syzbot

 sign-in | mailing list | source | docs
🐞 Open [972] Subsystems 🐞 Fixed [5208] 🐞 Invalid [12457] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in ip_tunnel_delete_nets

Status: closed as invalid on 2019/10/23 07:54
Subsystems: net
[Documentation on labels]
First crash: 1648d, last: 1644d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 INFO: task hung in ip_tunnel_delete_nets 1 348d 348d 0/3 auto-obsoleted due to no activity on 2023/08/23 09:02
upstream INFO: task hung in ip_tunnel_delete_nets (3) net 1 1316d 1316d 0/26 auto-closed as invalid on 2020/12/07 06:22
linux-4.19 INFO: task hung in ip_tunnel_delete_nets 1 868d 868d 0/1 auto-closed as invalid on 2022/03/29 13:03
upstream INFO: task hung in ip_tunnel_delete_nets (2) net 2 1428d 1440d 0/26 auto-closed as invalid on 2020/08/16 16:51
upstream INFO: task hung in ip_tunnel_delete_nets (4) net 2 657d 657d 0/26 auto-closed as invalid on 2022/09/26 14:02
linux-4.19 INFO: task hung in ip_tunnel_delete_nets (2) 1 483d 483d 0/1 auto-obsoleted due to no activity on 2023/04/18 11:45
upstream INFO: task hung in ip_tunnel_delete_nets (5) net 15 221d 527d 0/26 auto-obsoleted due to no activity on 2023/12/06 23:00

Sample crash report:
INFO: task kworker/u4:5:9381 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:5    D24432  9381      2 0x80004000
Workqueue: netns cleanup_net
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 exp_funnel_lock kernel/rcu/tree_exp.h:308 [inline]
 synchronize_rcu_expedited+0x57f/0x5f0 kernel/rcu/tree_exp.h:817
 synchronize_net+0x3b/0x60 net/core/dev.c:9319
 rollback_registered_many+0xb2c/0xfc0 net/core/dev.c:8285
 unregister_netdevice_many.part.0+0x1b/0x1f0 net/core/dev.c:9364
 unregister_netdevice_many+0x3b/0x50 net/core/dev.c:9363
 ip_tunnel_delete_nets+0x41e/0x5f0 net/ipv4/ip_tunnel.c:1113
 ipip_exit_batch_net+0x23/0x30 net/ipv4/ipip.c:661
 ops_exit_list.isra.0+0xfc/0x150 net/core/net_namespace.c:175
 cleanup_net+0x4e2/0xa60 net/core/net_namespace.c:594
 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
INFO: task syz-executor.3:1217 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28392  1217  18405 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 dev_ioctl+0x1a4/0xc60 net/core/dev_ioctl.c:488
 sock_do_ioctl+0x1b7/0x2f0 net/socket.c:1061
 sock_ioctl+0x3ed/0x780 net/socket.c:1189
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007feddb630c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 00000000200000c0 RSI: 0000000000008991 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feddb6316d4
R13: 00000000004c58aa R14: 00000000004da440 R15: 00000000ffffffff
INFO: task syz-executor.1:1338 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28880  1338   2182 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 sock_do_ioctl+0x24e/0x2f0 net/socket.c:1051
 sock_ioctl+0x3ed/0x780 net/socket.c:1189
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f885ada0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f885ada16d4
R13: 00000000004c3458 R14: 00000000004d7080 R15: 00000000ffffffff
INFO: task syz-executor.1:1349 blocked for more than 144 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28880  1349   2182 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f885ad7fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f885ad806d4
R13: 00000000004c7508 R14: 00000000004dd110 R15: 00000000ffffffff
INFO: task syz-executor.4:1342 blocked for more than 144 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D28584  1342   3592 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f86af67dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86af67e6d4
R13: 00000000004c7bd7 R14: 00000000004dd968 R15: 00000000ffffffff
INFO: task syz-executor.4:1368 blocked for more than 144 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D28584  1368   3592 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f86af63bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86af63c6d4
R13: 00000000004c7bd7 R14: 00000000004dd968 R15: 00000000ffffffff
INFO: task syz-executor.5:1347 blocked for more than 145 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D29344  1347   2287 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 sock_do_ioctl+0x24e/0x2f0 net/socket.c:1051
 sock_ioctl+0x3ed/0x780 net/socket.c:1189
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f48b4a13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48b4a146d4
R13: 00000000004c3458 R14: 00000000004d7080 R15: 00000000ffffffff
INFO: task syz-executor.5:1351 blocked for more than 145 seconds.
      Not tainted 5.4.0-rc2+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D27160  1351   2287 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 sock_do_ioctl+0x24e/0x2f0 net/socket.c:1051
 sock_ioctl+0x3ed/0x780 net/socket.c:1189
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a59
Code: Bad RIP value.
RSP: 002b:00007f48b49f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48b49f36d4
R13: 00000000004c3458 R14: 00000000004d7080 R15: 00000000ffffffff

Showing all locks held in the system:
1 lock held by khungtaskd/1064:
 #0: ffffffff88faae00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5337
1 lock held by rsyslogd/9182:
 #0: ffff8880a88b9360 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801
2 locks held by getty/9304:
 #0: ffff88807bf93090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f712e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9305:
 #0: ffff8880a7c56090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f612e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9306:
 #0: ffff8880a7a97090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f592e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9307:
 #0: ffff8880a1186090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f5d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9308:
 #0: ffff8880a8ae4090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f6d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9309:
 #0: ffff8880998ee090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f752e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/9310:
 #0: ffff888099c22090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f452e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
4 locks held by kworker/u4:5/9381:
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: set_work_data kernel/workqueue.c:620 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:647 [inline]
 #0: ffff8880a9a1ed28 ((wq_completion)netns){+.+.}, at: process_one_work+0x88b/0x1740 kernel/workqueue.c:2240
 #1: ffff88806a60fdc0 (net_cleanup_work){+.+.}, at: process_one_work+0x8c1/0x1740 kernel/workqueue.c:2244
 #2: ffffffff8998ae88 (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0xa60 net/core/net_namespace.c:556
 #3: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
3 locks held by kworker/0:11/804:
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: set_work_data kernel/workqueue.c:620 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:647 [inline]
 #0: ffff88809c339528 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 kernel/workqueue.c:2240
 #1: ffff888075fe7dc0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 kernel/workqueue.c:2244
 #2: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by syz-executor.3/1217:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by syz-executor.1/1338:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by syz-executor.1/1349:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
1 lock held by syz-executor.4/1342:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
1 lock held by syz-executor.4/1368:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
1 lock held by syz-executor.5/1347:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by syz-executor.5/1351:
 #0: ffffffff899980e0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1064 Comm: khungtaskd Not tainted 5.4.0-rc2+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0x9d0/0xef0 kernel/hung_task.c:289
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 20178 Comm: kworker/u4:10 Not tainted 5.4.0-rc2+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:kasan_mem_to_shadow include/linux/kasan.h:28 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:136 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:166 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/generic.c:182 [inline]
RIP: 0010:check_memory_region+0x3a/0x1a0 mm/kasan/generic.c:192
Code: 7f ff ff 55 0f b6 d2 48 39 c7 48 89 e5 41 55 41 54 53 0f 86 07 01 00 00 4c 8d 5c 37 ff 49 89 f8 48 b8 00 00 00 00 00 fc ff df <4d> 89 da 49 c1 e8 03 4d 8d 24 00 49 c1 ea 03 49 01 c2 4c 89 e0 49
RSP: 0018:ffff8880724d7a88 EFLAGS: 00000016
RAX: dffffc0000000000 RBX: 00000000000005a5 RCX: ffffffff8159025c
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8a770a10
RBP: ffff8880724d7aa0 R08: ffffffff8a770a10 R09: fffffbfff14ee12d
R10: ffff888073a90ee8 R11: ffffffff8a770a17 R12: 00000000ef5f26e2
R13: ffffffff89c5eb30 R14: ffff888073a90ec0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 00000000a16ff000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __kasan_check_read+0x11/0x20 mm/kasan/common.c:92
 test_bit include/asm-generic/bitops-instrumented.h:237 [inline]
 hlock_class kernel/locking/lockdep.c:163 [inline]
 __lock_acquire+0x19ec/0x4a00 kernel/locking/lockdep.c:3951
 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487
 rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
 rcu_read_lock include/linux/rcupdate.h:599 [inline]
 batadv_nc_process_nc_paths.part.0+0xe4/0x3c0 net/batman-adv/network-coding.c:686
 batadv_nc_process_nc_paths net/batman-adv/network-coding.c:678 [inline]
 batadv_nc_worker+0x550/0x760 net/batman-adv/network-coding.c:727
 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/11 14:41 upstream 9e208aa06c21 1a3bad90 .config console log report ci-upstream-kasan-gce-selinux-root
2019/10/15 14:38 upstream 5bc52f64e884 b5268b89 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.