RBP: 00007fc9ef015fa0 R08: 002644623d68df84 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc9ef016038 R14: 00007ffda6709dd0 R15: 00007ffda6709eb8
 </TASK>
watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [syz.2.28:614]
Modules linked in:
CPU: 0 PID: 614 Comm: syz.2.28 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:__mod_timer+0x861/0xc00 kernel/time/timer.c:1137
Code: 36 00 00 48 8b 4d c8 4c 89 f7 48 8b 75 a0 89 c2 e8 04 3c 00 00 48 8b 75 c0 4c 89 f7 e8 b8 31 7f 03 65 48 8b 04 25 28 00 00 00 <48> 3b 45 d0 0f 85 14 02 00 00 44 89 f8 48 83 c4 70 5b 41 5c 41 5d
RSP: 0018:ffffc90000007b70 EFLAGS: 00000202
RAX: a98250636665cf00 RBX: 00000001000005f4 RCX: 0000000000000100
RDX: 0000000000000100 RSI: 0000000000000a02 RDI: 00000000ffffffff
RBP: ffffc90000007c08 R08: ffff8881f7027b07 R09: 1ffff1103ee04f60
R10: dffffc0000000000 R11: ffffed103ee04f61 R12: dffffc0000000000
R13: 00000000ffffffff R14: ffff8881f7027ac0 R15: 0000000000000000
FS:  00007fc9efc586c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000100000000 CR3: 0000000111e04000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 mod_timer+0x1f/0x30 kernel/time/timer.c:1190
 addrconf_mod_rs_timer+0x54/0xe0 net/ipv6/addrconf.c:323
 addrconf_rs_timer+0x3da/0x610 net/ipv6/addrconf.c:3988
 call_timer_fn+0x46/0x2a0 kernel/time/timer.c:1701
 expire_timers kernel/time/timer.c:1752 [inline]
 __run_timers+0x65b/0x9f0 kernel/time/timer.c:2023
 run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:2036
 handle_softirqs+0x189/0x510 kernel/softirq.c:596
 __do_softirq kernel/softirq.c:630 [inline]
 invoke_softirq kernel/softirq.c:470 [inline]
 __irq_exit_rcu+0xc3/0x190 kernel/softirq.c:679
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:691
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa9/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:plist_check_prev_next lib/plist.c:35 [inline]
RIP: 0010:plist_check_list+0x148/0x270 lib/plist.c:52
Code: 3c 08 00 74 08 4c 89 f7 e8 e5 45 e2 fc 4d 8b 26 4d 8d 7c 24 08 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 08 4c 89 ff e8 be 45 e2 fc 4d 8b 2f 4d 39 f5 0f 84 c6 00 00 00
RSP: 0018:ffffc90000c97a88 EFLAGS: 00000246
RAX: 1ffff110200708ea RBX: ffff888100384748 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffff888100384748 RDI: ffff888100384748
RBP: ffffc90000c97ad8 R08: ffff88810cb864ab R09: 1ffff11021970c95
R10: dffffc0000000000 R11: ffffed1021970c96 R12: ffff888100384748
R13: 0000000000000001 R14: ffffc90000c87c08 R15: ffff888100384750
 plist_check_head lib/plist.c:60 [inline]
 plist_del+0x68/0x3f0 lib/plist.c:114
 __futex_unqueue+0x76/0xb0 kernel/futex/core.c:518
 futex_wake_mark+0xec/0x160 kernel/futex/waitwake.c:123
 futex_wake+0x32b/0x4f0 kernel/futex/waitwake.c:177
 do_futex+0x2ea/0x330 kernel/futex/syscalls.c:139
 __do_sys_futex kernel/futex/syscalls.c:211 [inline]
 __se_sys_futex+0x136/0x310 kernel/futex/syscalls.c:192
 __x64_sys_futex+0xe5/0x100 kernel/futex/syscalls.c:192
 x64_sys_call+0x7ec/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:203
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc9eed9cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc9efc580e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007fc9ef015fa8 RCX: 00007fc9eed9cdd9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc9ef015fac
RBP: 00007fc9ef015fa0 R08: 002644623d68df84 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc9ef016038 R14: 00007ffda6709dd0 R15: 00007ffda6709eb8
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 620 Comm: syz.4.21 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:55 [inline]
RIP: 0010:update_stack_state+0x17f/0x480 arch/x86/kernel/unwind_frame.c:228
Code: 48 8b 73 28 4c 89 ff 48 89 da 48 8b 8d 60 ff ff ff e8 65 b7 f7 ff 85 c0 0f 85 2f 01 00 00 48 8b 85 40 ff ff ff 42 80 3c 28 00 <74> 08 4c 89 f7 e8 07 97 7d 00 4d 8b 3e 48 8b 85 48 ff ff ff 42 80
RSP: 0000:ffffc900001af990 EFLAGS: 00000046
RAX: 1ffff92000035f69 RBX: ffffc900001afb40 RCX: 1ffff92000035f6a
RDX: 1ffff92000035f6b RSI: 1ffff92000035f69 RDI: ffffc900001afb98
RBP: ffffc900001afa50 R08: ffffc900001afb00 R09: ffffc900001afb40
R10: dffffc0000000000 R11: fffff52000035f74 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900001afb48 R15: ffffc90000ba7ca8
FS:  00007fdb4d33f6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdb4c3ea4c0 CR3: 0000000110b29000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 unwind_next_frame+0x3d5/0x700 arch/x86/kernel/unwind_frame.c:315
 perf_callchain_kernel+0x3d4/0x5e0 arch/x86/events/core.c:2805
 get_perf_callchain+0x236/0x490 kernel/events/callchain.c:204
 perf_callchain kernel/events/core.c:7512 [inline]
 perf_prepare_sample+0x399/0x1d40 kernel/events/core.c:7545
 __perf_event_output kernel/events/core.c:7730 [inline]
 perf_event_output_forward+0xd1/0x1a0 kernel/events/core.c:7750
 __perf_event_overflow+0x437/0x620 kernel/events/core.c:9496
 perf_swevent_overflow kernel/events/core.c:9579 [inline]
 perf_swevent_event+0x243/0x440 kernel/events/core.c:9630
 perf_tp_event+0x75b/0xa20 kernel/events/core.c:10064
 perf_trace_run_bpf_submit+0xf3/0x1c0 kernel/events/core.c:10032
 perf_trace_x86_irq_vector+0x233/0x2c0 arch/x86/include/asm/trace/irq_vectors.h:13
 trace_local_timer_exit arch/x86/include/asm/trace/irq_vectors.h:41 [inline]
 __sysvec_apic_timer_interrupt+0x421/0x440 arch/x86/kernel/apic/apic.c:1125
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0x53/0xc0 arch/x86/kernel/apic/apic.c:1118
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:update_stack_state+0xca/0x480 arch/x86/kernel/unwind_frame.c:215
Code: f7 d8 4c 89 fa 48 83 e2 fe 48 21 d0 48 89 45 80 4c 89 7d d0 48 89 55 88 74 26 4c 8d 73 35 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 86 03 00 00 41 c6 06 01 b8 a8 00 00 00 49 89 d7 eb 05
RSP: 0000:ffffc900001b0538 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: ffffc900001b0688 RCX: 00000000001b0600
RDX: ffffc90000ba7cb8 RSI: ffffc90000ba7cb9 RDI: ffffc900001b06e0
RBP: ffffc900001b05f8 R08: ffffc900001b0750 R09: ffffc900001b0748
R10: 000000000000000d R11: fffff520000360dd R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc900001b06bd R15: ffffc90000ba7cb9
 unwind_next_frame+0x3d5/0x700 arch/x86/kernel/unwind_frame.c:315
 arch_stack_walk+0x124/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa6/0xf0 kernel/stacktrace.c:122
 ref_tracker_alloc+0x1af/0x4a0 lib/ref_tracker.c:91
 __netdev_tracker_alloc include/linux/netdevice.h:4051 [inline]
 netdev_hold include/linux/netdevice.h:4080 [inline]
 dst_init+0xc4/0x3d0 net/core/dst.c:52
 dst_alloc+0x155/0x190 net/core/dst.c:92
 ip6_dst_alloc net/ipv6/route.c:345 [inline]
 icmp6_dst_alloc+0xf9/0x520 net/ipv6/route.c:3309
 ndisc_send_skb+0x2aa/0xcd0 net/ipv6/ndisc.c:493
 ndisc_send_rs+0x670/0x870 net/ipv6/ndisc.c:723
 addrconf_rs_timer+0x2cf/0x610 net/ipv6/addrconf.c:3979
 call_timer_fn+0x46/0x2a0 kernel/time/timer.c:1701
 expire_timers kernel/time/timer.c:1752 [inline]
 __run_timers+0x65b/0x9f0 kernel/time/timer.c:2023
 run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:2036
 handle_softirqs+0x189/0x510 kernel/softirq.c:596
 __do_softirq kernel/softirq.c:630 [inline]
 invoke_softirq kernel/softirq.c:470 [inline]
 __irq_exit_rcu+0xc3/0x190 kernel/softirq.c:679
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:691
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa9/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:preempt_schedule_irq+0xa5/0x120 kernel/sched/core.c:6874
Code: 44 24 20 00 02 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 91 57 6d fc fb bf 01 00 00 00 <e8> e6 e5 ff ff fa bf 01 00 00 00 e8 3b 59 6d fc 65 48 8b 1d 03 5f
RSP: 0000:ffffc90000ba7d60 EFLAGS: 00000246
RAX: 1ffff1102274c357 RBX: ffffc90000ba7e28 RCX: ffffffff8772eb00
RDX: 1ffffffff0ee4e08 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffffc90000ba7dd8 R08: ffffffff87727048 R09: ffffffff87727058
R10: ffffffff87727043 R11: 1ffffffff0ee4e08 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000174fac
 raw_irqentry_exit_cond_resched+0x29/0x30 kernel/entry/common.c:396
 irqentry_exit+0x37/0x40 kernel/entry/common.c:439
 sysvec_apic_timer_interrupt+0x64/0xc0 arch/x86/kernel/apic/apic.c:1118
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:exit_to_user_mode_loop+0x4a/0xb0 kernel/entry/common.c:164
Code: 00 e8 9a 8c 58 00 e8 25 6c ed 00 fa e8 cf 61 7b 03 65 48 8b 05 87 ef a3 7e 4c 8b 30 41 f7 c6 0e 30 02 00 74 5b fb 41 f6 c6 08 <74> 05 e8 5f 8a 80 03 41 f7 c6 00 10 00 00 74 08 48 89 df e8 0e 3e
RSP: 0000:ffffc90000ba7ed0 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffc90000ba7f58 RCX: 04c81dfd7c892500
RDX: 1ffffffff0ee4e08 RSI: 0000000000000008 RDI: ffffc90000ba7f58
RBP: ffffc90000ba7ee0 R08: ffffffff87727048 R09: ffffffff87727058
R10: ffffffff87727043 R11: 1ffffffff0ee4e08 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000008 R15: ffff888113a610c0
 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:210
 irqentry_exit_to_user_mode+0x9/0x10 kernel/entry/common.c:316
 irqentry_exit+0x12/0x40 kernel/entry/common.c:419
 sysvec_apic_timer_interrupt+0x64/0xc0 arch/x86/kernel/apic/apic.c:1118
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0033:0x7fdb4c32c000
Code: 02 00 00 00 b8 01 00 00 00 48 8d 35 12 19 10 00 0f 05 bf 7f 00 00 00 b8 e7 00 00 00 0f 05 e9 23 ff ff ff 0f 1f 80 00 00 00 00 <48> c7 c0 e8 ff ff ff 64 48 03 04 25 00 00 00 00 c3 66 2e 0f 1f 84
RSP: 002b:00007fdb4d33f048 EFLAGS: 00000246
RAX: 0000000000000004 RBX: 00007fdb4c615fa0 RCX: 00007fdb4c432d69
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
RBP: 00007fdb4c432d69 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdb4c616038 R14: 00007fdb4c615fa0 R15: 00007ffeea9228b8
 </TASK>