Warning: Permanently added '10.128.1.195' (ED25519) to the list of known hosts. 2026/03/07 08:48:17 parsed 1 programs [ 43.951625][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 43.951636][ T24] audit: type=1400 audit(1772873297.579:104): avc: denied { unlink } for pid=405 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.007375][ T405] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.526699][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.534095][ T423] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.541319][ T423] device bridge_slave_0 entered promiscuous mode [ 44.548063][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.555673][ T423] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.563007][ T423] device bridge_slave_1 entered promiscuous mode [ 44.591274][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.598335][ T423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.605849][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.612877][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.629112][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.636490][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.644537][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.652559][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.662292][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.670756][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.677906][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.686582][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.694942][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.702183][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.714092][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.723009][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.735415][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.746758][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.754940][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.762757][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.771156][ T423] device veth0_vlan entered promiscuous mode [ 44.781165][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.790022][ T423] device veth1_macvtap entered promiscuous mode [ 44.799027][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.808590][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.928902][ T24] audit: type=1400 audit(1772873298.559:105): avc: denied { create } for pid=436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.079885][ T24] audit: type=1401 audit(1772873298.709:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2026/03/07 08:48:19 executed programs: 0 [ 45.401106][ T24] audit: type=1400 audit(1772873299.029:107): avc: denied { write } for pid=397 comm="syz-execprog" path="pipe:[15568]" dev="pipefs" ino=15568 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 45.440048][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.447200][ T466] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.454652][ T466] device bridge_slave_0 entered promiscuous mode [ 45.461747][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.468838][ T466] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.476278][ T466] device bridge_slave_1 entered promiscuous mode [ 45.508703][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.515747][ T466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.523072][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.530287][ T466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.538849][ T317] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.546455][ T317] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.562450][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.570257][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.579384][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.588006][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.596464][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.603569][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.615793][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.624392][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.632622][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.639749][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.650107][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.658451][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.667185][ T48] device bridge_slave_1 left promiscuous mode [ 45.673871][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.681215][ T48] device bridge_slave_0 left promiscuous mode [ 45.687766][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.696093][ T48] device veth1_macvtap left promiscuous mode [ 45.702096][ T48] device veth0_vlan left promiscuous mode [ 45.757546][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.765891][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.778165][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.786771][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.798372][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.806454][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.814503][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.821995][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.830404][ T466] device veth0_vlan entered promiscuous mode [ 45.839578][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.847840][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.857059][ T466] device veth1_macvtap entered promiscuous mode [ 45.865521][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.873121][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.881645][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.891164][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.899593][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.921542][ T24] audit: type=1400 audit(1772873299.549:108): avc: denied { create } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 45.941883][ T24] audit: type=1400 audit(1772873299.569:109): avc: denied { write } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 45.985305][ T24] audit: type=1400 audit(1772873299.619:110): avc: denied { setopt } for pid=470 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 146.053742][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 146.060376][ C0] rcu: 0-...!: (1 GPs behind) idle=0da/1/0x4000000000000000 softirq=2322/2353 fqs=39 last_accelerate: 9c7c/c38c dyntick_enabled: 1 [ 146.074446][ C0] (t=10000 jiffies g=1277 q=38) [ 146.079472][ C0] rcu: rcu_preempt kthread starved for 9922 jiffies! g1277 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 146.090723][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 146.100843][ C0] rcu: RCU grace-period kthread stack dump: [ 146.107158][ C0] task:rcu_preempt state:I stack: 0 pid: 13 ppid: 2 flags:0x00004000 [ 146.116373][ C0] Call Trace: [ 146.119668][ C0] __schedule+0xb53/0x1320 [ 146.124336][ C0] ? __sched_text_start+0x8/0x8 [ 146.129692][ C0] ? __mod_timer+0x7da/0xb50 [ 146.134560][ C0] schedule+0x13c/0x1d0 [ 146.138780][ C0] schedule_timeout+0x159/0x330 [ 146.143996][ C0] ? console_conditional_schedule+0x10/0x10 [ 146.150415][ C0] ? run_local_timers+0x160/0x160 [ 146.155721][ C0] ? prepare_to_swait_event+0x320/0x340 [ 146.161516][ C0] rcu_gp_kthread+0x1045/0x2730 [ 146.166606][ C0] ? dyntick_save_progress_counter+0x1b0/0x1b0 [ 146.172839][ C0] ? rcu_barrier_callback+0x50/0x50 [ 146.178126][ C0] ? __kasan_check_read+0x11/0x20 [ 146.183402][ C0] ? __kthread_parkme+0xb9/0x1c0 [ 146.188322][ C0] kthread+0x346/0x3d0 [ 146.192365][ C0] ? rcu_barrier_callback+0x50/0x50 [ 146.197640][ C0] ? kthread_blkcg+0xd0/0xd0 [ 146.202217][ C0] ret_from_fork+0x1f/0x30 [ 146.206672][ C0] NMI backtrace for cpu 0 [ 146.211435][ C0] CPU: 0 PID: 481 Comm: syz.2.17 Not tainted syzkaller #0 [ 146.218528][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.228578][ C0] Call Trace: [ 146.232003][ C0] [ 146.234922][ C0] __dump_stack+0x21/0x24 [ 146.239259][ C0] dump_stack_lvl+0x1a7/0x208 [ 146.244002][ C0] ? show_regs_print_info+0x18/0x18 [ 146.249313][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 146.254830][ C0] ? _raw_spin_lock+0xf0/0xf0 [ 146.259687][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 146.266067][ C0] dump_stack+0x15/0x1c [ 146.270541][ C0] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 146.276785][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 146.282833][ C0] rcu_dump_cpu_stacks+0x19c/0x2c0 [ 146.288038][ C0] rcu_sched_clock_irq+0xf88/0x1880 [ 146.293329][ C0] ? rcutree_dead_cpu+0x310/0x310 [ 146.298420][ C0] ? hrtimer_run_queues+0x166/0x430 [ 146.303776][ C0] update_process_times+0x198/0x200 [ 146.308997][ C0] tick_sched_timer+0x17c/0x240 [ 146.314102][ C0] ? tick_setup_sched_timer+0x450/0x450 [ 146.319638][ C0] __hrtimer_run_queues+0x380/0x970 [ 146.324821][ C0] ? hrtimer_interrupt+0xdc0/0xdc0 [ 146.330199][ C0] ? ktime_get_update_offsets_now+0x293/0x2b0 [ 146.336338][ C0] hrtimer_interrupt+0x3a6/0xdc0 [ 146.341498][ C0] __sysvec_apic_timer_interrupt+0xfa/0x3f0 [ 146.347459][ C0] asm_call_irq_on_stack+0xf/0x20 [ 146.352454][ C0] [ 146.355461][ C0] sysvec_apic_timer_interrupt+0x85/0xe0 [ 146.361152][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 146.367462][ C0] RIP: 0010:tipc_node_distr_xmit+0x36a/0x3b0 [ 146.373588][ C0] Code: 38 fd e9 ab fe ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ba fe ff ff 4c 89 e7 e8 90 87 38 fd e9 ad fe ff ff e8 76 06 fe fc <48> c7 44 24 60 0e 36 e0 45 4a c7 04 33 00 00 00 00 42 c7 44 33 08 [ 146.393273][ C0] RSP: 0018:ffffc90002796980 EFLAGS: 00000293 [ 146.399342][ C0] RAX: ffffffff8466ad1e RBX: 1ffff920004f2d3c RCX: ffff888117c04f00 [ 146.407288][ C0] RDX: 0000000000000000 RSI: ffffc90002796c40 RDI: ffff888129529340 [ 146.415640][ C0] RBP: ffffc90002796a90 R08: ffff888110b74f8b R09: 1ffff1102216e9f1 [ 146.423853][ C0] R10: dffffc0000000000 R11: ffffed102216e9f2 R12: ffffc90002796ec0 [ 146.431891][ C0] R13: ffffc90002796c40 R14: dffffc0000000000 R15: ffffc90002796c40 [ 146.439846][ C0] ? tipc_node_distr_xmit+0xae/0x3b0 [ 146.445118][ C0] ? tipc_sk_lookup+0x544/0x5f0 [ 146.449961][ C0] ? tipc_sk_rcv+0x37a/0x1dc0 [ 146.454700][ C0] ? tipc_node_xmit_skb+0x150/0x150 [ 146.460025][ C0] ? _raw_spin_trylock_bh+0xe5/0x150 [ 146.465481][ C0] ? _raw_spin_trylock+0x150/0x150 [ 146.470829][ C0] ? tipc_sk_lookup+0x11/0x5f0 [ 146.475567][ C0] tipc_sk_rcv+0x18ed/0x1dc0 [ 146.480304][ C0] ? __stack_depot_save+0x47d/0x4c0 [ 146.485653][ C0] ? kasan_set_track+0x5b/0x70 [ 146.490390][ C0] ? kasan_set_track+0x4a/0x70 [ 146.495306][ C0] ? ____kasan_slab_free+0x125/0x160 [ 146.500565][ C0] ? __kasan_slab_free+0x11/0x20 [ 146.505652][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 146.511280][ C0] ? kmem_cache_free+0x100/0x2d0 [ 146.516296][ C0] ? kfree_skbmem+0x10c/0x180 [ 146.521113][ C0] ? kfree_skb+0xc1/0x2f0 [ 146.525416][ C0] ? tipc_msg_reverse+0x698/0x900 [ 146.530683][ C0] ? tipc_node_xmit+0x26c/0xd80 [ 146.535800][ C0] ? tipc_sk_filter_rcv+0x15e5/0x3910 [ 146.541136][ C0] ? tipc_sk_rcv+0x742/0x1dc0 [ 146.545781][ C0] ? tipc_node_xmit+0x26c/0xd80 [ 146.550694][ C0] ? exit_to_user_mode_prepare+0x76/0xa0 [ 146.556319][ C0] ? syscall_exit_to_user_mode+0x1d/0x40 [ 146.562528][ C0] ? do_syscall_64+0x3d/0x40 [ 146.567228][ C0] ? __skb_queue_purge+0x170/0x170 [ 146.572398][ C0] tipc_node_xmit+0x26c/0xd80 [ 146.577150][ C0] ? kmem_cache_free+0x100/0x2d0 [ 146.582147][ C0] ? ____kasan_slab_free+0x130/0x160 [ 146.587402][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 146.592922][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 146.598630][ C0] ? kfree_skbmem+0x10c/0x180 [ 146.603457][ C0] ? kmem_cache_free+0x100/0x2d0 [ 146.608458][ C0] tipc_node_xmit_skb+0xf7/0x150 [ 146.613560][ C0] ? kfree_skb+0xc1/0x2f0 [ 146.617869][ C0] ? __skb_queue_purge+0x170/0x170 [ 146.623181][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 146.628536][ C0] tipc_sk_rcv+0x1c46/0x1dc0 [ 146.633207][ C0] ? __kasan_check_read+0x11/0x20 [ 146.638505][ C0] ? preempt_schedule_notrace+0x120/0x120 [ 146.644386][ C0] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 146.649993][ C0] ? __skb_queue_purge+0x170/0x170 [ 146.655075][ C0] ? update_stack_state+0x1c7/0x480 [ 146.660383][ C0] tipc_node_xmit+0x26c/0xd80 [ 146.665131][ C0] ? is_bpf_text_address+0x177/0x190 [ 146.670587][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 146.676302][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 146.681817][ C0] ? _raw_spin_lock+0xf0/0xf0 [ 146.686465][ C0] tipc_sk_filter_rcv+0x15e5/0x3910 [ 146.691974][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 146.696620][ C0] ? __kasan_check_write+0x14/0x20 [ 146.701787][ C0] ? _raw_spin_lock_bh+0x94/0xf0 [ 146.706697][ C0] tipc_sk_rcv+0x742/0x1dc0 [ 146.711173][ C0] ? kfree_skbmem+0x10c/0x180 [ 146.715999][ C0] ? __skb_queue_purge+0x170/0x170 [ 146.721184][ C0] ? tipc_sk_filter_rcv+0x30d7/0x3910 [ 146.726526][ C0] ? ____fput+0x15/0x20 [ 146.730657][ C0] ? task_work_run+0x127/0x190 [ 146.735488][ C0] tipc_node_xmit+0x26c/0xd80 [ 146.740154][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 146.745667][ C0] tipc_node_distr_xmit+0x2a3/0x3b0 [ 146.750921][ C0] ? tipc_node_xmit_skb+0x150/0x150 [ 146.756095][ C0] tipc_sk_backlog_rcv+0x17d/0x210 [ 146.761173][ C0] ? tipc_sk_timeout+0x990/0x990 [ 146.766231][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 146.771660][ C0] __release_sock+0x146/0x360 [ 146.776312][ C0] ? _raw_write_lock_irq+0xf0/0xf0 [ 146.781397][ C0] release_sock+0x60/0x1b0 [ 146.785934][ C0] tipc_release+0xbd4/0x1490 [ 146.790597][ C0] ? down_read_killable+0xe0/0xe0 [ 146.795590][ C0] sock_close+0xe0/0x270 [ 146.799982][ C0] ? sock_mmap+0xa0/0xa0 [ 146.804199][ C0] __fput+0x2fb/0x770 [ 146.808242][ C0] ____fput+0x15/0x20 [ 146.812280][ C0] task_work_run+0x127/0x190 [ 146.816938][ C0] exit_to_user_mode_loop+0xcb/0xe0 [ 146.822226][ C0] exit_to_user_mode_prepare+0x76/0xa0 [ 146.827739][ C0] syscall_exit_to_user_mode+0x1d/0x40 [ 146.833269][ C0] do_syscall_64+0x3d/0x40 [ 146.837681][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 146.843831][ C0] RIP: 0033:0x7ff108d4b0b9 [ 146.848256][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.867848][ C0] RSP: 002b:00007ff1087b1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.876406][ C0] RAX: 00000000000203a0 RBX: 00007ff108f77fa0 RCX: 00007ff108d4b0b9 [ 146.884522][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 146.892568][ C0] RBP: 00007ff108ddd9c4 R08: 0000000000000000 R09: 0000000000000000 [ 146.900702][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.908740][ C0] R13: 0000000000000000 R14: 00007ff108f77fa0 R15: 00007ffe8066b018 [ 198.976840][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.2.17:480] [ 198.985180][ C1] Modules linked in: [ 198.989419][ C1] CPU: 1 PID: 480 Comm: syz.2.17 Not tainted syzkaller #0 [ 198.996590][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 199.007003][ C1] RIP: 0010:kvm_wait+0xce/0x130 [ 199.011853][ C1] Code: 38 f0 75 26 41 f7 c4 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d 33 1e b8 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d 24 1e b8 03 fb f4 <4c> 89 64 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 4b c7 04 [ 199.032616][ C1] RSP: 0018:ffffc90002ae79a0 EFLAGS: 00000246 [ 199.038851][ C1] RAX: 0000000000000003 RBX: ffff888110b74f88 RCX: ffffffff814bed9a [ 199.047143][ C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888110b74f88 [ 199.055215][ C1] RBP: ffffc90002ae7a50 R08: ffff888110b74f88 R09: 1ffff1102216e9f1 [ 199.063522][ C1] R10: dffffc0000000000 R11: ffffed102216e9f2 R12: 0000000000000246 [ 199.071664][ C1] R13: 1ffff1102216e9f1 R14: dffffc0000000000 R15: 1ffff9200055cf38 [ 199.079810][ C1] FS: 0000555594ffa500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 199.089008][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.095676][ C1] CR2: 00007ff108d98800 CR3: 0000000117d09000 CR4: 00000000003506a0 [ 199.103647][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.112177][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.120251][ C1] Call Trace: [ 199.123624][ C1] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 199.129850][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 199.135387][ C1] ? __pv_queued_spin_lock_slowpath+0x6ba/0xb70 [ 199.141787][ C1] __pv_queued_spin_lock_slowpath+0x714/0xb70 [ 199.147840][ C1] ? __pv_queued_spin_unlock_slowpath+0x280/0x280 [ 199.154343][ C1] ? kasan_save_stack+0x49/0x60 [ 199.159288][ C1] ? __kasan_record_aux_stack+0xd2/0x100 [ 199.165087][ C1] ? kasan_record_aux_stack+0xe/0x10 [ 199.170531][ C1] ? task_work_add+0x27/0x1e0 [ 199.175197][ C1] ? fput+0x1a/0x20 [ 199.178985][ C1] ? filp_close+0x105/0x150 [ 199.183477][ C1] ? __close_range+0x1f4/0x450 [ 199.188488][ C1] ? __x64_sys_close_range+0x7a/0x90 [ 199.193867][ C1] queued_spin_lock_slowpath+0x47/0x50 [ 199.199778][ C1] _raw_spin_lock_bh+0xe4/0xf0 [ 199.204559][ C1] ? _raw_spin_lock_irq+0xf0/0xf0 [ 199.209582][ C1] lock_sock_nested+0x90/0x2a0 [ 199.214353][ C1] ? sock_init_data+0xc0/0xc0 [ 199.219129][ C1] ? fsnotify+0x19ab/0x1a70 [ 199.223638][ C1] tipc_release+0x56/0x1490 [ 199.228321][ C1] ? down_read_killable+0xe0/0xe0 [ 199.233603][ C1] sock_close+0xe0/0x270 [ 199.237836][ C1] ? sock_mmap+0xa0/0xa0 [ 199.242236][ C1] __fput+0x2fb/0x770 [ 199.246396][ C1] ____fput+0x15/0x20 [ 199.250371][ C1] task_work_run+0x127/0x190 [ 199.254946][ C1] exit_to_user_mode_loop+0xcb/0xe0 [ 199.260480][ C1] exit_to_user_mode_prepare+0x76/0xa0 [ 199.266261][ C1] syscall_exit_to_user_mode+0x1d/0x40 [ 199.271710][ C1] do_syscall_64+0x3d/0x40 [ 199.276225][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 199.282318][ C1] RIP: 0033:0x7ff108d4b0b9 [ 199.286817][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.306942][ C1] RSP: 002b:00007ffe8066b178 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 199.315341][ C1] RAX: 0000000000000000 RBX: 00007ff108f79ba0 RCX: 00007ff108d4b0b9 [ 199.323311][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 199.331954][ C1] RBP: 00007ff108f79ba0 R08: 0000000000000006 R09: 0000000000000000 [ 199.340116][ C1] R10: 00007ff108f79ac0 R11: 0000000000000246 R12: 000000000000b6e1 [ 199.348295][ C1] R13: 00007ff108f7808c R14: 000000000000b406 R15: 00007ff108f78080 [ 199.356365][ C1] Sending NMI from CPU 1 to CPUs 0: [ 199.362371][ C0] NMI backtrace for cpu 0 [ 199.362379][ C0] CPU: 0 PID: 481 Comm: syz.2.17 Not tainted syzkaller #0 [ 199.362385][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 199.362388][ C0] RIP: 0010:preempt_count_add+0x6/0x1b0 [ 199.362397][ C0] Code: 30 67 5a 00 e9 25 ff ff ff 48 c7 c7 a0 1f 4f 86 4c 89 fe e8 4c 5d 14 01 e9 1e ff ff ff 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 <41> 56 53 49 bf 00 00 00 00 00 fc ff df 48 c7 c0 c0 08 e8 86 48 c1 [ 199.362401][ C0] RSP: 0018:ffffc900027969e8 EFLAGS: 00000a02 [ 199.362409][ C0] RAX: f3f3f3f8f1f1f1f1 RBX: ffff888110b74f88 RCX: ffff888117c04f00 [ 199.362413][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000201 [ 199.362418][ C0] RBP: ffffc900027969f0 R08: ffff888110b74f83 R09: 1ffff1102216e9f0 [ 199.362422][ C0] R10: dffffc0000000000 R11: ffffed102216e9f1 R12: dffffc0000000000 [ 199.362426][ C0] R13: 1ffff920004f2d40 R14: ffffffff84678b0a R15: 00000000d3947b1d [ 199.362431][ C0] FS: 00007ff1087b16c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 199.362434][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.362439][ C0] CR2: 0000000000000000 CR3: 0000000117d09000 CR4: 00000000003506b0 [ 199.362443][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.362447][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.362449][ C0] Call Trace: [ 199.362452][ C0] _raw_spin_trylock_bh+0x6e/0x150 [ 199.362455][ C0] ? _raw_spin_trylock+0x150/0x150 [ 199.362458][ C0] tipc_sk_rcv+0x37a/0x1dc0 [ 199.362461][ C0] ? __stack_depot_save+0x47d/0x4c0 [ 199.362464][ C0] ? kasan_set_track+0x5b/0x70 [ 199.362467][ C0] ? kasan_set_track+0x4a/0x70 [ 199.362470][ C0] ? ____kasan_slab_free+0x125/0x160 [ 199.362473][ C0] ? __kasan_slab_free+0x11/0x20 [ 199.362476][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 199.362479][ C0] ? kmem_cache_free+0x100/0x2d0 [ 199.362482][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.362485][ C0] ? kfree_skb+0xc1/0x2f0 [ 199.362488][ C0] ? tipc_msg_reverse+0x698/0x900 [ 199.362490][ C0] ? tipc_node_xmit+0x26c/0xd80 [ 199.362494][ C0] ? tipc_sk_filter_rcv+0x15e5/0x3910 [ 199.362496][ C0] ? tipc_sk_rcv+0x742/0x1dc0 [ 199.362499][ C0] ? tipc_node_xmit+0x26c/0xd80 [ 199.362502][ C0] ? exit_to_user_mode_prepare+0x76/0xa0 [ 199.362506][ C0] ? syscall_exit_to_user_mode+0x1d/0x40 [ 199.362508][ C0] ? do_syscall_64+0x3d/0x40 [ 199.362511][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.362514][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.362517][ C0] ? kmem_cache_free+0x100/0x2d0 [ 199.362520][ C0] ? ____kasan_slab_free+0x130/0x160 [ 199.362523][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.362526][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 199.362529][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.362532][ C0] ? kmem_cache_free+0x100/0x2d0 [ 199.362535][ C0] tipc_node_xmit_skb+0xf7/0x150 [ 199.362537][ C0] ? kfree_skb+0xc1/0x2f0 [ 199.362540][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.362544][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 199.362546][ C0] tipc_sk_rcv+0x1c46/0x1dc0 [ 199.362549][ C0] ? __kasan_check_read+0x11/0x20 [ 199.362553][ C0] ? preempt_schedule_notrace+0x120/0x120 [ 199.362556][ C0] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 199.362559][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.362562][ C0] ? update_stack_state+0x1c7/0x480 [ 199.362565][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.362568][ C0] ? is_bpf_text_address+0x177/0x190 [ 199.362572][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.362575][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 199.362577][ C0] ? _raw_spin_lock+0xf0/0xf0 [ 199.362580][ C0] tipc_sk_filter_rcv+0x15e5/0x3910 [ 199.362583][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 199.362586][ C0] ? __kasan_check_write+0x14/0x20 [ 199.362589][ C0] ? _raw_spin_lock_bh+0x94/0xf0 [ 199.362592][ C0] tipc_sk_rcv+0x742/0x1dc0 [ 199.362595][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.362598][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.362601][ C0] ? tipc_sk_filter_rcv+0x30d7/0x3910 [ 199.362603][ C0] ? ____fput+0x15/0x20 [ 199.362606][ C0] ? task_work_run+0x127/0x190 [ 199.362609][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.362612][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.362614][ C0] tipc_node_distr_xmit+0x2a3/0x3b0 [ 199.362617][ C0] ? tipc_node_xmit_skb+0x150/0x150 [ 199.362619][ C0] tipc_sk_backlog_rcv+0x17d/0x210 [ 199.362621][ C0] ? tipc_sk_timeout+0x990/0x990 [ 199.362624][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 199.362626][ C0] __release_sock+0x146/0x360 [ 199.362628][ C0] ? _raw_write_lock_irq+0xf0/0xf0 [ 199.362630][ C0] release_sock+0x60/0x1b0 [ 199.362633][ C0] tipc_release+0xbd4/0x1490 [ 199.362635][ C0] ? down_read_killable+0xe0/0xe0 [ 199.362637][ C0] sock_close+0xe0/0x270 [ 199.362639][ C0] ? sock_mmap+0xa0/0xa0 [ 199.362641][ C0] __fput+0x2fb/0x770 [ 199.362643][ C0] ____fput+0x15/0x20 [ 199.362645][ C0] task_work_run+0x127/0x190 [ 199.362647][ C0] exit_to_user_mode_loop+0xcb/0xe0 [ 199.362649][ C0] exit_to_user_mode_prepare+0x76/0xa0 [ 199.362652][ C0] syscall_exit_to_user_mode+0x1d/0x40 [ 199.362654][ C0] do_syscall_64+0x3d/0x40 [ 199.362656][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 199.362659][ C0] RIP: 0033:0x7ff108d4b0b9 [ 199.362666][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.362668][ C0] RSP: 002b:00007ff1087b1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.362674][ C0] RAX: 00000000000203a0 RBX: 00007ff108f77fa0 RCX: 00007ff108d4b0b9 [ 199.362678][ C0] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 199.362681][ C0] RBP: 00007ff108ddd9c4 R08: 0000000000000000 R09: 0000000000000000 [ 199.362685][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.362688][ C0] R13: 0000000000000000 R14: 00007ff108f77fa0 R15: 00007ffe8066b018