Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. 2025/10/25 23:47:05 parsed 1 programs [ 301.441957][ T28] audit: type=1400 audit(1761436025.008:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 301.445650][ T28] audit: type=1400 audit(1761436025.008:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 302.191219][ T28] audit: type=1400 audit(1761436025.758:66): avc: denied { mounton } for pid=291 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 302.196952][ T291] cgroup: Unknown subsys name 'net' [ 302.213919][ T28] audit: type=1400 audit(1761436025.758:67): avc: denied { mount } for pid=291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 302.241271][ T28] audit: type=1400 audit(1761436025.788:68): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 302.241524][ T291] cgroup: Unknown subsys name 'devices' [ 302.382769][ T291] cgroup: Unknown subsys name 'hugetlb' [ 302.388422][ T291] cgroup: Unknown subsys name 'rlimit' [ 302.496251][ T28] audit: type=1400 audit(1761436026.058:69): avc: denied { setattr } for pid=291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 302.519439][ T28] audit: type=1400 audit(1761436026.058:70): avc: denied { create } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 302.539963][ T28] audit: type=1400 audit(1761436026.058:71): avc: denied { write } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 302.544320][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 302.560625][ T28] audit: type=1400 audit(1761436026.058:72): avc: denied { read } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 302.582677][ T291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 302.589221][ T28] audit: type=1400 audit(1761436026.058:73): avc: denied { mounton } for pid=291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 303.258617][ T295] request_module fs-gadgetfs succeeded, but still no fs? [ 303.690744][ T324] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.697788][ T324] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.705334][ T324] device bridge_slave_0 entered promiscuous mode [ 303.712296][ T324] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.719317][ T324] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.726736][ T320] syz-executor (320) used greatest stack depth: 22208 bytes left [ 303.734790][ T324] device bridge_slave_1 entered promiscuous mode [ 303.783747][ T324] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.790817][ T324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 303.798138][ T324] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.805176][ T324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.826497][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 303.834438][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.841756][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.851604][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 303.859816][ T303] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.866857][ T303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.881988][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 303.890104][ T303] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.897143][ T303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 303.904612][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 303.914174][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 303.928344][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 303.939745][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 303.948009][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 303.955803][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 303.964222][ T324] device veth0_vlan entered promiscuous mode [ 303.974407][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 303.984606][ T324] device veth1_macvtap entered promiscuous mode [ 303.995292][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 304.005258][ T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/10/25 23:47:08 executed programs: 0 [ 304.509034][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.516313][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.524349][ T364] device bridge_slave_0 entered promiscuous mode [ 304.531392][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.538435][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.546035][ T364] device bridge_slave_1 entered promiscuous mode [ 304.590132][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.597195][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.604457][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.611481][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.633924][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 304.641902][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.649042][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.657803][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 304.666888][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.673934][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.688739][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 304.697917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 304.706153][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.713181][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.720811][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 304.728810][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 304.737047][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 304.745111][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 304.757228][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 304.765682][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 304.778098][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 304.786034][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 304.794055][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 304.801620][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 304.809591][ T364] device veth0_vlan entered promiscuous mode [ 304.819200][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 304.827988][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 304.839934][ T364] device veth1_macvtap entered promiscuous mode [ 304.848860][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 304.856788][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 304.865162][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 304.874916][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 304.883395][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 305.481784][ T8] device bridge_slave_1 left promiscuous mode [ 305.487975][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.495595][ T8] device bridge_slave_0 left promiscuous mode [ 305.502741][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.510818][ T8] device veth1_macvtap left promiscuous mode [ 305.516871][ T8] device veth0_vlan left promiscuous mode 2025/10/25 23:47:13 executed programs: 220 2025/10/25 23:47:18 executed programs: 464 [ 317.272269][ T976] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.279305][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.287132][ T364] syz-executor (364) used greatest stack depth: 22016 bytes left [ 317.290806][ T976] device bridge_slave_0 entered promiscuous mode [ 317.302011][ T976] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.309494][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.317190][ T976] device bridge_slave_1 entered promiscuous mode [ 317.358417][ T976] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.365487][ T976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.372803][ T976] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.379820][ T976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.396521][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.404285][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.411796][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.420300][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.428669][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.435812][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.445516][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 317.453757][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.460788][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.472118][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 317.481316][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 317.495807][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 317.506440][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 317.514564][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 317.522271][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 317.531663][ T976] device veth0_vlan entered promiscuous mode [ 317.541037][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 317.549922][ T976] device veth1_macvtap entered promiscuous mode [ 317.558782][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 317.570031][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 317.811555][ T303] device bridge_slave_1 left promiscuous mode [ 317.817776][ T303] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.825304][ T303] device bridge_slave_0 left promiscuous mode [ 317.831566][ T303] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.839291][ T303] device veth1_macvtap left promiscuous mode [ 317.845391][ T303] device veth0_vlan left promiscuous mode 2025/10/25 23:47:23 executed programs: 694 2025/10/25 23:47:28 executed programs: 939 [ 463.058162][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 144s! [syz.2.1185:1555] [ 463.066453][ C1] Modules linked in: [ 463.070333][ C1] CPU: 1 PID: 1555 Comm: syz.2.1185 Not tainted syzkaller #0 [ 463.077749][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 463.087796][ C1] RIP: 0010:kvm_wait+0xf2/0x140 [ 463.092714][ C1] Code: 96 13 04 f4 eb 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 40 38 f0 75 10 66 90 0f 00 2d 20 96 13 04 fb f4 71 ff ff ff fb e9 6b ff ff ff e8 ae c9 b8 03 89 f9 80 e1 07 38 [ 463.112308][ C1] RSP: 0018:ffffc900001b04c0 EFLAGS: 00000246 [ 463.118432][ C1] RAX: 0000000000000003 RBX: ffff88811fbc8a98 RCX: ffffffff84f43dc2 [ 463.126394][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88811fbc8a98 [ 463.134343][ C1] RBP: ffffc900001b0550 R08: dffffc0000000000 R09: ffffed1023f79154 [ 463.142376][ C1] R10: ffffed1023f79154 R11: 1ffff11023f79153 R12: 1ffff1103ee20001 [ 463.150328][ C1] R13: ffff8881f7138cd4 R14: dffffc0000000000 R15: 1ffff92000036098 [ 463.158300][ C1] FS: 0000555587df5500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 463.167216][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 463.173774][ C1] CR2: 0000000000000000 CR3: 000000012174c000 CR4: 00000000003506a0 [ 463.181736][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 463.189707][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 463.197649][ C1] Call Trace: [ 463.200913][ C1] [ 463.203746][ C1] ? __cfi_kvm_wait+0x10/0x10 [ 463.208442][ C1] ? __pv_queued_spin_lock_slowpath+0x632/0xc40 [ 463.214763][ C1] __pv_queued_spin_lock_slowpath+0x690/0xc40 [ 463.220809][ C1] ? __cfi___pv_queued_spin_lock_slowpath+0x10/0x10 [ 463.227381][ C1] queued_spin_lock_slowpath+0x47/0x50 [ 463.232840][ C1] _raw_spin_lock+0xd8/0xe0 [ 463.237330][ C1] ? __cfi__raw_spin_lock+0x10/0x10 [ 463.242513][ C1] ? memcpy+0x56/0x70 [ 463.246572][ C1] ? tcp_v4_fill_cb+0x284/0x4f0 [ 463.251452][ C1] ? nf_reset_ct+0x98/0x100 [ 463.255943][ C1] tcp_v4_rcv+0x224e/0x2a80 [ 463.260443][ C1] ? ip_icmp_error+0x1a9/0x9f0 [ 463.265242][ C1] ? __cfi_tcp_v4_rcv+0x10/0x10 [ 463.270111][ C1] ? load_balance+0x16eb/0x4700 [ 463.274960][ C1] ? __cfi_ip_finish_output+0x10/0x10 [ 463.280347][ C1] ip_protocol_deliver_rcu+0x325/0x6e0 [ 463.285874][ C1] ip_local_deliver_finish+0x24e/0x410 [ 463.291335][ C1] ip_local_deliver+0x1d8/0x320 [ 463.296256][ C1] ? __cfi_ip_local_deliver+0x10/0x10 [ 463.301606][ C1] ? memset+0x35/0x40 [ 463.305561][ C1] ? ip_rcv_finish_core+0xb0b/0x1490 [ 463.310823][ C1] ip_rcv+0x163/0x270 [ 463.314783][ C1] ? __cfi_ip_rcv+0x10/0x10 [ 463.319259][ C1] ? trigger_load_balance+0x842/0x910 [ 463.324610][ C1] ? __kasan_check_write+0x14/0x20 [ 463.329694][ C1] ? _raw_spin_lock_irq+0x8f/0xe0 [ 463.334690][ C1] ? __cfi_ip_rcv+0x10/0x10 [ 463.339170][ C1] __netif_receive_skb+0xd7/0x2a0 [ 463.344265][ C1] process_backlog+0x351/0x600 [ 463.349005][ C1] __napi_poll+0xd0/0x5e0 [ 463.353314][ C1] net_rx_action+0x49b/0xaa0 [ 463.357883][ C1] ? __cfi_net_rx_action+0x10/0x10 [ 463.362996][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 463.368172][ C1] ? irqtime_account_irq+0x75/0x240 [ 463.373351][ C1] handle_softirqs+0x1d7/0x600 [ 463.378090][ C1] ? irqtime_account_irq+0xc4/0x240 [ 463.383264][ C1] __irq_exit_rcu+0x52/0xf0 [ 463.387741][ C1] irq_exit_rcu+0x9/0x10 [ 463.391954][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 463.397660][ C1] [ 463.400571][ C1] [ 463.403476][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 463.409433][ C1] RIP: 0010:smp_call_function_many_cond+0x872/0x960 [ 463.416058][ C1] Code: 41 8b 1f 89 de 83 e6 01 31 ff e8 29 66 09 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 0a e8 f5 61 09 00 e9 38 ff ff ff f3 90 <41> 0f b6 44 1d 00 84 c0 75 14 41 f7 07 01 00 00 00 0f 84 1a ff ff [ 463.435655][ C1] RSP: 0018:ffffc90000d7f7c0 EFLAGS: 00000293 [ 463.441715][ C1] RAX: ffffffff8166bc4e RBX: dffffc0000000000 RCX: ffff88811d922880 [ 463.449670][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 463.457622][ C1] RBP: ffffc90000d7f8f8 R08: dffffc0000000000 R09: ffffed103ee2721b [ 463.465572][ C1] R10: 0000000000000000 R11: ffffffff813435c0 R12: 1ffff1103ee27218 [ 463.473605][ C1] R13: 1ffff1103ee07ae1 R14: 0000000000000000 R15: ffff8881f703d708 [ 463.481560][ C1] ? __cfi_x2apic_send_IPI+0x10/0x10 [ 463.486827][ C1] ? smp_call_function_many_cond+0x88e/0x960 [ 463.492800][ C1] ? __cfi_do_sync_core+0x10/0x10 [ 463.497800][ C1] ? smp_call_function_many+0x40/0x40 [ 463.503150][ C1] ? enqueue_timer+0x16a/0x480 [ 463.507959][ C1] ? text_poke+0x30/0x30 [ 463.512173][ C1] ? text_poke_loc_init+0x349/0x570 [ 463.517341][ C1] ? __cfi_do_sync_core+0x10/0x10 [ 463.522337][ C1] on_each_cpu_cond_mask+0x43/0x80 [ 463.527428][ C1] text_poke_bp_batch+0x1cc/0x580 [ 463.532425][ C1] ? text_poke_loc_init+0x570/0x570 [ 463.537596][ C1] ? __kasan_check_write+0x14/0x20 [ 463.542679][ C1] ? mutex_lock+0x8d/0x1a0 [ 463.547151][ C1] ? __cfi_mutex_lock+0x10/0x10 [ 463.552035][ C1] ? enqueue_timer+0x16a/0x480 [ 463.556950][ C1] text_poke_finish+0x1a/0x30 [ 463.561621][ C1] arch_jump_label_transform_apply+0x15/0x30 [ 463.567592][ C1] __jump_label_update+0x37c/0x3a0 [ 463.572769][ C1] jump_label_update+0x39b/0x450 [ 463.577682][ C1] static_key_disable_cpuslocked+0xc9/0x1a0 [ 463.583551][ C1] static_key_disable+0x1a/0x30 [ 463.588375][ C1] tracepoint_probe_unregister+0x624/0x8b0 [ 463.594227][ C1] bpf_probe_unregister+0x61/0x70 [ 463.599259][ C1] bpf_raw_tp_link_release+0x63/0x90 [ 463.604546][ C1] bpf_link_free+0x13a/0x390 [ 463.609137][ C1] ? __kasan_record_aux_stack+0xb6/0xc0 [ 463.614656][ C1] ? bpf_link_put_deferred+0x20/0x20 [ 463.619925][ C1] ? task_work_add+0x250/0x330 [ 463.624682][ C1] ? __cfi_task_work_add+0x10/0x10 [ 463.629792][ C1] ? do_futex+0x2b9/0x420 [ 463.634099][ C1] bpf_link_release+0x15f/0x170 [ 463.638927][ C1] ? __cfi_bpf_link_release+0x10/0x10 [ 463.644273][ C1] __fput+0x1fc/0x8f0 [ 463.648311][ C1] ? _raw_spin_unlock+0x4c/0x70 [ 463.653136][ C1] ____fput+0x15/0x20 [ 463.657098][ C1] task_work_run+0x1db/0x240 [ 463.661667][ C1] ? __cfi_task_work_run+0x10/0x10 [ 463.666750][ C1] ? __cfi___close_range+0x10/0x10 [ 463.671884][ C1] exit_to_user_mode_loop+0x9b/0xb0 [ 463.677096][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 463.682548][ C1] syscall_exit_to_user_mode+0x1a/0x30 [ 463.688094][ C1] do_syscall_64+0x58/0xa0 [ 463.692538][ C1] ? clear_bhb_loop+0x30/0x80 [ 463.697194][ C1] ? clear_bhb_loop+0x30/0x80 [ 463.701852][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.707723][ C1] RIP: 0033:0x7f4b0c18efc9 [ 463.712124][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.731715][ C1] RSP: 002b:00007ffd01dd9f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 463.740112][ C1] RAX: 0000000000000000 RBX: 00000000000505fd RCX: 00007f4b0c18efc9 [ 463.748057][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 463.756006][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000601dda26f [ 463.763952][ C1] R10: 0000001b30f20000 R11: 0000000000000246 R12: 00007f4b0c3e5fac [ 463.771917][ C1] R13: 00007f4b0c3e5fa0 R14: ffffffffffffffff R15: 0000000000000003 [ 463.779877][ C1] [ 463.782881][ C1] Sending NMI from CPU 1 to CPUs 0: [ 463.788107][ C0] NMI backtrace for cpu 0 [ 463.788117][ C0] CPU: 0 PID: 60 Comm: kworker/0:2 Not tainted syzkaller #0 [ 463.788132][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 463.788142][ C0] Workqueue: rcu_gp srcu_invoke_callbacks [ 463.788239][ C0] RIP: 0010:kvm_wait+0xcc/0x140 [ 463.788260][ C0] Code: 20 f6 44 24 21 02 75 24 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 48 0f b6 07 40 38 f0 75 a6 66 90 0f 00 2d 45 96 13 04 f4 9a fa 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 75 3f 0f b6 07 [ 463.788272][ C0] RSP: 0018:ffffc90000006a20 EFLAGS: 00000046 [ 463.788285][ C0] RAX: 0000000000000003 RBX: ffff8881f7027c40 RCX: ffffffff84f43dc2 [ 463.788295][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881f7027c40 [ 463.788306][ C0] RBP: ffffc90000006ab0 R08: dffffc0000000000 R09: ffffed103ee04f89 [ 463.788317][ C0] R10: ffffed103ee04f89 R11: 1ffff1103ee04f88 R12: 1ffff1103ee00001 [ 463.788327][ C0] R13: ffff8881f7038cd4 R14: dffffc0000000000 R15: 1ffff92000000d44 [ 463.788338][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 463.788351][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 463.788361][ C0] CR2: 0000000000000000 CR3: 0000000006e0f000 CR4: 00000000003506b0 [ 463.788385][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 463.788393][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 463.788402][ C0] Call Trace: [ 463.788408][ C0] [ 463.788414][ C0] ? __cfi_kvm_wait+0x10/0x10 [ 463.788444][ C0] ? pv_hash+0x86/0x150 [ 463.788458][ C0] __pv_queued_spin_lock_slowpath+0x690/0xc40 [ 463.788477][ C0] ? __kernel_text_address+0xd/0x30 [ 463.788497][ C0] ? __cfi___pv_queued_spin_lock_slowpath+0x10/0x10 [ 463.788517][ C0] queued_spin_lock_slowpath+0x47/0x50 [ 463.788539][ C0] _raw_spin_lock_irqsave+0x108/0x110 [ 463.788555][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 463.788571][ C0] ? kasan_save_stack+0x4c/0x60 [ 463.788587][ C0] ? kasan_save_stack+0x3a/0x60 [ 463.788602][ C0] ? __kasan_record_aux_stack+0xb6/0xc0 [ 463.788623][ C0] ? kasan_record_aux_stack_noalloc+0xb/0x10 [ 463.788643][ C0] ? kvfree_call_rcu+0x95/0x7a0 [ 463.788687][ C0] lock_timer_base+0x127/0x270 [ 463.788705][ C0] __mod_timer+0x10a/0xb30 [ 463.788721][ C0] ? ip_local_deliver+0x1d8/0x320 [ 463.788741][ C0] ? ip_rcv+0x163/0x270 [ 463.788760][ C0] ? __netif_receive_skb+0xd7/0x2a0 [ 463.788780][ C0] ? __napi_poll+0xd0/0x5e0 [ 463.788799][ C0] ? net_rx_action+0x49b/0xaa0 [ 463.788819][ C0] ? __do_softirq+0xb/0xd [ 463.788838][ C0] ? process_one_work+0x71f/0xc40 [ 463.788853][ C0] add_timer+0x68/0x80 [ 463.788868][ C0] __queue_delayed_work+0x173/0x200 [ 463.788887][ C0] queue_delayed_work_on+0xdb/0x150 [ 463.788906][ C0] ? __cfi_queue_delayed_work_on+0x10/0x10 [ 463.788926][ C0] kvfree_call_rcu+0x436/0x7a0 [ 463.788944][ C0] ? __cfi_kvfree_call_rcu+0x10/0x10 [ 463.788961][ C0] ? longest_prefix_match+0x337/0x640 [ 463.789022][ C0] trie_delete_elem+0x572/0x720 [ 463.789039][ C0] bpf_prog_5186c38a4019a4cb+0x42/0x46 [ 463.789054][ C0] bpf_trace_run3+0x113/0x270 [ 463.789074][ C0] ? __cfi_bpf_trace_run3+0x10/0x10 [ 463.789093][ C0] ? debug_smp_processor_id+0x17/0x20 [ 463.789115][ C0] ? get_nohz_timer_target+0x74/0x540 [ 463.789132][ C0] __bpf_trace_timer_start+0x2b/0x40 [ 463.789148][ C0] enqueue_timer+0x337/0x480 [ 463.789167][ C0] __mod_timer+0x79f/0xb30 [ 463.789185][ C0] mod_timer+0x1f/0x30 [ 463.789200][ C0] sk_reset_timer+0x22/0xb0 [ 463.789271][ C0] tcp_rearm_rto+0x312/0x700 [ 463.789322][ C0] ? tcp_rbtree_insert+0x149/0x180 [ 463.789344][ C0] tcp_event_new_data_sent+0x250/0x400 [ 463.789362][ C0] tcp_write_xmit+0x161f/0x5fb0 [ 463.789391][ C0] __tcp_push_pending_frames+0x9c/0x2f0 [ 463.789408][ C0] tcp_rcv_established+0xed9/0x1a20 [ 463.789432][ C0] ? __cfi_tcp_rcv_established+0x10/0x10 [ 463.789454][ C0] ? ipv4_dst_check+0xf2/0x160 [ 463.789471][ C0] tcp_v4_do_rcv+0x446/0xa10 [ 463.789492][ C0] tcp_v4_rcv+0x233c/0x2a80 [ 463.789519][ C0] ? __cfi_tcp_v4_rcv+0x10/0x10 [ 463.789537][ C0] ? load_balance+0x7d6/0x4700 [ 463.789552][ C0] ? __cfi_ip_finish_output+0x10/0x10 [ 463.789567][ C0] ip_protocol_deliver_rcu+0x325/0x6e0 [ 463.789589][ C0] ip_local_deliver_finish+0x24e/0x410 [ 463.789611][ C0] ip_local_deliver+0x1d8/0x320 [ 463.789631][ C0] ? __cfi_ip_local_deliver+0x10/0x10 [ 463.789651][ C0] ? memset+0x35/0x40 [ 463.789663][ C0] ? ip_rcv_finish_core+0xb0b/0x1490 [ 463.789685][ C0] ip_rcv+0x163/0x270 [ 463.789705][ C0] ? __cfi_ip_rcv+0x10/0x10 [ 463.789724][ C0] ? enqueue_task_fair+0xb91/0x1d10 [ 463.789746][ C0] ? __kasan_check_write+0x14/0x20 [ 463.789759][ C0] ? _raw_spin_lock_irq+0x8f/0xe0 [ 463.789773][ C0] ? __cfi_ip_rcv+0x10/0x10 [ 463.789792][ C0] __netif_receive_skb+0xd7/0x2a0 [ 463.789812][ C0] ? __cfi_enqueue_task_fair+0x10/0x10 [ 463.789834][ C0] process_backlog+0x351/0x600 [ 463.789858][ C0] __napi_poll+0xd0/0x5e0 [ 463.789878][ C0] net_rx_action+0x49b/0xaa0 [ 463.789900][ C0] ? __cfi_net_rx_action+0x10/0x10 [ 463.789920][ C0] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 463.789937][ C0] ? irqtime_account_irq+0x75/0x240 [ 463.789957][ C0] handle_softirqs+0x1d7/0x600 [ 463.789974][ C0] __do_softirq+0xb/0xd [ 463.789993][ C0] do_softirq+0xc6/0x120 [ 463.790019][ C0] [ 463.790023][ C0] [ 463.790028][ C0] ? __cfi_do_softirq+0x10/0x10 [ 463.790042][ C0] ? complete+0x167/0x1c0 [ 463.790060][ C0] ? srcu_invoke_callbacks+0x210/0x410 [ 463.790075][ C0] __local_bh_enable_ip+0x75/0x80 [ 463.790090][ C0] srcu_invoke_callbacks+0x1cf/0x410 [ 463.790107][ C0] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 463.790122][ C0] ? _raw_spin_lock_irq+0x8f/0xe0 [ 463.790138][ C0] ? pwq_dec_nr_in_flight+0x18c/0x3c0 [ 463.790151][ C0] process_one_work+0x71f/0xc40 [ 463.790167][ C0] worker_thread+0xa29/0x11f0 [ 463.790181][ C0] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 463.790198][ C0] ? __kthread_parkme+0x142/0x180 [ 463.790212][ C0] kthread+0x281/0x320 [ 463.790227][ C0] ? __cfi_worker_thread+0x10/0x10 [ 463.790240][ C0] ? __cfi_kthread+0x10/0x10 [ 463.790255][ C0] ret_from_fork+0x1f/0x30 [ 463.790274][ C0]