watchdog: BUG: soft lockup - CPU#0 stuck for 121s! [syz.9.14763:12866] Modules linked in: irq event stamp: 16852675 hardirqs last enabled at (16852674): [] irqentry_exit+0x59e/0x620 kernel/entry/common.c:242 hardirqs last disabled at (16852675): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1056 softirqs last enabled at (16072192): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (16072192): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (16072192): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 softirqs last disabled at (16072195): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (16072195): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (16072195): [] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 CPU: 0 UID: 0 PID: 12866 Comm: syz.9.14763 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:229 [inline] RIP: 0010:unwind_next_frame+0x223/0x23c0 arch/x86/kernel/unwind_orc.c:510 Code: 86 78 04 00 00 44 89 f8 4c 8d 2c 85 60 84 52 91 4c 89 e8 48 c1 e8 03 0f b6 04 28 84 c0 48 89 eb 0f 85 25 1c 00 00 45 8b 6d 00 <44> 89 f8 ff c0 48 8d 2c 85 60 84 52 91 48 89 e8 48 c1 e8 03 0f b6 RSP: 0018:ffffc90000005fd8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000300 RDX: 00000000000ab1bc RSI: ffffffff8c27b3e0 RDI: ffffffff8c27b3a0 RBP: dffffc0000000000 R08: ffffffff81767de5 R09: ffffffff8e75e3e0 R10: ffffc900000060f8 R11: ffffffff81b0bfa0 R12: ffffffff899e7bf0 R13: 00000000001854cc R14: ffffc900000060a8 R15: 0000000000089e7b FS: 00007f371792b6c0(0000) GS:ffff888125463000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd6d55b1c0 CR3: 000000004647c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000200000000300 DR3: 0000000000008d24 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2692 [inline] slab_free mm/slub.c:6168 [inline] kmem_cache_free+0x187/0x630 mm/slub.c:6298 packet_rcv+0x175/0x1720 net/packet/af_packet.c:2223 dev_queue_xmit_nit+0xa39/0xad0 net/core/dev.c:2606 xmit_one net/core/dev.c:3867 [inline] dev_hard_start_xmit+0x1cf/0x870 net/core/dev.c:3887 sch_direct_xmit+0x251/0x4c0 net/sched/sch_generic.c:347 __dev_xmit_skb net/core/dev.c:4186 [inline] __dev_queue_xmit+0x1550/0x3890 net/core/dev.c:4802 dev_queue_xmit include/linux/netdevice.h:3384 [inline] neigh_hh_output include/net/neighbour.h:540 [inline] neigh_output include/net/neighbour.h:554 [inline] ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x29f/0x450 net/ipv4/ip_output.c:438 __ip_queue_xmit+0x116a/0x1bb0 net/ipv4/ip_output.c:534 __tcp_transmit_skb+0x2b30/0x43e0 net/ipv4/tcp_output.c:1693 tcp_ack_snd_check net/ipv4/tcp_input.c:6217 [inline] tcp_rcv_established+0x10a9/0x2740 net/ipv4/tcp_input.c:6711 tcp_v4_do_rcv+0xa90/0x1430 net/ipv4/tcp_ipv4.c:1884 tcp_v4_rcv+0x2825/0x31f0 net/ipv4/tcp_ipv4.c:2319 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318 dst_input include/net/dst.h:480 [inline] ip_sublist_rcv_finish+0x1f0/0x240 net/ipv4/ip_input.c:584 ip_list_rcv_finish net/ipv4/ip_input.c:636 [inline] ip_sublist_rcv+0x761/0xa70 net/ipv4/ip_input.c:644 ip_list_rcv+0x3f1/0x450 net/ipv4/ip_input.c:678 __netif_receive_skb_list_ptype net/core/dev.c:6207 [inline] __netif_receive_skb_list_core+0x7e5/0x810 net/core/dev.c:6254 __netif_receive_skb_list net/core/dev.c:6306 [inline] netif_receive_skb_list_internal+0x995/0xcf0 net/core/dev.c:6397 gro_normal_list include/net/gro.h:523 [inline] gro_normal_one include/net/gro.h:543 [inline] gro_skb_finish net/core/gro.c:603 [inline] gro_receive_skb+0x632/0xd40 net/core/gro.c:633 receive_buf+0xb09/0x1900 drivers/net/virtio_net.c:2658 virtnet_receive_packets drivers/net/virtio_net.c:2970 [inline] virtnet_receive drivers/net/virtio_net.c:2994 [inline] virtnet_poll+0x219e/0x2f90 drivers/net/virtio_net.c:3083 __napi_poll+0xae/0x340 net/core/dev.c:7692 napi_poll net/core/dev.c:7755 [inline] net_rx_action+0x627/0xf70 net/core/dev.c:7912 handle_softirqs+0x22a/0x870 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:preempt_schedule_irq+0x48/0xa0 kernel/sched/core.c:7235 Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 63 c5 e4 f5 e8 1e 60 1e f6 fb bf 01 00 00 00 c3 a6 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 f4 61 1e f6 bf 01 RSP: 0018:ffffc90003797860 EFLAGS: 00000202 RAX: 0000000000435c9b RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000007 RSI: ffffffff8def4d5f RDI: 0000000000000001 RBP: 0000000000000000 R08: ffffffff90118db7 R09: 1ffffffff20231b6 R10: dffffc0000000000 R11: fffffbfff20231b7 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 irqentry_exit+0x599/0x620 kernel/entry/common.c:239 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:37 [inline] RIP: 0010:__mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:41 [inline] RIP: 0010:mmap_read_lock include/linux/mmap_lock.h:593 [inline] RIP: 0010:acct_collect+0x1a4/0x7c0 kernel/acct.c:568 Code: 00 01 00 00 00 0f 1f 44 00 00 e8 07 2e 0b 00 48 8b 5c 24 10 48 8d bb d0 02 00 00 48 89 7c 24 30 e8 61 54 f5 09 0f 1f 44 00 00 e7 2d 0b 00 4c 89 e7 48 c7 c6 ff ff ff ff e8 c8 a4 eb 09 48 85 RSP: 0018:ffffc90003797980 EFLAGS: 00000286 RAX: 0000000080000000 RBX: ffff888031c11880 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: 00000000ffffffff RBP: ffffc90003797af0 R08: ffff888031c11b5f R09: 1ffff1100638236b R10: dffffc0000000000 R11: ffffed100638236c R12: ffffc90003797a20 R13: 1ffff920006f2f38 R14: dffffc0000000000 R15: ffff88802f4f6140 do_exit+0x615/0x23c0 kernel/exit.c:940 do_group_exit+0x21b/0x2d0 kernel/exit.c:1118 get_signal+0x1284/0x1330 kernel/signal.c:3034 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f371699c799 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f371792b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 00007f3716c15fa8 RCX: 00007f371699c799 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3716c15fac RBP: 00007f3716c15fa0 R08: 3fffffffffffffff R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3716c16038 R14: 00007ffdae6288e0 R15: 00007ffdae6289c8 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 1296 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:lookup_object lib/debugobjects.c:440 [inline] RIP: 0010:debug_object_deactivate+0xc0/0x3a0 lib/debugobjects.c:892 Code: 00 00 00 4d 85 ed 74 49 45 31 e4 eb 0c 4d 8b 6d 00 41 ff c4 4d 85 ed 74 38 49 8d 5d 18 48 89 dd 48 c1 ed 03 42 80 7c 35 00 00 <74> 08 48 89 df e8 16 45 77 fd 4c 39 3b 74 41 4c 89 e8 48 c1 e8 03 RSP: 0018:ffffc90000a08ce8 EFLAGS: 00000046 RAX: 1ffff11005144c00 RBX: ffff888031599fd8 RCX: 0000000000000001 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000a08c40 RBP: 1ffff110062b33fb R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000141188 R12: 0000000000000007 R13: ffff888031599fc0 R14: dffffc0000000000 R15: ffff8880b8728be0 FS: 0000000000000000(0000) GS:ffff888125563000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005557c183c148 CR3: 0000000089f68000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000200000000300 DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: debug_hrtimer_deactivate kernel/time/hrtimer.c:451 [inline] __run_hrtimer kernel/time/hrtimer.c:1753 [inline] __hrtimer_run_queues+0x2c5/0xcc0 kernel/time/hrtimer.c:1849 hrtimer_interrupt+0x42b/0x1010 kernel/time/hrtimer.c:1911 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline] __sysvec_apic_timer_interrupt+0x102/0x460 arch/x86/kernel/apic/apic.c:1062 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:console_trylock_spinning kernel/printk/printk.c:2039 [inline] RIP: 0010:vprintk_emit+0x45d/0x560 kernel/printk/printk.c:2478 Code: 0f 84 44 ff ff ff e8 42 2d 21 00 fb eb 44 e8 3a 2d 21 00 e8 15 82 09 0a 4d 85 f6 74 94 e8 2b 2d 21 00 fb 48 c7 c7 20 08 75 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 cb 16 RSP: 0018:ffffc9000536f3a0 EFLAGS: 00000293 RAX: ffffffff81a47085 RBX: ffffffff81a46eff RCX: ffff888029018000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e750820 RBP: ffffc9000536f450 R08: ffffffff90118db7 R09: 1ffffffff20231b6 R10: dffffc0000000000 R11: fffffbfff20231b7 R12: 0000000000000000 R13: 000000000000002d R14: 0000000000000200 R15: 1ffff92000a6de78 dev_vprintk_emit+0x355/0x420 drivers/base/core.c:4913 dev_printk_emit+0xee/0x140 drivers/base/core.c:4924 __netdev_printk+0x3e1/0x480 net/core/dev.c:12934 netdev_warn+0x11e/0x180 net/core/dev.c:12987 ieee802154_subif_start_xmit+0x136/0x190 net/mac802154/tx.c:232 __netdev_start_xmit include/linux/netdevice.h:5292 [inline] netdev_start_xmit include/linux/netdevice.h:5301 [inline] xmit_one net/core/dev.c:3871 [inline] dev_hard_start_xmit+0x2d8/0x870 net/core/dev.c:3887 sch_direct_xmit+0x251/0x4c0 net/sched/sch_generic.c:347 __dev_xmit_skb net/core/dev.c:4186 [inline] __dev_queue_xmit+0x1550/0x3890 net/core/dev.c:4802 dev_queue_xmit include/linux/netdevice.h:3384 [inline] tx+0x6b/0x190 drivers/block/aoe/aoenet.c:62 kthread+0x1e0/0x3f0 drivers/block/aoe/aoecmd.c:1241 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245