watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [syz.0.40:5969]
Modules linked in:
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffff8185405b>] rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
hardirqs last disabled at (0): [<ffffffff8185405b>] rcu_read_lock include/linux/rcupdate.h:840 [inline]
hardirqs last disabled at (0): [<ffffffff8185405b>] copy_process+0xd2b/0x42e0 kernel/fork.c:2152
softirqs last  enabled at (0): [<ffffffff8185405b>] rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
softirqs last  enabled at (0): [<ffffffff8185405b>] rcu_read_lock include/linux/rcupdate.h:840 [inline]
softirqs last  enabled at (0): [<ffffffff8185405b>] copy_process+0xd2b/0x42e0 kernel/fork.c:2152
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 1 UID: 0 PID: 5969 Comm: syz.0.40 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:unwind_done arch/x86/include/asm/unwind.h:50 [inline]
RIP: 0010:arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:24
Code: ff ff 4c 89 ff e8 65 74 09 00 48 85 c0 74 24 48 89 df 48 89 c6 4d 89 f3 2e e8 15 f9 92 1e 84 c0 74 11 4c 89 ff e8 95 75 09 00 <83> bd 78 ff ff ff 00 75 cf 65 48 8b 05 b4 21 ca 11 48 3b 45 d8 75
RSP: 0018:ffffc90000a07b68 EFLAGS: 00000286
RAX: 00000000f2175c01 RBX: ffffc90000a07c20 RCX: 0000000000000304
RDX: 0000000000000004 RSI: ffffffff8c28c780 RDI: ffff888032628000
RBP: ffffc90000a07bf0 R08: 0000000000000002 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff91ffffb6805 R12: ffff888032628000
R13: ffff888049e25000 R14: ffffffff81b11450 R15: ffffc90000a07b68
FS:  00007f9eb9af26c0(0000) GS:ffff8881253aa000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b34914ff8 CR3: 000000007dbbc000 CR4: 00000000003526f0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000000f0602
Call Trace:
 <IRQ>
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5296 [inline]
 __kmalloc_noprof+0x358/0x750 mm/slub.c:5308
 kmalloc_noprof include/linux/slab.h:954 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 ieee802_11_parse_elems_full+0x15c/0x2a90 net/mac80211/parse.c:1058
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2518 [inline]
 ieee80211_inform_bss+0x163/0x10d0 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0xd9c/0x1be0 net/wireless/scan.c:2379
 cfg80211_inform_bss_data+0x26e/0x3d80 net/wireless/scan.c:3236
 cfg80211_inform_bss_frame_data+0x3c7/0x730 net/wireless/scan.c:3327
 ieee80211_bss_info_update+0x791/0xa50 net/mac80211/scan.c:230
 ieee80211_scan_rx+0x552/0xa40 net/mac80211/scan.c:364
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5357 [inline]
 ieee80211_rx_list+0x2a11/0x3740 net/mac80211/rx.c:5642
 ieee80211_rx_napi+0x1ad/0x3d0 net/mac80211/rx.c:5665
 ieee80211_rx include/net/mac80211.h:5395 [inline]
 ieee80211_handle_queued_frames+0xe4/0x1d0 net/mac80211/main.c:452
 tasklet_action_common+0x2da/0x4a0 kernel/softirq.c:938
 handle_softirqs+0x225/0x840 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1062
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:do_perf_trace_lock include/trace/events/lock.h:49 [inline]
RIP: 0010:perf_trace_lock+0x337/0x410 include/trace/events/lock.h:49
Code: 00 00 4c 8b 4c 24 60 41 b8 01 00 00 00 44 89 f6 48 8b 4c 24 38 6a 00 ff 74 24 20 e8 a3 36 5a 00 48 83 c4 10 43 c6 44 27 08 f8 <43> c6 44 27 04 f8 65 ff 0d 0c 49 96 11 74 40 48 c7 44 24 40 0e 36
RSP: 0018:ffffc900052670e0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8e829768 RCX: 0000000000080000
RDX: ffffc90004112000 RSI: 0000000000006108 RDI: 0000000000006109
RBP: ffffc900052671c8 R08: ffffc900052672cf R09: 0000000000000000
R10: ffffc900052672c0 R11: ffffffffa0203388 R12: dffffc0000000000
R13: 000000000000000d R14: 000000000000002c R15: 1ffff92000a4ce24
 __do_trace_lock_release include/trace/events/lock.h:68 [inline]
 trace_lock_release include/trace/events/lock.h:68 [inline]
 lock_release+0x38e/0x3c0 kernel/locking/lockdep.c:5879
 rcu_lock_release include/linux/rcupdate.h:310 [inline]
 rcu_read_unlock include/linux/rcupdate.h:871 [inline]
 trace_call_bpf+0x7c0/0xb80 kernel/trace/bpf_trace.c:147
 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:11397
 do_perf_trace_lock include/trace/events/lock.h:49 [inline]
 perf_trace_lock+0x32d/0x410 include/trace/events/lock.h:49
 __do_trace_lock_release include/trace/events/lock.h:68 [inline]
 trace_lock_release include/trace/events/lock.h:68 [inline]
 lock_release+0x38e/0x3c0 kernel/locking/lockdep.c:5879
 rcu_lock_release include/linux/rcupdate.h:310 [inline]
 rcu_read_unlock include/linux/rcupdate.h:871 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1183 [inline]
 unwind_next_frame+0x1baa/0x2550 arch/x86/kernel/unwind_orc.c:709
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4570 [inline]
 slab_alloc_node mm/slub.c:4899 [inline]
 kmem_cache_alloc_noprof+0x2b8/0x650 mm/slub.c:4906
 lsm_file_alloc security/security.c:171 [inline]
 security_file_alloc+0x34/0x310 security/security.c:2406
 init_file+0x90/0x2b0 fs/file_table.c:184
 alloc_empty_file+0x74/0x1d0 fs/file_table.c:266
 path_openat+0x8f/0x3830 fs/namei.c:4845
 do_file_open+0x23e/0x4a0 fs/namei.c:4888
 do_sys_openat2+0x115/0x200 fs/open.c:1395
 do_sys_open fs/open.c:1401 [inline]
 __do_sys_openat fs/open.c:1417 [inline]
 __se_sys_openat fs/open.c:1412 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1412
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9eb8b9ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9eb9af2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f9eb8e15fa0 RCX: 00007f9eb8b9ce59
RDX: 0000000000200002 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f9eb8c32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9eb8e16038 R14: 00007f9eb8e15fa0 R15: 00007ffc5e512878
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 48 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0x10b0/0x14b0 kernel/smp.c:892
Code: c0 75 73 41 8b 1e 89 de 83 e6 01 31 ff e8 98 02 0c 00 83 e3 01 48 bb 00 00 00 00 00 fc ff df 75 07 e8 44 fe 0b 00 eb 37 f3 90 <41> 0f b6 04 1c 84 c0 75 10 41 f7 06 01 00 00 00 74 1e e8 29 fe 0b
RSP: 0018:ffffc90000b87720 EFLAGS: 00000293
RAX: ffffffff81ba0607 RBX: dffffc0000000000 RCX: ffff88801e6d8000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90000b87860 R08: ffffffff902ff2f7 R09: 1ffffffff205fe5e
R10: dffffc0000000000 R11: fffffbfff205fe5f R12: 1ffff110170e8199
R13: ffff8880b863c2c8 R14: ffff8880b8740cc8 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8881252aa000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b307f3c028 CR3: 000000000e74a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1057
 on_each_cpu include/linux/smp.h:72 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2773 [inline]
 smp_text_poke_batch_finish+0x5fd/0x1110 arch/x86/kernel/alternative.c:2983
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x128/0x240 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate+0xab/0x290 mm/kfence/core.c:906
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3397
 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>