Extracting prog: 29m24.275661348s
Minimizing prog: 55m11.006999718s
Simplifying prog options: 5m2.498700329s
Extracting C: 3m11.165114629s
Simplifying C: 0s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-connect$inet6-sendmmsg
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r1}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5a54}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r3}, 0x10)
bind$inet6(r0, 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$NFNL_MSG_ACCT_GET-syz_init_net_socket$netrom-connect$netrom-syz_init_net_socket$netrom-connect$netrom-listen-accept4-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$PROG_LOAD-accept4$netrom-writev-bind$inet6-recvmmsg
detailed listing:
executing program 0:
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000000107010200000000000001000500000514000783080001"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x200080c4)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r0, 0x1ad72f7)
accept4(r0, 0x0, 0x0, 0x80000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000061000000b70000004000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = accept4$netrom(r0, 0x0, 0x0, 0x80000)
writev(r2, &(0x7f00000001c0)=[{0x0}, {0x0}, {&(0x7f0000000000)='+.[\x00\v', 0x5}, {0x0}], 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000400), 0x400000000000351, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet-connect$inet-socket$nl_route-sendmsg$nl_route-sendto$inet-recvfrom$inet
detailed listing:
executing program 0:
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x1000000, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program crashed: INFO: rcu detected stall in sys_execve
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
socket(0x11, 0x800000003, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', <r0=>0x0})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r0, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
program crashed: INFO: rcu detected stall in worker_thread
a never seen crash title: INFO: rcu detected stall in worker_thread, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program crashed: INFO: rcu detected stall in worker_thread
a never seen crash title: INFO: rcu detected stall in worker_thread, ignore
reproducing took 1h32m48.946494773s
repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (2 ticks this GP) idle=e92c/1/0x4000000000000000 softirq=19418/19418 fqs=0
rcu: 	(detected by 1, t=10505 jiffies, g=13861, q=1109 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6129 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:debug_object_deactivate+0x9a/0x250 lib/debugobjects.c:-1
Code: 61 48 0f af c8 48 c1 e9 2f 83 e1 f8 4c 8d 3c c9 49 81 c7 60 0b c5 99 48 8d 1c c9 48 81 c3 68 0b c5 99 48 89 df e8 26 02 a1 06 <48> 89 04 24 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 2d
RSP: 0018:ffffc90000007ca8 EFLAGS: 00000046
RAX: 0000000000000802 RBX: ffffffff99d14690 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000007b80
RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000000f70 R12: ffff888033d4b340
R13: dffffc0000000000 R14: 1845f2b750979000 R15: ffffffff99d14688
FS:  0000000000000000(0000) GS:ffff888125c4d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7e9e414f98 CR3: 000000007e012000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 debug_hrtimer_deactivate kernel/time/hrtimer.c:450 [inline]
 debug_deactivate+0x1d/0x200 kernel/time/hrtimer.c:490
 __run_hrtimer kernel/time/hrtimer.c:1729 [inline]
 __hrtimer_run_queues+0x2b0/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:-1 [inline]
RIP: 0010:unwind_next_frame+0xc3f/0x2390 arch/x86/kernel/unwind_orc.c:585
Code: 85 f9 0c 00 00 48 8d 43 08 4c 39 f8 0f 97 c1 4c 39 e0 0f 96 c0 20 c8 3c 01 0f 85 df 0c 00 00 48 89 df e8 84 23 00 00 48 89 c3 <48> bd 00 00 00 00 00 fc ff df 48 8b 44 24 30 80 3c 28 00 4c 8b 7c
RSP: 0018:ffffc9000466f0d8 EFLAGS: 00000202
RAX: ffffffff8214c858 RBX: ffffffff8214c858 RCX: 1ffff920008cde01
RDX: ffffffff903c7690 RSI: 0000000000000002 RDI: ffffc9000466f698
RBP: 1ffff920008cde36 R08: 0000000000000008 R09: ffffffff81729de5
R10: ffffc9000466f1f8 R11: ffffffff81acf940 R12: ffffc90004670000
R13: 1ffff920008cde37 R14: ffffc9000466f1a8 R15: ffffc90004668000
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359
 kmalloc_noprof include/linux/slab.h:905 [inline]
 slab_free_hook mm/slub.c:2333 [inline]
 slab_free mm/slub.c:4643 [inline]
 kmem_cache_free+0x166/0x400 mm/slub.c:4745
 remove_vma mm/vma.c:465 [inline]
 vms_complete_munmap_vmas+0x626/0x8a0 mm/vma.c:1302
 do_vmi_align_munmap+0x358/0x420 mm/vma.c:1545
 do_vmi_munmap+0x253/0x2e0 mm/vma.c:1593
 __vm_munmap+0x23b/0x3d0 mm/vma.c:3122
 elf_map fs/binfmt_elf.c:382 [inline]
 elf_load+0x2c3/0x6c0 fs/binfmt_elf.c:407
 load_elf_binary+0xec6/0x2790 fs/binfmt_elf.c:1147
 search_binary_handler fs/exec.c:1665 [inline]
 exec_binprm fs/exec.c:1697 [inline]
 bprm_execve+0x999/0x1450 fs/exec.c:1749
 do_execveat_common+0x510/0x6a0 fs/exec.c:1855
 do_execve fs/exec.c:1929 [inline]
 __do_sys_execve fs/exec.c:2005 [inline]
 __se_sys_execve fs/exec.c:2000 [inline]
 __x64_sys_execve+0x94/0xb0 fs/exec.c:2000
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f239bfc1ff7
Code: Unable to access opcode bytes at 0x7f239bfc1fcd.
RSP: 002b:00007f239cd0fdf8 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007ffff98ddef7 RCX: 00007f239bfc1ff7
RDX: 00007ffff98db890 RSI: 00007ffff98dbad0 RDI: 00007ffff98ddef7
RBP: 00007f239cd0fe70 R08: 00007f239cd0ff20 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000202 R12: 00007ffff98dbad0
R13: 00007ffff98db890 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10504 jiffies! g13861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=0 timer-softirq=16668
rcu: rcu_preempt kthread starved for 10505 jiffies! g13861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x16f5/0x4d00 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6878
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2256
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (2 ticks this GP) idle=e92c/1/0x4000000000000000 softirq=19418/19418 fqs=0
rcu: 	(detected by 1, t=10505 jiffies, g=13861, q=1109 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6129 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:debug_object_deactivate+0x9a/0x250 lib/debugobjects.c:-1
Code: 61 48 0f af c8 48 c1 e9 2f 83 e1 f8 4c 8d 3c c9 49 81 c7 60 0b c5 99 48 8d 1c c9 48 81 c3 68 0b c5 99 48 89 df e8 26 02 a1 06 <48> 89 04 24 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 2d
RSP: 0018:ffffc90000007ca8 EFLAGS: 00000046
RAX: 0000000000000802 RBX: ffffffff99d14690 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000007b80
RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000000f70 R12: ffff888033d4b340
R13: dffffc0000000000 R14: 1845f2b750979000 R15: ffffffff99d14688
FS:  0000000000000000(0000) GS:ffff888125c4d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7e9e414f98 CR3: 000000007e012000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 debug_hrtimer_deactivate kernel/time/hrtimer.c:450 [inline]
 debug_deactivate+0x1d/0x200 kernel/time/hrtimer.c:490
 __run_hrtimer kernel/time/hrtimer.c:1729 [inline]
 __hrtimer_run_queues+0x2b0/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:-1 [inline]
RIP: 0010:unwind_next_frame+0xc3f/0x2390 arch/x86/kernel/unwind_orc.c:585
Code: 85 f9 0c 00 00 48 8d 43 08 4c 39 f8 0f 97 c1 4c 39 e0 0f 96 c0 20 c8 3c 01 0f 85 df 0c 00 00 48 89 df e8 84 23 00 00 48 89 c3 <48> bd 00 00 00 00 00 fc ff df 48 8b 44 24 30 80 3c 28 00 4c 8b 7c
RSP: 0018:ffffc9000466f0d8 EFLAGS: 00000202
RAX: ffffffff8214c858 RBX: ffffffff8214c858 RCX: 1ffff920008cde01
RDX: ffffffff903c7690 RSI: 0000000000000002 RDI: ffffc9000466f698
RBP: 1ffff920008cde36 R08: 0000000000000008 R09: ffffffff81729de5
R10: ffffc9000466f1f8 R11: ffffffff81acf940 R12: ffffc90004670000
R13: 1ffff920008cde37 R14: ffffc9000466f1a8 R15: ffffc90004668000
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359
 kmalloc_noprof include/linux/slab.h:905 [inline]
 slab_free_hook mm/slub.c:2333 [inline]
 slab_free mm/slub.c:4643 [inline]
 kmem_cache_free+0x166/0x400 mm/slub.c:4745
 remove_vma mm/vma.c:465 [inline]
 vms_complete_munmap_vmas+0x626/0x8a0 mm/vma.c:1302
 do_vmi_align_munmap+0x358/0x420 mm/vma.c:1545
 do_vmi_munmap+0x253/0x2e0 mm/vma.c:1593
 __vm_munmap+0x23b/0x3d0 mm/vma.c:3122
 elf_map fs/binfmt_elf.c:382 [inline]
 elf_load+0x2c3/0x6c0 fs/binfmt_elf.c:407
 load_elf_binary+0xec6/0x2790 fs/binfmt_elf.c:1147
 search_binary_handler fs/exec.c:1665 [inline]
 exec_binprm fs/exec.c:1697 [inline]
 bprm_execve+0x999/0x1450 fs/exec.c:1749
 do_execveat_common+0x510/0x6a0 fs/exec.c:1855
 do_execve fs/exec.c:1929 [inline]
 __do_sys_execve fs/exec.c:2005 [inline]
 __se_sys_execve fs/exec.c:2000 [inline]
 __x64_sys_execve+0x94/0xb0 fs/exec.c:2000
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f239bfc1ff7
Code: Unable to access opcode bytes at 0x7f239bfc1fcd.
RSP: 002b:00007f239cd0fdf8 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007ffff98ddef7 RCX: 00007f239bfc1ff7
RDX: 00007ffff98db890 RSI: 00007ffff98dbad0 RDI: 00007ffff98ddef7
RBP: 00007f239cd0fe70 R08: 00007f239cd0ff20 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000202 R12: 00007ffff98dbad0
R13: 00007ffff98db890 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10504 jiffies! g13861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=0 timer-softirq=16668
rcu: rcu_preempt kthread starved for 10505 jiffies! g13861 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x16f5/0x4d00 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6878
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2256
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>