BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 154s!
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=-20 stuck for 154s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x100
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=17 refcnt=18
in-flight: 5975:switchdev_deferred_process_work for 134s switchdev_deferred_process_work
pending: 6*nsim_dev_hwstats_traffic_work, psi_avgs_work, vmstat_shepherd, 3*psi_avgs_work, 4*ovs_dp_masks_rebalance
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=12 refcnt=13
in-flight: 1210:bpf_prog_free_deferred for 165s
pending: xfrm_state_gc_task, 2*ovs_dp_masks_rebalance, 4*nsim_dev_hwstats_traffic_work, 2*psi_avgs_work, delayed_vfree_work, rht_deferred_worker
workqueue events_long: flags=0x100
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
pending: defense_work_handler, br_fdb_cleanup
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=7 refcnt=8
pending: 5*defense_work_handler, 2*br_fdb_cleanup
workqueue events_unbound: flags=0x2
pwq 8: cpus=0-1 flags=0x4 nice=0 active=21 refcnt=22
in-flight: 1150:cfg80211_wiphy_work for 89s cfg80211_wiphy_work ,6683:nsim_dev_trap_report_work for 38s ,18477:toggle_allocation_gate for 47s ,1030:nsim_dev_trap_report_work for 12s ,7043:nsim_dev_trap_report_work for 38s ,6100:nsim_dev_trap_report_work for 47s ,6097:cfg80211_wiphy_work for 130s cfg80211_wiphy_work
pending: 5*nsim_dev_trap_report_work, macvlan_process_broadcast, 3*cfg80211_wiphy_work, nsim_dev_trap_report_work, flush_memcg_stats_dwork, crng_reseed
pwq 8: cpus=0-1 flags=0x4 nice=0 active=5 refcnt=6
in-flight: 7042:cfg80211_wiphy_work for 89s cfg80211_wiphy_work ,7044:cfg80211_wiphy_work for 64s cfg80211_wiphy_work
pending: macvlan_process_broadcast
workqueue events_freezable: flags=0x104
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: update_balloon_stats_func
workqueue events_power_efficient: flags=0x180
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=5 refcnt=6
in-flight: 10:neigh_periodic_work for 64s ,9669:gc_worker for 38s ,5944:reg_check_chans_work for 88s
pending: neigh_managed_work, do_cache_clean
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=11 refcnt=12
in-flight: 5830:wg_ratelimiter_gc_entries for 154s
pending: neigh_managed_work, 3*nf_flow_offload_work_gc, check_lifetime, neigh_periodic_work, 4*check_lifetime
workqueue rcu_gp: flags=0x108
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: srcu_invoke_callbacks
workqueue mm_percpu_wq: flags=0x108
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: vmstat_update
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: vmstat_update
workqueue writeback: flags=0x4a
workqueue kblockd: flags=0x18
pwq 3: cpus=0 node=0 flags=0x0 nice=-20 active=1 refcnt=2
pending: blk_mq_timeout_work
pwq 7: cpus=1 node=0 flags=0x0 nice=-20 active=1 refcnt=2
pending: blk_mq_requeue_work
workqueue ipv6_addrconf: flags=0x6000a
pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=9
in-flight: 6684:addrconf_verify_work for 89s
inactive: 5*addrconf_verify_work
workqueue bat_events: flags=0x6000a
pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=34
in-flight: 18477:batadv_bla_periodic_work for 0s
inactive: batadv_dat_purge, 4*batadv_mcast_mla_update, 2*batadv_iv_send_outstanding_bat_ogm_packet, 3*batadv_purge_orig, 2*batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, 4*batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, 2*batadv_dat_purge, batadv_bla_periodic_work, batadv_iv_send_outstanding_bat_ogm_packet, 2*batadv_tt_purge, batadv_bla_periodic_work, 3*batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, batadv_dat_purge
workqueue wg-crypt-wg1: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_decrypt_worker
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_tx_worker
workqueue wg-kex-wg2: flags=0x124
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
workqueue wg-crypt-wg2: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_decrypt_worker
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_tx_worker
workqueue wg-kex-wg0: flags=0x124
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
workqueue wg-crypt-wg0: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_decrypt_worker
pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=2 refcnt=3
in-flight: 5895:wg_packet_decrypt_worker for 0s wg_packet_decrypt_worker
workqueue wg-kex-wg1: flags=0x124
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
workqueue wg-crypt-wg1: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_decrypt_worker
workqueue wg-kex-wg2: flags=0x124
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
workqueue wg-crypt-wg2: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
pending: wg_packet_decrypt_worker, wg_packet_tx_worker
workqueue wg-crypt-wg0: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-crypt-wg1: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
pending: wg_packet_tx_worker, wg_packet_encrypt_worker
workqueue wg-kex-wg2: flags=0x124
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
pending: wg_packet_handshake_receive_worker
workqueue wg-crypt-wg2: flags=0x128
pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
pending: wg_packet_encrypt_worker, wg_packet_tx_worker
pool 2: cpus=0 node=0 flags=0x0 nice=0 hung=39s workers=9 idle: 17673 796 9583 5902 9
pool 6: cpus=1 node=0 flags=0x0 nice=0 hung=0s workers=8 idle: 5888 5895 24 5830 5987 16763
pool 8: cpus=0-1 flags=0x4 nice=0 hung=0s workers=15 idle: 7044 7045 6107 18477 7043 6683 13
Showing backtraces of busy workers in stalled worker pools:
pool 6:
task:kworker/1:2 state:D stack:24416 pid:1210 tgid:1210 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events bpf_prog_free_deferred
Call Trace:
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
bpf_prog_dev_bound_destroy+0x29/0x400 kernel/bpf/offload.c:377
bpf_prog_free_deferred+0x395/0x6b0 kernel/bpf/core.c:2948
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
pool 6:
task:kworker/1:1 state:D stack:24416 pid:42 tgid:42 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events xfrm_state_gc_task
Call Trace:
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
synchronize_rcu_expedited+0x584/0x770 kernel/rcu/tree_exp.h:976
xfrm_state_gc_task+0xdc/0x950 net/xfrm/xfrm_state.c:633
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5193 Comm: udevd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:do_perf_trace_lock_acquire include/trace/events/lock.h:24 [inline]
RIP: 0010:perf_trace_lock_acquire+0x349/0x440 include/trace/events/lock.h:24
Code: 8b 94 24 80 00 00 00 4c 8b 4c 24 60 41 b8 01 00 00 00 8b 74 24 14 48 8b 4c 24 28 6a 00 ff 74 24 10 e8 3b db 58 00 48 83 c4 10 <43> c6 44 37 08 f8 43 c6 44 37 04 f8 65 ff 0d e4 fa 7b 11 74 40 48
RSP: 0018:ffffc900031e7140 EFLAGS: 00000246
RAX: 1ffffd1ffff85682 RBX: ffffe8ffffc2b410 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff8c27d360 RDI: ffffffff8c27d320
RBP: ffffc900031e7240 R08: 0000000000000002 R09: 0000000000000000
R10: ffffc900031e73f8 R11: ffffffff81b0d0f0 R12: ffffffff8e62a540
R13: 000000000000000d R14: dffffc0000000000 R15: 1ffff9200063ce30
FS: 00007f646ad9b880(0000) GS:ffff888125453000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556975cb1f48 CR3: 000000007f306000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0100000000000000 DR2: 0000200000000300
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
__do_trace_lock_acquire include/trace/events/lock.h:24 [inline]
trace_lock_acquire include/trace/events/lock.h:24 [inline]
lock_acquire+0x2a4/0x2e0 kernel/locking/lockdep.c:5831
rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
rcu_read_lock include/linux/rcupdate.h:850 [inline]
class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
unwind_next_frame+0xc2/0x23c0 arch/x86/kernel/unwind_orc.c:495
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1433 [inline]
__free_frozen_pages+0xc2b/0xdb0 mm/page_alloc.c:2978
__slab_free+0x263/0x2b0 mm/slub.c:5573
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4538 [inline]
slab_alloc_node mm/slub.c:4866 [inline]
kmem_cache_alloc_node_noprof+0x384/0x690 mm/slub.c:4918
__alloc_skb+0x1d0/0x7d0 net/core/skbuff.c:702
netlink_sendmsg+0x5d4/0xb40 net/netlink/af_netlink.c:1869
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0x972/0x9f0 net/socket.c:2592
___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
__sys_sendmsg net/socket.c:2678 [inline]
__do_sys_sendmsg net/socket.c:2683 [inline]
__se_sys_sendmsg net/socket.c:2681 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2681
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f646b3c6407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd61346780 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f646ad9b880 RCX: 00007f646b3c6407
RDX: 0000000000000000 RSI: 00007ffd613467e0 RDI: 0000000000000004
RBP: 0000556975c884e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000088
R13: 0000556975c659e0 R14: 0000000000000000 R15: 0000000000000000
----------------
Code disassembly (best guess):
0: 8b 94 24 80 00 00 00 mov 0x80(%rsp),%edx
7: 4c 8b 4c 24 60 mov 0x60(%rsp),%r9
c: 41 b8 01 00 00 00 mov $0x1,%r8d
12: 8b 74 24 14 mov 0x14(%rsp),%esi
16: 48 8b 4c 24 28 mov 0x28(%rsp),%rcx
1b: 6a 00 push $0x0
1d: ff 74 24 10 push 0x10(%rsp)
21: e8 3b db 58 00 call 0x58db61
26: 48 83 c4 10 add $0x10,%rsp
* 2a: 43 c6 44 37 08 f8 movb $0xf8,0x8(%r15,%r14,1) <-- trapping instruction
30: 43 c6 44 37 04 f8 movb $0xf8,0x4(%r15,%r14,1)
36: 65 ff 0d e4 fa 7b 11 decl %gs:0x117bfae4(%rip) # 0x117bfb21
3d: 74 40 je 0x7f
3f: 48 rex.W