INFO: task hung in ip_tunnel_init

Kernel	Title	Count	Last	Reported	Patched	Status
linux-5.15	INFO: task hung in ip_tunnel_init_net	1	6d01h	6d01h	0/3	upstream: reported on 2024/11/15 13:12
upstream	INFO: task hung in ip_tunnel_init_net (3) netfilter	41	9d11h	41d	28/28	fixed on 2024/11/12 23:31
linux-4.19	INFO: task hung in ip_tunnel_init_net	18	1036d	1075d	0/1	auto-closed as invalid on 2022/05/20 09:22
upstream	INFO: task hung in ip_tunnel_init_net net	2	1475d	1537d	0/28	auto-closed as invalid on 2021/02/05 10:58
linux-4.19	INFO: task hung in ip_tunnel_init_net (2)	1	655d	655d	0/1	upstream: reported on 2023/02/05 00:06
upstream	INFO: task hung in ip_tunnel_init_net (2) net	3	581d	705d	0/28	auto-obsoleted due to no activity on 2023/07/18 20:51
upstream	INFO: task can't die in ip_tunnel_init_net net	11	1129d	1130d	0/28	auto-closed as invalid on 2022/02/16 13:24

INFO: task syz-executor:8500 blocked for more than 146 seconds. Not tainted 6.1.97-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25000 pid:8500 ppid:1 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x142d/0x4550 kernel/sched/core.c:6558 schedule+0xbf/0x180 kernel/sched/core.c:6634 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6693 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6b9/0xd80 kernel/locking/mutex.c:747 ip_tunnel_init_net+0x20f/0x700 net/ipv4/ip_tunnel.c:1099 ops_init+0x35d/0x610 net/core/net_namespace.c:138 setup_net+0x4b5/0xb90 net/core/net_namespace.c:335 copy_net_ns+0x392/0x5d0 net/core/net_namespace.c:481 create_new_namespaces+0x425/0x7a0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x11e/0x170 kernel/nsproxy.c:226 ksys_unshare+0x580/0xb20 kernel/fork.c:3203 __do_sys_unshare kernel/fork.c:3274 [inline] __se_sys_unshare kernel/fork.c:3272 [inline] __x64_sys_unshare+0x34/0x40 kernel/fork.c:3272 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f2489577337 RSP: 002b:00007ffc03d989c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f2489703f20 RCX: 00007f2489577337 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f2489704a18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 </TASK> INFO: task syz-executor:8532 blocked for more than 146 seconds. Not tainted 6.1.97-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25000 pid:8532 ppid:1 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x142d/0x4550 kernel/sched/core.c:6558 schedule+0xbf/0x180 kernel/sched/core.c:6634 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6693 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6b9/0xd80 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:74 [inline] rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x7d8/0x970 net/netlink/af_netlink.c:1352 netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] __sys_sendto+0x480/0x600 net/socket.c:2148 __do_sys_sendto net/socket.c:2160 [inline] __se_sys_sendto net/socket.c:2156 [inline] __x64_sys_sendto+0xda/0xf0 net/socket.c:2156 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f23e1d7796c RSP: 002b:00007ffe0fb56080 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f23e2a34620 RCX: 00007f23e1d7796c RDX: 0000000000000028 RSI: 00007f23e2a34670 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffe0fb560d4 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 0000000000000000 R14: 00007f23e2a34670 R15: 0000000000000000 </TASK> INFO: task syz-executor:8533 blocked for more than 147 seconds. Not tainted 6.1.97-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:25000 pid:8533 ppid:1 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x142d/0x4550 kernel/sched/core.c:6558 schedule+0xbf/0x180 kernel/sched/core.c:6634 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6693 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6b9/0xd80 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:74 [inline] rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x7d8/0x970 net/netlink/af_netlink.c:1352 netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] __sys_sendto+0x480/0x600 net/socket.c:2148 __do_sys_sendto net/socket.c:2160 [inline] __se_sys_sendto net/socket.c:2156 [inline] __x64_sys_sendto+0xda/0xf0 net/socket.c:2156 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f653ad7796c RSP: 002b:00007ffcdea4f840 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f653ba34620 RCX: 00007f653ad7796c RDX: 0000000000000028 RSI: 00007f653ba34670 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffcdea4f894 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 0000000000000000 R14: 00007f653ba34670 R15: 0000000000000000 </TASK> Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/12: #0: ffffffff8d12aed0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:516 1 lock held by rcu_tasks_trace/13: #0: ffffffff8d12b6d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:516 1 lock held by khungtaskd/27: #0: ffffffff8d12ad00 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #0: ffffffff8d12ad00 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #0: ffffffff8d12ad00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6494 4 locks held by kworker/u4:3/51: 3 locks held by kworker/0:2/1148: #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90004df7d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:104 1 lock held by dhcpcd/3215: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: __netlink_dump_start+0x12e/0x6e0 net/netlink/af_netlink.c:2300 3 locks held by kworker/1:4/3293: #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc900036afd20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:263 2 locks held by getty/3316: #0: ffff888028312098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 drivers/tty/n_tty.c:2198 4 locks held by kworker/u5:1/3550: #0: ffff888050c7e938 ((wq_completion)hci15#3){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003d5fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff88807a3d4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 4 locks held by kworker/u5:2/3553: #0: ffff888051032938 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003d7fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff8880768e4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 3 locks held by kworker/u5:5/3561: #0: ffff88807237d938 ((wq_completion)hci10){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003e2fd20 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff88807dc1d0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1dc/0x400 net/bluetooth/hci_sync.c:308 4 locks held by kworker/u5:6/3562: #0: ffff88801569e938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc90003e4fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff88805f990078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 4 locks held by kworker/u4:10/3783: #0: ffff888012616938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc900050afd20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 net/core/net_namespace.c:566 #3: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: wg_destruct+0x21/0x2f0 drivers/net/wireguard/device.c:246 2 locks held by kworker/0:11/3989: #0: ffff888012470938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc9000b287d20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 3 locks held by kworker/1:10/4457: 3 locks held by kworker/1:15/4463: #0: ffff88814b2f3538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc900146c7d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x16b0 net/ipv6/addrconf.c:4114 3 locks held by kworker/0:16/4734: #0: ffff88814b2f3538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc9000325fd20 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 net/ipv6/addrconf.c:4655 3 locks held by syz-executor/8012: #0: ffff88805bc9d0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:552 [inline] #0: ffff88805bc9d0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1cf/0x4d0 net/bluetooth/hci_core.c:2736 #1: ffff88805bc9c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x48d/0x1020 net/bluetooth/hci_sync.c:5005 #2: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1805 [inline] #2: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 net/bluetooth/hci_conn.c:2441 2 locks held by syz-executor/8042: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3489 #1: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline] #1: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930 kernel/rcu/tree_exp.h:962 3 locks held by syz-executor/8239: #0: ffffffff8e2f8b90 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:860 #1: ffffffff8e2f8a48 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: ffffffff8e2f8a48 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 net/netlink/genetlink.c:848 #2: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: wiphy_register+0x1e34/0x2cc0 net/wireless/core.c:960 2 locks held by syz-executor/8490: #0: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 net/core/net_namespace.c:477 #1: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline] #1: ffffffff8d1302f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x930 kernel/rcu/tree_exp.h:962 3 locks held by syz-executor/8498: #0: ffff8880551e10b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:552 [inline] #0: ffff8880551e10b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1cf/0x4d0 net/bluetooth/hci_core.c:2736 #1: ffff8880551e0078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x48d/0x1020 net/bluetooth/hci_sync.c:5005 #2: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1805 [inline] #2: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x2a0 net/bluetooth/hci_conn.c:2441 2 locks held by syz-executor/8500: #0: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 net/core/net_namespace.c:477 #1: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700 net/ipv4/ip_tunnel.c:1099 2 locks held by syz-executor/8517: #0: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 net/core/net_namespace.c:477 #1: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x80/0x270 net/ipv4/nexthop.c:3605 2 locks held by syz-executor/8518: #0: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 net/core/net_namespace.c:477 #1: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x80/0x270 net/ipv4/nexthop.c:3605 1 lock held by syz-executor/8532: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8533: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8540: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 2 locks held by syz-executor/8549: #0: ffffffff8e28d810 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 net/core/net_namespace.c:477 #1: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x80/0x270 net/ipv4/nexthop.c:3605 1 lock held by syz-executor/8552: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8562: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 4 locks held by kworker/u5:3/8564: #0: ffff88802237f138 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc9000329fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff8880751bc078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 1 lock held by syz-executor/8566: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 4 locks held by kworker/u5:4/8568: #0: ffff888018b6a138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc9000337fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff88807529c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 1 lock held by syz-executor/8578: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8582: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8584: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8587: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 1 lock held by syz-executor/8589: #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8e299b68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118 4 locks held by kworker/u5:9/8592: #0: ffff888063528138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc900034efd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff8880739d8078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 4 locks held by kworker/u5:11/8594: #0: ffff888061d8f938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #1: ffffc9000359fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 kernel/workqueue.c:2267 #2: ffff88807956c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x98/0xab0 net/bluetooth/hci_event.c:3770 #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1790 [inline] #3: ffffffff8e3f0c48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x664/0xab0 net/bluetooth/hci_event.c:3803 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.97-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1b0/0x3f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0xf88/0xfd0 kernel/hung_task.c:377 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 51 Comm: kworker/u4:3 Not tainted 6.1.97-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0x7b/0x290 mm/kasan/generic.c:189 Code: 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 49 f7 d2 49 01 da 41 80 39 00 <0f> 85 c4 01 00 00 49 ff c1 49 ff c2 75 ee e9 1d 01 00 00 45 89 cf RSP: 0018:ffffc90000007c78 EFLAGS: 00000046 RAX: ffffffff8a855c01 RBX: 1ffff1100ec7fa68 RCX: ffffffff8a855c3c RDX: 0000000000000001 RSI: 0000000000000018 RDI: ffff8880763fd340 RBP: 0000000000000003 R08: dffffc0000000000 R09: ffffed100ec7fa6a R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8880b982a610 R13: ffff8880b982a610 R14: ffffed100ec7fa6b R15: ffff8880763fd340 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3eef3f6d00 CR3: 000000000ce8e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <IRQ> memset+0x1f/0x40 mm/kasan/shadow.c:44 rb_link_node include/linux/rbtree.h:63 [inline] rb_add_cached include/linux/rbtree.h:182 [inline] timerqueue_add+0x1fc/0x280 lib/timerqueue.c:40 enqueue_hrtimer+0x1bd/0x410 kernel/time/hrtimer.c:1092 __run_hrtimer kernel/time/hrtimer.c:1703 [inline] __hrtimer_run_queues+0x728/0xe50 kernel/time/hrtimer.c:1750 hrtimer_interrupt+0x392/0x980 kernel/time/hrtimer.c:1812 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline] __sysvec_apic_timer_interrupt+0x156/0x580 arch/x86/kernel/apic/apic.c:1112 sysvec_apic_timer_interrupt+0x8c/0xb0 arch/x86/kernel/apic/apic.c:1106 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:653 RIP: 0010:lock_acquire+0x26f/0x5a0 kernel/locking/lockdep.c:5666 Code: 2b 00 74 08 4c 89 f7 e8 1f ae 77 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 RSP: 0018:ffffc90000bc7900 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff92000178f2c RCX: 1ffff92000178ecc RDX: dffffc0000000000 RSI: ffffffff8aec13c0 RDI: ffffffff8b3d4760 RBP: ffffc90000bc7a48 R08: dffffc0000000000 R09: fffffbfff2093845 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000178f28 R13: dffffc0000000000 R14: ffffc90000bc7960 R15: 0000000000000246 rcu_lock_acquire include/linux/rcupdate.h:350 [inline] rcu_read_lock include/linux/rcupdate.h:791 [inline] batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:755 [inline] batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:826 [inline] batadv_iv_ogm_schedule+0x43b/0x1090 net/batman-adv/bat_iv_ogm.c:869 batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800 net/batman-adv/bat_iv_ogm.c:1713 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK>

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/07/10 03:41	linux-6.1.y	7753af06eebf	bc144f9a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in ip_tunnel_init_net
2024/06/04 20:14	linux-6.1.y	88690811da69	11f2afa5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in ip_tunnel_init_net

Crashes (2):

Assets (help?)