Re: [syzbot] [kernel?] INFO: task hung in restrict_one_thread_callback
From: syzbot
Date: Mon Feb 23 2026 - 22:05:21 EST
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
batadv0: Interface activated: batadv_slave_0
[ 74.866770][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.884996][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.894310][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.905283][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.914746][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.043478][ T58] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.127104][ T58] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.185369][ T58] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.334360][ T58] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.469719][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.490337][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.518222][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.526524][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/02/24 03:03:58 executed programs: 0
[ 76.930172][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 76.938217][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 76.948739][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 76.957301][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 76.965874][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.092846][ T5933] chnl_net:caif_netlink_parms(): no params data found
[ 77.162916][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.170555][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.178400][ T5933] bridge_slave_0: entered allmulticast mode
[ 77.187301][ T5933] bridge_slave_0: entered promiscuous mode
[ 77.195638][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.202901][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.210072][ T5933] bridge_slave_1: entered allmulticast mode
[ 77.217641][ T5933] bridge_slave_1: entered promiscuous mode
[ 77.246869][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.259177][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.296961][ T5933] team0: Port device team_slave_0 added
[ 77.305577][ T5933] team0: Port device team_slave_1 added
[ 77.330912][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 77.337915][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 77.363986][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 77.376893][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 77.383931][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 77.409943][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 77.455317][ T5933] hsr_slave_0: entered promiscuous mode
[ 77.463048][ T5933] hsr_slave_1: entered promiscuous mode
[ 77.469984][ T5933] debugfs: 'hsr0' already exists in 'hsr'
[ 77.475853][ T5933] Cannot create hsr debugfs directory
[ 77.989478][ T58] bridge_slave_1: left allmulticast mode
[ 77.997034][ T58] bridge_slave_1: left promiscuous mode
[ 78.003996][ T58] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.014607][ T58] bridge_slave_0: left allmulticast mode
[ 78.020289][ T58] bridge_slave_0: left promiscuous mode
[ 78.027158][ T58] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.170497][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 78.181273][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 78.191450][ T58] bond0 (unregistering): Released all slaves
[ 78.312349][ T58] hsr_slave_0: left promiscuous mode
[ 78.318549][ T58] hsr_slave_1: left promiscuous mode
[ 78.327463][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 78.335002][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 78.348743][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 78.357270][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 78.372232][ T58] veth1_macvtap: left promiscuous mode
[ 78.377993][ T58] veth0_macvtap: left promiscuous mode
[ 78.384521][ T58] veth1_vlan: left promiscuous mode
[ 78.390232][ T58] veth0_vlan: left promiscuous mode
[ 78.679788][ T58] team0 (unregistering): Port device team_slave_1 removed
[ 78.694967][ T58] team0 (unregistering): Port device team_slave_0 removed
[ 78.820049][ C0] list_del corruption, ffff88806e888490->next is NULL
[ 78.827266][ C0] ------------[ cut here ]------------
[ 78.832719][ C0] kernel BUG at lib/list_debug.c:53!
[ 78.838048][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 78.844303][ C0] CPU: 0 UID: 0 PID: 5487 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full)
[ 78.853223][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 78.863256][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 78.870177][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 40 c1 29 8c 48 89 de e8 c2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 b0 29 65 fc 90 0f 0b 4c 89
[ 78.889849][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 78.895995][ C0] RAX: 0000000000000033 RBX: ffff88806e888490 RCX: f63d3b529a1a7600
[ 78.903953][ C0] RDX: 0000000000000100 RSI: 0000000080000102 RDI: 0000000000000000
[ 78.911915][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 78.919872][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100dd11092
[ 78.927827][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 78.935780][ C0] FS: 00007f45c61e0740(0000) GS:ffff888125009000(0000) knlGS:0000000000000000
[ 78.944695][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 78.951264][ C0] CR2: 0000561094e94138 CR3: 000000003472a000 CR4: 00000000003526f0
[ 78.959224][ C0] Call Trace:
[ 78.962488][ C0] <IRQ>
[ 78.965324][ C0] dst_destroy+0x202/0x5a0
[ 78.969728][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 78.975693][ C0] ? rcu_core+0x751/0x1070
[ 78.980104][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10
[ 78.985381][ C0] rcu_core+0x7cd/0x1070
[ 78.989615][ C0] ? __pfx_rcu_core+0x10/0x10
[ 78.994277][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 79.000075][ C0] handle_softirqs+0x22a/0x870
[ 79.004841][ C0] ? do_softirq+0x76/0xd0
[ 79.009165][ C0] ? inet6_fill_ifla6_attrs+0x1150/0x25e0
[ 79.014877][ C0] do_softirq+0x76/0xd0
[ 79.019025][ C0] </IRQ>
[ 79.021949][ C0] <TASK>
[ 79.024871][ C0] __local_bh_enable_ip+0xf8/0x130
[ 79.029987][ C0] inet6_fill_ifla6_attrs+0x1150/0x25e0
[ 79.035523][ C0] ? __pfx_inet6_fill_ifla6_attrs+0x10/0x10
[ 79.041400][ C0] ? nla_put+0xd0/0x150
[ 79.045548][ C0] inet6_fill_link_af+0x9b/0x120
[ 79.050473][ C0] rtnl_fill_link_af+0x1c8/0x440
[ 79.055405][ C0] rtnl_fill_ifinfo+0x1e08/0x20f0
[ 79.060421][ C0] ? __pfx_rtnl_fill_ifinfo+0x10/0x10
[ 79.065866][ C0] ? __asan_memset+0x22/0x50
[ 79.070449][ C0] ? __nla_validate_parse+0x2480/0x2dc0
[ 79.076021][ C0] ? update_load_avg+0x1b0/0x1ec0
[ 79.081042][ C0] ? __lock_acquire+0x6b5/0x2cf0
[ 79.085985][ C0] ? xas_load+0x593/0x5b0
[ 79.090308][ C0] ? xa_find+0x25b/0x2b0
[ 79.094537][ C0] ? xa_find+0x8c/0x2b0
[ 79.098679][ C0] rtnl_dump_ifinfo+0xbb1/0x1180
[ 79.103609][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[ 79.109062][ C0] ? __lock_acquire+0x6b5/0x2cf0
[ 79.114005][ C0] ? trace_kmalloc+0x2a/0x110
[ 79.118667][ C0] ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0
[ 79.125243][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[ 79.130598][ C0] rtnl_dumpit+0xa2/0x200
[ 79.134926][ C0] netlink_dump+0x722/0xe80
[ 79.139430][ C0] ? __pfx_netlink_dump+0x10/0x10
[ 79.144446][ C0] ? __netlink_lookup+0x7e4/0x8b0
[ 79.149544][ C0] ? netlink_lookup+0x30/0x200
[ 79.154297][ C0] ? netlink_lookup+0x30/0x200
[ 79.159049][ C0] ? netlink_lookup+0x30/0x200
[ 79.163803][ C0] __netlink_dump_start+0x5cb/0x7e0
[ 79.168994][ C0] rtnetlink_rcv_msg+0xa3a/0xbe0
[ 79.173914][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[ 79.179273][ C0] ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 79.184367][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 79.189808][ C0] ? __pfx_rtnl_dumpit+0x10/0x10
[ 79.194727][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[ 79.200098][ C0] netlink_rcv_skb+0x232/0x4b0
[ 79.204854][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 79.210320][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 79.215638][ C0] ? netlink_deliver_tap+0x2e/0x1b0
[ 79.220896][ C0] netlink_unicast+0x80f/0x9b0
[ 79.225675][ C0] ? __pfx_netlink_unicast+0x10/0x10
[ 79.230970][ C0] ? netlink_sendmsg+0x650/0xb40
[ 79.235916][ C0] ? skb_put+0x11b/0x210
[ 79.240161][ C0] netlink_sendmsg+0x813/0xb40
[ 79.244919][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 79.250190][ C0] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 79.256599][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 79.261870][ C0] sock_sendmsg_nosec+0x18f/0x1d0
[ 79.266890][ C0] __sys_sendto+0x3ff/0x590
[ 79.271378][ C0] ? __pfx___sys_sendto+0x10/0x10
[ 79.276392][ C0] ? rcu_is_watching+0x15/0xb0
[ 79.281149][ C0] __x64_sys_sendto+0xde/0x100
[ 79.285900][ C0] do_syscall_64+0x14d/0xf80
[ 79.290478][ C0] ? trace_irq_disable+0x3b/0x150
[ 79.295493][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.301544][ C0] ? clear_bhb_loop+0x40/0x90
[ 79.306206][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.312116][ C0] RIP: 0033:0x7f45c626a407
[ 79.316533][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 79.336123][ C0] RSP: 002b:00007fff5ef7c930 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 79.344524][ C0] RAX: ffffffffffffffda RBX: 00007f45c61e0740 RCX: 00007f45c626a407
[ 79.352489][ C0] RDX: 0000000000000014 RSI: 00007fff5ef7c9c0 RDI: 0000000000000016
[ 79.360448][ C0] RBP: 00007fff5ef7c9a4 R08: 00007fff5ef7c9a4 R09: 000000000000000c
[ 79.368403][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff5ef9d2b0
[ 79.376357][ C0] R13: 00007f45c61e06c8 R14: 00007fff5ef7caa0 R15: 00007fff5ef8d080
[ 79.384327][ C0] </TASK>
[ 79.387327][ C0] Modules linked in:
[ 79.391216][ C0] ---[ end trace 0000000000000000 ]---
[ 79.396657][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 79.403589][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 40 c1 29 8c 48 89 de e8 c2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 b0 29 65 fc 90 0f 0b 4c 89
[ 79.423200][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 79.429261][ C0] RAX: 0000000000000033 RBX: ffff88806e888490 RCX: f63d3b529a1a7600
[ 79.437219][ C0] RDX: 0000000000000100 RSI: 0000000080000102 RDI: 0000000000000000
[ 79.445172][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 79.453132][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100dd11092
[ 79.461084][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 79.469035][ C0] FS: 00007f45c61e0740(0000) GS:ffff888125009000(0000) knlGS:0000000000000000
[ 79.477943][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 79.484508][ C0] CR2: 0000561094e94138 CR3: 000000003472a000 CR4: 00000000003526f0
[ 79.492468][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 79.500018][ C0] Kernel Offset: disabled
[ 79.504325][ C0] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1172046918=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at 1e62d198252
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"1e62d1982527c3b4e18df04d61f2560fa1f434cc\"
/usr/bin/ld: /tmp/ccL3cRx2.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11bac006580000
Tested on:
commit: 779cae95 Add linux-next specific files for 20260223
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=ee920513e4deca5f
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea2f5e9dfd468201817
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=15d8e55a580000