INFO: task hung in synchronize

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in synchronize_rcu (3)	1	C	done	done	374	1228d	2166d	22/29	fixed on 2023/02/24 13:50
linux-6.1	INFO: task hung in synchronize_rcu origin:lts-only	1	C		unreliable	55	27d	1184d	0/3	upstream: reported C repro on 2023/04/01 04:49
android-49	INFO: task hung in synchronize_rcu	1				1	2402d	2402d	0/3	auto-closed as invalid on 2020/03/28 16:57
linux-4.14	INFO: task hung in synchronize_rcu vfs	1	C		error	162	1243d	2425d	0/1	upstream: reported C repro on 2019/11/07 04:32
linux-4.19	INFO: task hung in synchronize_rcu	1	C		error	70	1232d	2423d	0/1	upstream: reported C repro on 2019/11/08 21:27
linux-5.15	INFO: task hung in synchronize_rcu	1				1	1169d	1169d	0/3	auto-obsoleted due to no activity on 2023/08/14 02:05
android-6-12	INFO: task hung in synchronize_rcu	1				41	227d	351d	0/1	auto-obsoleted due to no activity on 2026/01/01 15:51
linux-5.15	INFO: task hung in synchronize_rcu (3) origin:lts-only	1	C		error	55	11d	702d	0/3	upstream: reported C repro on 2024/07/26 03:55
upstream	INFO: task hung in synchronize_rcu	1	syz	done		1206	2402d	2428d	14/29	fixed on 2019/11/29 15:48
upstream	INFO: task hung in synchronize_rcu (4) prio:high fs net	1	C	done	error	3918	2h25m	1151d	0/29	upstream: reported C repro on 2023/05/04 02:01
linux-5.15	INFO: task hung in synchronize_rcu (2)	1				1	857d	857d	0/3	auto-obsoleted due to no activity on 2024/05/31 13:53
android-414	INFO: task hung in synchronize_rcu	1				1	2420d	2420d	0/1	auto-closed as invalid on 2020/03/10 10:42
upstream	INFO: task hung in synchronize_rcu (2) trace	1				8	2401d	2402d	0/29	closed as invalid on 2019/11/30 16:54
android-6-12	INFO: task hung in synchronize_rcu (2)	1				5	92d	133d	0/1	auto-obsoleted due to no activity on 2026/06/25 10:28
upstream	INFO: task hung in rtnetlink_rcv_msg net	1	C	inconclusive	inconclusive	1970	719d	2682d	26/29	fixed on 2024/07/09 19:14

INFO: task kworker/u4:7:1095 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:7 state:D stack:21768 pid:1095 ppid:2 flags:0x00004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2c6/0x5a0 kernel/sched/completion.c:148 __synchronize_srcu+0x339/0x3d0 kernel/rcu/srcutree.c:1386 fsnotify_mark_destroy_workfn+0x10a/0x2e0 fs/notify/mark.c:928 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa60/0x1600 kernel/workqueue.c:2730 worker_thread+0xa5e/0xfe0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task kworker/u4:9:1143 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:9 state:D stack:21768 pid:1143 ppid:2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2c6/0x5a0 kernel/sched/completion.c:148 __synchronize_srcu+0x339/0x3d0 kernel/rcu/srcutree.c:1386 fsnotify_connector_destroy_workfn+0x44/0xa0 fs/notify/mark.c:234 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa60/0x1600 kernel/workqueue.c:2730 worker_thread+0xa5e/0xfe0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task syz.4.84:6190 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.84 state:D stack:23112 pid:6190 ppid:6008 flags:0x00004006 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 tun_detach drivers/net/tun.c:698 [inline] tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3514 __fput+0x221/0x930 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0x986/0x2530 kernel/exit.c:884 do_group_exit+0x22d/0x2f0 kernel/exit.c:1026 get_signal+0x12a6/0x1390 kernel/signal.c:2903 arch_do_signal_or_restart+0xc2/0x7b0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fe68539ce59 RSP: 002b:00007fe68629bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: fffffffffffffff4 RBX: 00007fe685615fa0 RCX: 00007fe68539ce59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 RBP: 00007fe685432e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 00007fe685616038 R14: 00007fe685615fa0 R15: 00007ffd57cf31f8 </TASK> INFO: task syz.6.85:6197 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.6.85 state:D stack:25768 pid:6197 ppid:6014 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2c6/0x5a0 kernel/sched/completion.c:148 __synchronize_srcu+0x339/0x3d0 kernel/rcu/srcutree.c:1386 tracepoint_synchronize_unregister include/linux/tracepoint.h:93 [inline] perf_trace_event_unreg+0xbf/0x1b0 kernel/trace/trace_event_perf.c:168 perf_trace_destroy+0x9e/0x140 kernel/trace/trace_event_perf.c:241 _free_event+0xbe8/0xfb0 kernel/events/core.c:5273 __do_sys_perf_event_open kernel/events/core.c:12984 [inline] __se_sys_perf_event_open+0xfa1/0x1c60 kernel/events/core.c:12601 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f298439ce59 RSP: 002b:00007f298523a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f2984616090 RCX: 00007f298439ce59 RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00002000000001c0 RBP: 00007f2984432e6f R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000 R13: 00007f2984616128 R14: 00007f2984616090 R15: 00007fff4180aab8 </TASK> INFO: task syz.7.86:6196 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.7.86 state:D stack:26824 pid:6196 ppid:6015 flags:0x00004002 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 perf_trace_destroy+0x2e/0x140 kernel/trace/trace_event_perf.c:239 _free_event+0xbe8/0xfb0 kernel/events/core.c:5273 put_event kernel/events/core.c:5370 [inline] perf_event_release_kernel+0x7c8/0x850 kernel/events/core.c:5495 perf_release+0x3b/0x40 kernel/events/core.c:5505 __fput+0x221/0x930 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0x986/0x2530 kernel/exit.c:884 do_group_exit+0x22d/0x2f0 kernel/exit.c:1026 get_signal+0x12a6/0x1390 kernel/signal.c:2903 arch_do_signal_or_restart+0xc2/0x7b0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f5325f9ce59 RSP: 002b:00007f5326e65028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: 0000000000000003 RBX: 00007f5326215fa0 RCX: 00007f5325f9ce59 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000500 RBP: 00007f5326032e6f R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5326216038 R14: 00007f5326215fa0 R15: 00007fff83efae28 </TASK> INFO: task syz.5.87:6206 blocked for more than 146 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.87 state:D stack:29096 pid:6206 ppid:6012 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 perf_trace_init+0x50/0x2d0 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x8d/0x110 kernel/events/core.c:10228 perf_try_init_event+0x12b/0x3c0 kernel/events/core.c:11852 perf_init_event kernel/events/core.c:11922 [inline] perf_event_alloc+0xed4/0x2150 kernel/events/core.c:12203 __do_sys_perf_event_open kernel/events/core.c:12710 [inline] __se_sys_perf_event_open+0x740/0x1c60 kernel/events/core.c:12601 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8c4cf9ce59 RSP: 002b:00007f8c4dd6f028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f8c4d215fa0 RCX: 00007f8c4cf9ce59 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000040 RBP: 00007f8c4d032e6f R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8c4d216038 R14: 00007f8c4d215fa0 R15: 00007ffee55234a8 </TASK> INFO: task syz.5.87:6207 blocked for more than 146 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.87 state:D stack:27912 pid:6207 ppid:6012 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 __tun_chr_ioctl+0x3f7/0x2070 drivers/net/tun.c:3124 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8c4cf9ce59 RSP: 002b:00007f8c4b1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f8c4d216090 RCX: 00007f8c4cf9ce59 RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000005 RBP: 00007f8c4d032e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8c4d216128 R14: 00007f8c4d216090 R15: 00007ffee55234a8 </TASK> INFO: task syz.5.87:6208 blocked for more than 147 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.87 state:D stack:27912 pid:6208 ppid:6012 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 tun_detach drivers/net/tun.c:698 [inline] tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3514 __fput+0x221/0x930 fs/file_table.c:384 __do_sys_close fs/open.c:1573 [inline] __se_sys_close+0x15c/0x1e0 fs/open.c:1558 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8c4cf9ce59 RSP: 002b:00007f8c4b1d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 00007f8c4d216180 RCX: 00007f8c4cf9ce59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 RBP: 00007f8c4d032e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8c4d216218 R14: 00007f8c4d216180 R15: 00007ffee55234a8 </TASK> INFO: task syz.5.87:6210 blocked for more than 147 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.87 state:D stack:28424 pid:6210 ppid:6012 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 dev_ioctl+0x7a4/0x1140 net/core/dev_ioctl.c:769 sock_do_ioctl+0x239/0x310 net/socket.c:1234 sock_ioctl+0x5be/0x7e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8c4cf9ce59 RSP: 002b:00007f8c4adb2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f8c4d216270 RCX: 00007f8c4cf9ce59 RDX: 0000200000000300 RSI: 0000000000008914 RDI: 0000000000000006 RBP: 00007f8c4d032e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8c4d216308 R14: 00007f8c4d216270 R15: 00007ffee55234a8 </TASK> INFO: task syz.5.87:6212 blocked for more than 148 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.87 state:D stack:27272 pid:6212 ppid:6012 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x15ae/0x4660 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x673/0xc80 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:78 [inline] rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 netlink_rcv_skb+0x235/0x4c0 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x7b1/0x930 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1899 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x2dc/0x420 net/socket.c:1161 call_write_iter include/linux/fs.h:2018 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x474/0x9a0 fs/read_write.c:584 ksys_write+0x151/0x260 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8c4cf9ce59 RSP: 002b:00007f8c4a98f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f8c4d216360 RCX: 00007f8c4cf9ce59 RDX: 000000000000fe33 RSI: 0000200000000040 RDI: 0000000000000004 RBP: 00007f8c4d032e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8c4d2163f8 R14: 00007f8c4d216360 R15: 00007ffee55234a8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings Showing all locks held in the system: 2 locks held by kworker/0:0/8: 2 locks held by kworker/0:1/10: 3 locks held by kworker/u4:0/11: #0: ffff88802ce75938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #0: ffff88802ce75938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #1: ffffc90000107d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #1: ffffc90000107d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #2: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4723 3 locks held by kworker/1:0/23: #0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #1: ffffc900001d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #1: ffffc900001d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #2: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x92/0xd90 net/wireless/reg.c:2463 1 lock held by khungtaskd/29: #0: ffffffff8d131da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline] #0: ffffffff8d131da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline] #0: ffffffff8d131da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633 4 locks held by kworker/0:2/56: 2 locks held by kworker/u4:7/1095: #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #1: ffffc9000488fd00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #1: ffffc9000488fd00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 5 locks held by kworker/u4:8/1134: #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #1: ffffc90004a5fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #1: ffffc90004a5fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #2: ffffffff8e3b2e50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0 net/core/net_namespace.c:606 #3: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: ip6gre_exit_batch_net+0xcb/0x4a0 net/ipv6/ip6_gre.c:1651 #4: ffffffff8cfcd110 (cpu_hotplug_lock){++++}-{0:0}, at: flush_all_backlogs net/core/dev.c:6004 [inline] #4: ffffffff8cfcd110 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x59b/0x1910 net/core/dev.c:11106 2 locks held by kworker/u4:9/1143: #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 #1: ffffc90004a4fd00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline] #1: ffffc90004a4fd00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 kernel/workqueue.c:2730 2 locks held by kworker/0:3/1201: 2 locks held by getty/5534: #0: ffff888031aba0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x428/0x1370 drivers/tty/n_tty.c:2217 2 locks held by kworker/0:5/6083: 1 lock held by syz.4.84/6190: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3514 1 lock held by syz.6.85/6197: #0: ffffffff8d187ee8 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x2e/0x140 kernel/trace/trace_event_perf.c:239 1 lock held by syz.7.86/6196: #0: ffffffff8d187ee8 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x2e/0x140 kernel/trace/trace_event_perf.c:239 2 locks held by syz.5.87/6206: #0: ffffffff97312c30 (&pmus_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline] #0: ffffffff97312c30 (&pmus_srcu){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline] #0: ffffffff97312c30 (&pmus_srcu){.+.+}-{0:0}, at: perf_init_event kernel/events/core.c:11882 [inline] #0: ffffffff97312c30 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xb23/0x2150 kernel/events/core.c:12203 #1: ffffffff8d187ee8 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0 kernel/trace/trace_event_perf.c:221 1 lock held by syz.5.87/6207: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3f7/0x2070 drivers/net/tun.c:3124 1 lock held by syz.5.87/6208: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3514 1 lock held by syz.5.87/6210: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7a4/0x1140 net/core/dev_ioctl.c:769 1 lock held by syz.5.87/6212: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6215: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6219: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6221: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6224: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6236: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6242: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6244: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6247: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6261: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6268: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6270: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 1 lock held by syz-executor/6276: #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ed/0xf90 net/core/rtnetlink.c:6473 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: <TASK> dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xf59/0xfa0 kernel/hung_task.c:379 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 56 Comm: kworker/0:2 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker RIP: 0010:arch_irqs_disabled_flags arch/x86/include/asm/irqflags.h:126 [inline] RIP: 0010:seqcount_lockdep_reader_access+0x88/0x1d0 include/linux/seqlock.h:101 Code: 89 04 3e 43 c7 44 3e 08 f8 f3 f3 f3 e8 b1 c0 0f 00 43 c6 44 3e 08 00 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 4c 8b 64 24 40 <43> c6 44 3e 08 f8 fa 4c 89 e6 48 81 e6 00 02 00 00 31 ff e8 c0 c4 RSP: 0018:ffffc90000006b80 EFLAGS: 00000006 RAX: ffffffff8177249f RBX: 0000000000000000 RCX: ffff88801aef3c00 RDX: 0000000000010100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90000006c30 R08: ffffffff8e8ae5ef R09: 1ffffffff1d15cbd R10: dffffc0000000000 R11: fffffbfff1d15cbe R12: 0000000000000006 R13: dffffc0000000000 R14: 1ffff92000000d70 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5326d456b8 CR3: 000000000cf32000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: <IRQ> ktime_get+0x35/0x280 kernel/time/timekeeping.c:846 hrtimer_forward_now include/linux/hrtimer.h:509 [inline] perf_swevent_hrtimer+0x4ae/0x610 kernel/events/core.c:11227 __run_hrtimer kernel/time/hrtimer.c:1754 [inline] __hrtimer_run_queues+0x4e8/0xc10 kernel/time/hrtimer.c:1818 hrtimer_interrupt+0x39d/0x980 kernel/time/hrtimer.c:1880 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline] __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x80 kernel/kcov.c:293 Code: c0 4c 89 01 48 c7 44 11 08 04 00 00 00 48 89 7c 11 10 48 89 74 11 18 48 89 44 11 20 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d d0 d0 7c 7e 65 8b 15 d1 d0 7c RSP: 0018:ffffc90000007230 EFLAGS: 00000202 RAX: ffffc90000008000 RBX: ffffc90000000001 RCX: ffffc90000007e48 RDX: ffff88801aef3c00 RSI: ffffc90000007e20 RDI: ffffc90000007e40 RBP: 0000000000000002 R08: ffff88801aef3c00 R09: 0000000000000003 R10: 0000000000000004 R11: 0000000000000100 R12: ffffc90000007e20 R13: ffffc90000007308 R14: ffffc90000007e40 R15: ffffc90000007318 unwind_next_frame+0x1cf5/0x2990 arch/x86/kernel/unwind_orc.c:-1 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:46 [inline] kasan_set_track+0x4e/0x70 mm/kasan/common.c:53 ____kasan_kmalloc mm/kasan/common.c:375 [inline] __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:384 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:721 [inline] ref_tracker_alloc+0x163/0x4b0 lib/ref_tracker.c:203 __netdev_tracker_alloc include/linux/netdevice.h:4110 [inline] netdev_hold include/linux/netdevice.h:4139 [inline] dst_init+0xc0/0x470 net/core/dst.c:52 dst_alloc+0x12e/0x170 net/core/dst.c:94 ip6_dst_alloc net/ipv6/route.c:344 [inline] icmp6_dst_alloc+0x7c/0x400 net/ipv6/route.c:3320 ndisc_send_skb+0x422/0x1480 net/ipv6/ndisc.c:493 addrconf_rs_timer+0x36b/0x640 net/ipv6/addrconf.c:4029 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701 expire_timers kernel/time/timer.c:1752 [inline] __run_timers+0x570/0x810 kernel/time/timer.c:2023 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036 handle_softirqs+0x27d/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:preempt_schedule_irq+0xba/0x150 kernel/sched/core.c:7010 Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 6f bf 01 00 00 00 e8 01 48 d0 f6 e8 3c 34 01 f7 fb bf 01 00 00 00 <e8> 31 b4 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f RSP: 0018:ffffc90001366de0 EFLAGS: 00000282 RAX: d37d032f428b7500 RBX: 0000000000000000 RCX: d37d032f428b7500 RDX: dffffc0000000000 RSI: ffffffff8acacb60 RDI: 0000000000000001 RBP: ffffc90001366e90 R08: ffffffff911bc5f7 R09: 1ffffffff22378be R10: dffffc0000000000 R11: fffffbfff22378bf R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff9200026cdbc irqentry_exit+0x67/0x70 kernel/entry/common.c:438 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:chacha_permute+0x3fd/0xef0 lib/crypto/chacha.c:51 Code: f5 c1 c5 10 44 01 df 31 fb c1 c3 10 45 01 e8 45 31 c4 41 c1 c4 0c 01 c1 41 31 ce 41 c1 c6 0c 44 8b 0c 24 41 01 e9 44 89 0c 24 <45> 31 cf 41 c1 c7 0c 45 89 e1 44 8b 64 24 0c 41 01 dc 44 89 64 24 RSP: 0018:ffffc90001366f50 EFLAGS: 00000206 RAX: 00000000eb5dc37a RBX: 00000000eee3282b RCX: 00000000a168d80e RDX: 00000000066f4383 RSI: 00000000a8a2695d RDI: 0000000083ff24f3 RBP: 000000001130716a R08: 0000000064000daa R09: 00000000160b909f R10: 00000000233ed337 R11: 0000000019978faa R12: 0000000064a74fa1 R13: 0000000024143ae6 R14: 00000000501217ae R15: 000000000193b282 chacha_block_generic+0xc6/0xda0 lib/crypto/chacha.c:83 chacha_crypt_generic+0x85b/0x8d0 lib/crypto/libchacha.c:29 chacha_crypt include/crypto/chacha.h:100 [inline] chacha20_crypt include/crypto/chacha.h:108 [inline] chacha20poly1305_crypt_sg_inplace+0x41c/0xb90 lib/crypto/chacha20poly1305.c:245 chacha20poly1305_encrypt_sg_inplace+0x3e/0x50 lib/crypto/chacha20poly1305.c:338 encrypt_packet drivers/net/wireguard/send.c:216 [inline] wg_packet_encrypt_worker+0x905/0x15b0 drivers/net/wireguard/send.c:297 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa60/0x1600 kernel/workqueue.c:2730 worker_thread+0xa5e/0xfe0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK>

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/06/25 17:40	linux-6.6.y	d1cfde2d5d15	cfa969bf	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2026/04/26 13:45	linux-6.6.y	9760bf04666d	9c2d0995	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2026/04/20 05:23	linux-6.6.y	9760bf04666d	303e2802	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2026/01/15 21:39	linux-6.6.y	c596736dadab	d6526ea3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2025/12/22 06:24	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2025/12/10 21:00	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in synchronize_rcu
2025/10/30 17:16	linux-6.6.y	e5bbb12db2c7	2c50b6a9	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	INFO: task hung in synchronize_rcu