bisecting cause commit starting from 40e020c129cfc991e8ab4736d2665351ffd1468d building syzkaller on 6565f24da9f4eb36702339ba290213995fcc902f testing commit 40e020c129cfc991e8ab4736d2665351ffd1468d with gcc (GCC) 8.1.0 run #0: OK run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: no output from test machine testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.17 v4.16 Bisecting: 7380 revisions left to test after this (roughly 13 steps) [97b1255cb27c551d7c3c5c496d787da40772da99] mm,oom_reaper: check for MMF_OOM_SKIP before complaining testing commit 97b1255cb27c551d7c3c5c496d787da40772da99 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect bad 97b1255cb27c551d7c3c5c496d787da40772da99 Bisecting: 4372 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 all runs: OK # git bisect good bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 2394 revisions left to test after this (roughly 11 steps) [147a89bc71e7db40f011454a40add7ff2d10f8d8] Merge tag 'kconfig-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit 147a89bc71e7db40f011454a40add7ff2d10f8d8 with gcc (GCC) 8.1.0 run #0: OK run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect bad 147a89bc71e7db40f011454a40add7ff2d10f8d8 Bisecting: 988 revisions left to test after this (roughly 10 steps) [32c23b47dbd9765c6ec2542400f41f0d47a7d2c1] i40e: Properly check allowed advertisement capabilities testing commit 32c23b47dbd9765c6ec2542400f41f0d47a7d2c1 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect bad 32c23b47dbd9765c6ec2542400f41f0d47a7d2c1 Bisecting: 494 revisions left to test after this (roughly 9 steps) [937eeb3482748bb85486070e10b5fbeb6b973f63] selftests: forwarding: Create test topology for multipath routing testing commit 937eeb3482748bb85486070e10b5fbeb6b973f63 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 937eeb3482748bb85486070e10b5fbeb6b973f63 Bisecting: 247 revisions left to test after this (roughly 8 steps) [649b9826cc733fe410207d28d94984354e023b21] net: Convert xfrm_user_net_ops testing commit 649b9826cc733fe410207d28d94984354e023b21 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: KASAN: use-after-free Read in usb_gadget_state_work # git bisect good 649b9826cc733fe410207d28d94984354e023b21 Bisecting: 123 revisions left to test after this (roughly 7 steps) [9ba32046fc2d19697e1a208ce81663239e78e41f] tc-testing: updated gact tests with batch test cases testing commit 9ba32046fc2d19697e1a208ce81663239e78e41f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9ba32046fc2d19697e1a208ce81663239e78e41f Bisecting: 61 revisions left to test after this (roughly 6 steps) [1e8029515816f771b9b3751f24f19fe6df4c72ae] udp: Move the udp sysctl to namespace. testing commit 1e8029515816f771b9b3751f24f19fe6df4c72ae with gcc (GCC) 8.1.0 all runs: OK # git bisect good 1e8029515816f771b9b3751f24f19fe6df4c72ae Bisecting: 30 revisions left to test after this (roughly 5 steps) [ec9663812f32c03e36c8c2ccc83e52dd5a7486d9] hv_netvsc: add trace points testing commit ec9663812f32c03e36c8c2ccc83e52dd5a7486d9 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect bad ec9663812f32c03e36c8c2ccc83e52dd5a7486d9 Bisecting: 15 revisions left to test after this (roughly 4 steps) [8cec2f49dc413d6328067d22862b0bdd0f4305ec] net: Convert mpls_net_ops testing commit 8cec2f49dc413d6328067d22862b0bdd0f4305ec with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8cec2f49dc413d6328067d22862b0bdd0f4305ec Bisecting: 7 revisions left to test after this (roughly 3 steps) [ba765ec63786583e210b55073a908a9d7ea284fa] tipc: remove zone_list member in struct publication testing commit ba765ec63786583e210b55073a908a9d7ea284fa with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect bad ba765ec63786583e210b55073a908a9d7ea284fa Bisecting: 3 revisions left to test after this (roughly 2 steps) [6c77e79557acd9b3b896a8075a19ef11ed887a99] net: Convert ip_vs_ftp_ops testing commit 6c77e79557acd9b3b896a8075a19ef11ed887a99 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6c77e79557acd9b3b896a8075a19ef11ed887a99 Bisecting: 1 revision left to test after this (roughly 1 step) [928df1880e24bcd47d6359ff86df24db3dfba3c3] tipc: obsolete TIPC_ZONE_SCOPE testing commit 928df1880e24bcd47d6359ff86df24db3dfba3c3 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect bad 928df1880e24bcd47d6359ff86df24db3dfba3c3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4f1aec01fcb84faf79bb6fabb82a5c850b186e03] Merge branch 'pernet-convert-part8' testing commit 4f1aec01fcb84faf79bb6fabb82a5c850b186e03 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4f1aec01fcb84faf79bb6fabb82a5c850b186e03 928df1880e24bcd47d6359ff86df24db3dfba3c3 is the first bad commit commit 928df1880e24bcd47d6359ff86df24db3dfba3c3 Author: Jon Maloy Date: Thu Mar 15 16:48:51 2018 +0100 tipc: obsolete TIPC_ZONE_SCOPE Publications for TIPC_CLUSTER_SCOPE and TIPC_ZONE_SCOPE are in all aspects handled the same way, both on the publishing node and on the receiving nodes. Despite previous ambitions to the contrary, this is never going to change, so we take the conseqeunce of this and obsolete TIPC_ZONE_SCOPE and related macros/functions. Whenever a user is doing a bind() or a sendmsg() attempt using ZONE_SCOPE we translate this internally to CLUSTER_SCOPE, while we remain compatible with users and remote nodes still using ZONE_SCOPE. Furthermore, the non-formalized scope value 0 has always been permitted for use during lookup, with the same meaning as ZONE_SCOPE/CLUSTER_SCOPE. We now permit it even as binding scope, but for compatibility reasons we choose to not change the value of TIPC_CLUSTER_SCOPE. Acked-by: Ying Xue Signed-off-by: Jon Maloy Signed-off-by: David S. Miller include/uapi/linux/tipc.h | 102 ++++++++++++++++++++++++---------------------- net/tipc/addr.c | 31 -------------- net/tipc/addr.h | 10 +++++ net/tipc/msg.c | 2 +- net/tipc/name_table.c | 3 +- net/tipc/net.c | 2 +- net/tipc/socket.c | 15 ++++--- 7 files changed, 77 insertions(+), 88 deletions(-) revisions tested: 19, total time: 3h54m20.429131211s (build: 1h27m17.916550477s, test: 2h23m8.714753484s) first bad commit: 928df1880e24bcd47d6359ff86df24db3dfba3c3 tipc: obsolete TIPC_ZONE_SCOPE cc: ["davem@davemloft.net" "jon.maloy@ericsson.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "tipc-discussion@lists.sourceforge.net" "ying.xue@windriver.com"] crash: INFO: task hung in ctrl_getfamily IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 INFO: task syz-executor3:7105 blocked for more than 140 seconds. Not tainted 4.16.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D22488 7105 5553 0x00000004 Call Trace: context_switch kernel/sched/core.c:2862 [inline] __schedule+0x85b/0x2000 kernel/sched/core.c:3440 schedule+0xfe/0x460 kernel/sched/core.c:3499 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3557 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0xdcb/0x1a00 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 genl_lock net/netlink/genetlink.c:33 [inline] ctrl_getfamily+0x2c0/0x400 net/netlink/genetlink.c:871 genl_family_rcv_msg+0x6d4/0x1480 net/netlink/genetlink.c:599 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x145/0x380 net/netlink/af_netlink.c:2444 genl_rcv+0x23/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x463/0x680 net/netlink/af_netlink.c:1334 netlink_sendmsg+0x8eb/0xeb0 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xb7/0xf0 net/socket.c:639 ___sys_sendmsg+0x68f/0x9c0 net/socket.c:2047 __sys_sendmsg+0xde/0x240 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0xd/0x20 net/socket.c:2088 do_syscall_64+0x276/0x980 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4108c0 RSP: 002b:00007ff45e6c29c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004108c0 RDX: 0000000000000000 RSI: 00007ff45e6c2a20 RDI: 0000000000000006 RBP: 00007ff45e6c2a20 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00000000004b3780 R14: 00000000006ec9f0 R15: 00000000ffffffff Showing all locks held in the system: 2 locks held by khungtaskd/995: #0: (rcu_read_lock){....}, at: [<0000000045151767>] check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline] #0: (rcu_read_lock){....}, at: [<0000000045151767>] watchdog+0x1a5/0xba0 kernel/hung_task.c:249 #1: (tasklist_lock){.+.+}, at: [<00000000c465aed1>] debug_show_all_locks+0xe6/0x366 kernel/locking/lockdep.c:4470 2 locks held by getty/5417: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5418: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5419: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5420: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5421: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5422: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by getty/5423: #0: (&tty->ldisc_sem){++++}, at: [<00000000ad6bfb65>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000466fe64e>] n_tty_read+0x2fd/0x1b20 drivers/tty/n_tty.c:2131 2 locks held by syz-executor3/7105: #0: (cb_lock){++++}, at: [<000000007c057a44>] ctrl_getfamily+0x2b2/0x400 net/netlink/genetlink.c:870 #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] ctrl_getfamily+0x2c0/0x400 net/netlink/genetlink.c:871 2 locks held by syz-executor2/7107: #0: (cb_lock){++++}, at: [<000000007c057a44>] ctrl_getfamily+0x2b2/0x400 net/netlink/genetlink.c:870 #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] ctrl_getfamily+0x2c0/0x400 net/netlink/genetlink.c:871 2 locks held by syz-executor5/7116: #0: (cb_lock){++++}, at: [<000000007c057a44>] ctrl_getfamily+0x2b2/0x400 net/netlink/genetlink.c:870 #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000aa2cc4d2>] ctrl_getfamily+0x2c0/0x400 net/netlink/genetlink.c:871 2 locks held by syz-executor5/7135: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor5/7156: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor5/7161: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor1/7132: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor1/7147: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor1/7157: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor1/7164: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor4/7139: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor4/7152: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor4/7159: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor4/7166: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor0/7154: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor0/7158: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor0/7160: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor0/7169: #0: (cb_lock){++++}, at: [<00000000c5f18d2e>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008ba0bfe7>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 995 Comm: khungtaskd Not tainted 4.16.0-rc4+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x153/0x201 lib/dump_stack.c:53 nmi_cpu_backtrace.cold.5+0x13/0xb2 lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0xf5/0x119 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_task kernel/hung_task.c:132 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline] watchdog+0x755/0xba0 kernel/hung_task.c:249 kthread+0x319/0x3e0 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 7118 Comm: syz-executor2 Not tainted 4.16.0-rc4+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 RIP: 0010:tipc_sk_lookup+0x76d/0xe00 net/tipc/socket.c:2688 RSP: 0018:ffff88005c866940 EFLAGS: 00000286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffed000b90cd36 RSI: 0000000000000003 RDI: ffffed000b90cd6e RBP: ffff88005c866bb8 R08: 0000000000000000 R09: ffffffff870252f3 R10: 0000000000000078 R11: ffffed000b90cd5a R12: 0000000000000000 R13: dffffc0000000000 R14: 1ffff1000b90cd42 R15: ffffed000b90cd5a FS: 00007f354fee1700(0000) GS:ffff88006c800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd6484c5db8 CR3: 000000006a79f000 CR4: 00000000007406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: tipc_nl_publ_dump+0x1e8/0xe4b net/tipc/socket.c:3362 __tipc_nl_compat_dumpit.isra.11+0x1e0/0xaa0 net/tipc/netlink_compat.c:192 tipc_nl_compat_publ_dump net/tipc/netlink_compat.c:919 [inline] tipc_nl_compat_sk_dump+0x7ff/0xc00 net/tipc/netlink_compat.c:967 __tipc_nl_compat_dumpit.isra.11+0x2ce/0xaa0 net/tipc/netlink_compat.c:201 tipc_nl_compat_dumpit+0x1a5/0x400 net/tipc/netlink_compat.c:265 tipc_nl_compat_handle net/tipc/netlink_compat.c:1141 [inline] tipc_nl_compat_recv+0x670/0x1710 net/tipc/netlink_compat.c:1204 genl_family_rcv_msg+0x6d4/0x1480 net/netlink/genetlink.c:599 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x145/0x380 net/netlink/af_netlink.c:2444 genl_rcv+0x23/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x463/0x680 net/netlink/af_netlink.c:1334 netlink_sendmsg+0x8eb/0xeb0 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xb7/0xf0 net/socket.c:639 ___sys_sendmsg+0x68f/0x9c0 net/socket.c:2047 __sys_sendmsg+0xde/0x240 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0xd/0x20 net/socket.c:2088 do_syscall_64+0x276/0x980 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4570d9 RSP: 002b:00007f354fee0c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bfa0 RCX: 00000000004570d9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f354fee16d4 R13: 00000000004ab484 R14: 00000000006ea0f8 R15: 00000000ffffffff Code: 00 48 c7 c7 80 f4 98 88 e8 91 21 54 fa 31 c0 b9 07 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 03 95 d0 fd ff ff 48 89 d7 f3 48 ab <48> 89 d8 48 8b 5d d0 65 48 33 1c 25 28 00 00 00 0f 85 d3 05 00