watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [migration/0:19]
Modules linked in:
irq event stamp: 23543973
hardirqs last  enabled at (23543972): [<ffffffff8b494f9d>] irqentry_exit+0x5dd/0x660 kernel/entry/common.c:219
hardirqs last disabled at (23543973): [<ffffffff8b49380e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056
softirqs last  enabled at (23506340): [<ffffffff8185372a>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last  enabled at (23506340): [<ffffffff8185372a>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last  enabled at (23506340): [<ffffffff8185372a>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
softirqs last disabled at (23506343): [<ffffffff8185372a>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last disabled at (23506343): [<ffffffff8185372a>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (23506343): [<ffffffff8185372a>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
CPU: 0 UID: 0 PID: 19 Comm: migration/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Stopper: 0x0 <- 0x0
RIP: 0010:unwind_next_frame+0x0/0x2390 arch/x86/kernel/unwind_orc.c:469
Code: 09 cc 89 d9 80 e1 07 80 c1 03 38 c1 7c 92 48 89 df e8 04 4b b3 00 eb 88 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 81 ec 98 00 00 00 49
RSP: 0018:ffffc90000007320 EFLAGS: 00000287
RAX: ffffc90000007410 RBX: ffffc90000007388 RCX: 882ccdb5a23a1801
RDX: ffffc90000007418 RSI: dffffc0000000000 RDI: ffffc90000007388
RBP: 1ffff92000000e72 R08: ffffc90000007378 R09: 0000000000000000
R10: ffffc900000073d8 R11: fffff52000000e7d R12: ffffc900000073c0
R13: ffffc90000007398 R14: 1ffff92000000e73 R15: ffffc90000007390
FS:  0000000000000000(0000) GS:ffff8881260b0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d9f2b9f98 CR3: 0000000052d2a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __unwind_start+0x5b9/0x760 arch/x86/kernel/unwind_orc.c:758
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe4/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587
 kasan_save_free_info mm/kasan/kasan.h:406 [inline]
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6663 [inline]
 kmem_cache_free+0x197/0x620 mm/slub.c:6774
 kfree_skb_reason include/linux/skbuff.h:1322 [inline]
 __netif_receive_skb_core+0x2a6e/0x2f90 net/core/dev.c:6111
 __netif_receive_skb_one_core net/core/dev.c:6135 [inline]
 __netif_receive_skb+0x72/0x380 net/core/dev.c:6250
 process_backlog+0x622/0x1500 net/core/dev.c:6602
 __napi_poll+0xae/0x320 net/core/dev.c:7666
 napi_poll net/core/dev.c:7729 [inline]
 net_rx_action+0x672/0xe50 net/core/dev.c:7881
 handle_softirqs+0x27d/0x850 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__schedule+0x19d4/0x5000 kernel/sched/core.c:-1
Code: ff ff 48 89 df 48 83 c7 18 8b b4 24 a8 01 00 00 e8 b1 2d 54 f6 48 89 df e8 89 cb 47 f6 48 89 df e8 d1 ab 48 f6 48 8b 5c 24 10 <e9> eb fa ff ff 90 0f 0b 90 e9 ba f2 ff ff ba 09 00 01 00 e9 72 ec
RSP: 0018:ffffc900001879a0 EFLAGS: 00000282
RAX: 882ccdb5a23a1800 RBX: ffff88801ca8bd00 RCX: 882ccdb5a23a1800
RDX: 0000000000000000 RSI: ffffffff8d76bea1 RDI: ffffffff8bbfc660
RBP: ffffc90000187bb0 R08: ffffffff8f805b77 R09: 1ffffffff1f00b6e
R10: dffffc0000000000 R11: fffffbfff1f00b6f R12: dffffc0000000000
R13: ffff88801ca8bd00 R14: ffff8880b883b330 R15: 1ffff11017107658
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7047
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7071
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 smpboot_thread_fn+0x5f9/0xa60 kernel/smpboot.c:159
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 12838 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0xccf/0x12b0 kernel/smp.c:877
Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 4a 94 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 f5 8f 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 d9 8f
RSP: 0018:ffffc9000ba67620 EFLAGS: 00000293
RAX: ffffffff81b5ba87 RBX: 1ffff11017108545 RCX: ffff888044465b80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000ba677a0 R08: ffffffff8f805b77 R09: 1ffffffff1f00b6e
R10: dffffc0000000000 R11: fffffbfff1f00b6f R12: ffff8880b8842a28
R13: dffffc0000000000 R14: ffff8880b893b9c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881261b0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8357315000 CR3: 000000000dd3a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043
 on_each_cpu include/linux/smp.h:71 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2711 [inline]
 smp_text_poke_batch_finish+0x5f9/0x1130 arch/x86/kernel/alternative.c:2921
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x128/0x240 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:854
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>