netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 124s! BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=-20 stuck for 120s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=6/256 pending: defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, cache_reap workqueue events_power_efficient: flags=0x80 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 pending: gc_worker, neigh_periodic_work workqueue rcu_gp: flags=0x8 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 in-flight: 18964:wait_rcu_exp_gp workqueue mm_percpu_wq: flags=0x8 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 pending: vmstat_update workqueue kblockd: flags=0x18 pwq 3: cpus=1 node=0 flags=0x0 nice=-20 active=1/256 pending: blk_mq_timeout_work workqueue ipv6_addrconf: flags=0x40008 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 in-flight: 4924:addrconf_verify_work pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=6 idle: 11693 25 4 4815 INFO: task kworker/0:5:18964 blocked for more than 120 seconds. Not tainted 4.17.0-rc3+ #27 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. INFO: rcu_sched detected stalls on CPUs/tasks: 1-....: (125002 ticks this GP) idle=43e/1/4611686018427387904 softirq=106815/106967 fqs=31171 (detected by 0, t=125003 jiffies, g=59248, c=59247, q=1142) Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 25545 Comm: syz-executor1 Not tainted 4.17.0-rc3+ #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x50 kernel/kcov.c:106 RSP: 0018:ffff8801b14bf938 EFLAGS: 00000246 RAX: 0000000000040000 RBX: ffff8801d2a42dc0 RCX: ffffc900058ed000 RDX: 000000000003ffff RSI: ffffffff84b2cdd6 RDI: ffff8801bc6b2278 RBP: ffff8801b14bf938 R08: ffff88018f78e440 R09: ffffed003b5e46c2 R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000 R13: ffff88016d004818 R14: ffff8801b947f0e0 R15: ffff8801b947f000 FS: 00007f06abf04700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc49c51fca0 CR3: 00000001d0a32000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: is_loop_device drivers/block/loop.c:713 [inline] loop_set_fd drivers/block/loop.c:901 [inline] lo_ioctl+0x1b26/0x2130 drivers/block/loop.c:1397 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x9b6/0x2020 block/ioctl.c:601 block_ioctl+0xee/0x130 fs/block_dev.c:1877 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x16a0 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455979 RSP: 002b:00007f06abf03c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06abf046d4 RCX: 0000000000455979 RDX: 0000000000000013 RSI: 0000000000004c00 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000002b2 R14: 00000000006f8150 R15: 0000000000000000 Code: 7e 48 89 e5 81 e2 00 01 1f 00 48 8b 75 08 75 2b 8b 90 78 12 00 00 83 fa 02 75 20 48 8b 88 80 12 00 00 8b 80 7c 12 00 00 48 8b 11 <48> 83 c2 01 48 39 d0 76 07 48 89 34 d1 48 89 11 5d c3 0f 1f 00 kworker/0:5 D21752 18964 2 0x80000000 Workqueue: rcu_gp wait_rcu_exp_gp Call Trace: context_switch kernel/sched/core.c:2848 [inline] __schedule+0x801/0x1e30 kernel/sched/core.c:3490 schedule+0xef/0x430 kernel/sched/core.c:3549 schedule_timeout+0x138/0x240 kernel/time/timer.c:1801 synchronize_sched_expedited_wait kernel/rcu/tree_exp.h:470 [inline] rcu_exp_wait_wake+0x254/0x9c0 kernel/rcu/tree_exp.h:538 rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:582 [inline] wait_rcu_exp_gp+0x83/0xc0 kernel/rcu/tree_exp.h:593 process_one_work+0xc1e/0x1b50 kernel/workqueue.c:2145 worker_thread+0x1cc/0x1440 kernel/workqueue.c:2279 kthread+0x345/0x410 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Showing all locks held in the system: 2 locks held by khungtaskd/892: #0: 00000000fdd8c0af (rcu_read_lock){....}, at: check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline] #0: 00000000fdd8c0af (rcu_read_lock){....}, at: watchdog+0x1ff/0xf60 kernel/hung_task.c:249 #1: 000000003438aa32 (tasklist_lock){.+.+}, at: debug_show_all_locks+0xde/0x34a kernel/locking/lockdep.c:4470 2 locks held by getty/4452: #0: 0000000059423c3f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 000000001348987d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4453: #0: 000000009788f110 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000763b2190 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4454: #0: 000000008be1f38a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000112c9616 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4455: #0: 00000000c027c565 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 000000006e4d311d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4456: #0: 000000007d90462e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000d9eaf3fd (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4457: #0: 000000000e615439 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 0000000045712ef9 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 2 locks held by getty/4458: #0: 00000000099af457 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: 00000000d4a80b7a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131 3 locks held by kworker/0:3/4924: #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000cc7aac8e ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116 #1: 00000000ff6f5207 ((addr_chk_work).work){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120 #2: 00000000850338ef (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 2 locks held by kworker/0:5/18964: #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000006ee0562 ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116 #1: 00000000368fdb28 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120 2 locks held by syz-executor6/25597: #0: 00000000850338ef (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: 000000005bf68cd9 (rcu_sched_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:281 [inline] #1: 000000005bf68cd9 (rcu_sched_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited.constprop.73+0x9dd/0xad0 kernel/rcu/tree_exp.h:616 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 892 Comm: khungtaskd Not tainted 4.17.0-rc3+ #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_task kernel/hung_task.c:132 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline] watchdog+0xc10/0xf60 kernel/hung_task.c:249 kthread+0x345/0x410 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 25545 Comm: syz-executor1 Not tainted 4.17.0-rc3+ #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:loop_set_fd drivers/block/loop.c:908 [inline] RIP: 0010:lo_ioctl+0x1a9a/0x2130 drivers/block/loop.c:1397 RSP: 0018:ffff8801b14bf948 EFLAGS: 00000297 RAX: 0000000000000001 RBX: ffff8801d2a42dc0 RCX: ffffffff84b2cd47 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005 RBP: ffff8801b14bf9c0 R08: ffff88018f78e440 R09: ffffed003b5e46c2 R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000 R13: ffff8801afc68480 R14: ffff8801b947f0e0 R15: ffff8801b947f000 FS: 00007f06abf04700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc49c51fca0 CR3: 00000001d0a32000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x9b6/0x2020 block/ioctl.c:601 block_ioctl+0xee/0x130 fs/block_dev.c:1877 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x16a0 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455979 RSP: 002b:00007f06abf03c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06abf046d4 RCX: 0000000000455979 RDX: 0000000000000013 RSI: 0000000000004c00 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000002b2 R14: 00000000006f8150 R15: 0000000000000000 Code: fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 5d 02 00 00 41 8b 85 48 01 00 00 31 ff 89 c6 89 45 a8 e8 09 73 c6 fc 8b 45 a8 <85> c0 0f 84 6e eb ff ff e8 e9 71 c6 fc 49 8d bd f0 00 00 00 48