netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. INFO: task syz-executor4:14489 blocked for more than 140 seconds. Not tainted 4.9.133+ #54 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor4 D28824 14489 2128 0x80000000 ffff8801a221af80 ffff8801d419c780 ffff8801d419c780 ffff8801cacd8000 ffff8801db621018 ffff8801cf137b10 ffffffff827f3aa2 ffff8801cf137ae8 ffffffff81206a57 0000000000000000 00ff8801a221b828 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] rwsem_down_read_failed+0x26c/0x400 kernel/locking/rwsem-xadd.c:260 [] call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 [] __down_read arch/x86/include/asm/rwsem.h:65 [inline] [] down_read+0x52/0xb0 kernel/locking/rwsem.c:24 [] exit_mm kernel/exit.c:480 [inline] [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 2 locks held by getty/2023: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor4/14489: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 1 lock held by syz-executor4/14494: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 1 lock held by syz-executor4/14524: #0: (&mm->mmap_sem){++++++}, at: [] exit_mm kernel/exit.c:480 [inline] #0: (&mm->mmap_sem){++++++}, at: [] do_exit+0x3c1/0x29d0 kernel/exit.c:820 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.133+ #54 ffff8801d9907d08 ffffffff81b37069 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff81098330 ffff8801d9907d40 ffffffff81b42179 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 14516 Comm: syz-executor4 Not tainted 4.9.133+ #54 task: ffff8801a0858000 task.stack: ffff88019f768000 RIP: 0010:[] c [] hlock_class kernel/locking/lockdep.c:142 [inline] RIP: 0010:[] c [] lookup_chain_cache kernel/locking/lockdep.c:2122 [inline] RIP: 0010:[] c [] validate_chain kernel/locking/lockdep.c:2236 [inline] RIP: 0010:[] c [] __lock_acquire+0xdb8/0x4a10 kernel/locking/lockdep.c:3345 RSP: 0018:ffff88019f76f900 EFLAGS: 00000097 RAX: 61c8864680b583eb RBX: ffff8801a08588d8 RCX: 00000000b78b3674 RDX: 0000000000000004 RSI: ffff8801a08588d8 RDI: 0000000000000000 RBP: ffff88019f76fab0 R08: ffff8801a08588f8 R09: 568d86a29d8ee127 R10: ffff8801a0858000 R11: 0000000000000000 R12: 00000000000004e5 R13: 0000000000000000 R14: 00000000949d58d0 R15: 0000000008f18857 FS: 00007f21d8806700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f60652d3140 CR3: 00000001cba75000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 00000000200001c0 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: ffff8801a0858000c 0000000000000000c ffff8801a08588b0c 0000000000000001c ffff8801a08588b0c ffffed003410b115c ffff8801a0858000c dffffc0000000000c ffff88019f76f990c ffffffff81206a57c ffffffff83ceba80c ffff88019f76f998c Call Trace: [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 [] perf_mmap+0x4f7/0x1430 kernel/events/core.c:5265 [] mmap_region+0x80c/0xf90 mm/mmap.c:1726 [] do_mmap+0x53d/0xbb0 mm/mmap.c:1505 [] do_mmap_pgoff include/linux/mm.h:2032 [inline] [] vm_mmap_pgoff+0x168/0x1b0 mm/util.c:329 [] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [] SyS_mmap_pgoff+0xfe/0x1b0 mm/mmap.c:1513 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c24 c60 c4c c89 c8c c24 c98 c00 c00 c00 ce8 cf4 cb1 c2e c00 c4c c8b c54 c24 c58 c44 c8b c5c c24 c60 c4c c8b c8c c24 c98 c00 c00 c00 c48 cb8 ceb c83 cb5 c80 c46 c86 cc8 c61 c<44> c8b c2d c21 c3a cfe c02 c49 c0f caf cc1 c48 cc1 ce8 c31 c66 c45 c85 ce4 c48 c89 c