syzbot

 sign-in | mailing list | source | docs
🐞 Open [1433]
Subsystems
🐞 Fixed [6920]
🐞 Invalid [18009]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: task hung in nf_tables_valid_genid (2)

Status: auto-obsoleted due to no activity on 2026/01/12 05:11
Subsystems: netfilter
[Documentation on labels]
First crash: 123d, last: 123d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in nf_tables_valid_genid netfilter 1 1 510d 510d 0/29 auto-obsoleted due to no activity on 2024/12/20 12:34

Sample crash report:
INFO: task syz.6.833:8808 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.833       state:D stack:28264 pid:8808  tgid:8797  ppid:6708   task_flags:0x400140 flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7026
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
 nf_tables_valid_genid+0x35/0x140 net/netfilter/nf_tables_api.c:11499
 nfnetlink_rcv_batch+0x3ee/0x2350 net/netfilter/nfnetlink.c:423
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:649 [inline]
 nfnetlink_rcv+0x3c1/0x430 net/netfilter/nfnetlink.c:667
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c8/0xdd0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xa98/0xc70 net/socket.c:2630
 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2684
 __sys_sendmsg+0x16d/0x220 net/socket.c:2716
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f800558eec9
RSP: 002b:00007f80063ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f80057e6180 RCX: 00007f800558eec9
RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 000000000000000a
RBP: 00007f8005611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f80057e6218 R14: 00007f80057e6180 R15: 00007fff8dae8628
 </TASK>

Showing all locks held in the system:
1 lock held by kthreadd/2:
2 locks held by kworker/0:0/9:
4 locks held by kworker/u8:0/12:
4 locks held by kworker/u8:1/13:
2 locks held by kworker/1:0/24:
1 lock held by khungtaskd/31:
 #0: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:2/36:
3 locks held by kworker/u8:3/50:
 #0: ffff88813ff69948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
 #1: ffffc90000bb7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
 #2: ffffffff900fb388 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
4 locks held by kworker/u8:4/67:
 #0: ffff888022342148 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
 #1: ffffc9000215fd00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
 #2: ffff88805a2c5308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x610 drivers/net/wireguard/noise.c:529
 #3: ffff8880290ba0f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x610 drivers/net/wireguard/noise.c:530
3 locks held by kworker/u8:5/1010:
2 locks held by kworker/1:2/1205:
3 locks held by kworker/1:3/1213:
3 locks held by kworker/u8:6/2968:
3 locks held by kworker/u8:7/3025:
3 locks held by kworker/R-ipv6_/3181:
 #0: ffff88814c38c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
 #1: ffffc9000c62fc98 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
 #2: ffffffff900fb388 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff900fb388 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734
4 locks held by kworker/R-bat_e/3406:
2 locks held by klogd/5172:
1 lock held by udevd/5183:
2 locks held by getty/5571:
 #0: ffff88803662c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
2 locks held by syz-executor/5796:
1 lock held by syz-executor/5813:
4 locks held by kworker/0:3/5818:
3 locks held by kworker/0:4/5878:
4 locks held by kworker/0:6/5916:
3 locks held by kworker/1:6/5918:
 #0: ffff88813ff51948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
 #1: ffffc90004747d00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
 #2: ffffffff900fb388 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by kworker/u8:8/6595:
3 locks held by kworker/u8:9/6707:
3 locks held by syz-executor/6708:
2 locks held by syz-executor/6740:
3 locks held by kworker/u8:10/7145:
3 locks held by kworker/u8:11/7146:
7 locks held by syz.4.829/8784:
2 locks held by syz.4.829/8793:
1 lock held by syz.5.832/8791:
 #0: ffffffff8e3cf9f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343
2 locks held by syz.6.833/8802:
2 locks held by syz.6.833/8808:
 #0: ffffffff9afbbcb8 (nfnl_subsys_nftables){+.+.}-{4:4}, at: nfnl_lock net/netfilter/nfnetlink.c:98 [inline]
 #0: ffffffff9afbbcb8 (nfnl_subsys_nftables){+.+.}-{4:4}, at: nfnetlink_rcv_batch+0x289/0x2350 net/netfilter/nfnetlink.c:394
 #1: ffff888058f9ccd8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x35/0x140 net/netfilter/nf_tables_api.c:11499
2 locks held by syz.6.833/8809:
4 locks held by kworker/u8:12/8810:
4 locks held by kworker/u8:13/8811:
4 locks held by kworker/u8:14/8812:
4 locks held by kworker/u8:15/8813:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
 watchdog+0xf3f/0x1170 kernel/hung_task.c:495
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3406 Comm: kworker/R-bat_e Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: bat_events batadv_dat_purge
RIP: 0010:check_preemption_disabled+0x8/0xe0 lib/smp_processor_id.c:14
Code: 3e 08 85 c0 74 04 90 0f 0b 90 e9 53 fc ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 <65> 8b 1d f5 45 3e 08 65 8b 05 ea 45 3e 08 a9 ff ff ff 7f 74 0f 48
RSP: 0018:ffffc90000a081c0 EFLAGS: 00000286
RAX: 0000000000000001 RBX: ffffffff8e3c4460 RCX: ffffc90000a09001
RDX: 0000000000000000 RSI: ffffffff8bf1e240 RDI: ffffffff8bf1e280
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000083b96 R12: ffffffff816c4914
R13: ffffc90000a082b8 R14: ffffc90000a08d20 R15: ffffc90000a082ec
FS:  0000000000000000(0000) GS:ffff888124ad9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4169400000 CR3: 000000000e182000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
 rcu_is_watching+0x12/0xc0 kernel/rcu/tree.c:751
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x201/0x2f0 kernel/locking/lockdep.c:5879
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:897 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0x3f9/0x20a0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 unpoison_slab_object mm/kasan/common.c:342 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:368
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4955 [inline]
 slab_alloc_node mm/slub.c:5265 [inline]
 kmem_cache_alloc_noprof+0x250/0x6e0 mm/slub.c:5272
 __skb_ext_alloc+0x1a/0x80 net/core/skbuff.c:6982
 skb_ext_add+0x232/0x7a0 net/core/skbuff.c:7086
 nf_bridge_alloc include/net/netfilter/br_netfilter.h:12 [inline]
 br_nf_pre_routing_ipv6+0xca/0x8c0 net/bridge/br_netfilter_ipv6.c:172
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xad8/0x14b0 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0xa25/0x4bd0 net/core/dev.c:5966
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6077
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6192
 process_backlog+0x439/0x15e0 net/core/dev.c:6544
 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x97f/0xef0 net/core/dev.c:7784
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __batadv_dat_purge.part.0+0x279/0x3a0 net/batman-adv/distributed-arp-table.c:185
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:166 [inline]
 batadv_dat_purge+0x4b/0xa0 net/batman-adv/distributed-arp-table.c:204
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 rescuer_thread+0x620/0xea0 kernel/workqueue.c:3523
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/14 05:08 upstream 3a8660878839 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root INFO: task hung in nf_tables_valid_genid
* Struck through repros no longer work on HEAD.