bisecting cause commit starting from a5ed1e96cafde5ba48638f486bfca0685dc6ddc9 building syzkaller on a2cef203ff8569afc7a31d57b76778d9ef1fca04 testing commit a5ed1e96cafde5ba48638f486bfca0685dc6ddc9 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in genl_rcv_msg run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in genl_rcv_msg run #9: OK testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: OK run #9: OK testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: OK run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in genl_rcv_msg run #9: crashed: INFO: task hung in genl_rcv_msg testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: OK run #9: OK testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: OK run #8: OK run #9: OK testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start v4.17 v4.15 Bisecting: 14820 revisions left to test after this (roughly 14 steps) [830a8b1b001d3c2b4dfaa97d0eea5b9d6b03ae62] mlxsw: pci: Set mbox dma addresses to zero when not used testing commit 830a8b1b001d3c2b4dfaa97d0eea5b9d6b03ae62 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in genl_rcv_msg run #9: OK # git bisect bad 830a8b1b001d3c2b4dfaa97d0eea5b9d6b03ae62 Bisecting: 7490 revisions left to test after this (roughly 13 steps) [c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good c14376de3a1befa70d9811ca2872d47367b48767 Bisecting: 3817 revisions left to test after this (roughly 12 steps) [2246edfaf88dc368e8671b04afd54412625df60a] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 2246edfaf88dc368e8671b04afd54412625df60a with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 2246edfaf88dc368e8671b04afd54412625df60a Bisecting: 1897 revisions left to test after this (roughly 11 steps) [9ca2c16f3b4311affcc80c2d0516b2b09709b7d9] Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9ca2c16f3b4311affcc80c2d0516b2b09709b7d9 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: OK run #8: OK run #9: OK # git bisect skip 9ca2c16f3b4311affcc80c2d0516b2b09709b7d9 Bisecting: 1897 revisions left to test after this (roughly 11 steps) [a823fed03b5d940e4d57271222a0b959fc2ab201] tcp: remove the hardcode in the definition of TCPF Macro testing commit a823fed03b5d940e4d57271222a0b959fc2ab201 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good a823fed03b5d940e4d57271222a0b959fc2ab201 Bisecting: 749 revisions left to test after this (roughly 10 steps) [547046141f44dba075207fd343e3e032e129c9ac] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 547046141f44dba075207fd343e3e032e129c9ac with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 547046141f44dba075207fd343e3e032e129c9ac Bisecting: 374 revisions left to test after this (roughly 9 steps) [77a5196a804e34ce5e215ef84d5e1de332e9c529] gre: add sequence number for collect md mode. testing commit 77a5196a804e34ce5e215ef84d5e1de332e9c529 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 77a5196a804e34ce5e215ef84d5e1de332e9c529 Bisecting: 187 revisions left to test after this (roughly 8 steps) [0f34294527ed17fd0966142d6b5e754ba97f65b5] s390/qeth: support SG for more device types testing commit 0f34294527ed17fd0966142d6b5e754ba97f65b5 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 0f34294527ed17fd0966142d6b5e754ba97f65b5 Bisecting: 93 revisions left to test after this (roughly 7 steps) [6ac6d5a7ff424354074d21a68c2018a8b6fe4fc6] i40e: track filter type statistics when deleting invalid filters testing commit 6ac6d5a7ff424354074d21a68c2018a8b6fe4fc6 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6ac6d5a7ff424354074d21a68c2018a8b6fe4fc6 Bisecting: 46 revisions left to test after this (roughly 6 steps) [e50e73e10757ac86fcb1aaa986055049e060727a] tipc: some name changes testing commit e50e73e10757ac86fcb1aaa986055049e060727a with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: OK run #5: crashed: INFO: task hung in genl_rcv_msg run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e50e73e10757ac86fcb1aaa986055049e060727a Bisecting: 23 revisions left to test after this (roughly 5 steps) [320bd6de79ef0de1ece7c184469a722de690ccb0] doc: Change the udp/sctp rmem/wmem default value. testing commit 320bd6de79ef0de1ece7c184469a722de690ccb0 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 320bd6de79ef0de1ece7c184469a722de690ccb0 Bisecting: 11 revisions left to test after this (roughly 4 steps) [53794570049d314742f156c99022914840a3d5ab] net-tcp_bbr: set tp->snd_ssthresh to BDP upon STARTUP exit testing commit 53794570049d314742f156c99022914840a3d5ab with gcc (GCC) 8.1.0 all runs: OK # git bisect good 53794570049d314742f156c99022914840a3d5ab Bisecting: 5 revisions left to test after this (roughly 3 steps) [6c77e79557acd9b3b896a8075a19ef11ed887a99] net: Convert ip_vs_ftp_ops testing commit 6c77e79557acd9b3b896a8075a19ef11ed887a99 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6c77e79557acd9b3b896a8075a19ef11ed887a99 Bisecting: 2 revisions left to test after this (roughly 2 steps) [64a52b26d5633d6efc35cdf1e0c627cc4189e55a] tipc: remove zone publication list in name table testing commit 64a52b26d5633d6efc35cdf1e0c627cc4189e55a with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in genl_rcv_msg run #9: crashed: INFO: task hung in genl_rcv_msg # git bisect bad 64a52b26d5633d6efc35cdf1e0c627cc4189e55a Bisecting: 1 revision left to test after this (roughly 1 step) [4f1aec01fcb84faf79bb6fabb82a5c850b186e03] Merge branch 'pernet-convert-part8' testing commit 4f1aec01fcb84faf79bb6fabb82a5c850b186e03 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4f1aec01fcb84faf79bb6fabb82a5c850b186e03 Bisecting: 0 revisions left to test after this (roughly 0 steps) [928df1880e24bcd47d6359ff86df24db3dfba3c3] tipc: obsolete TIPC_ZONE_SCOPE testing commit 928df1880e24bcd47d6359ff86df24db3dfba3c3 with gcc (GCC) 8.1.0 run #0: OK run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: crashed: INFO: task hung in genl_rcv_msg run #5: crashed: INFO: task hung in genl_rcv_msg run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 928df1880e24bcd47d6359ff86df24db3dfba3c3 928df1880e24bcd47d6359ff86df24db3dfba3c3 is the first bad commit commit 928df1880e24bcd47d6359ff86df24db3dfba3c3 Author: Jon Maloy Date: Thu Mar 15 16:48:51 2018 +0100 tipc: obsolete TIPC_ZONE_SCOPE Publications for TIPC_CLUSTER_SCOPE and TIPC_ZONE_SCOPE are in all aspects handled the same way, both on the publishing node and on the receiving nodes. Despite previous ambitions to the contrary, this is never going to change, so we take the conseqeunce of this and obsolete TIPC_ZONE_SCOPE and related macros/functions. Whenever a user is doing a bind() or a sendmsg() attempt using ZONE_SCOPE we translate this internally to CLUSTER_SCOPE, while we remain compatible with users and remote nodes still using ZONE_SCOPE. Furthermore, the non-formalized scope value 0 has always been permitted for use during lookup, with the same meaning as ZONE_SCOPE/CLUSTER_SCOPE. We now permit it even as binding scope, but for compatibility reasons we choose to not change the value of TIPC_CLUSTER_SCOPE. Acked-by: Ying Xue Signed-off-by: Jon Maloy Signed-off-by: David S. Miller :040000 040000 6f1c829c624c8b958227eb3df110a76c616c5c84 6a551d22f2007376c6a351cca67991a3cff7ffec M include :040000 040000 a0e88cb04c096122687b60a2e6ab08c9b9f63729 15ef46dd8dc55e962ca7e4d012d945b257864fdb M net revisions tested: 24, total time: 6h36m55.77323599s (build: 2h14m17.027013986s, test: 4h13m40.19374942s) first bad commit: 928df1880e24bcd47d6359ff86df24db3dfba3c3 tipc: obsolete TIPC_ZONE_SCOPE cc: ["davem@davemloft.net" "jon.maloy@ericsson.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "tipc-discussion@lists.sourceforge.net" "ying.xue@windriver.com"] crash: INFO: task hung in genl_rcv_msg INFO: task syz-executor.4:18262 blocked for more than 140 seconds. Not tainted 4.16.0-rc4+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28472 18262 6523 0x00000004 Call Trace: context_switch kernel/sched/core.c:2862 [inline] __schedule+0x7b7/0x1d80 kernel/sched/core.c:3440 schedule+0x7f/0x1b0 kernel/sched/core.c:3499 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3557 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0xa61/0x14e0 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 netlink_rcv_skb+0x145/0x390 net/netlink/af_netlink.c:2444 genl_rcv+0x23/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x44a/0x650 net/netlink/af_netlink.c:1334 netlink_sendmsg+0x73e/0xc50 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xb7/0xf0 net/socket.c:639 ___sys_sendmsg+0x649/0x950 net/socket.c:2047 __sys_sendmsg+0xc9/0x160 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0xd/0x20 net/socket.c:2088 do_syscall_64+0x1c9/0x6a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4120e1 RSP: 002b:00007f938c48a9c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f938c48aa58 RCX: 00000000004120e1 RDX: 0000000000000000 RSI: 00007f938c48aa00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f938c48aa40 R13: 00000000004cdae0 R14: 00000000004dbe60 R15: 00000000ffffffff Showing all locks held in the system: 2 locks held by khungtaskd/1003: #0: (rcu_read_lock){....}, at: [<0000000081abe8a7>] check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline] #0: (rcu_read_lock){....}, at: [<0000000081abe8a7>] watchdog+0xfc/0x8e0 kernel/hung_task.c:249 #1: (tasklist_lock){.+.+}, at: [<0000000086d01b89>] debug_show_all_locks+0x79/0x222 kernel/locking/lockdep.c:4470 2 locks held by getty/6410: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6411: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6412: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6413: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6414: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6415: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6416: #0: (&tty->ldisc_sem){++++}, at: [<000000008c8bfda5>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000ff9e6188>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by syz-executor.4/18262: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.4/18279: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.3/18273: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.3/18283: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.2/18274: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.2/18280: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.0/18276: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.1/18278: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 2 locks held by syz-executor.1/18282: #0: (cb_lock){++++}, at: [<000000001cfe121a>] genl_rcv+0x14/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cfcc16b6>] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:622 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1003 Comm: khungtaskd Not tainted 4.16.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xed/0x131 lib/dump_stack.c:53 nmi_cpu_backtrace.cold.5+0x13/0xb2 lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0xf5/0x119 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_task kernel/hung_task.c:132 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline] watchdog+0x5a8/0x8e0 kernel/hung_task.c:249 kthread+0x319/0x3e0 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 18265 Comm: syz-executor.5 Not tainted 4.16.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__lock_is_held+0x9e/0x140 kernel/locking/lockdep.c:3738 RSP: 0018:ffff880093ab6d50 EFLAGS: 00000002 RAX: 0000000000000000 RBX: ffff88008e45e938 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff88276d40 RDI: ffff88008e45e95a RBP: ffff880093ab6d90 R08: 0000000000000000 R09: ffff88009bf9ddfe R10: 0000000000000078 R11: ffff88008e45e080 R12: ffff88008e45e080 R13: ffffed0011c8bd26 R14: ffff88008e45e938 R15: 0000000000000001 FS: 00007f288b704700(0000) GS:ffff8800aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c42045be80 CR3: 000000009a716000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held_type+0x118/0x210 kernel/locking/lockdep.c:3958 lock_is_held include/linux/lockdep.h:344 [inline] genl_family_attrbuf+0x9f/0xd0 net/netlink/genetlink.c:1074 tipc_nlmsg_parse+0x26/0xd0 net/tipc/netlink.c:267 tipc_nl_publ_dump+0x760/0xccc net/tipc/socket.c:3340 __tipc_nl_compat_dumpit.isra.11+0x1a2/0x8e0 net/tipc/netlink_compat.c:192 tipc_nl_compat_publ_dump net/tipc/netlink_compat.c:919 [inline] tipc_nl_compat_sk_dump+0x656/0x970 net/tipc/netlink_compat.c:967 __tipc_nl_compat_dumpit.isra.11+0x27a/0x8e0 net/tipc/netlink_compat.c:201 tipc_nl_compat_dumpit+0x1a5/0x400 net/tipc/netlink_compat.c:265 tipc_nl_compat_handle net/tipc/netlink_compat.c:1141 [inline] tipc_nl_compat_recv+0x45d/0xa70 net/tipc/netlink_compat.c:1204 genl_family_rcv_msg+0x5a2/0x1010 net/netlink/genetlink.c:599 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x145/0x390 net/netlink/af_netlink.c:2444 genl_rcv+0x23/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x44a/0x650 net/netlink/af_netlink.c:1334 netlink_sendmsg+0x73e/0xc50 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xb7/0xf0 net/socket.c:639 ___sys_sendmsg+0x649/0x950 net/socket.c:2047 __sys_sendmsg+0xc9/0x160 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0xd/0x20 net/socket.c:2088 do_syscall_64+0x1c9/0x6a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x458209 RSP: 002b:00007f288b703c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000006 RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f288b7046d4 R13: 00000000004cbcb8 R14: 00000000004d9400 R15: 00000000ffffffff Code: 08 00 00 85 c0 7f 24 e9 85 00 00 00 41 0f b6 45 00 41 83 c7 01 84 c0 74 08 3c 03 0f 8e 8f 00 00 00 45 39 bc 24 b0 08 00 00 7e 66 <49> 63 c7 48 8b 75 d0 48 8d 04 80 49 8d 1c c6 48 89 df e8 0b f8