watchdog: BUG: soft lockup - CPU#0 stuck for 117s! [syz.9.1069:10298] Modules linked in: irq event stamp: 10063233 hardirqs last enabled at (10063232): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:200 hardirqs last disabled at (10063233): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1050 softirqs last enabled at (310566): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last enabled at (310566): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last enabled at (310566): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 softirqs last disabled at (310571): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (310571): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (310571): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 CPU: 0 UID: 0 PID: 10298 Comm: syz.9.1069 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x0/0x90 kernel/kcov.c:313 Code: 7c 11 10 48 89 74 11 18 48 89 44 11 20 c3 cc cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 14 25 08 b0 a0 92 65 8b 0d d8 ec RSP: 0018:ffffc90000007318 EFLAGS: 00000286 RAX: ffffffff81c94cab RBX: 000000000000002c RCX: 0000000000000100 RDX: ffff888025123c00 RSI: 0000000000000001 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000002 R09: 0000000000000000 R10: ffffc90000007638 R11: ffffffff81ac4b00 R12: 1ffff92000000e74 R13: dffffc0000000000 R14: ffffc900000073c0 R15: 0000000000000001 FS: 00007f209d3cd6c0(0000) GS:ffff888125c15000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000558b48d2e660 CR3: 0000000032442000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: perf_trace_buf_alloc+0x9b/0x2a0 kernel/trace/trace_event_perf.c:415 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x196/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:330 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:356 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4191 [inline] slab_alloc_node mm/slub.c:4240 [inline] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 mm/slub.c:4292 __alloc_skb+0x112/0x2d0 net/core/skbuff.c:659 alloc_skb include/linux/skbuff.h:1336 [inline] ndisc_alloc_skb+0x9f/0x480 net/ipv6/ndisc.c:420 ndisc_send_rs+0x2b5/0x630 net/ipv6/ndisc.c:706 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037 call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1747 expire_timers kernel/time/timer.c:1798 [inline] __run_timers kernel/time/timer.c:2372 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384 run_timer_base kernel/time/timer.c:2393 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:perf_trace_lock_acquire+0x74/0x410 include/trace/events/lock.h:24 Code: 41 48 c7 44 24 48 66 16 94 8d 48 c7 44 24 50 e0 b4 9c 81 4c 8d 64 24 40 49 c1 ec 03 48 b8 f1 f1 f1 f1 00 f2 f2 f2 4b 89 04 3c <43> c7 44 3c 08 04 f3 f3 f3 48 c7 44 24 60 00 00 00 00 c7 84 24 80 RSP: 0018:ffffc9000bc5f460 EFLAGS: 00000a02 RAX: f2f2f200f1f1f1f1 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8e13a0e0 RDI: ffffffff8e009080 RBP: ffffc9000bc5f560 R08: 0000000000000002 R09: 0000000000000000 R10: dffffc0000000000 R11: fffff91ffff96ad4 R12: 1ffff9200178be94 R13: ffffffff8e13a0e0 R14: ffffffff8e009080 R15: dffffc0000000000 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] trace_call_bpf+0xd4/0x850 kernel/trace/bpf_trace.c:-1 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10918 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] percpu_ref_put_many include/linux/percpu-refcount.h:330 [inline] percpu_ref_put+0x35/0x180 include/linux/percpu-refcount.h:351 refill_obj_stock+0x247/0x850 mm/memcontrol.c:3041 obj_cgroup_charge_account+0x116/0x660 mm/memcontrol.c:3105 __memcg_slab_post_alloc_hook+0x3e6/0x7f0 mm/memcontrol.c:3189 memcg_slab_post_alloc_hook mm/slub.c:2221 [inline] slab_post_alloc_hook mm/slub.c:4201 [inline] slab_alloc_node mm/slub.c:4240 [inline] kmem_cache_alloc_lru_noprof+0x2c7/0x3d0 mm/slub.c:4259 __d_alloc+0x36/0x7a0 fs/dcache.c:1690 d_alloc_pseudo+0x21/0xc0 fs/dcache.c:1821 alloc_path_pseudo fs/file_table.c:363 [inline] alloc_file_pseudo+0xcc/0x210 fs/file_table.c:379 __anon_inode_getfile fs/anon_inodes.c:166 [inline] anon_inode_getfile+0xc5/0x1a0 fs/anon_inodes.c:204 __do_sys_perf_event_open kernel/events/core.c:13658 [inline] __se_sys_perf_event_open+0xf20/0x1d70 kernel/events/core.c:13360 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f209f18eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f209d3cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f209f3e6090 RCX: 00007f209f18eec9 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000100 RBP: 00007f209f211f91 R08: 0000000000000009 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f209f3e6128 R14: 00007f209f3e6090 R15: 00007ffea268de28 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 10286 Comm: syz.6.1067 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:preempt_count_add+0x32/0x1a0 kernel/sched/core.c:5821 Code: 53 49 bf 00 00 00 00 00 fc ff df 48 c7 c0 20 03 ac 99 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 f1 00 00 00 83 3d fe f6 1b 18 00 <75> 07 65 8b 05 05 a4 10 11 65 01 3d fe a3 10 11 48 c7 c0 20 03 ac RSP: 0000:ffffc90000a075c0 EFLAGS: 00000046 RAX: 0000000000000004 RBX: 1ffff11004d5dbc8 RCX: ffffffff99ac0303 RDX: ffff888026aede40 RSI: ffffc900049a1048 RDI: 0000000000000001 RBP: ffffc90000a076d0 R08: ffffc90000a0776f R09: 0000000000000000 R10: ffffc90000a07760 R11: ffffffffa0203a8c R12: ffff888026aede30 R13: 1ffff92000140ec4 R14: ffff888026aeda00 R15: dffffc0000000000 FS: 00007fc42e2a36c0(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000558b48d2e660 CR3: 00000000310c0000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: class_preempt_constructor include/linux/preempt.h:472 [inline] migrate_enable+0xdb/0x3c0 kernel/sched/core.c:2431 bpf_prog_run_array include/linux/bpf.h:2296 [inline] trace_call_bpf+0x4b9/0x850 kernel/trace/bpf_trace.c:146 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10918 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] __perf_output_begin kernel/events/ring_buffer.c:167 [inline] perf_output_begin_forward+0xcd/0xa80 kernel/events/ring_buffer.c:277 __perf_event_output kernel/events/core.c:8485 [inline] perf_event_output_forward+0x2b2/0x430 kernel/events/core.c:8503 __perf_event_overflow+0x830/0xe40 kernel/events/core.c:10379 perf_swevent_hrtimer+0x3c5/0x550 kernel/events/core.c:11769 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x4dd/0xc60 kernel/time/hrtimer.c:1825 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline] __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1056 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__rcu_read_lock+0x39/0x60 kernel/rcu/tree_plugin.h:420 Code: 81 c3 44 04 00 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 18 ff 03 8b 03 3d 00 00 00 40 7d 07 <5b> c3 cc cc cc cc cc 90 0f 0b 90 eb f3 89 d9 80 e1 07 80 c1 03 38 RSP: 0000:ffffc90000a08388 EFLAGS: 00000283 RAX: 0000000000000002 RBX: ffff888026aede44 RCX: dffffc0000000000 RDX: dffffc0000000000 RSI: ffffffff81ac4aac RDI: ffffc90000a08468 RBP: dffffc0000000000 R08: ffffc90000a08530 R09: 0000000000000016 R10: ffffc90000a084b8 R11: ffffffff81ac4b00 R12: 1ffff9200014108d R13: ffffc90000a084a0 R14: ffffc90000a08468 R15: ffffc9000bbff980 rcu_read_lock include/linux/rcupdate.h:839 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x9e/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:243 [inline] __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2422 [inline] slab_free mm/slub.c:4695 [inline] kmem_cache_free+0x18f/0x400 mm/slub.c:4797 skb_release_data+0x62d/0x7c0 net/core/skbuff.c:1086 skb_release_all net/core/skbuff.c:1151 [inline] napi_consume_skb+0x158/0x1e0 net/core/skbuff.c:1479 __free_old_xmit+0x2c7/0x650 drivers/net/virtio_net.c:-1 virtnet_free_old_xmit drivers/net/virtio_net.c:639 [inline] free_old_xmit drivers/net/virtio_net.c:1094 [inline] virtnet_poll_tx+0x42b/0x1550 drivers/net/virtio_net.c:3261 __napi_poll+0xc7/0x360 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0x707/0xe30 net/core/dev.c:7696 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__sanitizer_cov_trace_pc+0x4a/0x70 kernel/kcov.c:223 Code: 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 <8b> 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 e9 be 5c RSP: 0000:ffffc9000bbff4f8 EFLAGS: 00000246 RAX: ffffffff81cb1616 RBX: 0000000000000000 RCX: ffff888026aeda00 RDX: ffffc9000cc13000 RSI: 000000000000e999 RDI: 000000000000e99a RBP: ffffc9000bbff5f8 R08: 0000000000000001 R09: ffff8880b8732980 R10: dffffc0000000000 R11: fffff91ffffb6ad4 R12: ffffe8ffffdb5678 R13: 1ffff9200177feac R14: ffff8880b8732980 R15: ffffffff8e009080 trace_call_bpf+0x76/0x850 kernel/trace/bpf_trace.c:111 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10918 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x311/0x360 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 save_stack+0xf5/0x1f0 mm/page_owner.c:156 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:308 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1395 [inline] __free_frozen_pages+0xbc4/0xd30 mm/page_alloc.c:2895 __slab_free+0x303/0x3c0 mm/slub.c:4606 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4191 [inline] slab_alloc_node mm/slub.c:4240 [inline] kmem_cache_alloc_lru_noprof+0x1c6/0x3d0 mm/slub.c:4259 sock_alloc_inode+0x28/0xc0 net/socket.c:309 alloc_inode+0x67/0x1b0 fs/inode.c:346 new_inode_pseudo include/linux/fs.h:3392 [inline] sock_alloc net/socket.c:624 [inline] __sock_create+0x12d/0x9f0 net/socket.c:1553 sock_create net/socket.c:1647 [inline] __sys_socketpair+0x23a/0x560 net/socket.c:1798 __do_sys_socketpair net/socket.c:1847 [inline] __se_sys_socketpair net/socket.c:1844 [inline] __x64_sys_socketpair+0x9b/0xb0 net/socket.c:1844 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc42d38eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc42e2a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 RAX: ffffffffffffffda RBX: 00007fc42d5e5fa0 RCX: 00007fc42d38eec9 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 RBP: 00007fc42d411f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fc42d5e6038 R14: 00007fc42d5e5fa0 R15: 00007ffcdebb11e8