bisecting cause commit starting from f2850dd5ee015bd7b77043f731632888887689c7 building syzkaller on 84f4fc8afc9aedba4b3afa4bb76c3df6c6352c07 testing commit f2850dd5ee015bd7b77043f731632888887689c7 with gcc (GCC) 8.1.0 kernel signature: 07cd35a79a5f88dbe14c968f5631432e8ed416d69dfcee903629b9dbe701cbf2 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: INFO: task hung in htable_put testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 5389838e274449a77637cb34957e89dfa28a8f3a656cecf863ffd57ef71a3e56 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 7cbab5437583dafb5bc207ba2513b5777b08357343994d3c954225a4302e21e8 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in htable_put testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 9107e7e58676598a25982cd2e09c2fb389155c8fd3e6bf1425dc64c4818353d0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 8391f7eb6e1ac7e92ed6e5fa71ffb88a292a3d91ceab3d4eb59eab5989a1273d run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: INFO: task hung in htable_put run #8: crashed: INFO: task hung in htable_put run #9: crashed: INFO: task hung in drain_all_pages testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 526d3460200ebd8e1aca74a045754149f4dee51d4d3339ac817780adaef1aee3 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: INFO: task hung in htable_put run #9: crashed: INFO: task hung in htable_put testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: c5122febfa20553d6777eb0444e6264ca2b6ea29de8d7ece992053100a8e419e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: crashed: INFO: task hung in htable_put run #6: crashed: INFO: task hung in htable_put run #7: crashed: INFO: task hung in htable_put run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: ae6aed53ea9bd643aa1fa63c44247aa79281278861e1a73080b056c5a2802440 run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: INFO: task hung in htable_put run #5: crashed: INFO: task hung in htable_put run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: INFO: task hung in drain_all_pages testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 6399986cfad76251d524aa2d251ee50464db7f46a58c40fa319c92fe9d028478 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in htable_put run #9: crashed: INFO: task hung in htable_put testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 0c2cc37695095f7d3673ca207e04a363464ecd6906f1406a279700c1dc1b8828 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: BUG: workqueue lockup run #9: crashed: BUG: workqueue lockup testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 7d2a4857f329300b4f841adf70cc440e6bff92c9515be0a343574b24a428babb run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: crashed: kernel panic: Out of memory and no killable processes... run #8: crashed: BUG: workqueue lockup run #9: crashed: BUG: workqueue lockup testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 48cdc3875d03c2175e651caa26cf4fc664f5a75402c1339ace6f060586e136ff run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: kernel panic: Out of memory and no killable processes... run #7: crashed: kernel panic: Out of memory and no killable processes... run #8: crashed: BUG: workqueue lockup run #9: crashed: INFO: task hung in corrupted testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 7b8cdd3d74f8c3938a886454af584e41bd0c639899108e0bffb60ffa3062bd3e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: INFO: task hung in corrupted run #9: crashed: INFO: task hung in corrupted testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 0fe8ef492f7cdaed66f877f3a02d93722dd80d0456e262237d77edd93e30b29b run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: BUG: workqueue lockup run #9: crashed: BUG: workqueue lockup testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 4457529a981ec941710e9533c303712d537baa04b97298da3ea41f1efe7fdb1b run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: OK testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: ab94eed99b8bca785168ddbb58fe0f4d48f0c387ed13219ca18539ba6fe0b0f8 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: ca4c0a21c22edeb48157eeb523734eb97e9c1f8fe424e161e45484b67795fd6a all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 291e7f67b8603929dfa32cb2615ffe651eaaf259aaeeca2b6d01ffb9ed2e08c0 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: OK run #9: crashed: INFO: task hung in synchronize_rcu testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 2af0ee1b5e4d365b579251a6d5e6761e0e45a4fd8f948f6877d962fe630fdc64 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: OK run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: OK run #6: OK run #7: OK run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: INFO: task hung in synchronize_rcu testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: 2ea3680ac1df72ff484d4f6bcc571e33d18e3d92c54fe6502b2b76ea9cece650 all runs: OK # git bisect start 69973b830859bc6529a7a0468ba0d80ee5117826 c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 Bisecting: 8695 revisions left to test after this (roughly 13 steps) [a5af7e1fc69a46f29b977fd4b570e0ac414c2338] rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs testing commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 with gcc (GCC) 5.5.0 kernel signature: f24cbb5fd6b57f7b2cac62ec8e7c7479085a316a08dcb66a053bad1671bf1cb1 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad a5af7e1fc69a46f29b977fd4b570e0ac414c2338 Bisecting: 4346 revisions left to test after this (roughly 12 steps) [d268dbe76a53d72cc41316eb59e7968db60e77ad] Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d268dbe76a53d72cc41316eb59e7968db60e77ad with gcc (GCC) 5.5.0 kernel signature: dd97820f74c31bc6889c18a5d499fa8972cea39de00fd92530b418136686e8cf run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d268dbe76a53d72cc41316eb59e7968db60e77ad Bisecting: 2170 revisions left to test after this (roughly 11 steps) [02bafd96f3a5d8e610b19033ffec55b92459aaae] Merge tag 'docs-4.9' of git://git.lwn.net/linux testing commit 02bafd96f3a5d8e610b19033ffec55b92459aaae with gcc (GCC) 5.5.0 kernel signature: bd8cd573df2667e496d70318e3f8f641dc66b6189ef7655041922dd189fdebf4 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect good 02bafd96f3a5d8e610b19033ffec55b92459aaae Bisecting: 1051 revisions left to test after this (roughly 10 steps) [e812bd905a5cf00fea95da9df4889dad63d4a36a] Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit e812bd905a5cf00fea95da9df4889dad63d4a36a with gcc (GCC) 5.5.0 kernel signature: e4a736d21713aacded7fbffeb50d2d679fae9cdcb8a6dc0429829beb69ad0c13 all runs: OK # git bisect good e812bd905a5cf00fea95da9df4889dad63d4a36a Bisecting: 525 revisions left to test after this (roughly 9 steps) [7a823471ad42cba6c3b658494d8437ca5c166292] igb: fix non static symbol warning testing commit 7a823471ad42cba6c3b658494d8437ca5c166292 with gcc (GCC) 5.5.0 kernel signature: d260522eb28743058453b8d8db309b8fc3bf73bfa83298aa5de02940bc88dd8c run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: OK run #8: OK run #9: OK # git bisect bad 7a823471ad42cba6c3b658494d8437ca5c166292 Bisecting: 262 revisions left to test after this (roughly 8 steps) [1fbafcb84747d0784fe928bedc4189f47d18ad8f] Merge branch 'vlan_act_modify' testing commit 1fbafcb84747d0784fe928bedc4189f47d18ad8f with gcc (GCC) 5.5.0 kernel signature: fbc38ba4cf70292a74c98f577881084926769765bc40ade3ac7ba2a0ae202ba5 all runs: OK # git bisect good 1fbafcb84747d0784fe928bedc4189f47d18ad8f Bisecting: 137 revisions left to test after this (roughly 7 steps) [3eb193e0b2ed447ac1d3dcc597cb9018c9f84611] Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 3eb193e0b2ed447ac1d3dcc597cb9018c9f84611 with gcc (GCC) 5.5.0 kernel signature: 6f563985ea2067ee37ac4968061610f84dfe1f439acd56c4d91ca033cba0ec5c all runs: OK # git bisect good 3eb193e0b2ed447ac1d3dcc597cb9018c9f84611 Bisecting: 84 revisions left to test after this (roughly 6 steps) [8cb2a7d5667ab9a9c2fdd356357b85b63b320901] netfilter: nf_log: get rid of XT_LOG_* macros testing commit 8cb2a7d5667ab9a9c2fdd356357b85b63b320901 with gcc (GCC) 5.5.0 kernel signature: 102e9adbde69873672bd76cfeb63f28a5f3294b9d0c630f37b484d5c4ec86a7a run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 8cb2a7d5667ab9a9c2fdd356357b85b63b320901 Bisecting: 26 revisions left to test after this (roughly 5 steps) [14e2dee0996f51e0ff0d868497c7e1b90f012665] netfilter: nft_hash: fix hash overflow validation testing commit 14e2dee0996f51e0ff0d868497c7e1b90f012665 with gcc (GCC) 5.5.0 kernel signature: ca5ec802b7614edcdf8c461ea6b332974b122b6db8d133fa1a26eb4f2abe3212 all runs: OK # git bisect good 14e2dee0996f51e0ff0d868497c7e1b90f012665 Bisecting: 13 revisions left to test after this (roughly 4 steps) [2c1e2703ff812ccaa42a4bc8a25803955e342b85] netfilter: call nf_hook_ingress with rcu_read_lock testing commit 2c1e2703ff812ccaa42a4bc8a25803955e342b85 with gcc (GCC) 5.5.0 kernel signature: d14fe92af8cc2de9b1bebd2c81725885c51711bc2256653d37df264602c26cd7 all runs: OK # git bisect good 2c1e2703ff812ccaa42a4bc8a25803955e342b85 Bisecting: 6 revisions left to test after this (roughly 3 steps) [7bfdde7045ad54d9fdccac70baffd094d9de73f8] netfilter: nft_ct: report error if mark and dir specified simultaneously testing commit 7bfdde7045ad54d9fdccac70baffd094d9de73f8 with gcc (GCC) 5.5.0 kernel signature: 330de4d01b8d7b2a72007cb837aa4dbab165b8e43ae570e4931dcdba8dc13b57 all runs: OK # git bisect good 7bfdde7045ad54d9fdccac70baffd094d9de73f8 Bisecting: 3 revisions left to test after this (roughly 2 steps) [58e207e4983d7acea39b7fbec9343d8a6d218a18] netfilter: evict stale entries when user reads /proc/net/nf_conntrack testing commit 58e207e4983d7acea39b7fbec9343d8a6d218a18 with gcc (GCC) 5.5.0 kernel signature: fd7d3935915e704d7bc62049d509943ef35ebf016981c4453796764d010317b0 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 58e207e4983d7acea39b7fbec9343d8a6d218a18 Bisecting: 0 revisions left to test after this (roughly 1 step) [11d5f15723c9f39d7c131d0149d024c17dbef676] netfilter: xt_hashlimit: Create revision 2 to support higher pps rates testing commit 11d5f15723c9f39d7c131d0149d024c17dbef676 with gcc (GCC) 5.5.0 kernel signature: 7f7759a265cdb208904fda7dd7d8d6fa5ef58e528b70077b63fcf887c603c529 run #0: crashed: INFO: task hung in synchronize_rcu run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: OK # git bisect bad 11d5f15723c9f39d7c131d0149d024c17dbef676 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0dc60a4546fefc6dc9f54abf60beeeb3501726fa] netfilter: xt_hashlimit: Prepare for revision 2 testing commit 0dc60a4546fefc6dc9f54abf60beeeb3501726fa with gcc (GCC) 5.5.0 kernel signature: 35f7a37b0ae635d2574a35d5989a221f6092864dec2639745b4139eb2818e05c all runs: OK # git bisect good 0dc60a4546fefc6dc9f54abf60beeeb3501726fa 11d5f15723c9f39d7c131d0149d024c17dbef676 is the first bad commit commit 11d5f15723c9f39d7c131d0149d024c17dbef676 Author: Vishwanath Pai Date: Thu Sep 22 12:43:44 2016 -0400 netfilter: xt_hashlimit: Create revision 2 to support higher pps rates Create a new revision for the hashlimit iptables extension module. Rev 2 will support higher pps of upto 1 million, Version 1 supports only 10k. To support this we have to increase the size of the variables avg and burst in hashlimit_cfg to 64-bit. Create two new structs hashlimit_cfg2 and xt_hashlimit_mtinfo2 and also create newer versions of all the functions for match, checkentry and destroy. Some of the functions like hashlimit_mt, hashlimit_mt_check etc are very similar in both rev1 and rev2 with only minor changes, so I have split those functions and moved all the common code to a *_common function. Signed-off-by: Vishwanath Pai Signed-off-by: Joshua Hunt Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/xt_hashlimit.h | 23 ++ net/netfilter/xt_hashlimit.c | 330 ++++++++++++++++++++++------ 2 files changed, 285 insertions(+), 68 deletions(-) culprit signature: 7f7759a265cdb208904fda7dd7d8d6fa5ef58e528b70077b63fcf887c603c529 parent signature: 35f7a37b0ae635d2574a35d5989a221f6092864dec2639745b4139eb2818e05c revisions tested: 34, total time: 7h39m25.340123519s (build: 2h51m9.021256178s, test: 4h44m55.741372104s) first bad commit: 11d5f15723c9f39d7c131d0149d024c17dbef676 netfilter: xt_hashlimit: Create revision 2 to support higher pps rates cc: ["johunt@akamai.com" "pablo@netfilter.org" "vpai@akamai.com"] crash: INFO: task hung in synchronize_rcu Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 331301 pages reserved 0 pages cma reserved INFO: task kworker/u4:2:48 blocked for more than 140 seconds. Not tainted 4.8.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:2 D ffff88012b267818 24896 48 2 0x00000000 Workqueue: events_unbound fsnotify_mark_destroy_workfn ffff88012b267818 ffff88011621e200 ffff88012c022f90 ffff88012c022f68 ffff88012b31e488 ffffffff00000000 ffff88012c022618 ffff88012b31ea40 ffff880123d52540 ffff88012b31e480 ffff88012b260000 ffffed002564c001 Call Trace: [] schedule+0x9a/0x1c0 kernel/sched/core.c:3405 [] schedule_timeout+0x688/0xc30 kernel/time/timer.c:1724 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common kernel/sched/completion.c:101 [inline] [] wait_for_completion+0x1f2/0x2d0 kernel/sched/completion.c:122 [] __synchronize_srcu+0x245/0x380 kernel/rcu/srcu.c:448 [] synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:492 [] fsnotify_mark_destroy_list+0xf1/0x210 fs/notify/mark.c:551 [] fsnotify_mark_destroy_workfn+0x9/0x10 fs/notify/mark.c:561 [] process_one_work+0x6a2/0x1580 kernel/workqueue.c:2096 [] worker_thread+0xd7/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 2 locks held by kworker/u4:2/48: #0: ("events_unbound"){.+.+.+}, at: [] work_static include/linux/workqueue.h:186 [inline] #0: ("events_unbound"){.+.+.+}, at: [] set_work_data kernel/workqueue.c:615 [inline] #0: ("events_unbound"){.+.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x5c3/0x1580 kernel/workqueue.c:2089 #1: ((reaper_work).work){+.+...}, at: [] process_one_work+0x5fc/0x1580 kernel/workqueue.c:2093 Sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 994 Comm: khungtaskd Not tainted 4.8.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88012936c0c0 task.stack: ffff880129b60000 RIP: 0010:[] [] arch_static_branch arch/x86/include/asm/msr.h:121 [inline] RIP: 0010:[] [] static_key_false include/linux/jump_label.h:125 [inline] RIP: 0010:[] [] native_write_msr+0x6/0x30 arch/x86/include/asm/msr.h:125 RSP: 0000:ffff880129b67c90 EFLAGS: 00000086 RAX: 0000000000000400 RBX: 0000000000000400 RCX: 0000000000000830 RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000830 RBP: ffff880129b67ca8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: fffffbfff0f11340 R13: ffffffff8788ca20 R14: 0000000000080000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045998a CR3: 000000010d525000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff81264b2f ffff880129b67ca8 0000000000000007 ffff880129b67d10 ffffffff81264cea ffffffff86b4abd3 ffffffff00000010 0000000000000286 0000000229b67d00 0000000000000000 0000000000000000 ffffffff86ead980 Call Trace: [] __x2apic_send_IPI_mask+0x19a/0x2d0 arch/x86/kernel/apic/x2apic_phys.c:62 [] x2apic_send_IPI_mask+0xe/0x10 arch/x86/kernel/apic/x2apic_cluster.c:87 [] nmi_raise_cpu_backtrace+0x5b/0x70 arch/x86/kernel/apic/hw_nmi.c:32 [] nmi_trigger_all_cpu_backtrace+0x148/0x160 lib/nmi_backtrace.c:54 [] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:41 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x662/0xa00 kernel/hung_task.c:239 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: c3 0f 21 c8 5d c3 0f 21 d0 5d c3 0f 21 d8 5d c3 0f 21 f0 5d c3 0f 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 89 f9 89 f0 0f 30 <0f> 1f 44 00 00 c3 89 f0 48 89 d6 55 31 d2 48 c1 e6 20 48 89 e5 NMI backtrace for cpu 1 CPU: 1 PID: 2259 Comm: kworker/u4:4 Not tainted 4.8.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_dat_purge task: ffff880123d52540 task.stack: ffff880124230000 RIP: 0010:[] [] preempt_count arch/x86/include/asm/preempt.h:22 [inline] RIP: 0010:[] [] __local_bh_disable_ip+0xe/0x1c0 kernel/softirq.c:99 RSP: 0018:ffff880124237b88 EFLAGS: 00000282 RAX: ffff880121d4cc80 RBX: 0000000000000201 RCX: 0000000000000c78 RDX: ffff880116385880 RSI: 0000000000000201 RDI: ffffffff85c92527 RBP: ffff880124237ba0 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88010f825e88 R13: ffffffff85c92527 R14: ffff8801163864f8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000625208 CR3: 0000000104529000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88010f825e88 ffff88010f825e88 ffff88011de34c00 ffff880124237bc0 ffffffff85dcc33a ffffffff85dcc4e0 ffffffff85c90a00 ffff880124237c20 ffffffff85c92527 0000000000000286 ffffed0023c67d46 ffff88011e33ea30 Call Trace: [] __raw_spin_lock_bh include/linux/spinlock_api_smp.h:136 [inline] [] _raw_spin_lock_bh+0x1a/0x50 kernel/locking/spinlock.c:175 [] spin_lock_bh include/linux/spinlock.h:307 [inline] [] __batadv_dat_purge.isra.8+0xe7/0x2f0 net/batman-adv/distributed-arp-table.c:130 [] batadv_dat_purge+0x18/0x30 net/batman-adv/distributed-arp-table.c:161 [] process_one_work+0x6a2/0x1580 kernel/workqueue.c:2096 [] worker_thread+0xd7/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: ff ff ff e8 15 e6 3f 00 e9 41 ff ff ff e8 0b e6 3f 00 eb 87 e8 04 e6 3f 00 eb b5 66 90 55 48 89 e5 41 55 49 89 fd 41 54 53 89 f3 <65> 8b 05 1b a9 cb 7e a9 00 00 0f 00 0f 85 2b 01 00 00 48 c7 c7