watchdog: BUG: soft lockup - CPU#0 stuck for 122s! [syz-executor.1:24359] Modules linked in: irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x21e7/0x7400 kernel/fork.c:2442 softirqs last enabled at (0): [] copy_process+0x2228/0x7400 kernel/fork.c:2446 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 24359 Comm: syz-executor.1 Not tainted 6.5.0-syzkaller-12702-gebc8484d0e6d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:80 [inline] RIP: 0010:__orc_find+0xa1/0x130 arch/x86/kernel/unwind_orc.c:102 Code: 94 4d 00 48 89 e8 48 29 d8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 4c 8d 3c 83 4c 89 fa 48 c1 ea 03 42 0f b6 0c 32 <4c> 89 fa 83 e2 07 83 c2 03 38 ca 7c 04 84 c9 75 6f 49 63 17 4c 89 RSP: 0018:ffffc900000070e0 EFLAGS: 00000a07 RAX: 0000000000000007 RBX: ffffffff8f024f28 RCX: 0000000000000000 RDX: 1ffffffff1e049e8 RSI: ffffffff813a3cda RDI: 0000000000000005 RBP: ffffffff8f024f60 R08: 0000000000000005 R09: 0000000000000000 R10: 000000000000000f R11: 1ffff11013c09271 R12: ffffffff8453d3c6 R13: ffffffff8f8d0b12 R14: dffffc0000000000 R15: ffffffff8f024f44 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f62cf776538 CR3: 0000000028577000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: orc_find arch/x86/kernel/unwind_orc.c:227 [inline] unwind_next_frame+0x329/0x2390 arch/x86/kernel/unwind_orc.c:494 arch_stack_walk+0xfa/0x170 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:162 [inline] slab_free_hook mm/slub.c:1800 [inline] slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826 slab_free mm/slub.c:3809 [inline] kmem_cache_free+0xf0/0x480 mm/slub.c:3831 kfree_skbmem+0xef/0x1b0 net/core/skbuff.c:1010 __kfree_skb net/core/skbuff.c:1068 [inline] kfree_skb_reason+0x10e/0x210 net/core/skbuff.c:1103 kfree_skb include/linux/skbuff.h:1234 [inline] neigh_connected_output+0x51f/0x5d0 net/core/neighbour.c:1584 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x610/0x1b20 net/ipv6/ip6_output.c:135 __ip6_finish_output net/ipv6/ip6_output.c:196 [inline] ip6_finish_output+0x485/0x1250 net/ipv6/ip6_output.c:207 NF_HOOK_COND include/linux/netfilter.h:293 [inline] ip6_output+0x23a/0x880 net/ipv6/ip6_output.c:228 dst_output include/net/dst.h:458 [inline] NF_HOOK.constprop.0+0xfd/0x540 include/linux/netfilter.h:304 ndisc_send_skb+0x9f1/0x1430 net/ipv6/ndisc.c:509 ndisc_send_rs+0x133/0x690 net/ipv6/ndisc.c:719 addrconf_rs_timer+0x412/0x840 net/ipv6/addrconf.c:3973 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700 expire_timers kernel/time/timer.c:1751 [inline] __run_timers+0x764/0xb10 kernel/time/timer.c:2022 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __do_softirq+0x218/0x965 kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1074 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:percpu_counter_add_batch+0xe6/0x1f0 lib/percpu_counter.c:103 Code: e8 af f9 33 fd 48 85 db 75 42 e8 15 fe 33 fd 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 93 f9 33 fd 48 85 db 0f 85 bd 00 00 00 <48> 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 e7 fd 33 fd e8 e2 fd RSP: 0018:ffffc900380ff6e8 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888094670000 RSI: ffffffff8453d412 RDI: 0000000000000007 RBP: ffff888016fe1790 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 1ffff11003b4e08a R12: 000000000000001d R13: ffffffffffffffd9 R14: 0000607f4601a110 R15: 0000000000000020 percpu_counter_add include/linux/percpu_counter.h:69 [inline] add_mm_counter include/linux/mm.h:2552 [inline] add_mm_rss_vec mm/memory.c:478 [inline] zap_pte_range mm/memory.c:1517 [inline] zap_pmd_range mm/memory.c:1573 [inline] zap_pud_range mm/memory.c:1602 [inline] zap_p4d_range mm/memory.c:1623 [inline] unmap_page_range+0x15aa/0x2c10 mm/memory.c:1644 unmap_single_vma+0x194/0x2b0 mm/memory.c:1690 unmap_vmas+0x1e8/0x330 mm/memory.c:1731 exit_mmap+0x1ad/0xa60 mm/mmap.c:3210 __mmput+0x12a/0x4d0 kernel/fork.c:1349 mmput+0x62/0x70 kernel/fork.c:1371 exit_mm kernel/exit.c:567 [inline] do_exit+0x9b4/0x2a20 kernel/exit.c:861 do_group_exit+0xd4/0x2a0 kernel/exit.c:1024 get_signal+0x23d1/0x27b0 kernel/signal.c:2892 arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296 do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f8b4c07cae9 Code: Unable to access opcode bytes at 0x7f8b4c07cabf. RSP: 002b:00007f8b4cd750c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: fffffffffffffff5 RBX: 00007f8b4c19bf80 RCX: 00007f8b4c07cae9 RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005 RBP: 00007f8b4c0c847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f8b4c19bf80 R15: 00007fff9a857268 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 14536 Comm: kworker/u4:6 Not tainted 6.5.0-syzkaller-12702-gebc8484d0e6d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:300 [inline] RIP: 0010:smp_call_function_many_cond+0x4e0/0x1570 kernel/smp.c:844 Code: 00 00 00 fc ff df 4d 89 fc 4c 89 fd 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 dc 8c 0b 00 f3 90 41 0f b6 04 24 40 38 c5 7c 08 <84> c0 0f 85 3c 0e 00 00 8b 43 08 31 ff 83 e0 01 41 89 c5 89 c6 e8 RSP: 0018:ffffc9000a66f928 EFLAGS: 00000206 RAX: 0000000000000000 RBX: ffff8880b9844180 RCX: 0000000000000000 RDX: ffff888080d73b80 RSI: ffffffff817c44e4 RDI: 0000000000000005 RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1017308831 R13: 0000000000000001 R14: ffff8880b993d8c0 R15: ffff8880b9844188 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c001b95000 CR3: 000000000c976000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1012 on_each_cpu include/linux/smp.h:71 [inline] text_poke_sync arch/x86/kernel/alternative.c:1998 [inline] text_poke_bp_batch+0x2ce/0x960 arch/x86/kernel/alternative.c:2208 text_poke_flush arch/x86/kernel/alternative.c:2399 [inline] text_poke_flush arch/x86/kernel/alternative.c:2396 [inline] text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2406 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 jump_label_update+0x32e/0x410 kernel/jump_label.c:829 static_key_enable_cpuslocked+0x1b5/0x270 kernel/jump_label.c:205 static_key_enable+0x1a/0x20 kernel/jump_label.c:218 toggle_allocation_gate mm/kfence/core.c:829 [inline] toggle_allocation_gate+0xf4/0x250 mm/kfence/core.c:821 process_one_work+0x887/0x15d0 kernel/workqueue.c:2630 process_scheduled_works kernel/workqueue.c:2703 [inline] worker_thread+0x8bb/0x1290 kernel/workqueue.c:2784 kthread+0x33a/0x430 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304