bisecting fixing commit since c3038e718a19fc596f7b1baba0f83d5146dc7784 building syzkaller on 25bb509e5964da8203766c4039e4fef25e4689b1 testing commit c3038e718a19fc596f7b1baba0f83d5146dc7784 with gcc (GCC) 8.1.0 kernel signature: 3eac5a518cf5f28a8996ea0688ae013fbceb066b run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: crashed: INFO: task hung in genl_rcv_msg run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing current HEAD 7d120bf21c05cbe30a679f0feeca884eeaceb069 testing commit 7d120bf21c05cbe30a679f0feeca884eeaceb069 with gcc (GCC) 8.1.0 kernel signature: dd103fd4cdced85356b7023dce9ee66532db297a run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in genl_rcv_msg run #2: crashed: INFO: task hung in genl_rcv_msg run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK revisions tested: 2, total time: 37m25.050265885s (build: 16m47.195349883s, test: 19m58.237622657s) the crash still happens on HEAD commit msg: Linux 4.19.90 crash: INFO: task hung in genl_rcv_msg INFO: task syz-executor.3:22552 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28424 22552 7034 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007f9699bca9c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f9699bcaa58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007f9699bcaa00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f9699bcaa40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.3:22558 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D27720 22558 7034 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007f9699ba99c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f9699ba9a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007f9699ba9a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f9699ba9a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.0:22548 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28424 22548 7038 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007f86ccd919c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f86ccd91a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007f86ccd91a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f86ccd91a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.0:22556 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D27720 22556 7038 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007f86ccd709c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f86ccd70a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007f86ccd70a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f86ccd70a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.2:22550 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28424 22550 7032 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fe747bc19c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe747bc1a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fe747bc1a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fe747bc1a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.2:22559 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D27720 22559 7032 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fe747ba09c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe747ba0a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fe747ba0a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fe747ba0a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.5:22554 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28424 22554 7041 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fe4d74c99c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe4d74c9a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fe4d74c9a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fe4d74c9a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.5:22560 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D27720 22560 7041 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fe4d74a89c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe4d74a8a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fe4d74a8a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fe4d74a8a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.4:22557 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28168 22557 7039 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fa3471829c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa347182a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fa347182a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000004 R11: 0000000000000293 R12: 00007fa347182a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff INFO: task syz-executor.4:22561 blocked for more than 140 seconds. Not tainted 4.19.90-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D27720 22561 7039 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x78c/0x1c10 kernel/sched/core.c:3515 schedule+0x7f/0x1b0 kernel/sched/core.c:3559 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3617 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x806/0x1210 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413bf1 Code: f8 ff 89 c3 66 41 89 84 24 c8 00 00 00 75 86 66 2e 0f 1f 84 00 00 00 00 00 ba 29 f8 ff ff eb 95 66 0f 1f 84 00 00 00 00 00 e8 73 ff ff 8b 18 ba 00 04 00 00 48 89 e6 48 89 c5 89 df e8 c7 c8 RSP: 002b:00007fa3471619c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa347161a58 RCX: 0000000000413bf1 RDX: 0000000000000000 RSI: 00007fa347161a00 RDI: 0000000000000005 RBP: 0000000000000005 R08: 000000000000000b R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa347161a40 R13: 00000000004d17d0 R14: 00000000004e0b68 R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1039: #0: 00000000f7e68c15 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4438 1 lock held by rsyslogd/6789: #0: 000000004b78402d (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 2 locks held by getty/6911: #0: 0000000082994582 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000ff8c4f9a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6912: #0: 000000008873e601 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000990b1b75 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6913: #0: 00000000899a7f67 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000c959ba02 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6914: #0: 000000006bb81dba (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000a1b03adc (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6915: #0: 0000000083733001 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 00000000885c9912 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6916: #0: 00000000b4921334 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 000000008df3c36e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 2 locks held by getty/6917: #0: 00000000509c20ef (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:362 #1: 000000002c8c4ca8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x1ee/0x1910 drivers/tty/n_tty.c:2154 3 locks held by syz-executor.1/22540: 2 locks held by syz-executor.3/22552: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.3/22558: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.0/22548: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.0/22556: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.2/22550: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.2/22559: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.5/22554: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.5/22560: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.4/22557: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 2 locks held by syz-executor.4/22561: #0: 0000000018aead69 (cb_lock){++++}, at: genl_rcv+0x14/0x40 net/netlink/genetlink.c:637 #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: 000000008e69d004 (genl_mutex){+.+.}, at: genl_rcv_msg+0x10e/0x140 net/netlink/genetlink.c:625 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1039 Comm: khungtaskd Not tainted 4.19.90-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x123/0x177 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.4+0x3e/0x76 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xe6/0x11a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 22540 Comm: syz-executor.1 Not tainted 4.19.90-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/kasan.c:167 [inline] RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline] RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline] RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline] RIP: 0010:check_memory_region+0x117/0x1b0 mm/kasan/kasan.c:267 Code: 00 4d 85 c0 75 3e 4d 89 e0 49 29 c0 e9 6c ff ff ff 4d 85 c0 74 ba 48 b8 01 00 00 00 00 fc ff df 4d 01 c8 48 01 d8 41 80 39 00 <74> 08 e9 8c 00 00 00 48 89 d8 4c 39 c0 74 97 80 38 00 48 8d 58 01 RSP: 0018:ffff88808708ec58 EFLAGS: 00000246 RAX: ffffed1015d64733 RBX: 1ffff11015d64732 RCX: ffffffff81515ea1 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880aeb23990 RBP: ffff88808708ec70 R08: ffffed1015d64733 R09: ffffed1015d64732 R10: ffffed1015d64732 R11: ffff8880aeb23993 R12: ffffed1015d64733 R13: ffff88808708ed70 R14: ffff8880a0b80940 R15: ffff88808708f060 FS: 00007f156a3e8700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 000000008d79e000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 kernel/rcu/tree.c:350 rcu_is_watching+0x10/0x30 kernel/rcu/tree.c:1025 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:283 net_generic include/net/netns/generic.h:45 [inline] tipc_sk_lookup+0x60e/0x950 net/tipc/socket.c:2723 tipc_nl_publ_dump+0x1bf/0xcce net/tipc/socket.c:3531 __tipc_nl_compat_dumpit.isra.11+0x1e0/0x960 net/tipc/netlink_compat.c:207 tipc_nl_compat_publ_dump net/tipc/netlink_compat.c:1008 [inline] tipc_nl_compat_sk_dump+0x4ea/0x990 net/tipc/netlink_compat.c:1059 __tipc_nl_compat_dumpit.isra.11+0x2b0/0x960 net/tipc/netlink_compat.c:216 tipc_nl_compat_dumpit+0x1e3/0x4c0 net/tipc/netlink_compat.c:288 tipc_nl_compat_handle net/tipc/netlink_compat.c:1233 [inline] tipc_nl_compat_recv+0x460/0xa70 net/tipc/netlink_compat.c:1296 genl_family_rcv_msg+0x591/0xe80 net/netlink/genetlink.c:602 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:627 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454 genl_rcv+0x23/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x445/0x640 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459f39 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f156a3e7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f156a3e86d4 R13: 00000000004cf980 R14: 00000000004de090 R15: 00000000ffffffff