syzbot

INFO: task syz.2.33:429 blocked for more than 122 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.33        state:D stack:0     pid:429   tgid:429   ppid:290    flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5945 [inline]
 __schedule+0x1322/0x1df0 kernel/sched/core.c:7791
 __schedule_loop kernel/sched/core.c:7872 [inline]
 schedule+0xc6/0x240 kernel/sched/core.c:7887
 schedule_timeout+0xb2/0x3a0 kernel/time/timer.c:2595
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common+0x359/0x630 kernel/sched/completion.c:127
 wait_for_completion+0x1c/0x40 kernel/sched/completion.c:148
 rcu_barrier+0x415/0x530 kernel/rcu/tree.c:4657
 kvm_mmu_uninit_tdp_mmu+0x1df/0x210 arch/x86/kvm/mmu/tdp_mmu.c:51
 kvm_mmu_uninit_vm+0x27/0x60 arch/x86/kvm/mmu/mmu.c:6572
 kvm_arch_destroy_vm+0x383/0x410 arch/x86/kvm/x86.c:12898
 kvm_destroy_vm virt/kvm/kvm_main.c:1355 [inline]
 kvm_put_kvm+0xb04/0x12b0 virt/kvm/kvm_main.c:1391
 kvm_vm_release+0x47/0x70 virt/kvm/kvm_main.c:1414
 __fput+0x1fb/0xa00 fs/file_table.c:429
 ____fput+0x20/0x30 fs/file_table.c:457
 task_work_run+0x1e3/0x250 kernel/task_work.c:240
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0x9bc/0x2630 kernel/exit.c:953
 do_group_exit+0x22a/0x300 kernel/exit.c:1095
 get_signal+0x139d/0x14f0 kernel/signal.c:2933
 arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fc92f1c14a5
RSP: 002b:00007fc930050f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007fc92f3b5fa0 RCX: 00007fc92f1c14a5
RDX: 00007fc930050fc0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fc92f211e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007fc92f3b6038 R14: 00007fc92f3b5fa0 R15: 00007ffc93a4b068
 </TASK>
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 530b3ddaa03db34d09c0fae50fba32de8d319ece
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 nmi_cpu_backtrace+0x2bf/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x142/0x2c0 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:41
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:267 [inline]
 watchdog+0xd8f/0xed0 kernel/hung_task.c:423
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x67/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 33 Comm: rcuop/1 Not tainted syzkaller #0 530b3ddaa03db34d09c0fae50fba32de8d319ece
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025
RIP: 0010:veth_xmit+0x4/0x820 drivers/net/veth.c:345
Code: e8 e1 fb 73 fe eb cf 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 00 87 8f c9 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <55> 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 38 48 89 f3 49 89
RSP: 0018:ffffc900002301a8 EFLAGS: 00000247
RAX: 1ffffffff0c88378 RBX: dffffc0000000000 RCX: ffff88810367a600
RDX: 0000000000000100 RSI: ffff88812f7ec000 RDI: ffff888132e0f000
RBP: ffffc90000230270 R08: ffff88810367a600 R09: 0000000000000002
R10: 0000000000000000 R11: ffffffff836810d0 R12: 1ffffffff0e41b52
R13: ffffffff86441bc0 R14: ffff888132e0f000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f59e37811b8 CR3: 000000010b34e000 CR4: 00000000003526b0
Call Trace:
 <IRQ>
 __dev_queue_xmit+0x19cc/0x3790 net/core/dev.c:4514
 dev_queue_xmit include/linux/netdevice.h:3141 [inline]
 br_dev_queue_push_xmit+0x553/0x6d0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:317 [inline]
 br_forward_finish net/bridge/br_forward.c:66 [inline]
 NF_HOOK include/linux/netfilter.h:317 [inline]
 __br_forward+0x25c/0x390 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 br_flood+0x67e/0x730 net/bridge/br_forward.c:245
 br_handle_frame_finish+0x12bb/0x1720 net/bridge/br_input.c:215
 nf_hook_bridge_pre net/bridge/br_input.c:301 [inline]
 br_handle_frame+0x5a6/0xba0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xf48/0x3940 net/core/dev.c:5651
 __netif_receive_skb_one_core net/core/dev.c:5755 [inline]
 __netif_receive_skb net/core/dev.c:5870 [inline]
 process_backlog+0x3e5/0xae0 net/core/dev.c:6206
 __napi_poll+0xd0/0x610 net/core/dev.c:6857
 napi_poll net/core/dev.c:6926 [inline]
 net_rx_action+0x584/0xce0 net/core/dev.c:7048
 handle_softirqs+0x1ab/0x630 kernel/softirq.c:621
 __do_softirq+0xf/0x16 kernel/softirq.c:659
 do_softirq+0xa6/0x100 kernel/softirq.c:503
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x74/0x80 kernel/softirq.c:430
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_do_batch+0x5c6/0xd20 kernel/rcu/tree.c:2594
 nocb_cb_wait kernel/rcu/tree_nocb.h:923 [inline]
 rcu_nocb_cb_kthread+0x4dc/0xac0 kernel/rcu/tree_nocb.h:957
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x67/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
net_ratelimit: 89133 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:1c:af:c8:65:3c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:1c:af:c8:65:3c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)