syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12476] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in hashlimit_mt_check_common

Status: fixed on 2020/04/15 17:19
Reported-by: syzbot+adf6c6c2be1c3a718121@syzkaller.appspotmail.com
Fix commit: 8d0015a7ab76 netfilter: xt_hashlimit: limit the max size of hashtable c4a3922d2d20 netfilter: xt_hashlimit: reduce hashlimit_mutex scope for htable_put()
First crash: 1562d, last: 1521d
Cause bisection: introduced by (bisect log) :
commit 7ddd8faf4399ab4f4edad5604eab35f8a87caf02
Author: Andrea Arcangeli <aarcange@redhat.com>
Date: Fri Oct 13 22:57:54 2017 +0000

  userfaultfd: selftest: exercise -EEXIST only in background transfer

Crash: WARNING: ODEBUG bug in netdev_freemem (log)
Repro: C syz .config
  
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 5.5 000/176] 5.5.8-stable review 201 (201) 2020/03/04 22:14
[PATCH 5.4 000/152] 5.4.24-stable review 160 (160) 2020/03/04 16:52
[PATCH 4.14 000/237] 4.14.172-stable review 252 (252) 2020/03/01 09:52
[PATCH 4.19 00/97] 4.19.107-stable review 108 (108) 2020/02/28 18:05
[PATCH 5.5 000/150] 5.5.7-stable review 166 (166) 2020/02/28 15:12
[PATCH 4.9 000/165] 4.9.215-stable review 174 (174) 2020/02/28 14:31
[PATCH 5.4 000/135] 5.4.23-stable review 140 (140) 2020/02/28 03:42
[PATCH 0/9] Netfilter fixes for net 11 (11) 2020/02/18 23:45
[Patch nf v2 0/3] netfilter: xt_hashlimit: a few improvements 11 (11) 2020/02/07 14:57
[Patch nf 0/3] netfilter: xt_hashlimit: a few improvements 14 (14) 2020/02/02 22:37
Re: INFO: task hung in hashlimit_mt_check_common 2 (2) 2020/02/01 18:52
INFO: task hung in hashlimit_mt_check_common 0 (3) 2020/01/26 07:26
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in hashlimit_mt_check_common C done 3 1527d 1542d 1/1 fixed on 2020/03/16 09:27
linux-4.14 INFO: task hung in hashlimit_mt_check_common C done 6 1526d 1577d 1/1 fixed on 2020/03/17 21:24
Last patch testing requests (7)
Created Duration User Patch Repo Result
2020/02/01 20:07 17m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot OK
2020/01/31 19:38 18m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot OK
2020/01/29 19:17 13m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot report log
2020/01/26 18:57 14m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot report log
2020/01/24 19:03 13m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot report log
2020/01/23 06:30 13m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git syzbot report log
2020/01/22 22:11 14m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log

Sample crash report:
INFO: task syz-executor870:10625 blocked for more than 143 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor870 D27248 10625  10624 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4215
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
 hashlimit_mt_check_v1+0x325/0x3ab net/netfilter/xt_hashlimit.c:918
 xt_check_match+0x280/0x690 net/netfilter/x_tables.c:501
 check_match net/ipv4/netfilter/ip_tables.c:472 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:488 [inline]
 find_check_entry.isra.0+0x32f/0x920 net/ipv4/netfilter/ip_tables.c:538
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: 73 75 70 70 6f 72 74 65 64 20 69 6e 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6d 6f 64 65 73 20 30 20 74 6f 20 32 20 2d 20 <69> 67 6e 6f 72 65 64 0a 00 00 00 00 00 00 00 72 73 79 73 6c 6f 67
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor870:10627 blocked for more than 143 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor870 D28072 10627  10619 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4215
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
 hashlimit_mt_check_v1+0x325/0x3ab net/netfilter/xt_hashlimit.c:918
 xt_check_match+0x280/0x690 net/netfilter/x_tables.c:501
 check_match net/ipv4/netfilter/ip_tables.c:472 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:488 [inline]
 find_check_entry.isra.0+0x32f/0x920 net/ipv4/netfilter/ip_tables.c:538
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: 73 75 70 70 6f 72 74 65 64 20 69 6e 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6d 6f 64 65 73 20 30 20 74 6f 20 32 20 2d 20 <69> 67 6e 6f 72 65 64 0a 00 00 00 00 00 00 00 72 73 79 73 6c 6f 67
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor870:10628 blocked for more than 144 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor870 D27640 10628  10620 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4215
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
 hashlimit_mt_check_v1+0x325/0x3ab net/netfilter/xt_hashlimit.c:918
 xt_check_match+0x280/0x690 net/netfilter/x_tables.c:501
 check_match net/ipv4/netfilter/ip_tables.c:472 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:488 [inline]
 find_check_entry.isra.0+0x32f/0x920 net/ipv4/netfilter/ip_tables.c:538
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: 73 75 70 70 6f 72 74 65 64 20 69 6e 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6d 6f 64 65 73 20 30 20 74 6f 20 32 20 2d 20 <69> 67 6e 6f 72 65 64 0a 00 00 00 00 00 00 00 72 73 79 73 6c 6f 67
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor870:10629 blocked for more than 144 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor870 D28072 10629  10621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4215
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
 hashlimit_mt_check_v1+0x325/0x3ab net/netfilter/xt_hashlimit.c:918
 xt_check_match+0x280/0x690 net/netfilter/x_tables.c:501
 check_match net/ipv4/netfilter/ip_tables.c:472 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:488 [inline]
 find_check_entry.isra.0+0x32f/0x920 net/ipv4/netfilter/ip_tables.c:538
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: 73 75 70 70 6f 72 74 65 64 20 69 6e 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6d 6f 64 65 73 20 30 20 74 6f 20 32 20 2d 20 <69> 67 6e 6f 72 65 64 0a 00 00 00 00 00 00 00 72 73 79 73 6c 6f 67
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor870:10630 blocked for more than 145 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor870 D28072 10630  10622 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4215
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
 hashlimit_mt_check_v1+0x325/0x3ab net/netfilter/xt_hashlimit.c:918
 xt_check_match+0x280/0x690 net/netfilter/x_tables.c:501
 check_match net/ipv4/netfilter/ip_tables.c:472 [inline]
 find_check_match net/ipv4/netfilter/ip_tables.c:488 [inline]
 find_check_entry.isra.0+0x32f/0x920 net/ipv4/netfilter/ip_tables.c:538
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: 73 75 70 70 6f 72 74 65 64 20 69 6e 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 20 6d 6f 64 65 73 20 30 20 74 6f 20 32 20 2d 20 <69> 67 6e 6f 72 65 64 0a 00 00 00 00 00 00 00 72 73 79 73 6c 6f 67
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1141:
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 kernel/locking/lockdep.c:5333
1 lock held by rsyslogd/10464:
 #0: ffff8880928030e0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:821
2 locks held by getty/10586:
 #0: ffff888095314090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc900017cb2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10587:
 #0: ffff888093dc1090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000185b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10588:
 #0: ffff888091cf8090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000181b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10589:
 #0: ffff888091242090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000183b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10590:
 #0: ffff888096be6090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000182b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10591:
 #0: ffff8880a8c42090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000184b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10592:
 #0: ffff888092065090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc9000179b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor870/10625:
 #0: ffffffff8a7d2760 (hashlimit_mutex){+.+.}, at: hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
1 lock held by syz-executor870/10626:
1 lock held by syz-executor870/10627:
 #0: ffffffff8a7d2760 (hashlimit_mutex){+.+.}, at: hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
1 lock held by syz-executor870/10628:
 #0: ffffffff8a7d2760 (hashlimit_mutex){+.+.}, at: hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
1 lock held by syz-executor870/10629:
 #0: ffffffff8a7d2760 (hashlimit_mutex){+.+.}, at: hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889
1 lock held by syz-executor870/10630:
 #0: ffffffff8a7d2760 (hashlimit_mutex){+.+.}, at: hashlimit_mt_check_common.isra.0+0x341/0x1500 net/netfilter/xt_hashlimit.c:889

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1141 Comm: khungtaskd Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xb11/0x10c0 kernel/hung_task.c:289
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 10626 Comm: syz-executor870 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlock_class kernel/locking/lockdep.c:175 [inline]
RIP: 0010:__lock_acquire+0x1a08/0x4a00 kernel/locking/lockdep.c:3950
Code: 06 48 8d 3c c5 60 9b 51 8b e8 f4 21 59 00 48 0f a3 1d 1c b8 f6 09 4c 8b 95 70 ff ff ff 4c 8b 9d 30 ff ff ff 0f 83 18 07 00 00 <48> 69 db b0 00 00 00 48 81 c3 80 9f 51 8b 48 8d 7b 40 48 b8 00 00
RSP: 0018:ffffc90001fe75f0 EFLAGS: 00000047
RAX: 0000000000000001 RBX: 00000000000005ae RCX: ffffffff815ae33c
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8b519c10
RBP: ffffc90001fe7708 R08: 1ffffffff16a3382 R09: fffffbfff16a3383
R10: ffff8880a8410a80 R11: ffff8880a84101c0 R12: 000000004d1f54c1
R13: ffffffff8aa5d510 R14: ffff8880a8410a58 R15: 0000000000000000
FS:  0000000001be0880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000009fbae000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:343 [inline]
 htable_selective_cleanup+0xa1/0x340 net/netfilter/xt_hashlimit.c:368
 htable_destroy net/netfilter/xt_hashlimit.c:408 [inline]
 htable_put+0x174/0x220 net/netfilter/xt_hashlimit.c:435
 hashlimit_mt_destroy_v1+0x50/0x70 net/netfilter/xt_hashlimit.c:964
 cleanup_match+0xde/0x170 net/ipv6/netfilter/ip6_tables.c:478
 find_check_entry.isra.0+0x454/0x920 net/ipv4/netfilter/ip_tables.c:564
 translate_table+0xcb4/0x17d0 net/ipv4/netfilter/ip_tables.c:717
 do_replace net/ipv4/netfilter/ip_tables.c:1136 [inline]
 do_ipt_set_ctl+0x2fe/0x4c2 net/ipv4/netfilter/ip_tables.c:1672
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline]
 ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
 tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441c39
Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcec7c8618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441c39
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000318 R09: 00000000004002c8
R10: 0000000020000540 R11: 0000000000000246 R12: 00000000004029b0
R13: 0000000000402a40 R14: 0000000000000000 R15: 0000000000000000

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/15 08:15 upstream 2019fc96af22 5d7b90f1 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/02/13 21:36 upstream 0bf999f9c5e7 c5ed587f .config console log report syz C ci-upstream-kasan-gce-root
2020/02/12 08:08 upstream 359c92c02bfa a75b198c .config console log report syz C ci-upstream-kasan-gce
2020/02/03 01:13 upstream 46d6b7becb1d 93e5e335 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/01/29 00:56 upstream c677124e631d c8e81ce4 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/01/28 14:54 upstream b0be0eff1a5a 56cd6c9b .config console log report syz C ci-upstream-kasan-gce
2020/01/28 07:42 upstream d5226fa6dbae 56cd6c9b .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/01/20 02:01 upstream 8f8972a3127f 0342f8c7 .config console log report syz C ci-upstream-kasan-gce
2020/01/19 21:57 upstream 8f8972a3127f 0342f8c7 .config console log report syz C ci-upstream-kasan-gce-root
2020/01/19 14:13 net-old e02d9c4c68dc bc8bc756 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/02/12 13:19 net-next-old fdfa3a6778b1 a75b198c .config console log report syz C ci-upstream-net-kasan-gce
2020/02/11 07:32 net-next-old fdfa3a6778b1 084454ae .config console log report syz C ci-upstream-net-kasan-gce
2020/01/28 16:16 net-next-old 3127642dc1d1 56cd6c9b .config console log report syz C ci-upstream-net-kasan-gce
2020/01/19 08:16 net-next-old 9aaa29494030 bc8bc756 .config console log report syz C ci-upstream-net-kasan-gce
2020/01/29 21:34 upstream b3a608222336 5ed23f9a .config console log report ci-upstream-kasan-gce-smack-root
2020/01/10 04:56 upstream e69ec487b2c7 4de4e9f0 .config console log report ci-upstream-kasan-gce
2020/02/19 07:13 net-old 9facfdb54673 135c18aa .config console log report ci-upstream-net-this-kasan-gce
2020/02/12 12:05 net-old f27f37a04a69 a75b198c .config console log report ci-upstream-net-this-kasan-gce
2020/02/02 00:03 net-old e8d5bb4dfaa7 2274ad39 .config console log report ci-upstream-net-this-kasan-gce
2020/02/02 16:43 net-next-old 9f68e3655aae 93e5e335 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.