syzkaller syzkaller login: [ 14.383774][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 14.383787][ T24] audit: type=1400 audit(1759501727.840:59): avc: denied { transition } for pid=217 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.395633][ T24] audit: type=1400 audit(1759501727.840:60): avc: denied { noatsecure } for pid=217 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.403797][ T24] audit: type=1400 audit(1759501727.840:61): avc: denied { write } for pid=217 comm="sh" path="pipe:[13963]" dev="pipefs" ino=13963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.426206][ T24] audit: type=1400 audit(1759501727.840:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.445186][ T24] audit: type=1400 audit(1759501727.840:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. 2025/10/03 14:31:18 parsed 1 programs [ 165.526239][ T24] audit: type=1400 audit(1759501878.980:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 165.548337][ T24] audit: type=1400 audit(1759501878.980:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 165.568247][ T24] audit: type=1400 audit(1759501878.980:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 166.486454][ T24] audit: type=1400 audit(1759501879.950:67): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 166.488137][ T282] cgroup: Unknown subsys name 'net' [ 166.509347][ T24] audit: type=1400 audit(1759501879.950:68): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 166.537271][ T24] audit: type=1400 audit(1759501879.970:69): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 166.537278][ T282] cgroup: Unknown subsys name 'devices' [ 166.710118][ T282] cgroup: Unknown subsys name 'hugetlb' [ 166.715825][ T282] cgroup: Unknown subsys name 'rlimit' [ 166.955034][ T24] audit: type=1400 audit(1759501880.410:70): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 166.978289][ T24] audit: type=1400 audit(1759501880.410:71): avc: denied { create } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 166.998857][ T24] audit: type=1400 audit(1759501880.410:72): avc: denied { write } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 167.004763][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 167.019387][ T24] audit: type=1400 audit(1759501880.410:73): avc: denied { read } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 167.047964][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 167.452568][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 167.463690][ T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 168.035282][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.042373][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.049813][ T331] device bridge_slave_0 entered promiscuous mode [ 168.056631][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.063818][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.071174][ T331] device bridge_slave_1 entered promiscuous mode [ 168.106513][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.113609][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.121004][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.128055][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.145556][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.152896][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.160238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.167654][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.176588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.184733][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.191860][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.200575][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.208793][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.215825][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.227735][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.237066][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.250767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 168.266317][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 168.274477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 168.281950][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 168.290080][ T331] device veth0_vlan entered promiscuous mode [ 168.300370][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 168.313943][ T331] device veth1_macvtap entered promiscuous mode [ 168.323273][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 168.333590][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/10/03 14:31:22 executed programs: 0 [ 168.676562][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.684172][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.692086][ T353] device bridge_slave_0 entered promiscuous mode [ 168.699303][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.706430][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.713950][ T353] device bridge_slave_1 entered promiscuous mode [ 168.753476][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.760702][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.768046][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.775273][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.793142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.800826][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.808152][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.829257][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.837914][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.845022][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.852808][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.861074][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.868100][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.875513][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.883712][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.896615][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 168.909618][ T353] device veth0_vlan entered promiscuous mode [ 168.916588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 168.925175][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 168.932935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 168.944767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 168.953867][ T353] device veth1_macvtap entered promiscuous mode [ 168.963015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 168.973176][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 309.838207][ T26] INFO: task kworker/u4:0:7 blocked for more than 122 seconds. [ 309.845850][ T26] Not tainted syzkaller #0 [ 310.008186][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 310.017170][ T26] task:kworker/u4:0 state:D stack: 0 pid: 7 ppid: 2 flags:0x10004000 [ 310.518280][ T26] Workqueue: netns cleanup_net [ 310.523891][ T26] Call Trace: [ 310.527722][ T26] __schedule+0xb47/0x1310 [ 310.878259][ T26] ? release_firmware_map_entry+0x190/0x190 [ 310.885180][ T26] ? __mutex_add_waiter+0xc7/0x270 [ 311.198218][ T26] ? __kasan_check_write+0x14/0x20 [ 311.203550][ T26] ? kthread_data+0x50/0xc0 [ 311.468227][ T26] ? wq_worker_sleeping+0x60/0x200 [ 311.474475][ T26] schedule+0x13c/0x1d0 [ 311.758229][ T26] schedule_preempt_disabled+0x13/0x20 [ 311.763902][ T26] __mutex_lock+0x6c0/0xc50 [ 312.048203][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 312.055206][ T26] ? debug_smp_processor_id+0x17/0x20 [ 312.358451][ T26] __mutex_lock_slowpath+0xe/0x10 [ 312.363554][ T26] mutex_lock+0xcf/0xe0 [ 312.367732][ T26] ? mutex_trylock+0xa0/0xa0 [ 312.718243][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 312.724128][ T26] ? cleanup_net+0x786/0xb70 [ 313.018227][ T26] rcu_barrier+0x46/0x400 [ 313.022619][ T26] cleanup_net+0x878/0xb70 [ 313.027138][ T26] ? __kasan_check_write+0x14/0x20 [ 313.348230][ T26] ? ops_init+0x4a0/0x4a0 [ 313.352622][ T26] ? read_word_at_a_time+0x12/0x20 [ 313.357842][ T26] ? strscpy+0x9b/0x290 [ 313.768216][ T26] process_one_work+0x6e1/0xba0 [ 313.773211][ T26] worker_thread+0xa6a/0x13b0 [ 313.777936][ T26] kthread+0x346/0x3d0 [ 314.108240][ T26] ? worker_clr_flags+0x190/0x190 [ 314.113321][ T26] ? kthread_blkcg+0xd0/0xd0 [ 314.117920][ T26] ret_from_fork+0x1f/0x30 [ 314.468233][ T26] INFO: task kworker/0:1:15 blocked for more than 127 seconds. [ 314.475925][ T26] Not tainted syzkaller #0 [ 314.828173][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 314.837064][ T26] task:kworker/0:1 state:D stack: 0 pid: 15 ppid: 2 flags:0x10004000 [ 315.298188][ T26] Workqueue: events fqdir_work_fn [ 315.303250][ T26] Call Trace: [ 315.306644][ T26] __schedule+0xb47/0x1310 [ 315.618247][ T26] ? release_firmware_map_entry+0x190/0x190 [ 315.624186][ T26] ? __mutex_add_waiter+0xc7/0x270 [ 315.938437][ T26] ? __kasan_check_write+0x14/0x20 [ 315.943598][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 316.198203][ T26] ? wq_worker_sleeping+0x196/0x200 [ 316.203443][ T26] schedule+0x13c/0x1d0 [ 316.207607][ T26] schedule_preempt_disabled+0x13/0x20 [ 316.578252][ T26] __mutex_lock+0x6c0/0xc50 [ 316.582887][ T26] ? debug_smp_processor_id+0x17/0x20 [ 316.838288][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 316.845089][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 317.178207][ T26] ? kvfree+0x35/0x40 [ 317.182234][ T26] __mutex_lock_slowpath+0xe/0x10 [ 317.187292][ T26] mutex_lock+0xcf/0xe0 [ 317.508223][ T26] ? mutex_trylock+0xa0/0xa0 [ 317.512859][ T26] ? inet_frag_pull_head+0x180/0x180 [ 317.788236][ T26] rcu_barrier+0x46/0x400 [ 317.792617][ T26] fqdir_work_fn+0x57/0xe0 [ 317.797043][ T26] process_one_work+0x6e1/0xba0 [ 318.128193][ T26] worker_thread+0xa6a/0x13b0 [ 318.132917][ T26] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 318.408195][ T26] ? __kasan_check_read+0x11/0x20 [ 318.413387][ T26] kthread+0x346/0x3d0 [ 318.417470][ T26] ? worker_clr_flags+0x190/0x190 [ 318.768190][ T26] ? kthread_blkcg+0xd0/0xd0 [ 318.772824][ T26] ret_from_fork+0x1f/0x30 [ 319.038193][ T26] INFO: task kworker/0:2:53 blocked for more than 131 seconds. [ 319.046119][ T26] Not tainted syzkaller #0 [ 319.388200][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 319.397037][ T26] task:kworker/0:2 state:D stack: 0 pid: 53 ppid: 2 flags:0x10004000 [ 319.839403][ T26] Workqueue: events fqdir_work_fn [ 319.844473][ T26] Call Trace: [ 319.847772][ T26] __schedule+0xb47/0x1310 [ 320.178211][ T26] ? release_firmware_map_entry+0x190/0x190 [ 320.184154][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 320.488224][ T26] ? wq_worker_sleeping+0x196/0x200 [ 320.493477][ T26] schedule+0x13c/0x1d0 [ 320.497641][ T26] schedule_preempt_disabled+0x13/0x20 [ 320.858191][ T26] __mutex_lock+0x6c0/0xc50 [ 320.863015][ T26] ? debug_smp_processor_id+0x17/0x20 [ 321.108268][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 321.115081][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 321.458230][ T26] ? kvfree+0x35/0x40 [ 321.462351][ T26] __mutex_lock_slowpath+0xe/0x10 [ 321.467383][ T26] mutex_lock+0xcf/0xe0 [ 321.818263][ T26] ? mutex_trylock+0xa0/0xa0 [ 321.823033][ T26] ? inet_frag_pull_head+0x180/0x180 [ 322.078244][ T26] rcu_barrier+0x46/0x400 [ 322.082615][ T26] fqdir_work_fn+0x57/0xe0 [ 322.087041][ T26] process_one_work+0x6e1/0xba0 [ 322.438220][ T26] worker_thread+0xa6a/0x13b0 [ 322.442966][ T26] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 322.708251][ T26] ? __kasan_check_read+0x11/0x20 [ 322.713810][ T26] kthread+0x346/0x3d0 [ 322.717893][ T26] ? worker_clr_flags+0x190/0x190 [ 323.108231][ T26] ? kthread_blkcg+0xd0/0xd0 [ 323.113400][ T26] ret_from_fork+0x1f/0x30 [ 323.348204][ T26] INFO: task kworker/0:4:319 blocked for more than 136 seconds. [ 323.356062][ T26] Not tainted syzkaller #0 [ 323.698198][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 323.707001][ T26] task:kworker/0:4 state:D stack: 0 pid: 319 ppid: 2 flags:0x10004000 [ 324.178230][ T26] Workqueue: events fqdir_work_fn [ 324.183296][ T26] Call Trace: [ 324.186686][ T26] __schedule+0xb47/0x1310 [ 324.528240][ T26] ? release_firmware_map_entry+0x190/0x190 [ 324.534180][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 324.808186][ T26] ? wq_worker_sleeping+0x196/0x200 [ 324.813526][ T26] schedule+0x13c/0x1d0 [ 324.817808][ T26] schedule_preempt_disabled+0x13/0x20 [ 325.208236][ T26] __mutex_lock+0x6c0/0xc50 [ 325.212827][ T26] ? debug_smp_processor_id+0x17/0x20 [ 325.468218][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 325.475120][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 325.828242][ T26] ? kvfree+0x35/0x40 [ 325.832273][ T26] __mutex_lock_slowpath+0xe/0x10 [ 325.837309][ T26] mutex_lock+0xcf/0xe0 [ 326.158210][ T26] ? mutex_trylock+0xa0/0xa0 [ 326.162852][ T26] ? inet_frag_pull_head+0x180/0x180 [ 326.168148][ T26] rcu_barrier+0x46/0x400 [ 326.412670][ T26] fqdir_work_fn+0x57/0xe0 [ 326.417529][ T26] process_one_work+0x6e1/0xba0 [ 326.778225][ T26] worker_thread+0xa6a/0x13b0 [ 326.782959][ T26] kthread+0x346/0x3d0 [ 326.787146][ T26] ? worker_clr_flags+0x190/0x190 [ 327.148187][ T26] ? kthread_blkcg+0xd0/0xd0 [ 327.152826][ T26] ret_from_fork+0x1f/0x30 [ 327.388201][ T26] INFO: task kworker/0:5:321 blocked for more than 140 seconds. [ 327.396052][ T26] Not tainted syzkaller #0 [ 327.728194][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 327.737138][ T26] task:kworker/0:5 state:D stack: 0 pid: 321 ppid: 2 flags:0x10004000 [ 328.208512][ T26] Workqueue: events fqdir_work_fn [ 328.213607][ T26] Call Trace: [ 328.216914][ T26] __schedule+0xb47/0x1310 [ 328.558198][ T26] ? release_firmware_map_entry+0x190/0x190 [ 328.564304][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 328.848211][ T26] ? wq_worker_sleeping+0x196/0x200 [ 328.853553][ T26] schedule+0x13c/0x1d0 [ 328.857717][ T26] schedule_preempt_disabled+0x13/0x20 [ 329.238472][ T26] __mutex_lock+0x6c0/0xc50 [ 329.243022][ T26] ? debug_smp_processor_id+0x17/0x20 [ 329.488191][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 329.495000][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 329.828245][ T26] ? kvfree+0x35/0x40 [ 329.832273][ T26] __mutex_lock_slowpath+0xe/0x10 [ 329.837317][ T26] mutex_lock+0xcf/0xe0 [ 330.178187][ T26] ? mutex_trylock+0xa0/0xa0 [ 330.182827][ T26] ? inet_frag_pull_head+0x180/0x180 [ 330.188149][ T26] rcu_barrier+0x46/0x400 [ 330.442580][ T26] fqdir_work_fn+0x57/0xe0 [ 330.447028][ T26] process_one_work+0x6e1/0xba0 [ 330.798205][ T26] worker_thread+0xa6a/0x13b0 [ 330.802934][ T26] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 331.058241][ T26] ? __kasan_check_read+0x11/0x20 [ 331.063797][ T26] kthread+0x346/0x3d0 [ 331.068080][ T26] ? worker_clr_flags+0x190/0x190 [ 331.438184][ T26] ? kthread_blkcg+0xd0/0xd0 [ 331.442821][ T26] ret_from_fork+0x1f/0x30 [ 331.688189][ T26] INFO: task kworker/0:6:378 blocked for more than 144 seconds. [ 331.695862][ T26] Not tainted syzkaller #0 [ 332.018169][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 332.026881][ T26] task:kworker/0:6 state:D stack: 0 pid: 378 ppid: 2 flags:0x10004000 [ 332.498198][ T26] Workqueue: events fqdir_work_fn [ 332.503283][ T26] Call Trace: [ 332.506593][ T26] __schedule+0xb47/0x1310 [ 332.828216][ T26] ? release_firmware_map_entry+0x190/0x190 [ 332.834152][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 333.118205][ T26] ? wq_worker_sleeping+0x196/0x200 [ 333.123454][ T26] schedule+0x13c/0x1d0 [ 333.127619][ T26] schedule_preempt_disabled+0x13/0x20 [ 333.518225][ T26] __mutex_lock+0x6c0/0xc50 [ 333.522952][ T26] ? debug_smp_processor_id+0x17/0x20 [ 333.788201][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 333.795049][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 334.098181][ T26] ? kvfree+0x35/0x40 [ 334.102210][ T26] __mutex_lock_slowpath+0xe/0x10 [ 334.107238][ T26] mutex_lock+0xcf/0xe0 [ 334.468231][ T26] ? mutex_trylock+0xa0/0xa0 [ 334.472868][ T26] ? inet_frag_pull_head+0x180/0x180 [ 334.718218][ T26] rcu_barrier+0x46/0x400 [ 334.722600][ T26] fqdir_work_fn+0x57/0xe0 [ 334.727036][ T26] process_one_work+0x6e1/0xba0 [ 335.108182][ T26] worker_thread+0xa6a/0x13b0 [ 335.112924][ T26] kthread+0x346/0x3d0 [ 335.117004][ T26] ? worker_clr_flags+0x190/0x190 [ 335.468185][ T26] ? kthread_blkcg+0xd0/0xd0 [ 335.472840][ T26] ret_from_fork+0x1f/0x30 [ 335.698196][ T26] NMI backtrace for cpu 1 [ 335.702695][ T26] CPU: 1 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 [ 335.710051][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 335.720140][ T26] Call Trace: [ 335.723440][ T26] __dump_stack+0x21/0x24 [ 335.727780][ T26] dump_stack_lvl+0x169/0x1d8 [ 335.732473][ T26] ? show_regs_print_info+0x18/0x18 [ 335.737682][ T26] ? sched_show_task+0x324/0x4a0 [ 335.742729][ T26] ? __rcu_read_unlock+0xa0/0xa0 [ 335.747680][ T26] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 335.753752][ T26] dump_stack+0x15/0x1c [ 335.757920][ T26] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 335.764101][ T26] arch_trigger_cpumask_backtrace+0x10/0x20 [ 335.770142][ T26] watchdog+0xe2e/0xf70 [ 335.774317][ T26] ? hungtask_pm_notify+0x50/0x50 [ 335.779446][ T26] ? __kasan_check_read+0x11/0x20 [ 335.784478][ T26] ? __kthread_parkme+0xb9/0x1c0 [ 335.789432][ T26] kthread+0x346/0x3d0 [ 335.793508][ T26] ? hungtask_pm_notify+0x50/0x50 [ 335.798540][ T26] ? kthread_blkcg+0xd0/0xd0 [ 335.803140][ T26] ret_from_fork+0x1f/0x30 [ 335.807729][ T26] Sending NMI from CPU 1 to CPUs 0: [ 335.813805][ C0] NMI backtrace for cpu 0 [ 335.813811][ C0] CPU: 0 PID: 382 Comm: syz.2.17 Not tainted syzkaller #0 [ 335.813817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 335.813821][ C0] RIP: 0010:unwind_next_frame+0x129/0x700 [ 335.813832][ C0] Code: 49 8b 06 48 89 45 a8 4c 8d 68 18 4c 89 e8 48 c1 e8 03 80 3c 10 00 74 12 4c 89 ef e8 41 e4 6e 00 48 ba 00 00 00 00 00 fc ff df <49> 8b 7d 00 4c 8d b7 00 80 00 00 48 81 c7 48 7f 00 00 49 39 ff 0f [ 335.813836][ C0] RSP: 0018:ffffc900000077a8 EFLAGS: 00000046 [ 335.813845][ C0] RAX: 1ffff11021f67c5b RBX: ffffc90000007828 RCX: 0000000000007801 [ 335.813850][ C0] RDX: dffffc0000000000 RSI: ffffffff8472d720 RDI: ffffc90000007828 [ 335.813855][ C0] RBP: ffffc90000007818 R08: ffffc900000078f0 R09: ffffc900000078e8 [ 335.813860][ C0] R10: 000000000000001b R11: 1ffff92000000f05 R12: 0000000000000000 [ 335.813864][ C0] R13: ffff88810fb3e2d8 R14: ffffc90000007850 R15: ffffc90001307f20 [ 335.813870][ C0] FS: 000055555fdb2500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 335.813874][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 335.813879][ C0] CR2: 0000000000000000 CR3: 000000010fc36000 CR4: 00000000003506b0 [ 335.813884][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 335.813889][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 335.813891][ C0] Call Trace: [ 335.813893][ C0] [ 335.813897][ C0] ? stack_trace_save+0xe0/0xe0 [ 335.813900][ C0] arch_stack_walk+0x108/0x140 [ 335.813904][ C0] ? syscall_enter_from_user_mode+0x20/0x30 [ 335.813907][ C0] stack_trace_save+0x98/0xe0 [ 335.813910][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 335.813913][ C0] ? memset+0x35/0x40 [ 335.813917][ C0] __kasan_slab_alloc+0xbd/0xf0 [ 335.813921][ C0] ? __kasan_slab_alloc+0xbd/0xf0 [ 335.813924][ C0] ? slab_post_alloc_hook+0x5d/0x2f0 [ 335.813927][ C0] ? kmem_cache_alloc+0x165/0x2e0 [ 335.813931][ C0] ? __sigqueue_alloc+0x185/0x2d0 [ 335.813934][ C0] ? __send_signal+0x1f2/0xb80 [ 335.813937][ C0] ? send_signal+0x479/0x5b0 [ 335.813940][ C0] ? do_send_sig_info+0xd6/0x210 [ 335.813944][ C0] ? group_send_sig_info+0x111/0x2a0 [ 335.813947][ C0] ? do_bpf_send_signal+0x82/0x150 [ 335.813950][ C0] ? irq_work_run_list+0x179/0x260 [ 335.813954][ C0] ? irq_work_run+0x6a/0xf0 [ 335.813957][ C0] ? __sysvec_irq_work+0x66/0x1b0 [ 335.813960][ C0] ? asm_call_irq_on_stack+0xf/0x20 [ 335.813964][ C0] ? sysvec_irq_work+0x85/0xd0 [ 335.813967][ C0] ? asm_sysvec_irq_work+0x12/0x20 [ 335.813970][ C0] ? native_apic_msr_write+0x39/0x50 [ 335.813973][ C0] ? x2apic_send_IPI_self+0x5e/0x70 [ 335.813976][ C0] ? arch_irq_work_raise+0x86/0xd0 [ 335.813979][ C0] ? __irq_work_queue_local+0x115/0x190 [ 335.813982][ C0] ? irq_work_queue+0x9e/0x150 [ 335.813985][ C0] ? bpf_send_signal_common+0x2b2/0x420 [ 335.813987][ C0] ? bpf_send_signal+0x19/0x20 [ 335.813991][ C0] ? bpf_prog_7ba5217f62dcd359+0x38/0x774 [ 335.813993][ C0] ? bpf_trace_run2+0xb3/0x200 [ 335.813996][ C0] ? __bpf_trace_sys_enter+0x62/0x70 [ 335.813999][ C0] ? trace_sys_enter+0x40/0x50 [ 335.814002][ C0] ? syscall_trace_enter+0x108/0x170 [ 335.814005][ C0] ? syscall_enter_from_user_mode+0x20/0x30 [ 335.814008][ C0] slab_post_alloc_hook+0x5d/0x2f0 [ 335.814011][ C0] ? __sigqueue_alloc+0x185/0x2d0 [ 335.814014][ C0] ? __sigqueue_alloc+0x185/0x2d0 [ 335.814016][ C0] kmem_cache_alloc+0x165/0x2e0 [ 335.814019][ C0] ? __sigqueue_alloc+0x185/0x2d0 [ 335.814022][ C0] __sigqueue_alloc+0x185/0x2d0 [ 335.814025][ C0] __send_signal+0x1f2/0xb80 [ 335.814027][ C0] send_signal+0x479/0x5b0 [ 335.814030][ C0] do_send_sig_info+0xd6/0x210 [ 335.814033][ C0] group_send_sig_info+0x111/0x2a0 [ 335.814036][ C0] ? __lock_task_sighand+0x100/0x100 [ 335.814039][ C0] do_bpf_send_signal+0x82/0x150 [ 335.814041][ C0] irq_work_run_list+0x179/0x260 [ 335.814044][ C0] ? irq_work_run+0xf0/0xf0 [ 335.814047][ C0] ? debug_smp_processor_id+0x17/0x20 [ 335.814050][ C0] ? irqtime_account_irq+0x165/0x1b0 [ 335.814053][ C0] ? __do_softirq+0x4c9/0x563 [ 335.814055][ C0] irq_work_run+0x6a/0xf0 [ 335.814058][ C0] __sysvec_irq_work+0x66/0x1b0 [ 335.814061][ C0] asm_call_irq_on_stack+0xf/0x20 [ 335.814063][ C0] [ 335.814065][ C0] sysvec_irq_work+0x85/0xd0 [ 335.814068][ C0] asm_sysvec_irq_work+0x12/0x20 [ 335.814072][ C0] RIP: 0010:native_apic_msr_write+0x39/0x50 [ 335.814081][ C0] Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <0f> 1f 44 00 00 eb d6 89 f6 31 d2 e8 e7 ad 27 01 5d c3 0f 1f 44 00 [ 335.814085][ C0] RSP: 0018:ffffc90001307c20 EFLAGS: 00000246 [ 335.814091][ C0] RAX: 00000000000000f6 RBX: 00000000000000f6 RCX: 000000000000083f [ 335.814095][ C0] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 335.814099][ C0] RBP: ffffc90001307c20 R08: dffffc0000000000 R09: ffffed103ee0a5f7 [ 335.814103][ C0] R10: ffffed103ee0a5f7 R11: 1ffff1103ee0a5f6 R12: 0000000000000000 [ 335.814107][ C0] R13: dffffc0000000001 R14: ffffffff859c4998 R15: dffffc0000000000 [ 335.814110][ C0] x2apic_send_IPI_self+0x5e/0x70 [ 335.814113][ C0] arch_irq_work_raise+0x86/0xd0 [ 335.814116][ C0] __irq_work_queue_local+0x115/0x190 [ 335.814119][ C0] irq_work_queue+0x9e/0x150 [ 335.814122][ C0] bpf_send_signal_common+0x2b2/0x420 [ 335.814125][ C0] ? bpf_do_trace_printk+0x240/0x240 [ 335.814127][ C0] bpf_send_signal+0x19/0x20 [ 335.814130][ C0] bpf_prog_7ba5217f62dcd359+0x38/0x774 [ 335.814133][ C0] bpf_trace_run2+0xb3/0x200 [ 335.814136][ C0] ? bpf_trace_run1+0x200/0x200 [ 335.814139][ C0] __bpf_trace_sys_enter+0x62/0x70 [ 335.814141][ C0] trace_sys_enter+0x40/0x50 [ 335.814144][ C0] syscall_trace_enter+0x108/0x170 [ 335.814148][ C0] syscall_enter_from_user_mode+0x20/0x30 [ 335.814150][ C0] do_syscall_64+0x13/0x40 [ 335.814153][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 335.814156][ C0] RIP: 0033:0x7f736b26ef79 [ 335.814165][ C0] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 335.814169][ C0] RSP: 002b:00007fff45451100 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 335.814176][ C0] RAX: ffffffffffffffda RBX: 00007f736b529fa8 RCX: 00007f736b26ef79 [ 335.814180][ C0] RDX: 00007fff45451100 RSI: 00007fff45451230 RDI: 0000000000000011 [ 335.814184][ C0] RBP: 0000000000000000 R08: 00065a234c449b74 R09: 00000007454519af [ 335.814189][ C0] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f736b529fac [ 335.814193][ C0] R13: 00007f736b529fa0 R14: 0000000000000095 R15: 0000000000000003 [ 336.468460][ C0] sched: RT throttling activated [ 359.758206][ T26] INFO: task kworker/u4:0:7 blocked for more than 172 seconds. [ 359.766250][ T26] Not tainted syzkaller #0 [ 359.978163][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 359.986876][ T26] task:kworker/u4:0 state:D stack: 0 pid: 7 ppid: 2 flags:0x10004000 [ 360.458219][ T26] Workqueue: netns cleanup_net [ 360.463040][ T26] Call Trace: [ 360.466344][ T26] __schedule+0xb47/0x1310 [ 360.788232][ T26] ? release_firmware_map_entry+0x190/0x190 [ 360.794365][ T26] ? __mutex_add_waiter+0xc7/0x270 [ 361.098173][ T26] ? __kasan_check_write+0x14/0x20 [ 361.103340][ T26] ? kthread_data+0x50/0xc0 [ 361.388204][ T26] ? wq_worker_sleeping+0x60/0x200 [ 361.393363][ T26] schedule+0x13c/0x1d0 [ 361.397611][ T26] schedule_preempt_disabled+0x13/0x20 [ 361.728176][ T26] __mutex_lock+0x6c0/0xc50 [ 361.732823][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 362.038198][ T26] ? debug_smp_processor_id+0x17/0x20 [ 362.043719][ T26] __mutex_lock_slowpath+0xe/0x10 [ 362.348190][ T26] mutex_lock+0xcf/0xe0 [ 362.352577][ T26] ? mutex_trylock+0xa0/0xa0 [ 362.357314][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 362.738174][ T26] ? cleanup_net+0x786/0xb70 [ 362.742902][ T26] rcu_barrier+0x46/0x400 [ 362.747252][ T26] cleanup_net+0x878/0xb70 [ 363.108211][ T26] ? __kasan_check_write+0x14/0x20 [ 363.113375][ T26] ? ops_init+0x4a0/0x4a0 [ 363.117840][ T26] ? read_word_at_a_time+0x12/0x20 [ 363.448201][ T26] ? strscpy+0x9b/0x290 [ 363.452424][ T26] process_one_work+0x6e1/0xba0 [ 363.457286][ T26] worker_thread+0xa6a/0x13b0 [ 363.848179][ T26] kthread+0x346/0x3d0 [ 363.852387][ T26] ? worker_clr_flags+0x190/0x190 [ 363.857421][ T26] ? kthread_blkcg+0xd0/0xd0 [ 364.208206][ T26] ret_from_fork+0x1f/0x30 [ 364.358172][ T26] INFO: task kworker/0:1:15 blocked for more than 177 seconds. [ 364.366043][ T26] Not tainted syzkaller #0 [ 364.678154][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 364.687094][ T26] task:kworker/0:1 state:D stack: 0 pid: 15 ppid: 2 flags:0x10004000 [ 365.148172][ T26] Workqueue: events fqdir_work_fn [ 365.153337][ T26] Call Trace: [ 365.156649][ T26] __schedule+0xb47/0x1310 [ 365.478174][ T26] ? release_firmware_map_entry+0x190/0x190 [ 365.484121][ T26] ? __mutex_add_waiter+0xc7/0x270 [ 365.768170][ T26] ? __kasan_check_write+0x14/0x20 [ 365.773347][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 366.088170][ T26] ? wq_worker_sleeping+0x196/0x200 [ 366.093545][ T26] schedule+0x13c/0x1d0 [ 366.097801][ T26] schedule_preempt_disabled+0x13/0x20 [ 366.428191][ T26] __mutex_lock+0x6c0/0xc50 [ 366.432851][ T26] ? debug_smp_processor_id+0x17/0x20 [ 366.728215][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 366.735152][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 367.048213][ T26] ? kvfree+0x35/0x40 [ 367.052369][ T26] __mutex_lock_slowpath+0xe/0x10 [ 367.057524][ T26] mutex_lock+0xcf/0xe0 [ 367.378218][ T26] ? mutex_trylock+0xa0/0xa0 [ 367.382881][ T26] ? inet_frag_pull_head+0x180/0x180 [ 367.658179][ T26] rcu_barrier+0x46/0x400 [ 367.662649][ T26] fqdir_work_fn+0x57/0xe0 [ 367.667178][ T26] process_one_work+0x6e1/0xba0 [ 368.018174][ T26] worker_thread+0xa6a/0x13b0 [ 368.023146][ T26] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 368.318200][ T26] ? __kasan_check_read+0x11/0x20 [ 368.323281][ T26] kthread+0x346/0x3d0 [ 368.327489][ T26] ? worker_clr_flags+0x190/0x190 [ 368.658180][ T26] ? kthread_blkcg+0xd0/0xd0 [ 368.662843][ T26] ret_from_fork+0x1f/0x30 [ 368.948186][ T26] INFO: task kworker/0:2:53 blocked for more than 181 seconds. [ 368.955780][ T26] Not tainted syzkaller #0 [ 369.248189][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 369.257000][ T26] task:kworker/0:2 state:D stack: 0 pid: 53 ppid: 2 flags:0x10004000 [ 369.738175][ T26] Workqueue: events fqdir_work_fn [ 369.743265][ T26] Call Trace: [ 369.746865][ T26] __schedule+0xb47/0x1310 [ 370.078223][ T26] ? release_firmware_map_entry+0x190/0x190 [ 370.084171][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 370.358195][ T26] ? wq_worker_sleeping+0x196/0x200 [ 370.363557][ T26] schedule+0x13c/0x1d0 [ 370.367835][ T26] schedule_preempt_disabled+0x13/0x20 [ 370.808189][ T26] __mutex_lock+0x6c0/0xc50 [ 370.812900][ T26] ? debug_smp_processor_id+0x17/0x20 [ 371.068188][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 371.075287][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 371.408189][ T26] ? kvfree+0x35/0x40 [ 371.412358][ T26] __mutex_lock_slowpath+0xe/0x10 [ 371.418099][ T26] mutex_lock+0xcf/0xe0 [ 371.768182][ T26] ? mutex_trylock+0xa0/0xa0 [ 371.772954][ T26] ? inet_frag_pull_head+0x180/0x180 [ 372.028178][ T26] rcu_barrier+0x46/0x400 [ 372.032866][ T26] fqdir_work_fn+0x57/0xe0 [ 372.037298][ T26] process_one_work+0x6e1/0xba0 [ 372.418201][ T26] worker_thread+0xa6a/0x13b0 [ 372.422937][ T26] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 372.698201][ T26] ? __kasan_check_read+0x11/0x20 [ 372.703288][ T26] kthread+0x346/0x3d0 [ 372.707385][ T26] ? worker_clr_flags+0x190/0x190 [ 373.058212][ T26] ? kthread_blkcg+0xd0/0xd0 [ 373.062956][ T26] ret_from_fork+0x1f/0x30 [ 373.328222][ T26] INFO: task kworker/0:4:319 blocked for more than 186 seconds. [ 373.337325][ T26] Not tainted syzkaller #0 [ 373.718160][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 373.727306][ T26] task:kworker/0:4 state:D stack: 0 pid: 319 ppid: 2 flags:0x10004000 [ 374.198169][ T26] Workqueue: events fqdir_work_fn [ 374.203337][ T26] Call Trace: [ 374.207000][ T26] __schedule+0xb47/0x1310 [ 374.538267][ T26] ? release_firmware_map_entry+0x190/0x190 [ 374.544308][ T26] ? _raw_spin_unlock_irq+0x4e/0x70 [ 374.848231][ T26] ? wq_worker_sleeping+0x196/0x200 [ 374.853775][ T26] schedule+0x13c/0x1d0 [ 374.858007][ T26] schedule_preempt_disabled+0x13/0x20 [ 375.268229][ T26] __mutex_lock+0x6c0/0xc50 [ 375.272792][ T26] ? debug_smp_processor_id+0x17/0x20 [ 375.518217][ T26] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 375.525028][ T26] ? slab_free_freelist_hook+0xc5/0x190 [ 375.828177][ T26] ? kvfree+0x35/0x40 [ 375.832472][ T26] __mutex_lock_slowpath+0xe/0x10 [ 375.837512][ T26] mutex_lock+0xcf/0xe0 [ 376.188184][ T26] ? mutex_trylock+0xa0/0xa0 [ 376.193011][ T26] ? inet_frag_pull_head+0x180/0x180 [ 376.468233][ T26] rcu_barrier+0x46/0x400 [ 376.474755][ T26] fqdir_work_fn+0x57/0xe0 [ 376.768170][ T26] process_one_work+0x6e1/0xba0 [ 376.773165][ T26] worker_thread+0xa6a/0x13b0 [ 376.777962][ T26] kthread+0x346/0x3d0 [ 377.138171][ T26] ? worker_clr_flags+0x190/0x190 [ 377.143341][ T26] ? kthread_blkcg+0xd0/0xd0 [ 377.398344][ T26] ret_from_fork+0x1f/0x30 [ 377.518197][ T26] NMI backtrace for cpu 1 [ 377.524381][ T26] CPU: 1 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 [ 377.532063][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 377.542784][ T26] Call Trace: [ 377.546094][ T26] __dump_stack+0x21/0x24 [ 377.550624][ T26] dump_stack_lvl+0x169/0x1d8 [ 377.555492][ T26] ? show_regs_print_info+0x18/0x18 [ 377.561279][ T26] ? sched_show_task+0x324/0x4a0 [ 377.566595][ T26] ? __rcu_read_unlock+0xa0/0xa0 [ 377.572108][ T26] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 377.578377][ T26] dump_stack+0x15/0x1c [ 377.582643][ T26] nmi_trigger_cpumask_backtrace+0x27f/0x2c0 [ 377.588658][ T26] arch_trigger_cpumask_backtrace+0x10/0x20 [ 377.594565][ T26] watchdog+0xe2e/0xf70 [ 377.598866][ T26] ? hungtask_pm_notify+0x50/0x50 [ 377.603910][ T26] ? __kasan_check_read+0x11/0x20 [ 377.608978][ T26] ? __kthread_parkme+0xb9/0x1c0 [ 377.613957][ T26] kthread+0x346/0x3d0 [ 377.618291][ T26] ? hungtask_pm_notify+0x50/0x50 [ 377.623544][ T26] ? kthread_blkcg+0xd0/0xd0 [ 377.628143][ T26] ret_from_fork+0x1f/0x30 [ 377.632610][ T26] Sending NMI from CPU 1 to CPUs 0: [ 377.638539][ C0] NMI backtrace for cpu 0 [ 377.638545][ C0] CPU: 0 PID: 382 Comm: syz.2.17 Not tainted syzkaller #0 [ 377.638551][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 377.638554][ C0] RIP: 0010:update_stack_state+0x3d7/0x480 [ 377.638565][ C0] Code: 8b 05 6d b2 d3 7e 49 39 45 00 74 0e 48 8b 7d d0 e8 2e fc ff ff 49 89 c6 eb 1d 4c 8b 75 d0 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <74> 08 4c 89 f7 e8 6f da 6e 00 4d 8b 36 48 83 c3 48 48 89 d8 48 c1 [ 377.638570][ C0] RSP: 0018:ffffc90001307538 EFLAGS: 00000046 [ 377.638579][ C0] RAX: 1ffff92000260f63 RBX: ffffc90001307688 RCX: ffffc90001307b01 [ 377.638584][ C0] RDX: ffffc90001307b10 RSI: 1ffff92000260ed2 RDI: ffffc900013076e0 [ 377.638589][ C0] RBP: ffffc900013075f8 R08: ffffc90001307750 R09: ffffc90001307748 [ 377.638594][ C0] R10: 0000000000000005 R11: 1ffff92000260ed1 R12: dffffc0000000000 [ 377.638599][ C0] R13: ffffc900013076b0 R14: ffffc90001307b18 R15: 1ffff92000260ed9 [ 377.638604][ C0] FS: 000055555fdb2500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 377.638608][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.638613][ C0] CR2: 0000000000000000 CR3: 000000010fc36000 CR4: 00000000003506b0 [ 377.638618][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 377.638622][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 377.638625][ C0] Call Trace: [ 377.638628][ C0] unwind_next_frame+0x3d5/0x700 [ 377.638632][ C0] ? stack_trace_save+0xe0/0xe0 [ 377.638635][ C0] arch_stack_walk+0x108/0x140 [ 377.638638][ C0] ? kmem_cache_free+0x100/0x2d0 [ 377.638641][ C0] stack_trace_save+0x98/0xe0 [ 377.638645][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 377.638648][ C0] ? 0xffffffffa002688c [ 377.638650][ C0] ? memset+0x35/0x40 [ 377.638654][ C0] kasan_set_track+0x4a/0x70 [ 377.638657][ C0] ? kasan_set_track+0x4a/0x70 [ 377.638660][ C0] ? kasan_set_free_info+0x23/0x40 [ 377.638664][ C0] ? ____kasan_slab_free+0x125/0x160 [ 377.638667][ C0] ? __kasan_slab_free+0x11/0x20 [ 377.638670][ C0] ? slab_free_freelist_hook+0xc5/0x190 [ 377.638674][ C0] ? kmem_cache_free+0x100/0x2d0 [ 377.638677][ C0] ? kmem_cache_free+0x100/0x2d0 [ 377.638680][ C0] kasan_set_free_info+0x23/0x40 [ 377.638683][ C0] ____kasan_slab_free+0x125/0x160 [ 377.638687][ C0] __kasan_slab_free+0x11/0x20 [ 377.638690][ C0] slab_free_freelist_hook+0xc5/0x190 [ 377.638693][ C0] ? __dequeue_signal+0x530/0x620 [ 377.638696][ C0] kmem_cache_free+0x100/0x2d0 [ 377.638700][ C0] __dequeue_signal+0x530/0x620 [ 377.638703][ C0] dequeue_signal+0xa0/0x440 [ 377.638706][ C0] get_signal+0x772/0x12e0 [ 377.638709][ C0] arch_do_signal_or_restart+0xbf/0x10f0 [ 377.638713][ C0] ? __ia32_sys_rt_sigreturn+0x5e7/0x6c0 [ 377.638716][ C0] ? bpf_do_trace_printk+0x240/0x240 [ 377.638719][ C0] ? KSTK_ESP+0x60/0x60 [ 377.638723][ C0] ? __ia32_sys_rt_sigreturn+0x6c0/0x6c0 [ 377.638726][ C0] ? __bpf_trace_sys_enter+0x62/0x70 [ 377.638730][ C0] exit_to_user_mode_loop+0xa2/0xe0 [ 377.638733][ C0] exit_to_user_mode_prepare+0x76/0xa0 [ 377.638737][ C0] syscall_exit_to_user_mode+0x1d/0x40 [ 377.638740][ C0] do_syscall_64+0x3d/0x40 [ 377.638743][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 377.638746][ C0] RIP: 0033:0x7f736b2d2ec9 [ 377.638757][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.638761][ C0] RSP: 002b:00007fff454516b8 EFLAGS: 00000246 [ 377.638768][ C0] RAX: 0000000000000000 RBX: 00007f736b529fa8 RCX: 00007f736b2d2ec9 [ 377.638772][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f736b529fac [ 377.638777][ C0] RBP: 0000000000000000 R08: 00065a234c449b74 R09: 00000007454519af [ 377.638782][ C0] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f736b529fac [ 377.638787][ C0] R13: 00007f736b529fa0 R14: 0000000000000095 R15: 0000000000000003