watchdog: BUG: soft lockup - CPU#0 stuck for 144s! [syz.4.290:7135]
Modules linked in:
irq event stamp: 5125663
hardirqs last  enabled at (5125662): [<ffffffff8c303183>] irqentry_exit+0x63/0x90 kernel/entry/common.c:357
hardirqs last disabled at (5125663): [<ffffffff8c300cce>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049
softirqs last  enabled at (4102950): [<ffffffff81844b9b>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last  enabled at (4102950): [<ffffffff81844b9b>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last  enabled at (4102950): [<ffffffff81844b9b>] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680
softirqs last disabled at (4102953): [<ffffffff81844b9b>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last disabled at (4102953): [<ffffffff81844b9b>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last disabled at (4102953): [<ffffffff81844b9b>] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680
CPU: 0 UID: 0 PID: 7135 Comm: syz.4.290 Not tainted 6.14.0-syzkaller-ga1b5bd45d4ee #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x2f/0x70 kernel/kcov.c:217
Code: 8b 04 24 65 48 8b 0c 25 08 70 68 93 65 8b 15 98 18 a5 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 <74> 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b
RSP: 0018:ffffc90000006f98 EFLAGS: 00000246
RAX: ffffffff8ac99835 RBX: ffff8880507000b8 RCX: ffff8880279abc00
RDX: 0000000000000100 RSI: 00000000fffffffd RDI: 00000000fffffffd
RBP: ffffc90000007118 R08: ffffffff8ac9a13d R09: ffffc90000007250
R10: ffffc90000007080 R11: fffff52000000e16 R12: ffff888050700000
R13: 1ffff1100a0e000c R14: 0000000000000001 R15: 1ffff1100a0e0016
FS:  00007f6c4346c6c0(0000) GS:ffff888124f99000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa9f8140d58 CR3: 0000000028a52000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __find_rr_leaf+0x345/0x8f0 net/ipv6/route.c:839
 find_rr_leaf net/ipv6/route.c:856 [inline]
 rt6_select net/ipv6/route.c:900 [inline]
 fib6_table_lookup+0x410/0xbf0 net/ipv6/route.c:2195
 ip6_pol_route+0x26d/0x15f0 net/ipv6/route.c:2231
 pol_lookup_func include/net/ip6_fib.h:616 [inline]
 fib6_rule_lookup+0x590/0x7a0 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2300 [inline]
 ip6_route_input+0x85b/0xda0 net/ipv6/route.c:2596
 ip6_rcv_finish+0x140/0x3d0 net/ipv6/ip6_input.c:77
 NF_HOOK+0x3a0/0x450 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5891 [inline]
 __netif_receive_skb+0x1ef/0x670 net/core/dev.c:6004
 process_backlog+0x664/0x15c0 net/core/dev.c:6356
 __napi_poll+0xcb/0x480 net/core/dev.c:7328
 napi_poll net/core/dev.c:7392 [inline]
 net_rx_action+0x89d/0x1240 net/core/dev.c:7514
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:perf_event_output_forward+0x430/0x540 kernel/events/core.c:8394
Code: c7 c2 60 c1 53 8c e8 2f d0 a9 ff 48 c7 c7 e0 df d3 8e 48 8b 74 24 38 e8 6e b2 a9 ff e8 39 35 b4 ff 48 c7 44 24 40 0e 36 e0 45 <48> 8b 44 24 30 41 c7 04 04 00 00 00 00 49 c7 44 04 0b 00 00 00 00
RSP: 0018:ffffc9000acee8e0 EFLAGS: 00000287
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000003
RDX: ffffc900142a4000 RSI: ffffffff8e4fc1d4 RDI: ffffffff8ca1b140
RBP: ffffc9000aceea10 R08: ffffffff81cd31bc R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc9000acee940 R14: ffff888060f1bde0 R15: ffffc9000aceed00
 __perf_event_overflow+0x858/0xdd0 kernel/events/core.c:10268
 perf_swevent_event+0x37e/0x730 kernel/events/core.c:-1
 perf_tp_event+0x611/0x1660 kernel/events/core.c:10888
 perf_trace_run_bpf_submit+0x100/0x180 kernel/events/core.c:10812
 do_perf_trace_lock include/trace/events/lock.h:50 [inline]
 perf_trace_lock+0x39c/0x4a0 include/trace/events/lock.h:50
 __do_trace_lock_release include/trace/events/lock.h:69 [inline]
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x3b4/0x3e0 kernel/locking/lockdep.c:5877
 __raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
 _raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 __free_frozen_pages+0x810/0x10a0 mm/page_alloc.c:2709
 discard_slab mm/slub.c:2720 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3189
 put_cpu_partial+0x17e/0x250 mm/slub.c:3264
 __slab_free+0x294/0x390 mm/slub.c:4516
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4151 [inline]
 slab_alloc_node mm/slub.c:4200 [inline]
 __do_kmalloc_node mm/slub.c:4330 [inline]
 __kmalloc_noprof+0x238/0x4d0 mm/slub.c:4343
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 bpf_sk_storage_diag_alloc+0x225/0x710 net/core/bpf_sk_storage.c:498
 __inet_diag_dump_start+0x35d/0xa50 net/ipv4/inet_diag.c:1335
 __netlink_dump_start+0x45c/0x790 net/netlink/af_netlink.c:2415
 netlink_dump_start include/linux/netlink.h:340 [inline]
 inet_diag_rcv_msg_compat+0x213/0x510 net/ipv4/inet_diag.c:1427
 sock_diag_rcv_msg+0x3dc/0x5f0 net/core/sock_diag.c:-1
 netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2534
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x7f8/0x9a0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x8c3/0xcd0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:727
 ____sys_sendmsg+0x523/0x860 net/socket.c:2566
 ___sys_sendmsg net/socket.c:2620 [inline]
 __sys_sendmsg+0x271/0x360 net/socket.c:2652
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6c4258d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6c4346c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f6c427a5fa0 RCX: 00007f6c4258d169
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
RBP: 00007f6c4260e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f6c427a5fa0 R15: 00007ffcb9ee5cb8
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7140 Comm: syz.3.293 Not tainted 6.14.0-syzkaller-ga1b5bd45d4ee #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:149 [inline]
RIP: 0010:wrmsr arch/x86/include/asm/msr.h:256 [inline]
RIP: 0010:native_apic_msr_write+0x39/0x50 arch/x86/include/asm/apic.h:212
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 f3 ef d4 03 0f 1f
RSP: 0018:ffffc90000a07fb8 EFLAGS: 00000046
RAX: 0000000000000094 RBX: 0000000000000020 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 0000000000000094 RDI: 0000000000000838
RBP: 0000000000000094 R08: ffffffff81b3e499 R09: 0000000000000001
R10: 0000000000000000 R11: ffffffff816b4d40 R12: 0000000000000940
R13: dffffc0000000000 R14: 0000000010004d2c R15: ffff8880b8723500
FS:  0000000000000000(0000) GS:ffff888125099000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f301c578ab8 CR3: 0000000034caa000 CR4: 00000000003526f0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 lapic_next_event+0x11/0x20 arch/x86/kernel/apic/apic.c:415
 clockevents_program_event+0x1c1/0x350 kernel/time/clockevents.c:334
 hrtimer_interrupt+0x5b7/0xa40 kernel/time/hrtimer.c:1930
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:deref_stack_reg+0x17f/0x210 arch/x86/kernel/unwind_orc.c:-1
Code: 74 48 4d 39 c4 77 43 4d 39 c7 76 3e 49 8d 48 08 31 c0 4c 39 e1 76 33 4c 39 f9 77 2e 4c 89 c7 48 89 d3 e8 f4 07 00 00 49 89 c6 <48> 8b 6c 24 18 48 89 e8 48 c1 e8 03 80 3c 18 00 74 08 48 89 ef e8
RSP: 0018:ffffc90000a08210 EFLAGS: 00000283
RAX: ffffc90000a08fe0 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffffc90000a01000 RDI: ffffc90000a08f30
RBP: ffffc90000a08348 R08: ffffc90000a08f30 R09: 0000000000000000
R10: ffffc90000a08390 R11: fffff52000141074 R12: 1ffff92000141069
R13: 1ffff9200014106a R14: ffffc90000a08fe0 R15: ffffc90000a09000
 unwind_next_frame+0x18a8/0x23b0 arch/x86/kernel/unwind_orc.c:-1
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4151 [inline]
 slab_alloc_node mm/slub.c:4200 [inline]
 kmem_cache_alloc_node_noprof+0x1f2/0x3b0 mm/slub.c:4252
 kmalloc_reserve+0xa8/0x2a0 net/core/skbuff.c:577
 __alloc_skb+0x1f2/0x480 net/core/skbuff.c:668
 skb_copy+0x1a0/0x9e0 net/core/skbuff.c:2131
 mac80211_hwsim_tx_frame_no_nl+0xedf/0x15c0 drivers/net/wireless/virtual/mac80211_hwsim.c:1866
 mac80211_hwsim_tx_frame+0x1cc/0x220 drivers/net/wireless/virtual/mac80211_hwsim.c:2217
 mac80211_hwsim_beacon_tx+0x3c4/0x860 drivers/net/wireless/virtual/mac80211_hwsim.c:2317
 __iterate_interfaces+0x297/0x570 net/mac80211/util.c:761
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:797
 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2347
 __run_hrtimer kernel/time/hrtimer.c:1791 [inline]
 __hrtimer_run_queues+0x5a6/0xd40 kernel/time/hrtimer.c:1855
 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1872
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 kernel/kcov.c:217
Code: 08 70 68 93 65 8b 15 98 18 a5 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 <83> fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 8b 89 1c
RSP: 0018:ffffc9000ce171f8 EFLAGS: 00000246
RAX: ffffffff816f9054 RBX: ffff8880246ae500 RCX: ffff888063769e00
RDX: 0000000000000000 RSI: 800000007b9eb007 RDI: ffff8880246ae500
RBP: ffffc9000ce175d0 R08: ffffffff8211cd54 R09: 1ffffd40003dcf58
R10: dffffc0000000000 R11: fffff940003dcf59 R12: ffffea0001ee7ac0
R13: dffffc0000000000 R14: 800000007b9eb007 R15: 800000007b9eb007
 arch_check_zapped_pte+0x14/0xb0 arch/x86/mm/pgtable.c:882
 zap_present_folio_ptes mm/memory.c:1518 [inline]
 zap_present_ptes mm/memory.c:1586 [inline]
 do_zap_pte_range mm/memory.c:1687 [inline]
 zap_pte_range mm/memory.c:1731 [inline]
 zap_pmd_range mm/memory.c:1823 [inline]
 zap_pud_range mm/memory.c:1852 [inline]
 zap_p4d_range mm/memory.c:1873 [inline]
 unmap_page_range+0x20d7/0x44d0 mm/memory.c:1894
 unmap_vmas+0x3ce/0x5f0 mm/memory.c:1984
 exit_mmap+0x2bc/0xde0 mm/mmap.c:1284
 __mmput+0x115/0x420 kernel/fork.c:1379
 exit_mm+0x221/0x310 kernel/exit.c:589
 do_exit+0x994/0x27f0 kernel/exit.c:940
 do_group_exit+0x207/0x2c0 kernel/exit.c:1102
 get_signal+0x1696/0x1730 kernel/signal.c:3034
 arch_do_signal_or_restart+0x98/0x840 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa9f738d169
Code: Unable to access opcode bytes at 0x7fa9f738d13f.
RSP: 002b:00007fa9f8182038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007fa9f75a5fa0 RCX: 00007fa9f738d169
RDX: 0000200000000040 RSI: 0000000000008914 RDI: 0000000000000008
RBP: 00007fa9f740e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa9f75a5fa0 R15: 00007ffe83904ca8
 </TASK>