syzbot

 sign-in | mailing list | source | docs
🐞 Open [1010] Subsystems 🐞 Fixed [5247] 🐞 Invalid [12544] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in sit_exit_batch_net (4)

Status: auto-obsoleted due to no activity on 2023/02/12 17:49
Subsystems: net
[Documentation on labels]
First crash: 532d, last: 525d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in sit_exit_batch_net net 2 1699d 1708d 0/26 closed as invalid on 2019/10/23 07:54
upstream INFO: task hung in sit_exit_batch_net (3) net 1 672d 672d 0/26 auto-closed as invalid on 2022/09/26 13:51
upstream INFO: task hung in sit_exit_batch_net (2) net 1 1248d 1248d 0/26 auto-closed as invalid on 2021/02/27 16:17
linux-4.19 INFO: task hung in sit_exit_batch_net 2 848d 884d 0/1 auto-closed as invalid on 2022/05/03 11:37

Sample crash report:
INFO: task kworker/u4:18:5853 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:18   state:D stack:23560 pid:5853  ppid:2      flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 sit_exit_batch_net+0x8c/0x750 net/ipv6/sit.c:1881
 ops_exit_list+0x125/0x170 net/core/net_namespace.c:174
 cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:606
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task kworker/0:7:10419 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:7     state:D stack:21992 pid:10419 ppid:2      flags:0x00004000
Workqueue: events switchdev_deferred_process_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:75
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task kworker/1:13:20738 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:13    state:D stack:23672 pid:20738 ppid:2      flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 linkwatch_event+0xf/0x70 net/core/link_watch.c:263
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task kworker/0:11:21339 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:11    state:D stack:26928 pid:21339 ppid:2      flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4624
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task kworker/1:24:21409 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:24    state:D stack:24192 pid:21409 ppid:2      flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4624
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task syz-executor.5:22088 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:26592 pid:22088 ppid:5341   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 ip_tunnel_init_net+0x2dd/0x9f0 net/ipv4/ip_tunnel.c:1072
 ops_init+0xb9/0x680 net/core/net_namespace.c:135
 setup_net+0x793/0xe60 net/core/net_namespace.c:333
 copy_net_ns+0x31b/0x6b0 net/core/net_namespace.c:483
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 copy_namespaces+0x3b3/0x4a0 kernel/nsproxy.c:179
 copy_process+0x30d3/0x75c0 kernel/fork.c:2269
 kernel_clone+0xeb/0xa40 kernel/fork.c:2681
 __do_sys_clone+0xba/0x100 kernel/fork.c:2822
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff9fb28c189
RSP: 002b:00007ff9fbf9f118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ff9fb3abf80 RCX: 00007ff9fb28c189
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000040000000
RBP: 00007ff9fb2e7b01 R08: 0000000020000280 R09: 0000000020000280
R10: 0000000020000240 R11: 0000000000000206 R12: 0000000000000000
R13: 00007ffce049cf3f R14: 00007ff9fbf9f300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.0:22099 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:27728 pid:22099 ppid:11344  flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 rtnl_lock net/core/rtnetlink.c:75 [inline]
 rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xd3/0x120 net/socket.c:734
 ____sys_sendmsg+0x334/0x8c0 net/socket.c:2476
 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530
 __sys_sendmmsg+0x1b7/0x540 net/socket.c:2616
 __do_sys_sendmmsg net/socket.c:2645 [inline]
 __se_sys_sendmmsg net/socket.c:2642 [inline]
 __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2642
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f437708c189
RSP: 002b:00007f4377e22168 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f43771ac050 RCX: 00007f437708c189
RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005
RBP: 00007f43770e7b01 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe80d9219f R14: 00007f4377e22300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.4:22091 blocked for more than 145 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28088 pid:22091 ppid:5331   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3e/0x190 drivers/net/tun.c:3460
 __fput+0x27c/0xa90 fs/file_table.c:320
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ffa95a3e00b
RSP: 002b:00007fff18b5af50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007ffa95a3e00b
RDX: 0000000000000000 RSI: 00007ffa95600000 RDI: 0000000000000005
RBP: 00007ffa95bad980 R08: 0000000000000000 R09: 00000000199f6e05
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000015deeb
R13: 00007fff18b5b050 R14: 00007ffa95bac050 R15: 0000000000000032
 </TASK>
INFO: task syz-executor.1:22101 blocked for more than 145 seconds.
      Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28240 pid:22101 ppid:11386  flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5229 [inline]
 __schedule+0xb8a/0x5450 kernel/sched/core.c:6541
 schedule+0xde/0x1b0 kernel/sched/core.c:6617
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6676
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa48/0x1360 kernel/locking/mutex.c:747
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3e/0x190 drivers/net/tun.c:3460
 __fput+0x27c/0xa90 fs/file_table.c:320
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0bdfa3e00b
RSP: 002b:00007ffd21ab1140 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f0bdfa3e00b
RDX: 0000000000000000 RSI: 00007f0bdf600000 RDI: 0000000000000005
RBP: 00007f0bdfbad980 R08: 0000000000000000 R09: 0000000026cf62dc
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000015e1a6
R13: 00007ffd21ab1240 R14: 00007f0bdfbac050 R15: 0000000000000032
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8c78fb30 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8c78f830 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
1 lock held by khungtaskd/28:
 #0: ffffffff8c790680 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 kernel/locking/lockdep.c:6494
2 locks held by getty/4975:
 #0: ffff888027f66098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc900015b52f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2177
4 locks held by kworker/u4:18/5853:
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff8880125d7938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9000a8a7da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264
 #2: ffffffff8e0cd8d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb10 net/core/net_namespace.c:568
 #3: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: sit_exit_batch_net+0x8c/0x750 net/ipv6/sit.c:1881
3 locks held by kworker/0:7/10419:
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9001625fda8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264
 #2: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:75
3 locks held by kworker/1:13/20738:
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9000f117da8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264
 #2: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xf/0x70 net/core/link_watch.c:263
3 locks held by kworker/0:11/21339:
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9000ac5fda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264
 #2: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4624
3 locks held by kworker/1:24/21409:
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff88802761b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 kernel/workqueue.c:2260
 #1: ffffc9000337fda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 kernel/workqueue.c:2264
 #2: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4624
2 locks held by syz-executor.5/22088:
 #0: ffffffff8e0cd8d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f8/0x6b0 net/core/net_namespace.c:479
 #1: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x2dd/0x9f0 net/ipv4/ip_tunnel.c:1072
1 lock held by syz-executor.0/22099:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.4/22091:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x190 drivers/net/tun.c:3460
1 lock held by syz-executor.2/22097:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.1/22101:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x190 drivers/net/tun.c:3460
1 lock held by syz-executor.3/22121:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.5/22123:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.0/22132:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.2/22133:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.4/22135:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.1/22142:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.3/22150:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.5/22155:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.4/22161:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.0/22164:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.2/22166:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.1/22168:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138
1 lock held by syz-executor.3/22171:
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:75 [inline]
 #0: ffffffff8e0e1568 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e9/0xca0 net/core/rtnetlink.c:6138

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x24/0x18a lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x333/0x3c0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xc75/0xfc0 kernel/hung_task.c:377
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6582 Comm: kworker/u4:19 Not tainted 6.1.0-rc5-next-20221116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: phy4 ieee80211_iface_work
RIP: 0010:stack_trace_consume_entry+0xbb/0x160 kernel/stacktrace.c:93
Code: 00 00 8b 43 0c 85 c0 75 53 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 8d 45 01 89 43 10 <48> 8b 03 48 8d 2c e8 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1
RSP: 0018:ffffc9000364f518 EFLAGS: 00000246
RAX: 0000000000000006 RBX: ffffc9000364f5f0 RCX: 0000000000000000
RDX: 1ffff920006c9ebe RSI: ffffffff81ce11ef RDI: ffffc9000364f5fc
RBP: 0000000000000005 R08: ffffffff8f046630 R09: ffffc9000364f56c
R10: fffff520006c9eb2 R11: ffffc9000364f908 R12: ffffc9000364f5f0
R13: 0000000000000000 R14: ffff888031633a80 R15: ffffea00008a2400
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00d1b5000 CR3: 000000001db93000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 arch_stack_walk+0x71/0xf0 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x90/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x40 mm/kasan/generic.c:518
 ____kasan_slab_free mm/kasan/common.c:241 [inline]
 ____kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:205
 kasan_slab_free include/linux/kasan.h:178 [inline]
 slab_free_hook mm/slub.c:1763 [inline]
 slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1789
 slab_free mm/slub.c:3696 [inline]
 __kmem_cache_free+0xaf/0x3b0 mm/slub.c:3709
 ieee80211_bss_info_update+0x4a2/0xaf0 net/mac80211/scan.c:223
 ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x19fc/0x3160 net/mac80211/ibss.c:1638
 ieee80211_iface_process_skb net/mac80211/iface.c:1581 [inline]
 ieee80211_iface_work+0xa4b/0xd30 net/mac80211/iface.c:1635
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/22 21:24 linux-next 15f3bff12cf6 9da37ae8 .config console log report info ci-upstream-linux-next-kasan-gce-root INFO: task hung in sit_exit_batch_net
2022/11/15 20:05 linux-next 5c92ddca1053 97de9cfc .config console log report info ci-upstream-linux-next-kasan-gce-root INFO: task hung in sit_exit_batch_net
* Struck through repros no longer work on HEAD.