watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.8.2004:13557] Modules linked in: irq event stamp: 14483175 hardirqs last enabled at (14483174): [] irqentry_exit+0x59c/0x620 kernel/entry/common.c:219 hardirqs last disabled at (14483175): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (474): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (474): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (474): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 softirqs last disabled at (5551): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (5551): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (5551): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 CPU: 0 UID: 0 PID: 13557 Comm: syz.8.2004 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216 Code: 8b 3d 94 74 15 0c 48 89 de 5b e9 03 bf 5b 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d 78 be 0c 11 65 8b 15 99 be 0c 11 81 e2 00 01 ff 00 74 RSP: 0018:ffffc90000007510 EFLAGS: 00000293 RAX: ffffffff894e6988 RBX: ffff88807e64f140 RCX: 0000000000000100 RDX: ffff88807f1a5b80 RSI: 00000000000005ee RDI: 0000000000000046 RBP: 00000000000005ee R08: ffffffff865e9ee1 R09: ffffffff8e35a320 R10: dffffc0000000000 R11: ffffffff865e9e80 R12: 00000000000005dc R13: dffffc0000000000 R14: ffff88807d456000 R15: 0000000000000046 FS: 00007f1bf4c416c0(0000) GS:ffff88812592c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff80ff4cff CR3: 0000000032eaa000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: __is_skb_forwardable include/linux/netdevice.h:4318 [inline] ____dev_forward_skb include/linux/netdevice.h:4349 [inline] __dev_forward_skb2+0x208/0x740 net/core/dev.c:2421 veth_forward_skb drivers/net/veth.c:319 [inline] veth_xmit+0x45d/0xd50 drivers/net/veth.c:375 __netdev_start_xmit include/linux/netdevice.h:5273 [inline] netdev_start_xmit include/linux/netdevice.h:5282 [inline] xmit_one net/core/dev.c:3853 [inline] dev_hard_start_xmit+0x2cd/0x7f0 net/core/dev.c:3869 __dev_queue_xmit+0x14dd/0x32a0 net/core/dev.c:4819 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512 addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4037 call_timer_fn+0x192/0x5a0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:finish_task_switch+0x241/0x920 kernel/sched/core.c:5114 Code: 0f 84 bd 01 00 00 48 85 db 0f 85 e4 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 99 b8 e7 09 e8 64 84 37 00 fb 4c 8b 65 c0 <49> 8d bc 24 48 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 RSP: 0018:ffffc9000445f9f8 EFLAGS: 00000206 RAX: 00000000000014c9 RBX: 0000000000000000 RCX: 0000000080000001 RDX: 0000000000000006 RSI: ffffffff8dad24d5 RDI: ffffffff8be73880 RBP: ffffc9000445fa50 R08: ffffffff8fceca77 R09: 1ffffffff1f9d94e R10: dffffc0000000000 R11: fffffbfff1f9d94f R12: ffff88807f1a5b80 R13: dffffc0000000000 R14: ffff88801d3a5b80 R15: ffff8880b863b498 context_switch kernel/sched/core.c:5259 [inline] __schedule+0x14f7/0x4fb0 kernel/sched/core.c:6863 preempt_schedule_common+0x82/0xd0 kernel/sched/core.c:7047 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0x74/0x80 kernel/locking/spinlock.c:194 __do_sys_perf_event_open kernel/events/core.c:13821 [inline] __se_sys_perf_event_open+0x1937/0x1d60 kernel/events/core.c:13462 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1bf3d9acb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1bf4c41028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f1bf4015fa0 RCX: 00007f1bf3d9acb9 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 00002000000003c0 RBP: 00007f1bf3e08bf7 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f1bf4016038 R14: 00007f1bf4015fa0 R15: 00007ffde6afe128 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 13550 Comm: syz.5.2001 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:asm_sysvec_apic_timer_interrupt+0x0/0x20 arch/x86/include/asm/idtentry.h:697 Code: b6 d3 77 0a e9 61 06 00 00 90 f3 0f 1e fa 0f 01 ca fc 6a ff e8 11 05 00 00 48 89 c4 48 89 e7 e8 c6 d2 77 0a e9 41 06 00 00 90 0f 1e fa 0f 01 ca fc 6a ff e8 f1 04 00 00 48 89 c4 48 89 e7 e8 RSP: 0018:ffffc90000a08a38 EFLAGS: 00000046 RAX: 1ffff9200014119f RBX: ffffc90000a08cf0 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff8880b873a9d8 RDI: 1ffff110170e753b RBP: ffffc90000a08e78 R08: ffffc90000a08d3f R09: 0000000000000000 R10: ffffc90000a08ce8 R11: fffff520001411a8 R12: 0000000000000001 R13: dffffc0000000000 R14: ffff88801c6b7e80 R15: ffffc90000a08ce8 FS: 00007f489ada76c0(0000) GS:ffff888125a2c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efe699ecd58 CR3: 0000000033b16000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: RIP: 0010:update_sd_lb_stats kernel/sched/fair.c:11115 [inline] RIP: 0010:sched_balance_find_src_group kernel/sched/fair.c:11365 [inline] RIP: 0010:sched_balance_rq+0x1ada/0x5880 kernel/sched/fair.c:11851 Code: 00 00 00 fc ff df 42 80 3c 28 00 74 08 48 89 df e8 bb 2c 92 00 48 8b 03 48 01 84 24 10 02 00 00 48 8b 44 24 08 42 80 3c 28 00 <48> 8b 9c 24 90 00 00 00 4c 8b 7c 24 18 74 08 4c 89 ff e8 8f 2c 92 RSP: 0018:ffffc90000a08a60 EFLAGS: 00000246 sched_balance_domains+0x45e/0x960 kernel/sched/fair.c:12311 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:finish_task_switch+0x241/0x920 kernel/sched/core.c:5114 Code: 0f 84 bd 01 00 00 48 85 db 0f 85 e4 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 99 b8 e7 09 e8 64 84 37 00 fb 4c 8b 65 c0 <49> 8d bc 24 48 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 RSP: 0018:ffffc900042cf858 EFLAGS: 00000206 RAX: 0000000000d5d8e1 RBX: 0000000000000000 RCX: 0000000080000001 RDX: 0000000000000007 RSI: ffffffff8dad24d5 RDI: ffffffff8be73880 RBP: ffffc900042cf8b0 R08: ffffffff8fceca77 R09: 1ffffffff1f9d94e R10: dffffc0000000000 R11: fffffbfff1f9d94f R12: ffff88802f0f0000 R13: dffffc0000000000 R14: ffff888077ed3d00 R15: ffff8880b873b498 context_switch kernel/sched/core.c:5259 [inline] __schedule+0x14f7/0x4fb0 kernel/sched/core.c:6863 preempt_schedule_common+0x82/0xd0 kernel/sched/core.c:7047 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 __free_frozen_pages+0x82b/0xd10 mm/page_alloc.c:2973 discard_slab mm/slub.c:3346 [inline] __put_partials+0x146/0x170 mm/slub.c:3886 __slab_free+0x294/0x320 mm/slub.c:5952 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_lru_noprof+0x35f/0x6c0 mm/slub.c:5282 sock_alloc_inode+0x28/0xc0 net/socket.c:322 alloc_inode+0x6a/0x1b0 fs/inode.c:346 new_inode_pseudo include/linux/fs.h:2964 [inline] sock_alloc net/socket.c:637 [inline] __sock_create+0x12d/0x9d0 net/socket.c:1569 sock_create net/socket.c:1663 [inline] __sys_socket_create net/socket.c:1700 [inline] __sys_socket+0xd6/0x1b0 net/socket.c:1747 __do_sys_socket net/socket.c:1761 [inline] __se_sys_socket net/socket.c:1759 [inline] __x64_sys_socket+0x7a/0x90 net/socket.c:1759 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4899f9acb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f489ada7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f489a215fa0 RCX: 00007f4899f9acb9 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a RBP: 00007f489a008bf7 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f489a216038 R14: 00007f489a215fa0 R15: 00007ffff9db02c8