Extracting prog: 5m25.335325846s
Minimizing prog: 55m6.283645762s
Simplifying prog options: 0s
Extracting C: 2m31.790031695s
Simplifying C: 23m21.30889503s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program crashed: INFO: rcu detected stall in corrupted
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, 0x0)
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
r0 = socket(0x8, 0x4, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, &(0x7f0000000040)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x6, 'syz0\x00', @bcast, 0xffffffff, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
reproducing took 1h36m51.733708637s
repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 0-...!: (1 GPs behind) idle=34d4/1/0x4000000000000000 softirq=19688/19691 fqs=2
rcu: (detected by 1, t=10502 jiffies, g=15265, q=710 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6978 Comm: syz.0.252 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:atm_dev_release_vccs+0xba/0x360 net/atm/common.c:275
Code: 74 12 4c 89 ff e8 a6 a4 96 f7 48 b9 00 00 00 00 00 fc ff df 49 8b 5e 68 4d 8d a6 98 05 00 00 4c 89 e0 48 c1 e8 03 80 3c 08 00 <74> 08 4c 89 e7 e8 7c a4 96 f7 4d 39 2c 24 74 13 e8 d1 54 30 f7 48
RSP: 0018:ffffc9000c5a7bc0 EFLAGS: 00000046
RAX: 1ffff1100eb50ab3 RBX: ffff888075a85068 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc9000c5a7aa0
RBP: 1ffff1100eb50a0d R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520018b4f54 R12: ffff888075a85598
R13: ffff88807c56f000 R14: ffff888075a85000 R15: ffff888075a85068
FS: 0000555591c37500(0000) GS:ffff888125a3e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f79278c8000 CR3: 0000000077af0000 CR4: 00000000003526f0
Call Trace:
atm_dev_deregister+0x187/0x2e0 net/atm/resources.c:151
atmtcp_c_close+0x102/0x150 drivers/atm/atmtcp.c:257
vcc_destroy_socket net/atm/common.c:181 [inline]
vcc_release+0x10f/0x580 net/atm/common.c:205
__sock_release+0xb9/0x250 net/socket.c:657
sock_close+0x1c/0x30 net/socket.c:1461
__fput+0x44c/0xa70 fs/file_table.c:468
task_work_run+0x1d4/0x260 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
exit_to_user_mode_loop+0xff/0x4f0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9e2fb8f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdef2b4928 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000001cb7d RCX: 00007f9e2fb8f749
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f9e2fde7da0 R08: 0000000000000001 R09: 00000007ef2b4c1f
R10: 0000001b2f420000 R11: 0000000000000246 R12: 00007f9e2fde5fac
R13: 00007f9e2fde5fa0 R14: ffffffffffffffff R15: 00007ffdef2b4a40
rcu: rcu_preempt kthread starved for 10498 jiffies! g15265 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27256 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5257 [inline]
__schedule+0x14bc/0x5000 kernel/sched/core.c:6864
__schedule_loop kernel/sched/core.c:6946 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6961
schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 6984 Comm: modprobe Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0xccf/0x12b0 kernel/smp.c:877
Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 1a 9a 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 c5 95 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 a9 95
RSP: 0018:ffffc9000c52f580 EFLAGS: 00000293
RAX: ffffffff81b64a57 RBX: 1ffff110170c856d RCX: ffff888058bf3d00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c52f700 R08: ffffffff8fbf8277 R09: 1ffffffff1f7f04e
R10: dffffc0000000000 R11: fffffbfff1f7f04f R12: ffff8880b8642b68
R13: dffffc0000000000 R14: ffff8880b873bb00 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125b3e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7927895e9c CR3: 000000000e138000 CR4: 00000000003526f0
Call Trace:
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043
__flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
flush_tlb_multi arch/x86/mm/tlb.c:1382 [inline]
flush_tlb_mm_range+0x6b1/0x1280 arch/x86/mm/tlb.c:1472
tlb_flush arch/x86/include/asm/tlb.h:23 [inline]
tlb_flush_mmu_tlbonly include/asm-generic/tlb.h:490 [inline]
tlb_flush_mmu+0x1a7/0x680 mm/mmu_gather.c:403
tlb_finish_mmu+0xc3/0x1d0 mm/mmu_gather.c:497
free_ldt_pgtables+0x17b/0x320 arch/x86/kernel/ldt.c:411
arch_exit_mmap arch/x86/include/asm/mmu_context.h:234 [inline]
exit_mmap+0x174/0xb10 mm/mmap.c:1263
__mmput+0x118/0x430 kernel/fork.c:1173
exit_mm+0x1da/0x2c0 kernel/exit.c:581
do_exit+0x658/0x2310 kernel/exit.c:959
do_group_exit+0x21c/0x2d0 kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f79279f46c5
Code: Unable to access opcode bytes at 0x7f79279f469b.
RSP: 002b:00007ffebce24788 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f7927af5fe8 RCX: 00007f79279f46c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000001
RBP: 0000000000000001 R08: 00007ffebce24718 R09: 0000000000000000
R10: 00007ffebce245b0 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f7927af4680 R15: 00007f7927af6000
report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-syz_init_net_socket$bt_hci-close-syz_open_procfs$namespace-socket-ioctl$sock_netrom_SIOCADDRT-ioctl$sock_netrom_SIOCADDRT
program crashed: INFO: rcu detected stall in corrupted
final repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 1-...!: (0 ticks this GP) idle=d24c/1/0x4000000000000000 softirq=13728/13728 fqs=0
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5872/3:b..l
rcu: (detected by 0, t=10502 jiffies, g=11601, q=271 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5867 Comm: syz-executor564 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:atm_dev_release_vccs+0x7a/0x360 net/atm/common.c:273
Code: 4c 89 f7 e8 e8 a4 96 f7 4d 8b 36 4d 85 f6 0f 94 c0 49 83 c6 98 0f 94 c1 08 c1 74 0a e8 2f 55 30 f7 e9 ac 02 00 00 4d 8d 7e 68 <4c> 89 fd 48 c1 ed 03 48 b9 00 00 00 00 00 fc ff df 80 7c 0d 00 00
RSP: 0018:ffffc900041afa60 EFLAGS: 00000093
RAX: ffffffff8a918d21 RBX: ffff888021ad2000 RCX: ffff888033b2bd00
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffc900041af940
RBP: 1ffff1100435a40d R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000835f28 R12: ffff888021ad2598
R13: ffff8881432be000 R14: ffff888021ad2000 R15: ffff888021ad2068
FS: 0000000000000000(0000) GS:ffff888125b3e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f684bc6d000 CR3: 00000000733f6000 CR4: 00000000003526f0
Call Trace:
atm_dev_deregister+0x187/0x2e0 net/atm/resources.c:151
atmtcp_c_close+0x102/0x150 drivers/atm/atmtcp.c:257
vcc_destroy_socket net/atm/common.c:181 [inline]
vcc_release+0x10f/0x580 net/atm/common.c:205
__sock_release+0xb9/0x250 net/socket.c:657
sock_close+0x1c/0x30 net/socket.c:1461
__fput+0x44c/0xa70 fs/file_table.c:468
task_work_run+0x1d4/0x260 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x6c5/0x2310 kernel/exit.c:971
do_group_exit+0x21c/0x2d0 kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f37aadc06b9
Code: Unable to access opcode bytes at 0x7f37aadc068f.
RSP: 002b:00007ffc9ed804f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f37aadc06b9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f37aae4c2b0 R08: ffffffffffffffb0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37aae4c2b0
R13: 0000000000000000 R14: 00007f37aae4ce40 R15: 00007f37aad8e430
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.048 msecs
task:modprobe state:R running task stack:24312 pid:5872 tgid:5872 ppid:3462 task_flags:0x400000 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5257 [inline]
__schedule+0x14bc/0x5000 kernel/sched/core.c:6864
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7048
preempt_schedule+0xae/0xc0 kernel/sched/core.c:7072
preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
__raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
filemap_map_pages+0x192d/0x1fd0 mm/filemap.c:3931
do_fault_around mm/memory.c:5713 [inline]
do_read_fault mm/memory.c:5746 [inline]
do_fault mm/memory.c:5889 [inline]
do_pte_missing+0x20b0/0x3330 mm/memory.c:4401
handle_pte_fault mm/memory.c:6273 [inline]
__handle_mm_fault mm/memory.c:6411 [inline]
handle_mm_fault+0x1b26/0x32b0 mm/memory.c:6580
do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f684bc6d000
RSP: 002b:00007fff62ba9248 EFLAGS: 00010206
RAX: 00007f684bc6d000 RBX: 00007f684bd1f0c0 RCX: 00007fff62ba92f0
RDX: 00007fff62ba92f0 RSI: 00007fff62ba92c8 RDI: 0000000000000004
RBP: 0000000000000004 R08: 00000000000001e0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff62ba92c8
R13: 00007fff62ba92f0 R14: 00007f684bd5f310 R15: 0000000000000000
rcu: rcu_preempt kthread starved for 10502 jiffies! g11601 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27784 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5257 [inline]
__schedule+0x14bc/0x5000 kernel/sched/core.c:6864
__schedule_loop kernel/sched/core.c:6946 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6961
schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 5869 Comm: modprobe Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0xccf/0x12b0 kernel/smp.c:877
Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 1a 9a 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 c5 95 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 a9 95
RSP: 0018:ffffc900041ef580 EFLAGS: 00000293
RAX: ffffffff81b64a57 RBX: 1ffff110170e8129 RCX: ffff888078068000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc900041ef700 R08: ffffffff8fbf8277 R09: 1ffffffff1f7f04e
R10: dffffc0000000000 R11: fffffbfff1f7f04f R12: ffff8880b8740948
R13: dffffc0000000000 R14: ffff8880b863bb00 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff888125a3e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa5a0ad3e9c CR3: 000000000e138000 CR4: 00000000003526f0
Call Trace:
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043
__flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
flush_tlb_multi arch/x86/mm/tlb.c:1382 [inline]
flush_tlb_mm_range+0x6b1/0x1280 arch/x86/mm/tlb.c:1472
tlb_flush arch/x86/include/asm/tlb.h:23 [inline]
tlb_flush_mmu_tlbonly include/asm-generic/tlb.h:490 [inline]
tlb_flush_mmu+0x1a7/0x680 mm/mmu_gather.c:403
tlb_finish_mmu+0xc3/0x1d0 mm/mmu_gather.c:497
free_ldt_pgtables+0x17b/0x320 arch/x86/kernel/ldt.c:411
arch_exit_mmap arch/x86/include/asm/mmu_context.h:234 [inline]
exit_mmap+0x174/0xb10 mm/mmap.c:1263
__mmput+0x118/0x430 kernel/fork.c:1173
exit_mm+0x1da/0x2c0 kernel/exit.c:581
do_exit+0x658/0x2310 kernel/exit.c:959
do_group_exit+0x21c/0x2d0 kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa5a0c326c5
Code: Unable to access opcode bytes at 0x7fa5a0c3269b.
RSP: 002b:00007fff39102af8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fa5a0d33fe8 RCX: 00007fa5a0c326c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000001
RBP: 0000000000000001 R08: 00007fff39102a88 R09: 0000000000000000
R10: 00007fff39102920 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fa5a0d32680 R15: 00007fa5a0d34000