INFO: task hung in __tun_chr

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
INFO: task hung in netdev_run_todo net				12	1707d	2262d

1707d

2262d

Title	Replies (including bot)	Last reply
INFO: task hung in __tun_chr_ioctl	1 (2)	2018/03/19 06:34

Title

Replies (including bot)

Last reply

1 (2)

2018/03/19 06:34

Kernel	Title	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in __tun_chr_ioctl (4) net	1	383d	383d	0/26	auto-obsoleted due to no activity on 2023/07/04 14:00
upstream	INFO: task hung in __tun_chr_ioctl (3) net	2	576d	664d	0/26	auto-obsoleted due to no activity on 2023/01/03 09:42
upstream	INFO: task hung in __tun_chr_ioctl (2) wireguard	1	1028d	1028d	0/26	auto-closed as invalid on 2021/09/27 23:09

IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state INFO: task syz-executor0:9993 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D20648 9993 5672 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 __tun_chr_ioctl+0x2d7/0x46e0 drivers/net/tun.c:3008 tun_chr_ioctl+0x2a/0x40 drivers/net/tun.c:3282 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: Bad RIP value. RSP: 002b:00007ff124abec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000020000080 RSI: 00000000400454ca RDI: 0000000000000004 RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff124abf6d4 R13: 00000000004c1309 R14: 00000000004d2140 R15: 00000000ffffffff INFO: task syz-executor0:10039 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D24384 10039 5672 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 tun_detach drivers/net/tun.c:737 [inline] tun_chr_close+0x3d/0x180 drivers/net/tun.c:3376 __fput+0x385/0xa30 fs/file_table.c:278 ____fput+0x15/0x20 fs/file_table.c:309 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007ff124a9dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff124a9e6d4 R13: 00000000004efe32 R14: 00000000004cc6e0 R15: 00000000ffffffff INFO: task syz-executor0:10042 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D24600 10042 5672 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x40e/0xc20 net/core/rtnetlink.c:4944 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4965 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x5a5/0x760 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2116 __sys_sendmsg+0x11d/0x280 net/socket.c:2154 __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg net/socket.c:2161 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2161 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007ff124a7cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000020000100 RDI: 000000000000000b RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff124a7d6d4 R13: 00000000004c3b16 R14: 00000000004d5c08 R15: 00000000ffffffff INFO: task syz-executor2:9991 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor2 D22200 9991 5698 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 sock_do_ioctl+0x2f4/0x420 net/socket.c:963 sock_ioctl+0x313/0x690 net/socket.c:1074 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007f3d08934c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 00000000200001c0 RSI: 0020000000008912 RDI: 0000000000000006 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d089356d4 R13: 00000000004be737 R14: 00000000004ce618 R15: 00000000ffffffff INFO: task syz-executor3:10026 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D23560 10026 5737 0x80000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 gtp_net_exit+0x249/0x440 drivers/net/gtp.c:1317 ops_exit_list.isra.5+0xb0/0x160 net/core/net_namespace.c:153 setup_net+0x501/0x8d0 net/core/net_namespace.c:331 copy_net_ns+0x2b1/0x4a0 net/core/net_namespace.c:437 create_new_namespaces+0x6ad/0x900 kernel/nsproxy.c:107 unshare_nsproxy_namespaces+0xc3/0x1f0 kernel/nsproxy.c:206 ksys_unshare+0x79c/0x10b0 kernel/fork.c:2539 __do_sys_unshare kernel/fork.c:2607 [inline] __se_sys_unshare kernel/fork.c:2605 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2605 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007f6da77fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000004c000000 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da77fc6d4 R13: 00000000004c5199 R14: 00000000004d8998 R15: 00000000ffffffff INFO: task syz-executor3:10029 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D25208 10029 5737 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 sock_do_ioctl+0x2f4/0x420 net/socket.c:963 sock_ioctl+0x313/0x690 net/socket.c:1074 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007f6da77dac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000005 RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da77db6d4 R13: 00000000004c07eb R14: 00000000004d0c40 R15: 00000000ffffffff INFO: task syz-executor3:10040 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D22728 10040 5737 0x80000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 gtp_net_exit+0x249/0x440 drivers/net/gtp.c:1317 ops_exit_list.isra.5+0xb0/0x160 net/core/net_namespace.c:153 setup_net+0x501/0x8d0 net/core/net_namespace.c:331 copy_net_ns+0x2b1/0x4a0 net/core/net_namespace.c:437 create_new_namespaces+0x6ad/0x900 kernel/nsproxy.c:107 unshare_nsproxy_namespaces+0xc3/0x1f0 kernel/nsproxy.c:206 ksys_unshare+0x79c/0x10b0 kernel/fork.c:2539 __do_sys_unshare kernel/fork.c:2607 [inline] __se_sys_unshare kernel/fork.c:2605 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2605 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007f6da77b9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000004c000000 RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da77ba6d4 R13: 00000000004c5199 R14: 00000000004d8998 R15: 00000000ffffffff INFO: task syz-executor3:10050 blocked for more than 140 seconds. Not tainted 4.20.0-rc1+ #323 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D24408 10050 5737 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3574 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xaff/0x16f0 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 sock_do_ioctl+0x2f4/0x420 net/socket.c:963 sock_ioctl+0x313/0x690 net/socket.c:1074 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x1de/0x1790 fs/ioctl.c:696 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: 83 c4 18 c3 e8 d8 64 00 00 48 8b 04 24 48 8b 4c 24 08 48 89 01 e8 d7 2d fc ff e8 22 7a fc ff b8 02 00 00 00 48 8d 0d 6a e1 0a <01> 87 01 8b 05 62 e1 0a 01 83 f8 01 0f 85 8a 00 00 00 b8 01 00 00 RSP: 002b:00007f6da7777c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000007 RBP: 000000000072c180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da77786d4 R13: 00000000004c07eb R14: 00000000004d0c40 R15: 00000000ffffffff Showing all locks held in the system: 3 locks held by kworker/1:0/17: #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:209 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 000000001222c2e7 (deferred_process_work){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 1 lock held by khungtaskd/1011: #0: 00000000348b3273 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379 1 lock held by rsyslogd/5541: #0: 00000000e9bcca04 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766 2 locks held by getty/5631: #0: 00000000403e7e23 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000bf276896 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5632: #0: 00000000b4ee02fd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000011562552 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5633: #0: 000000001189a9a6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000027588053 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5634: #0: 00000000afc46efa (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000005479dd0e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5635: #0: 00000000eb43670c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000003cef0354 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5636: #0: 0000000093db4a36 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000003de847f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/5637: #0: 000000003fbbf97c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000041bfde16 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 3 locks held by kworker/0:3/5854: #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: __write_once_size include/linux/compiler.h:209 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000011ee3b38 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 000000001db9f739 ((addr_chk_work).work){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 3 locks held by kworker/1:4/6052: #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:209 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000af24a67f ((wq_completion)"events"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 00000000a32912e4 ((linkwatch_work).work){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 2 locks held by syz-executor0/9984: 1 lock held by syz-executor0/9993: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 1 lock held by syz-executor0/10039: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 1 lock held by syz-executor0/10042: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20 net/core/rtnetlink.c:4944 1 lock held by syz-executor2/9991: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 2 locks held by syz-executor3/10026: #0: 00000000845ea18d (pernet_ops_rwsem){++++}, at: copy_net_ns+0x28c/0x4a0 net/core/net_namespace.c:433 #1: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 1 lock held by syz-executor3/10029: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 2 locks held by syz-executor3/10040: #0: 00000000845ea18d (pernet_ops_rwsem){++++}, at: copy_net_ns+0x28c/0x4a0 net/core/net_namespace.c:433 #1: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 1 lock held by syz-executor3/10050: #0: 00000000bba6df9f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1011 Comm: khungtaskd Not tainted 4.20.0-rc1+ #323 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xb51/0x1060 kernel/hung_task.c:289 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.763 msecs NMI backtrace for cpu 1 CPU: 1 PID: 9984 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #323 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__wrmsr arch/x86/include/asm/msr.h:105 [inline] RIP: 0010:native_write_msr+0xa/0x30 arch/x86/include/asm/msr.h:162 Code: 5d c3 0f 21 c8 5d c3 0f 21 d0 5d c3 0f 21 d8 5d c3 0f 21 f0 5d c3 0f 0b 0f 1f 84 00 00 00 00 00 55 89 f9 89 f0 48 89 e5 0f 30 <0f> 1f 44 00 00 5d c3 48 c1 e2 20 89 f6 48 09 d6 31 d2 e8 2f 3b 6f RSP: 0018:ffff8801daf07d30 EFLAGS: 00000046 RAX: 0000000000000041 RBX: 0000000000000838 RCX: 0000000000000838 RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000838 RBP: ffff8801daf07d30 R08: ffff880185aac280 R09: 0000000000000006 R10: fffffbfff14a3e09 R11: 0000000000000001 R12: 0000000000000041 R13: 0000000000000000 R14: 0000000000000000 R15: 7fffffffffffffff FS: 00007ff124ae0700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 00000001d85ee000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> paravirt_write_msr arch/x86/include/asm/paravirt.h:174 [inline] native_apic_msr_write+0x5a/0x80 arch/x86/include/asm/apic.h:209 apic_write arch/x86/include/asm/apic.h:397 [inline] lapic_next_event+0x5a/0x90 arch/x86/kernel/apic/apic.c:466 clockevents_program_event+0x251/0x370 kernel/time/clockevents.c:344 tick_program_event+0xb7/0x130 kernel/time/tick-oneshot.c:48 hrtimer_interrupt+0x368/0x780 kernel/time/hrtimer.c:1531 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline] smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:804 </IRQ> RIP: 0010:arch_local_irq_disable arch/x86/include/asm/paravirt.h:766 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_acquire+0x137/0x520 kernel/locking/lockdep.c:3839 Code: 48 89 85 20 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 84 03 00 00 48 83 3d b1 22 f0 07 00 <0f> 84 e3 02 00 00 fa 66 0f 1f 44 00 00 65 48 8b 14 25 40 ee 01 00 RSP: 0018:ffff880184c26498 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff10030984c98 RCX: 0000000000000000 RDX: 1ffffffff12a3f77 RSI: 0000000000000000 RDI: ffffffff8951fbb8 RBP: ffff880184c26588 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffff880185aac280 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2d/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] nf_conntrack_lock+0x75/0x170 net/netfilter/nf_conntrack_core.c:95 get_next_corpse net/netfilter/nf_conntrack_core.c:1881 [inline] nf_ct_iterate_cleanup+0x255/0x5e0 net/netfilter/nf_conntrack_core.c:1915 nf_ct_iterate_cleanup_net+0x237/0x2d0 net/netfilter/nf_conntrack_core.c:2000 masq_device_event+0xcf/0x100 net/ipv4/netfilter/nf_nat_masquerade_ipv4.c:100 notifier_call_chain+0x17e/0x380 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1733 call_netdevice_notifiers net/core/dev.c:1751 [inline] __dev_notify_flags+0x29b/0x480 net/core/dev.c:7535 dev_change_flags+0xfd/0x150 net/core/dev.c:7569 do_setlink+0xb5f/0x3f20 net/core/rtnetlink.c:2492 rtnl_group_changelink net/core/rtnetlink.c:2959 [inline] rtnl_newlink+0x139e/0x1da0 net/core/rtnetlink.c:3117 rtnetlink_rcv_msg+0x46a/0xc20 net/core/rtnetlink.c:4947 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4965 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x5a5/0x760 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2116 __sys_sendmsg+0x11d/0x280 net/socket.c:2154 __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg net/socket.c:2161 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2161 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff124adfc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff124ae06d4 R13: 00000000004c3b16 R14: 00000000004d5c08 R15: 00000000ffffffff

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2018/11/06 23:03	upstream	8053e5b93eca	8bd6bd63	.config	console log	report					ci-upstream-kasan-gce
2018/03/17 17:40	upstream	8f5fd927c3a7	08dacaa0	.config	console log	report					ci-upstream-kasan-gce

Crashes (2):

Assets (help?)