watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [syz.0.25:409]
Modules linked in:
CPU: 1 PID: 409 Comm: syz.0.25 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:__list_del_entry include/linux/list.h:134 [inline]
RIP: 0010:list_del include/linux/list.h:148 [inline]
RIP: 0010:__rmqueue_pcplist mm/page_alloc.c:4044 [inline]
RIP: 0010:rmqueue_pcplist mm/page_alloc.c:4074 [inline]
RIP: 0010:rmqueue mm/page_alloc.c:4111 [inline]
RIP: 0010:get_page_from_freelist+0x5a9/0x2d80 mm/page_alloc.c:4582
Code: e8 1c df 04 00 48 8b 03 48 39 d8 0f 84 78 24 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 fa de 04 00 48 8b 1b <48> 89 df e8 1f e0 bb 00 84 c0 48 89 5c 24 10 74 7d 48 8d 7b 08 48
RSP: 0018:ffffc900001b0600 EFLAGS: 00000246
RAX: 1ffff1103ede790b RBX: ffffea00045d4608 RCX: 0000000000000000
RDX: ffff8881f6f3c840 RSI: 0000000000000000 RDI: ffff8881f6f3c858
RBP: ffffc900001b0870 R08: dffffc0000000000 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520000360b0 R12: ffffc900001b08e8
R13: dffffc0000000000 R14: ffff8881f6f3c840 R15: 0000000000000000
FS: 00007fa9c55ff6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000012e494000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__alloc_pages+0x1fa/0x610 mm/page_alloc.c:5926
alloc_slab_page+0x6e/0xf0 include/linux/gfp.h:-1
allocate_slab mm/slub.c:1967 [inline]
new_slab+0x98/0x3d0 mm/slub.c:2020
___slab_alloc+0x6bd/0xb20 mm/slub.c:3177
__slab_alloc+0x5e/0xa0 mm/slub.c:3263
slab_alloc_node mm/slub.c:3348 [inline]
kmem_cache_alloc_node+0x1c2/0x340 mm/slub.c:3429
__alloc_skb+0xea/0x4b0 net/core/skbuff.c:508
alloc_skb include/linux/skbuff.h:1322 [inline]
ndisc_alloc_skb net/ipv6/ndisc.c:423 [inline]
ndisc_send_rs+0x304/0x870 net/ipv6/ndisc.c:707
addrconf_rs_timer+0x2cf/0x610 net/ipv6/addrconf.c:4005
call_timer_fn+0x46/0x2a0 kernel/time/timer.c:1553
expire_timers kernel/time/timer.c:1604 [inline]
__run_timers+0x65b/0x9f0 kernel/time/timer.c:1875
run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:1888
handle_softirqs+0x1d7/0x600 kernel/softirq.c:642
__do_softirq kernel/softirq.c:680 [inline]
invoke_softirq kernel/softirq.c:497 [inline]
__irq_exit_rcu+0x52/0xf0 kernel/softirq.c:729
irq_exit_rcu+0x9/0x10 kernel/softirq.c:741
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0xa9/0xc0 arch/x86/kernel/apic/apic.c:1118
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:generic_exec_single+0x2bc/0x3b0 kernel/smp.c:-1
Code: 74 71 e8 e7 7d 09 00 43 0f b6 04 3e 84 c0 0f 85 c7 00 00 00 41 c7 04 24 00 00 00 00 bb fa ff ff ff eb 11 e8 c6 7d 09 00 31 db <49> bf 00 00 00 00 00 fc ff df 48 c7 44 24 20 0e 36 e0 45 4b c7 44
RSP: 0018:ffffc90000b07a20 EFLAGS: 00000293
RAX: ffffffff8167f81e RBX: 0000000000000000 RCX: ffff888118dae540
RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
RBP: ffffc90000b07ad0 R08: ffff888118dae540 R09: fffff52000160e80
R10: 0000000000000000 R11: ffffffff81980270 R12: ffffc90000b07b28
R13: 1ffff92000160f48 R14: ffffc90000b07c60 R15: 0000000000000200
smp_call_function_single+0x1d9/0x490 kernel/smp.c:784
task_function_call kernel/events/core.c:120 [inline]
perf_install_in_context+0x4b8/0x760 kernel/events/core.c:2935
__do_sys_perf_event_open kernel/events/core.c:12775 [inline]
__se_sys_perf_event_open+0x12b1/0x1bb0 kernel/events/core.c:12369
__x64_sys_perf_event_open+0xbf/0xd0 kernel/events/core.c:12369
x64_sys_call+0x385/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:299
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa9c579cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9c55ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007fa9c5a15fa0 RCX: 00007fa9c579cdd9
RDX: afffffffffffffff RSI: 0000000000000000 RDI: 0000200000000180
RBP: 00007fa9c5832d69 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa9c5a16038 R14: 00007fa9c5a15fa0 R15: 00007ffcbd8137a8
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 406 Comm: syz.5.21 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:230 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:147 [inline]
RIP: 0010:wrmsr arch/x86/include/asm/msr.h:254 [inline]
RIP: 0010:native_apic_msr_write+0x39/0x50 arch/x86/include/asm/apic.h:206
Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 eb d9 89 f6 31 d2 e8 ea 2d 5c 01 5d c3 0f 1f 84 00 00 00 00
RSP: 0018:ffffc90000006ba0 EFLAGS: 00000046
RAX: 00000000000000a5 RBX: 00000000000000a5 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 00000000000000a5 RDI: 0000000000000838
RBP: ffffc90000006ba0 R08: ffff888118a59440 R09: 0000000000000002
R10: 0000000000000000 R11: ffffffff8134c020 R12: 0000000000000020
R13: dffffc0000000000 R14: ffffffff866d5b60 R15: dffffc0000000000
FS: 00007f2e7c3db6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000012fa57000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
apic_write arch/x86/include/asm/apic.h:394 [inline]
lapic_next_event+0x70/0x80 arch/x86/kernel/apic/apic.c:478
clockevents_program_event+0x1d9/0x330 kernel/time/clockevents.c:334
tick_program_event+0xa3/0x120 kernel/time/tick-oneshot.c:44
hrtimer_interrupt+0x501/0x8c0 kernel/time/hrtimer.c:1824
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
__sysvec_apic_timer_interrupt+0x11e/0x440 arch/x86/kernel/apic/apic.c:1124
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0x53/0xc0 arch/x86/kernel/apic/apic.c:1118
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:stack_trace_consume_entry+0xd3/0x290 kernel/stacktrace.c:93
Code: 89 ff 49 89 d4 4c 89 45 c8 4d 89 ce 4c 89 55 d0 e8 52 00 55 00 4c 8b 55 d0 4d 89 f1 4c 8b 45 c8 4c 89 e2 4c 89 ff 48 8b 75 c0 <4c> 8b 37 45 8d 7a 01 0f b6 04 13 84 c0 0f 85 45 01 00 00 45 89 38
RSP: 0018:ffffc90000006e70 EFLAGS: 00000246
RAX: 1ffff92000000df0 RBX: 1ffff92000000df2 RCX: 0000000000006f00
RDX: dffffc0000000000 RSI: ffffffff81b70ac1 RDI: ffffc90000006f80
RBP: ffffc90000006eb8 R08: ffffc90000006f90 R09: ffffc90000006f88
R10: 0000000000000001 R11: fffff52000000de5 R12: ffffc90000006f8c
R13: 1ffff92000000df1 R14: 0000000000000000 R15: 1ffff92000000df1
arch_stack_walk+0x118/0x150 arch/x86/kernel/stacktrace.c:27
stack_trace_save+0xa6/0xf0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x4b/0x70 mm/kasan/common.c:53
kasan_save_free_info+0x31/0x50 mm/kasan/generic.c:516
____kasan_slab_free+0x132/0x180 mm/kasan/common.c:242
__kasan_slab_free+0x11/0x20 mm/kasan/common.c:250
kasan_slab_free include/linux/kasan.h:178 [inline]
slab_free_hook mm/slub.c:1750 [inline]
slab_free_freelist_hook+0xc2/0x190 mm/slub.c:1776
slab_free mm/slub.c:3712 [inline]
kmem_cache_free+0x12d/0x300 mm/slub.c:3737
kfree_skbmem+0x10c/0x180 net/core/skbuff.c:-1
__kfree_skb net/core/skbuff.c:874 [inline]
consume_skb+0xb3/0x1f0 net/core/skbuff.c:1038
netlink_broadcast+0x1084/0x1180 net/netlink/af_netlink.c:1522
nlmsg_multicast include/net/netlink.h:1071 [inline]
nlmsg_notify+0xe6/0x1a0 net/netlink/af_netlink.c:2564
rtnl_notify+0x9a/0xc0 net/core/rtnetlink.c:796
__neigh_notify+0xd3/0x130 net/core/neighbour.c:3519
neigh_cleanup_and_release+0x2c/0x1a0 net/core/neighbour.c:101
neigh_del net/core/neighbour.c:225 [inline]
neigh_remove_one+0x4b5/0x540 net/core/neighbour.c:246
neigh_forced_gc net/core/neighbour.c:279 [inline]
neigh_alloc net/core/neighbour.c:485 [inline]
___neigh_create+0x48b/0x1e20 net/core/neighbour.c:648
__neigh_create+0x31/0x40 net/core/neighbour.c:737
ip6_finish_output2+0xa56/0x18a0 net/ipv6/ip6_output.c:129
__ip6_finish_output net/ipv6/ip6_output.c:205 [inline]
ip6_finish_output+0x5f9/0xbb0 net/ipv6/ip6_output.c:216
NF_HOOK_COND include/linux/netfilter.h:294 [inline]
ip6_output+0x1fa/0x410 net/ipv6/ip6_output.c:237
dst_output include/net/dst.h:453 [inline]
NF_HOOK include/linux/netfilter.h:305 [inline]
ndisc_send_skb+0x7dc/0xcc0 net/ipv6/ndisc.c:513
ndisc_send_rs+0x670/0x870 net/ipv6/ndisc.c:723
addrconf_rs_timer+0x2cf/0x610 net/ipv6/addrconf.c:4005
call_timer_fn+0x46/0x2a0 kernel/time/timer.c:1553
expire_timers kernel/time/timer.c:1604 [inline]
__run_timers+0x65b/0x9f0 kernel/time/timer.c:1875
run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:1888
handle_softirqs+0x1d7/0x600 kernel/softirq.c:642
__do_softirq kernel/softirq.c:680 [inline]
invoke_softirq kernel/softirq.c:497 [inline]
__irq_exit_rcu+0x52/0xf0 kernel/softirq.c:729
irq_exit_rcu+0x9/0x10 kernel/softirq.c:741
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0xa9/0xc0 arch/x86/kernel/apic/apic.c:1118
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:generic_exec_single+0x2bc/0x3b0 kernel/smp.c:-1
Code: 74 71 e8 e7 7d 09 00 43 0f b6 04 3e 84 c0 0f 85 c7 00 00 00 41 c7 04 24 00 00 00 00 bb fa ff ff ff eb 11 e8 c6 7d 09 00 31 db <49> bf 00 00 00 00 00 fc ff df 48 c7 44 24 20 0e 36 e0 45 4b c7 44
RSP: 0018:ffffc90000ac7a20 EFLAGS: 00000293
RAX: ffffffff8167f81e RBX: 0000000000000000 RCX: ffff888118a59440
RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
RBP: ffffc90000ac7ad0 R08: ffff888118a59440 R09: fffff52000158e80
R10: 0000000000000000 R11: ffffffff81980270 R12: ffffc90000ac7b28
R13: 1ffff92000158f48 R14: ffffc90000ac7c60 R15: 0000000000000200
smp_call_function_single+0x1d9/0x490 kernel/smp.c:784
task_function_call kernel/events/core.c:120 [inline]
perf_install_in_context+0x4b8/0x760 kernel/events/core.c:2935
__do_sys_perf_event_open kernel/events/core.c:12775 [inline]
__se_sys_perf_event_open+0x12b1/0x1bb0 kernel/events/core.c:12369
__x64_sys_perf_event_open+0xbf/0xd0 kernel/events/core.c:12369
x64_sys_call+0x385/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:299
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f2e7b59cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2e7c3db028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f2e7b815fa0 RCX: 00007f2e7b59cdd9
RDX: afffffffffffffff RSI: 0000000000000000 RDI: 0000200000000180
RBP: 00007f2e7b632d69 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2e7b816038 R14: 00007f2e7b815fa0 R15: 00007ffcd9354d58