INFO: task kworker/u4:9:14117 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:9 state:D stack:25896 pid:14117 ppid:2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
Showing all locks held in the system:
1 lock held by kthreadd/2:
4 locks held by kworker/0:1/9:
3 locks held by kworker/1:1/27:
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc90000a2fd00 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc90000a2fd00 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e6fc8e8 (ovs_mutex){+.+.}-{3:3}, at: ovs_lock net/openvswitch/datapath.c:109 [inline]
#2: ffffffff8e6fc8e8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x2f/0xe0 net/openvswitch/datapath.c:2534
1 lock held by khungtaskd/29:
#0: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
#0: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
5 locks held by kworker/u4:2/34:
3 locks held by kworker/u4:3/49:
#0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc90000ba7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc90000ba7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3c2808 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:286
2 locks held by kworker/u4:7/2925:
3 locks held by kworker/u4:8/2938:
3 locks held by kworker/u4:10/3521:
4 locks held by kworker/u4:12/4522:
#0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc9000ea97d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc9000ea97d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3b57d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0 net/core/net_namespace.c:606
#3: ffffffff8e3c2808 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1c/0x1c0 drivers/net/wireguard/device.c:421
2 locks held by klogd/5130:
4 locks held by dhcpcd/5436:
2 locks held by getty/5531:
#0: ffff88802d2cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217
1 lock held by syz-executor/5770:
#0: ffffffff8e3c2808 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8e3c2808 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511
1 lock held by syz-executor/5771:
2 locks held by kworker/1:4/5816:
3 locks held by kworker/1:13/6503:
2 locks held by kworker/u4:1/14111:
3 locks held by kworker/u4:6/14116:
3 locks held by kworker/u4:9/14117:
#0: ffff88802c4c6538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff88802c4c6538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc9000439fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc9000439fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3c2808 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718
6 locks held by syz.3.5313/17849:
1 lock held by syz-executor/17869:
2 locks held by kworker/1:2/17874:
#0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc90003237d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc90003237d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
3 locks held by kworker/1:3/17877:
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc900032a7d00 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc900032a7d00 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e6fc8e8 (ovs_mutex){+.+.}-{3:3}, at: ovs_lock net/openvswitch/datapath.c:109 [inline]
#2: ffffffff8e6fc8e8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x2f/0xe0 net/openvswitch/datapath.c:2534
1 lock held by syz-executor/17881:
2 locks held by dhcpcd/17890:
#0: ffff888020177a20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:804 [inline]
#0: ffff888020177a20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline]
#0: ffff888020177a20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 net/socket.c:1420
#1: ffffffff8d137ab8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:292 [inline]
#1: ffffffff8d137ab8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880 kernel/rcu/tree_exp.h:1004
2 locks held by dhcpcd/17891:
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xf3d/0xf80 kernel/hung_task.c:379
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 34 Comm: kworker/u4:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: bat_events batadv_tt_purge
RIP: 0010:unwind_next_frame+0x1641/0x2970 arch/x86/kernel/unwind_orc.c:592
Code: 33 48 8b 44 24 68 42 80 3c 28 00 48 8b 5c 24 60 74 08 48 89 df e8 3f 0c a4 00 48 8b 44 24 08 48 89 03 ba 10 00 00 00 48 89 ef <31> f6 e8 88 0d a4 00 48 8b 5c 24 30 eb 4b e8 ec d3 4b 00 e9 a2 0b
RSP: 0018:ffffc90000006498 EFLAGS: 00000246
RAX: ffffc90000006d80 RBX: ffffc900000065a0 RCX: ffff8880186a0000
RDX: 0000000000000010 RSI: 0000000000000002 RDI: ffffc900000065b8
RBP: ffffc900000065b8 R08: ffff8880186a0000 R09: 0000000000000003
R10: 0000000000000004 R11: 0000000000000100 R12: ffffc90000006568
R13: dffffc0000000000 R14: ffffffff895f57d3 R15: ffffffff8f9725f4
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe96a31fe8 CR3: 000000000cf32000 CR4: 00000000003506f0
Call Trace:
<IRQ>
arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:46 [inline]
kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237
kasan_slab_free include/linux/kasan.h:164 [inline]
slab_free_hook mm/slub.c:1811 [inline]
slab_free_freelist_hook+0x130/0x1a0 mm/slub.c:1837
slab_free mm/slub.c:3830 [inline]
kmem_cache_free+0xf8/0x270 mm/slub.c:3852
skb_ext_del include/linux/skbuff.h:4830 [inline]
nf_bridge_info_free net/bridge/br_netfilter_hooks.c:152 [inline]
br_nf_dev_queue_xmit+0x492/0x1b80 net/bridge/br_netfilter_hooks.c:-1
NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
br_nf_post_routing+0xb41/0xfb0 net/bridge/br_netfilter_hooks.c:977
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:259 [inline]
NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
br_forward_finish+0xd3/0x130 net/bridge/br_forward.c:66
br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1184 [inline]
br_nf_forward_finish+0xa51/0xe80 net/bridge/br_netfilter_hooks.c:684
NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304
br_nf_forward_ip+0xcc1/0x1110 net/bridge/br_netfilter_hooks.c:754
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:259 [inline]
NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302
__br_forward+0x433/0x610 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:191
br_flood+0x31b/0x670 net/bridge/br_forward.c:237
br_handle_frame_finish+0x13c5/0x18f0 net/bridge/br_input.c:215
br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184
br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
br_handle_frame+0x1245/0x14d0 net/bridge/br_input.c:424
__netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5540
__netif_receive_skb_one_core net/core/dev.c:5644 [inline]
__netif_receive_skb+0x74/0x290 net/core/dev.c:5760
process_backlog+0x391/0x6f0 net/core/dev.c:6088
__napi_poll+0xc0/0x460 net/core/dev.c:6650
napi_poll net/core/dev.c:6717 [inline]
net_rx_action+0x616/0xc40 net/core/dev.c:6853
handle_softirqs+0x280/0x820 kernel/softirq.c:578
do_softirq+0xfa/0x1a0 kernel/softirq.c:479
</IRQ>
<TASK>
__local_bh_enable_ip+0x184/0x1c0 kernel/softirq.c:406
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_global_purge net/batman-adv/translation-table.c:2319 [inline]
batadv_tt_purge+0x4d8/0x9f0 net/batman-adv/translation-table.c:3588
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>