Warning: Permanently added '10.128.1.217' (ED25519) to the list of known hosts. 2026/01/28 22:27:11 parsed 1 programs [ 44.219292][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 44.219304][ T24] audit: type=1400 audit(1769639232.570:104): avc: denied { unlink } for pid=407 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.278961][ T407] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.192688][ T24] audit: type=1400 audit(1769639233.540:105): avc: denied { create } for pid=445 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.280962][ T24] audit: type=1401 audit(1769639233.630:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 45.348889][ T458] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.357285][ T458] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.364872][ T458] device bridge_slave_0 entered promiscuous mode [ 45.372322][ T458] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.380868][ T458] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.388759][ T458] device bridge_slave_1 entered promiscuous mode [ 45.419012][ T458] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.426055][ T458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.433541][ T458] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.440771][ T458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.462630][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.470822][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.478144][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.487182][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.495502][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.502911][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.516960][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.525481][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.532842][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.544669][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.554266][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.570811][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.581307][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.589692][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.597690][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.606722][ T458] device veth0_vlan entered promiscuous mode [ 45.621158][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.630928][ T458] device veth1_macvtap entered promiscuous mode [ 45.640253][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.654670][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/01/28 22:27:14 executed programs: 0 [ 45.815770][ T24] audit: type=1400 audit(1769639234.160:107): avc: denied { write } for pid=400 comm="syz-execprog" path="pipe:[15566]" dev="pipefs" ino=15566 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 45.858941][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.866111][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.873628][ T468] device bridge_slave_0 entered promiscuous mode [ 45.880812][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.887922][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.895296][ T468] device bridge_slave_1 entered promiscuous mode [ 45.939613][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.946857][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.954164][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.961296][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.979571][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.987211][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.995168][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.004849][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.013767][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.021487][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.031655][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.040423][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.047803][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.058946][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.068206][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.081171][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.092169][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.100375][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.107955][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.120602][ T468] device veth0_vlan entered promiscuous mode [ 46.130232][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.139420][ T468] device veth1_macvtap entered promiscuous mode [ 46.149049][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.158959][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.184409][ T24] audit: type=1400 audit(1769639234.530:108): avc: denied { create } for pid=493 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 46.204084][ T24] audit: type=1400 audit(1769639234.530:109): avc: denied { write } for pid=493 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 46.229897][ T24] audit: type=1400 audit(1769639234.550:110): avc: denied { setopt } for pid=493 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 46.550141][ T7] device bridge_slave_1 left promiscuous mode [ 46.556470][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.564366][ T7] device bridge_slave_0 left promiscuous mode [ 46.570634][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.578899][ T7] device veth1_macvtap left promiscuous mode [ 46.585029][ T7] device veth0_vlan left promiscuous mode [ 146.648397][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 146.655170][ C1] rcu: 1-...!: (10000 ticks this GP) idle=6ee/1/0x4000000000000000 softirq=2466/2466 fqs=0 last_accelerate: 9cba/c3ca dyntick_enabled: 1 [ 146.669316][ C1] (t=10000 jiffies g=1737 q=409) [ 146.674346][ C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g1737 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 146.686158][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 146.696221][ C1] rcu: RCU grace-period kthread stack dump: [ 146.702373][ C1] task:rcu_preempt state:I stack: 0 pid: 13 ppid: 2 flags:0x00004000 [ 146.712099][ C1] Call Trace: [ 146.715404][ C1] __schedule+0xb53/0x1320 [ 146.719822][ C1] ? __sched_text_start+0x8/0x8 [ 146.724765][ C1] ? __mod_timer+0x7da/0xb50 [ 146.729354][ C1] schedule+0x13c/0x1d0 [ 146.733516][ C1] schedule_timeout+0x159/0x330 [ 146.738366][ C1] ? console_conditional_schedule+0x10/0x10 [ 146.744927][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 146.750606][ C1] ? run_local_timers+0x160/0x160 [ 146.756757][ C1] ? prepare_to_swait_event+0x320/0x340 [ 146.762327][ C1] rcu_gp_kthread+0x1045/0x2730 [ 146.767351][ C1] ? rcu_barrier_callback+0x50/0x50 [ 146.772575][ C1] ? __kasan_check_read+0x11/0x20 [ 146.777785][ C1] ? __kthread_parkme+0xb9/0x1c0 [ 146.782721][ C1] kthread+0x346/0x3d0 [ 146.786877][ C1] ? rcu_barrier_callback+0x50/0x50 [ 146.792249][ C1] ? kthread_blkcg+0xd0/0xd0 [ 146.796849][ C1] ret_from_fork+0x1f/0x30 [ 146.801802][ C1] NMI backtrace for cpu 1 [ 146.806133][ C1] CPU: 1 PID: 575 Comm: syz.2.43 Not tainted syzkaller #0 [ 146.813358][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 146.823606][ C1] Call Trace: [ 146.826899][ C1] [ 146.829848][ C1] __dump_stack+0x21/0x24 [ 146.834264][ C1] dump_stack_lvl+0x1a7/0x208 [ 146.838940][ C1] ? show_regs_print_info+0x18/0x18 [ 146.844224][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 146.849684][ C1] ? _raw_spin_lock+0xf0/0xf0 [ 146.854394][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 146.860604][ C1] dump_stack+0x15/0x1c [ 146.864848][ C1] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 146.871042][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 146.877022][ C1] rcu_dump_cpu_stacks+0x19c/0x2c0 [ 146.882221][ C1] rcu_sched_clock_irq+0xf88/0x1880 [ 146.887419][ C1] ? rcutree_dead_cpu+0x310/0x310 [ 146.892472][ C1] ? hrtimer_run_queues+0x166/0x430 [ 146.897669][ C1] update_process_times+0x198/0x200 [ 146.903089][ C1] tick_sched_timer+0x17c/0x240 [ 146.907967][ C1] ? tick_setup_sched_timer+0x450/0x450 [ 146.913631][ C1] __hrtimer_run_queues+0x380/0x970 [ 146.918928][ C1] ? hrtimer_interrupt+0xdc0/0xdc0 [ 146.924127][ C1] ? ktime_get_update_offsets_now+0x293/0x2b0 [ 146.930249][ C1] hrtimer_interrupt+0x3a6/0xdc0 [ 146.935305][ C1] __sysvec_apic_timer_interrupt+0xfa/0x3f0 [ 146.941398][ C1] asm_call_irq_on_stack+0xf/0x20 [ 146.946499][ C1] [ 146.949650][ C1] sysvec_apic_timer_interrupt+0x85/0xe0 [ 146.955527][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 146.961551][ C1] RIP: 0010:kvm_wait+0xce/0x130 [ 146.966513][ C1] Code: 38 f0 75 26 41 f7 c4 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d c3 1e b8 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d b4 1e b8 03 fb f4 <4c> 89 64 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 4b c7 04 [ 146.986850][ C1] RSP: 0018:ffffc900010376e0 EFLAGS: 00000246 [ 146.992939][ C1] RAX: 0000000000000003 RBX: ffff888119176888 RCX: ffffffff814bed1a [ 147.000909][ C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888119176888 [ 147.008965][ C1] RBP: ffffc90001037790 R08: ffff888119176888 R09: 1ffff1102322ed11 [ 147.017030][ C1] R10: dffffc0000000000 R11: ffffed102322ed12 R12: 0000000000000246 [ 147.025360][ C1] R13: 1ffff1102322ed11 R14: dffffc0000000000 R15: 1ffff92000206ee0 [ 147.033900][ C1] ? __pv_queued_spin_lock_slowpath+0x6ba/0xb70 [ 147.040265][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 147.045543][ C1] __pv_queued_spin_lock_slowpath+0x714/0xb70 [ 147.052051][ C1] ? __pv_queued_spin_unlock_slowpath+0x280/0x280 [ 147.058770][ C1] queued_spin_lock_slowpath+0x47/0x50 [ 147.064255][ C1] _raw_spin_lock_bh+0xe4/0xf0 [ 147.069200][ C1] ? _raw_spin_lock_irq+0xf0/0xf0 [ 147.074566][ C1] ? selinux_socket_sendmsg+0x22f/0x340 [ 147.080145][ C1] lock_sock_nested+0x90/0x2a0 [ 147.085376][ C1] ? sock_init_data+0xc0/0xc0 [ 147.090091][ C1] ? _raw_spin_lock_bh+0x94/0xf0 [ 147.095217][ C1] ? _raw_spin_unlock_bh+0x51/0x60 [ 147.100333][ C1] tipc_sendstream+0x47/0x70 [ 147.105030][ C1] ? tipc_getsockopt+0x4d0/0x4d0 [ 147.110031][ C1] ____sys_sendmsg+0x5b7/0x8f0 [ 147.114914][ C1] ? __sys_sendmsg_sock+0x40/0x40 [ 147.120101][ C1] ? import_iovec+0x7c/0xb0 [ 147.124773][ C1] ___sys_sendmsg+0x236/0x2e0 [ 147.129463][ C1] ? __sys_sendmsg+0x280/0x280 [ 147.134260][ C1] ? memcpy+0x56/0x70 [ 147.138267][ C1] ? __fdget+0x1a1/0x230 [ 147.142646][ C1] __x64_sys_sendmsg+0x1f9/0x2c0 [ 147.147603][ C1] ? __kasan_check_write+0x14/0x20 [ 147.152716][ C1] ? ___sys_sendmsg+0x2e0/0x2e0 [ 147.157953][ C1] ? debug_smp_processor_id+0x17/0x20 [ 147.163429][ C1] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 147.169600][ C1] ? exit_to_user_mode_prepare+0x2f/0xa0 [ 147.175235][ C1] do_syscall_64+0x31/0x40 [ 147.179741][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 147.185723][ C1] RIP: 0033:0x7fa24b1658f9 [ 147.190247][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.210335][ C1] RSP: 002b:00007fa24abcc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.219203][ C1] RAX: ffffffffffffffda RBX: 00007fa24b392fa0 RCX: 00007fa24b1658f9 [ 147.227451][ C1] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004 [ 147.235543][ C1] RBP: 00007fa24b1f8984 R08: 0000000000000000 R09: 0000000000000000 [ 147.243617][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.252137][ C1] R13: 0000000000000000 R14: 00007fa24b392fa0 R15: 00007fff8e4f75c8 [ 198.971727][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz.2.43:576] [ 198.979728][ C0] Modules linked in: [ 198.983719][ C0] CPU: 0 PID: 576 Comm: syz.2.43 Not tainted syzkaller #0 [ 198.991093][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.001546][ C0] RIP: 0010:tipc_node_distr_xmit+0x3a2/0x3b0 [ 199.007642][ C0] Code: 00 00 00 42 c7 44 33 08 00 00 00 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 75 11 31 c0 48 8d 65 d8 5b 41 5c 41 5d <41> 5e 41 5f 5d c3 e8 63 be 16 00 0f 1f 00 55 48 89 e5 41 57 41 56 [ 199.027966][ C0] RSP: 0018:ffffc90001056800 EFLAGS: 00000246 [ 199.034410][ C0] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff8881199a4f00 [ 199.043177][ C0] RDX: 0000000000000000 RSI: ffffc900010569c0 RDI: ffff888128562680 [ 199.051334][ C0] RBP: ffffc90001056810 R08: ffff88811917688b R09: 1ffff1102322ed11 [ 199.059862][ C0] R10: dffffc0000000000 R11: ffffed102322ed12 R12: ffffc90001056c80 [ 199.068596][ C0] R13: ffff888119176800 R14: dffffc0000000000 R15: ffffc900010569c0 [ 199.076573][ C0] FS: 00007fa24abab6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 199.085579][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.092168][ C0] CR2: 00007fa24abaaff8 CR3: 0000000119a7a000 CR4: 00000000003506b0 [ 199.100294][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.108802][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.116888][ C0] Call Trace: [ 199.120200][ C0] tipc_sk_rcv+0x18ed/0x1dc0 [ 199.124799][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 199.131160][ C0] ? __stack_depot_save+0x47d/0x4c0 [ 199.136366][ C0] ? kasan_set_track+0x5b/0x70 [ 199.141110][ C0] ? kasan_set_track+0x4a/0x70 [ 199.145949][ C0] ? ____kasan_slab_free+0x125/0x160 [ 199.151398][ C0] ? __kasan_slab_free+0x11/0x20 [ 199.156492][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 199.162027][ C0] ? kmem_cache_free+0x100/0x2d0 [ 199.166943][ C0] ? tipc_node_distr_xmit+0x2a3/0x3b0 [ 199.172380][ C0] ? tipc_sk_backlog_rcv+0x17d/0x210 [ 199.177866][ C0] ? __release_sock+0x146/0x360 [ 199.183078][ C0] ? __sys_setsockopt+0x272/0x480 [ 199.188205][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.193507][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.198287][ C0] ? debug_smp_processor_id+0x17/0x20 [ 199.203860][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.209407][ C0] ? ____kasan_slab_free+0x130/0x160 [ 199.214974][ C0] ? __kasan_slab_free+0x11/0x20 [ 199.219953][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.224721][ C0] tipc_node_distr_xmit+0x2a3/0x3b0 [ 199.230035][ C0] ? tipc_node_xmit_skb+0x150/0x150 [ 199.235226][ C0] ? trace_tipc_sk_rej_msg+0x2c/0x6d0 [ 199.240696][ C0] tipc_sk_rcv+0x18ed/0x1dc0 [ 199.245663][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.250782][ C0] ? __kasan_check_write+0x14/0x20 [ 199.255918][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 199.261747][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.266500][ C0] ? __set_page_owner+0x3b/0x2a0 [ 199.271437][ C0] ? do_syscall_64+0x31/0x40 [ 199.276123][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.281786][ C0] tipc_sk_push_backlog+0x4dd/0x790 [ 199.287061][ C0] tipc_sk_proto_rcv+0xa65/0x1af0 [ 199.292069][ C0] ? trace_tipc_sk_dump+0x6c0/0x6c0 [ 199.297371][ C0] ? __kasan_check_write+0x14/0x20 [ 199.302744][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 199.308201][ C0] ? _raw_spin_lock+0xf0/0xf0 [ 199.312872][ C0] tipc_sk_filter_rcv+0x315a/0x3910 [ 199.318054][ C0] ? __stack_depot_save+0x47d/0x4c0 [ 199.323248][ C0] ? kasan_set_track+0x5b/0x70 [ 199.328262][ C0] ? kasan_set_track+0x4a/0x70 [ 199.333019][ C0] ? kasan_set_free_info+0x23/0x40 [ 199.338288][ C0] ? ____kasan_slab_free+0x125/0x160 [ 199.343661][ C0] ? __kasan_slab_free+0x11/0x20 [ 199.348609][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 199.354244][ C0] ? kmem_cache_free+0x100/0x2d0 [ 199.359271][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.364029][ C0] ? tipc_msg_reverse+0x698/0x900 [ 199.369152][ C0] ? tipc_sk_filter_rcv+0xcd2/0x3910 [ 199.374561][ C0] ? tipc_sk_backlog_rcv+0x117/0x210 [ 199.380097][ C0] ? __release_sock+0x146/0x360 [ 199.385020][ C0] ? sock_setsockopt+0x1840/0x2680 [ 199.390382][ C0] ? __x64_sys_setsockopt+0xbf/0xd0 [ 199.395657][ C0] ? do_syscall_64+0x31/0x40 [ 199.400582][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 199.406688][ C0] ? tipc_sk_dump+0xfc0/0xfc0 [ 199.411466][ C0] ? __kasan_check_write+0x14/0x20 [ 199.416711][ C0] ? _raw_spin_lock_bh+0x94/0xf0 [ 199.421762][ C0] tipc_sk_rcv+0x742/0x1dc0 [ 199.426256][ C0] ? kfree_skbmem+0x10c/0x180 [ 199.430920][ C0] ? __skb_queue_purge+0x170/0x170 [ 199.436010][ C0] ? tipc_sk_filter_rcv+0x30d7/0x3910 [ 199.441389][ C0] tipc_node_xmit+0x26c/0xd80 [ 199.446079][ C0] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 199.451794][ C0] tipc_node_distr_xmit+0x2a3/0x3b0 [ 199.457251][ C0] ? tipc_node_xmit_skb+0x150/0x150 [ 199.462628][ C0] tipc_sk_backlog_rcv+0x17d/0x210 [ 199.467809][ C0] ? tipc_sk_timeout+0x990/0x990 [ 199.472735][ C0] ? __local_bh_enable_ip+0x53/0x80 [ 199.478198][ C0] ? lock_sock_nested+0x21c/0x2a0 [ 199.483292][ C0] ? _raw_spin_unlock+0x4d/0x70 [ 199.488388][ C0] __release_sock+0x146/0x360 [ 199.493146][ C0] sock_setsockopt+0x1840/0x2680 [ 199.498089][ C0] ? __sock_set_mark+0x160/0x160 [ 199.503114][ C0] ? selinux_socket_setsockopt+0x282/0x360 [ 199.509000][ C0] ? selinux_socket_getsockopt+0x340/0x340 [ 199.514799][ C0] ? __kasan_check_write+0x14/0x20 [ 199.519895][ C0] ? __fget_files+0x2c4/0x320 [ 199.524553][ C0] ? security_socket_setsockopt+0x82/0xa0 [ 199.530719][ C0] __sys_setsockopt+0x272/0x480 [ 199.535572][ C0] ? __ia32_sys_recv+0xb0/0xb0 [ 199.540951][ C0] __x64_sys_setsockopt+0xbf/0xd0 [ 199.545963][ C0] do_syscall_64+0x31/0x40 [ 199.550452][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 199.556323][ C0] RIP: 0033:0x7fa24b1658f9 [ 199.560734][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.580959][ C0] RSP: 002b:00007fa24abab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 199.589462][ C0] RAX: ffffffffffffffda RBX: 00007fa24b393080 RCX: 00007fa24b1658f9 [ 199.597644][ C0] RDX: 0000000000000021 RSI: 0000000000000001 RDI: 0000000000000003 [ 199.605846][ C0] RBP: 00007fa24b1f8984 R08: 0000000000000004 R09: 0000000000000000 [ 199.613914][ C0] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000000 [ 199.622003][ C0] R13: 0000000000000001 R14: 00007fa24b393080 R15: 00007fff8e4f75c8 [ 199.629975][ C0] Sending NMI from CPU 0 to CPUs 1: [ 199.635645][ C1] NMI backtrace for cpu 1 [ 199.635650][ C1] CPU: 1 PID: 575 Comm: syz.2.43 Not tainted syzkaller #0 [ 199.635655][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.635659][ C1] RIP: 0010:kvm_wait+0xce/0x130 [ 199.635668][ C1] Code: 38 f0 75 26 41 f7 c4 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d c3 1e b8 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d b4 1e b8 03 fb f4 <4c> 89 64 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 4b c7 04 [ 199.635672][ C1] RSP: 0018:ffffc900010376e0 EFLAGS: 00000246 [ 199.635680][ C1] RAX: 0000000000000003 RBX: ffff888119176888 RCX: ffffffff814bed1a [ 199.635684][ C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888119176888 [ 199.635689][ C1] RBP: ffffc90001037790 R08: ffff888119176888 R09: 1ffff1102322ed11 [ 199.635693][ C1] R10: dffffc0000000000 R11: ffffed102322ed12 R12: 0000000000000246 [ 199.635697][ C1] R13: 1ffff1102322ed11 R14: dffffc0000000000 R15: 1ffff92000206ee0 [ 199.635701][ C1] FS: 00007fa24abcc6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 199.635705][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.635709][ C1] CR2: 0000200000000000 CR3: 0000000119a7a000 CR4: 00000000003506a0 [ 199.635713][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.635717][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.635720][ C1] Call Trace: [ 199.635723][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 199.635726][ C1] __pv_queued_spin_lock_slowpath+0x714/0xb70 [ 199.635730][ C1] ? __pv_queued_spin_unlock_slowpath+0x280/0x280 [ 199.635733][ C1] queued_spin_lock_slowpath+0x47/0x50 [ 199.635736][ C1] _raw_spin_lock_bh+0xe4/0xf0 [ 199.635739][ C1] ? _raw_spin_lock_irq+0xf0/0xf0 [ 199.635742][ C1] ? selinux_socket_sendmsg+0x22f/0x340 [ 199.635745][ C1] lock_sock_nested+0x90/0x2a0 [ 199.635748][ C1] ? sock_init_data+0xc0/0xc0 [ 199.635751][ C1] ? _raw_spin_lock_bh+0x94/0xf0 [ 199.635754][ C1] ? _raw_spin_unlock_bh+0x51/0x60 [ 199.635757][ C1] tipc_sendstream+0x47/0x70 [ 199.635760][ C1] ? tipc_getsockopt+0x4d0/0x4d0 [ 199.635763][ C1] ____sys_sendmsg+0x5b7/0x8f0 [ 199.635766][ C1] ? __sys_sendmsg_sock+0x40/0x40 [ 199.635769][ C1] ? import_iovec+0x7c/0xb0 [ 199.635772][ C1] ___sys_sendmsg+0x236/0x2e0 [ 199.635775][ C1] ? __sys_sendmsg+0x280/0x280 [ 199.635778][ C1] ? memcpy+0x56/0x70 [ 199.635780][ C1] ? __fdget+0x1a1/0x230 [ 199.635783][ C1] __x64_sys_sendmsg+0x1f9/0x2c0 [ 199.635786][ C1] ? __kasan_check_write+0x14/0x20 [ 199.635789][ C1] ? ___sys_sendmsg+0x2e0/0x2e0 [ 199.635793][ C1] ? debug_smp_processor_id+0x17/0x20 [ 199.635796][ C1] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 199.635799][ C1] ? exit_to_user_mode_prepare+0x2f/0xa0 [ 199.635802][ C1] do_syscall_64+0x31/0x40 [ 199.635805][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 199.635808][ C1] RIP: 0033:0x7fa24b1658f9 [ 199.635824][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.635828][ C1] RSP: 002b:00007fa24abcc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.635835][ C1] RAX: ffffffffffffffda RBX: 00007fa24b392fa0 RCX: 00007fa24b1658f9 [ 199.635840][ C1] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004 [ 199.635844][ C1] RBP: 00007fa24b1f8984 R08: 0000000000000000 R09: 0000000000000000 [ 199.635848][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.635852][ C1] R13: 0000000000000000 R14: 00007fa24b392fa0 R15: 00007fff8e4f75c8