watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [syz.6.750:8948] Modules linked in: irq event stamp: 13431171 hardirqs last enabled at (13431170): [] irqentry_exit+0x5e8/0x670 kernel/entry/common.c:219 hardirqs last disabled at (13431171): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (13341492): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (13341492): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (13341492): [] __irq_exit_rcu+0x60/0x150 kernel/softirq.c:723 softirqs last disabled at (13341495): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (13341495): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (13341495): [] __irq_exit_rcu+0x60/0x150 kernel/softirq.c:723 CPU: 1 UID: 0 PID: 8948 Comm: syz.6.750 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:__do_trace_lock_acquire include/trace/events/lock.h:-1 [inline] RIP: 0010:trace_lock_acquire include/trace/events/lock.h:24 [inline] RIP: 0010:lock_acquire+0x2c8/0x340 kernel/locking/lockdep.c:5831 Code: 48 8b ac 24 98 00 00 00 4c 8b 6c 24 18 0f 83 8d fd ff ff 65 ff 05 c8 1e e2 10 48 8b 05 99 8d ce 0d 48 85 c0 74 2f 48 8b 78 08 <48> 8b 74 24 18 8b 54 24 08 8b 4c 24 04 4c 8b 44 24 20 4c 8b 4c 24 RSP: 0018:ffffc90000a07c38 EFLAGS: 00000286 RAX: ffff888059d3a590 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8de0fc60 RBP: ffffffff8173fdd5 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000a07df8 R11: ffffffff81acf4d0 R12: 0000000000000002 R13: ffffffff8df41aa0 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f0b466d26c0(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0b466d1f98 CR3: 0000000074142000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300 DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] class_rcu_constructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0xc2/0x23d0 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6670 [inline] kmem_cache_free+0x197/0x620 mm/slub.c:6781 skb_release_data+0x62d/0x7c0 net/core/skbuff.c:1107 skb_release_all net/core/skbuff.c:1182 [inline] __kfree_skb net/core/skbuff.c:1196 [inline] sk_skb_reason_drop+0x127/0x170 net/core/skbuff.c:1234 kfree_skb_reason include/linux/skbuff.h:1322 [inline] kfree_skb include/linux/skbuff.h:1331 [inline] ip6gre_tunnel_xmit+0xcb8/0x10e0 net/ipv6/ip6_gre.c:912 __netdev_start_xmit include/linux/netdevice.h:5273 [inline] netdev_start_xmit include/linux/netdevice.h:5282 [inline] xmit_one net/core/dev.c:3853 [inline] dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869 sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:347 __dev_xmit_skb net/core/dev.c:4169 [inline] __dev_queue_xmit+0x1379/0x31c0 net/core/dev.c:4785 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512 addrconf_rs_timer+0x369/0x6a0 net/ipv6/addrconf.c:4037 call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404 handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x60/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:in_lock_functions+0x4/0x30 kernel/locking/spinlock.c:412 Code: 95 e8 90 a0 88 00 e9 61 ff ff ff cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 81 ff d0 54 5c 8b 0f 93 c0 48 81 ff dc 93 5c 8b 0f 92 c1 20 c1 RSP: 0018:ffffc90002e77c60 EFLAGS: 00000246 RAX: 0000000000000001 RBX: ffffffff81337786 RCX: ffff888031101e80 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81337786 RBP: ffffc90002e77cd0 R08: ffffffff82415575 R09: ffffffff8df41b60 R10: dffffc0000000000 R11: fffff520005cef95 R12: ffff88805a257020 R13: ffff88805a257020 R14: ffffffff82415575 R15: dffffc0000000000 get_lock_parent_ip include/linux/ftrace.h:1132 [inline] preempt_latency_start kernel/sched/core.c:5705 [inline] preempt_schedule_common+0x43/0xd0 kernel/sched/core.c:7046 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 rcu_read_unlock_sched include/linux/rcupdate.h:981 [inline] fd_install+0x387/0x3d0 fs/file.c:699 __do_sys_perf_event_open kernel/events/core.c:13840 [inline] __se_sys_perf_event_open+0x1afa/0x1d90 kernel/events/core.c:13462 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0b4578f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0b466d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f0b459e5fa0 RCX: 00007f0b4578f749 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 00002000000003c0 RBP: 00007f0b45813f91 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0b459e6038 R14: 00007f0b459e5fa0 R15: 00007ffcaf70b808 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 8935 Comm: syz.8.746 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:100 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:115 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:140 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline] RIP: 0010:kasan_check_range+0xa5/0x2c0 mm/kasan/generic.c:200 Code: 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 de 01 00 00 <49> ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd 83 e5 07 0f 84 b5 RSP: 0018:ffffc90000006568 EFLAGS: 00000046 RAX: ffffc90000006601 RBX: fffffffffffffffe RCX: ffffffff81f2089b RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc90000006780 RBP: 0000000000000000 R08: ffffc9000000678f R09: 1ffff92000000cf1 R10: dffffc0000000000 R11: fffff52000000cf0 R12: 0000000000000002 R13: ffffe8ffffa2e000 R14: fffff52000000cf2 R15: 1ffff92000000cf0 FS: 00007f99a63f66c0(0000) GS:ffff888125e1f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb35d5500d0 CR3: 0000000076cfa000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: __asan_memset+0x22/0x50 mm/kasan/shadow.c:84 perf_tp_event+0xcb/0x1380 kernel/events/core.c:11061 perf_trace_run_bpf_submit+0xee/0x170 kernel/events/core.c:11005 do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline] perf_trace_lock_acquire+0x335/0x410 include/trace/events/lock.h:24 __do_trace_lock_acquire include/trace/events/lock.h:24 [inline] trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x2ef/0x340 kernel/locking/lockdep.c:5831 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] __task_pid_nr_ns+0x48/0x490 kernel/pid.c:515 perf_event_pid_type kernel/events/core.c:1432 [inline] perf_event_pid kernel/events/core.c:1441 [inline] __perf_event_header__init_id+0x109/0x480 kernel/events/core.c:7702 perf_prepare_sample+0x13b/0x2250 kernel/events/core.c:8265 __perf_event_output kernel/events/core.c:8504 [inline] perf_event_output_forward+0x151/0x430 kernel/events/core.c:8525 __perf_event_overflow+0x845/0xe70 kernel/events/core.c:10461 perf_swevent_hrtimer+0x3fc/0x570 kernel/events/core.c:11856 __run_hrtimer kernel/time/hrtimer.c:1777 [inline] __hrtimer_run_queues+0x4d0/0xc30 kernel/time/hrtimer.c:1841 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1903 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline] __sysvec_apic_timer_interrupt+0x102/0x3e0 arch/x86/kernel/apic/apic.c:1062 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:-1 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:233 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:649 [inline] RIP: 0010:cpu_online include/linux/cpumask.h:1231 [inline] RIP: 0010:__do_trace_lock_release include/trace/events/lock.h:69 [inline] RIP: 0010:trace_lock_release include/trace/events/lock.h:69 [inline] RIP: 0010:lock_release+0x353/0x3b0 kernel/locking/lockdep.c:5879 Code: 28 03 e9 c2 fd ff ff f3 0f 1e fa 4d 89 f7 4c 89 eb 65 8b 05 63 ed e1 10 83 f8 08 73 55 89 c0 48 0f a3 05 90 01 e4 0d 49 89 dd <4d> 89 fe 0f 83 ce fc ff ff 65 ff 05 3d ed e1 10 48 8b 05 56 5c ce RSP: 0018:ffffc90000007410 EFLAGS: 00000293 RAX: 0000000000000000 RBX: ffffffff8173fdd5 RCX: 0000000000000102 RDX: ffffc90000007501 RSI: ffffffff8173fdd5 RDI: ffffffff8df41aa0 RBP: dffffc0000000000 R08: ffffc90000007f10 R09: 0000000000000000 R10: ffffc90000007598 R11: fffff52000000eb5 R12: ffffc90000007f20 R13: ffffffff8173fdd5 R14: ffffffff8df41aa0 R15: ffffffff8df41aa0 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x1ab1/0x23d0 arch/x86/kernel/unwind_orc.c:695 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x37d/0x710 mm/slub.c:5270 dst_alloc+0x105/0x170 net/core/dst.c:89 ip6_dst_alloc net/ipv6/route.c:342 [inline] icmp6_dst_alloc+0x75/0x420 net/ipv6/route.c:3333 ndisc_send_skb+0x3f1/0x1510 net/ipv6/ndisc.c:491 addrconf_rs_timer+0x369/0x6a0 net/ipv6/addrconf.c:4037 call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404 handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x60/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:preempt_schedule_irq+0x48/0xa0 kernel/sched/core.c:7190 Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 54 bf 01 00 00 00 e8 73 bb 35 f6 e8 5e d1 6d f6 fb bf 01 00 00 00 c3 a9 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 e4 d2 6d f6 bf 01 RSP: 0018:ffffc90004d376f8 EFLAGS: 00000202 RAX: 000000000077c1f1 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000007 RSI: ffffffff8d792d31 RDI: 0000000000000001 RBP: 0000000000000000 R08: ffffffff8f822477 R09: 1ffffffff1f0448e R10: dffffc0000000000 R11: fffffbfff1f0448f R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 irqentry_exit+0x5e3/0x670 kernel/entry/common.c:216 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:lock_acquire+0x222/0x340 kernel/locking/lockdep.c:5872 Code: ff ff ff e8 70 d0 bb 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 5a 1f e2 10 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 3f af be 09 cc 48 8d 3d 97 78 e7 RSP: 0018:ffffc90004d37818 EFLAGS: 00000286 RAX: 2778fb77d520d100 RBX: 0000000000000000 RCX: 0000000000000046 RDX: 00000000708f8389 RSI: ffffffff8d976a88 RDI: ffffffff8bc086e0 RBP: ffffffff8230ec0e R08: ffffffff8230ec0e R09: ffffffff8df41aa0 R10: ffffc90004d37448 R11: fffff520009a6e8b R12: 0000000000000002 R13: ffffffff8df41aa0 R14: 0000000000000000 R15: 0000000000000246 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] __update_page_owner_free_handle+0x4b/0x470 mm/page_owner.c:283 __reset_page_owner+0x85/0x1f0 mm/page_owner.c:321 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1406 [inline] __free_frozen_pages+0xbc8/0xd30 mm/page_alloc.c:2943 discard_slab mm/slub.c:3346 [inline] __put_partials+0x146/0x170 mm/slub.c:3886 __slab_free+0x294/0x320 mm/slub.c:5952 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_lru_noprof+0x36c/0x6e0 mm/slub.c:5282 __d_alloc+0x37/0x6f0 fs/dcache.c:1730 d_alloc_pseudo+0x21/0xc0 fs/dcache.c:1861 alloc_path_pseudo fs/file_table.c:363 [inline] alloc_file_pseudo+0xcc/0x210 fs/file_table.c:379 __anon_inode_getfile fs/anon_inodes.c:166 [inline] anon_inode_getfile+0xc5/0x1a0 fs/anon_inodes.c:204 __do_sys_perf_event_open kernel/events/core.c:13760 [inline] __se_sys_perf_event_open+0xf3b/0x1d90 kernel/events/core.c:13462 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f99a818f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f99a63f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f99a83e5fa0 RCX: 00007f99a818f749 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000180 RBP: 00007f99a8213f91 R08: 000000000000000a R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f99a83e6038 R14: 00007f99a83e5fa0 R15: 00007ffe79e446d8