[syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    cc3aa43b44bd Add linux-next specific files for 20251219
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1252109a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f7a09bf3b9133d9d
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14eb1022580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13cc18fc580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b1b23d9783ee/disk-cc3aa43b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/07451939cf74/vmlinux-cc3aa43b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5ddf385746f/bzImage-cc3aa43b.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3d5461510f8dc4adfe30@syzkaller.appspotmail.com

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 1, t=10502 jiffies, g=14269, q=1142 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4294965239-4294954739), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10500 jiffies! g14269 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5258 [inline]
 __schedule+0x150e/0x5070 kernel/sched/core.c:6866
 __schedule_loop kernel/sched/core.c:6948 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6963
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6253 Comm: syz.1.63 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:_raw_spin_unlock_irqrestore+0x4b/0x110 kernel/locking/spinlock.c:193
Code: fb 60 5a 07 48 89 44 24 48 48 c7 04 24 b3 8a b5 41 48 c7 44 24 08 96 3d b2 8d 48 c7 44 24 10 00 df 69 8b 49 89 e7 49 c1 ef 03 <48> b8 f1 f1 f1 f1 00 f3 f3 f3 49 bc 00 00 00 00 00 fc ff df 4b 89
RSP: 0018:ffffc90000007ca0 EFLAGS: 00000802
RAX: 5de15cb931505900 RBX: 0000000000000806 RCX: ffff88802eff1e80
RDX: 0000000000010000 RSI: 0000000000000806 RDI: ffff8880b8628240
RBP: ffffc90000007d30 R08: ffffffff8fc3d077 R09: 1ffffffff1f87a0e
R10: dffffc0000000000 R11: fffffbfff1f87a0f R12: ffff888078156180
R13: dffffc0000000000 R14: ffff8880b8628240 R15: 1ffff92000000f94
FS:  00007f635365c6c0(0000) GS:ffff8881259dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31363fff CR3: 000000004c992000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __run_hrtimer kernel/time/hrtimer.c:1773 [inline]
 __hrtimer_run_queues+0x408/0xc30 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x102/0x3e0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194
Code: 74 05 e8 0b f4 5f f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 23 6b 27 f6 65 8b 05 7c 60 5a 07 85 c0 74 40 48 c7 04 24 0e 36
RSP: 0018:ffffc900040a7320 EFLAGS: 00000206
RAX: 5de15cb931505900 RBX: 0000000000000a06 RCX: 5de15cb931505900
RDX: 0000000000000007 RSI: ffffffff8daa9dc3 RDI: 0000000000000001
RBP: ffffc900040a73b0 R08: ffffffff8fc3d077 R09: 1ffffffff1f87a0e
R10: dffffc0000000000 R11: fffffbfff1f87a0f R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8880b8628240 R15: 1ffff92000814e64
 hrtimer_start include/linux/hrtimer.h:259 [inline]
 stimer_start arch/x86/kvm/hyperv.c:682 [inline]
 kvm_hv_process_stimers+0xd0a/0x16a0 arch/x86/kvm/hyperv.c:893
 vcpu_enter_guest arch/x86/kvm/x86.c:11193 [inline]
 vcpu_run+0x2240/0x76b0 arch/x86/kvm/x86.c:11639
 kvm_arch_vcpu_ioctl_run+0x1148/0x1c90 arch/x86/kvm/x86.c:11984
 kvm_vcpu_ioctl+0x99a/0xed0 virt/kvm/kvm_main.c:4492
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f635278f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f635365c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f63529e5fa0 RCX: 00007f635278f749
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00007f6352813f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f63529e6038 R14: 00007f63529e5fa0 R15: 00007ffd5b219358
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[Carlos López]

#syz test: upstream master

diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index 4438ecac9a89..d0e250d33ff0 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -626,6 +626,17 @@ static enum hrtimer_restart stimer_timer_callback(struct hrtimer *timer)
 	return HRTIMER_NORESTART;
 }
 
+/*
+ * Translate a stimer expiry given in 100ns reference ticks into an absolute
+ * deadline. Saturates on overflow.
+ */
+static ktime_t stimer_add_delta(ktime_t now, u64 delta_100ns)
+{
+	if (delta_100ns > KTIME_MAX / 100)
+		return KTIME_MAX;
+	return ktime_add_safe(now, 100 * delta_100ns);
+}
+
 /*
  * stimer_start() assumptions:
  * a) stimer->count is not equal to 0
@@ -635,6 +646,7 @@ static int stimer_start(struct kvm_vcpu_hv_stimer *stimer)
 {
 	u64 time_now;
 	ktime_t ktime_now;
+	ktime_t deadline;
 
 	time_now = get_time_ref_counter(hv_stimer_to_vcpu(stimer)->kvm);
 	ktime_now = ktime_get();
@@ -657,10 +669,8 @@ static int stimer_start(struct kvm_vcpu_hv_stimer *stimer)
 					stimer->index,
 					time_now, stimer->exp_time);
 
-		hrtimer_start(&stimer->timer,
-			      ktime_add_ns(ktime_now,
-					   100 * (stimer->exp_time - time_now)),
-			      HRTIMER_MODE_ABS);
+		deadline = stimer_add_delta(ktime_now, stimer->exp_time - time_now);
+		hrtimer_start(&stimer->timer, deadline, HRTIMER_MODE_ABS);
 		return 0;
 	}
 	stimer->exp_time = stimer->count;
@@ -679,9 +689,9 @@ static int stimer_start(struct kvm_vcpu_hv_stimer *stimer)
 					   stimer->index,
 					   time_now, stimer->count);
 
-	hrtimer_start(&stimer->timer,
-		      ktime_add_ns(ktime_now, 100 * (stimer->count - time_now)),
-		      HRTIMER_MODE_ABS);
+	deadline = stimer_add_delta(ktime_now, stimer->count - time_now);
+	hrtimer_start(&stimer->timer, deadline, HRTIMER_MODE_ABS);
+
 	return 0;
 }

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
error: corrupt patch at line 56



Tested on:

commit:         ddd664bb Merge tag 'net-7.1-rc7' of git://git.kernel.o..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=f7a09bf3b9133d9d
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17ab8f2e580000

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
error: corrupt patch at line 56



Tested on:

commit:         ddd664bb Merge tag 'net-7.1-rc7' of git://git.kernel.o..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=f7a09bf3b9133d9d
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13d0fdd2580000

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[Hillf Danton]

> Date: Fri, 26 Dec 2025 19:34:18 -0800	[thread overview]
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    cc3aa43b44bd Add linux-next specific files for 20251219
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1252109a580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=f7a09bf3b9133d9d
> dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14eb1022580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13cc18fc580000

#syz test

--- x/arch/x86/kvm/hyperv.c
+++ y/arch/x86/kvm/hyperv.c
@@ -657,10 +657,8 @@ static int stimer_start(struct kvm_vcpu_
 					stimer->index,
 					time_now, stimer->exp_time);
 
-		hrtimer_start(&stimer->timer,
-			      ktime_add_ns(ktime_now,
-					   100 * (stimer->exp_time - time_now)),
-			      HRTIMER_MODE_ABS);
+		hrtimer_forward_now(&stimer->timer,
+				    ns_to_ktime(100 * (stimer->exp_time - time_now)));
 		return 0;
 	}
 	stimer->exp_time = stimer->count;
@@ -679,9 +677,7 @@ static int stimer_start(struct kvm_vcpu_
 					   stimer->index,
 					   time_now, stimer->count);
 
-	hrtimer_start(&stimer->timer,
-		      ktime_add_ns(ktime_now, 100 * (stimer->count - time_now)),
-		      HRTIMER_MODE_ABS);
+	hrtimer_forward_now(&stimer->timer, ns_to_ktime(100 * (stimer->count - time_now)));
 	return 0;
 }
 
--

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

  4.345006][    T1] ceph: loaded (mds proto 32)
[    4.367481][    T1] cryptd: max_cpu_qlen set to 1000
[    4.403262][    T1] NET: Registered PF_ALG protocol family
[    4.405387][    T1] async_tx: api initialized (async)
[    4.407031][    T1] Key type asymmetric registered
[    4.408147][    T1] Asymmetric key parser 'x509' registered
[    4.409548][    T1] Asymmetric key parser 'pkcs8' registered
[    4.411262][    T1] Key type pkcs7_test registered
[    4.413661][    T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239)
[    4.417109][    T1] io scheduler mq-deadline registered
[    4.418835][    T1] io scheduler kyber registered
[    4.420174][    T1] io scheduler bfq registered
[    4.438274][  T153] kworker/u8:3 (153) used greatest stack depth: 26552 bytes left
[    4.444898][    T1] input: Power Button as /devices/platform/LNXPWRBN:00/input/input0
[    4.449932][    T1] ACPI: button: Power Button [PWRF]
[    4.454623][    T1] input: Sleep Button as /devices/platform/LNXSLPBN:00/input/input1
[    4.458312][    T1] ACPI: button: Sleep Button [SLPF]
[    4.483125][    T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[    4.529887][    T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[    4.531145][    T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[    4.577964][    T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[    4.579194][    T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[    4.624039][    T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[    4.625454][    T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[    4.656998][    T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[    4.900220][  T348] kworker/u8:4 (348) used greatest stack depth: 26504 bytes left
[    5.424394][    T1] N_HDLC line discipline registered with maxframe=4096
[    5.427436][    T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[    5.447213][    T1] 00:02: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    5.475555][    T1] 00:03: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[    5.496265][    T1] 00:04: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[    5.515225][    T1] 00:05: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[    5.548169][    T1] Non-volatile memory driver v1.3
[    5.574910][    T1] usbcore: registered new interface driver xillyusb
[    5.581624][    T1] ACPI: bus type drm_connector registered
[    5.591822][    T1] [drm] Initialized vgem 1.0.0 for vgem on minor 0
[    5.610935][    T1] [drm] Initialized vkms 1.0.0 for vkms on minor 1
[    5.751709][    T1] Console: switching to colour frame buffer device 128x48
[    5.833339][    T1] faux_driver vkms: [drm] fb0: vkmsdrmfb frame buffer device
[    5.836609][    T1] usbcore: registered new interface driver udl
[    5.844919][    T1] usbcore: registered new interface driver gm12u320
[    5.846877][    T1] usbcore: registered new interface driver gud
[    5.987040][    T1] brd: module loaded
[    6.344073][    T1] loop: module loaded
[    6.607970][  T954] kworker/u8:6 (954) used greatest stack depth: 25896 bytes left
[    6.679111][    T1] zram: Added device: zram0
[    6.706095][    T1] null_blk: disk nullb0 created
[    6.711191][    T1] null_blk: module loaded
[    6.715539][    T1] rnull_mod: Rust null_blk loaded
[    6.725205][    T1] Guest personality initialized and is inactive
[    6.733736][    T1] VMCI host device registered (name=vmci, major=10, minor=266)
[    6.741861][    T1] Initialized host personality
[    6.748191][    T1] usbcore: registered new interface driver rtsx_usb
[    6.760603][    T1] usbcore: registered new interface driver viperboard
[    6.770242][    T1] usbcore: registered new interface driver dln2
[    6.779712][    T1] usbcore: registered new interface driver pn533_usb
[    6.796211][    T1] nfcsim 0.2 initialized
[    6.801484][    T1] usbcore: registered new interface driver port100
[    6.810273][    T1] usbcore: registered new interface driver nfcmrvl
[    6.832841][    T1] Loading iSCSI transport class v2.0-870.
[    6.862030][    T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues
[    6.890608][    T1] scsi host0: Virtio SCSI HBA
[    6.896662][    T1] blk-mq: reduced tag depth to 10240
[    7.107338][    T1] st: Version 20160209, fixed bufsize 32768, s/g segs 256
[    7.127307][   T57] scsi 0:0:1:0: Direct-Access     Google   PersistentDisk   1    PQ: 0 ANSI: 6
[    7.154202][    T1] ------------[ cut here ]------------
[    7.160329][    T1] workqueue: nvme_tcp_wq is using neither WQ_PERCPU or WQ_UNBOUND. Setting WQ_PERCPU.
[    7.170094][    T1] WARNING: kernel/workqueue.c:5856 at __alloc_workqueue+0x1994/0x1cf0, CPU#0: swapper/0/1
[    7.180068][    T1] Modules linked in:
[    7.184027][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[    7.193102][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[    7.203500][    T1] RIP: 0010:__alloc_workqueue+0x1999/0x1cf0
[    7.209644][    T1] Code: e9 46 ef ff ff e8 c7 16 38 00 e9 9f fc ff ff e8 bd 16 38 00 e9 30 fd ff ff e8 b3 16 38 00 48 8d 3d 1c d8 7d 0e 48 8b 74 24 20 <67> 48 0f b9 3a 41 81 cf 00 01 00 00 e9 f7 e8 ff ff e8 91 16 38 00
[    7.230320][    T1] RSP: 0000:ffffc900000677a8 EFLAGS: 00010293
[    7.236532][    T1] RAX: ffffffff818d2a8d RBX: 0000000000000000 RCX: ffff88801daedd00
[    7.244726][    T1] RDX: 0000000000000000 RSI: ffff8880270b6170 RDI: ffffffff900b02b0
[    7.254397][    T1] RBP: ffffffff8c379240 R08: ffff88801daedd00 R09: 0000000000000002
[    7.262441][    T1] R10: 0000000000000102 R11: 0000000000000000 R12: dffffc0000000000
[    7.270814][    T1] R13: ffffc900000678c0 R14: ffff8880270b6000 R15: 0000000000000058
[    7.279041][    T1] FS:  0000000000000000(0000) GS:ffff8881254f4000(0000) knlGS:0000000000000000
[    7.288031][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.294621][    T1] CR2: ffff88823ffff000 CR3: 000000000e53e000 CR4: 00000000003526f0
[    7.302652][    T1] Call Trace:
[    7.305961][    T1]  <TASK>
[    7.308904][    T1]  ? do_raw_spin_lock+0x12b/0x2f0
[    7.313950][    T1]  alloc_workqueue_noprof+0xe3/0x210
[    7.319304][    T1]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[    7.325207][    T1]  ? add_device_randomness+0xc5/0x110
[    7.331134][    T1]  ? __pfx_add_device_randomness+0x10/0x10
[    7.337091][    T1]  ? __pfx_nvme_fc_init_module+0x10/0x10
[    7.342915][    T1]  ? __pfx_nvme_tcp_init_module+0x10/0x10
[    7.348707][    T1]  nvme_tcp_init_module+0x27/0x100
[    7.353921][    T1]  do_one_initcall+0x250/0x870
[    7.358983][    T1]  ? __pfx_nvme_tcp_init_module+0x10/0x10
[    7.364733][    T1]  ? __pfx_do_one_initcall+0x10/0x10
[    7.370175][    T1]  ? ktime_get+0x45/0x220
[    7.374610][    T1]  ? ktime_get+0x1f5/0x220
[    7.379101][    T1]  ? __pfx___schedule+0x10/0x10
[    7.384151][    T1]  ? clockevents_program_event+0x491/0x630
[    7.390074][    T1]  ? __pfx_clockevents_program_event+0x10/0x10
[    7.396384][    T1]  ? irqentry_exit+0x218/0x760
[    7.401331][    T1]  ? lockdep_hardirqs_on+0x7a/0x110
[    7.406854][    T1]  ? irqentry_exit+0x218/0x760
[    7.411648][    T1]  ? trace_irq_disable+0x3b/0x140
[    7.416940][    T1]  ? next_arg+0x498/0x5e0
[    7.421299][    T1]  ? parameq+0x14d/0x170
[    7.425559][    T1]  ? parse_args+0x9fc/0xb00
[    7.430132][    T1]  ? trace_kmalloc+0x2a/0xf0
[    7.434829][    T1]  ? rcu_is_watching+0x15/0xb0
[    7.439674][    T1]  do_initcall_level+0x104/0x190
[    7.444644][    T1]  ? kernel_init+0x1d/0x1d0
[    7.449217][    T1]  do_initcalls+0x59/0xa0
[    7.453648][    T1]  kernel_init_freeable+0x2a6/0x3e0
[    7.459860][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.464820][    T1]  kernel_init+0x1d/0x1d0
[    7.469306][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.474438][    T1]  ret_from_fork+0x514/0xb70
[    7.479092][    T1]  ? __pfx_ret_from_fork+0x10/0x10
[    7.484220][    T1]  ? __switch_to+0xc79/0x1410
[    7.488968][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.494014][    T1]  ret_from_fork_asm+0x1a/0x30
[    7.498839][    T1]  </TASK>
[    7.501873][    T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[    7.508790][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[    7.508790][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[    7.508790][    T1] Call Trace:
[    7.508790][    T1]  <TASK>
[    7.508790][    T1]  vpanic+0x56c/0xa60
[    7.508790][    T1]  ? __pfx__printk+0x10/0x10
[    7.508790][    T1]  ? __pfx_vpanic+0x10/0x10
[    7.508790][    T1]  ? is_bpf_text_address+0x292/0x2b0
[    7.508790][    T1]  ? is_bpf_text_address+0x26/0x2b0
[    7.508790][    T1]  panic+0xc5/0xd0
[    7.508790][    T1]  ? __pfx_panic+0x10/0x10
[    7.508790][    T1]  ? ret_from_fork_asm+0x1a/0x30
[    7.508790][    T1]  __warn+0x315/0x4c0
[    7.508790][    T1]  ? __alloc_workqueue+0x1994/0x1cf0
[    7.508790][    T1]  ? __alloc_workqueue+0x1994/0x1cf0
[    7.508790][    T1]  __report_bug+0x339/0x540
[    7.508790][    T1]  ? kernel_init+0x1d/0x1d0
[    7.508790][    T1]  ? ret_from_fork+0x514/0xb70
[    7.508790][    T1]  ? ret_from_fork_asm+0x1a/0x30
[    7.605760][    T1]  ? __alloc_workqueue+0x1994/0x1cf0
[    7.605760][    T1]  ? __pfx___report_bug+0x10/0x10
[    7.605760][    T1]  report_bug_entry+0x19a/0x290
[    7.605760][    T1]  ? __alloc_workqueue+0x1999/0x1cf0
[    7.605760][    T1]  ? __alloc_workqueue+0x199e/0x1cf0
[    7.605760][    T1]  handle_bug+0xce/0x200
[    7.605760][    T1]  exc_invalid_op+0x1a/0x50
[    7.605760][    T1]  asm_exc_invalid_op+0x1a/0x20
[    7.605760][    T1] RIP: 0010:__alloc_workqueue+0x1999/0x1cf0
[    7.605760][    T1] Code: e9 46 ef ff ff e8 c7 16 38 00 e9 9f fc ff ff e8 bd 16 38 00 e9 30 fd ff ff e8 b3 16 38 00 48 8d 3d 1c d8 7d 0e 48 8b 74 24 20 <67> 48 0f b9 3a 41 81 cf 00 01 00 00 e9 f7 e8 ff ff e8 91 16 38 00
[    7.605760][    T1] RSP: 0000:ffffc900000677a8 EFLAGS: 00010293
[    7.605760][    T1] RAX: ffffffff818d2a8d RBX: 0000000000000000 RCX: ffff88801daedd00
[    7.605760][    T1] RDX: 0000000000000000 RSI: ffff8880270b6170 RDI: ffffffff900b02b0
[    7.605760][    T1] RBP: ffffffff8c379240 R08: ffff88801daedd00 R09: 0000000000000002
[    7.605760][    T1] R10: 0000000000000102 R11: 0000000000000000 R12: dffffc0000000000
[    7.705788][    T1] R13: ffffc900000678c0 R14: ffff8880270b6000 R15: 0000000000000058
[    7.705788][    T1]  ? __alloc_workqueue+0x198d/0x1cf0
[    7.705788][    T1]  ? __alloc_workqueue+0x198d/0x1cf0
[    7.705788][    T1]  ? do_raw_spin_lock+0x12b/0x2f0
[    7.705788][    T1]  alloc_workqueue_noprof+0xe3/0x210
[    7.705788][    T1]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[    7.705788][    T1]  ? add_device_randomness+0xc5/0x110
[    7.705788][    T1]  ? __pfx_add_device_randomness+0x10/0x10
[    7.705788][    T1]  ? __pfx_nvme_fc_init_module+0x10/0x10
[    7.705788][    T1]  ? __pfx_nvme_tcp_init_module+0x10/0x10
[    7.705788][    T1]  nvme_tcp_init_module+0x27/0x100
[    7.705788][    T1]  do_one_initcall+0x250/0x870
[    7.705788][    T1]  ? __pfx_nvme_tcp_init_module+0x10/0x10
[    7.705788][    T1]  ? __pfx_do_one_initcall+0x10/0x10
[    7.705788][    T1]  ? ktime_get+0x45/0x220
[    7.705788][    T1]  ? ktime_get+0x1f5/0x220
[    7.705788][    T1]  ? __pfx___schedule+0x10/0x10
[    7.806065][    T1]  ? clockevents_program_event+0x491/0x630
[    7.806065][    T1]  ? __pfx_clockevents_program_event+0x10/0x10
[    7.806065][    T1]  ? irqentry_exit+0x218/0x760
[    7.806065][    T1]  ? lockdep_hardirqs_on+0x7a/0x110
[    7.806065][    T1]  ? irqentry_exit+0x218/0x760
[    7.806065][    T1]  ? trace_irq_disable+0x3b/0x140
[    7.806065][    T1]  ? next_arg+0x498/0x5e0
[    7.806065][    T1]  ? parameq+0x14d/0x170
[    7.806065][    T1]  ? parse_args+0x9fc/0xb00
[    7.806065][    T1]  ? trace_kmalloc+0x2a/0xf0
[    7.806065][    T1]  ? rcu_is_watching+0x15/0xb0
[    7.806065][    T1]  do_initcall_level+0x104/0x190
[    7.806065][    T1]  ? kernel_init+0x1d/0x1d0
[    7.806065][    T1]  do_initcalls+0x59/0xa0
[    7.806065][    T1]  kernel_init_freeable+0x2a6/0x3e0
[    7.806065][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.806065][    T1]  kernel_init+0x1d/0x1d0
[    7.806065][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.806065][    T1]  ret_from_fork+0x514/0xb70
[    7.806065][    T1]  ? __pfx_ret_from_fork+0x10/0x10
[    7.905740][    T1]  ? __switch_to+0xc79/0x1410
[    7.905740][    T1]  ? __pfx_kernel_init+0x10/0x10
[    7.905740][    T1]  ret_from_fork_asm+0x1a/0x30
[    7.905740][    T1]  </TASK>
[    7.905740][    T1] Kernel Offset: disabled
[    7.905740][    T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build138220988=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.26.0'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at d6526ea3e6a
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccWbRLbh.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=130bf3ec580000


Tested on:

commit:         6e845bcb Add linux-next specific files for 20260605
git tree:       linux-next
kernel config:  https://syzkaller.appspot.com/x/.config?x=8112d5f46200717e
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1272fdd2580000

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[Hillf Danton]

> Date: Fri, 26 Dec 2025 19:34:18 -0800	[thread overview]
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    cc3aa43b44bd Add linux-next specific files for 20251219
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1252109a580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=f7a09bf3b9133d9d
> dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14eb1022580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13cc18fc580000

#syz test

--- x/arch/x86/kvm/hyperv.c
+++ y/arch/x86/kvm/hyperv.c
@@ -657,10 +657,8 @@ static int stimer_start(struct kvm_vcpu_
 					stimer->index,
 					time_now, stimer->exp_time);
 
-		hrtimer_start(&stimer->timer,
-			      ktime_add_ns(ktime_now,
-					   100 * (stimer->exp_time - time_now)),
-			      HRTIMER_MODE_ABS);
+		hrtimer_forward_now(&stimer->timer,
+				    ns_to_ktime(100 * (stimer->exp_time - time_now)));
 		return 0;
 	}
 	stimer->exp_time = stimer->count;
@@ -679,9 +677,7 @@ static int stimer_start(struct kvm_vcpu_
 					   stimer->index,
 					   time_now, stimer->count);
 
-	hrtimer_start(&stimer->timer,
-		      ktime_add_ns(ktime_now, 100 * (stimer->count - time_now)),
-		      HRTIMER_MODE_ABS);
+	hrtimer_forward_now(&stimer->timer, ns_to_ktime(100 * (stimer->count - time_now)));
 	return 0;
 }
 
--- x/drivers/nvme/host/tcp.c
+++ y/drivers/nvme/host/tcp.c
@@ -3046,6 +3046,8 @@ static int __init nvme_tcp_init_module(v
 
 	if (wq_unbound)
 		wq_flags |= WQ_UNBOUND;
+	else
+		wq_flags |= WQ_PERCPU;
 
 	nvme_tcp_wq = alloc_workqueue("nvme_tcp_wq", wq_flags, 0);
 	if (!nvme_tcp_wq)
--

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
lost connection to test machine



Tested on:

commit:         6e845bcb Add linux-next specific files for 20260605
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1219fdd2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8112d5f46200717e
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=146bda86580000

Re: [syzbot] [kvm?] [kvm-x86?] INFO: rcu detected stall in kvm_vcpu_ioctl (4)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
lost connection to test machine



Tested on:

commit:         5a40f3f6 KVM: x86: hyper-v: Clamp stimer deadline to a..
git tree:       https://github.com/00xc/linux.git kvm/x86/hyperv-stimer-overflow
console output: https://syzkaller.appspot.com/x/log.txt?x=10354f2e580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=975c59d5c8924004
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5461510f8dc4adfe30
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8

Note: no patches were applied.