watchdog: BUG: soft lockup - CPU#0 stuck for 144s! [syz.4.52:6163] Modules linked in: irq event stamp: 10501839 hardirqs last enabled at (10501838): [] irqentry_exit+0x74/0x90 kernel/entry/common.c:200 hardirqs last disabled at (10501839): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1050 softirqs last enabled at (65532): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last enabled at (65532): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last enabled at (65532): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 softirqs last disabled at (65535): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (65535): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (65535): [] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 CPU: 0 UID: 0 PID: 6163 Comm: syz.4.52 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:ether_addr_equal include/linux/etherdevice.h:355 [inline] RIP: 0010:ieee80211_accept_frame net/mac80211/rx.c:4391 [inline] RIP: 0010:ieee80211_prepare_and_rx_handle+0x916/0x63f0 net/mac80211/rx.c:4986 Code: 05 00 00 48 8b 44 24 08 4c 8d b0 c2 20 00 00 4c 8d 6a 0a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 9c 45 00 00 41 8b 36 <4c> 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 4c 89 e3 0f 85 a4 45 00 RSP: 0018:ffffc900000077c0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff8880788ee9d0 RCX: 0000000000000005 RDX: ffff888023f3ea90 RSI: 0000000000110208 RDI: 0000000000000001 RBP: ffffc900000079f0 R08: ffff88802f531e00 R09: 0000000000000008 R10: 000000000000000c R11: 0000000000000100 R12: dffffc0000000000 R13: ffff888023f3ea9a R14: ffff8880788eee42 R15: 00000000ffffff01 FS: 00007fcb4ba4c6c0(0000) GS:ffff888125c15000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000006 CR3: 000000007c81c000 CR4: 00000000003526f0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff1 DR7: 00000000000f0602 Call Trace: __ieee80211_rx_handle_packet net/mac80211/rx.c:5288 [inline] ieee80211_rx_list+0x21b8/0x2a90 net/mac80211/rx.c:5423 ieee80211_rx_napi+0x1a8/0x3d0 net/mac80211/rx.c:5446 ieee80211_rx include/net/mac80211.h:5210 [inline] ieee80211_handle_queued_frames+0xe8/0x1f0 net/mac80211/main.c:453 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:rcu_rnp_online_cpus kernel/rcu/tree.c:3984 [inline] RIP: 0010:rcu_rdp_cpu_online kernel/rcu/tree.c:3994 [inline] RIP: 0010:rcu_lockdep_current_cpu_online+0xbf/0x120 kernel/rcu/tree.c:4035 Code: 20 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 84 78 7c 00 48 8b 1b 48 83 c3 70 48 89 d8 48 c1 e8 03 42 80 3c 30 00 <74> 08 48 89 df e8 67 78 7c 00 4c 85 3b 75 1a 48 c7 c7 00 fd 13 8e RSP: 0018:ffffc9000b4e7170 EFLAGS: 00000246 RAX: 1ffffffff1c27e8e RBX: ffffffff8e13f470 RCX: 4295b33602977a00 RDX: ffff88802f531e00 RSI: ffffffff8be33d60 RDI: ffff8880b863afa8 RBP: ffffc9000b4e7298 R08: 0000000000000000 R09: ffffffff81cb1657 R10: dffffc0000000000 R11: fffff91ffff8d87a R12: 0000000000000001 R13: ffffc9000b4e7220 R14: dffffc0000000000 R15: 0000000000000001 rcu_read_lock_held_common kernel/rcu/update.c:113 [inline] rcu_read_lock_held+0x1e/0x50 kernel/rcu/update.c:349 trace_call_bpf+0x1ad/0x850 kernel/trace/bpf_trace.c:146 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10918 do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x2f8/0x3b0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5879 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] get_mem_cgroup_from_objcg+0x1ab/0x1d0 include/linux/memcontrol.h:513 __memcg_slab_post_alloc_hook+0x12a/0x7f0 mm/memcontrol.c:3162 memcg_slab_post_alloc_hook mm/slub.c:2221 [inline] slab_post_alloc_hook mm/slub.c:4201 [inline] slab_alloc_node mm/slub.c:4240 [inline] kmem_cache_alloc_lru_noprof+0x2c7/0x3d0 mm/slub.c:4259 proc_alloc_inode+0x2a/0xc0 fs/proc/inode.c:57 alloc_inode+0x67/0x1b0 fs/inode.c:346 new_inode+0x22/0x170 fs/inode.c:1145 proc_pid_make_inode+0x21/0x130 fs/proc/base.c:1953 proc_pid_make_base_inode fs/proc/base.c:2004 [inline] proc_task_instantiate+0x53/0x2b0 fs/proc/base.c:3793 proc_task_lookup+0x354/0x4c0 fs/proc/base.c:3836 __lookup_slow+0x297/0x3d0 fs/namei.c:1808 lookup_slow+0x53/0x70 fs/namei.c:1825 walk_component+0x2d2/0x400 fs/namei.c:2129 link_path_walk+0x75b/0xea0 fs/namei.c:2494 path_openat+0x28c/0x3830 fs/namei.c:4042 do_filp_open+0x1fa/0x410 fs/namei.c:4073 do_sys_openat2+0x121/0x1c0 fs/open.c:1435 do_sys_open fs/open.c:1450 [inline] __do_sys_openat fs/open.c:1466 [inline] __se_sys_openat fs/open.c:1461 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1461 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fcb4ab8d510 Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 RSP: 002b:00007fcb4ba4bf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcb4ab8d510 RDX: 0000000000000002 RSI: 00007fcb4ba4bfa0 RDI: 00000000ffffff9c RBP: 00007fcb4ba4bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fcb4add6038 R14: 00007fcb4add5fa0 R15: 00007ffe54d3ea28 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 6218 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline] RIP: 0010:smp_call_function_many_cond+0xd33/0x12d0 kernel/smp.c:877 Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 56 63 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 01 5f 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 e5 5e RSP: 0018:ffffc9000b677660 EFLAGS: 00000293 RAX: ffffffff81b4601b RBX: 1ffff110170c8341 RCX: ffff888026409e00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc9000b6777e0 R08: ffffffff8fa3a437 R09: 1ffffffff1f47486 R10: dffffc0000000000 R11: fffffbfff1f47487 R12: ffff8880b8641a08 R13: dffffc0000000000 R14: ffff8880b873b1c0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff3058afd8 CR3: 000000000df36000 CR4: 00000000003526f0 Call Trace: on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1044 on_each_cpu include/linux/smp.h:71 [inline] smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2653 [inline] smp_text_poke_batch_finish+0x5f9/0x1130 arch/x86/kernel/alternative.c:2863 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 static_key_enable_cpuslocked+0x128/0x250 kernel/jump_label.c:210 static_key_enable+0x1a/0x20 kernel/jump_label.c:223 toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:850 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245