bisecting cause commit starting from 7cc2a8ea104820dd9e702202621e8fd4d9f6c8cf building syzkaller on 510951950dc0ee69cfdaf746061d3dbe31b49fd8 testing commit 7cc2a8ea104820dd9e702202621e8fd4d9f6c8cf with gcc (GCC) 8.1.0 kernel signature: 61bc21f4a92828c264cce902df8074a54eea6c21a648e2730c9990316d982830 all runs: crashed: INFO: rcu detected stall in tipc_release testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 4fe527537dd20354833370e9150c5b9a6c8ab386f81bb32de8c19989cb07d451 all runs: OK # git bisect start 7cc2a8ea104820dd9e702202621e8fd4d9f6c8cf 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 Bisecting: 8086 revisions left to test after this (roughly 13 steps) [a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1] Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux testing commit a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1 with gcc (GCC) 8.1.0 kernel signature: 067d33d6fbaab65d77194bb20efd9b2161ea18a57a88853f2f161ce002af39f8 all runs: OK # git bisect good a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1 Bisecting: 3890 revisions left to test after this (roughly 12 steps) [80ef846e9909f22ccdc2a4a6d931266cecce8b2c] Merge tag 'staging-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 80ef846e9909f22ccdc2a4a6d931266cecce8b2c with gcc (GCC) 8.1.0 kernel signature: 7cbbf94ee33c7b3f1ce5ff9a27015638a7e4d61a24776ecb7f1e69a9e41a1a5c all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 80ef846e9909f22ccdc2a4a6d931266cecce8b2c Bisecting: 3890 revisions left to test after this (roughly 12 steps) [98a23609b10364a51a1bb3688f8dd1cd1aa94a9a] maccess: always use strict semantics for probe_kernel_read testing commit 98a23609b10364a51a1bb3688f8dd1cd1aa94a9a with gcc (GCC) 8.1.0 kernel signature: 63529bf61a39c73c46a06b55d309f15f00d30b2b7d4b1d43c4b6ef16824b5571 all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 98a23609b10364a51a1bb3688f8dd1cd1aa94a9a Bisecting: 3890 revisions left to test after this (roughly 12 steps) [4a9b984fe425cc48f24a4c00305cf10663dfe9f9] dt-bindings: sc16is7xx: Add flag to activate IrDA mode testing commit 4a9b984fe425cc48f24a4c00305cf10663dfe9f9 with gcc (GCC) 8.1.0 kernel signature: abb81c0ff13cc62f7a33bffc7887add0e6c30f371eb2b9f6dba8e69cb43b3b6b all runs: OK # git bisect good 4a9b984fe425cc48f24a4c00305cf10663dfe9f9 Bisecting: 3890 revisions left to test after this (roughly 12 steps) [9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68] Linux 5.8-rc3 testing commit 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68 with gcc (GCC) 8.1.0 kernel signature: fd8eb2d5b39510602b4c028a12e47672c2fdc0a9d9f50dbede29fd9640065318 run #0: crashed: INFO: rcu detected stall in tipc_release run #1: crashed: INFO: rcu detected stall in tipc_release run #2: crashed: INFO: rcu detected stall in tipc_release run #3: crashed: INFO: rcu detected stall in tipc_release run #4: crashed: INFO: rcu detected stall in tipc_release run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in tipc_release run #8: crashed: INFO: rcu detected stall in tipc_release run #9: OK # git bisect bad 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68 Bisecting: 3853 revisions left to test after this (roughly 12 steps) [33a180623b6c35f2727daecb63763955af3af1df] dm bufio: introduce forget_buffer_locked testing commit 33a180623b6c35f2727daecb63763955af3af1df with gcc (GCC) 8.1.0 kernel signature: 0de16919fc55c01dd7c010dd29267ae55a2bfa842f4dcfd1723941dbb5abaa42 all runs: OK # git bisect good 33a180623b6c35f2727daecb63763955af3af1df Bisecting: 3853 revisions left to test after this (roughly 12 steps) [fa1f68cc88f1dce6b7bb37628eb7c25c96593183] mm: use false for bool variable testing commit fa1f68cc88f1dce6b7bb37628eb7c25c96593183 with gcc (GCC) 8.1.0 kernel signature: 16a5c0317493d506eedce67c8229b3ee6dc1e8b1c4a864704b0a0639ab0c5602 all runs: OK # git bisect good fa1f68cc88f1dce6b7bb37628eb7c25c96593183 Bisecting: 3853 revisions left to test after this (roughly 12 steps) [0f03c08892ac3c42d93662c8dec86bf74e5d4c9b] i2c: pxa: consolidate i2c_pxa_*xfer() implementations testing commit 0f03c08892ac3c42d93662c8dec86bf74e5d4c9b with gcc (GCC) 8.1.0 kernel signature: 282b891cb6b3b913e832e9e057a0b3f55af1dbe5df657d83f3079a1c428bebd6 all runs: OK # git bisect good 0f03c08892ac3c42d93662c8dec86bf74e5d4c9b Bisecting: 3810 revisions left to test after this (roughly 12 steps) [c60e4459c42de356b5cc49830fc08e5fd372a8cd] ASoC: intel: atom: use snd_compress_ops testing commit c60e4459c42de356b5cc49830fc08e5fd372a8cd with gcc (GCC) 8.1.0 kernel signature: 8965abd7204d67a5369c55184a0ba34fdd933e28f05090c65daa927efc2b0b44 all runs: OK # git bisect good c60e4459c42de356b5cc49830fc08e5fd372a8cd Bisecting: 3810 revisions left to test after this (roughly 12 steps) [9ac17575804024fb3d5692cad7afc08929bab981] lib/math: avoid trailing newline hidden in pr_fmt() testing commit 9ac17575804024fb3d5692cad7afc08929bab981 with gcc (GCC) 8.1.0 kernel signature: d3a9af4182a03697225e5027033af33a2e632ff124ff2cca7ef39d20e7e9e598 all runs: OK # git bisect good 9ac17575804024fb3d5692cad7afc08929bab981 Bisecting: 3810 revisions left to test after this (roughly 12 steps) [ccd7c7ce167a21dbf2b698ffcf00f11d96d44f9b] net: qed: fix NVMe login fails over VFs testing commit ccd7c7ce167a21dbf2b698ffcf00f11d96d44f9b with gcc (GCC) 8.1.0 kernel signature: 8673ba120a8a08cb7e3812e09eaedc40f3a557787a8cd126b9184636157f42a5 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in tipc_release run #2: crashed: INFO: rcu detected stall in tipc_release run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in tipc_release run #5: crashed: INFO: rcu detected stall in tipc_release run #6: crashed: INFO: rcu detected stall in tipc_release run #7: crashed: INFO: rcu detected stall in tipc_release run #8: crashed: INFO: rcu detected stall in tipc_release run #9: crashed: INFO: rcu detected stall in tipc_release # git bisect bad ccd7c7ce167a21dbf2b698ffcf00f11d96d44f9b Bisecting: 3659 revisions left to test after this (roughly 12 steps) [081096d98bb23946f16215357b141c5616b234bf] Merge tag 'tty-5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 081096d98bb23946f16215357b141c5616b234bf with gcc (GCC) 8.1.0 kernel signature: 308bfef23c5b2db93a4226f6729d45f9d49d1d440ea8c8f06f385215f40457a5 all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 081096d98bb23946f16215357b141c5616b234bf Bisecting: 3659 revisions left to test after this (roughly 12 steps) [1ee18de92927f37e6948d5a6fc73cbf89f806905] Merge tag 'dma-mapping-5.8' of git://git.infradead.org/users/hch/dma-mapping testing commit 1ee18de92927f37e6948d5a6fc73cbf89f806905 with gcc (GCC) 8.1.0 kernel signature: 06dbed75a0c85961198df2fab40758d9d7763f1049e4b340e16489477257a93c all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 1ee18de92927f37e6948d5a6fc73cbf89f806905 Bisecting: 3659 revisions left to test after this (roughly 12 steps) [467b82d7cee4373aa7bc47fd3043e2fa0a3440f5] modpost: remove -s option testing commit 467b82d7cee4373aa7bc47fd3043e2fa0a3440f5 with gcc (GCC) 8.1.0 kernel signature: 03fa917f1b9451c5041489792bb8232ab3547491ce79464cd25cd64caf785908 all runs: OK # git bisect good 467b82d7cee4373aa7bc47fd3043e2fa0a3440f5 Bisecting: 3659 revisions left to test after this (roughly 12 steps) [2f7ccc387cf3b2e896dadbe5252502baf56473a4] Staging: vt6655: Format long lines. testing commit 2f7ccc387cf3b2e896dadbe5252502baf56473a4 with gcc (GCC) 8.1.0 kernel signature: 61e61812c29ea8317ac193d3e1e6e96f9b3aa08f74e08ac5061f096029b24161 all runs: OK # git bisect good 2f7ccc387cf3b2e896dadbe5252502baf56473a4 Bisecting: 3651 revisions left to test after this (roughly 12 steps) [fe79ea577be81e1e71642826ab00e676dc59c194] arm64: dts: allwinner: h6: Enable CPU opp tables for Pine H64 testing commit fe79ea577be81e1e71642826ab00e676dc59c194 with gcc (GCC) 8.1.0 kernel signature: e21d21068ca0518bf380dcdac0742c42314f0262f1eb3d47885f1d78c4e1d184 all runs: OK # git bisect good fe79ea577be81e1e71642826ab00e676dc59c194 Bisecting: 3651 revisions left to test after this (roughly 12 steps) [f6363c437dc6e287259c05849286bf0faefb0fdd] clk: at91: pmc: do not continue if compatible not located testing commit f6363c437dc6e287259c05849286bf0faefb0fdd with gcc (GCC) 8.1.0 kernel signature: 88426d3f56b0e427e879e6ed536a86ef4d4783b93002574a98b62988d57304bb all runs: OK # git bisect good f6363c437dc6e287259c05849286bf0faefb0fdd Bisecting: 3649 revisions left to test after this (roughly 12 steps) [c4e181d6fec49033f8f2c1b2d8b1de538ad4cd11] dt-bindings: reset: imx7: Document usage on i.MX8MP SoC testing commit c4e181d6fec49033f8f2c1b2d8b1de538ad4cd11 with gcc (GCC) 8.1.0 kernel signature: 8473cd7e923054b8fe1e8521952c95b2d65ecd76f718dd4e3c1ce5c51fdae772 all runs: OK # git bisect good c4e181d6fec49033f8f2c1b2d8b1de538ad4cd11 Bisecting: 3649 revisions left to test after this (roughly 12 steps) [74c6881019b7d56c327fffc268d97adb5eb1b4f9] powerpc/watchpoint: Prepare handler to handle more than one watchpoint testing commit 74c6881019b7d56c327fffc268d97adb5eb1b4f9 with gcc (GCC) 8.1.0 kernel signature: d4f7585fa259c6ec817290e2a86f976354ea72f9adfd98e65b3598b6364cae68 all runs: OK # git bisect good 74c6881019b7d56c327fffc268d97adb5eb1b4f9 Bisecting: 3649 revisions left to test after this (roughly 12 steps) [f6c1fb0a76d97447ea7f928ee6a113ee15318df1] net: ethernet: dwmac: Fix an error code in imx_dwmac_probe() testing commit f6c1fb0a76d97447ea7f928ee6a113ee15318df1 with gcc (GCC) 8.1.0 kernel signature: 8f3e3c03fd96939d2fe648d74788ac1ede9712b50df74d59c53141a86b90f0d2 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in tipc_release run #2: crashed: INFO: rcu detected stall in tipc_release run #3: crashed: INFO: rcu detected stall in tipc_release run #4: crashed: INFO: rcu detected stall in tipc_release run #5: crashed: INFO: rcu detected stall in tipc_release run #6: crashed: INFO: rcu detected stall in tipc_release run #7: crashed: INFO: rcu detected stall in tipc_release run #8: crashed: INFO: rcu detected stall in tipc_release run #9: crashed: INFO: rcu detected stall in tipc_release # git bisect bad f6c1fb0a76d97447ea7f928ee6a113ee15318df1 Bisecting: 6 revisions left to test after this (roughly 3 steps) [a9a7d12954893f817dcb0652c488c7e823e7b8c6] Merge branch 'ena-xdp-fixes' testing commit a9a7d12954893f817dcb0652c488c7e823e7b8c6 with gcc (GCC) 8.1.0 kernel signature: a5064cbc10b6aea560b801fbbc2bc11b722e00ea56bf1c69116de17d35aed544 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in tipc_release run #2: crashed: INFO: rcu detected stall in tipc_release run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in tipc_release run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in tipc_release run #7: crashed: INFO: rcu detected stall in tipc_release run #8: crashed: INFO: rcu detected stall in tipc_release run #9: crashed: INFO: rcu detected stall in tipc_release # git bisect bad a9a7d12954893f817dcb0652c488c7e823e7b8c6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [5e9eeccc58f3e6bcc99b929670665d2ce047e9c9] tipc: fix NULL pointer dereference in streaming testing commit 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 with gcc (GCC) 8.1.0 kernel signature: 14626517e9d18d35118fc29a33cf20c4bfa237324dc5d050c0b8fe9a875f9e56 run #0: crashed: INFO: rcu detected stall in tipc_release run #1: crashed: INFO: rcu detected stall in tipc_release run #2: crashed: INFO: rcu detected stall in tipc_release run #3: crashed: INFO: rcu detected stall in tipc_release run #4: crashed: INFO: rcu detected stall in tipc_release run #5: crashed: INFO: rcu detected stall in tipc_release run #6: crashed: INFO: rcu detected stall in tipc_release run #7: crashed: INFO: rcu detected stall in tipc_release run #8: crashed: INFO: rcu detected stall in tipc_release run #9: boot failed: can't ssh into the instance # git bisect bad 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 Bisecting: 0 revisions left to test after this (roughly 1 step) [c36f05559104b66bcd7f617e931e38c680227b74] genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() testing commit c36f05559104b66bcd7f617e931e38c680227b74 with gcc (GCC) 8.1.0 kernel signature: e3797ca444ca333a7af88074b1808f0970406a9ee70eef631a1e4fc1340f24c2 all runs: OK # git bisect good c36f05559104b66bcd7f617e931e38c680227b74 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 is the first bad commit commit 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 Author: Tuong Lien Date: Wed Jun 3 12:06:01 2020 +0700 tipc: fix NULL pointer dereference in streaming syzbot found the following crash: general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] CPU: 1 PID: 7060 Comm: syz-executor394 Not tainted 5.7.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__tipc_sendstream+0xbde/0x11f0 net/tipc/socket.c:1591 Code: 00 00 00 00 48 39 5c 24 28 48 0f 44 d8 e8 fa 3e db f9 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 04 00 00 48 8b 9b c8 00 00 00 48 b8 00 00 00 RSP: 0018:ffffc90003ef7818 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8797fd9d RDX: 0000000000000019 RSI: ffffffff8797fde6 RDI: 00000000000000c8 RBP: ffff888099848040 R08: ffff88809a5f6440 R09: fffffbfff1860b4c R10: ffffffff8c305a5f R11: fffffbfff1860b4b R12: ffff88809984857e R13: 0000000000000000 R14: ffff888086aa4000 R15: 0000000000000000 FS: 00000000009b4880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000140 CR3: 00000000a7fdf000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tipc_sendstream+0x4c/0x70 net/tipc/socket.c:1533 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x32f/0x810 net/socket.c:2352 ___sys_sendmsg+0x100/0x170 net/socket.c:2406 __sys_sendmmsg+0x195/0x480 net/socket.c:2496 __do_sys_sendmmsg net/socket.c:2525 [inline] __se_sys_sendmmsg net/socket.c:2522 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2522 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x440199 ... This bug was bisected to commit 0a3e060f340d ("tipc: add test for Nagle algorithm effectiveness"). However, it is not the case, the trouble was from the base in the case of zero data length message sending, we would unexpectedly make an empty 'txq' queue after the 'tipc_msg_append()' in Nagle mode. A similar crash can be generated even without the bisected patch but at the link layer when it accesses the empty queue. We solve the issues by building at least one buffer to go with socket's header and an optional data section that may be empty like what we had with the 'tipc_msg_build()'. Note: the previous commit 4c21daae3dbc ("tipc: Fix NULL pointer dereference in __tipc_sendstream()") is obsoleted by this one since the 'txq' will be never empty and the check of 'skb != NULL' is unnecessary but it is safe anyway. Reported-by: syzbot+8eac6d030e7807c21d32@syzkaller.appspotmail.com Fixes: c0bceb97db9e ("tipc: add smart nagle feature") Acked-by: Jon Maloy Signed-off-by: Tuong Lien Signed-off-by: David S. Miller net/tipc/msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) culprit signature: 14626517e9d18d35118fc29a33cf20c4bfa237324dc5d050c0b8fe9a875f9e56 parent signature: e3797ca444ca333a7af88074b1808f0970406a9ee70eef631a1e4fc1340f24c2 revisions tested: 25, total time: 6h23m45.382207467s (build: 2h34m11.552561037s, test: 3h45m49.718481422s) first bad commit: 5e9eeccc58f3e6bcc99b929670665d2ce047e9c9 tipc: fix NULL pointer dereference in streaming cc: ["davem@davemloft.net" "jmaloy@redhat.com" "tuong.t.lien@dektech.com.au"] crash: INFO: rcu detected stall in tipc_release rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 1-...!: (1 GPs behind) idle=eca/1/0x4000000000000002 softirq=15014/15016 fqs=1 (t=10500 jiffies g=9029 q=204) rcu: rcu_preempt kthread starved for 10472 jiffies! g9029 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: rcu_preempt I29160 10 2 0x80004000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x86a/0x1990 kernel/sched/core.c:4156 schedule+0xc4/0x2b0 kernel/sched/core.c:4231 schedule_timeout+0x2c4/0x6d0 kernel/time/timer.c:1897 rcu_gp_fqs_loop kernel/rcu/tree.c:1856 [inline] rcu_gp_kthread+0xc26/0x1970 kernel/rcu/tree.c:2026 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 NMI backtrace for cpu 1 CPU: 1 PID: 10158 Comm: syz-executor.5 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x4b/0x83 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x183/0x1ac lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x19e/0x1ea kernel/rcu/tree_stall.h:320 print_cpu_stall kernel/rcu/tree_stall.h:553 [inline] check_cpu_stall kernel/rcu/tree_stall.h:627 [inline] rcu_pending kernel/rcu/tree.c:3471 [inline] rcu_sched_clock_irq.cold.90+0x51f/0xd59 kernel/rcu/tree.c:2486 update_process_times+0x1f/0x50 kernel/time/timer.c:1726 tick_sched_handle+0x6f/0x130 kernel/time/tick-sched.c:176 tick_sched_timer+0x3e/0xf0 kernel/time/tick-sched.c:1320 __run_hrtimer kernel/time/hrtimer.c:1520 [inline] __hrtimer_run_queues+0x4b1/0xb60 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x2e5/0x770 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] smp_apic_timer_interrupt+0x15e/0x5f0 arch/x86/kernel/apic/apic.c:1105 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline] RIP: 0010:lock_is_held_type+0x272/0x350 kernel/locking/lockdep.c:4998 Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e1 00 00 00 48 83 3d 77 3b a1 01 00 74 2f 48 8b 7c 24 10 57 9d <0f> 1f 44 00 00 48 83 c4 18 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 RSP: 0018:ffffc90004546c58 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffff8880957aa000 RCX: 1ffffffff1157f25 RDX: 1ffffffff11a8ac0 RSI: ffffffff88db6a80 RDI: 0000000000000286 RBP: 0000000000000001 R08: ffffed1015d27184 R09: ffffed1015d27184 R10: ffff8880ae938c1b R11: ffffed1015d27183 R12: ffffed1012af5519 R13: ffffffff88db6a80 R14: ffff8880957aa8d0 R15: 0000000000000003 lock_is_held include/linux/lockdep.h:425 [inline] rcu_read_lock_held+0x9c/0xb0 kernel/rcu/update.c:320 net_generic include/net/netns/generic.h:45 [inline] tipc_sk_lookup+0x5aa/0x8c0 net/tipc/socket.c:2966 tipc_sk_rcv+0x268/0x1780 net/tipc/socket.c:2460 tipc_node_xmit+0x22c/0xa50 net/tipc/node.c:1652 tipc_node_xmit_skb+0xb3/0x130 net/tipc/node.c:1712 tipc_sk_rcv+0x1102/0x1780 net/tipc/socket.c:2490 tipc_node_xmit+0x22c/0xa50 net/tipc/node.c:1652 tipc_sk_push_backlog+0x565/0x6f0 net/tipc/socket.c:1303 tipc_sk_filter_connect net/tipc/socket.c:2225 [inline] tipc_sk_filter_rcv+0xe85/0x2bc0 net/tipc/socket.c:2334 tipc_sk_enqueue net/tipc/socket.c:2414 [inline] tipc_sk_rcv+0xabe/0x1780 net/tipc/socket.c:2465 tipc_node_xmit+0x22c/0xa50 net/tipc/node.c:1652 tipc_node_xmit_skb net/tipc/node.c:1712 [inline] tipc_node_distr_xmit+0x135/0x420 net/tipc/node.c:1727 tipc_sk_backlog_rcv+0x149/0x1c0 net/tipc/socket.c:2382 sk_backlog_rcv include/net/sock.h:996 [inline] __release_sock+0x116/0x350 net/core/sock.c:2548 release_sock+0x4a/0x170 net/core/sock.c:3064 tipc_release+0x7bc/0x11b0 net/tipc/socket.c:638 __sock_release+0xbb/0x270 net/socket.c:605 sock_close+0xf/0x20 net/socket.c:1278 __fput+0x2a4/0x7a0 fs/file_table.c:281 task_work_run+0xc2/0x160 kernel/task_work.c:123 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x23d/0x2d0 arch/x86/entry/common.c:165 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x52a/0x620 arch/x86/entry/common.c:305 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45cba9 Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f177af7fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 RAX: 0000000000000004 RBX: 00000000004dc020 RCX: 000000000045cba9 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 R13: 00000000000000a4 R14: 00000000004c3748 R15: 00007f177af806d4