watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.5.324:7714] Modules linked in: irq event stamp: 11044187 hardirqs last enabled at (11044186): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:357 hardirqs last disabled at (11044187): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049 softirqs last enabled at (11015300): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last enabled at (11015300): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last enabled at (11015300): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 softirqs last disabled at (11015303): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (11015303): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (11015303): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 CPU: 0 UID: 0 PID: 7714 Comm: syz.5.324 Not tainted 6.15.0-rc4-syzkaller-gf263336a41da #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 RIP: 0010:kasan_byte_accessible+0x0/0x30 mm/kasan/generic.c:193 Code: d6 f1 ff ff 34 01 e9 1c ff ff ff 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 07 RSP: 0018:ffffc90000005798 EFLAGS: 00000202 RAX: 0000000000000001 RBX: ffffffff81719a12 RCX: 081f7802c62cf000 RDX: 0000000000000000 RSI: ffffffff81719a12 RDI: ffffffff8df3b860 RBP: ffffffff817199f5 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000005600 R11: ffffffff81acaa70 R12: 0000000000000002 R13: ffffffff8df3b860 R14: ffffffff8df3b860 R15: 0000000000000000 FS: 00007f59c60796c0(0000) GS:ffff8881260cc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000000f000 CR3: 000000007df12000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: __kasan_check_byte+0x12/0x40 mm/kasan/common.c:556 kasan_check_byte include/linux/kasan.h:399 [inline] lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5840 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4161 [inline] slab_alloc_node mm/slub.c:4210 [inline] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 mm/slub.c:4262 kmalloc_reserve+0xbd/0x290 net/core/skbuff.c:577 __alloc_skb+0x142/0x2d0 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1340 [inline] arp_create+0x189/0x990 net/ipv4/arp.c:561 arp_send_dst+0xa7/0x2d0 net/ipv4/arp.c:314 arp_solicit+0xc1d/0xe60 net/ipv4/arp.c:392 neigh_probe net/core/neighbour.c:1024 [inline] __neigh_event_send+0xf6d/0x1560 net/core/neighbour.c:1191 neigh_event_send_probe include/net/neighbour.h:463 [inline] neigh_event_send include/net/neighbour.h:469 [inline] neigh_resolve_output+0x198/0x750 net/core/neighbour.c:1496 neigh_output include/net/neighbour.h:539 [inline] ip_finish_output2+0xd3d/0x1160 net/ipv4/ip_output.c:235 ip_local_out net/ipv4/ip_output.c:129 [inline] __ip_queue_xmit+0x1101/0x1b00 net/ipv4/ip_output.c:527 __tcp_transmit_skb+0x225c/0x36c0 net/ipv4/tcp_output.c:1479 tcp_transmit_skb net/ipv4/tcp_output.c:1497 [inline] __tcp_retransmit_skb+0xa30/0x1530 net/ipv4/tcp_output.c:3434 tcp_retransmit_skb+0x33/0x440 net/ipv4/tcp_output.c:3458 tcp_xmit_retransmit_queue+0x461/0xb40 net/ipv4/tcp_output.c:3540 tcp_xmit_recovery net/ipv4/tcp_input.c:3918 [inline] tcp_ack+0x4385/0x62b0 net/ipv4/tcp_input.c:4088 tcp_rcv_established+0x7e4/0x1d10 net/ipv4/tcp_input.c:6301 tcp_v4_do_rcv+0xa23/0xce0 net/ipv4/tcp_ipv4.c:1925 tcp_v4_rcv+0x266e/0x2ef0 net/ipv4/tcp_ipv4.c:2363 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2fb/0x580 net/ipv4/ip_input.c:233 NF_HOOK+0x309/0x3a0 include/linux/netfilter.h:314 dst_input include/net/dst.h:469 [inline] ip_sublist_rcv_finish+0x21d/0x2a0 net/ipv4/ip_input.c:578 ip_list_rcv_finish net/ipv4/ip_input.c:627 [inline] ip_sublist_rcv+0x6e7/0x9b0 net/ipv4/ip_input.c:635 ip_list_rcv+0x3e2/0x430 net/ipv4/ip_input.c:669 __netif_receive_skb_list_ptype net/core/dev.c:5930 [inline] __netif_receive_skb_list_core+0x571/0x800 net/core/dev.c:5967 __netif_receive_skb_list net/core/dev.c:6029 [inline] netif_receive_skb_list_internal+0x975/0xcc0 net/core/dev.c:6120 gro_normal_list include/net/gro.h:532 [inline] gro_normal_one include/net/gro.h:546 [inline] gro_skb_finish net/core/gro.c:601 [inline] gro_receive_skb+0x5dc/0xc10 net/core/gro.c:631 napi_gro_receive include/linux/netdevice.h:4149 [inline] virtnet_receive_done+0xd1f/0x1af0 drivers/net/virtio_net.c:2534 receive_buf+0xa40/0x1580 drivers/net/virtio_net.c:2578 virtnet_receive_packets drivers/net/virtio_net.c:2926 [inline] virtnet_receive drivers/net/virtio_net.c:2950 [inline] virtnet_poll+0x1f9b/0x2d70 drivers/net/virtio_net.c:3045 __napi_poll+0xc4/0x480 net/core/dev.c:7324 napi_poll net/core/dev.c:7388 [inline] net_rx_action+0x6ea/0xdf0 net/core/dev.c:7510 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:memset_orig+0x9b/0xb0 arch/x86/lib/memset_64.S:112 Code: c9 48 89 07 48 8d 7f 08 75 f5 83 e2 07 74 0a ff ca 88 07 48 8d 7f 01 75 f6 4c 89 d0 c3 cc cc cc cc 48 83 fa 07 76 e3 48 89 07 <49> c7 c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 RSP: 0018:ffffc9000cb9f678 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 000000000000002c RCX: 0000000000000000 RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffffe8ffffcde024 RBP: 0000000000000000 R08: ffffe8ffffcde02b R09: 0000000000000004 R10: ffffe8ffffcde024 R11: fffff91ffff9bc06 R12: ffffffff8d96dc10 R13: dffffc0000000000 R14: ffffe8ffffcde000 R15: ffffffff8d96dc10 perf_trace_buf_alloc+0x1d5/0x2a0 kernel/trace/trace_event_perf.c:419 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x18d/0x3b0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4372 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] sctp_endpoint_init net/sctp/endpointola.c:48 [inline] sctp_endpoint_new+0x117/0xa20 net/sctp/endpointola.c:138 sctp_init_sock+0x960/0x11f0 net/sctp/socket.c:5078 inet_create+0xcd4/0x1000 net/ipv4/af_inet.c:384 __sock_create+0x4b0/0x9f0 net/socket.c:1541 sock_create net/socket.c:1599 [inline] __sys_socket_create net/socket.c:1636 [inline] __sys_socket+0xd7/0x1b0 net/socket.c:1683 __do_sys_socket net/socket.c:1697 [inline] __se_sys_socket net/socket.c:1695 [inline] __x64_sys_socket+0x7a/0x90 net/socket.c:1695 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f59c518e969 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f59c6079038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f59c53b5fa0 RCX: 00007f59c518e969 RDX: 0000000000000084 RSI: 0000000000000001 RDI: 0000000000000002 RBP: 00007f59c5210ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f59c53b5fa0 R15: 00007ffdc85d4388 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 7711 Comm: syz.3.323 Not tainted 6.15.0-rc4-syzkaller-gf263336a41da #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 RIP: 0010:trylock_clear_pending kernel/locking/qspinlock_paravirt.h:124 [inline] RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:431 [inline] RIP: 0010:__pv_queued_spin_lock_slowpath+0x6b0/0xb60 kernel/locking/qspinlock.c:325 Code: c0 0f 85 42 01 00 00 c6 07 00 43 0f b6 04 37 84 c0 0f 85 60 01 00 00 c6 01 01 41 be 00 80 ff ff 66 c7 84 24 90 00 00 00 00 01 <48> b8 00 00 00 00 00 fc ff df 48 8b 4c 24 20 0f b6 04 01 84 c0 75 RSP: 0018:ffffc90000a08a00 EFLAGS: 00000286 RAX: 0000000000000000 RBX: ffff888020bf9b40 RCX: 1ffff1100417f368 RDX: 0000000000000100 RSI: ffffffff8d749ffa RDI: ffff8880b893aa94 RBP: ffffc90000a08b18 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e R10: dffffc0000000000 R11: fffffbfff1efda6f R12: 1ffffffff1bb48a4 R13: 0000000000000000 R14: 00000000ffffc6d8 R15: 1ffff1100417f368 FS: 0000000000000000(0000) GS:ffff8881261cc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f661caf7ff8 CR3: 0000000030688000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:572 [inline] queued_spin_lock_slowpath+0x43/0x50 arch/x86/include/asm/qspinlock.h:51 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x21f/0x290 kernel/locking/spinlock_debug.c:116 spin_lock include/linux/spinlock.h:351 [inline] tcp_tsq_handler+0x29/0x200 net/ipv4/tcp_output.c:1099 tcp_tasklet_func+0x3cd/0x460 net/ipv4/tcp_output.c:1133 tasklet_action_common+0x369/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:percpu_counter_add_batch+0x43/0x1e0 lib/percpu_counter.c:98 Code: 89 fb 49 bf 00 00 00 00 00 fc ff df e8 f6 4d d4 fc 48 89 5c 24 10 4c 8d 73 58 4c 89 f0 48 c1 e8 03 48 89 04 24 42 80 3c 38 00 <74> 08 4c 89 f7 e8 63 3f 36 fd 49 8b 06 65 8b 28 41 89 ef 41 c1 ff RSP: 0018:ffffc9000cb0f3a0 EFLAGS: 00000246 RAX: 1ffff1100f1abbeb RBX: ffff888078d5df00 RCX: ffff88802e749e00 RDX: 0000000000000000 RSI: fffffffffffffff2 RDI: ffff888078d5df00 RBP: ffffc9000cb0f6b0 R08: ffffea0001e00433 R09: 1ffffd40003c0086 R10: dffffc0000000000 R11: fffff940003c0087 R12: 0000000000000020 R13: fffffffffffffff2 R14: ffff888078d5df58 R15: dffffc0000000000 percpu_counter_add include/linux/percpu_counter.h:71 [inline] add_mm_counter include/linux/mm.h:2715 [inline] add_mm_rss_vec+0x76/0x320 mm/memory.c:469 zap_pte_range mm/memory.c:1753 [inline] zap_pmd_range mm/memory.c:1823 [inline] zap_pud_range mm/memory.c:1852 [inline] zap_p4d_range mm/memory.c:1873 [inline] unmap_page_range+0x32d8/0x4210 mm/memory.c:1894 unmap_vmas+0x25d/0x3c0 mm/memory.c:1984 exit_mmap+0x245/0xba0 mm/mmap.c:1284 __mmput+0x118/0x420 kernel/fork.c:1379 exit_mm+0x1da/0x2c0 kernel/exit.c:589 do_exit+0x859/0x2550 kernel/exit.c:940 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102 get_signal+0x125e/0x1310 kernel/signal.c:3034 arch_do_signal_or_restart+0x95/0x780 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x8b/0x120 kernel/entry/common.c:218 do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe98b78e969 Code: Unable to access opcode bytes at 0x7fe98b78e93f. RSP: 002b:00007fe98c6a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 000000000000000c RBX: 00007fe98b9b5fa0 RCX: 00007fe98b78e969 RDX: 0000000000000084 RSI: 0000000000000005 RDI: 0000000000000002 RBP: 00007fe98b810ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fe98b9b5fa0 R15: 00007ffd2bfb3c98