Extracting prog: 3m42.982074678s
Minimizing prog: 16m36.187806134s
Simplifying prog options: 4m58.521943045s
Extracting C: 2m38.613697292s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-openat$iommufd-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-openat$iommufd-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program crashed: BUG: soft lockup in ser_release
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-openat$iommufd-syz_usb_control_io-openat$ttyS3
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-openat$iommufd-syz_usb_control_io-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-openat$iommufd-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program crashed: BUG: soft lockup in tx
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
program did not crash
simplifying guilty program options
testing program (duration=2m18.745784817s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
testing program (duration=2m18.745784817s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-syz_usb_control_io-openat$ttyS3-ioctl$TIOCSETD
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)

program did not crash
reproducing took 27m56.305563758s
repro crashed as (corrupted=false):
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [aoe_tx0:2352]
Modules linked in:
irq event stamp: 46905101
hardirqs last  enabled at (46905100): [<ffff80008b6c0c00>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (46905100): [<ffff80008b6c0c00>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (46905101): [<ffff80008b69c92c>] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline]
hardirqs last disabled at (46905101): [<ffff80008b69c92c>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575
softirqs last  enabled at (1868): [<ffff8000898025b0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1872): [<ffff80008980257c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 0 UID: 0 PID: 2352 Comm: aoe_tx0 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
pc : _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:194
lr : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
lr : _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
sp : ffff8000a13a7700
x29: ffff8000a13a7700 x28: ffff80008f9a0000 x27: 0000000000000000
x26: 0000000000000000 x25: dfff800000000000 x24: 0000000000000000
x23: 0000000000000003 x22: 0000000000000000 x21: ffff800091370fe0
x20: ffff800097850d80 x19: 0000000000000000 x18: ffff8000a13a73e0
x17: 000000000001d4b3 x16: ffff800080463930 x15: 0000000000000001
x14: 1ffff00012f0a1b0 x13: ffff8000a13a8000 x12: 0000000000000003
x11: 0000000000000202 x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : ffff800083fdfee8 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000002 x1 : ffff80008b746ea0 x0 : ffff800123ef6000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] (P)
 _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:194 (P)
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 uart_port_unlock_irqrestore include/linux/serial_core.h:786 [inline]
 uart_write_room+0x320/0x71c drivers/tty/serial/serial_core.c:649
 tty_write_room+0x6c/0x8c drivers/tty/tty_ioctl.c:69
 handle_tx+0x120/0x604 drivers/net/caif/caif_serial.c:226
 caif_xmit+0x108/0x150 drivers/net/caif/caif_serial.c:282
 __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 netdev_start_xmit include/linux/netdevice.h:5011 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0x274/0x904 net/core/dev.c:3606
 __dev_queue_xmit+0x1680/0x35b4 net/core/dev.c:4434
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 tx+0x9c/0x1cc drivers/block/aoe/aoenet.c:62
 kthread+0x1ac/0x374 drivers/block/aoe/aoecmd.c:1237
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 1478 Comm: kworker/u8:7 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : csd_lock_wait kernel/smp.c:340 [inline]
pc : smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884
lr : csd_lock_wait kernel/smp.c:340 [inline]
lr : smp_call_function_many_cond+0x19e0/0x32a8 kernel/smp.c:884
sp : ffff80009f287770
x29: ffff80009f2878b0 x28: 1fffe00036703701 x27: ffffffffffffffff
x26: ffff0001b37fdc08 x25: 0000000000000000 x24: 0000000000000008
x23: dfff800000000000 x22: 1fffe00036703700 x21: 0000000000000011
x20: ffff0001b381b808 x19: ffff0001b381b800 x18: 1fffe00036700a7e
x17: ffff80008f99d000 x16: ffff800083275834 x15: 0000000000000001
x14: 1fffe000366ffb81 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000366ffb82 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000011 x7 : ffff80008015c4d8 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff8000805ecbd4
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
 __cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:231 [inline] (P)
 __cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline] (P)
 csd_lock_wait kernel/smp.c:340 [inline] (P)
 smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884 (P)
 smp_call_function_many kernel/smp.c:908 [inline]
 smp_call_function kernel/smp.c:930 [inline]
 kick_all_cpus_sync+0x40/0xa0 kernel/smp.c:1075
 arch_jump_label_transform_apply+0x14/0x20 arch/arm64/kernel/jump_label.c:34
 __jump_label_update+0x30c/0x334 kernel/jump_label.c:521
 jump_label_update+0x30c/0x3bc kernel/jump_label.c:920
 static_key_disable_cpuslocked+0xf4/0x1f0 kernel/jump_label.c:240
 static_key_disable+0x24/0x38 kernel/jump_label.c:248
 toggle_allocation_gate+0x1c4/0x264 mm/kfence/core.c:854
 process_one_work+0x7a8/0x15cc kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3391
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862

final repro crashed as (corrupted=false):
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [aoe_tx0:2352]
Modules linked in:
irq event stamp: 46905101
hardirqs last  enabled at (46905100): [<ffff80008b6c0c00>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (46905100): [<ffff80008b6c0c00>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (46905101): [<ffff80008b69c92c>] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline]
hardirqs last disabled at (46905101): [<ffff80008b69c92c>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575
softirqs last  enabled at (1868): [<ffff8000898025b0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1872): [<ffff80008980257c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 0 UID: 0 PID: 2352 Comm: aoe_tx0 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
pc : _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:194
lr : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
lr : _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
sp : ffff8000a13a7700
x29: ffff8000a13a7700 x28: ffff80008f9a0000 x27: 0000000000000000
x26: 0000000000000000 x25: dfff800000000000 x24: 0000000000000000
x23: 0000000000000003 x22: 0000000000000000 x21: ffff800091370fe0
x20: ffff800097850d80 x19: 0000000000000000 x18: ffff8000a13a73e0
x17: 000000000001d4b3 x16: ffff800080463930 x15: 0000000000000001
x14: 1ffff00012f0a1b0 x13: ffff8000a13a8000 x12: 0000000000000003
x11: 0000000000000202 x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : ffff800083fdfee8 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000002 x1 : ffff80008b746ea0 x0 : ffff800123ef6000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] (P)
 _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:194 (P)
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 uart_port_unlock_irqrestore include/linux/serial_core.h:786 [inline]
 uart_write_room+0x320/0x71c drivers/tty/serial/serial_core.c:649
 tty_write_room+0x6c/0x8c drivers/tty/tty_ioctl.c:69
 handle_tx+0x120/0x604 drivers/net/caif/caif_serial.c:226
 caif_xmit+0x108/0x150 drivers/net/caif/caif_serial.c:282
 __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 netdev_start_xmit include/linux/netdevice.h:5011 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0x274/0x904 net/core/dev.c:3606
 __dev_queue_xmit+0x1680/0x35b4 net/core/dev.c:4434
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 tx+0x9c/0x1cc drivers/block/aoe/aoenet.c:62
 kthread+0x1ac/0x374 drivers/block/aoe/aoecmd.c:1237
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 1478 Comm: kworker/u8:7 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : csd_lock_wait kernel/smp.c:340 [inline]
pc : smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884
lr : csd_lock_wait kernel/smp.c:340 [inline]
lr : smp_call_function_many_cond+0x19e0/0x32a8 kernel/smp.c:884
sp : ffff80009f287770
x29: ffff80009f2878b0 x28: 1fffe00036703701 x27: ffffffffffffffff
x26: ffff0001b37fdc08 x25: 0000000000000000 x24: 0000000000000008
x23: dfff800000000000 x22: 1fffe00036703700 x21: 0000000000000011
x20: ffff0001b381b808 x19: ffff0001b381b800 x18: 1fffe00036700a7e
x17: ffff80008f99d000 x16: ffff800083275834 x15: 0000000000000001
x14: 1fffe000366ffb81 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000366ffb82 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000011 x7 : ffff80008015c4d8 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff8000805ecbd4
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
 __cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:231 [inline] (P)
 __cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline] (P)
 csd_lock_wait kernel/smp.c:340 [inline] (P)
 smp_call_function_many_cond+0x19c8/0x32a8 kernel/smp.c:884 (P)
 smp_call_function_many kernel/smp.c:908 [inline]
 smp_call_function kernel/smp.c:930 [inline]
 kick_all_cpus_sync+0x40/0xa0 kernel/smp.c:1075
 arch_jump_label_transform_apply+0x14/0x20 arch/arm64/kernel/jump_label.c:34
 __jump_label_update+0x30c/0x334 kernel/jump_label.c:521
 jump_label_update+0x30c/0x3bc kernel/jump_label.c:920
 static_key_disable_cpuslocked+0xf4/0x1f0 kernel/jump_label.c:240
 static_key_disable+0x24/0x38 kernel/jump_label.c:248
 toggle_allocation_gate+0x1c4/0x264 mm/kfence/core.c:854
 process_one_work+0x7a8/0x15cc kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3391
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862