ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [kworker/u8:9:3551] Modules linked in: irq event stamp: 4293025 hardirqs last enabled at (4293024): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (4293024): [] _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202 hardirqs last disabled at (4293025): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049 softirqs last enabled at (4293018): [] softirq_handle_end kernel/softirq.c:407 [inline] softirqs last enabled at (4293018): [] handle_softirqs+0x5bb/0x8f0 kernel/softirq.c:589 softirqs last disabled at (4293021): [] __do_softirq kernel/softirq.c:595 [inline] softirqs last disabled at (4293021): [] invoke_softirq kernel/softirq.c:435 [inline] softirqs last disabled at (4293021): [] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 CPU: 0 UID: 0 PID: 3551 Comm: kworker/u8:9 Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:pie_calculate_probability+0x2ad/0x850 net/sched/sch_pie.c:347 Code: f1 48 89 c5 48 89 c6 48 c1 eb 02 49 89 cc e8 3a 03 5d f8 49 39 ef 73 18 e8 80 01 5d f8 44 89 e6 bf 40 42 0f 00 e8 b3 03 5d f8 <41> 83 ed 01 75 ae 48 89 5c 24 20 4c 8b 6c 24 30 48 8b 6c 24 38 48 RSP: 0018:ffffc90000007b78 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 000000002af31dc4 RCX: ffffffff893d123d RDX: ffff888032468000 RSI: 00000000000f4240 RDI: 0000000000000005 RBP: 00004189374bc6a7 R08: 0000000000000005 R09: 00000000000f4240 R10: 00000000000003e8 R11: 0000000000000007 R12: 00000000000003e8 R13: 0000000000000005 R14: 00000000044b82fa R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9d2eb66b50 CR3: 000000000df7e000 CR4: 0000000000350ef0 Call Trace: fq_pie_timer+0x215/0x5a0 net/sched/sch_fq_pie.c:398 call_timer_fn+0x1a3/0x610 kernel/time/timer.c:1793 expire_timers kernel/time/timer.c:1844 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2418 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2422 [inline] run_timer_base+0x114/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x216/0x8f0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 kernel/smp.c:884 Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 2a 0e 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 ff 83 e0 01 41 RSP: 0018:ffffc9000c867998 EFLAGS: 00000293 RAX: 0000000000000000 RBX: ffff8880b8744b80 RCX: ffffffff818e05ac RDX: ffff888032468000 RSI: ffffffff818e0586 RDI: 0000000000000005 RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8971 R13: 0000000000000001 R14: ffff8880b8744b88 R15: ffff8880b863ff80 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1051 on_each_cpu include/linux/smp.h:71 [inline] text_poke_sync arch/x86/kernel/alternative.c:2114 [inline] text_poke_bp_batch+0x22b/0x760 arch/x86/kernel/alternative.c:2324 text_poke_flush arch/x86/kernel/alternative.c:2515 [inline] text_poke_flush arch/x86/kernel/alternative.c:2512 [inline] text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2522 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 jump_label_update+0x1d7/0x400 kernel/jump_label.c:920 static_key_disable_cpuslocked+0x158/0x1c0 kernel/jump_label.c:240 static_key_disable+0x1a/0x20 kernel/jump_label.c:248 toggle_allocation_gate mm/kfence/core.c:854 [inline] toggle_allocation_gate+0x147/0x260 mm/kfence/core.c:841 process_one_work+0x9c8/0x1ba0 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c4/0x3a0 kernel/kthread.c:389 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 13184 Comm: syz-executor Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:debug_lockdep_rcu_enabled+0x0/0x40 kernel/rcu/update.c:319 Code: 00 00 00 eb b6 e8 30 fa ff ff eb b6 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 8b 05 52 3a 38 05 85 c0 74 20 8b 05 70 6c 38 05 85 c0 RSP: 0018:ffffc90000a18d78 EFLAGS: 00000096 RAX: 0000000000000000 RBX: ffff88805c66c000 RCX: ffffffff817735ed RDX: 1ffff1100beeb25f RSI: 0000000000000004 RDI: ffffc90000a18d10 RBP: 000000000003da4c R08: 0000000000000001 R09: fffff520001431a2 R10: 0000000000000003 R11: 0000000000000008 R12: ffff88805f759340 R13: ffff8880b872cc00 R14: ffff88805f759340 R15: ffffffff893ee350 FS: 00005555813a4500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f56ccb77bac CR3: 000000005d616000 CR4: 0000000000350ef0 Call Trace: advance_sched+0xdd/0xc60 net/sched/sch_taprio.c:925 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x20d/0xae0 kernel/time/hrtimer.c:1803 hrtimer_interrupt+0x392/0x8e0 kernel/time/hrtimer.c:1865 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] __sysvec_apic_timer_interrupt+0x112/0x400 arch/x86/kernel/apic/apic.c:1055 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline] RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline] RIP: 0010:rcu_is_watching+0x60/0xc0 kernel/rcu/tree.c:737 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 75 5c 48 03 1c ed e0 1c a7 8d 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 0f b6 14 02 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 24 8b 03 c1 e8 02 RSP: 0018:ffffc9000c467690 EFLAGS: 00000216 RAX: dffffc0000000000 RBX: ffff8880b8737f68 RCX: ffffffff82077ee4 RDX: 0000000000000000 RSI: ffffffff8bd1d920 RDI: ffffffff8da71ce8 RBP: 0000000000000001 R08: 0000000000000007 R09: 000000000007ffff R10: 000000000000000d R11: 0000000000000007 R12: ffff88801c780000 R13: 0000000000000000 R14: 0000000000000001 R15: 1ffff9200188cee7 rcu_read_lock_held_common kernel/rcu/update.c:109 [inline] rcu_read_lock_held+0x1e/0x50 kernel/rcu/update.c:349 lookup_page_ext mm/page_ext.c:254 [inline] page_ext_get+0x132/0x310 mm/page_ext.c:526 page_table_check_set mm/page_table_check.c:114 [inline] page_table_check_set+0x285/0x9c0 mm/page_table_check.c:102 __page_table_check_ptes_set+0x2d0/0x3e0 mm/page_table_check.c:225 page_table_check_ptes_set include/linux/page_table_check.h:74 [inline] set_ptes include/linux/pgtable.h:288 [inline] __copy_present_ptes mm/memory.c:967 [inline] copy_present_ptes mm/memory.c:1050 [inline] copy_pte_range mm/memory.c:1173 [inline] copy_pmd_range mm/memory.c:1261 [inline] copy_pud_range mm/memory.c:1298 [inline] copy_p4d_range mm/memory.c:1322 [inline] copy_page_range+0x2088/0x57d0 mm/memory.c:1420 dup_mmap kernel/fork.c:751 [inline] dup_mm kernel/fork.c:1695 [inline] copy_mm kernel/fork.c:1744 [inline] copy_process+0x7e77/0x8df0 kernel/fork.c:2395 kernel_clone+0xfd/0x960 kernel/fork.c:2807 __do_sys_clone+0xba/0x100 kernel/fork.c:2950 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8ef5b7c593 Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 RSP: 002b:00007ffd6ec56aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8ef5b7c593 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 R10: 00005555813a47d0 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000006e187 R14: 00007ffd6ec56c30 R15: 000000000000003a