syzbot

 sign-in | mailing list | source | docs
🐞 Open [71]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

BUG: workqueue lockup

Status: premoderation: reported on 2025/07/18 16:39
Reported-by: syzbot+5bb25f4e76e0dcbd96fb@syzkaller.appspotmail.com
First crash: 2d04h, last: 2d04h
Similar bugs (16)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: workqueue lockup (4) block -1 C 47 2071d 2478d 15/29 fixed on 2019/12/13 00:31
linux-5.15 BUG: workqueue lockup missing-backport origin:upstream -1 C done 615 13h35m 862d 0/3 upstream: reported C repro on 2023/03/11 08:51
android-5-15 BUG: workqueue lockup origin:upstream missing-backport -1 C error 3679 3h03m 758d 0/2 upstream: reported C repro on 2023/06/22 22:19
upstream BUG: workqueue lockup (2) -1 C 406 2628d 2786d 5/29 fixed on 2018/05/13 10:02
linux-4.14 BUG: workqueue lockup -1 C 282 872d 2274d 0/1 upstream: reported C repro on 2019/04/29 11:26
upstream BUG: workqueue lockup -1 C 172 2808d 2819d 3/29 fixed on 2017/11/11 01:37
upstream BUG: workqueue lockup (5) net 1 C done 12905 3h02m 2013d 0/29 upstream: reported C repro on 2020/01/14 22:04
android-5-10 BUG: workqueue lockup (2) -1 C error 9526 now 868d 0/2 upstream: reported C repro on 2023/03/05 21:10
upstream BUG: workqueue lockup (3) -1 C 1215 2572d 2624d 8/29 fixed on 2018/07/09 18:05
android-6-1 BUG: workqueue lockup origin:upstream missing-backport -1 C error 3694 3h02m 728d 0/2 upstream: reported C repro on 2023/07/23 17:25
linux-6.6 BUG: workqueue lockup origin:upstream -1 C 6 7d22h 33d 0/2 upstream: reported C repro on 2025/06/17 05:08
android-414 BUG: workqueue lockup -1 C 114 2137d 2292d 0/1 public: reported C repro on 2019/04/11 00:00
linux-4.19 BUG: workqueue lockup -1 C error 41 866d 2281d 0/1 upstream: reported C repro on 2019/04/22 20:37
android-5-10 BUG: workqueue lockup -1 C error 25 1266d 1365d 0/2 closed as invalid on 2022/02/22 17:18
android-49 BUG: workqueue lockup -1 C 69 2061d 2292d 0/3 public: reported C repro on 2019/04/11 08:44
linux-6.1 BUG: workqueue lockup origin:upstream missing-backport -1 C unreliable 313 now 866d 0/3 upstream: reported C repro on 2023/03/07 17:51

Sample crash report:
BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 144s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: vmstat_shepherd, psi_avgs_work
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=4 refcnt=5
    pending: 4*rht_deferred_worker
workqueue events_long: flags=0x0
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: br_multicast_gc_work
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: 3*br_multicast_gc_work
workqueue events_unbound: flags=0x2
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=3 refcnt=4
    pending: toggle_allocation_gate, flush_memcg_stats_dwork, crng_reseed
workqueue events_freezable: flags=0x4
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: update_balloon_stats_func
workqueue events_power_efficient: flags=0x80
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=4 refcnt=5
    pending: 2*neigh_managed_work, 2*neigh_periodic_work
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_ratelimiter_gc_entries, gc_worker, check_lifetime
workqueue mm_percpu_wq: flags=0x8
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: vmstat_update
workqueue writeback: flags=0x4a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wb_workfn
workqueue kblockd: flags=0x18
  pwq 7: cpus=1 node=0 flags=0x0 nice=-20 active=1 refcnt=2
    pending: blk_mq_timeout_work
workqueue ipv6_addrconf: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=9
    pending: addrconf_verify_work
    inactive: 5*addrconf_verify_work
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg1: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=2 refcnt=3
    pending: 2*wg_packet_handshake_send_worker
workqueue wg-crypt-wg1: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg1: flags=0x24
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_receive_worker
workqueue wg-kex-wg1: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg1: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker, wg_packet_decrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg0: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-kex-wg1: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
Showing backtraces of running workers in stalled CPU-bound worker pools:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 4688 Comm: syz.4.1617 Not tainted 6.12.30-syzkaller-g2e58e85c038f #0 c5e7ad78b71ddb211d6a9cda70735ca8545dcbc5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:next_peer fs/pnode.c:19 [inline]
RIP: 0010:do_make_slave fs/pnode.c:100 [inline]
RIP: 0010:change_mnt_propagation+0x112/0xb00 fs/pnode.c:128
Code: 24 20 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 67 58 e7 ff 4d 39 2e 0f 84 8f 00 00 00 <49> 81 c4 d8 00 00 00 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc
RSP: 0018:ffffc900149e79c0 EFLAGS: 00000287
RAX: 1ffff110210d2e34 RBX: ffffffffffffff28 RCX: dffffc0000000000
RDX: ffffc900128bf000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc900149e7a10 R08: ffff88814192a66f R09: 0000000000000000
R10: ffff88814192a660 R11: ffffed10283254ce R12: ffff888108697180
R13: ffff8881107a4770 R14: ffff8881086971a0 R15: ffff88811c0a6c40
FS:  00007f5bef7ab6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555947774a8 CR3: 00000001461f0000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 umount_tree+0xdfd/0xf70 fs/namespace.c:1807
 attach_recursive_mnt+0x6df/0x21c0 fs/namespace.c:2548
 graft_tree+0x157/0x1c0 fs/namespace.c:2683
 do_loopback+0x364/0x4b0 fs/namespace.c:2798
 path_mount+0x582/0x1050 fs/namespace.c:3840
 do_mount fs/namespace.c:3859 [inline]
 __do_sys_mount fs/namespace.c:4069 [inline]
 __se_sys_mount+0x2bd/0x480 fs/namespace.c:4046
 __x64_sys_mount+0xc3/0xf0 fs/namespace.c:4046
 x64_sys_call+0x2021/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5bf258e9a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5bef7ab038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f5bf27b65c0 RCX: 00007f5bf258e9a9
RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000240
RBP: 00007f5bf2610ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000080700a R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f5bf27b65c0 R15: 00007ffc9ff0e018
 </TASK>
----------------
Code disassembly (best guess):
   0:	24 20                	and    $0x20,%al
   2:	4c 89 f0             	mov    %r14,%rax
   5:	48 c1 e8 03          	shr    $0x3,%rax
   9:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  10:	fc ff df
  13:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1)
  17:	74 08                	je     0x21
  19:	4c 89 f7             	mov    %r14,%rdi
  1c:	e8 67 58 e7 ff       	call   0xffe75888
  21:	4d 39 2e             	cmp    %r13,(%r14)
  24:	0f 84 8f 00 00 00    	je     0xb9
* 2a:	49 81 c4 d8 00 00 00 	add    $0xd8,%r12 <-- trapping instruction
  31:	4c 89 e0             	mov    %r12,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	48                   	rex.W
  39:	b9 00 00 00 00       	mov    $0x0,%ecx
  3e:	00 fc                	add    %bh,%ah

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/18 16:39 android16-6.12 2e58e85c038f 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust BUG: workqueue lockup
* Struck through repros no longer work on HEAD.