ 177.307934][ C1] tipc_release+0xbd4/0x1490 [ 177.307937][ C1] ? down_read_killable+0xe0/0xe0 [ 177.307940][ C1] sock_close+0xe0/0x270 [ 177.307943][ C1] ? sock_mmap+0xa0/0xa0 [ 177.307945][ C1] __fput+0x2fb/0x770 [ 177.307948][ C1] ____fput+0x15/0x20 [ 177.307951][ C1] task_work_run+0x127/0x190 [ 177.307954][ C1] exit_to_user_mode_loop+0xcb/0xe0 [ 177.307957][ C1] exit_to_user_mode_prepare+0x76/0xa0 [ 177.307960][ C1] syscall_exit_to_user_mode+0x1d/0x40 [ 177.307963][ C1] do_syscall_64+0x3d/0x40 [ 177.307966][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 177.307976][ C1] RIP: 0033:0x7fb9ff26a3b9 [ 177.307985][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.307988][ C1] RSP: 002b:00007fb9fecd9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.307996][ C1] RAX: 00000000000203a0 RBX: 00007fb9ff46ffa0 RCX: 00007fb9ff26a3b9 [ 177.308000][ C1] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 177.308004][ C1] RBP: 00007fb9ff2f5974 R08: 0000000000000000 R09: 0000000000000000 [ 177.308008][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.308012][ C1] R13: 0000000000000000 R14: 00007fb9ff46ffa0 R15: 00007ffce9789f18