watchdog: BUG: soft lockup - CPU#1 stuck for 122s! [syz.0.2367:14495] Modules linked in: irq event stamp: 6244439 hardirqs last enabled at (6244438): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:214 hardirqs last disabled at (6244439): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1052 softirqs last enabled at (5783860): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (5783860): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (5783860): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 softirqs last disabled at (5783863): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (5783863): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (5783863): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 CPU: 1 UID: 0 PID: 14495 Comm: syz.0.2367 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:nf_hook include/linux/netfilter.h:248 [inline] RIP: 0010:NF_HOOK include/linux/netfilter.h:316 [inline] RIP: 0010:ndisc_send_skb+0x1328/0x1510 net/ipv6/ndisc.c:512 Code: 18 48 8d 98 c8 12 00 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 8b eb 27 f8 48 8b 1b a3 aa 48 01 41 89 c4 31 ff 89 c6 e8 c7 dc c1 f7 45 85 e4 74 21 RSP: 0018:ffffc90000a088e0 EFLAGS: 00000246 RAX: 1ffff11004f9c259 RBX: ffff888032563900 RCX: dffffc0000000000 RDX: 0000000000000100 RSI: ffffffff8bbf0e40 RDI: ffffffff8bbf0e00 RBP: ffffc90000a08ab0 R08: 0000000000000000 R09: ffffffff89fe1ce4 R10: dffffc0000000000 R11: fffff91ffff77605 R12: ffff888027ce0000 R13: ffff88802486c000 R14: ffff88801af9c000 R15: ffffc90000a08980 FS: 00007f662104a6c0(0000) GS:ffff888126238000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0b80fb2698 CR3: 0000000040e14000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:perf_trace_buf_alloc+0x67/0x2a0 kernel/trace/trace_event_perf.c:410 Code: e8 9e 5d f6 ff 45 31 f6 e9 8b 01 00 00 49 bd 00 00 00 00 00 fc ff df e8 47 6b 27 00 89 c5 4c 89 f8 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 a7 01 00 00 41 89 2f 31 ff 89 ee e8 a5 61 f6 ff 85 ed RSP: 0018:ffffc90004e37420 EFLAGS: 00000a06 RAX: 0000000000000004 RBX: 000000000000002c RCX: 0000000000080000 RDX: ffffc90020605000 RSI: 0000000000003f78 RDI: 0000000000003f79 RBP: 00000000ffffffff R08: 0000000000000002 R09: 0000000000000000 R10: dffffc0000000000 R11: fffff91ffff76c05 R12: 1ffff920009c6e94 R13: dffffc0000000000 R14: ffffc90004e374c0 R15: ffffc90004e374e0 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x196/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] trace_call_bpf+0xe8/0xb50 kernel/trace/bpf_trace.c:-1 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10931 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x2f8/0x3b0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5879 might_alloc include/linux/sched/mm.h:319 [inline] slab_pre_alloc_hook mm/slub.c:4929 [inline] slab_alloc_node mm/slub.c:5264 [inline] kmem_cache_alloc_noprof+0x4c/0x6e0 mm/slub.c:5295 lsm_file_alloc security/security.c:739 [inline] security_file_alloc+0x34/0x330 security/security.c:2927 init_file+0x93/0x2f0 fs/file_table.c:159 alloc_empty_file+0x6e/0x1d0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0x13d/0x210 fs/file_table.c:383 __anon_inode_getfile fs/anon_inodes.c:166 [inline] anon_inode_getfile+0xc5/0x1a0 fs/anon_inodes.c:204 bpf_link_prime+0xfc/0x220 kernel/bpf/syscall.c:3455 bpf_raw_tp_link_attach+0x49a/0x6c0 kernel/bpf/syscall.c:4266 bpf_raw_tracepoint_open+0x1b2/0x220 kernel/bpf/syscall.c:4303 __sys_bpf+0x73e/0x860 kernel/bpf/syscall.c:6213 __do_sys_bpf kernel/bpf/syscall.c:6281 [inline] __se_sys_bpf kernel/bpf/syscall.c:6279 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6279 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f662018f6c9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f662104a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f66203e5fa0 RCX: 00007f662018f6c9 RDX: 0000000000000010 RSI: 00002000000004c0 RDI: 0000000000000011 RBP: 00007f6620211f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f66203e6038 R14: 00007f66203e5fa0 R15: 00007ffcea94d948 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 14497 Comm: syz.9.2368 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline] RIP: 0010:write_comp_data kernel/kcov.c:246 [inline] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x20/0x90 kernel/kcov.c:321 Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 80 6e 92 65 8b 15 78 74 ae 10 81 e2 00 01 ff 00 74 11 <81> fa 00 01 00 00 75 57 83 b9 7c 16 00 00 00 74 4e 8b 91 58 16 00 RSP: 0018:ffffc90000006108 EFLAGS: 00000006 RAX: ffffffff81f114d7 RBX: 0000000000010103 RCX: ffff8880796b5ac0 RDX: 0000000000010100 RSI: 0000000000010000 RDI: 0000000000000000 RBP: ffffc90000006200 R08: 0000000000000000 R09: ffffffff81cb73e7 R10: dffffc0000000000 R11: fffff91ffff58005 R12: 1ffff92000000c01 R13: dffffc0000000000 R14: ffff8880796b5ac0 R15: dffffc0000000000 FS: 00007f0ee3f456c0(0000) GS:ffff888126138000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00002000000b1000 CR3: 0000000057060000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: interrupt_context_level include/linux/preempt.h:96 [inline] get_recursion_context kernel/events/internal.h:215 [inline] perf_swevent_get_recursion_context+0x57/0x100 kernel/events/core.c:10617 perf_trace_buf_alloc+0x59/0x2a0 kernel/trace/trace_event_perf.c:410 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x18d/0x3b0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5879 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock+0x93/0xa0 include/linux/rcupdate.h:897 trace_call_bpf+0x9f1/0xb50 kernel/trace/bpf_trace.c:124 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10931 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] __perf_event_output kernel/events/core.c:8493 [inline] perf_event_output_forward+0xb0/0x430 kernel/events/core.c:8516 __perf_event_overflow+0x830/0xe40 kernel/events/core.c:10392 perf_swevent_hrtimer+0x3fc/0x570 kernel/events/core.c:11787 __run_hrtimer kernel/time/hrtimer.c:1777 [inline] __hrtimer_run_queues+0x4e0/0xc60 kernel/time/hrtimer.c:1841 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline] __sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1058 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:__xfrm_check_nopolicy include/net/xfrm.h:1251 [inline] RIP: 0010:__xfrm_policy_check2 include/net/xfrm.h:1298 [inline] RIP: 0010:xfrm_policy_check include/net/xfrm.h:1305 [inline] RIP: 0010:xfrm4_policy_check+0x36a/0x6c0 include/net/xfrm.h:1310 Code: fe f7 48 8b 44 24 10 4c 8d a0 98 15 00 00 4c 89 e0 48 c1 e8 03 0f b6 04 18 84 c0 4c 8b 6c 24 08 0f 85 ad 01 00 00 41 8b 2c 24 <31> ff 89 ee e8 5d 31 fe f7 85 ed 74 0a e8 14 2d fe f7 e9 de 00 00 RSP: 0018:ffffc90000006e68 EFLAGS: 00000246 RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff8880796b5ac0 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000000dc8 R12: ffffffff99cc1d58 R13: ffff8880389a2500 R14: ffff888024039980 R15: 1ffff110071344af tcp_v4_rcv+0x1cf1/0x2f20 net/ipv4/tcp_ipv4.c:2342 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:239 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 dst_input include/net/dst.h:474 [inline] ip_sublist_rcv_finish+0x221/0x2a0 net/ipv4/ip_input.c:584 ip_list_rcv_finish net/ipv4/ip_input.c:636 [inline] ip_sublist_rcv+0x74c/0xa10 net/ipv4/ip_input.c:644 ip_list_rcv+0x3e2/0x430 net/ipv4/ip_input.c:678 __netif_receive_skb_list_ptype net/core/dev.c:6122 [inline] __netif_receive_skb_list_core+0x7d2/0x800 net/core/dev.c:6169 __netif_receive_skb_list net/core/dev.c:6221 [inline] netif_receive_skb_list_internal+0x96f/0xcb0 net/core/dev.c:6312 gro_normal_list include/net/gro.h:524 [inline] gro_flush_normal include/net/gro.h:532 [inline] napi_complete_done+0x2f2/0x7c0 net/core/dev.c:6681 virtqueue_napi_complete drivers/net/virtio_net.c:766 [inline] virtnet_poll+0x23cb/0x2db0 drivers/net/virtio_net.c:3134 __napi_poll+0xc7/0x360 net/core/dev.c:7594 napi_poll net/core/dev.c:7657 [inline] net_rx_action+0x5f7/0xdf0 net/core/dev.c:7784 handle_softirqs+0x286/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_lock_acquire include/linux/rcupdate.h:331 [inline] RIP: 0010:rcu_read_lock include/linux/rcupdate.h:867 [inline] RIP: 0010:trace_call_bpf+0xd2/0xb50 kernel/trace/bpf_trace.c:-1 Code: 00 00 65 0f c1 1d 3e 21 a4 10 31 ff 89 de e8 25 97 f4 ff e8 40 98 db ff 48 8d 05 00 00 00 00 48 c7 c7 e0 d6 f3 8d 31 f6 31 d2 02 00 00 00 45 31 c0 45 31 c9 48 89 44 24 78 50 e8 78 e0 d1 ff RSP: 0018:ffffc90004ef7000 EFLAGS: 00000246 RAX: ffffffff81cb73e7 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8df3d6e0 RBP: ffffc90004ef7118 R08: 0000000000000001 R09: ffff8880b8832970 R10: dffffc0000000000 R11: fffff91ffff56c05 R12: ffffe8ffffab6000 R13: dffffc0000000000 R14: ffff8880b8832970 R15: ffffffff8de0c2c0 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10931 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x2f8/0x3b0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5879 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] count_memcg_events_mm include/linux/memcontrol.h:995 [inline] count_memcg_event_mm+0x1fe/0x260 include/linux/memcontrol.h:1001 mm_account_fault mm/memory.c:6370 [inline] handle_mm_fault+0x50f/0x8e0 mm/memory.c:6531 do_user_addr_fault+0x764/0x1380 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74 Code: 2e 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 0f 2e 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 RSP: 0018:ffffc90004ef7538 EFLAGS: 00050206 RAX: ffffffff84879a01 RBX: ffff888041138000 RCX: 0000000000007093 RDX: 0000000000000001 RSI: 00002000000b1000 RDI: ffff888041138f52 RBP: ffffc90004ef76b0 R08: ffff88804113ffe4 R09: 1ffff11008227ffc R10: dffffc0000000000 R11: ffffed1008227ffd R12: 1ffff920009defbf R13: 00002000000b00ae R14: ffffc90004ef7e08 R15: 0000000000007fe5 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline] copy_from_user_iter lib/iov_iter.c:55 [inline] iterate_ubuf include/linux/iov_iter.h:30 [inline] iterate_and_advance2 include/linux/iov_iter.h:302 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] __copy_from_iter lib/iov_iter.c:249 [inline] _copy_from_iter+0x24f/0x1790 lib/iov_iter.c:260 copy_from_iter include/linux/uio.h:228 [inline] copy_from_iter_full include/linux/uio.h:245 [inline] skb_do_copy_data_nocache include/net/sock.h:2269 [inline] skb_copy_to_page_nocache include/net/sock.h:2295 [inline] tcp_sendmsg_locked+0x2347/0x5540 net/ipv4/tcp.c:1272 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1413 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x19c/0x270 net/socket.c:742 ____sys_sendmsg+0x505/0x830 net/socket.c:2630 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684 __sys_sendmsg net/socket.c:2716 [inline] __do_sys_sendmsg net/socket.c:2721 [inline] __se_sys_sendmsg net/socket.c:2719 [inline] __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0ee318f6c9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0ee3f45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f0ee33e5fa0 RCX: 00007f0ee318f6c9 RDX: 00000000000052cc RSI: 0000200000000040 RDI: 0000000000000007 RBP: 00007f0ee3211f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0ee33e6038 R14: 00007f0ee33e5fa0 R15: 00007ffda10d6a28