watchdog: BUG: soft lockup - CPU#1 stuck for 144s! [syz.3.25:6041] Modules linked in: irq event stamp: 13427755 hardirqs last enabled at (13427754): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:214 hardirqs last disabled at (13427755): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1052 softirqs last enabled at (10777886): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (10777886): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (10777886): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 softirqs last disabled at (10777889): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (10777889): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (10777889): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 CPU: 1 UID: 0 PID: 6041 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5872 Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 db 3e ad 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e RSP: 0018:ffffc90000a07dd8 EFLAGS: 00000206 RAX: eddab334c44e4000 RBX: 0000000000000000 RCX: eddab334c44e4000 RDX: 0000000000000000 RSI: ffffffff8d6f525f RDI: ffffffff8b9eea60 RBP: ffffffff81725d45 R08: 0000000000000000 R09: ffffffff81725d45 R10: ffffc90000a07a48 R11: fffff52000140f4b R12: 0000000000000002 R13: ffffffff8dd3b160 R14: 0000000000000000 R15: 0000000000000246 FS: 00007fef9c6986c0(0000) GS:ffff88812648a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fef9c676f98 CR3: 0000000077f10000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1169 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 __call_rcu_common kernel/rcu/tree.c:3123 [inline] call_rcu+0x157/0x9c0 kernel/rcu/tree.c:3243 refdst_drop include/net/dst.h:266 [inline] skb_dst_drop include/net/dst.h:278 [inline] __dev_queue_xmit+0x85c/0x3b50 net/core/dev.c:4718 dev_queue_xmit include/linux/netdevice.h:3365 [inline] neigh_hh_output include/net/neighbour.h:531 [inline] neigh_output include/net/neighbour.h:545 [inline] ip6_finish_output2+0xf70/0x1480 net/ipv6/ip6_output.c:136 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x283/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194 Code: 74 05 e8 ab d3 8e f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 53 5d 57 f6 65 8b 05 3c fd 11 07 85 c0 74 40 48 c7 04 24 0e 36 RSP: 0018:ffffc9000baa71a0 EFLAGS: 00000206 RAX: eddab334c44e4000 RBX: 0000000000000246 RCX: eddab334c44e4000 RDX: 0000000000000007 RSI: ffffffff8d512c0f RDI: 0000000000000001 RBP: ffffc9000baa7230 R08: ffffffff8f5bed37 R09: 1ffffffff1eb7da6 R10: dffffc0000000000 R11: fffffbfff1eb7da7 R12: dffffc0000000000 R13: ffffffff8dd40480 R14: ffffffff8dd40480 R15: 1ffff92001754e34 rcu_preempt_deferred_qs_irqrestore+0x89c/0xce0 kernel/rcu/tree_plugin.h:-1 rcu_read_unlock_special+0x3a2/0x4b0 kernel/rcu/tree_plugin.h:773 __rcu_read_unlock+0x84/0xe0 kernel/rcu/tree_plugin.h:438 rcu_read_unlock include/linux/rcupdate.h:873 [inline] class_rcu_destructor include/linux/rcupdate.h:1169 [inline] unwind_next_frame+0x19ae/0x2390 arch/x86/kernel/unwind_orc.c:680 __unwind_start+0x5b9/0x760 arch/x86/kernel/unwind_orc.c:758 unwind_start arch/x86/include/asm/unwind.h:64 [inline] arch_stack_walk+0xe4/0x150 arch/x86/kernel/stacktrace.c:24 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 poison_kmalloc_redzone mm/kasan/common.c:400 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417 kasan_kmalloc include/linux/kasan.h:262 [inline] __do_kmalloc_node mm/slub.c:5603 [inline] __kmalloc_noprof+0x411/0x7f0 mm/slub.c:5615 kmalloc_noprof include/linux/slab.h:961 [inline] tomoyo_realpath_from_path+0xe3/0x5d0 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_number_perm+0x1e8/0x5a0 security/tomoyo/file.c:723 tomoyo_path_mkdir+0xa8/0xe0 security/tomoyo/tomoyo.c:179 security_path_mkdir+0x171/0x380 security/security.c:1971 do_mkdirat+0x1bd/0x590 fs/namei.c:4483 __do_sys_mkdir fs/namei.c:4508 [inline] __se_sys_mkdir fs/namei.c:4506 [inline] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4506 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fef9b78eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fef9c698038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007fef9b9e5fa0 RCX: 00007fef9b78eec9 RDX: 0000000000000000 RSI: 000000000000018b RDI: 0000200000001a80 RBP: 00007fef9b811f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fef9b9e6038 R14: 00007fef9b9e5fa0 R15: 00007ffd3a492de8 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 6035 Comm: syz.2.22 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:109 [inline] RIP: 0010:tracing_gen_ctx include/linux/trace_events.h:206 [inline] RIP: 0010:perf_trace_buf_update+0x7a/0x220 kernel/trace/trace_event_perf.c:429 Code: f0 1c c8 81 4c 8d 6c 24 20 49 c1 ed 03 48 b8 f1 f1 f1 f1 00 f3 f3 f3 4b 89 44 25 00 e8 ff 61 f6 ff 48 c7 44 24 40 00 00 00 00 <9c> 8f 44 24 40 be 00 02 00 00 45 31 ff 48 23 74 24 40 41 0f 94 c7 RSP: 0018:ffffc90000005f40 EFLAGS: 00000006 RAX: ffffffff81c81d61 RBX: ffffe8ffffc7aa88 RCX: ffff888060d31e40 RDX: 0000000000010100 RSI: 00000000000000ec RDI: ffffe8ffffc7aa88 RBP: ffffc90000005ff0 R08: ffffc900000061cf R09: 0000000000000000 R10: ffffc900000061c0 R11: fffff52000000c3a R12: dffffc0000000000 R13: 1ffff92000000bec R14: 00000000000000ec R15: dffffc0000000000 FS: 00007ff9044f76c0(0000) GS:ffff88812638a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000077e18000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: perf_tp_event+0xf6/0x1380 kernel/events/core.c:10998 perf_trace_run_bpf_submit+0xee/0x170 kernel/events/core.c:10936 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1169 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 unpoison_slab_object mm/kasan/common.c:342 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:368 kasan_slab_alloc include/linux/kasan.h:252 [inline] slab_post_alloc_hook mm/slub.c:4946 [inline] slab_alloc_node mm/slub.c:5245 [inline] kmem_cache_alloc_noprof+0x367/0x6e0 mm/slub.c:5252 kmem_alloc_batch lib/debugobjects.c:371 [inline] fill_pool+0x100/0x570 lib/debugobjects.c:403 debug_objects_fill_pool lib/debugobjects.c:725 [inline] debug_object_activate+0x383/0x420 lib/debugobjects.c:814 debug_hrtimer_activate kernel/time/hrtimer.c:438 [inline] debug_activate kernel/time/hrtimer.c:477 [inline] enqueue_hrtimer+0x30/0x3a0 kernel/time/hrtimer.c:1081 __run_hrtimer kernel/time/hrtimer.c:1794 [inline] __hrtimer_run_queues+0x656/0xc60 kernel/time/hrtimer.c:1841 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline] __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1058 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194 Code: 74 05 e8 ab d3 8e f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 53 5d 57 f6 65 8b 05 3c fd 11 07 85 c0 74 40 48 c7 04 24 0e 36 RSP: 0018:ffffc90000006ea0 EFLAGS: 00000206 RAX: 647f3e3b726b6800 RBX: 0000000000000a06 RCX: 647f3e3b726b6800 RDX: 0000000000000002 RSI: ffffffff8d512c0f RDI: 0000000000000001 RBP: ffffc90000006f20 R08: ffffffff8f5bed37 R09: 1ffffffff1eb7da6 R10: dffffc0000000000 R11: fffffbfff1eb7da7 R12: dffffc0000000000 R13: ffff88807d5df620 R14: ffffffff9983d748 R15: 1ffff92000000dd4 debug_object_activate+0x2e2/0x420 lib/debugobjects.c:836 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline] kvfree_call_rcu+0xc4/0x4c0 mm/slab_common.c:1986 cfg80211_update_known_bss+0x830/0x1590 net/wireless/scan.c:1944 __cfg80211_bss_update+0x147/0x2120 net/wireless/scan.c:1989 cfg80211_inform_single_bss_data+0xba9/0x1ac0 net/wireless/scan.c:2381 cfg80211_inform_bss_data+0x203/0x3b40 net/wireless/scan.c:3240 cfg80211_inform_bss_frame_data+0x3d7/0x730 net/wireless/scan.c:3331 ieee80211_bss_info_update+0x749/0x9e0 net/mac80211/scan.c:226 ieee80211_scan_rx+0x593/0xa20 net/mac80211/scan.c:355 __ieee80211_rx_handle_packet net/mac80211/rx.c:5194 [inline] ieee80211_rx_list+0x20d5/0x2b40 net/mac80211/rx.c:5447 ieee80211_rx_napi+0x1a8/0x3d0 net/mac80211/rx.c:5470 ieee80211_rx include/net/mac80211.h:5214 [inline] ieee80211_handle_queued_frames+0xe8/0x1f0 net/mac80211/main.c:453 tasklet_action_common+0x369/0x580 kernel/softirq.c:925 handle_softirqs+0x283/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5872 Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 db 3e ad 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e RSP: 0018:ffffc9000b99f118 EFLAGS: 00000206 RAX: 647f3e3b726b6800 RBX: 0000000000000000 RCX: 647f3e3b726b6800 RDX: 0000000000000000 RSI: ffffffff8d6f525f RDI: ffffffff8b9eea60 RBP: ffffffff81725d45 R08: 0000000000000000 R09: ffffffff81725d45 R10: ffffc9000b99ed88 R11: fffff52001733db3 R12: 0000000000000002 R13: ffffffff8dd3b160 R14: 0000000000000000 R15: 0000000000000246 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1169 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:56 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:559 __call_rcu_common kernel/rcu/tree.c:3123 [inline] call_rcu+0x157/0x9c0 kernel/rcu/tree.c:3243 context_switch kernel/sched/core.c:5328 [inline] __schedule+0x17a0/0x4cc0 kernel/sched/core.c:6929 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7256 irqentry_exit+0x6f/0x90 kernel/entry/common.c:211 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:sched_mm_cid_remote_clear_old kernel/sched/core.c:10726 [inline] RIP: 0010:task_mm_cid_work+0x510/0x760 kernel/sched/core.c:10783 Code: e4 29 00 00 48 c7 c2 40 3c 4a 8b e8 9a be 0b 00 e9 be fe ff ff 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 08 4c 89 ff e8 86 96 93 00 48 8b 44 24 10 49 89 07 e8 d9 47 a4 RSP: 0018:ffffc9000b99fae0 EFLAGS: 00000246 RAX: 1ffffd1ffff8e14b RBX: ffff888060d323d8 RCX: dffffc0000000000 RDX: 0000000000000001 RSI: ffffffff8d6f525f RDI: ffffffff8b9eea60 RBP: ffffc9000b99fbb0 R08: 0000000000000000 R09: ffffffff81908a8f R10: ffffc9000b99f6c8 R11: fffff52001733edb R12: 0000000000000000 R13: ffffffff81908a8f R14: ffff888060d33414 R15: ffffe8ffffc70a58 task_work_run+0x1d1/0x260 kernel/task_work.c:227 get_signal+0x11ec/0x1340 kernel/signal.c:2807 arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff90358eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff9044f70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007ff9037e5fa8 RCX: 00007ff90358eec9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff9037e5fa8 RBP: 00007ff9037e5fa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ff9037e6038 R14: 00007fffd22ce710 R15: 00007fffd22ce7f8