watchdog: BUG: soft lockup - CPU#1 stuck for 188s! [kworker/1:5:5163] Modules linked in: irq event stamp: 35480 hardirqs last enabled at (35479): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (35479): [] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (35480): [] sysvec_apic_timer_interrupt+0xe/0xb0 arch/x86/kernel/apic/apic.c:1043 softirqs last enabled at (35138): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (35138): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline] softirqs last enabled at (35138): [] nsim_dev_trap_report_work+0x870/0xc80 drivers/net/netdevsim/dev.c:850 softirqs last disabled at (35136): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (35136): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:816 [inline] softirqs last disabled at (35136): [] nsim_dev_trap_report_work+0x7e2/0xc80 drivers/net/netdevsim/dev.c:850 CPU: 1 PID: 5163 Comm: kworker/1:5 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: mld mld_ifc_work RIP: 0010:srso_alias_safe_ret+0x5/0x7 arch/x86/lib/retpoline.S:174 Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8d 64 24 08 cc e8 f4 ff ff ff 0f 0b cc cc cc cc cc cc cc cc cc cc cc cc cc RSP: 0018:ffffc900035cf5e0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffffffff81de8014 RDX: fffff940003edcf7 RSI: 0000000000000004 RDI: ffffea0001f6e7b4 RBP: 0000000000000001 R08: 0000000000000000 R09: fffff940003edcf6 R10: ffffea0001f6e7b7 R11: 0000000000000004 R12: 0000000000000006 R13: 0000000000000000 R14: 0000000000000000 R15: ffffea0001f6e780 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3553351095 CR3: 000000002208a000 CR4: 0000000000350ef0 Call Trace: instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] page_ref_count include/linux/page_ref.h:67 [inline] page_expected_state mm/page_alloc.c:915 [inline] free_page_is_bad mm/page_alloc.c:964 [inline] free_pages_prepare mm/page_alloc.c:1122 [inline] free_unref_page_prepare+0x7f4/0xb10 mm/page_alloc.c:2347 free_unref_page+0x33/0x3c0 mm/page_alloc.c:2487 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3798 [inline] slab_alloc_node mm/slub.c:3845 [inline] kmem_cache_alloc_node+0x177/0x340 mm/slub.c:3888 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:658 alloc_skb include/linux/skbuff.h:1313 [inline] alloc_skb_with_frags+0xe4/0x710 net/core/skbuff.c:6504 sock_alloc_send_pskb+0x7f1/0x980 net/core/sock.c:2795 sock_alloc_send_skb include/net/sock.h:1844 [inline] mld_newpack.isra.0+0x1ed/0x790 net/ipv6/mcast.c:1746 add_grhead+0x299/0x340 net/ipv6/mcast.c:1849 add_grec+0x111e/0x1670 net/ipv6/mcast.c:1987 mld_send_cr net/ipv6/mcast.c:2113 [inline] mld_ifc_work+0x41f/0xce0 net/ipv6/mcast.c:2650 process_one_work+0x9ac/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 1104 Comm: kworker/u8:8 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:311 [inline] RIP: 0010:smp_call_function_many_cond+0x4e7/0x1420 kernel/smp.c:855 Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 bb 07 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 f7 0c 00 00 8b 43 08 31 RSP: 0018:ffffc90004127910 EFLAGS: 00000293 RAX: 0000000000000000 RBX: ffff8880b9544740 RCX: ffffffff8182ff4b RDX: ffff888021fdda00 RSI: ffffffff8182ff25 RDI: 0000000000000005 RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10172a88e9 R13: 0000000000000001 R14: ffff8880b9544748 R15: ffff8880b943fc40 FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005605357c6dc8 CR3: 000000000d77a000 CR4: 0000000000350ef0 Call Trace: on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1023 on_each_cpu include/linux/smp.h:71 [inline] text_poke_sync arch/x86/kernel/alternative.c:2086 [inline] text_poke_bp_batch+0x659/0x760 arch/x86/kernel/alternative.c:2296 text_poke_flush arch/x86/kernel/alternative.c:2487 [inline] text_poke_flush arch/x86/kernel/alternative.c:2484 [inline] text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2494 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 jump_label_update+0x1d7/0x400 kernel/jump_label.c:829 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:205 static_key_enable+0x1a/0x20 kernel/jump_label.c:218 toggle_allocation_gate mm/kfence/core.c:826 [inline] toggle_allocation_gate+0xf8/0x250 mm/kfence/core.c:818 process_one_work+0x9ac/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c4/0x3a0 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244