watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.6.5429:31307] Modules linked in: irq event stamp: 13544891 hardirqs last enabled at (13544890): [] irqentry_exit+0x59c/0x620 kernel/entry/common.c:219 hardirqs last disabled at (13544891): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (852): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (852): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (852): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 softirqs last disabled at (905): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (905): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (905): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 CPU: 0 UID: 0 PID: 31307 Comm: syz.6.5429 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 RIP: 0010:unwind_next_frame+0x1ab9/0x23c0 arch/x86/kernel/unwind_orc.c:695 Code: 48 c7 c2 80 a3 a9 8b e8 15 ec 2a 00 48 c7 c7 a0 a3 55 8e 4c 89 fe e8 b6 d2 2a 00 e8 71 b3 34 00 89 d8 48 81 c4 98 00 00 00 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 4c 8b 7c 24 50 eb 89 RSP: 0018:ffffc90000007658 EFLAGS: 00000296 RAX: 00000000e8408c01 RBX: ffffc90000007740 RCX: 0000000000000101 RDX: 0000000000000004 RSI: ffffffff8df36e36 RDI: ffff888054543d00 RBP: dffffc0000000000 R08: ffffffff81d01a12 R09: ffffffff8e55a3a0 R10: dffffc0000000000 R11: fffff91ffff9bc01 R12: 00007feee9245028 R13: ffffc90004a38000 R14: ffffc90000007688 R15: ffffffff81759195 FS: 00007feee92456c0(0000) GS:ffff8881256f8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000100000001 CR3: 000000007ec38000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_node_noprof+0x427/0x6f0 mm/slub.c:5315 kmalloc_reserve+0xbd/0x290 net/core/skbuff.c:586 __alloc_skb+0x204/0x390 net/core/skbuff.c:690 alloc_skb include/linux/skbuff.h:1383 [inline] new_skb+0x2f/0x2b0 drivers/block/aoe/aoecmd.c:66 aoecmd_cfg_pkts drivers/block/aoe/aoecmd.c:430 [inline] aoecmd_cfg+0x2b1/0x800 drivers/block/aoe/aoecmd.c:1374 call_timer_fn+0x192/0x5a0 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:bpf_prog_6c53a1984fc30528+0x16/0x23 Code: cc cc cc cc cc cc cc cc cc cc cc cc 40 00 00 00 cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 0f 1f 00 55 48 89 e5 f3 0f 1e fa 41 56 <45> 31 f6 31 c0 41 5e c9 e9 b5 b8 79 eb cc cc cc cc cc cc cc cc cc RSP: 0018:ffffc90004a3ede8 EFLAGS: 00000286 RAX: 1ffff920008f8e09 RBX: ffff888078f3e598 RCX: dffffc0000000000 RDX: ffffc90024620000 RSI: ffffc900047c7060 RDI: ffffe8ffffcd1000 RBP: ffffc90004a3edf0 R08: ffffc90004a3eeaf R09: 0000000000000000 R10: ffffc90004a3eea0 R11: ffffffffa02019c8 R12: ffff888078f3e5a8 R13: ffffc900047c7048 R14: 0000000000000001 R15: ffffc900047c7060 bpf_dispatcher_nop_func include/linux/bpf.h:1398 [inline] __bpf_prog_run include/linux/filter.h:723 [inline] bpf_prog_run include/linux/filter.h:730 [inline] bpf_prog_run_array include/linux/bpf.h:2462 [inline] trace_call_bpf+0x3f4/0xb70 kernel/trace/bpf_trace.c:145 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:11000 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x326/0x3f0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x379/0x3a0 kernel/locking/lockdep.c:5879 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] __update_page_owner_handle+0x51a/0x570 mm/page_owner.c:270 __set_page_owner+0x10a/0x4c0 mm/page_owner.c:342 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x228/0x280 mm/page_alloc.c:1857 prep_new_page mm/page_alloc.c:1865 [inline] get_page_from_freelist+0x24dc/0x2580 mm/page_alloc.c:3915 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5210 __alloc_pages_noprof mm/page_alloc.c:5244 [inline] alloc_pages_bulk_noprof+0x558/0x700 mm/page_alloc.c:5164 ___alloc_pages_bulk mm/kasan/shadow.c:345 [inline] __kasan_populate_vmalloc_do mm/kasan/shadow.c:370 [inline] __kasan_populate_vmalloc+0xc1/0x1d0 mm/kasan/shadow.c:424 kasan_populate_vmalloc include/linux/kasan.h:580 [inline] alloc_vmap_area+0xdbc/0x14a0 mm/vmalloc.c:2124 __get_vm_area_node+0x1f8/0x300 mm/vmalloc.c:3219 __vmalloc_node_range_noprof+0x372/0x1730 mm/vmalloc.c:4011 __vmalloc_node_noprof mm/vmalloc.c:4111 [inline] __vmalloc_noprof+0xd2/0x120 mm/vmalloc.c:4127 bpf_prog_alloc_no_stats+0x4a/0x4f0 kernel/bpf/core.c:106 bpf_prog_alloc+0x3c/0x1a0 kernel/bpf/core.c:155 bpf_prog_load+0x7ba/0x1ae0 kernel/bpf/syscall.c:2990 __sys_bpf+0x618/0x950 kernel/bpf/syscall.c:6221 __do_sys_bpf kernel/bpf/syscall.c:6334 [inline] __se_sys_bpf kernel/bpf/syscall.c:6332 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6332 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feee839aeb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feee9245028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007feee8616090 RCX: 00007feee839aeb9 RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 RBP: 00007feee8408c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007feee8616128 R14: 00007feee8616090 R15: 00007fff4123cb78 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 31306 Comm: syz.6.5429 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 RIP: 0010:debug_spin_lock_before kernel/locking/spinlock_debug.c:87 [inline] RIP: 0010:do_raw_spin_lock+0x91/0x2f0 kernel/locking/spinlock_debug.c:115 Code: 14 4c 8d 77 04 4c 89 f0 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 f3 01 00 00 41 8b 06 3d ad 4e ad de 0f 85 32 01 00 00 4c 8d 73 10 <4c> 89 f0 48 c1 e8 03 48 89 44 24 10 80 3c 10 00 74 12 4c 89 f7 e8 RSP: 0018:ffffc90000a08080 EFLAGS: 00000046 RAX: 00000000dead4ead RBX: ffff8880b8728240 RCX: 0000000000010102 RDX: dffffc0000000000 RSI: ffffffff8df36e36 RDI: ffff8880b8728240 RBP: ffffc90000a08130 R08: ffffffff81b164fd R09: ffff8880b8728258 R10: dffffc0000000000 R11: fffffbfff1fde00f R12: 1ffff92000141014 R13: dffffc0000000000 R14: ffff8880b8728250 R15: ffff8880b87282c0 FS: 00007feee92666c0(0000) GS:ffff8881257f8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556e2c37c950 CR3: 000000007ec38000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: __run_hrtimer kernel/time/hrtimer.c:1781 [inline] __hrtimer_run_queues+0x5ed/0xc30 kernel/time/hrtimer.c:1841 hrtimer_interrupt+0x42b/0x1010 kernel/time/hrtimer.c:1903 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline] __sysvec_apic_timer_interrupt+0x102/0x3d0 arch/x86/kernel/apic/apic.c:1062 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:lock_acquire+0x221/0x330 kernel/locking/lockdep.c:5872 Code: ff ff ff e8 91 9f f6 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 7b 30 52 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 88 f7 51 RSP: 0018:ffffc90000a084d8 EFLAGS: 00000286 RAX: 27fa1ddd58ca9c00 RBX: 0000000000000000 RCX: 0000000000000101 RDX: 00000000a42637f2 RSI: ffffffff8df36e36 RDI: ffffffff8c073f80 RBP: ffffffff81759195 R08: ffffffff81759195 R09: ffffffff8e55a3a0 R10: ffffc90000a082c0 R11: ffffffff81afb1d0 R12: 0000000000000002 R13: ffffffff8e55a3a0 R14: 0000000000000000 R15: 0000000000000246 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] class_rcu_constructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0xc2/0x23c0 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_node_noprof+0x427/0x6f0 mm/slub.c:5315 kmalloc_reserve+0xbd/0x290 net/core/skbuff.c:586 __alloc_skb+0x204/0x390 net/core/skbuff.c:690 __netdev_alloc_skb+0xc1/0x850 net/core/skbuff.c:754 netdev_alloc_skb include/linux/skbuff.h:3484 [inline] dev_alloc_skb include/linux/skbuff.h:3497 [inline] __ieee80211_beacon_get+0xc06/0x1880 net/mac80211/tx.c:5656 ieee80211_beacon_get_tim+0xbd/0x2c0 net/mac80211/tx.c:5778 ieee80211_beacon_get include/net/mac80211.h:5669 [inline] mac80211_hwsim_beacon_tx+0x3c5/0x870 drivers/net/wireless/virtual/mac80211_hwsim.c:2361 __iterate_interfaces+0x2ab/0x590 net/mac80211/util.c:761 ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:797 mac80211_hwsim_beacon+0xbb/0x180 drivers/net/wireless/virtual/mac80211_hwsim.c:2395 __run_hrtimer kernel/time/hrtimer.c:1777 [inline] __hrtimer_run_queues+0x527/0xc30 kernel/time/hrtimer.c:1841 hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1858 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:preempt_schedule_irq+0x48/0xa0 kernel/sched/core.c:7190 Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 c3 b3 fa f5 e8 0e 30 34 f6 fb bf 01 00 00 00 43 a9 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 94 31 34 f6 bf 01 RSP: 0018:ffffc90004207440 EFLAGS: 00000202 RAX: 000000000099b12f RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000007 RSI: ffffffff8dccc88e RDI: 0000000000000001 RBP: 0000000000000000 R08: ffffffff8fef0077 R09: 1ffffffff1fde00e R10: dffffc0000000000 R11: fffffbfff1fde00f R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 irqentry_exit+0x597/0x620 kernel/entry/common.c:216 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:arch_static_branch_jump arch/x86/include/asm/jump_label.h:47 [inline] RIP: 0010:is_check_pages_enabled mm/page_alloc.c:1100 [inline] RIP: 0010:free_pages_prepare mm/page_alloc.c:1397 [inline] RIP: 0010:__free_frozen_pages+0x3c1/0xd70 mm/page_alloc.c:2943 Code: e6 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 0f 85 c5 04 00 00 41 81 3c 24 ff ff ff fe 0f 8e 7a 03 00 00 e0 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 18 80 3c RSP: 0018:ffffc90004207568 EFLAGS: 00000206 RAX: 0000000000000000 RBX: ffffea0001863a00 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffea0001863c00 RDI: ffffea0001863bc8 RBP: ffffea0001863a08 R08: ffffea0001863bf7 R09: 1ffffd400030c77e R10: dffffc0000000000 R11: fffff9400030c77f R12: ffffea0001863a30 R13: 0000000000000000 R14: 1ffffd400030c746 R15: 0000000000000000 discard_slab mm/slub.c:3346 [inline] __put_partials+0x146/0x170 mm/slub.c:3886 __slab_free+0x294/0x320 mm/slub.c:5952 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5263 [inline] __kmalloc_cache_node_noprof+0x3f1/0x6d0 mm/slub.c:5784 kmalloc_node_noprof include/linux/slab.h:983 [inline] __get_vm_area_node+0x13f/0x300 mm/vmalloc.c:3208 __vmalloc_node_range_noprof+0x372/0x1730 mm/vmalloc.c:4011 __vmalloc_node_noprof mm/vmalloc.c:4111 [inline] __vmalloc_noprof+0xd2/0x120 mm/vmalloc.c:4127 bpf_prog_alloc_no_stats+0x4a/0x4f0 kernel/bpf/core.c:106 bpf_prog_alloc+0x3c/0x1a0 kernel/bpf/core.c:155 bpf_prog_load+0x7ba/0x1ae0 kernel/bpf/syscall.c:2990 __sys_bpf+0x618/0x950 kernel/bpf/syscall.c:6221 __do_sys_bpf kernel/bpf/syscall.c:6334 [inline] __se_sys_bpf kernel/bpf/syscall.c:6332 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6332 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feee839aeb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feee9266028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007feee8615fa0 RCX: 00007feee839aeb9 RDX: 0000000000000094 RSI: 00002000000005c0 RDI: 0000000000000005 RBP: 00007feee8408c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007feee8616038 R14: 00007feee8615fa0 R15: 00007fff4123cb78