watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.6.2679:16708] Modules linked in: irq event stamp: 13233845 hardirqs last enabled at (13233844): [] irqentry_exit+0x5dd/0x660 kernel/entry/common.c:219 hardirqs last disabled at (13233845): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (158862): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (158862): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (158862): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 softirqs last disabled at (158865): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (158865): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (158865): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 CPU: 0 UID: 0 PID: 16708 Comm: syz.6.2679 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:unwind_next_frame+0x6e7/0x23d0 arch/x86/kernel/unwind_orc.c:527 Code: b6 04 28 84 c0 0f 85 21 17 00 00 41 c6 07 01 48 c7 c2 00 e0 da 8d 4c 8b 6c 24 48 48 8d 72 04 4c 8d 62 05 48 89 f0 48 c1 e8 03 <48> 89 44 24 40 0f b6 04 28 84 c0 48 89 54 24 08 48 89 34 24 0f 85 RSP: 0018:ffffc900000074b8 EFLAGS: 00000a02 RAX: 1ffffffff2013cf4 RBX: ffffffff8f920ae4 RCX: ffffffff8f920ae8 RDX: ffffffff9009e79c RSI: ffffffff9009e7a0 RDI: ffffffff8bbfc580 RBP: dffffc0000000000 R08: 0000000000000018 R09: ffffffff8df41cc0 R10: ffffc900000075d8 R11: ffffffff81ad4bf0 R12: ffffffff9009e7a1 R13: ffffc900000075d8 R14: ffffc90000007588 R15: ffffffff8173ef25 FS: 00007fa20dcd16c0(0000) GS:ffff8881260b1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c3720c2 CR3: 000000006ae90000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 ref_tracker_alloc+0x17d/0x460 lib/ref_tracker.c:277 __netdev_tracker_alloc include/linux/netdevice.h:4399 [inline] netdev_hold include/linux/netdevice.h:4428 [inline] dst_init+0xd9/0x450 net/core/dst.c:52 dst_alloc+0x12a/0x170 net/core/dst.c:93 ip6_dst_alloc net/ipv6/route.c:342 [inline] icmp6_dst_alloc+0x75/0x420 net/ipv6/route.c:3322 ndisc_send_skb+0x3f1/0x1510 net/ipv6/ndisc.c:491 addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037 call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers kernel/time/timer.c:2373 [inline] __run_timer_base+0x61a/0x860 kernel/time/timer.c:2385 run_timer_base kernel/time/timer.c:2394 [inline] run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404 handle_softirqs+0x27d/0x850 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90 kernel/sched/sched.h:1571 Code: cc e8 61 5e b6 09 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 53 66 90 e8 f4 f9 b8 09 e8 df 25 36 00 fb 5b <41> 5e 41 5f e9 54 47 b9 09 cc f3 0f 1e fa 49 be 00 00 00 00 00 fc RSP: 0018:ffffc90004df7588 EFLAGS: 00000282 RAX: 1a9006764bf20200 RBX: ffff8880b883a7c0 RCX: 1a9006764bf20200 RDX: 0000000000000006 RSI: ffffffff8d76bdbb RDI: ffffffff8bbfc5e0 RBP: ffffc90004df77b0 R08: ffffffff8f805a77 R09: 1ffffffff1f00b4e R10: dffffc0000000000 R11: fffffbfff1f00b4f R12: dffffc0000000000 R13: ffff88802e6fbd00 R14: ffff8880b883b330 R15: 1ffff11017107658 __schedule+0x19cf/0x5000 kernel/sched/core.c:6871 preempt_schedule_notrace+0xd1/0x110 kernel/sched/core.c:7140 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13 __perf_sw_event+0x146/0x1a0 kernel/events/core.c:10721 perf_sw_event include/linux/perf_event.h:1596 [inline] do_user_addr_fault+0x12d9/0x1380 arch/x86/mm/fault.c:1283 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0010:fault_in_readable+0x8e/0x130 mm/gup.c:2161 Code: a9 00 00 00 0f 01 cb 0f ae e8 4d 85 f6 40 0f 95 c5 4c 89 ff 4c 89 f6 e8 d0 3c b6 ff 4d 39 f7 0f 97 c0 40 84 c5 74 43 4d 89 f5 <41> 8a 45 00 88 44 24 07 49 81 e5 00 f0 ff ff 4d 8d a5 00 10 00 00 RSP: 0018:ffffc90004df7aa8 EFLAGS: 00050202 RAX: ffffffff820b1101 RBX: 0000000000001000 RCX: ffff88802e6fbd00 RDX: 0000000000000002 RSI: 00002000000b6000 RDI: 00002000000b7000 RBP: dffffc0000000001 R08: ffff88802e6fbd00 R09: 0000000000000002 R10: 0000000000000001 R11: 0000000000000002 R12: 00007ffffffff000 R13: 00002000000b6000 R14: 00002000000b6000 R15: 00002000000b7000 fault_in_iov_iter_readable+0x1b4/0x2f0 lib/iov_iter.c:106 generic_perform_write+0x7b5/0x900 mm/filemap.c:4349 shmem_file_write_iter+0xf8/0x120 mm/shmem.c:3466 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa20cd8f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa20dcd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fa20cfe6090 RCX: 00007fa20cd8f749 RDX: 00000000002a979d RSI: 0000200000000000 RDI: 000000000000000f RBP: 00007fa20ce13f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fa20cfe6128 R14: 00007fa20cfe6090 R15: 00007ffc0d8564b8 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 9084 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline] RIP: 0010:smp_call_function_many_cond+0xccf/0x12b0 kernel/smp.c:877 Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 4a 94 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 f5 8f 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 d9 8f RSP: 0018:ffffc9000bcbf620 EFLAGS: 00000293 RAX: ffffffff81b5bba7 RBX: 1ffff11017108545 RCX: ffff88803393db80 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc9000bcbf7a0 R08: ffffffff8f805a77 R09: 1ffffffff1f00b4e R10: dffffc0000000000 R11: fffffbfff1f00b4f R12: ffff8880b8842a28 R13: dffffc0000000000 R14: ffff8880b893b9c0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881261b1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f21fb5b6ad8 CR3: 000000000dd3a000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1043 on_each_cpu include/linux/smp.h:71 [inline] smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2711 [inline] smp_text_poke_batch_finish+0x5f9/0x1130 arch/x86/kernel/alternative.c:2921 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 static_key_enable_cpuslocked+0x128/0x240 kernel/jump_label.c:210 static_key_enable+0x1a/0x20 kernel/jump_label.c:223 toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:854 process_one_work kernel/workqueue.c:3257 [inline] process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246