possible deadlock in __dev_queue

possible deadlock in __dev_queue_xmit (3)
Status: upstream: reported on 2019/12/03 09:55
Reported-by: syzbot+3b165dac15094065651e@syzkaller.appspotmail.com
First crash: 181d, last: 3h57m

similar bugs (6):
Kernel	Title	Count	Last	Reported	Patched	Status
android-49	possible deadlock in __dev_queue_xmit	4	341d	410d	0/3	auto-closed as invalid on 2019/10/25 08:36
android-414	possible deadlock in __dev_queue_xmit	3	400d	411d	0/1	auto-closed as invalid on 2019/10/21 21:31
android-44	possible deadlock in __dev_queue_xmit	14	176d	238d	0/2	auto-closed as invalid on 2020/04/02 07:14
linux-4.14	possible deadlock in __dev_queue_xmit	5	37d	332d	0/1	upstream: reported on 2019/07/02 00:39
upstream	possible deadlock in __dev_queue_xmit	1	499d	499d	0/17	closed as invalid on 2019/03/10 18:51
upstream	possible deadlock in __dev_queue_xmit (2)	2	311d	427d	0/17	auto-closed as invalid on 2019/11/19 09:01

Sample crash report:

======================================================
WARNING: possible circular locking dependency detected
5.6.0-rc1-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/16809 is trying to acquire lock:
ffff888097abd218 (&dev->qdisc_tx_busylock_key#25){+...}, at: spin_lock include/linux/spinlock.h:338 [inline]
ffff888097abd218 (&dev->qdisc_tx_busylock_key#25){+...}, at: __dev_xmit_skb net/core/dev.c:3694 [inline]
ffff888097abd218 (&dev->qdisc_tx_busylock_key#25){+...}, at: __dev_queue_xmit+0x2dcb/0x35c0 net/core/dev.c:4032

but task is already holding lock:
ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: __netif_tx_lock include/linux/netdevice.h:4002 [inline]
ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: sch_direct_xmit+0x2e0/0xd30 net/sched/sch_generic.c:311

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&dev->qdisc_xmit_lock_key#73){+.-.}:
       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
       _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:151
       spin_lock include/linux/spinlock.h:338 [inline]
       __netif_tx_lock include/linux/netdevice.h:4002 [inline]
       sch_direct_xmit+0x2e0/0xd30 net/sched/sch_generic.c:311
       __dev_xmit_skb net/core/dev.c:3671 [inline]
       __dev_queue_xmit+0x2707/0x35c0 net/core/dev.c:4032
       dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
       neigh_resolve_output net/core/neighbour.c:1487 [inline]
       neigh_resolve_output+0x5c4/0x990 net/core/neighbour.c:1467
       neigh_output include/net/neighbour.h:510 [inline]
       ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
       __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
       ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:296 [inline]
       ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       NF_HOOK include/linux/netfilter.h:307 [inline]
       NF_HOOK include/linux/netfilter.h:301 [inline]
       mld_sendpack+0x9c2/0xed0 net/ipv6/mcast.c:1682
       mld_send_cr net/ipv6/mcast.c:1978 [inline]
       mld_ifc_timer_expire+0x454/0x950 net/ipv6/mcast.c:2477
       call_timer_fn+0x1ac/0x780 kernel/time/timer.c:1404
       expire_timers kernel/time/timer.c:1449 [inline]
       __run_timers kernel/time/timer.c:1773 [inline]
       __run_timers kernel/time/timer.c:1740 [inline]
       run_timer_softirq+0x6c3/0x1790 kernel/time/timer.c:1786
       __do_softirq+0x262/0x98c kernel/softirq.c:292
       invoke_softirq kernel/softirq.c:373 [inline]
       irq_exit+0x19b/0x1e0 kernel/softirq.c:413
       exiting_irq arch/x86/include/asm/apic.h:546 [inline]
       smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1146
       apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
       arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline]
       console_unlock+0xbb8/0xf00 kernel/printk/printk.c:2481
       vprintk_emit+0x2a0/0x700 kernel/printk/printk.c:1996
       vprintk_default+0x28/0x30 kernel/printk/printk.c:2023
       vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:386
       printk+0xba/0xed kernel/printk/printk.c:2056
       addrconf_notify.cold+0x2c/0x76 net/ipv6/addrconf.c:3573
       notifier_call_chain+0xc2/0x230 kernel/notifier.c:83
       __raw_notifier_call_chain kernel/notifier.c:361 [inline]
       raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368
       call_netdevice_notifiers_info net/core/dev.c:1943 [inline]
       call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1928
       netdev_state_change net/core/dev.c:1378 [inline]
       netdev_state_change+0x10d/0x140 net/core/dev.c:1371
       linkwatch_do_dev+0x14e/0x190 net/core/link_watch.c:159
       __linkwatch_run_queue+0x203/0x690 net/core/link_watch.c:204
       linkwatch_event+0x4e/0x70 net/core/link_watch.c:243
       process_one_work+0xa05/0x17a0 kernel/workqueue.c:2264
       worker_thread+0x98/0xe40 kernel/workqueue.c:2410
       kthread+0x361/0x430 kernel/kthread.c:255
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

-> #0 (&dev->qdisc_tx_busylock_key#25){+...}:
       check_prev_add kernel/locking/lockdep.c:2475 [inline]
       check_prevs_add kernel/locking/lockdep.c:2580 [inline]
       validate_chain kernel/locking/lockdep.c:2970 [inline]
       __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3954
       lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484
       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
       _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:151
       spin_lock include/linux/spinlock.h:338 [inline]
       __dev_xmit_skb net/core/dev.c:3694 [inline]
       __dev_queue_xmit+0x2dcb/0x35c0 net/core/dev.c:4032
       dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
       neigh_resolve_output net/core/neighbour.c:1487 [inline]
       neigh_resolve_output+0x5c4/0x990 net/core/neighbour.c:1467
       neigh_output include/net/neighbour.h:510 [inline]
       ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
       __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
       ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:296 [inline]
       ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       NF_HOOK include/linux/netfilter.h:307 [inline]
       ndisc_send_skb+0xf1f/0x1490 net/ipv6/ndisc.c:505
       ndisc_send_ns+0x3a9/0x850 net/ipv6/ndisc.c:647
       ndisc_solicit+0x2ed/0x470 net/ipv6/ndisc.c:739
       neigh_probe+0xd0/0x120 net/core/neighbour.c:1009
       __neigh_event_send+0x3e3/0x17e0 net/core/neighbour.c:1169
       neigh_event_send include/net/neighbour.h:444 [inline]
       neigh_resolve_output+0x5ee/0x990 net/core/neighbour.c:1471
       neigh_output include/net/neighbour.h:510 [inline]
       ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
       __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
       ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:296 [inline]
       ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       ip6_local_out+0xbb/0x1b0 net/ipv6/output_core.c:179
       ip6_send_skb+0xbb/0x350 net/ipv6/ip6_output.c:1795
       ip6_push_pending_frames+0xc8/0xf0 net/ipv6/ip6_output.c:1815
       icmpv6_push_pending_frames+0x34b/0x540 net/ipv6/icmp.c:285
       icmp6_send+0x1a7f/0x1f90 net/ipv6/icmp.c:598
       icmpv6_send+0xec/0x220 net/ipv6/ip6_icmp.c:43
       ip6_link_failure+0x2b/0x530 net/ipv6/route.c:2643
       dst_link_failure include/net/dst.h:419 [inline]
       ip_tunnel_xmit+0x1738/0x2d0c net/ipv4/ip_tunnel.c:824
       __gre_xmit+0x5e9/0x9a0 net/ipv4/ip_gre.c:448
       erspan_xmit+0x912/0x28f0 net/ipv4/ip_gre.c:683
       __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
       netdev_start_xmit include/linux/netdevice.h:4538 [inline]
       xmit_one net/core/dev.c:3470 [inline]
       dev_hard_start_xmit+0x1a3/0x9b0 net/core/dev.c:3486
       sch_direct_xmit+0x372/0xd30 net/sched/sch_generic.c:313
       qdisc_restart net/sched/sch_generic.c:376 [inline]
       __qdisc_run+0x4bf/0x17e0 net/sched/sch_generic.c:384
       __dev_xmit_skb net/core/dev.c:3727 [inline]
       __dev_queue_xmit+0x163f/0x35c0 net/core/dev.c:4032
       dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
       neigh_resolve_output net/core/neighbour.c:1487 [inline]
       neigh_resolve_output+0x5c4/0x990 net/core/neighbour.c:1467
       neigh_output include/net/neighbour.h:510 [inline]
       ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
       __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
       ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
       NF_HOOK_COND include/linux/netfilter.h:296 [inline]
       ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
       dst_output include/net/dst.h:436 [inline]
       NF_HOOK include/linux/netfilter.h:307 [inline]
       rawv6_send_hdrinc net/ipv6/raw.c:687 [inline]
       rawv6_sendmsg+0x20f6/0x3900 net/ipv6/raw.c:944
       inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807
       sock_sendmsg_nosec net/socket.c:652 [inline]
       sock_sendmsg+0xd7/0x130 net/socket.c:672
       sock_write_iter+0x2cb/0x400 net/socket.c:1004
       call_write_iter include/linux/fs.h:1901 [inline]
       aio_write+0x2f2/0x540 fs/aio.c:1583
       __io_submit_one fs/aio.c:1831 [inline]
       io_submit_one+0xfbd/0x2ec0 fs/aio.c:1878
       __do_sys_io_submit fs/aio.c:1937 [inline]
       __se_sys_io_submit fs/aio.c:1907 [inline]
       __x64_sys_io_submit+0x1bd/0x540 fs/aio.c:1907
       do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&dev->qdisc_xmit_lock_key#73);
                               lock(&dev->qdisc_tx_busylock_key#25);
                               lock(&dev->qdisc_xmit_lock_key#73);
  lock(&dev->qdisc_tx_busylock_key#25);

 *** DEADLOCK ***

12 locks held by syz-executor.5/16809:
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: l3mdev_l3_out include/net/l3mdev.h:179 [inline]
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: l3mdev_ip6_out include/net/l3mdev.h:200 [inline]
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: rawv6_send_hdrinc net/ipv6/raw.c:677 [inline]
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: rawv6_sendmsg+0x1ee3/0x3900 net/ipv6/raw.c:944
 #1: ffffffff89bac200 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #1: ffffffff89bac200 (rcu_read_lock_bh){....}, at: ip6_finish_output2+0x214/0x25c0 net/ipv6/ip6_output.c:102
 #2: ffffffff89bac200 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x35c0 net/core/dev.c:3998
 #3: ffff888097abd138 (&dev->qdisc_running_key#25){+...}, at: dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
 #4: ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
 #4: ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: __netif_tx_lock include/linux/netdevice.h:4002 [inline]
 #4: ffff8880a07cd898 (&dev->qdisc_xmit_lock_key#73){+.-.}, at: sch_direct_xmit+0x2e0/0xd30 net/sched/sch_generic.c:311
 #5: ffffffff89bac240 (rcu_read_lock){....}, at: icmpv6_send+0x0/0x220 net/ipv6/ip6_icmp.c:31
 #6: ffff8880594ef760 (k-slock-AF_INET6){+.-.}, at: spin_trylock include/linux/spinlock.h:348 [inline]
 #6: ffff8880594ef760 (k-slock-AF_INET6){+.-.}, at: icmpv6_xmit_lock net/ipv6/icmp.c:117 [inline]
 #6: ffff8880594ef760 (k-slock-AF_INET6){+.-.}, at: icmp6_send+0xde8/0x1f90 net/ipv6/icmp.c:519
 #7: ffffffff89bac240 (rcu_read_lock){....}, at: icmp6_send+0x13cd/0x1f90 net/ipv6/icmp.c:579
 #8: ffffffff89bac200 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #8: ffffffff89bac200 (rcu_read_lock_bh){....}, at: ip6_finish_output2+0x214/0x25c0 net/ipv6/ip6_output.c:102
 #9: ffffffff89bac240 (rcu_read_lock){....}, at: ip6_nd_hdr net/ipv6/ndisc.c:463 [inline]
 #9: ffffffff89bac240 (rcu_read_lock){....}, at: ndisc_send_skb+0x7fe/0x1490 net/ipv6/ndisc.c:499
 #10: ffffffff89bac200 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #10: ffffffff89bac200 (rcu_read_lock_bh){....}, at: ip6_finish_output2+0x214/0x25c0 net/ipv6/ip6_output.c:102
 #11: ffffffff89bac200 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x35c0 net/core/dev.c:3998

stack backtrace:
CPU: 0 PID: 16809 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_circular_bug.isra.0.cold+0x163/0x172 kernel/locking/lockdep.c:1684
 check_noncircular+0x32e/0x3e0 kernel/locking/lockdep.c:1808
 check_prev_add kernel/locking/lockdep.c:2475 [inline]
 check_prevs_add kernel/locking/lockdep.c:2580 [inline]
 validate_chain kernel/locking/lockdep.c:2970 [inline]
 __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3954
 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:338 [inline]
 __dev_xmit_skb net/core/dev.c:3694 [inline]
 __dev_queue_xmit+0x2dcb/0x35c0 net/core/dev.c:4032
 dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
 neigh_resolve_output net/core/neighbour.c:1487 [inline]
 neigh_resolve_output+0x5c4/0x990 net/core/neighbour.c:1467
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
 __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ndisc_send_skb+0xf1f/0x1490 net/ipv6/ndisc.c:505
 ndisc_send_ns+0x3a9/0x850 net/ipv6/ndisc.c:647
 ndisc_solicit+0x2ed/0x470 net/ipv6/ndisc.c:739
 neigh_probe+0xd0/0x120 net/core/neighbour.c:1009
 __neigh_event_send+0x3e3/0x17e0 net/core/neighbour.c:1169
 neigh_event_send include/net/neighbour.h:444 [inline]
 neigh_resolve_output+0x5ee/0x990 net/core/neighbour.c:1471
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
 __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 ip6_local_out+0xbb/0x1b0 net/ipv6/output_core.c:179
 ip6_send_skb+0xbb/0x350 net/ipv6/ip6_output.c:1795
 ip6_push_pending_frames+0xc8/0xf0 net/ipv6/ip6_output.c:1815
 icmpv6_push_pending_frames+0x34b/0x540 net/ipv6/icmp.c:285
 icmp6_send+0x1a7f/0x1f90 net/ipv6/icmp.c:598
 icmpv6_send+0xec/0x220 net/ipv6/ip6_icmp.c:43
 ip6_link_failure+0x2b/0x530 net/ipv6/route.c:2643
 dst_link_failure include/net/dst.h:419 [inline]
 ip_tunnel_xmit+0x1738/0x2d0c net/ipv4/ip_tunnel.c:824
 __gre_xmit+0x5e9/0x9a0 net/ipv4/ip_gre.c:448
 erspan_xmit+0x912/0x28f0 net/ipv4/ip_gre.c:683
 __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 netdev_start_xmit include/linux/netdevice.h:4538 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0x1a3/0x9b0 net/core/dev.c:3486
 sch_direct_xmit+0x372/0xd30 net/sched/sch_generic.c:313
 qdisc_restart net/sched/sch_generic.c:376 [inline]
 __qdisc_run+0x4bf/0x17e0 net/sched/sch_generic.c:384
 __dev_xmit_skb net/core/dev.c:3727 [inline]
 __dev_queue_xmit+0x163f/0x35c0 net/core/dev.c:4032
 dev_queue_xmit+0x18/0x20 net/core/dev.c:4096
 neigh_resolve_output net/core/neighbour.c:1487 [inline]
 neigh_resolve_output+0x5c4/0x990 net/core/neighbour.c:1467
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0x109a/0x25c0 net/ipv6/ip6_output.c:116
 __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x25e/0x880 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 rawv6_send_hdrinc net/ipv6/raw.c:687 [inline]
 rawv6_sendmsg+0x20f6/0x3900 net/ipv6/raw.c:944
 inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:672
 sock_write_iter+0x2cb/0x400 net/socket.c:1004
 call_write_iter include/linux/fs.h:1901 [inline]
 aio_write+0x2f2/0x540 fs/aio.c:1583
 __io_submit_one fs/aio.c:1831 [inline]
 io_submit_one+0xfbd/0x2ec0 fs/aio.c:1878
 __do_sys_io_submit fs/aio.c:1937 [inline]
 __se_sys_io_submit fs/aio.c:1907 [inline]
 __x64_sys_io_submit+0x1bd/0x540 fs/aio.c:1907
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c6c9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f271e018c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007f271e0196d4 RCX: 000000000045c6c9
RDX: 0000000020356ff0 RSI: 0000000000000001 RDI: 00007f271dff8000
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000001f4 R14: 00000000004c4068 R15: 000000000076bf2c
syz-executor.5 (16809) used greatest stack depth: 19840 bytes left

Crashes (39):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kasan-gce	2020/02/15 19:51	upstream	829e6944	5d7b90f1	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kasan-gce	2019/12/27 21:08	upstream	46cf053e	be5c2c81	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/29 01:21	bpf-next	9b185fa4	0d951763	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/28 22:53	bpf-next	9b185fa4	0d951763	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/28 00:17	bpf-next	c41f9b73	ec153193	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/27 21:56	bpf-next	c41f9b73	ec153193	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/27 07:23	bpf-next	c409dc81	9072c126	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/26 23:09	bpf-next	c409dc81	9072c126	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/26 16:10	bpf-next	ff5076b1	8ca3b7d2	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/26 13:08	bpf-next	ff5076b1	8ca3b7d2	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/26 10:25	bpf-next	ff5076b1	8ca3b7d2	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/26 01:50	bpf-next	ff5076b1	30927cd7	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/25 20:40	bpf-next	a152b859	30927cd7	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/25 11:18	bpf-next	a152b859	11284182	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/25 10:42	bpf-next	a152b859	11284182	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/24 12:19	bpf-next	a152b859	96c92ad3	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 23:00	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 22:13	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 13:48	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 09:57	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 09:04	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/23 08:00	bpf-next	a5dfaa2a	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/22 21:07	bpf-next	29ae90d2	9682898d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/19 08:14	bpf-next	96586dd9	684d3606	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/19 04:09	bpf-next	96586dd9	684d3606	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/19 02:45	bpf-next	96586dd9	684d3606	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-net-kasan-gce	2020/05/18 07:02	net-next	dbfe7d74	37bccd4e	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/05/15 21:57	bpf-next	5cc5924d	d7f9fffa	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/22 14:33	bpf-next	fc496853	2e44d63e	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/19 00:56	bpf-next	2fcd8014	365fba24	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/17 01:51	bpf-next	1a323ea5	c743fcb3	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/15 05:48	bpf-next	1a323ea5	3f3c5574	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/14 01:36	bpf-next	1a323ea5	7c54686a	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/13 13:50	bpf-next	1a323ea5	17a986e5	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/12 06:44	bpf-next	1a323ea5	a8c6a3f8	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-bpf-next-kasan-gce	2020/04/07 05:47	bpf-next	1a323ea5	99a96044	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-linux-next-kasan-gce-root	2020/02/11 03:02	linux-next	ac431e2d	084454ae	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-linux-next-kasan-gce-root	2020/02/06 13:42	linux-next	a0c61bf1	c91cbc9d	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-linux-next-kasan-gce-root	2019/11/29 08:53	linux-next	419593da	76357d6f	.config	log	report	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com