INFO: task hung in rtnetlink_rcv

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	INFO: task hung in rtnetlink_rcv_msg	1				1	938d	938d	0/3	auto-obsoleted due to no activity on 2023/10/22 21:13
linux-4.19	INFO: task hung in rtnetlink_rcv_msg (2)	1				14	1480d	1659d	0/1	auto-closed as invalid on 2022/05/18 11:30
linux-4.19	INFO: task hung in rtnetlink_rcv_msg (3)	1				8	1093d	1327d	0/1	upstream: reported on 2022/06/20 23:55
linux-4.19	INFO: task hung in rtnetlink_rcv_msg	1				11	1912d	2234d	0/1	auto-closed as invalid on 2021/03/12 19:03
upstream	INFO: task hung in rtnetlink_rcv_msg (2) net	1	C	inconclusive		548	319d	527d	0/29	closed as invalid on 2025/04/18 16:40
linux-6.1	INFO: task hung in rtnetlink_rcv_msg (3) origin:upstream	1	C		error	20	26d	505d	0/3	upstream: reported C repro on 2024/09/19 14:16
linux-5.15	INFO: task hung in rtnetlink_rcv_msg (3)	1				1	295d	295d	0/3	auto-obsoleted due to no activity on 2025/07/26 04:34
upstream	INFO: task hung in rtnetlink_rcv_msg net	1	C	inconclusive	inconclusive	1970	577d	2541d	26/29	fixed on 2024/07/09 19:14
linux-4.14	INFO: task hung in rtnetlink_rcv_msg	1				1	1073d	1073d	0/1	upstream: reported on 2023/03/01 21:15
linux-5.15	INFO: task hung in rtnetlink_rcv_msg (2)	1				70	448d	739d	0/3	auto-obsoleted due to no activity on 2025/01/24 13:11
android-6-12	INFO: task hung in rtnetlink_rcv_msg (2)	1				24	1h51m	16d	0/1	premoderation: reported on 2026/01/21 16:59
linux-6.1	INFO: task hung in rtnetlink_rcv_msg (2)	1				67	577d	742d	0/3	auto-obsoleted due to no activity on 2024/09/17 07:45
linux-6.1	INFO: task hung in rtnetlink_rcv_msg	1				1	862d	862d	0/3	auto-obsoleted due to no activity on 2024/01/09 18:18
android-6-12	INFO: task hung in rtnetlink_rcv_msg	1				265	85d	230d	0/1	auto-obsoleted due to no activity on 2026/01/02 16:22
upstream	INFO: task hung in rtnetlink_rcv_msg (3) net	1				4	246d	286d	0/29	auto-obsoleted due to no activity on 2025/09/03 19:16
upstream	INFO: task hung in cangw_pernet_exit (3) can	1	syz	unreliable		290	1502d	1608d	0/29	closed as invalid on 2022/02/08 10:22

INFO: task syz.1.3529:16467 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.3529 state:D stack:25896 pid:16467 ppid:13399 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:78 [inline] rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x5ba/0x960 net/socket.c:2594 ___sys_sendmsg+0x2a6/0x360 net/socket.c:2648 __sys_sendmsg net/socket.c:2677 [inline] __do_sys_sendmsg net/socket.c:2686 [inline] __se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fa989b9aeb9 RSP: 002b:00007fa98aa33028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa989e15fa0 RCX: 00007fa989b9aeb9 RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 RBP: 00007fa989c08c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fa989e16038 R14: 00007fa989e15fa0 R15: 00007ffccf15ded8 </TASK> INFO: task syz.0.3536:16465 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.3536 state:D stack:25800 pid:16465 ppid:12628 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:78 [inline] rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x5ba/0x960 net/socket.c:2594 ___sys_sendmsg+0x2a6/0x360 net/socket.c:2648 __sys_sendmsg net/socket.c:2677 [inline] __do_sys_sendmsg net/socket.c:2686 [inline] __se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fd21d59aeb9 RSP: 002b:00007fd21e542028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fd21d815fa0 RCX: 00007fd21d59aeb9 RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000005 RBP: 00007fd21d608c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fd21d816038 R14: 00007fd21d815fa0 R15: 00007ffd04beccc8 </TASK> Showing all locks held in the system: 2 locks held by kworker/0:0/8: 1 lock held by khungtaskd/29: #0: ffffffff8d131fe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline] #0: ffffffff8d131fe0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline] #0: ffffffff8d131fe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633 2 locks held by getty/5534: #0: ffff88814c9440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217 3 locks held by kworker/u5:7/5781: #0: ffff88801a641538 ((wq_completion)hci7){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88801a641538 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc900047ffd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc900047ffd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffff88807888ce70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x380 net/bluetooth/hci_sync.c:326 2 locks held by kworker/1:4/5814: #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc900049afd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc900049afd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 2 locks held by kworker/0:4/5858: 3 locks held by kworker/1:8/5867: #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc90004b9fd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc90004b9fd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104 1 lock held by kworker/R-wg-cr/13049: #0: ffffffff8cfddba8 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x4c/0x270 kernel/workqueue.c:2137 1 lock held by kworker/R-wg-cr/13199: #0: ffffffff8cfddba8 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_detach_from_pool+0x4c/0x270 kernel/workqueue.c:2137 1 lock held by kworker/R-wg-cr/13201: #0: ffffffff8cfddba8 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x2e/0x380 kernel/workqueue.c:2103 1 lock held by kworker/R-wg-cr/13448: 1 lock held by kworker/R-wg-cr/13449: #0: ffffffff8cfddba8 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x2e/0x380 kernel/workqueue.c:2103 1 lock held by kworker/R-wg-cr/13450: #0: ffffffff8cfddba8 (wq_pool_attach_mutex){+.+.}-{3:3}, at: worker_attach_to_pool+0x2e/0x380 kernel/workqueue.c:2103 3 locks held by kworker/u4:19/15941: #0: ffff88802c7e8538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #0: ffff88802c7e8538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #1: ffffc9000353fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline] #1: ffffc9000353fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711 #2: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718 6 locks held by syz.3.3521/16440: 1 lock held by syz.1.3529/16467: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz.0.3536/16465: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16481: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz.2.3532/16487: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz.2.3532/16489: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16493: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16495: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16498: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16510: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16517: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16519: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16522: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16537: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16544: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16546: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 1 lock held by syz-executor/16554: #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: <TASK> dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xf3d/0xf80 kernel/hung_task.c:379 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 16440 Comm: syz.3.3521 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:228 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:240 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:504 [inline] RIP: 0010:cpu_online include/linux/cpumask.h:1082 [inline] RIP: 0010:trace_hrtimer_cancel include/trace/events/timer.h:297 [inline] RIP: 0010:debug_deactivate+0x66/0x1c0 kernel/time/hrtimer.c:512 Code: 07 77 58 e8 2c db 0f 00 41 89 de c1 eb 06 48 8d 3c dd a8 df 8a 8e be 08 00 00 00 e8 24 04 68 00 31 f6 4c 0f a3 35 02 a6 13 0d <0f> 92 c3 40 0f 92 c6 bf 02 00 00 00 e8 89 dd 0f 00 84 db 74 10 e8 RSP: 0018:ffffc90000006058 EFLAGS: 00000047 RAX: ffffffff81773901 RBX: 0000000000000000 RCX: ffffffff8177399c RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e8adfa8 RBP: ffffc900000061c8 R08: ffffffff8e8adfaf R09: 1ffffffff1d15bf5 R10: dffffc0000000000 R11: fffffbfff1d15bf6 R12: ffff888024af8d98 R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8e2b780 FS: 00007f1df9e1c6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3310aff8 CR3: 0000000064723000 CR4: 00000000003506f0 DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff1 DR7: 0000000000000600 Call Trace: <IRQ> __run_hrtimer kernel/time/hrtimer.c:1718 [inline] __hrtimer_run_queues+0x2cb/0xc40 kernel/time/hrtimer.c:1814 hrtimer_interrupt+0x3c9/0x9c0 kernel/time/hrtimer.c:1876 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline] __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:60 [inline] RIP: 0010:unwind_next_frame+0x1cc9/0x2970 arch/x86/kernel/unwind_orc.c:665 Code: 74 08 4c 89 ff e8 37 e9 a3 00 49 8b 07 4c 39 f3 0f 96 c1 4c 39 f0 0f 97 c2 84 d1 74 3c 49 8d 4e 08 48 39 d9 0f 96 c2 48 39 c1 <0f> 97 c0 49 39 ee 0f 97 c3 08 c3 08 d3 4c 89 f7 48 89 ee e8 bf c3 RSP: 0018:ffffc900000063f8 EFLAGS: 00000283 RAX: ffffc90000008000 RBX: ffffc90000000000 RCX: ffffc90000007180 RDX: ffff88802be0bc00 RSI: 0000000000000002 RDI: ffffc900000064d0 RBP: ffffc90000007060 R08: ffff88802be0bc00 R09: 0000000000000003 R10: 0000000000000004 R11: 0000000000000100 R12: ffffc900000064c8 R13: dffffc0000000000 R14: ffffc90000007178 R15: ffffc900000064d8 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:46 [inline] kasan_set_track+0x4e/0x70 mm/kasan/common.c:53 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237 kasan_slab_free include/linux/kasan.h:164 [inline] slab_free_hook mm/slub.c:1811 [inline] slab_free_freelist_hook+0x130/0x1a0 mm/slub.c:1837 slab_free mm/slub.c:3830 [inline] kmem_cache_free+0xf8/0x270 mm/slub.c:3852 skb_ext_del include/linux/skbuff.h:4786 [inline] nf_bridge_info_free net/bridge/br_netfilter_hooks.c:152 [inline] br_nf_dev_queue_xmit+0x492/0x1b80 net/bridge/br_netfilter_hooks.c:-1 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304 br_nf_post_routing+0xb41/0xfb0 net/bridge/br_netfilter_hooks.c:977 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:259 [inline] NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302 br_forward_finish+0xd3/0x130 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1184 [inline] br_nf_forward_finish+0xa51/0xe80 net/bridge/br_netfilter_hooks.c:684 NF_HOOK+0x66e/0x700 include/linux/netfilter.h:304 br_nf_forward_ip+0xcc1/0x1110 net/bridge/br_netfilter_hooks.c:754 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:259 [inline] NF_HOOK+0x23e/0x3e0 include/linux/netfilter.h:302 __br_forward+0x433/0x610 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:191 br_flood+0x31b/0x670 net/bridge/br_forward.c:237 br_handle_frame_finish+0x149b/0x19b0 net/bridge/br_input.c:215 br_nf_hook_thresh+0x3cd/0x4a0 net/bridge/br_netfilter_hooks.c:1184 br_nf_pre_routing_finish_ipv6+0x9dc/0xd00 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:304 [inline] br_nf_pre_routing_ipv6+0x349/0x6b0 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x96b/0x14e0 net/bridge/br_input.c:424 __netif_receive_skb_core+0xfab/0x3af0 net/core/dev.c:5545 __netif_receive_skb_one_core net/core/dev.c:5649 [inline] __netif_receive_skb+0x74/0x290 net/core/dev.c:5765 process_backlog+0x396/0x700 net/core/dev.c:6093 __napi_poll+0xc0/0x460 net/core/dev.c:6655 napi_poll net/core/dev.c:6722 [inline] net_rx_action+0x616/0xc50 net/core/dev.c:6859 handle_softirqs+0x280/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:preempt_schedule_irq+0xba/0x150 kernel/sched/core.c:7010 Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 6f bf 01 00 00 00 e8 11 fc cf f6 e8 1c 03 01 f7 fb bf 01 00 00 00 <e8> f1 b4 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f RSP: 0018:ffffc9000cea7040 EFLAGS: 00000286 RAX: 56943a73a1ec4900 RBX: 0000000000000000 RCX: 56943a73a1ec4900 RDX: dffffc0000000000 RSI: ffffffff8acac900 RDI: 0000000000000001 RBP: ffffc9000cea70e0 R08: ffffffff911bf52f R09: 1ffffffff2237ea5 R10: dffffc0000000000 R11: fffffbfff2237ea6 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920019d4e08 irqentry_exit+0x67/0x70 kernel/entry/common.c:438 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0010:put_cpu_partial+0x1b0/0x250 mm/slub.c:2742 Code: 3b 44 24 18 0f 85 b4 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 bc 6b a5 08 f7 c5 00 02 00 00 74 c0 fb 4d 85 e4 <75> bf eb c8 e8 b7 1b 47 02 85 c0 0f 84 e9 fe ff ff 83 3d 38 44 ac RSP: 0018:ffffc9000cea71a0 EFLAGS: 00000246 RAX: 56943a73a1ec4900 RBX: ffff888141e5b640 RCX: 56943a73a1ec4900 RDX: dffffc0000000000 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 RBP: 0000000000000286 R08: ffffffff911bf52f R09: 1ffffffff2237ea5 R10: dffffc0000000000 R11: fffffbfff2237ea6 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88802be0bc00 R15: ffff8880b8e44180 __slab_free+0x319/0x400 mm/slub.c:3700 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x75/0xd0 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:306 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook+0x6e/0x4b0 mm/slab.h:767 slab_alloc_node mm/slub.c:3495 [inline] __kmem_cache_alloc_node+0x13a/0x250 mm/slub.c:3534 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc+0xa4/0x230 mm/slab_common.c:1020 kmalloc include/linux/slab.h:604 [inline] kzalloc include/linux/slab.h:721 [inline] kobject_get_path+0xc3/0x2c0 lib/kobject.c:161 kobject_uevent_env+0x28a/0x8b0 lib/kobject_uevent.c:544 rx_queue_add_kobject net/core/net-sysfs.c:1101 [inline] net_rx_queue_update_kobjects+0x313/0x580 net/core/net-sysfs.c:1141 register_queue_kobjects net/core/net-sysfs.c:1801 [inline] netdev_register_kobject+0x235/0x320 net/core/net-sysfs.c:2046 register_netdevice+0x12ee/0x1bb0 net/core/dev.c:10324 register_netdev+0x3b/0x50 net/core/dev.c:10456 loopback_net_init+0x75/0x150 drivers/net/loopback.c:220 ops_init+0x397/0x640 net/core/net_namespace.c:139 setup_net+0x3b6/0xa30 net/core/net_namespace.c:343 copy_net_ns+0x36d/0x5e0 net/core/net_namespace.c:520 create_new_namespaces+0x3d3/0x6f0 kernel/nsproxy.c:110 copy_namespaces+0x430/0x4a0 kernel/nsproxy.c:179 copy_process+0x1724/0x3d80 kernel/fork.c:2509 kernel_clone+0x24b/0x8a0 kernel/fork.c:2914 __do_sys_clone kernel/fork.c:3057 [inline] __se_sys_clone kernel/fork.c:3041 [inline] __x64_sys_clone+0x1b7/0x230 kernel/fork.c:3041 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f1df8f9aeb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1df9e1bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f1df9215fa0 RCX: 00007f1df8f9aeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000060000400 RBP: 00007f1df9008c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 00007f1df9216038 R14: 00007f1df9215fa0 R15: 00007ffe92e19d48 </TASK>

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/02/03 04:06	linux-6.6.y	2cf6f68313dc	d78927dd	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in rtnetlink_rcv_msg
2025/11/29 08:59	linux-6.6.y	1e89a1be4fe9	d6526ea3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan-perf	INFO: task hung in rtnetlink_rcv_msg
2025/11/02 14:58	linux-6.6.y	0a805b6ea8cd	2c50b6a9	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	INFO: task hung in rtnetlink_rcv_msg

Crashes (3):

Assets (help?)