Warning: Permanently added '10.128.1.203' (ED25519) to the list of known hosts.
syzkaller login: [   86.625657][   T23] cfg80211: failed to load regulatory.db
2025/09/19 02:51:29 parsed 1 programs
[   90.241821][ T4196] cgroup: Unknown subsys name 'net'
[   90.419817][ T4196] cgroup: Unknown subsys name 'rlimit'
[   91.949793][ T4196] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   93.890088][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.903969][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.915996][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   93.931549][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.939594][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.948008][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   95.602798][ T4250] chnl_net:caif_netlink_parms(): no params data found
[   95.727292][ T4250] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.735102][ T4250] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.742958][ T4250] device bridge_slave_0 entered promiscuous mode
[   95.752149][ T4250] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.759321][ T4250] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.767272][ T4250] device bridge_slave_1 entered promiscuous mode
[   95.788549][ T4250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.799724][ T4250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.824420][ T4250] team0: Port device team_slave_0 added
[   95.831812][ T4250] team0: Port device team_slave_1 added
[   95.851381][ T4250] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.858670][ T4250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.884729][ T4250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.897311][ T4250] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.904409][ T4250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.930339][ T4250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.961823][ T4250] device hsr_slave_0 entered promiscuous mode
[   95.968868][ T4250] device hsr_slave_1 entered promiscuous mode
[   96.061899][ T4250] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.072870][ T4250] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.082425][ T4250] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.092024][ T4250] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.118344][ T4250] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.125573][ T4250] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.133569][ T4250] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.140694][ T4250] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.209797][ T4250] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.245844][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   96.256350][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.265572][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.279390][ T4250] 8021q: adding VLAN 0 to HW filter on device team0
[   96.311793][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   96.320517][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.327632][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.340537][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   96.349566][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.356781][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.395819][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   96.404954][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   96.420090][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   96.437909][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   96.446668][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   96.567657][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   96.575294][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   96.589348][ T4250] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.627586][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   96.638199][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   96.674864][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   96.683799][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   96.692263][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   96.700199][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   96.711610][ T4250] device veth0_vlan entered promiscuous mode
[   96.742942][ T4250] device veth1_vlan entered promiscuous mode
[   96.763836][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   96.772169][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   96.780847][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   96.790797][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   96.801925][ T4250] device veth0_macvtap entered promiscuous mode
[   96.813107][ T4250] device veth1_macvtap entered promiscuous mode
[   96.847159][ T4250] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.854825][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   96.862973][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   96.871916][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.880859][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.894476][ T4250] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.910513][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   96.919726][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   96.930238][ T4250] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.939418][ T4250] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.949561][ T4250] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.959429][ T4250] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/09/19 02:51:39 executed programs: 0
[   98.420563][ T4299] chnl_net:caif_netlink_parms(): no params data found
[   98.488778][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.496099][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.504789][ T4299] device bridge_slave_0 entered promiscuous mode
[   98.514816][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.521990][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.532919][ T4299] device bridge_slave_1 entered promiscuous mode
[   98.559196][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.570525][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.599658][ T4299] team0: Port device team_slave_0 added
[   98.607854][ T4299] team0: Port device team_slave_1 added
[   98.630270][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.637622][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.664019][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.677899][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.688391][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.717364][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.762261][ T4299] device hsr_slave_0 entered promiscuous mode
[   98.769311][ T4299] device hsr_slave_1 entered promiscuous mode
[   98.776347][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   98.785069][ T4299] Cannot create hsr debugfs directory
[   98.862434][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.304486][    T7] Bluetooth: hci0: command 0x0409 tx timeout
[  101.620804][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.659180][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.711290][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.797400][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.806499][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.816209][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.825777][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.881448][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.908914][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.917082][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.928191][ T4299] 8021q: adding VLAN 0 to HW filter on device team0
[  101.951933][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.962407][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.971497][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.978636][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.987675][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  102.011480][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.020281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.030814][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.037947][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.048627][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.067716][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.078356][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  102.088332][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.097394][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.109130][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  102.118795][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.141124][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  102.149813][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.160766][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  102.169839][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.194103][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.305127][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  102.312611][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  102.329758][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.357713][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  102.366736][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  102.381915][ T1437] device hsr_slave_0 left promiscuous mode
[  102.389307][ T1437] device hsr_slave_1 left promiscuous mode
[  102.393957][ T1108] Bluetooth: hci0: command 0x041b tx timeout
[  102.401728][ T1437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.409445][ T1437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.418533][ T1437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.426361][ T1437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.434197][ T1437] device bridge_slave_1 left promiscuous mode
[  102.441061][ T1437] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.455677][ T1437] device bridge_slave_0 left promiscuous mode
[  102.461905][ T1437] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.480295][ T1437] device veth1_macvtap left promiscuous mode
[  102.487271][ T1437] device veth0_macvtap left promiscuous mode
[  102.493673][ T1437] device veth1_vlan left promiscuous mode
[  102.499626][ T1437] device veth0_vlan left promiscuous mode
[  102.658436][ T1437] team0 (unregistering): Port device team_slave_1 removed
[  102.675371][ T1437] team0 (unregistering): Port device team_slave_0 removed
[  102.688401][ T1437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.703177][ T1437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.762282][ T1437] bond0 (unregistering): Released all slaves
[  102.822160][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  102.830802][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  102.840591][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  102.848724][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  102.859111][ T4299] device veth0_vlan entered promiscuous mode
[  102.872988][ T4299] device veth1_vlan entered promiscuous mode
[  102.902394][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  102.912696][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  102.920970][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  102.929805][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  102.940810][ T4299] device veth0_macvtap entered promiscuous mode
[  102.951564][ T4299] device veth1_macvtap entered promiscuous mode
[  102.985765][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.993171][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.002370][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.014520][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.021856][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.031926][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.043255][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.052909][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.061687][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.070795][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.137710][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.158027][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.167344][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.167795][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/09/19 02:51:44 executed programs: 2
[  103.176084][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.193179][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  104.463681][ T1334] Bluetooth: hci0: command 0x040f tx timeout
[  106.543439][ T1334] Bluetooth: hci0: command 0x0419 tx timeout
[  208.273292][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  208.280366][    C0] rcu: 	1-...!: (1 ticks this GP) idle=967/1/0x4000000000000000 softirq=6640/6640 fqs=0 
[  208.290865][    C0] 	(detected by 0, t=10502 jiffies, g=7357, q=527)
[  208.297393][    C0] Sending NMI from CPU 0 to CPUs 1:
[  208.302624][    C1] NMI backtrace for cpu 1
[  208.302652][    C1] CPU: 1 PID: 4320 Comm: syz.0.17 Not tainted syzkaller #0
[  208.302669][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  208.302686][    C1] RIP: 0010:__lock_acquire+0x6fb/0x7c60
[  208.302722][    C1] Code: 43 48 8d 04 9b 49 8d 5c c5 00 48 89 d8 48 c1 e8 03 42 0f b6 04 00 84 c0 75 45 8b 1b 48 8b 44 24 58 42 0f b6 04 00 84 c0 75 55 <48> 8b 44 24 18 33 18 41 ff ce 49 ff cf f7 c3 00 60 00 00 74 a8 e9
[  208.302736][    C1] RSP: 0018:ffffc90000dd0860 EFLAGS: 00000046
[  208.302750][    C1] RAX: 0000000000000000 RBX: 00000000000c4060 RCX: 0000000000000002
[  208.302761][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ffbc0c0
[  208.302772][    C1] RBP: ffffc90000dd0ab0 R08: dffffc0000000000 R09: fffffbfff1ff7819
[  208.302784][    C1] R10: fffffbfff1ff7819 R11: 1ffffffff1ff7818 R12: 0000000000000000
[  208.302796][    C1] R13: ffff8880229be450 R14: 0000000000000003 R15: 0000000000000001
[  208.302807][    C1] FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  208.302821][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.302832][    C1] CR2: 0000555562a33808 CR3: 000000007343f000 CR4: 00000000003506e0
[  208.302847][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.302857][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  208.302867][    C1] Call Trace:
[  208.302873][    C1]  <IRQ>
[  208.302881][    C1]  ? mark_lock+0x94/0x320
[  208.302907][    C1]  ? verify_lock_unused+0x140/0x140
[  208.302929][    C1]  ? verify_lock_unused+0x140/0x140
[  208.302947][    C1]  ? verify_lock_unused+0x140/0x140
[  208.302968][    C1]  ? reweight_entity+0x6e/0x460
[  208.302988][    C1]  lock_acquire+0x197/0x3f0
[  208.303005][    C1]  ? debug_object_activate+0x65/0x480
[  208.303029][    C1]  ? read_lock_is_recursive+0x10/0x10
[  208.303050][    C1]  ? do_raw_spin_lock+0x11d/0x280
[  208.303066][    C1]  _raw_spin_lock_irqsave+0xa4/0xf0
[  208.303087][    C1]  ? debug_object_activate+0x65/0x480
[  208.303105][    C1]  ? _raw_spin_lock+0x40/0x40
[  208.303126][    C1]  debug_object_activate+0x65/0x480
[  208.303145][    C1]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  208.303166][    C1]  enqueue_hrtimer+0x30/0x370
[  208.303186][    C1]  __hrtimer_run_queues+0x65a/0xc40
[  208.303207][    C1]  ? taprio_free_sched_cb+0x190/0x190
[  208.303230][    C1]  ? hrtimer_interrupt+0x8d0/0x8d0
[  208.303248][    C1]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[  208.303267][    C1]  hrtimer_interrupt+0x3bb/0x8d0
[  208.303295][    C1]  __sysvec_apic_timer_interrupt+0x137/0x4a0
[  208.303313][    C1]  sysvec_apic_timer_interrupt+0x9b/0xc0
[  208.303331][    C1]  </IRQ>
[  208.303336][    C1]  <TASK>
[  208.303341][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  208.303358][    C1] RIP: 0010:unwind_next_frame+0x129d/0x1d90
[  208.303384][    C1] Code: 0f 85 a0 02 00 00 c6 05 ef 60 21 0c 01 48 c7 c7 e0 81 08 8a e9 3d fa ff ff bf 01 00 00 00 e8 ea e6 1c 00 65 8b 0d cb e4 cd 7e <b0> 01 85 c9 0f 85 d3 02 00 00 e8 74 ef cb ff e9 c9 02 00 00 80 3d
[  208.303397][    C1] RSP: 0018:ffffc900031ff528 EFLAGS: 00000297
[  208.303410][    C1] RAX: 0000000080000001 RBX: ffffc900031ff5e8 RCX: 0000000080000000
[  208.303422][    C1] RDX: ffffc900031ff601 RSI: ffffc900031ff998 RDI: 00000000ffffffff
[  208.303434][    C1] RBP: ffffc900031ff630 R08: dffffc0000000000 R09: ffffc900031ff638
[  208.303446][    C1] R10: fffff5200063fec9 R11: 1ffff9200063fec7 R12: ffffc900031f8000
[  208.303459][    C1] R13: dffffc0000000000 R14: ffffc900031ff5f8 R15: ffffc900031ff9a8
[  208.303477][    C1]  ? unwind_next_frame+0x1296/0x1d90
[  208.303498][    C1]  ? ____kasan_slab_free+0xd5/0x110
[  208.303517][    C1]  ? stack_trace_save+0xe0/0xe0
[  208.303532][    C1]  arch_stack_walk+0x10c/0x140
[  208.303552][    C1]  ? slab_free_freelist_hook+0xea/0x170
[  208.303569][    C1]  ? kmem_cache_free+0x8f/0x210
[  208.303584][    C1]  stack_trace_save+0x98/0xe0
[  208.303599][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  208.303613][    C1]  ? __lock_acquire+0x13ad/0x7c60
[  208.303636][    C1]  ? memset+0x1e/0x40
[  208.303653][    C1]  kasan_set_track+0x4b/0x70
[  208.303668][    C1]  ? kasan_set_track+0x4b/0x70
[  208.303683][    C1]  ? kasan_set_free_info+0x1f/0x40
[  208.303699][    C1]  ? ____kasan_slab_free+0xd5/0x110
[  208.303735][    C1]  kasan_set_free_info+0x1f/0x40
[  208.303752][    C1]  ____kasan_slab_free+0xd5/0x110
[  208.303769][    C1]  slab_free_freelist_hook+0xea/0x170
[  208.303786][    C1]  ? unlink_anon_vmas+0x2c8/0x660
[  208.303801][    C1]  kmem_cache_free+0x8f/0x210
[  208.303818][    C1]  unlink_anon_vmas+0x2c8/0x660
[  208.303835][    C1]  free_pgtables+0x74/0x2a0
[  208.303857][    C1]  exit_mmap+0x39e/0x5f0
[  208.303874][    C1]  ? vm_brk+0x20/0x20
[  208.303895][    C1]  ? uprobe_clear_state+0x2f6/0x460
[  208.303911][    C1]  ? mm_update_next_owner+0x522/0x640
[  208.303931][    C1]  __mmput+0x115/0x3b0
[  208.303946][    C1]  exit_mm+0x567/0x6c0
[  208.303963][    C1]  ? xacct_add_tsk+0x4b0/0x4b0
[  208.303982][    C1]  ? do_exit+0x20a0/0x20a0
[  208.303999][    C1]  ? __ia32_sys_timer_delete+0x40/0x40
[  208.304016][    C1]  ? hrtimer_try_to_cancel+0x3c9/0x410
[  208.304033][    C1]  ? taskstats_exit+0x439/0xab0
[  208.304050][    C1]  ? tty_audit_exit+0x14e/0x1f0
[  208.304069][    C1]  do_exit+0x5a1/0x20a0
[  208.304088][    C1]  ? put_task_struct+0x80/0x80
[  208.304106][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  208.304126][    C1]  ? lock_chain_count+0x20/0x20
[  208.304144][    C1]  do_group_exit+0x12e/0x300
[  208.304164][    C1]  __x64_sys_exit_group+0x3b/0x40
[  208.304182][    C1]  do_syscall_64+0x4c/0xa0
[  208.304195][    C1]  ? clear_bhb_loop+0x30/0x80
[  208.304210][    C1]  ? clear_bhb_loop+0x30/0x80
[  208.304225][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  208.304241][    C1] RIP: 0033:0x7f25dc622ba9
[  208.304254][    C1] Code: Unable to access opcode bytes at RIP 0x7f25dc622b7f.
[  208.304261][    C1] RSP: 002b:00007ffc7023a5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  208.304275][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25dc622ba9
[  208.304286][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  208.304296][    C1] RBP: 0000000000000003 R08: 000000057023a69f R09: 00007f25dc835280
[  208.304306][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  208.304315][    C1] R13: 00007f25dc835280 R14: 0000000000000003 R15: 00007ffc7023a660
[  208.304331][    C1]  </TASK>
[  208.304618][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g7357 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  208.926899][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=2499
[  208.934712][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g7357 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  208.946001][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  208.955978][    C0] rcu: RCU grace-period kthread stack dump:
[  208.961882][    C0] task:rcu_preempt     state:I stack:27848 pid:   15 ppid:     2 flags:0x00004000
[  208.971107][    C0] Call Trace:
[  208.974403][    C0]  <TASK>
[  208.977352][    C0]  __schedule+0x11bb/0x4390
[  208.981881][    C0]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[  208.987275][    C0]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  208.993198][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  208.999114][    C0]  ? _raw_spin_unlock+0x40/0x40
[  209.003982][    C0]  ? rcu_is_watching+0x11/0xa0
[  209.008765][    C0]  ? release_firmware_map_entry+0x190/0x190
[  209.014824][    C0]  schedule+0x11b/0x1e0
[  209.019002][    C0]  schedule_timeout+0x15c/0x280
[  209.023883][    C0]  ? console_conditional_schedule+0x40/0x40
[  209.029805][    C0]  ? update_process_times+0x200/0x200
[  209.035204][    C0]  ? prepare_to_swait_event+0x331/0x350
[  209.040779][    C0]  rcu_gp_fqs_loop+0x29e/0x11b0
[  209.045767][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  209.050984][    C0]  ? rcu_gp_init+0xd58/0x10e0
[  209.055678][    C0]  ? rcu_gp_init+0x10e0/0x10e0
[  209.060462][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[  209.065681][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  209.070902][    C0]  rcu_gp_kthread+0x98/0x350
[  209.075511][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  209.080639][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  209.086558][    C0]  ? __kthread_parkme+0x157/0x1b0
[  209.091606][    C0]  kthread+0x436/0x520
[  209.095691][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  209.100817][    C0]  ? kthread_blkcg+0xd0/0xd0
[  209.105424][    C0]  ret_from_fork+0x1f/0x30
[  209.109874][    C0]  </TASK>
[  209.112906][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  209.119239][    C0] Sending NMI from CPU 0 to CPUs 1:
[  209.124457][    C1] NMI backtrace for cpu 1
[  209.124465][    C1] CPU: 1 PID: 4320 Comm: syz.0.17 Not tainted syzkaller #0
[  209.124480][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  209.124489][    C1] RIP: 0010:__hrtimer_run_queues+0x427/0xc40
[  209.124512][    C1] Code: 84 c0 0f 85 cd 04 00 00 41 21 1e 48 8b 44 24 18 4c 8d 70 28 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 19 7b 54 00 <49> 8b 06 48 89 44 24 60 48 8b 7c 24 40 48 8b b4 24 b8 00 00 00 e8
[  209.124525][    C1] RSP: 0018:ffffc90000dd0d20 EFLAGS: 00000046
[  209.124538][    C1] RAX: 1ffff1100475c96d RBX: 00000000fffffffd RCX: 0000000000000001
[  209.124550][    C1] RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000020
[  209.124559][    C1] RBP: ffffc90000dd0e98 R08: dffffc0000000000 R09: fffffbfff1ad323e
[  209.124576][    C1] R10: fffffbfff1ad323e R11: 1ffffffff1ad323d R12: ffff8880b912a350
[  209.124588][    C1] R13: 1ffff1101722546a R14: ffff888023ae4b68 R15: dffffc0000000000
[  209.124600][    C1] FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  209.124613][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  209.124624][    C1] CR2: 0000555562a33808 CR3: 000000007343f000 CR4: 00000000003506e0
[  209.124638][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  209.124647][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  209.124656][    C1] Call Trace:
[  209.124663][    C1]  <IRQ>
[  209.124673][    C1]  ? taprio_free_sched_cb+0x190/0x190
[  209.124697][    C1]  ? hrtimer_interrupt+0x8d0/0x8d0
[  209.124715][    C1]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[  209.124735][    C1]  hrtimer_interrupt+0x3bb/0x8d0
[  209.124765][    C1]  __sysvec_apic_timer_interrupt+0x137/0x4a0
[  209.124782][    C1]  sysvec_apic_timer_interrupt+0x9b/0xc0
[  209.124801][    C1]  </IRQ>
[  209.124805][    C1]  <TASK>
[  209.124810][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  209.124827][    C1] RIP: 0010:unwind_next_frame+0x129d/0x1d90
[  209.124846][    C1] Code: 0f 85 a0 02 00 00 c6 05 ef 60 21 0c 01 48 c7 c7 e0 81 08 8a e9 3d fa ff ff bf 01 00 00 00 e8 ea e6 1c 00 65 8b 0d cb e4 cd 7e <b0> 01 85 c9 0f 85 d3 02 00 00 e8 74 ef cb ff e9 c9 02 00 00 80 3d
[  209.124858][    C1] RSP: 0018:ffffc900031ff528 EFLAGS: 00000297
[  209.124870][    C1] RAX: 0000000080000001 RBX: ffffc900031ff5e8 RCX: 0000000080000000
[  209.124881][    C1] RDX: ffffc900031ff601 RSI: ffffc900031ff998 RDI: 00000000ffffffff
[  209.124892][    C1] RBP: ffffc900031ff630 R08: dffffc0000000000 R09: ffffc900031ff638
[  209.124904][    C1] R10: fffff5200063fec9 R11: 1ffff9200063fec7 R12: ffffc900031f8000
[  209.124916][    C1] R13: dffffc0000000000 R14: ffffc900031ff5f8 R15: ffffc900031ff9a8
[  209.124935][    C1]  ? unwind_next_frame+0x1296/0x1d90
[  209.124956][    C1]  ? ____kasan_slab_free+0xd5/0x110
[  209.124976][    C1]  ? stack_trace_save+0xe0/0xe0
[  209.124990][    C1]  arch_stack_walk+0x10c/0x140
[  209.125011][    C1]  ? slab_free_freelist_hook+0xea/0x170
[  209.125027][    C1]  ? kmem_cache_free+0x8f/0x210
[  209.125041][    C1]  stack_trace_save+0x98/0xe0
[  209.125056][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  209.125070][    C1]  ? __lock_acquire+0x13ad/0x7c60
[  209.125092][    C1]  ? memset+0x1e/0x40
[  209.125108][    C1]  kasan_set_track+0x4b/0x70
[  209.125123][    C1]  ? kasan_set_track+0x4b/0x70
[  209.125137][    C1]  ? kasan_set_free_info+0x1f/0x40
[  209.125153][    C1]  ? ____kasan_slab_free+0xd5/0x110
[  209.125193][    C1]  kasan_set_free_info+0x1f/0x40
[  209.125210][    C1]  ____kasan_slab_free+0xd5/0x110
[  209.125228][    C1]  slab_free_freelist_hook+0xea/0x170
[  209.125244][    C1]  ? unlink_anon_vmas+0x2c8/0x660
[  209.125259][    C1]  kmem_cache_free+0x8f/0x210
[  209.125277][    C1]  unlink_anon_vmas+0x2c8/0x660
[  209.125295][    C1]  free_pgtables+0x74/0x2a0
[  209.125317][    C1]  exit_mmap+0x39e/0x5f0
[  209.125335][    C1]  ? vm_brk+0x20/0x20
[  209.125358][    C1]  ? uprobe_clear_state+0x2f6/0x460
[  209.125374][    C1]  ? mm_update_next_owner+0x522/0x640
[  209.125395][    C1]  __mmput+0x115/0x3b0
[  209.125411][    C1]  exit_mm+0x567/0x6c0
[  209.125427][    C1]  ? xacct_add_tsk+0x4b0/0x4b0
[  209.125446][    C1]  ? do_exit+0x20a0/0x20a0
[  209.125463][    C1]  ? __ia32_sys_timer_delete+0x40/0x40
[  209.125480][    C1]  ? hrtimer_try_to_cancel+0x3c9/0x410
[  209.125497][    C1]  ? taskstats_exit+0x439/0xab0
[  209.125515][    C1]  ? tty_audit_exit+0x14e/0x1f0
[  209.125534][    C1]  do_exit+0x5a1/0x20a0
[  209.125554][    C1]  ? put_task_struct+0x80/0x80
[  209.125579][    C1]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  209.125599][    C1]  ? lock_chain_count+0x20/0x20
[  209.125619][    C1]  do_group_exit+0x12e/0x300
[  209.125639][    C1]  __x64_sys_exit_group+0x3b/0x40
[  209.125657][    C1]  do_syscall_64+0x4c/0xa0
[  209.125670][    C1]  ? clear_bhb_loop+0x30/0x80
[  209.125684][    C1]  ? clear_bhb_loop+0x30/0x80
[  209.125700][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  209.125716][    C1] RIP: 0033:0x7f25dc622ba9
[  209.125728][    C1] Code: Unable to access opcode bytes at RIP 0x7f25dc622b7f.
[  209.125735][    C1] RSP: 002b:00007ffc7023a5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  209.125749][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25dc622ba9
[  209.125759][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  209.125768][    C1] RBP: 0000000000000003 R08: 000000057023a69f R09: 00007f25dc835280
[  209.125778][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  209.125787][    C1] R13: 00007f25dc835280 R14: 0000000000000003 R15: 00007ffc7023a660
[  209.125805][    C1]  </TASK>
[  209.657631][    T7] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-... } 10627 jiffies s: 2797 root: 0x2/.
[  209.669953][    T7] rcu: blocking rcu_node structures (internal RCU debug):
[  209.677133][    T7] Task dump for CPU 1:
[  209.681211][    T7] task:syz.0.17        state:R  running task     stack:25536 pid: 4320 ppid:  4299 flags:0x00000008
[  209.692060][    T7] Call Trace:
[  209.695382][    T7]  <TASK>
[  209.698334][    T7]  ? ____kasan_slab_free+0xd5/0x110
[  209.703594][    T7]  ? stack_trace_save+0xe0/0xe0
[  209.708479][    T7]  ? arch_stack_walk+0x10c/0x140
[  209.713478][    T7]  ? slab_free_freelist_hook+0xea/0x170
[  209.719051][    T7]  ? kmem_cache_free+0x8f/0x210
[  209.723958][    T7]  ? stack_trace_save+0x98/0xe0
[  209.728832][    T7]  ? stack_trace_snprint+0xf0/0xf0
[  209.734025][    T7]  ? __lock_acquire+0x13ad/0x7c60
[  209.739096][    T7]  ? memset+0x1e/0x40
[  209.743104][    T7]  ? kasan_set_track+0x4b/0x70
[  209.747974][    T7]  ? kasan_set_track+0x4b/0x70
[  209.752776][    T7]  ? kasan_set_free_info+0x1f/0x40
[  209.757940][    T7]  ? ____kasan_slab_free+0xd5/0x110
[  209.763242][    T7]  ? kasan_set_free_info+0x1f/0x40
[  209.768381][    T7]  ? ____kasan_slab_free+0xd5/0x110
[  209.773629][    T7]  ? slab_free_freelist_hook+0xea/0x170
[  209.779199][    T7]  ? unlink_anon_vmas+0x2c8/0x660
[  209.784293][    T7]  ? kmem_cache_free+0x8f/0x210
[  209.789473][    T7]  ? unlink_anon_vmas+0x2c8/0x660
[  209.794603][    T7]  ? free_pgtables+0x74/0x2a0
[  209.799318][    T7]  ? exit_mmap+0x39e/0x5f0
[  209.803792][    T7]  ? vm_brk+0x20/0x20
[  209.807813][    T7]  ? uprobe_clear_state+0x2f6/0x460
[  209.813028][    T7]  ? mm_update_next_owner+0x522/0x640
[  209.818463][    T7]  ? __mmput+0x115/0x3b0
[  209.822730][    T7]  ? exit_mm+0x567/0x6c0
[  209.827018][    T7]  ? xacct_add_tsk+0x4b0/0x4b0
[  209.831806][    T7]  ? do_exit+0x20a0/0x20a0
[  209.836277][    T7]  ? __ia32_sys_timer_delete+0x40/0x40
[  209.841755][    T7]  ? hrtimer_try_to_cancel+0x3c9/0x410
[  209.847359][    T7]  ? taskstats_exit+0x439/0xab0
[  209.852246][    T7]  ? tty_audit_exit+0x14e/0x1f0
[  209.857256][    T7]  ? do_exit+0x5a1/0x20a0
[  209.861612][    T7]  ? put_task_struct+0x80/0x80
[  209.866434][    T7]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  209.872448][    T7]  ? lock_chain_count+0x20/0x20
[  209.877401][    T7]  ? do_group_exit+0x12e/0x300
[  209.882201][    T7]  ? __x64_sys_exit_group+0x3b/0x40
[  209.887461][    T7]  ? do_syscall_64+0x4c/0xa0
[  209.892084][    T7]  ? clear_bhb_loop+0x30/0x80
[  209.896807][    T7]  ? clear_bhb_loop+0x30/0x80
[  209.901504][    T7]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  209.907646][    T7]  </TASK>