Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts.
2025/08/18 18:17:28 ignoring optional flag "sandboxArg"="0"
2025/08/18 18:17:29 parsed 1 programs
[   51.447879][   T30] kauditd_printk_skb: 30 callbacks suppressed
[   51.447893][   T30] audit: type=1400 audit(1755541050.316:104): avc:  denied  { unlink } for  pid=395 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   51.521786][  T395] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   51.949131][   T30] audit: type=1400 audit(1755541050.816:105): avc:  denied  { create } for  pid=408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   52.096220][   T30] audit: type=1401 audit(1755541050.956:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   52.327168][  T437] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.334364][  T437] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.341888][  T437] device bridge_slave_0 entered promiscuous mode
[   52.348682][  T437] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.355736][  T437] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.363133][  T437] device bridge_slave_1 entered promiscuous mode
[   52.407003][  T437] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.414058][  T437] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.421353][  T437] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.428656][  T437] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.444662][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.452404][  T300] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.459961][  T300] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.469786][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.478342][  T300] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.485368][  T300] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.494148][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.502395][  T300] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.509554][  T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.520893][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.530113][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.542488][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.553232][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.561181][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.568644][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.576838][  T437] device veth0_vlan entered promiscuous mode
[   52.586013][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.595244][  T437] device veth1_macvtap entered promiscuous mode
[   52.603972][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.614075][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/08/18 18:17:31 executed programs: 0
[   52.838945][   T30] audit: type=1400 audit(1755541051.706:107): avc:  denied  { write } for  pid=386 comm="syz-execprog" path="pipe:[15026]" dev="pipefs" ino=15026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   52.882873][  T461] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.890410][  T461] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.898441][  T461] device bridge_slave_0 entered promiscuous mode
[   52.905476][  T461] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.912618][  T461] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.920221][  T461] device bridge_slave_1 entered promiscuous mode
[   52.964218][  T461] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.971424][  T461] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.978889][  T461] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.985897][  T461] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.002151][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.009886][  T300] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.017061][  T300] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.026331][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.034623][  T300] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.041685][  T300] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.054086][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.062508][  T300] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.069539][  T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.084749][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.094010][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.106866][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.117802][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.125934][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   53.133565][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   53.145523][  T461] device veth0_vlan entered promiscuous mode
[   53.154773][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.164144][  T461] device veth1_macvtap entered promiscuous mode
[   53.173272][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.183328][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   53.206514][   T30] audit: type=1400 audit(1755541052.066:108): avc:  denied  { create } for  pid=471 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.226036][   T30] audit: type=1400 audit(1755541052.066:109): avc:  denied  { write } for  pid=471 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.269123][   T30] audit: type=1400 audit(1755541052.136:110): avc:  denied  { setopt } for  pid=471 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  153.417214][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  153.424342][    C1] 	(detected by 1, t=10002 jiffies, g=2413, q=70)
[  153.431145][    C1] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4294952556-4294942554), jiffies_till_next_fqs=1, root ->qsmask 0x0
[  153.444723][    C1] rcu: rcu_preempt kthread starved for 10002 jiffies! g2413 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  153.456174][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  153.466128][    C1] rcu: RCU grace-period kthread stack dump:
[  153.472359][    C1] task:rcu_preempt     state:R  running task     stack:28720 pid:   14 ppid:     2 flags:0x00004000
[  153.483138][    C1] Call Trace:
[  153.486716][    C1]  <TASK>
[  153.489932][    C1]  __schedule+0xb6e/0x14c0
[  153.494375][    C1]  ? release_firmware_map_entry+0x190/0x190
[  153.500254][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  153.506170][    C1]  ? __mod_timer+0x7ae/0xb30
[  153.510769][    C1]  schedule+0x11e/0x1e0
[  153.514939][    C1]  schedule_timeout+0x12c/0x2e0
[  153.519769][    C1]  ? console_conditional_schedule+0x30/0x30
[  153.525726][    C1]  ? update_process_times+0x200/0x200
[  153.531074][    C1]  ? prepare_to_swait_event+0x308/0x320
[  153.536606][    C1]  rcu_gp_fqs_loop+0x293/0xf60
[  153.541526][    C1]  ? debug_smp_processor_id+0x17/0x20
[  153.546906][    C1]  ? __note_gp_changes+0x4e2/0x9e0
[  153.552019][    C1]  ? rcu_gp_init+0xc00/0xc00
[  153.556609][    C1]  ? _raw_spin_unlock_irq+0x4e/0x70
[  153.561923][    C1]  ? rcu_gp_init+0x9a7/0xc00
[  153.566510][    C1]  rcu_gp_kthread+0x98/0x330
[  153.571095][    C1]  ? wake_nocb_gp+0x1d0/0x1d0
[  153.575815][    C1]  ? __kasan_check_read+0x11/0x20
[  153.580830][    C1]  ? __kthread_parkme+0xac/0x200
[  153.585784][    C1]  ? preempt_count_add+0x90/0x1b0
[  153.590803][    C1]  kthread+0x411/0x500
[  153.594951][    C1]  ? wake_nocb_gp+0x1d0/0x1d0
[  153.599980][    C1]  ? kthread_blkcg+0xd0/0xd0
[  153.604691][    C1]  ret_from_fork+0x1f/0x30
[  153.609311][    C1]  </TASK>
[  153.612573][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  153.618882][    C1] NMI backtrace for cpu 1
[  153.623200][    C1] CPU: 1 PID: 478 Comm: syz.2.18 Not tainted 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[  153.633110][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  153.643153][    C1] Call Trace:
[  153.646423][    C1]  <IRQ>
[  153.649255][    C1]  __dump_stack+0x21/0x30
[  153.653677][    C1]  dump_stack_lvl+0xee/0x150
[  153.658554][    C1]  ? show_regs_print_info+0x20/0x20
[  153.663743][    C1]  dump_stack+0x15/0x20
[  153.667970][    C1]  nmi_cpu_backtrace+0x2b4/0x2c0
[  153.672888][    C1]  ? nmi_trigger_cpumask_backtrace+0x240/0x240
[  153.679036][    C1]  ? load_image+0x3a0/0x3a0
[  153.683541][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  153.689586][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  153.695639][    C1]  nmi_trigger_cpumask_backtrace+0x138/0x240
[  153.701606][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  153.707601][    C1]  rcu_check_gp_kthread_starvation+0x1e0/0x260
[  153.713754][    C1]  print_other_cpu_stall+0xded/0xfd0
[  153.719046][    C1]  ? print_cpu_stall+0x600/0x600
[  153.723970][    C1]  ? tick_nohz_handler+0x300/0x300
[  153.729095][    C1]  ? accumulate_nsecs_to_secs+0xb1/0x230
[  153.734951][    C1]  ? cgroup_rstat_updated+0xf5/0x370
[  153.740228][    C1]  rcu_sched_clock_irq+0x8a3/0x12b0
[  153.745412][    C1]  ? rcu_boost_kthread_setaffinity+0x310/0x310
[  153.751538][    C1]  ? raise_softirq+0x71/0xe0
[  153.756106][    C1]  ? __raise_softirq_irqoff+0xd0/0xd0
[  153.761680][    C1]  ? hrtimer_run_queues+0x166/0x430
[  153.766882][    C1]  update_process_times+0x198/0x200
[  153.772068][    C1]  tick_sched_timer+0x17c/0x240
[  153.776937][    C1]  ? tick_setup_sched_timer+0x450/0x450
[  153.782457][    C1]  __hrtimer_run_queues+0x3b5/0x9e0
[  153.787642][    C1]  ? hrtimer_interrupt+0x8c0/0x8c0
[  153.792740][    C1]  ? ktime_get_update_offsets_now+0x2fa/0x310
[  153.798795][    C1]  hrtimer_interrupt+0x3c7/0x8c0
[  153.803736][    C1]  __sysvec_apic_timer_interrupt+0xfa/0x3e0
[  153.809722][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  153.815346][    C1]  </IRQ>
[  153.818277][    C1]  <TASK>
[  153.821217][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  153.827203][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[  153.833512][    C1] Code: 00 00 00 0f 0b 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d bc 64 80 05 48 89 de e8 a4 c1 3d 00 5b 5d c3 00 <55> 48 89 e5 48 8b 45 08 65 48 8b 0d a0 bd 99 7e 65 8b 15 a1 bd 99
[  153.853451][    C1] RSP: 0018:ffffc90000bc68d8 EFLAGS: 00000297
[  153.860041][    C1] RAX: ffffffff848d233c RBX: ffff88812d45ed80 RCX: ffff888118878000
[  153.868131][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000007ffffffe
[  153.876119][    C1] RBP: ffffc90000bc69d0 R08: dffffc0000000000 R09: ffffed1025a8bdb1
[  153.884262][    C1] R10: ffffed1025a8bdb1 R11: 1ffff11025a8bdb0 R12: dffffc0000000000
[  153.892226][    C1] R13: ffff88812d45ed00 R14: 0000000000000004 R15: fffffffffffffc08
[  153.900181][    C1]  ? tipc_sk_lookup+0x50c/0x5f0
[  153.905215][    C1]  ? tipc_sk_lookup+0x51a/0x5f0
[  153.910063][    C1]  ? tipc_sk_rcv+0x2c60/0x2c60
[  153.914939][    C1]  ? tipc_sk_rcv+0x1a10/0x2c60
[  153.919787][    C1]  tipc_sk_rcv+0x3fe/0x2c60
[  153.924685][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  153.930597][    C1]  ? __stack_depot_save+0x442/0x480
[  153.936103][    C1]  ? kasan_set_track+0x5b/0x70
[  153.940858][    C1]  ? kasan_set_track+0x4a/0x70
[  153.945617][    C1]  ? kasan_set_free_info+0x23/0x40
[  153.950710][    C1]  ? ____kasan_slab_free+0x125/0x160
[  153.956095][    C1]  ? __kasan_slab_free+0x11/0x20
[  153.961073][    C1]  ? slab_free_freelist_hook+0xc2/0x190
[  153.966613][    C1]  ? kmem_cache_free+0x100/0x320
[  153.971666][    C1]  ? kfree_skbmem+0x10c/0x180
[  153.976340][    C1]  ? tipc_sk_rcv+0x1ce4/0x2c60
[  153.981084][    C1]  ? tipc_sk_filter_rcv+0x151b/0x2c40
[  153.986525][    C1]  ? tipc_release+0xd0b/0x1630
[  153.991273][    C1]  ? syscall_exit_to_user_mode+0x1a/0x30
[  153.996889][    C1]  ? do_syscall_64+0x58/0xa0
[  154.001455][    C1]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  154.007507][    C1]  ? __skb_queue_purge+0x170/0x170
[  154.012685][    C1]  tipc_node_xmit+0x256/0xce0
[  154.017373][    C1]  ? ____kasan_slab_free+0x130/0x160
[  154.022639][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  154.028250][    C1]  ? slab_free_freelist_hook+0xc2/0x190
[  154.033779][    C1]  ? kfree_skbmem+0x10c/0x180
[  154.038589][    C1]  ? kmem_cache_free+0x100/0x320
[  154.043612][    C1]  ? skb_release_data+0x814/0xa10
[  154.048763][    C1]  tipc_node_xmit_skb+0xe9/0x130
[  154.053957][    C1]  ? kfree_skb+0xc1/0x2f0
[  154.058367][    C1]  ? __skb_queue_purge+0x170/0x170
[  154.063481][    C1]  ? trace_tipc_sk_rej_msg+0x25/0x150
[  154.068846][    C1]  tipc_sk_rcv+0x1d5d/0x2c60
[  154.073445][    C1]  ? __update_idle_core+0x2a0/0x2a0
[  154.078630][    C1]  ? __schedule+0xb76/0x14c0
[  154.083405][    C1]  ? __skb_queue_purge+0x170/0x170
[  154.088855][    C1]  tipc_node_xmit+0x256/0xce0
[  154.093530][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  154.099058][    C1]  ? __kernel_text_address+0xa0/0x100
[  154.104408][    C1]  ? unwind_get_return_address+0x4d/0x90
[  154.110046][    C1]  ? __kasan_check_write+0x14/0x20
[  154.115294][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  154.120764][    C1]  tipc_sk_filter_rcv+0x151b/0x2c40
[  154.125956][    C1]  ? tipc_sk_publish+0x440/0x440
[  154.130869][    C1]  ? __kasan_check_write+0x14/0x20
[  154.135956][    C1]  ? _raw_spin_lock_bh+0x8e/0xe0
[  154.141052][    C1]  tipc_sk_rcv+0x7b7/0x2c60
[  154.145541][    C1]  ? kfree_skbmem+0x10c/0x180
[  154.150395][    C1]  ? skb_release_data+0x814/0xa10
[  154.155399][    C1]  ? __skb_queue_purge+0x170/0x170
[  154.160635][    C1]  ? tipc_sk_filter_rcv+0x29de/0x2c40
[  154.166093][    C1]  tipc_node_xmit+0x256/0xce0
[  154.170938][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  154.176519][    C1]  ? kasan_quarantine_put+0x34/0x190
[  154.181817][    C1]  tipc_node_distr_xmit+0x292/0x390
[  154.187201][    C1]  ? tipc_node_xmit_skb+0x130/0x130
[  154.192392][    C1]  ? kfree_skbmem+0x10c/0x180
[  154.197151][    C1]  tipc_sk_backlog_rcv+0x16f/0x1f0
[  154.202339][    C1]  ? tipc_sk_timeout+0x970/0x970
[  154.207267][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  154.212725][    C1]  __release_sock+0x143/0x350
[  154.217396][    C1]  release_sock+0x60/0x1b0
[  154.221818][    C1]  tipc_release+0xd0b/0x1630
[  154.226545][    C1]  ? tipc_sock_destruct+0x180/0x180
[  154.231825][    C1]  ? kick_process+0xdc/0x150
[  154.236430][    C1]  sock_close+0xe0/0x270
[  154.240659][    C1]  ? sock_mmap+0xa0/0xa0
[  154.245175][    C1]  __fput+0x20b/0x8b0
[  154.249148][    C1]  ____fput+0x15/0x20
[  154.253456][    C1]  task_work_run+0x127/0x190
[  154.258121][    C1]  exit_to_user_mode_loop+0xd0/0xe0
[  154.263488][    C1]  exit_to_user_mode_prepare+0x5a/0xa0
[  154.268937][    C1]  syscall_exit_to_user_mode+0x1a/0x30
[  154.274558][    C1]  do_syscall_64+0x58/0xa0
[  154.278966][    C1]  ? clear_bhb_loop+0x50/0xa0
[  154.283663][    C1]  ? clear_bhb_loop+0x50/0xa0
[  154.288317][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  154.294210][    C1] RIP: 0033:0x7faf2192eda9
[  154.298708][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.318619][    C1] RSP: 002b:00007faf213a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.327294][    C1] RAX: 00000000000203a0 RBX: 00007faf21b47fa0 RCX: 00007faf2192eda9
[  154.336565][    C1] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[  154.344904][    C1] RBP: 00007faf219b02a0 R08: 0000000000000000 R09: 0000000000000000
[  154.353230][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  154.361298][    C1] R13: 0000000000000000 R14: 00007faf21b47fa0 R15: 00007fffc7032b88
[  154.369303][    C1]  </TASK>
[  199.113188][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.2.18:477]
[  199.121194][    C0] Modules linked in:
[  199.125089][    C0] CPU: 0 PID: 477 Comm: syz.2.18 Not tainted 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[  199.134877][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.144913][    C0] RIP: 0010:kvm_wait+0xf2/0x140
[  199.149765][    C0] Code: 92 d6 03 f4 eb 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 40 38 f0 75 10 66 90 0f 00 2d 00 92 d6 03 fb f4 <e9> 71 ff ff ff fb e9 6b ff ff ff e8 5e 2b 72 03 89 f9 80 e1 07 38
[  199.169807][    C0] RSP: 0018:ffffc90000b87900 EFLAGS: 00000246
[  199.175982][    C0] RAX: 0000000000000003 RBX: ffff88812d45ed88 RCX: ffffffff814f3469
[  199.184037][    C0] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff88812d45ed88
[  199.191999][    C0] RBP: ffffc90000b87990 R08: dffffc0000000000 R09: ffffed1025a8bdb2
[  199.199967][    C0] R10: ffffed1025a8bdb2 R11: 1ffff11025a8bdb1 R12: 1ffff1103ee00001
[  199.207927][    C0] R13: ffff8881f7038ad4 R14: dffffc0000000000 R15: 1ffff92000170f20
[  199.215886][    C0] FS:  0000555581aa8500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  199.224802][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  199.231392][    C0] CR2: 0000000020004000 CR3: 000000012d7f7000 CR4: 00000000003506b0
[  199.239452][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  199.247420][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  199.255377][    C0] Call Trace:
[  199.258656][    C0]  <TASK>
[  199.261658][    C0]  ? kvm_arch_para_hints+0x30/0x30
[  199.266762][    C0]  ? __pv_queued_spin_lock_slowpath+0x5b9/0x9c0
[  199.273002][    C0]  __pv_queued_spin_lock_slowpath+0x60f/0x9c0
[  199.279057][    C0]  ? __pv_queued_spin_unlock_slowpath+0x300/0x300
[  199.285551][    C0]  ? stack_trace_save+0x98/0xe0
[  199.290473][    C0]  ? __stack_depot_save+0x34/0x480
[  199.295660][    C0]  ? __schedule+0xb76/0x14c0
[  199.300238][    C0]  queued_spin_lock_slowpath+0x47/0x50
[  199.305777][    C0]  _raw_spin_lock_bh+0xd8/0xe0
[  199.310536][    C0]  ? _raw_spin_lock_irq+0xe0/0xe0
[  199.315548][    C0]  ? task_work_add+0x27/0x1e0
[  199.320211][    C0]  ? fput+0x1a/0x20
[  199.324017][    C0]  ? filp_close+0x105/0x150
[  199.328595][    C0]  ? __close_range+0x203/0x3e0
[  199.333351][    C0]  ? __x64_sys_close_range+0x7a/0x90
[  199.338632][    C0]  ? do_syscall_64+0x4c/0xa0
[  199.343323][    C0]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  199.349467][    C0]  lock_sock_nested+0x97/0x290
[  199.354229][    C0]  ? sock_init_data+0xc0/0xc0
[  199.358898][    C0]  ? locks_remove_posix+0x520/0x520
[  199.364085][    C0]  tipc_release+0xb2/0x1630
[  199.368595][    C0]  ? rwsem_write_trylock+0x130/0x300
[  199.373894][    C0]  ? tipc_sock_destruct+0x180/0x180
[  199.379094][    C0]  ? __kasan_check_write+0x14/0x20
[  199.384201][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  199.388873][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  199.394236][    C0]  sock_close+0xe0/0x270
[  199.398471][    C0]  ? sock_mmap+0xa0/0xa0
[  199.402706][    C0]  __fput+0x20b/0x8b0
[  199.406676][    C0]  ____fput+0x15/0x20
[  199.410639][    C0]  task_work_run+0x127/0x190
[  199.415218][    C0]  exit_to_user_mode_loop+0xd0/0xe0
[  199.420489][    C0]  exit_to_user_mode_prepare+0x5a/0xa0
[  199.425942][    C0]  syscall_exit_to_user_mode+0x1a/0x30
[  199.431429][    C0]  do_syscall_64+0x58/0xa0
[  199.435868][    C0]  ? clear_bhb_loop+0x50/0xa0
[  199.440638][    C0]  ? clear_bhb_loop+0x50/0xa0
[  199.445308][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  199.451192][    C0] RIP: 0033:0x7faf2192eda9
[  199.455621][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.475445][    C0] RSP: 002b:00007fffc7032ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  199.483934][    C0] RAX: 0000000000000000 RBX: 00007faf21b49ba0 RCX: 00007faf2192eda9
[  199.491895][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  199.499939][    C0] RBP: 00007faf21b49ba0 R08: 0000000000000000 R09: 00007fffc7032fef
[  199.507905][    C0] R10: 00007faf21b49ac0 R11: 0000000000000246 R12: 000000000000d38d
[  199.515860][    C0] R13: 00007faf21b48080 R14: 0000000000000032 R15: ffffffffffffffff
[  199.523830][    C0]  </TASK>
[  199.526864][    C0] Sending NMI from CPU 0 to CPUs 1:
[  199.532065][    C1] NMI backtrace for cpu 1
[  199.532074][    C1] CPU: 1 PID: 478 Comm: syz.2.18 Not tainted 5.15.189-syzkaller-1081280-gf32b52534f1d #0
[  199.532088][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.532095][    C1] RIP: 0010:tipc_sk_rcv+0x2b8/0x2c60
[  199.532117][    C1] Code: 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 3b 36 1a fd 4d 8b 3f 49 83 c7 14 4c 89 f8 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 f7 1a 00 00 45 8b 3f 41 0f cf 83 7c 24 70 00 0f 84 f0
[  199.532128][    C1] RSP: 0018:ffffc90000bc69e0 EFLAGS: 00000a07
[  199.532141][    C1] RAX: 0000000000000000 RBX: ffff888116d58280 RCX: ffff888118878000
[  199.532151][    C1] RDX: 0000000000000000 RSI: 000000001ee80c42 RDI: 0000000000000000
[  199.532160][    C1] RBP: ffffc90000bc6c70 R08: 0000000000000004 R09: 0000000000000003
[  199.532169][    C1] R10: fffff52000178d2c R11: 1ffff92000178d2c R12: ffff88811653f000
[  199.532179][    C1] R13: dffffc0000000000 R14: ffffc90000bc6e20 R15: ffff88811316c8c4
[  199.532189][    C1] FS:  00007faf213a16c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  199.532202][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  199.532211][    C1] CR2: 00007faf2137ff98 CR3: 000000012d7f7000 CR4: 00000000003506a0
[  199.532224][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  199.532231][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  199.532240][    C1] Call Trace:
[  199.532245][    C1]  <TASK>
[  199.532250][    C1]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  199.532267][    C1]  ? __stack_depot_save+0x442/0x480
[  199.532284][    C1]  ? kasan_set_track+0x5b/0x70
[  199.532297][    C1]  ? kasan_set_track+0x4a/0x70
[  199.532308][    C1]  ? kasan_set_free_info+0x23/0x40
[  199.532321][    C1]  ? ____kasan_slab_free+0x125/0x160
[  199.532333][    C1]  ? __kasan_slab_free+0x11/0x20
[  199.532345][    C1]  ? slab_free_freelist_hook+0xc2/0x190
[  199.532360][    C1]  ? kmem_cache_free+0x100/0x320
[  199.532373][    C1]  ? kfree_skbmem+0x10c/0x180
[  199.532388][    C1]  ? tipc_sk_rcv+0x1ce4/0x2c60
[  199.532402][    C1]  ? tipc_sk_filter_rcv+0x151b/0x2c40
[  199.532418][    C1]  ? tipc_release+0xd0b/0x1630
[  199.532429][    C1]  ? syscall_exit_to_user_mode+0x1a/0x30
[  199.532445][    C1]  ? do_syscall_64+0x58/0xa0
[  199.532458][    C1]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  199.532473][    C1]  ? __skb_queue_purge+0x170/0x170
[  199.532490][    C1]  tipc_node_xmit+0x256/0xce0
[  199.532504][    C1]  ? ____kasan_slab_free+0x130/0x160
[  199.532517][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  199.532530][    C1]  ? slab_free_freelist_hook+0xc2/0x190
[  199.532545][    C1]  ? kfree_skbmem+0x10c/0x180
[  199.532558][    C1]  ? kmem_cache_free+0x100/0x320
[  199.532571][    C1]  ? skb_release_data+0x814/0xa10
[  199.532586][    C1]  tipc_node_xmit_skb+0xe9/0x130
[  199.532600][    C1]  ? kfree_skb+0xc1/0x2f0
[  199.532613][    C1]  ? __skb_queue_purge+0x170/0x170
[  199.532628][    C1]  ? trace_tipc_sk_rej_msg+0x25/0x150
[  199.532642][    C1]  tipc_sk_rcv+0x1d5d/0x2c60
[  199.532658][    C1]  ? __update_idle_core+0x2a0/0x2a0
[  199.532675][    C1]  ? __schedule+0xb76/0x14c0
[  199.532690][    C1]  ? __skb_queue_purge+0x170/0x170
[  199.532707][    C1]  tipc_node_xmit+0x256/0xce0
[  199.532721][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  199.532735][    C1]  ? __kernel_text_address+0xa0/0x100
[  199.532749][    C1]  ? unwind_get_return_address+0x4d/0x90
[  199.532765][    C1]  ? __kasan_check_write+0x14/0x20
[  199.532778][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  199.532803][    C1]  tipc_sk_filter_rcv+0x151b/0x2c40
[  199.532824][    C1]  ? tipc_sk_publish+0x440/0x440
[  199.532839][    C1]  ? __kasan_check_write+0x14/0x20
[  199.532852][    C1]  ? _raw_spin_lock_bh+0x8e/0xe0
[  199.532867][    C1]  tipc_sk_rcv+0x7b7/0x2c60
[  199.532883][    C1]  ? kfree_skbmem+0x10c/0x180
[  199.532895][    C1]  ? skb_release_data+0x814/0xa10
[  199.532910][    C1]  ? __skb_queue_purge+0x170/0x170
[  199.532927][    C1]  ? tipc_sk_filter_rcv+0x29de/0x2c40
[  199.532942][    C1]  tipc_node_xmit+0x256/0xce0
[  199.532957][    C1]  ? tipc_node_get_linkname+0x1a0/0x1a0
[  199.532972][    C1]  ? kasan_quarantine_put+0x34/0x190
[  199.532987][    C1]  tipc_node_distr_xmit+0x292/0x390
[  199.533002][    C1]  ? tipc_node_xmit_skb+0x130/0x130
[  199.533017][    C1]  ? kfree_skbmem+0x10c/0x180
[  199.533030][    C1]  tipc_sk_backlog_rcv+0x16f/0x1f0
[  199.533045][    C1]  ? tipc_sk_timeout+0x970/0x970
[  199.533059][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  199.533075][    C1]  __release_sock+0x143/0x350
[  199.533088][    C1]  release_sock+0x60/0x1b0
[  199.533100][    C1]  tipc_release+0xd0b/0x1630
[  199.533112][    C1]  ? tipc_sock_destruct+0x180/0x180
[  199.533128][    C1]  ? kick_process+0xdc/0x150
[  199.533142][    C1]  sock_close+0xe0/0x270
[  199.533157][    C1]  ? sock_mmap+0xa0/0xa0
[  199.533171][    C1]  __fput+0x20b/0x8b0
[  199.533185][    C1]  ____fput+0x15/0x20
[  199.533197][    C1]  task_work_run+0x127/0x190
[  199.533209][    C1]  exit_to_user_mode_loop+0xd0/0xe0
[  199.533222][    C1]  exit_to_user_mode_prepare+0x5a/0xa0
[  199.533235][    C1]  syscall_exit_to_user_mode+0x1a/0x30
[  199.533249][    C1]  do_syscall_64+0x58/0xa0
[  199.533262][    C1]  ? clear_bhb_loop+0x50/0xa0
[  199.533276][    C1]  ? clear_bhb_loop+0x50/0xa0
[  199.533290][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  199.533305][    C1] RIP: 0033:0x7faf2192eda9
[  199.533317][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.533327][    C1] RSP: 002b:00007faf213a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  199.533340][    C1] RAX: 00000000000203a0 RBX: 00007faf21b47fa0 RCX: 00007faf2192eda9
[  199.533349][    C1] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003
[  199.533357][    C1] RBP: 00007faf219b02a0 R08: 0000000000000000 R09: 0000000000000000
[  199.533366][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.533373][    C1] R13: 0000000000000000 R14: 00007faf21b47fa0 R15: 00007fffc7032b88
[  199.533385][    C1]  </TASK>