ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 watchdog: BUG: soft lockup - CPU#1 stuck for 245s! [kworker/u8:30:10101] Modules linked in: irq event stamp: 2642864 hardirqs last enabled at (2642863): [] irqentry_exit+0x1dd/0x8c0 kernel/entry/common.c:219 hardirqs last disabled at (2642864): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (2642862): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (2642862): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (2642862): [] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723 softirqs last disabled at (2642835): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (2642835): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (2642835): [] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723 CPU: 1 UID: 0 PID: 10101 Comm: kworker/u8:30 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline] RIP: 0010:smp_call_function_many_cond+0xe02/0x15e0 kernel/smp.c:877 Code: 10 4c 89 74 24 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 e5 5d 0c 00 f3 90 41 0f b6 45 00 <40> 38 c5 7c 08 84 c0 0f 85 b6 05 00 00 8b 43 08 31 ff 83 e0 01 41 RSP: 0018:ffffc9001535f808 EFLAGS: 00000293 RAX: 0000000000000000 RBX: ffff8880b8443020 RCX: ffffffff81b28aa1 RDX: ffff888028f25b80 RSI: ffffffff81b28a7b RDI: 0000000000000005 RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: ffff888028f266b0 R12: dffffc0000000000 R13: ffffed1017088605 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881249f6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c3d34bd CR3: 000000000e184000 CR4: 0000000000350ef0 Call Trace: on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1043 on_each_cpu include/linux/smp.h:71 [inline] smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2711 [inline] smp_text_poke_batch_finish+0x27b/0xdb0 arch/x86/kernel/alternative.c:2921 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 jump_label_update+0x376/0x550 kernel/jump_label.c:919 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210 static_key_enable+0x1a/0x20 kernel/jump_label.c:223 toggle_allocation_gate mm/kfence/core.c:874 [inline] toggle_allocation_gate+0xfa/0x280 mm/kfence/core.c:866 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 30513 Comm: syz.6.8309 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:check_wait_context kernel/locking/lockdep.c:4870 [inline] RIP: 0010:__lock_acquire+0x2a7/0x2890 kernel/locking/lockdep.c:5187 Code: 44 eb 89 f3 83 eb 01 0f 88 41 10 00 00 48 63 c3 48 8d 04 80 49 8d 04 c3 eb 10 83 eb 01 48 83 e8 28 83 fb ff 0f 84 1c 05 00 00 <0f> b6 50 21 31 ca 83 e2 60 74 e5 83 c3 01 65 8b 05 bc 16 19 12 85 RSP: 0018:ffffc90000007ce8 EFLAGS: 00000046 RAX: ffff88802f73c830 RBX: 0000000000000000 RCX: 0000000000000040 RDX: 0000000000000073 RSI: 0000000000000001 RDI: ffff8880b8428458 RBP: 0000000000000001 R08: 0000000000080000 R09: 0000000000000073 R10: 0000000000000001 R11: ffff88802f73c830 R12: ffff88802f73bd00 R13: 0000000000000002 R14: ffff88802f73c858 R15: 0000000000000001 FS: 0000555556ba6500(0000) GS:ffff8881248f6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb3257156c0 CR3: 000000007823b000 CR4: 0000000000350ef0 Call Trace: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0x36/0x50 kernel/locking/spinlock.c:170 __run_hrtimer kernel/time/hrtimer.c:1781 [inline] __hrtimer_run_queues+0x2bc/0xc40 kernel/time/hrtimer.c:1841 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1903 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline] __sysvec_apic_timer_interrupt+0x10b/0x3c0 arch/x86/kernel/apic/apic.c:1062 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:lockdep_unregister_key+0xe9/0x140 kernel/locking/lockdep.c:6616 Code: 48 89 ef e8 89 ee ff ff 48 83 2d 89 f2 38 14 01 89 c3 e8 0a ef ff ff 9c 58 f6 c4 02 75 52 41 f7 c4 00 02 00 00 74 01 fb 84 db <75> 1b 5b 5d 41 5c e9 4c ad 0a 00 8b 05 4a 94 ef 0e 31 db 85 c0 74 RSP: 0018:ffffc90004b47a98 EFLAGS: 00000246 RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff8dbbcbc7 RDI: ffffffff8bf2b680 RBP: ffffffff97377b38 R08: 000000000008fc97 R09: ffffffff95e4740e R10: 0000000000000002 R11: ffff88802f73c830 R12: 0000000000000246 R13: ffff888031058000 R14: ffff8880310584c8 R15: 0000000000000001 __qdisc_destroy+0x11a/0x4a0 net/sched/sch_generic.c:1079 qdisc_put+0xab/0xe0 net/sched/sch_generic.c:1105 dev_shutdown+0x1d0/0x430 net/sched/sch_generic.c:1493 unregister_netdevice_many_notify+0xb37/0x2590 net/core/dev.c:12371 unregister_netdevice_many net/core/dev.c:12446 [inline] unregister_netdevice_queue net/core/dev.c:12260 [inline] unregister_netdevice_queue+0x305/0x3c0 net/core/dev.c:12250 unregister_netdevice include/linux/netdevice.h:3405 [inline] __tun_detach+0x119c/0x1490 drivers/net/tun.c:621 tun_detach drivers/net/tun.c:637 [inline] tun_chr_close+0xc2/0x230 drivers/net/tun.c:3436 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:44 [inline] exit_to_user_mode_loop+0xfb/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1b6878f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc26cb5fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 000000000013278a RCX: 00007f1b6878f749 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007f1b689e7da0 R08: 0000000000000001 R09: 0000000526cb62df R10: 0000001b2c520000 R11: 0000000000000246 R12: 00007f1b689e5fac R13: 00007f1b689e5fa0 R14: ffffffffffffffff R15: 00007ffc26cb6100