watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [syz.3.46:6122] Modules linked in: irq event stamp: 13349409 hardirqs last enabled at (13349408): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:310 hardirqs last disabled at (13349409): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1050 softirqs last enabled at (13347716): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last enabled at (13347716): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last enabled at (13347716): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 softirqs last disabled at (13347719): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (13347719): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (13347719): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 CPU: 1 UID: 0 PID: 6122 Comm: syz.3.46 Not tainted 6.16.0-rc4-syzkaller-gbf4807c89d8f #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194 Code: 74 05 e8 5b 35 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 e3 1e 1f f6 65 8b 05 9c 5a 2e 07 85 c0 74 40 48 c7 04 24 0e 36 RSP: 0018:ffffc90000a08a60 EFLAGS: 00000206 RAX: 88b57336c5c86000 RBX: 0000000000000a02 RCX: 88b57336c5c86000 RDX: 0000000000000002 RSI: ffffffff8d996a93 RDI: 0000000000000001 RBP: ffffc90000a08af0 R08: ffffffff8fa1d6f7 R09: 1ffffffff1f43ade R10: dffffc0000000000 R11: fffffbfff1f43adf R12: dffffc0000000000 R13: dffffc0000000000 R14: ffff8880b8725940 R15: 1ffff9200014114c FS: 00007fb6e3ff06c0(0000) GS:ffff888125d1f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f74ea972fe8 CR3: 0000000023f88000 CR4: 00000000003526f0 Call Trace: __mod_timer+0xb37/0xf30 kernel/time/timer.c:1139 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline] sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738 RIP: 0010:preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:7108 Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 5b 7f 20 f6 e8 56 97 57 f6 fb bf 01 00 00 00 1b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24 RSP: 0018:ffffc9000b947860 EFLAGS: 00000286 RAX: 88b57336c5c86000 RBX: 0000000000000000 RCX: 88b57336c5c86000 RDX: 0000000000000000 RSI: ffffffff8d996a93 RDI: 0000000000000001 RBP: ffffc9000b947910 R08: ffffffff8fa1d6f7 R09: 1ffffffff1f43ade R10: dffffc0000000000 R11: fffffbfff1f43adf R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92001728f0c irqentry_exit+0x6f/0x90 kernel/entry/common.c:307 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:filter_irq_stacks+0x78/0xa0 kernel/stacktrace.c:-1 Code: 81 0f 92 c2 84 d1 75 27 48 3d 50 f6 71 8b 0f 92 c1 48 3d 6b f6 71 8b 0f 93 c0 08 c8 74 11 48 ff c3 49 83 c7 08 49 39 dc 75 ae <44> 89 e3 eb 06 ff c3 eb 02 31 db 89 d8 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffffc9000b9479d8 EFLAGS: 00000246 RAX: ffffffff81000101 RBX: 000000000000000b RCX: 0000000000000001 RDX: 0000000000000d01 RSI: 000000000000000b RDI: ffffc9000b947a80 RBP: ffffc9000b947ca8 R08: ffffc9000b9474d7 R09: 0000000000000000 R10: ffffc9000b9474c8 R11: fffff52001728e9b R12: 000000000000000b R13: dffffc0000000000 R14: ffffc9000b947a80 R15: ffffc9000b947ad8 stack_depot_save_flags+0x40/0x900 lib/stackdepot.c:610 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_save_track+0x4f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4148 [inline] slab_alloc_node mm/slub.c:4197 [inline] kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4204 lsm_inode_alloc security/security.c:755 [inline] security_inode_alloc+0x39/0x330 security/security.c:1697 inode_init_always_gfp+0x9ed/0xdc0 fs/inode.c:306 inode_init_always include/linux/fs.h:3281 [inline] alloc_inode+0x82/0x1b0 fs/inode.c:353 new_inode_pseudo include/linux/fs.h:3364 [inline] sock_alloc net/socket.c:622 [inline] __sock_create+0x12d/0x9f0 net/socket.c:1505 sock_create net/socket.c:1599 [inline] __sys_socket_create net/socket.c:1636 [inline] __sys_socket+0xd7/0x1b0 net/socket.c:1683 __do_sys_socket net/socket.c:1697 [inline] __se_sys_socket net/socket.c:1695 [inline] __x64_sys_socket+0x7a/0x90 net/socket.c:1695 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb6e318e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb6e3ff0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fb6e33b5fa0 RCX: 00007fb6e318e929 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d RBP: 00007fb6e3210b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fb6e33b5fa0 R15: 00007ffc1c3a0e38 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 6127 Comm: syz.4.47 Not tainted 6.16.0-rc4-syzkaller-gbf4807c89d8f #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:do_perf_trace_lock include/trace/events/lock.h:50 [inline] RIP: 0010:perf_trace_lock+0x2bb/0x3b0 include/trace/events/lock.h:50 Code: 17 4c 89 e0 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 ed 00 00 00 41 c6 04 24 00 48 83 c3 10 48 89 d8 48 c1 e8 03 42 80 3c 38 00 <74> 08 48 89 df e8 bb 58 86 00 48 8b 44 24 30 48 8b 7c 24 18 48 89 RSP: 0018:ffffc90000006c00 EFLAGS: 00000046 RAX: 1ffffd1ffff92202 RBX: ffffe8ffffc91010 RCX: ffffffff819d892a RDX: 0000000000000010 RSI: ffffffff8b8cf9a0 RDI: ffffe8ffffc91018 RBP: ffffc90000006ce8 R08: 3e2d735f5f5f5f26 R09: 746e756f63716573 R10: 3e2d735f5f5f5f26 R11: 746e756f63716573 R12: ffffe8ffffc91028 R13: 0000000000000011 R14: 000000000000002c R15: dffffc0000000000 FS: 00007fb6997f66c0(0000) GS:ffff888125c1f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcdff786618 CR3: 000000007e420000 CR4: 00000000003526f0 Call Trace: __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5882 seqcount_lockdep_reader_access+0xdc/0x1c0 include/linux/seqlock.h:73 ktime_get_update_offsets_now+0x60/0x3d0 kernel/time/timekeeping.c:2427 hrtimer_update_base kernel/time/hrtimer.c:640 [inline] hrtimer_interrupt+0x132/0xaa0 kernel/time/hrtimer.c:1869 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline] __sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1056 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_is_held_type+0x137/0x190 kernel/locking/lockdep.c:5948 Code: 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 05 29 e3 30 07 <48> 3b 44 24 08 75 43 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffffc900000070a8 EFLAGS: 00000206 RAX: 3049170cbcf4a900 RBX: 0000000000000000 RCX: 3049170cbcf4a900 RDX: 0000000000000100 RSI: ffffffff8db84369 RDI: ffffffff8be28f40 RBP: 00000000ffffffff R08: ffffc90000007400 R09: ffffc90000007410 R10: ffffc90000007260 R11: fffff52000000e4e R12: 0000000000000246 R13: ffff88802c665a00 R14: ffffffff8f51c108 R15: 0000000000000003 lock_is_held include/linux/lockdep.h:249 [inline] lockdep_rtnl_is_held+0x1b/0x40 net/core/rtnetlink.c:182 __in6_dev_get include/net/addrconf.h:347 [inline] ip6_ignore_linkdown include/net/addrconf.h:443 [inline] find_match+0xd0/0xc90 net/ipv6/route.c:781 __find_rr_leaf+0x23a/0x6d0 net/ipv6/route.c:869 find_rr_leaf net/ipv6/route.c:890 [inline] rt6_select net/ipv6/route.c:934 [inline] fib6_table_lookup+0x39f/0xa80 net/ipv6/route.c:2232 ip6_pol_route+0x222/0x1180 net/ipv6/route.c:2268 pol_lookup_func include/net/ip6_fib.h:617 [inline] fib6_rule_lookup+0x52f/0x6f0 net/ipv6/fib6_rules.c:120 ip6_route_input_lookup net/ipv6/route.c:2337 [inline] ip6_route_input+0x6ce/0xa50 net/ipv6/route.c:2640 ip6_rcv_finish+0x141/0x2d0 net/ipv6/ip6_input.c:77 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:317 __netif_receive_skb_one_core net/core/dev.c:5977 [inline] __netif_receive_skb+0xd3/0x380 net/core/dev.c:6090 process_backlog+0x60e/0x14f0 net/core/dev.c:6442 __napi_poll+0xc4/0x480 net/core/dev.c:7414 napi_poll net/core/dev.c:7478 [inline] net_rx_action+0x707/0xe30 net/core/dev.c:7605 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:schedule_debug kernel/sched/core.c:5962 [inline] RIP: 0010:__schedule+0x1a7/0x4d00 kernel/sched/core.c:6682 Code: 74 08 48 89 df e8 19 e1 b3 f6 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 00 e1 b3 f6 48 81 3b 9d 6e ac 57 <0f> 85 26 18 00 00 83 7c 24 70 00 7f 42 49 8d 5e 18 48 89 d8 48 c1 RSP: 0018:ffffc9000b967680 EFLAGS: 00000246 RAX: 1ffff9200172c000 RBX: ffffc9000b960000 RCX: 3049170cbcf4a900 RDX: 0000000000000000 RSI: ffffffff8be28f20 RDI: ffffffff8be28ee0 RBP: ffffc9000b967890 R08: ffffffff8fa1d6f7 R09: 1ffffffff1f43ade R10: dffffc0000000000 R11: fffffbfff1f43adf R12: ffff8880b863aa88 R13: dffffc0000000000 R14: ffff88802c665a00 R15: ffff888125c1f000 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7108 irqentry_exit+0x6f/0x90 kernel/entry/common.c:307 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:preempt_schedule_notrace+0x0/0x110 kernel/sched/core.c:7030 Code: ff ff ff 5b 41 5e 41 5f c3 cc cc cc cc cc 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 53 48 83 e4 e0 48 83 ec 60 65 RSP: 0018:ffffc9000b967a00 EFLAGS: 00000246 RAX: 3049170cbcf4a900 RBX: ffffffff8184efe2 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b967a50 R08: ffffc9000b967717 R09: 0000000000000000 R10: ffffc9000b967708 R11: fffff5200172cee3 R12: dffffc0000000000 R13: ffffffff8184efe2 R14: ffffffff8e1768b0 R15: ffffffff8e1768b0 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13 class_preempt_notrace_destructor include/linux/preempt.h:482 [inline] __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3ca/0x3e0 kernel/locking/lockdep.c:5882 percpu_up_read include/linux/percpu-rwsem.h:112 [inline] cgroup_threadgroup_change_end+0x19/0x1c0 include/linux/cgroup-defs.h:854 do_exit+0x352/0x22e0 kernel/exit.c:912 do_group_exit+0x21c/0x2d0 kernel/exit.c:1105 get_signal+0x1286/0x1340 kernel/signal.c:3034 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x75/0x110 kernel/entry/common.c:111 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline] do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb69b98e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb6997f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000008 RBX: 00007fb69bbb5fa0 RCX: 00007fb69b98e929 RDX: 000000000000000a RSI: 0000000000000002 RDI: 0000000000000021 RBP: 00007fb69ba10b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fb69bbb5fa0 R15: 00007ffda0a51e08