INFO: task hung in addrconf_verify

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	INFO: task hung in addrconf_verify_work	1				18	2325d	2497d	0/3	auto-closed as invalid on 2020/01/31 12:44
linux-6.1	INFO: task hung in addrconf_verify_work (2)	1				46	409d	746d	0/3	auto-obsoleted due to no activity on 2025/04/10 16:42
linux-4.19	INFO: task hung in addrconf_verify_work (5)	1				3	1311d	1351d	0/1	auto-obsoleted due to no activity on 2022/11/10 09:18
linux-4.19	INFO: task hung in addrconf_verify_work (6)	1	C		error	4	1093d	1152d	0/1	upstream: reported C repro on 2022/12/19 15:22
linux-4.19	INFO: task hung in addrconf_verify_work (3)	1				1	1798d	1798d	0/1	auto-closed as invalid on 2021/07/11 07:19
linux-4.19	INFO: task hung in addrconf_verify_work (4)	1				6	1493d	1579d	0/1	auto-closed as invalid on 2022/05/13 00:19
linux-4.14	INFO: task hung in addrconf_verify_work (2)	1	C		error	7	1091d	1934d	0/1	upstream: reported C repro on 2020/10/28 05:47
upstream	INFO: task hung in addrconf_verify_work (2) net	1	C			22	2314d	2314d	13/29	fixed on 2019/11/04 14:50
linux-4.19	INFO: task hung in addrconf_verify_work (2)	1				2	1938d	2028d	0/1	auto-closed as invalid on 2021/02/21 08:05
linux-5.15	INFO: task hung in addrconf_verify_work missing-backport	1	C		done	53	591d	634d	0/3	auto-obsoleted due to no activity on 2024/10/23 03:15
android-414	INFO: task hung in addrconf_verify_work	1	C			6	2314d	2500d	0/1	public: reported C repro on 2019/04/12 00:01
upstream	INFO: task hung in addrconf_verify_work (8) net	1	C	error		1294	584d	788d	26/29	fixed on 2024/07/09 19:14
android-44	INFO: task hung in addrconf_verify_work	1				3	2831d	2860d	0/2	auto-closed as invalid on 2019/02/22 14:29
linux-4.19	INFO: task hung in addrconf_verify_work	1				1	2158d	2158d	0/1	auto-closed as invalid on 2020/07/16 23:17
linux-6.1	INFO: task hung in addrconf_verify_work (3)	1				3	38d	98d	0/3	upstream: reported on 2025/11/08 00:01
upstream	INFO: task hung in addrconf_verify_work (3)	1	C	done		75	1928d	1963d	15/29	fixed on 2020/11/16 12:12
upstream	INFO: task hung in addrconf_verify_work (5) net	1	C	done	done	68	1506d	1598d	0/29	closed as invalid on 2022/02/01 17:39
upstream	INFO: task hung in addrconf_verify_work (7) netfilter	1	C	error		64	807d	954d	0/29	closed as invalid on 2023/12/01 14:19
linux-5.15	INFO: task hung in addrconf_verify_work (2)	1				1	6d03h	6d03h	0/3	upstream: reported on 2026/02/07 23:02
linux-6.1	INFO: task hung in addrconf_verify_work	1				2	1016d	1067d	0/3	auto-obsoleted due to no activity on 2023/08/23 09:09
linux-4.14	INFO: task hung in addrconf_verify_work	1				4	2083d	2155d	0/1	auto-closed as invalid on 2020/09/29 04:19
upstream	INFO: task hung in addrconf_verify_work net	1	C			2	2881d	2881d	0/29	closed as invalid on 2018/03/27 11:14
upstream	INFO: task hung in addrconf_verify_work (4)	1	C	done		132	1819d	1907d	20/29	fixed on 2021/04/09 19:46
upstream	INFO: task hung in addrconf_verify_work (6)	1	C	done		86	1089d	1326d	22/29	fixed on 2023/02/24 13:51

INFO: task kworker/u4:2:42 blocked for more than 147 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:2 state:D stack:19688 pid:42 ppid:2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_verify_work Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task kworker/u5:0:12738 blocked for more than 147 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u5:0 state:D stack:25168 pid:12738 ppid:2 flags:0x00004000 Workqueue: hci5 hci_cmd_sync_work Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 synchronize_rcu+0x142/0x3e0 kernel/rcu/tree.c:3627 hci_chan_del+0x114/0x1a0 net/bluetooth/hci_conn.c:2702 l2cap_conn_del+0x501/0x660 net/bluetooth/l2cap_core.c:1799 l2cap_connect_cfm+0x11e/0x1070 net/bluetooth/l2cap_core.c:7231 hci_connect_cfm include/net/bluetooth/hci_core.h:1999 [inline] hci_conn_failed+0x1c8/0x300 net/bluetooth/hci_conn.c:1251 hci_abort_conn_sync+0xcbe/0xec0 net/bluetooth/hci_sync.c:5677 hci_cmd_sync_work+0x20c/0x380 net/bluetooth/hci_sync.c:327 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task kworker/u5:2:4211 blocked for more than 148 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u5:2 state:D stack:24776 pid:4211 ppid:2 flags:0x00004000 Workqueue: hci3 hci_rx_work Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 hci_event_func net/bluetooth/hci_event.c:7457 [inline] hci_event_packet+0x80e/0x1270 net/bluetooth/hci_event.c:7509 hci_rx_work+0x43a/0xd60 net/bluetooth/hci_core.c:4018 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task kworker/u4:48:10039 blocked for more than 148 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:48 state:D stack:21736 pid:10039 ppid:2 flags:0x00004000 Workqueue: events_unbound linkwatch_event Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 linkwatch_event+0xe/0x60 net/core/link_watch.c:286 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> INFO: task syz.6.14951:22259 blocked for more than 148 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.6.14951 state:D stack:27016 pid:22259 ppid:17305 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 synchronize_rcu+0x142/0x3e0 kernel/rcu/tree.c:3627 pep_sock_unhash+0x204/0x2e0 net/phonet/pep.c:1341 sk_common_release+0xa4/0x310 net/core/sock.c:3747 pep_sock_close+0x7c/0x5b0 net/phonet/pep.c:740 pn_socket_release+0x95/0xb0 net/phonet/socket.c:34 __sock_release net/socket.c:659 [inline] sock_close+0xbd/0x230 net/socket.c:1420 __fput+0x234/0x970 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fc49d19bf79 RSP: 002b:00007ffee545db08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007fc49d417da0 RCX: 00007fc49d19bf79 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007fc49d417da0 R08: 0000000000000006 R09: 0000000000000000 R10: 00007fc49d417cb0 R11: 0000000000000246 R12: 00000000002ebf0a R13: 00007fc49d41609c R14: 00000000002ebe22 R15: 00007fc49d416090 </TASK> INFO: task syz.4.14952:22260 blocked for more than 149 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.14952 state:D stack:27016 pid:22260 ppid:15294 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 synchronize_rcu+0x142/0x3e0 kernel/rcu/tree.c:3627 packet_release+0xa0f/0xcf0 net/packet/af_packet.c:3223 __sock_release net/socket.c:659 [inline] sock_close+0xbd/0x230 net/socket.c:1420 __fput+0x234/0x970 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fb93a39bf79 RSP: 002b:00007fff69faf328 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007fb93a617da0 RCX: 00007fb93a39bf79 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007fb93a617da0 R08: 0000000000000006 R09: 0000000000000000 R10: 00007fb93a617cb0 R11: 0000000000000246 R12: 00000000002ebf1b R13: 00007fb93a615fac R14: 00000000002ebe9f R15: 00007fff69faf430 </TASK> INFO: task syz.5.14954:22269 blocked for more than 149 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.14954 state:D stack:27016 pid:22269 ppid:16282 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 __tun_detach+0x81f/0x1500 drivers/net/tun.c:669 tun_detach drivers/net/tun.c:701 [inline] tun_chr_close+0x10d/0x1c0 drivers/net/tun.c:3511 __fput+0x234/0x970 fs/file_table.c:384 task_work_run+0x1d4/0x260 kernel/task_work.c:245 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302 do_syscall_64+0x61/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fe37e99bf79 RSP: 002b:00007ffda3601288 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007fe37ec17da0 RCX: 00007fe37e99bf79 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007fe37ec17da0 R08: 00007fe37ec16038 R09: 0000000000000000 R10: 00000000005ee7fc R11: 0000000000000246 R12: 00000000002ec23c R13: 00007fe37ec15fac R14: 00000000002ebf6b R15: 00007ffda3601390 </TASK> INFO: task syz.0.14955:22272 blocked for more than 149 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.14955 state:D stack:24680 pid:22272 ppid:20678 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 __tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f646f99bf79 RSP: 002b:00007f6470926028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f646fc15fa0 RCX: 00007f646f99bf79 RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000005 RBP: 00007f646fa327e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f646fc16038 R14: 00007f646fc15fa0 R15: 00007ffef788ba88 </TASK> INFO: task dhcpcd:22273 blocked for more than 150 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:dhcpcd state:D stack:24968 pid:22273 ppid:5435 flags:0x00004002 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 __unregister_prot_hook+0x3eb/0x540 net/packet/af_packet.c:380 packet_do_bind+0x52b/0xcc0 net/packet/af_packet.c:3294 __sys_bind+0x2f0/0x3f0 net/socket.c:1855 __do_sys_bind net/socket.c:1866 [inline] __se_sys_bind net/socket.c:1864 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1864 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fb5a0de92d7 RSP: 002b:00007ffd76631308 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 000055b8c33c1490 RCX: 00007fb5a0de92d7 RDX: 0000000000000014 RSI: 00007ffd76631320 RDI: 0000000000000003 RBP: 000055b8b796b4b0 R08: 00007fb5a0eb8ac0 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000213 R12: 0000000000000000 R13: 000055b8c33bcb10 R14: 0000000000000000 R15: 000055b8b7980ac0 </TASK> INFO: task dhcpcd:22274 blocked for more than 150 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:dhcpcd state:D stack:24968 pid:22274 ppid:5435 flags:0x00004002 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 exp_funnel_lock kernel/rcu/tree_exp.h:315 [inline] synchronize_rcu_expedited+0x79f/0x880 kernel/rcu/tree_exp.h:1004 __unregister_prot_hook+0x3eb/0x540 net/packet/af_packet.c:380 packet_do_bind+0x52b/0xcc0 net/packet/af_packet.c:3294 __sys_bind+0x2f0/0x3f0 net/socket.c:1855 __do_sys_bind net/socket.c:1866 [inline] __se_sys_bind net/socket.c:1864 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1864 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fb5a0de92d7 RSP: 002b:00007ffd76631308 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 000055b8c33c1490 RCX: 00007fb5a0de92d7 RDX: 0000000000000014 RSI: 00007ffd76631320 RDI: 0000000000000003 RBP: 000055b8b796b4b0 R08: 00007fb5a0eb8ac0 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000213 R12: 0000000000000000 R13: 000055b8c33bbac0 R14: 0000000000000000 R15: 000055b8b7980ac0 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings Showing all locks held in the system: 3 locks held by kworker/1:0/23: #0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc900001d7d00 ((check_lifetime_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc900001d7d00 ((check_lifetime_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: check_lifetime+0x441/0x9a0 net/ipv4/devinet.c:759 1 lock held by khungtaskd/29: #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline] #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline] #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633 3 locks held by kworker/u4:2/42: #0: ffff88802c5d7138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88802c5d7138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc90000b2fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc90000b2fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718 2 locks held by getty/5535: #0: ffff88814def80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217 6 locks held by kworker/u5:0/12738: #0: ffff8880696f5938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff8880696f5938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc90003227d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc90003227d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff888042ff8e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x380 net/bluetooth/hci_sync.c:326 #3: ffff888042ff80b8 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x98a/0xec0 net/bluetooth/hci_sync.c:5658 #4: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #4: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x165/0x300 net/bluetooth/hci_conn.c:1251 #5: ffff888079151338 (&conn->lock#2){+.+.}-{3:3}, at: l2cap_conn_del+0x70/0x660 net/bluetooth/l2cap_core.c:1763 2 locks held by kworker/1:3/29884: 4 locks held by kworker/u5:2/4211: #0: ffff88805c922d38 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805c922d38 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000fe3fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000fe3fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff888026e180b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 3 locks held by kworker/u4:18/10008: #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000338fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000338fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:324 [inline] #2: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3da/0x880 kernel/rcu/tree_exp.h:1004 3 locks held by kworker/u4:48/10039: #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc90003677d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc90003677d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:286 2 locks held by syz.6.14951/22259: #0: ffff88805b102c20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:804 [inline] #0: ffff88805b102c20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline] #0: ffff88805b102c20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 net/socket.c:1420 #1: ffff888026692070 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #1: ffff888026692070 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_unhash+0x2a/0x2e0 net/phonet/pep.c:1325 5 locks held by syz.6.14951/22262: 1 lock held by syz.4.14952/22260: #0: ffff88805b136220 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:804 [inline] #0: ffff88805b136220 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline] #0: ffff88805b136220 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 net/socket.c:1420 1 lock held by syz.4.14952/22261: #0: ffffffff8e3c2f88 (bpf_dispatcher_xdp.mutex){+.+.}-{3:3}, at: bpf_dispatcher_change_prog+0xcc/0xf10 kernel/bpf/dispatcher.c:146 1 lock held by syz.5.14954/22269: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511 1 lock held by syz.0.14955/22272: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121 1 lock held by dhcpcd/22273: #0: ffff88807c27c130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88807c27c130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22274: #0: ffff88807df66130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88807df66130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22275: #0: ffff888038c58130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff888038c58130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22278: #0: ffff88806a440130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88806a440130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22279: #0: ffff8880323f4130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff8880323f4130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by syz-executor/22280: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:3/22281: #0: ffff888030c6d138 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888030c6d138 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b47fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b47fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88807ffb40b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22285: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:4/22286: #0: ffff88806120f538 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88806120f538 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b4afd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b4afd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88807ffb00b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by dhcpcd/22289: #0: ffff888035ec0130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff888035ec0130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by syz-executor/22290: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:5/22291: #0: ffff888063738138 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888063738138 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b4dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b4dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff888026e1c0b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22294: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:6/22295: #0: ffff88805b82a138 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805b82a138 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b4ffd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b4ffd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff8880483840b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by dhcpcd/22297: #0: ffff888035086130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff888035086130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22298: #0: ffff88801ffba130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88801ffba130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22299: #0: ffff8880373a8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff8880373a8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22300: #0: ffff88807abb8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88807abb8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22301: #0: ffff888079ed6130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff888079ed6130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 2 locks held by dhcpcd/22302: #0: ffff88801d65a130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88801d65a130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 #1: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:324 [inline] #1: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3da/0x880 kernel/rcu/tree_exp.h:1004 1 lock held by dhcpcd/22303: #0: ffff88803d0b6130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88803d0b6130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by dhcpcd/22304: #0: ffff88801929e130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88801929e130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 1 lock held by syz-executor/22308: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:7/22311: #0: ffff88802ccd2d38 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88802ccd2d38 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b607d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b607d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff8880422740b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22314: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:8/22316: #0: ffff88805c3bc938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805c3bc938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b657d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b657d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88802e87c0b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22317: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:9/22318: #0: ffff88805d32f138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805d32f138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b647d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b647d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff8880483800b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22320: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:10/22321: #0: ffff88805c414938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805c414938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b677d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b677d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88802e8780b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22326: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:11/22330: #0: ffff888024d19d38 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888024d19d38 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b6dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b6dfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff888069bdc0b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22327: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:12/22332: #0: ffff88805c3bfd38 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88805c3bfd38 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b6ffd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b6ffd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff888062fac0b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by syz-executor/22335: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/22339: #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 4 locks held by kworker/u5:14/22340: #0: ffff88802560b138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88802560b138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000b747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000b747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88806b4c80b8 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x900 net/bluetooth/hci_event.c:3688 #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1996 [inline] #3: ffffffff8e52d7a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x547/0x900 net/bluetooth/hci_event.c:3722 1 lock held by dhcpcd/22342: #0: ffff88802b978130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1780 [inline] #0: ffff88802b978130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 net/packet/af_packet.c:3258 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Call Trace: <TASK> dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xf3d/0xf80 kernel/hung_task.c:379 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 22262 Comm: syz.6.14951 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 RIP: 0010:get_current arch/x86/include/asm/current.h:41 [inline] RIP: 0010:rcu_preempt_read_enter kernel/rcu/tree_plugin.h:379 [inline] RIP: 0010:__rcu_read_lock+0x4/0x60 kernel/rcu/tree_plugin.h:402 Code: db fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 62 fb ff ff 4c 89 f7 e8 fc 95 6d 00 e9 55 fb ff ff 0f 1f 80 00 00 00 00 f3 0f 1e fa <53> 65 48 8b 1d b3 0e 92 7e 48 81 c3 3c 04 00 00 48 89 d8 48 c1 e8 RSP: 0018:ffffc900001efc38 EFLAGS: 00000046 RAX: ffffffff81b21a78 RBX: ffff888038d673c8 RCX: ffff88802296bc00 RDX: 0000000000000100 RSI: ffffc900001f0080 RDI: ffffc900001efde0 RBP: ffffc900001efd90 R08: ffffc900001efe17 R09: 0000000000000000 R10: ffffc900001efde0 R11: fffff5200003dfc3 R12: ffffc900001efde0 R13: dffffc0000000000 R14: ffff888038d673c8 R15: 1ffff9200003df98 FS: 00007fc49e05e6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd182e23f1c CR3: 00000000661db000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000200000000300 DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: <IRQ> rcu_read_lock include/linux/rcupdate.h:784 [inline] __perf_output_begin kernel/events/ring_buffer.c:163 [inline] perf_output_begin_forward+0xb1/0xa40 kernel/events/ring_buffer.c:273 __perf_event_output kernel/events/core.c:7975 [inline] perf_event_output_forward+0x25a/0x3e0 kernel/events/core.c:7993 __perf_event_overflow+0x447/0x630 kernel/events/core.c:9718 perf_swevent_overflow kernel/events/core.c:9794 [inline] perf_swevent_event+0x324/0x630 kernel/events/core.c:-1 perf_tp_event+0x54f/0x1450 kernel/events/core.c:10344 perf_trace_run_bpf_submit+0xf4/0x1c0 kernel/events/core.c:10268 perf_trace_preemptirq_template+0x269/0x330 include/trace/events/preemptirq.h:14 trace_irq_enable+0xbb/0xe0 include/trace/events/preemptirq.h:40 trace_hardirqs_on+0x18/0x40 kernel/trace/trace_preemptirq.c:56 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:seqcount_lockdep_reader_access+0x19a/0x1d0 include/linux/seqlock.h:105 Code: 00 4d 85 e4 75 16 e8 45 c3 0f 00 eb 15 e8 3e c3 0f 00 e8 19 0c 0d 09 4d 85 e4 74 ea e8 2f c3 0f 00 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3e 00 00 00 00 43 c7 44 3e 08 00 00 00 00 65 48 8b 04 25 RSP: 0018:ffffc900001f0480 EFLAGS: 00000246 RAX: ffffffff81775071 RBX: 0000000000000000 RCX: ffff88802296bc00 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc900001f0538 R08: ffffffff911bf5ef R09: 1ffffffff2237ebd R10: dffffc0000000000 R11: fffffbfff2237ebe R12: 0000000000000200 R13: 000001fb63109b96 R14: 1ffff9200003e090 R15: dffffc0000000000 timekeeping_get_delta kernel/time/timekeeping.c:254 [inline] timekeeping_get_ns kernel/time/timekeeping.c:388 [inline] ktime_get_with_offset+0x103/0x330 kernel/time/timekeeping.c:891 ktime_get_real include/linux/timekeeping.h:79 [inline] net_timestamp_set net/core/dev.c:2207 [inline] dev_queue_xmit_nit+0x8ce/0xbb0 net/core/dev.c:2357 xmit_one net/core/dev.c:3628 [inline] dev_hard_start_xmit+0x148/0x740 net/core/dev.c:3648 __dev_queue_xmit+0x1ac2/0x36b0 net/core/dev.c:4438 dev_queue_xmit include/linux/netdevice.h:3113 [inline] hsr_xmit net/hsr/hsr_forward.c:382 [inline] hsr_forward_do net/hsr/hsr_forward.c:473 [inline] hsr_forward_skb+0x1335/0x2140 net/hsr/hsr_forward.c:626 send_hsr_supervision_frame+0x5fb/0xb90 net/hsr/hsr_device.c:346 hsr_announce+0x198/0x350 net/hsr/hsr_device.c:402 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701 expire_timers kernel/time/timer.c:1752 [inline] __run_timers+0x542/0x800 kernel/time/timer.c:2023 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036 handle_softirqs+0x280/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:finish_task_switch+0x26a/0x8f0 kernel/sched/core.c:5255 Code: 0f 84 33 01 00 00 48 85 db 0f 85 52 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 f0 a3 30 09 e8 8b 22 30 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 RSP: 0018:ffffc9000523f758 EFLAGS: 00000282 RAX: 4765d3457386c100 RBX: 0000000000000000 RCX: 4765d3457386c100 RDX: dffffc0000000000 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 RBP: ffffc9000523f7b0 R08: ffffffff911bf5ff R09: 1ffffffff2237ebf R10: dffffc0000000000 R11: fffffbfff2237ec0 R12: ffff88802296bc00 R13: dffffc0000000000 R14: ffff88801be58000 R15: ffff8880b8f3cac8 context_switch kernel/sched/core.c:5384 [inline] __schedule+0x155b/0x45a0 kernel/sched/core.c:6700 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45 smp_call_function_single+0x48d/0x5a0 kernel/smp.c:652 task_function_call kernel/events/core.c:120 [inline] perf_install_in_context+0x5be/0x920 kernel/events/core.c:2948 __do_sys_perf_event_open kernel/events/core.c:12915 [inline] __se_sys_perf_event_open+0x1836/0x1c50 kernel/events/core.c:12567 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fc49d19bf79 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc49e05e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007fc49d415fa0 RCX: 00007fc49d19bf79 RDX: fffffffdffffffff RSI: 0000000000000000 RDI: 0000200000000140 RBP: 00007fc49d2327e0 R08: 0000000000000002 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007fc49d416038 R14: 00007fc49d415fa0 R15: 00007ffee545d9a8 </TASK>

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/02/13 03:16	linux-6.6.y	1b4ef5214f17	504cb1bf	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in addrconf_verify_work
2026/02/04 16:44	linux-6.6.y	2cf6f68313dc	ea10c935	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in addrconf_verify_work
2025/12/19 17:57	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in addrconf_verify_work

Crashes (3):

Assets (help?)