netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. INFO: task kworker/u4:3:206 blocked for more than 140 seconds. Not tainted 4.14.249-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:3 D26248 206 2 0x80000000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3384 schedule+0x8d/0x1b0 kernel/sched/core.c:3428 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898 fsnotify_mark_destroy_workfn+0xed/0x2e0 fs/notify/mark.c:757 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 process_scheduled_works kernel/workqueue.c:2177 [inline] worker_thread+0x7d3/0xff0 kernel/workqueue.c:2253 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Showing all locks held in the system: 2 locks held by kworker/u4:3/206: #0: ("events_unbound"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((reaper_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 1 lock held by khungtaskd/1533: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 2 locks held by kworker/u4:1/8030: #0: ("events_unbound"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: (connector_reaper_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.249-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.14.249-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880b54a8480 task.stack: ffff8880b54b0000 RIP: 0010:rt6_score_route+0x1c0/0xb40 net/ipv6/route.c:666 RSP: 0018:ffff8880b54b7638 EFLAGS: 00000206 RAX: ffff8880b54a8480 RBX: 0000000000000003 RCX: ffff8880b54b7800 RDX: 0000000000000100 RSI: 00000000000006b8 RDI: ffff88809527eb28 RBP: ffff8880b00ce000 R08: ffff888093af7380 R09: ffff8880b54b77f0 R10: ffff8880b54a8d30 R11: ffff8880b54a8480 R12: 00000000000006b8 R13: 00000000fffffffd R14: 0000000000000000 R15: 00000000000006b8 FS: 0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a727ffb160 CR3: 0000000008e6a000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_match+0x138/0xf80 net/ipv6/route.c:685 find_rr_leaf net/ipv6/route.c:722 [inline] rt6_select net/ipv6/route.c:753 [inline] ip6_pol_route+0x261/0x1dc0 net/ipv6/route.c:1120 fib6_rule_lookup+0xc7/0x3e0 net/ipv6/fib6_rules.c:83 ip6_route_input_lookup net/ipv6/route.c:1215 [inline] ip6_route_input+0x525/0x8e0 net/ipv6/route.c:1293 ip6_rcv_finish+0x1dc/0x7a0 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:250 [inline] ipv6_rcv+0xac7/0x1b60 net/ipv6/ip6_input.c:208 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512 process_backlog+0x218/0x6f0 net/core/dev.c:5195 napi_poll net/core/dev.c:5604 [inline] net_rx_action+0x466/0xfd0 net/core/dev.c:5670 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 run_ksoftirqd+0x50/0x1a0 kernel/softirq.c:670 smpboot_thread_fn+0x5c1/0x920 kernel/smpboot.c:164 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Code: 41 c1 ed 19 41 83 e5 0c 41 83 f5 08 45 09 e5 83 e3 02 74 12 e8 92 fc 1d fb 41 81 e6 02 00 20 00 41 83 fe 02 74 22 e8 80 fc 1d fb <44> 89 e8 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 41 bc 02 ---------------- Code disassembly (best guess): 0: 41 c1 ed 19 shr $0x19,%r13d 4: 41 83 e5 0c and $0xc,%r13d 8: 41 83 f5 08 xor $0x8,%r13d c: 45 09 e5 or %r12d,%r13d f: 83 e3 02 and $0x2,%ebx 12: 74 12 je 0x26 14: e8 92 fc 1d fb callq 0xfb1dfcab 19: 41 81 e6 02 00 20 00 and $0x200002,%r14d 20: 41 83 fe 02 cmp $0x2,%r14d 24: 74 22 je 0x48 26: e8 80 fc 1d fb callq 0xfb1dfcab * 2b: 44 89 e8 mov %r13d,%eax <-- trapping instruction 2e: 48 83 c4 30 add $0x30,%rsp 32: 5b pop %rbx 33: 5d pop %rbp 34: 41 5c pop %r12 36: 41 5d pop %r13 38: 41 5e pop %r14 3a: 41 5f pop %r15 3c: c3 retq 3d: 41 rex.B 3e: bc .byte 0xbc 3f: 02 .byte 0x2