syzbot

RBP: 00007fa1eff36c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa1f011a038 R14: 00007fa1f0119fa0 R15: 00007fff9a8117a8
watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.1.279:1402]
Modules linked in:
CPU: 1 PID: 1402 Comm: syz.1.279 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline]
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline]
RIP: 0010:kvm_wait+0xce/0x130 arch/x86/kernel/kvm.c:926
Code: 38 f0 75 26 41 f7 c4 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d 33 1e b8 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d 24 1e b8 03 fb f4 <4c> 89 64 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 4b c7 04
RSP: 0018:ffffc900010ae300 EFLAGS: 00000246
RAX: 0000000000000003 RBX: ffff888124f5acc0 RCX: ffffffff814bebea
RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888124f5acc0
RBP: ffffc900010ae3b0 R08: ffff888124f5acc0 R09: 1ffff110249eb598
R10: dffffc0000000000 R11: ffffed10249eb599 R12: 0000000000000246
R13: 1ffff110249eb598 R14: dffffc0000000000 R15: 1ffff92000215c64
FS:  00007fa1ee8fb6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c28aa60 CR3: 0000000112309000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 pv_wait arch/x86/include/asm/paravirt.h:564 [inline]
 pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
 __pv_queued_spin_lock_slowpath+0x714/0xb70 kernel/locking/qspinlock.c:508
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
 queued_spin_lock_slowpath+0x47/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock include/linux/spinlock.h:184 [inline]
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0xe4/0xf0 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:355 [inline]
 __netif_tx_lock include/linux/netdevice.h:4277 [inline]
 sch_direct_xmit+0x16d/0x8d0 net/sched/sch_generic.c:337
 qdisc_restart net/sched/sch_generic.c:404 [inline]
 __qdisc_run+0xa4b/0x13b0 net/sched/sch_generic.c:412
 __dev_xmit_skb net/core/dev.c:3867 [inline]
 __dev_queue_xmit+0xdcb/0x2560 net/core/dev.c:4175
 dev_queue_xmit+0x17/0x20 net/core/dev.c:4256
 neigh_connected_output+0x432/0x460 net/core/neighbour.c:1538
 neigh_output include/net/neighbour.h:517 [inline]
 ip6_finish_output2+0xef7/0x1560 net/ipv6/ip6_output.c:130
 __ip6_finish_output+0x5ff/0x790 net/ipv6/ip6_output.c:201
 ip6_finish_output+0x33/0x1f0 net/ipv6/ip6_output.c:211
 NF_HOOK_COND include/linux/netfilter.h:288 [inline]
 ip6_output+0x1fa/0x420 net/ipv6/ip6_output.c:234
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0x1fe/0x3d0 net/ipv6/output_core.c:161
 ip6_send_skb net/ipv6/ip6_output.c:1942 [inline]
 ip6_push_pending_frames+0x142/0x280 net/ipv6/ip6_output.c:1963
 icmpv6_push_pending_frames+0x29f/0x440 net/ipv6/icmp.c:310
 icmp6_send+0x122d/0x1830 net/ipv6/icmp.c:629
 __icmpv6_send include/linux/icmpv6.h:28 [inline]
 icmpv6_send include/linux/icmpv6.h:49 [inline]
 ip6_link_failure+0x36/0x190 net/ipv6/route.c:2666
 dst_link_failure include/net/dst.h:421 [inline]
 vti6_xmit net/ipv6/ip6_vti.c:545 [inline]
 vti6_tnl_xmit+0xe3d/0x1620 net/ipv6/ip6_vti.c:584
 __netdev_start_xmit include/linux/netdevice.h:4864 [inline]
 netdev_start_xmit include/linux/netdevice.h:4878 [inline]
 generic_xdp_tx+0x227/0x470 net/core/dev.c:4806
 dev_map_generic_redirect+0x139/0x1d0 kernel/bpf/devmap.c:526
 xdp_do_generic_redirect_map net/core/filter.c:4100 [inline]
 xdp_do_generic_redirect+0x363/0x800 net/core/filter.c:4133
 do_xdp_generic+0xd0a/0x1460 net/core/dev.c:4830
 __netif_receive_skb_core+0x1349/0x3080 net/core/dev.c:5236
 __netif_receive_skb_one_core net/core/dev.c:5413 [inline]
 __netif_receive_skb+0x72/0x280 net/core/dev.c:5529
 netif_receive_skb_internal net/core/dev.c:5634 [inline]
 netif_receive_skb+0x9b/0x3f0 net/core/dev.c:5693
 tun_rx_batched+0x5f6/0x730 drivers/net/tun.c:-1
 tun_get_user+0x277a/0x3270 drivers/net/tun.c:2026
 tun_chr_write_iter+0x1bf/0x270 drivers/net/tun.c:2059
 call_write_iter include/linux/fs.h:2066 [inline]
 new_sync_write fs/read_write.c:518 [inline]
 vfs_write+0x758/0xdc0 fs/read_write.c:605
 ksys_write+0x149/0x250 fs/read_write.c:658
 __do_sys_write fs/read_write.c:670 [inline]
 __se_sys_write fs/read_write.c:667 [inline]
 __x64_sys_write+0x7b/0x90 fs/read_write.c:667
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa1efe6104e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fa1ee8fafb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fa1ee8fb6c0 RCX: 00007fa1efe6104e
RDX: 000000000000004a RSI: 00002000000002c0 RDI: 00000000000000c8
RBP: 00007fa1eff36c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa1f011a038 R14: 00007fa1f0119fa0 R15: 00007fff9a8117a8
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle+0x12/0x20 arch/x86/kernel/process.c:717