watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.3.692:6788]
Modules linked in:
irq event stamp: 6927153
hardirqs last  enabled at (6927152): [<ffffffff89e00d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
hardirqs last disabled at (6927153): [<ffffffff89bcc30a>] sysvec_apic_timer_interrupt+0xa/0xc0 arch/x86/kernel/apic/apic.c:1108
softirqs last  enabled at (294): [<ffffffff87e37525>] local_bh_enable+0x5/0x20 include/linux/bottom_half.h:31
softirqs last disabled at (445): [<ffffffff81495a8b>] __do_softirq kernel/softirq.c:610 [inline]
softirqs last disabled at (445): [<ffffffff81495a8b>] invoke_softirq kernel/softirq.c:450 [inline]
softirqs last disabled at (445): [<ffffffff81495a8b>] __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:659
CPU: 0 PID: 6788 Comm: syz.3.692 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ipv6_skip_exthdr+0x540/0x630 net/ipv6/exthdrs_core.c:113
Code: f8 eb 1c e8 02 ad c0 f8 4c 8b 7c 24 08 eb 10 e8 f6 ac c0 f8 4c 8b 7c 24 08 43 c6 44 27 06 f8 43 c6 44 27 04 f8 bb ff ff ff ff <48> c7 44 24 60 0e 36 e0 45 4b c7 04 27 00 00 00 00 65 48 8b 04 25
RSP: 0018:ffffc900000073c0 EFLAGS: 00000297
RAX: 000000000000003a RBX: 0000000000000028 RCX: 0000000000007500
RDX: 0000000000000100 RSI: ffffffff8d5578b0 RDI: 000000000000003a
RBP: ffffc900000074b0 R08: ffff888023328000 R09: 0000000000000006
R10: 000000000000003c R11: 0000000000000100 R12: dffffc0000000000
R13: 000000000000003a R14: ffffc90000007530 R15: 1ffff92000000e84
FS:  00007f825776f6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c600000000 CR3: 000000005b64d000 CR4: 00000000003506f0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 ipv6_get_l4proto net/netfilter/nf_conntrack_core.c:399 [inline]
 get_l4proto+0x255/0x680 net/netfilter/nf_conntrack_core.c:422
 nf_conntrack_in+0x290/0x1730 net/netfilter/nf_conntrack_core.c:1940
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_slow+0xb9/0x200 net/netfilter/core.c:584
 nf_hook include/linux/netfilter.h:257 [inline]
 NF_HOOK include/linux/netfilter.h:300 [inline]
 ndisc_send_skb+0x1397/0x1500 net/ipv6/ndisc.c:513
 addrconf_rs_timer+0x2d1/0x630 net/ipv6/addrconf.c:3956
 call_timer_fn+0x17b/0x540 kernel/time/timer.c:1648
 expire_timers kernel/time/timer.c:1699 [inline]
 __run_timers+0x53e/0x800 kernel/time/timer.c:1970
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1983
 handle_softirqs+0x339/0x830 kernel/softirq.c:576
 __do_softirq kernel/softirq.c:610 [inline]
 invoke_softirq kernel/softirq.c:450 [inline]
 __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:659
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:console_unlock+0xcad/0x1120 kernel/printk/printk.c:2749
Code: 75 11 e8 d6 dc 18 00 4d 85 ff 75 16 e8 cc dc 18 00 eb 15 e8 c5 dc 18 00 e8 e0 71 5c 08 4d 85 ff 74 ea e8 b6 dc 18 00 fb 31 ff <89> de e8 0c e0 18 00 85 db 0f 94 c0 22 44 24 17 3c 01 75 1f e8 9a
RSP: 0018:ffffc9000333eb20 EFLAGS: 00000246
RAX: ffffffff816057da RBX: 0000000000000000 RCX: ffff888023328000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000333ed90 R08: ffffffff901d50c7 R09: 1ffffffff203aa18
R10: dffffc0000000000 R11: fffffbfff203aa19 R12: 1ffffffff198d729
R13: 0000000000000056 R14: 0000000000000000 R15: 0000000000000200
 vprintk_emit+0xc0/0x150 kernel/printk/printk.c:2274
 _printk+0xda/0x130 kernel/printk/printk.c:2299
 validate_nla lib/nlattr.c:401 [inline]
 __nla_validate_parse+0xd1e/0x2940 lib/nlattr.c:613
 __nla_parse+0x3c/0x50 lib/nlattr.c:710
 __nlmsg_parse include/net/netlink.h:744 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:783 [inline]
 rtnl_dellink+0x221/0x7b0 net/core/rtnetlink.c:3134
 rtnetlink_rcv_msg+0x844/0xf30 net/core/rtnetlink.c:5687
 netlink_rcv_skb+0x1f5/0x440 net/netlink/af_netlink.c:2507
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x774/0x920 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x8ba/0xbe0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:706 [inline]
 __sock_sendmsg net/socket.c:718 [inline]
 ____sys_sendmsg+0x5b7/0x8f0 net/socket.c:2445
 ___sys_sendmsg+0x236/0x2e0 net/socket.c:2499
 __sys_sendmsg net/socket.c:2528 [inline]
 __do_sys_sendmsg net/socket.c:2537 [inline]
 __se_sys_sendmsg+0x1af/0x290 net/socket.c:2535
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f8259515dd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f825776f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f825978efa0 RCX: 00007f8259515dd9
RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005
RBP: 00007f82595abd69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f825978f038 R14: 00007f825978efa0 R15: 00007ffc543d0ee8
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5525 Comm: syz.1.359 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:226 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x4/0x80 kernel/kcov.c:300
Code: 77 22 89 ff 89 f6 4a c7 44 02 08 05 00 00 00 4a 89 7c 02 10 4a 89 74 02 18 4a 89 44 02 20 48 ff c1 48 89 0a c3 90 48 8b 04 24 <65> 48 8b 0d 44 37 89 7e 65 8b 15 45 37 89 7e 81 e2 00 01 ff 00 74
RSP: 0018:ffffc90000dcf8e8 EFLAGS: 00000046
RAX: ffffffff81988b4e RBX: 0000000000010304 RCX: ffff88802a530000
RDX: 0000000000010100 RSI: 0000000000010000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1b13e06 R12: dffffc0000000001
R13: dffffc0000000000 R14: ffff8880b9100000 R15: dffffc0000000000
FS:  00007f9ec7f076c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562bdc90ba38 CR3: 000000007c8e4000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 interrupt_context_level include/linux/preempt.h:96 [inline]
 get_recursion_context kernel/events/internal.h:214 [inline]
 perf_swevent_get_recursion_context+0x8e/0x150 kernel/events/core.c:9744
 perf_trace_buf_alloc+0x54/0x300 kernel/trace/trace_event_perf.c:414
 perf_trace_lock_acquire+0x1a0/0x3e0 include/trace/events/lock.h:13
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0x3d7/0x400 kernel/locking/lockdep.c:5594
 rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:313
 rcu_read_lock include/linux/rcupdate.h:740 [inline]
 __perf_output_begin kernel/events/ring_buffer.c:163 [inline]
 perf_output_begin_forward+0xa5/0xa40 kernel/events/ring_buffer.c:271
 __perf_event_output kernel/events/core.c:7804 [inline]
 perf_event_output_forward+0x19b/0x2e0 kernel/events/core.c:7822
 __perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
 perf_swevent_hrtimer+0x41b/0x5b0 kernel/events/core.c:10934
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x4b4/0xb70 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x4d/0xc0 arch/x86/kernel/apic/apic.c:1108
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:unwind_next_frame+0x3ce/0x1d90 arch/x86/kernel/unwind_orc.c:461
Code: b6 04 28 84 c0 0f 85 87 14 00 00 41 c6 06 01 48 c7 c2 a0 92 28 8a 4c 8d 72 04 4c 8d 7a 05 4d 89 f4 49 c1 ec 03 43 0f b6 04 2c <84> c0 48 89 14 24 0f 85 af 13 00 00 4c 89 f8 48 c1 e8 03 42 0f b6
RSP: 0018:ffffc90000dd0448 EFLAGS: 00000a06
RAX: 0000000000000000 RBX: ffffc90000dd0508 RCX: ffffffff8d9f553c
RDX: ffffffff8e0e72c6 RSI: ffffffff8e0e72c6 RDI: 0000000000000001
RBP: ffffffff81be354b R08: 0000000000000006 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff520001ba0ad R12: 1ffffffff1c1ce59
R13: dffffc0000000000 R14: ffffffff8e0e72ca R15: ffffffff8e0e72cb
 arch_stack_walk+0x10c/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa6/0xf0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0x9c/0xd0 mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3225 [inline]
 slab_alloc mm/slub.c:3233 [inline]
 kmem_cache_alloc+0x100/0x290 mm/slub.c:3238
 skb_clone+0x1bd/0x350 net/core/skbuff.c:1523
 hsr_forward_do net/hsr/hsr_forward.c:-1 [inline]
 hsr_forward_skb+0xc1a/0x1700 net/hsr/hsr_forward.c:584
 send_hsr_supervision_frame+0x5f7/0xb80 net/hsr/hsr_device.c:349
 hsr_announce+0x168/0x310 net/hsr/hsr_device.c:405
 call_timer_fn+0x17b/0x540 kernel/time/timer.c:1648
 expire_timers kernel/time/timer.c:1699 [inline]
 __run_timers+0x53e/0x800 kernel/time/timer.c:1970
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1983
 handle_softirqs+0x339/0x830 kernel/softirq.c:576
 __do_softirq kernel/softirq.c:610 [inline]
 invoke_softirq kernel/softirq.c:450 [inline]
 __irq_exit_rcu+0x13b/0x230 kernel/softirq.c:659
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:check_preemption_disabled+0xa/0x110 lib/smp_processor_id.c:13
Code: 2c 01 00 00 65 ff 0d c1 7a 46 76 5b c3 00 00 cc 48 c7 c7 a0 fd 79 8a 48 c7 c6 e0 fd 79 8a eb 00 55 41 57 41 56 53 48 83 ec 10 <65> 48 8b 04 25 28 00 00 00 48 89 44 24 08 65 8b 05 79 3b 45 76 65
RSP: 0018:ffffc900031bf458 EFLAGS: 00000282
RAX: ffffffff81988acd RBX: 000000000000002c RCX: 0000000000080000
RDX: ffffc90005ce1000 RSI: ffffffff8a79fde0 RDI: ffffffff8a79fda0
RBP: ffffc900031bf600 R08: 0000000000000002 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1b13e06 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffc900031bf560 R15: ffffc900031bf580
 perf_swevent_get_recursion_context+0x12/0x150 kernel/events/core.c:9742
 perf_trace_buf_alloc+0x54/0x300 kernel/trace/trace_event_perf.c:414
 perf_trace_lock_acquire+0x1a0/0x3e0 include/trace/events/lock.h:13
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0x3d7/0x400 kernel/locking/lockdep.c:5594
 rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:313
 rcu_read_lock include/linux/rcupdate.h:740 [inline]
 inet_twsk_purge+0x119/0x840 net/ipv4/inet_timewait_sock.c:268
 ops_exit_list net/core/net_namespace.c:177 [inline]
 setup_net+0x844/0xa10 net/core/net_namespace.c:365
 copy_net_ns+0x348/0x5b0 net/core/net_namespace.c:503
 create_new_namespaces+0x3d3/0x6f0 kernel/nsproxy.c:110
 copy_namespaces+0x37d/0x3e0 kernel/nsproxy.c:178
 copy_process+0x1834/0x3e20 kernel/fork.c:2293
 kernel_clone+0x23f/0x990 kernel/fork.c:2679
 __do_sys_clone kernel/fork.c:2796 [inline]
 __se_sys_clone kernel/fork.c:2780 [inline]
 __x64_sys_clone+0x19a/0x210 kernel/fork.c:2780
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f9ec9caddd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9ec7f06fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f9ec9f26fa0 RCX: 00007f9ec9caddd9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000
RBP: 00007f9ec9d43d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f9ec9f27038 R14: 00007f9ec9f26fa0 R15: 00007fff39dddb28
 </TASK>