syzbot

 sign-in | mailing list | source | docs
🐞 Open [827]
🐞 Fixed [76]
🐞 Invalid [998]
Missing Backports [122]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: task hung in io_uring_del_tctx_node (2)

Status: upstream: reported on 2025/07/24 10:20
Reported-by: syzbot+915c6107499bce8b0de3@syzkaller.appspotmail.com
First crash: 54d, last: 8d01h
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 INFO: task hung in io_uring_del_tctx_node 1 2 874d 878d 0/3 auto-obsoleted due to no activity on 2023/08/23 09:02
upstream INFO: task hung in io_uring_del_tctx_node (3) io-uring 1 1 439d 439d 0/29 auto-obsoleted due to no activity on 2024/10/02 07:14
upstream INFO: task hung in io_uring_del_tctx_node (4) io-uring 1 C done 8 110d 106d 0/29 closed as invalid on 2025/06/02 13:41
upstream INFO: task hung in io_uring_del_tctx_node io-uring fs 1 C unreliable 37 1290d 1453d 20/29 fixed on 2022/03/08 16:11
upstream INFO: task hung in io_uring_del_tctx_node (2) io-uring 1 C error error 20 919d 1281d 0/29 auto-obsoleted due to no activity on 2023/07/30 22:24

Sample crash report:
INFO: task syz.5.977:10488 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.977       state:D stack:28128 pid:10488 ppid:  5004 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5049 [inline]
 __schedule+0x11bb/0x4390 kernel/sched/core.c:6395
 schedule+0x11b/0x1e0 kernel/sched/core.c:6478
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537
 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 io_uring_del_tctx_node+0xe8/0x2c0 io_uring/io_uring.c:9825
 io_uring_clean_tctx io_uring/io_uring.c:9841 [inline]
 io_uring_cancel_generic+0x5ec/0x860 io_uring/io_uring.c:9921
 io_uring_files_cancel include/linux/io_uring.h:16 [inline]
 do_exit+0x24a/0x20a0 kernel/exit.c:829
 do_group_exit+0x12e/0x300 kernel/exit.c:997
 get_signal+0x6ca/0x12c0 kernel/signal.c:2900
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f3c19224be9
RSP: 002b:00007f3c1746b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f3c1945c098 RCX: 00007f3c19224be9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3c1945c098
RBP: 00007f3c1945c090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3c1945c128 R14: 00007ffd174f7bd0 R15: 00007ffd174f7cb8
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/1:0/21:
 #0: ffff88801ba3ed38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90000db7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffff888147ed8220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
 #2: ffff888147ed8220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1a7/0x5560 drivers/usb/core/hub.c:5827
 #3: ffff888023f525c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3168 [inline]
 #3: ffff888023f525c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5393 [inline]
 #3: ffff888023f525c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 #3: ffff888023f525c0 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5799 [inline]
 #3: ffff888023f525c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x30f2/0x5560 drivers/usb/core/hub.c:5881
 #4: ffff888147884568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5394 [inline]
 #4: ffff888147884568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 #4: ffff888147884568 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5799 [inline]
 #4: ffff888147884568 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x3124/0x5560 drivers/usb/core/hub.c:5881
1 lock held by khungtaskd/27:
 #0: ffffffff8c11c460 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
1 lock held by udevd/3560:
 #0: ffff88802020c518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 block/bdev.c:820
1 lock held by dhcpcd/3853:
 #0: ffffffff8d237c88 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d237c88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x974/0xe60 net/core/rtnetlink.c:5647
2 locks held by getty/3945:
 #0: ffff88807f4f2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc900025e62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 drivers/tty/n_tty.c:2158
2 locks held by kworker/u4:9/4347:
2 locks held by kworker/1:9/4433:
 #0: ffff888016872138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90003e7fd00 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:13/4438:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90003ee7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:14/4439:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90003ef7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:15/4443:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900034ffd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:16/4444:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000353fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
3 locks held by kworker/1:17/4447:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90003e5fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8c120ee8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline]
 #2: ffffffff8c120ee8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x320/0x6b0 kernel/rcu/tree_exp.h:845
2 locks held by kworker/1:18/4448:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000360fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:19/4718:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000358fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:20/4719:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000447fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
5 locks held by kworker/u4:13/6688:
 #0: ffff8880169cd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90003fcfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
 #2: ffffffff8d22c010 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x132/0xb80 net/core/net_namespace.c:589
 #3: ffffffff8d237c88 (rtnl_mutex){+.+.}-{3:3}, at: vti6_exit_batch_net+0xb3/0x410 net/ipv6/ip6_vti.c:1185
 #4: ffffffff8c120ee8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #4: ffffffff8c120ee8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x347/0x6b0 kernel/rcu/tree_exp.h:845
2 locks held by kworker/1:21/8531:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900034afd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by syz.5.977/10487:
1 lock held by syz.5.977/10488:
 #0: ffff88805b7640a8 (&ctx->uring_lock){+.+.}-{3:3}, at: io_uring_del_tctx_node+0xe8/0x2c0 io_uring/io_uring.c:9825
3 locks held by kworker/0:7/10905:
1 lock held by syz-executor/10994:
 #0: ffff88802020c518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 block/bdev.c:820
2 locks held by kworker/1:22/11421:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000338fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
1 lock held by syz.4.1107/12056:
 #0: ffffffff8d237c88 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d237c88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x974/0xe60 net/core/rtnetlink.c:5647
2 locks held by kworker/1:23/12065:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc90004c77d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:24/12066:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000347fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:25/12067:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900035cfd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:26/12068:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000163fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:27/12069:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000300fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:28/12070:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000303fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:29/12071:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000304fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:30/12072:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000307fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:31/12073:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc900031ffd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:32/12074:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000321fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:33/12075:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000324fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285
2 locks held by kworker/1:34/12076:
 #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1
 #1: ffffc9000328fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x397/0x3d0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xe0f/0xe50 kernel/hung_task.c:369
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 10487 Comm: syz.5.977 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:99 [inline]
RIP: 0010:do_raw_spin_unlock+0x27/0x230 kernel/locking/spinlock_debug.c:140
Code: 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 89 fb 49 bc 00 00 00 00 00 fc ff df 4c 8d 77 04 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 <84> c0 0f 85 7f 01 00 00 41 81 3e ad 4e ad de 0f 85 ee 00 00 00 48
RSP: 0018:ffffc90002fefbf8 EFLAGS: 00000a07
RAX: 0000000000000000 RBX: ffff88805b764600 RCX: f06eba82797a7200
RDX: 0000000000000001 RSI: ffffffff8a0b28c0 RDI: ffff88805b764600
RBP: ffffc90002fefd50 R08: dffffc0000000000 R09: fffffbfff1ad31be
R10: fffffbfff1ad31be R11: 1ffffffff1ad31bd R12: dffffc0000000000
R13: 0000000000000400 R14: ffff88805b764604 R15: ffff88805b7a00c0
FS:  00007f3c1748c6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000142000 CR3: 0000000070504000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock+0x1a/0x40 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:403 [inline]
 io_poll_check_events+0x512/0x810 io_uring/io_uring.c:5671
 io_poll_task_func+0x40/0x280 io_uring/io_uring.c:5697
 tctx_task_work+0x2d3/0x5d0 io_uring/io_uring.c:2209
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_signal include/linux/tracehook.h:214 [inline]
 handle_signal_work kernel/entry/common.c:152 [inline]
 exit_to_user_mode_loop+0x8d/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f3c19224be9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3c1748c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: 0000000000000001 RBX: 00007f3c1945bfa0 RCX: 00007f3c19224be9
RDX: 0000000000000005 RSI: 0000000000002311 RDI: 0000000000000003
RBP: 00007f3c192a7e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3c1945c038 R14: 00007f3c1945bfa0 R15: 00007ffd174f7cb8
 </TASK>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/08 18:58 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: task hung in io_uring_del_tctx_node
2025/08/03 14:19 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: task hung in io_uring_del_tctx_node
2025/07/24 10:19 linux-5.15.y c79648372d02 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 INFO: task hung in io_uring_del_tctx_node
* Struck through repros no longer work on HEAD.