RBP: 00007efc91c10ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007efc91db5fa0 R15: 00007ffcbd8e8378 watchdog: BUG: soft lockup - CPU#1 stuck for 207s! [syz.5.2838:14579] Modules linked in: irq event stamp: 450394 hardirqs last enabled at (450393): [] irqentry_exit+0x3b/0x90 kernel/entry/common.c:310 hardirqs last disabled at (450394): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1050 softirqs last enabled at (450392): [] softirq_handle_end kernel/softirq.c:425 [inline] softirqs last enabled at (450392): [] handle_softirqs+0x5be/0x8e0 kernel/softirq.c:607 softirqs last disabled at (450331): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (450331): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (450331): [] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:680 CPU: 1 UID: 0 PID: 14579 Comm: syz.5.2838 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline] RIP: 0010:smp_call_function_many_cond+0xd7f/0x1510 kernel/smp.c:885 Code: 00 45 85 ed 74 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 17 1c 0c 00 f3 90 41 0f b6 06 <41> 38 c5 7c 08 84 c0 0f 85 6f 05 00 00 8b 43 08 31 ff 83 e0 01 89 RSP: 0018:ffffc90004d37528 EFLAGS: 00000293 RAX: 0000000000000000 RBX: ffff8880b8443a60 RCX: ffffffff81afe9bd RDX: ffff88807c5c8000 RSI: ffffffff81afe999 RDI: 0000000000000005 RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 R13: 0000000000000003 R14: ffffed101708874d R15: ffff8880b853d080 FS: 0000000000000000(0000) GS:ffff888124a6c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000091000 CR3: 000000000e182000 CR4: 0000000000350ef0 Call Trace: on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052 on_each_cpu include/linux/smp.h:71 [inline] smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2660 [inline] smp_text_poke_batch_finish+0x27b/0xdb0 arch/x86/kernel/alternative.c:2870 __static_call_transform+0x33b/0x740 arch/x86/kernel/static_call.c:111 arch_static_call_transform+0xb6/0xc0 arch/x86/kernel/static_call.c:163 __static_call_update+0xef/0x670 kernel/static_call_inline.c:147 tracepoint_update_call kernel/tracepoint.c:271 [inline] tracepoint_remove_func kernel/tracepoint.c:394 [inline] tracepoint_probe_unregister+0xb10/0xd70 kernel/tracepoint.c:504 bpf_raw_tp_link_release+0x35/0x70 kernel/bpf/syscall.c:3635 bpf_link_free+0xec/0x390 kernel/bpf/syscall.c:3157 bpf_link_put_direct kernel/bpf/syscall.c:3200 [inline] bpf_link_release+0x5d/0x80 kernel/bpf/syscall.c:3207 __fput+0x402/0xb70 fs/file_table.c:465 task_work_run+0x150/0x240 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x864/0x2bd0 kernel/exit.c:955 do_group_exit+0xd3/0x2a0 kernel/exit.c:1104 get_signal+0x2673/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline] do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7efc91b8e969 Code: Unable to access opcode bytes at 0x7efc91b8e93f. RSP: 002b:00007efc92943038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: fffffffffffffe00 RBX: 00007efc91db5fa0 RCX: 00007efc91b8e969 RDX: 0000000000000010 RSI: 0000200000000180 RDI: 000000000000000c RBP: 00007efc91c10ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007efc91db5fa0 R15: 00007ffcbd8e8378 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:trace_hrtimer_cancel+0x181/0x200 include/trace/events/timer.h:317 Code: b1 fe ff ff e8 70 50 13 00 e8 1b a0 83 ff e9 a7 fe ff ff e8 61 50 13 00 e8 ac 98 f8 ff 31 ff 89 c3 89 c6 e8 31 4b 13 00 84 db <0f> 85 e7 fe ff ff e8 44 50 13 00 0f b6 1d 1c 77 c7 0e 31 ff 89 de RSP: 0018:ffffc90000007e28 EFLAGS: 00000002 RAX: 0000000000010001 RBX: 0000000000000001 RCX: ffffffff81a8b55f RDX: ffff88802895bc00 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880b8427c80 R13: 000000a7f0b26000 R14: ffff8880583b0340 R15: 0000000000000001 FS: 00005555804ab500(0000) GS:ffff88812496c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4871f7fab8 CR3: 000000005d920000 CR4: 0000000000350ef0 Call Trace: debug_deactivate kernel/time/hrtimer.c:491 [inline] __run_hrtimer kernel/time/hrtimer.c:1729 [inline] __hrtimer_run_queues+0x477/0xad0 kernel/time/hrtimer.c:1825 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline] __sysvec_apic_timer_interrupt+0x10b/0x3f0 arch/x86/kernel/apic/apic.c:1056 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_release+0x183/0x2f0 kernel/locking/lockdep.c:5896 Code: 0f c1 05 58 19 13 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 6d d7 12 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41 RSP: 0018:ffffc90003cd7958 EFLAGS: 00000206 RAX: d7a5c9342eda3500 RBX: ffffffff8e3c4cc0 RCX: ffffc90003cd7964 RDX: 0000000000000001 RSI: ffffffff8dbe7193 RDI: ffffffff8bf535e0 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff822d67ee R13: 0000000000000206 R14: ffff88802895bc00 R15: 0000000000000002 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] page_ext_put+0x43/0xd0 mm/page_ext.c:563 __reset_page_owner+0x7a/0x1a0 mm/page_owner.c:300 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1248 [inline] __free_frozen_pages+0x7fe/0x1180 mm/page_alloc.c:2706 vfree+0x1fd/0xb50 mm/vmalloc.c:3426 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:882 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1039 [inline] do_ip6t_get_ctl+0x8e0/0xae0 net/ipv6/netfilter/ip6_tables.c:1677 nf_getsockopt+0x7c/0xe0 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x1f7/0x280 net/ipv6/ipv6_sockglue.c:1493 tcp_getsockopt+0xa1/0x100 net/ipv4/tcp.c:4760 do_sock_getsockopt+0x3ff/0x800 net/socket.c:2357 __sys_getsockopt+0x12f/0x260 net/socket.c:2386 __do_sys_getsockopt net/socket.c:2393 [inline] __se_sys_getsockopt net/socket.c:2390 [inline] __x64_sys_getsockopt+0xbd/0x160 net/socket.c:2390 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4871d906aa Code: ff c3 66 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 RSP: 002b:00007ffd126f6428 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd126f64b0 RCX: 00007f4871d906aa RDX: 0000000000000041 RSI: 0000000000000029 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007ffd126f644c R09: 0079746972756365 R10: 00007ffd126f64b0 R11: 0000000000000212 R12: 00007f4871f800c0 R13: 00007ffd126f644c R14: 0000000000000000 R15: 00007f4871f80e40