watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [kworker/u8:12:12725] Modules linked in: irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x288a/0x7ff0 kernel/fork.c:2232 softirqs last enabled at (0): [] copy_process+0x28de/0x7ff0 kernel/fork.c:2233 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 1 UID: 0 PID: 12725 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline] RIP: 0010:smp_call_function_many_cond+0x58e/0x16c0 kernel/smp.c:892 Code: 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 a9 81 0c 00 f3 90 41 0f b6 45 00 <41> 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31 ff 83 e0 01 41 RSP: 0018:ffffc90006f47878 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fcf23d RDX: ffff888026b58000 RSI: ffffffff81fcf217 RDI: ffff888026b58000 RBP: ffff8880b8443320 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 R13: ffffed1017088665 R14: 0000000000000001 R15: ffff8880b853c840 FS: 0000000000000000(0000) GS:ffff888124477000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd6dd49418 CR3: 000000000e596000 CR4: 0000000000350ef0 Call Trace: on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1057 on_each_cpu include/linux/smp.h:72 [inline] smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2773 [inline] smp_text_poke_batch_finish+0x337/0xc60 arch/x86/kernel/alternative.c:2983 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 jump_label_update+0x37a/0x550 kernel/jump_label.c:910 static_key_enable_cpuslocked+0x1bc/0x270 kernel/jump_label.c:210 static_key_enable+0x1a/0x20 kernel/jump_label.c:223 toggle_allocation_gate mm/kfence/core.c:906 [inline] toggle_allocation_gate+0xfe/0x2d0 mm/kfence/core.c:898 process_one_work+0xa23/0x1940 kernel/workqueue.c:3314 process_scheduled_works kernel/workqueue.c:3397 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 18297 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 RIP: 0010:__rcu_read_unlock+0x0/0x5e0 kernel/rcu/tree_plugin.h:431 Code: f8 e8 94 6d ff ff 48 89 df 5b e9 8b f0 ff ff e8 26 f6 87 00 eb e7 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 41 57 41 56 41 55 41 54 55 53 65 48 8b 1d 72 10 1c 12 RSP: 0018:ffffc90000007de0 EFLAGS: 00000086 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff899bbf20 RDX: 0000000000000000 RSI: ffffffff8c1c9500 RDI: ffffffff8e1d3920 RBP: ffff88807a8ba400 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000003e9 R12: 0000000000000000 R13: 18b997be59f99ac5 R14: ffff88807a8ba800 R15: ffff88807a8ba800 FS: 00007f0dad0edc80(0000) GS:ffff888124377000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffefd668d68 CR3: 00000000369a3000 CR4: 0000000000350ef0 Call Trace: rcu_read_unlock include/linux/rcupdate.h:873 [inline] advance_sched+0x775/0xd20 net/sched/sch_taprio.c:994 __run_hrtimer kernel/time/hrtimer.c:2032 [inline] __hrtimer_run_queues+0x462/0x9c0 kernel/time/hrtimer.c:2096 hrtimer_interrupt+0x3e5/0x940 kernel/time/hrtimer.c:2215 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1051 [inline] __sysvec_apic_timer_interrupt+0x109/0x470 arch/x86/kernel/apic/apic.c:1068 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline] sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1062 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674 RIP: 0010:stack_trace_consume_entry+0x0/0x170 kernel/stacktrace.c:83 Code: e8 05 de 15 00 e9 36 ff ff ff 49 c7 c4 ea ff ff ff eb c7 e8 92 c5 96 09 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 55 53 48 89 fb 48 83 c7 RSP: 0018:ffffc900061e79c8 EFLAGS: 00000282 RAX: ffffffff827646d0 RBX: ffffc900061e79d0 RCX: ffffffff917ba001 RDX: 1ffff92000c3cf43 RSI: ffffffff827646d0 RDI: ffffc900061e7a90 RBP: ffffc900061e7a60 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900061e7a2f R11: 000000000000f398 R12: ffffffff81f395e0 R13: ffffc900061e7a90 R14: 0000000000000000 R15: ffff88802ff6be00 arch_stack_walk+0x88/0xf0 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_record_aux_stack+0xa7/0xc0 mm/kasan/generic.c:556 __call_rcu_common.constprop.0+0xa5/0x9b0 kernel/rcu/tree.c:3159 slab_free_hook mm/slub.c:2664 [inline] slab_free mm/slub.c:6310 [inline] kmem_cache_free+0x43e/0x6b0 mm/slub.c:6437 file_free fs/file_table.c:104 [inline] __fput+0x68d/0xb50 fs/file_table.c:525 fput_close_sync+0x118/0x250 fs/file_table.c:617 __do_sys_close fs/open.c:1538 [inline] __se_sys_close fs/open.c:1523 [inline] __x64_sys_close+0x8b/0x120 fs/open.c:1523 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0dad2aba67 Code: 44 00 00 48 83 ec 10 48 63 ff 45 31 c9 45 31 c0 6a 01 31 c9 e8 ca 19 f9 ff 48 83 c4 18 c3 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 61 b3 0d 00 f7 d8 64 89 02 b8 RSP: 002b:00007ffefd669ad8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0dad2aba67 RDX: 000000000000d371 RSI: 000055e8db2f4c90 RDI: 0000000000000003 RBP: 000055e8db2ea50e R08: 0000000000005330 R09: 0000000000000000 R10: 000055e8db2ea509 R11: 0000000000000202 R12: 00007ffefd669c28 R13: 000055e8db2ea508 R14: 0000000000000001 R15: 000055e8db2ed067