watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz.3.1630:10517] Modules linked in: irq event stamp: 36192973 hardirqs last enabled at (36192972): [] get_random_u16+0x318/0x618 drivers/char/random.c:552 hardirqs last disabled at (36192973): [] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline] hardirqs last disabled at (36192973): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575 softirqs last enabled at (5325508): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (5325509): [] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 1 UID: 0 PID: 10517 Comm: syz.3.1630 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : get_random_u16+0x33c/0x618 lr : get_random_u16+0x338/0x618 drivers/char/random.c:552 sp : ffff800080016640 x29: ffff800080016780 x28: 0000000000000011 x27: dfff800000000000 x26: ffff700010002ccc x25: 1ffff00010002ce8 x24: 0000000000005e49 x23: 0000000000000011 x22: ffff80008f8dcd60 x21: ffff80008f981170 x20: 00000000000000c0 x19: 0000000000000000 x18: dfff800000000000 x17: 00000000bfe77df0 x16: ffff800080460e20 x15: 0000000000000008 x14: 1ffff00011f300ca x13: ffff800080018000 x12: 0000000000000003 x11: 0000000000000503 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : ffff0000d4d91e40 x7 : ffff8000840f4b2c x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000002 x1 : 0000000000000080 x0 : 0000000000000000 Call trace: __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P) arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P) get_random_u16+0x33c/0x618 drivers/char/random.c:552 (P) get_random_u16+0x338/0x618 drivers/char/random.c:552 (L) cake_dequeue+0x2184/0x3ad0 net/sched/sch_cake.c:2086 dequeue_skb net/sched/sch_generic.c:293 [inline] qdisc_restart net/sched/sch_generic.c:398 [inline] __qdisc_run+0x1e0/0x2378 net/sched/sch_generic.c:416 __dev_xmit_skb net/core/dev.c:3896 [inline] __dev_queue_xmit+0xd58/0x35b4 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip6_finish_output2+0x1688/0x214c net/ipv6/ip6_output.c:141 ip6_finish_output+0x428/0x7c4 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x274/0x598 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] ip6_local_out+0x120/0x160 net/ipv6/output_core.c:155 ip6_send_skb+0x1a8/0x584 net/ipv6/ip6_output.c:1976 ip6_push_pending_frames+0xd0/0x118 net/ipv6/ip6_output.c:1997 icmpv6_push_pending_frames+0x288/0x3f4 net/ipv6/icmp.c:311 icmp6_send+0x1150/0x1a9c net/ipv6/icmp.c:630 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] __udp6_lib_rcv+0xbb8/0x1358 net/ipv6/udp.c:1117 udpv6_rcv+0x88/0x9c net/ipv6/udp.c:1215 ip6_protocol_deliver_rcu+0x988/0x12a8 net/ipv6/ip6_input.c:436 ip6_input_finish+0x16c/0x2a4 net/ipv6/ip6_input.c:481 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314 ip6_input+0x90/0xa8 net/ipv6/ip6_input.c:490 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x1f0/0x21c net/ipv6/ip6_input.c:79 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314 ipv6_rcv+0x9c/0xbc net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x18c/0x3c8 net/core/dev.c:5785 process_backlog+0x640/0x123c net/core/dev.c:6117 __napi_poll+0xb4/0x3fc net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x6a8/0xf4c net/core/dev.c:7074 handle_softirqs+0x320/0xd34 kernel/softirq.c:554 __do_softirq+0x14/0x20 kernel/softirq.c:588 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:891 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86 do_softirq+0x90/0xf8 kernel/softirq.c:455 __local_bh_enable_ip+0x288/0x44c kernel/softirq.c:382 local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33 rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x185c/0x35b4 net/core/dev.c:4461 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xdb4/0x139c net/ipv4/ip_output.c:236 __ip_finish_output+0x1b0/0x45c ip_finish_output+0x44/0x304 net/ipv4/ip_output.c:324 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x1a8/0x21c net/ipv4/ip_output.c:434 dst_output include/net/dst.h:450 [inline] ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0xe14/0x18e8 net/ipv4/ip_output.c:536 ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:550 __tcp_transmit_skb+0x1954/0x34c4 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_send_synack+0x630/0x890 net/ipv4/tcp_output.c:3690 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6641 [inline] tcp_rcv_state_process+0x1004/0x3b84 net/ipv4/tcp_input.c:6770 tcp_v4_do_rcv+0x71c/0xc44 net/ipv4/tcp_ipv4.c:1939 sk_backlog_rcv include/net/sock.h:1121 [inline] __release_sock+0x1a8/0x3d8 net/core/sock.c:3083 release_sock+0x68/0x1b8 net/core/sock.c:3637 tcp_sendmsg+0x4c/0x64 net/ipv4/tcp.c:1359 inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x360/0x4d8 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 4694 Comm: kworker/u8:9 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound toggle_allocation_gate pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : csd_lock_wait kernel/smp.c:340 [inline] pc : smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884 lr : csd_lock_wait kernel/smp.c:340 [inline] lr : smp_call_function_many_cond+0x19e0/0x32a8 kernel/smp.c:884 sp : ffff8000a05c7770 x29: ffff8000a05c78b0 x28: 1fffe000366c4301 x27: ffffffffffffffff x26: ffff0001b364a428 x25: 0000000000000001 x24: 0000000000000008 x23: dfff800000000000 x22: 1fffe000366c4300 x21: 0000000000000011 x20: ffff0001b3621808 x19: ffff0001b3621800 x18: 1fffe000366c167e x17: ffff80008f97d000 x16: ffff80008326d65c x15: 0000000000000001 x14: 1fffe000366c9485 x13: 0000000000000000 x12: 0000000000000000 x11: ffff6000366c9486 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000011 x7 : ffff80008015c3c0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff8000805e8df0 x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001 Call trace: __cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:231 [inline] (P) __cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline] (P) csd_lock_wait kernel/smp.c:340 [inline] (P) smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884 (P) csd_lock_wait kernel/smp.c:340 [inline] (L) smp_call_function_many_cond+0x19e0/0x32a8 kernel/smp.c:884 (L) smp_call_function_many kernel/smp.c:908 [inline] smp_call_function kernel/smp.c:930 [inline] kick_all_cpus_sync+0x40/0xa0 kernel/smp.c:1075 arch_jump_label_transform_apply+0x14/0x20 arch/arm64/kernel/jump_label.c:34 __jump_label_update+0x30c/0x334 kernel/jump_label.c:521 jump_label_update+0x30c/0x3bc kernel/jump_label.c:920 static_key_enable_cpuslocked+0x140/0x230 kernel/jump_label.c:210 static_key_enable+0x24/0x38 kernel/jump_label.c:223 toggle_allocation_gate+0xc4/0x264 mm/kfence/core.c:849 process_one_work+0x7a8/0x15cc kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x97c/0xeec kernel/workqueue.c:3391 kthread+0x288/0x310 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862