syzbot


INFO: task hung in cangw_pernet_exit (3)

Status: closed as invalid on 2022/02/08 10:22
Reported-by: syzbot+c46e2a20b7d78a4e5c6a@syzkaller.appspotmail.com
First crash: 445d, last: 333d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit c4690d5ad7f0d511e2c8d0922efc380b928eaf86
Author: Marco Elver <elver@google.com>
Date: Tue Sep 7 21:12:08 2021 +0000

  kbuild: Only default to -Werror if COMPILE_TEST

Crash: KFENCE: use-after-free in kvm_fastop_exception (log)
Repro: syz .config
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in cangw_pernet_exit 1 860d 860d 0/1 auto-closed as invalid on 2020/11/15 21:42
upstream INFO: task hung in cangw_pernet_exit 14 1204d 1701d 0/24 closed as invalid on 2019/10/23 07:27
linux-4.19 INFO: task hung in cangw_pernet_exit (2) 6 131d 366d 0/1 auto-obsoleted due to no activity on 2022/11/15 03:06
upstream INFO: task hung in cangw_pernet_exit (2) 85 607d 784d 0/24 auto-closed as invalid on 2021/06/26 13:07
upstream INFO: task can't die in cangw_pernet_exit 3 672d 713d 0/24 auto-closed as invalid on 2021/03/24 08:16
linux-4.19 INFO: task hung in rtnetlink_rcv_msg (2) 14 311d 491d 0/1 auto-closed as invalid on 2022/05/18 11:30
linux-4.19 INFO: task hung in rtnetlink_rcv_msg (3) 5 10d 158d 0/1 upstream: reported on 2022/06/20 23:55
upstream INFO: task hung in rtnetlink_rcv_msg C inconclusive inconclusive 387 4d08h 1372d 0/24 upstream: reported C repro on 2019/02/22 17:00

Sample crash report:
INFO: task syz-executor.1:8622 can't die for more than 143 seconds.
task:syz-executor.1  state:D stack:25536 pid: 8622 ppid:  6556 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:4955 [inline]
 __schedule+0x940/0x26f0 kernel/sched/core.c:6302
 schedule+0xd3/0x270 kernel/sched/core.c:6381
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6440
 __mutex_lock_common kernel/locking/mutex.c:669 [inline]
 __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
 cangw_pernet_exit+0xe/0x20 net/can/gw.c:1244
 ops_exit_list+0xb0/0x160 net/core/net_namespace.c:168
 setup_net+0x639/0xa30 net/core/net_namespace.c:349
 copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
 ksys_unshare+0x445/0x920 kernel/fork.c:3127
 __do_sys_unshare kernel/fork.c:3201 [inline]
 __se_sys_unshare kernel/fork.c:3199 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3199
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
RSP: 002b:00007fdd1cebc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe22423e0f R14: 00007fdd1cebc300 R15: 0000000000022000
INFO: task syz-executor.2:8795 can't die for more than 146 seconds.
task:syz-executor.2  state:D stack:25208 pid: 8795 ppid:  6559 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:4955 [inline]
 __schedule+0x940/0x26f0 kernel/sched/core.c:6302
 schedule+0xd3/0x270 kernel/sched/core.c:6381
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6440
 __mutex_lock_common kernel/locking/mutex.c:669 [inline]
 __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
 cangw_pernet_exit+0xe/0x20 net/can/gw.c:1244
 ops_exit_list+0xb0/0x160 net/core/net_namespace.c:168
 setup_net+0x639/0xa30 net/core/net_namespace.c:349
 copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
 ksys_unshare+0x445/0x920 kernel/fork.c:3127
 __do_sys_unshare kernel/fork.c:3201 [inline]
 __se_sys_unshare kernel/fork.c:3199 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3199
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
RSP: 002b:00007f42a74e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe2b27af6f R14: 00007f42a74e7300 R15: 0000000000022000
INFO: task syz-executor.5:8889 can't die for more than 148 seconds.
task:syz-executor.5  state:R  running task     stack:25288 pid: 8889 ppid:  6557 flags:0x00004006
Call Trace:
INFO: task syz-executor.3:8988 can't die for more than 151 seconds.
task:syz-executor.3  state:R  running task     stack:25760 pid: 8988 ppid:  6554 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:4955 [inline]
 __schedule+0x940/0x26f0 kernel/sched/core.c:6302
 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6702
 irqentry_exit+0x31/0x80 kernel/entry/common.c:427
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0000:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: d5a7ae8:0000000000000000 EFLAGS: 00000046 ORIG_RAX: 0000000000000001
RAX: dffffc0000000000 RBX: 1ffff92001ab4f58 RCX: f4d672f5b9097ca7
RDX: ffffffff8d6e3a57 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffffed1003aa4390 R08: 0000000000000001 R09: ffffffff8fcfa92f
R10: dffffc0000000000 R11: 0000000000000002 R12: ffff88801d521c80
R13: 64a21813a00bdf00 R14: ffffed1017386541 R15: 0000000000000000

Crashes (290):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2021/09/08 19:12 linux-next 999569d59a0a e2776ee4 .config log report syz INFO: task can't die in cangw_pernet_exit
ci-upstream-kasan-gce-selinux-root 2021/12/27 23:04 upstream a8ad9a2434dc 5140bd58 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce 2021/09/30 15:19 upstream 02d5e016800d be530f6c .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-smack-root 2021/09/29 21:43 upstream 02d5e016800d be530f6c .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-smack-root 2021/09/29 06:57 upstream a4e6f95a891a d82cb927 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-smack-root 2021/09/28 00:39 upstream 0513e464f900 78494d16 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce 2021/09/27 03:42 upstream 996148ee05d0 78494d16 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce 2021/09/26 00:55 upstream a5e0aceabef6 8cac236e .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-selinux-root 2021/09/23 15:23 upstream 58e2cf5d7946 8cac236e .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-root 2021/09/20 16:47 upstream e4e737bb5c17 af796c18 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-kasan-gce-386 2021/09/30 22:24 upstream 02d5e016800d 1d849ab4 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/12/03 10:41 net-next fc993be36f9e 61f86278 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 07:23 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 06:23 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 06:01 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 04:40 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 04:10 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 03:09 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 02:09 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 01:07 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/20 00:54 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 23:51 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 22:41 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 20:42 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 20:13 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 19:04 net-next cb3dc8901ba4 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 13:19 net-next cb3dc8901ba4 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 12:02 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 07:12 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 06:00 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 02:54 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/19 00:47 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 23:41 net-next f616447034a1 24dc29db .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 15:35 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 14:36 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 14:34 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 13:32 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 12:36 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 12:34 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 12:29 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 12:22 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-net-kasan-gce 2021/10/18 12:22 net-next d40dfa0cebd8 0c5d9412 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/21 00:57 linux-next 51dba6e335ff f111d03b .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 23:52 linux-next 51dba6e335ff f111d03b .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 22:54 linux-next 51dba6e335ff f111d03b .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 16:06 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 13:43 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 12:17 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 11:13 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 10:10 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 10:09 linux-next 51dba6e335ff 418a00eb .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/10/20 08:35 linux-next 51dba6e335ff 466b7db1 .config log report info INFO: task hung in cangw_pernet_exit
ci-upstream-linux-next-kasan-gce-root 2021/09/06 12:36 linux-next c1b13fe76e95 d236a457 .config log report info INFO: task hung in cangw_pernet_exit
* Struck through repros no longer work on HEAD.