watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.1.39:6066]
Modules linked in:
irq event stamp: 14038869
hardirqs last  enabled at (14038868): [<ffffffff8b4c0c14>] irqentry_exit+0x74/0x90 kernel/entry/common.c:214
hardirqs last disabled at (14038869): [<ffffffff8b4bf84e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1052
softirqs last  enabled at (3504): [<ffffffff81850cfa>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last  enabled at (3504): [<ffffffff81850cfa>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last  enabled at (3504): [<ffffffff81850cfa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
softirqs last disabled at (3649): [<ffffffff81850cfa>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last disabled at (3649): [<ffffffff81850cfa>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (3649): [<ffffffff81850cfa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
CPU: 0 UID: 0 PID: 6066 Comm: syz.1.39 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:arch_stack_walk+0x123/0x150 arch/x86/kernel/stacktrace.c:24
Code: 5e 09 00 48 85 c0 74 24 48 89 df 48 89 c6 4d 89 f3 2e e8 58 c8 95 1e 84 c0 74 11 4c 89 ff e8 a4 5f 09 00 83 bd 78 ff ff ff 00 <75> cf 65 48 8b 05 33 d3 26 11 48 3b 45 d8 75 12 48 83 c4 68 5b 41
RSP: 0018:ffffc90000007448 EFLAGS: 00000202
RAX: 0000000000007401 RBX: ffffc90000007500 RCX: 414c75aca1d63a00
RDX: 0000000000000002 RSI: ffffffff8d9d15ee RDI: ffff888020389e40
RBP: ffffc900000074d0 R08: ffffc90000006f97 R09: 0000000000000000
R10: ffffc90000006f88 R11: fffff52000000df3 R12: ffff888020389e40
R13: 0000000000000060 R14: ffffffff81ac6cd0 R15: ffffc90000007448
FS:  00007fa9525f66c0(0000) GS:ffff888125d0c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000678e0000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417
 kasan_kmalloc include/linux/kasan.h:262 [inline]
 __kmalloc_cache_noprof+0x3d5/0x6f0 mm/slub.c:5748
 kmalloc_noprof include/linux/slab.h:957 [inline]
 dst_cow_metrics_generic+0x56/0x1c0 net/core/dst.c:193
 dst_metrics_write_ptr include/net/dst.h:136 [inline]
 dst_metric_set include/net/dst.h:197 [inline]
 icmp6_dst_alloc+0x264/0x420 net/ipv6/route.c:3335
 ndisc_send_skb+0x3f1/0x1510 net/ipv6/ndisc.c:491
 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037
 call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1798 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403
 handle_softirqs+0x286/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:finish_task_switch+0x26b/0x950 kernel/sched/core.c:5193
Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 ef 4b bd 09 e8 aa b8 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 58 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc900054df898 EFLAGS: 00000282
RAX: 414c75aca1d63a00 RBX: 0000000000000000 RCX: 414c75aca1d63a00
RDX: 0000000000000000 RSI: ffffffff8d7e8438 RDI: ffffffff8bc07760
RBP: ffffc900054df8f0 R08: ffffffff8f9e1077 R09: 1ffffffff1f3c20e
R10: dffffc0000000000 R11: fffffbfff1f3c20f R12: ffff888020389e40
R13: dffffc0000000000 R14: ffff88802c2c1e40 R15: ffff8880b863abd8
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0x17a0/0x4cc0 kernel/sched/core.c:6929
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7113
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7137
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 consume_obj_stock mm/memcontrol.c:2938 [inline]
 obj_cgroup_charge_account+0x3f4/0x660 mm/memcontrol.c:3070
 __memcg_slab_post_alloc_hook+0x3db/0x7d0 mm/memcontrol.c:3188
 memcg_slab_post_alloc_hook mm/slub.c:2322 [inline]
 slab_post_alloc_hook mm/slub.c:4966 [inline]
 slab_alloc_node mm/slub.c:5265 [inline]
 kmem_cache_alloc_lru_noprof+0x410/0x6d0 mm/slub.c:5284
 sock_alloc_inode+0x28/0xc0 net/socket.c:322
 alloc_inode+0x6a/0x1b0 fs/inode.c:346
 new_inode_pseudo include/linux/fs.h:3395 [inline]
 sock_alloc net/socket.c:637 [inline]
 __sock_create+0x12d/0x9f0 net/socket.c:1569
 sock_create net/socket.c:1663 [inline]
 __sys_socket_create net/socket.c:1700 [inline]
 __sys_socket+0xd7/0x1b0 net/socket.c:1747
 __do_sys_socket net/socket.c:1761 [inline]
 __se_sys_socket net/socket.c:1759 [inline]
 __x64_sys_socket+0x7a/0x90 net/socket.c:1759
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa95438eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9525f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fa9545e5fa0 RCX: 00007fa95438eec9
RDX: 0000000000000006 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007fa954411f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa9545e6038 R14: 00007fa9545e5fa0 R15: 00007fff45cc8508
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 43 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0xd3c/0x12d0 kernel/smp.c:877
Code: 01 31 ff e8 96 73 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 41 6f 0b 00 eb 38 f3 90 42 0f b6 04 2b 84 c0 75 11 <41> f7 04 24 01 00 00 00 74 1e e8 25 6f 0b 00 eb e4 44 89 e1 80 e1
RSP: 0018:ffffc90000b36380 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff110170c8441 RCX: ffff88801f2a0000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90000b36500 R08: ffff888067e1eac7 R09: 1ffff1100cfc3d58
R10: dffffc0000000000 R11: ffffffff8175c760 R12: ffff8880b8642208
R13: dffffc0000000000 R14: ffff8880b873b240 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125e0c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557c3f95c8 CR3: 000000006574e000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043
 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
 flush_tlb_multi arch/x86/mm/tlb.c:1361 [inline]
 flush_tlb_mm_range+0x6b1/0x12d0 arch/x86/mm/tlb.c:1451
 flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]
 ptep_clear_flush+0x120/0x170 mm/pgtable-generic.c:101
 page_vma_mkclean_one+0x406/0x740 mm/rmap.c:1041
 page_mkclean_one+0x1c0/0x280 mm/rmap.c:1082
 __rmap_walk_file+0x467/0x620 mm/rmap.c:2918
 rmap_walk mm/rmap.c:2962 [inline]
 folio_mkclean+0x297/0x390 mm/rmap.c:1114
 folio_clear_dirty_for_io+0x1f5/0x880 mm/page-writeback.c:2938
 mpage_submit_folio+0x86/0x2b0 fs/ext4/inode.c:2061
 mpage_map_and_submit_buffers fs/ext4/inode.c:2324 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2514 [inline]
 ext4_do_writepages+0x1d43/0x4610 fs/ext4/inode.c:2931
 ext4_writepages+0x205/0x350 fs/ext4/inode.c:3025
 do_writepages+0x32e/0x550 mm/page-writeback.c:2604
 __writeback_single_inode+0x145/0xff0 fs/fs-writeback.c:1719
 writeback_sb_inodes+0x6c7/0x1010 fs/fs-writeback.c:2015
 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2086
 wb_writeback+0x44f/0xaf0 fs/fs-writeback.c:2197
 wb_check_old_data_flush fs/fs-writeback.c:2301 [inline]
 wb_do_writeback fs/fs-writeback.c:2354 [inline]
 wb_workfn+0xaef/0xef0 fs/fs-writeback.c:2382
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>