syzbot

INFO: task syz-executor691:8521 blocked for more than 143 seconds.
      Not tainted 5.11.0-rc2-next-20210106-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor691 state:D
 stack:23904 pid: 8521 ppid:  8515 flags:0x00000000
Call Trace:
 context_switch kernel/sched/core.c:4312 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5063
 schedule+0xcf/0x270 kernel/sched/core.c:5142
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5201
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x81a/0x1110 kernel/locking/mutex.c:1103
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 __sys_sendto+0x21c/0x320 net/socket.c:1975
 __do_sys_sendto net/socket.c:1987 [inline]
 __se_sys_sendto net/socket.c:1983 [inline]
 __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1983
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x409303
RSP: 002b:00007ffcfc0d0d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00000000006e2d80 RCX: 0000000000409303
RDX: 0000000000000040 RSI: 00000000006e2dd0 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffcfc0d0da0 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00000000006e2dd0 R15: 0000000000000003

Showing all locks held in the system:
3 locks held by kworker/0:0/5:
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2246
 #1: 
ffffc90000ca7da8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2250
 #2: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa3/0x1280 net/ipv6/addrconf.c:4028
3 locks held by kworker/0:1/7:
1 lock held by khungtaskd/1653:
 #0: ffffffff8b363ea0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6254
1 lock held by khugepaged/1670:
 #0: 
ffffffff8b435ac8 (lock
#5
){+.+.}-{3:3}, at: lru_add_drain_all+0x5f/0x6f0 mm/swap.c:787
1 lock held by in:imklog/8181:
 #0: 
ffff8880114f2d70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:947
3 locks held by syz-executor691/8519:
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
 #1: ffff888031449290 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_open+0x225/0x4b0 drivers/net/wireguard/device.c:48
 #2: ffffffff8b36c8a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #2: ffffffff8b36c8a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f2/0x610 kernel/rcu/tree_exp.h:836
1 lock held by syz-executor691/8520:
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
1 lock held by syz-executor691/8521:
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
1 lock held by syz-executor691/8524:
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
3 locks held by kworker/1:0/8705:
 #0: 
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
ffff888020ea4538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2246
 #1: 
ffffc90002047da8
 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2250
 #2: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa3/0x1280 net/ipv6/addrconf.c:4028
3 locks held by kworker/1:3/8738:
3 locks held by kworker/1:5/9801:
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff888010062d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2246
 #1: ffffc9000a6bfda8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2250
 #2: ffffffff8c94c9e8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:250
2 locks held by systemd-journal/9867:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1653 Comm: khungtaskd Not tainted 5.11.0-rc2-next-20210106-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:147 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:253 [inline]
 watchdog+0xd89/0xf30 kernel/hung_task.c:338
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9867 Comm: systemd-journal Not tainted 5.11.0-rc2-next-20210106-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:match_held_lock+0xa/0x150 kernel/locking/lockdep.c:4894
Code: 0f 1f 44 00 00 48 8b 34 24 48 c7 c7 c0 1b 4a 89 e8 66 41 c7 ff cc cc cc cc cc cc cc cc cc cc cc 48 39 77 10 0f 84 97 00 00 00 <66> f7 47 22 f0 ff 74 4b 48 83 ec 08 48 8b 46 08 48 85 c0 0f 84 84
RSP: 0018:ffffc90000007788 EFLAGS: 00000083
RAX: 000000000000000f RBX: 0000000000000003 RCX: 1ffffffff19dfde3
RDX: 0000000000000000 RSI: ffffffff8b363de0 RDI: ffff88802496a608
RBP: ffffffff8b363de0 R08: 0000000000000000 R09: ffffffff8cefbd4f
R10: fffffbfff19df7a9 R11: 0000000000000001 R12: ffff888024969c00
R13: ffff88802496a590 R14: 00000000ffffffff R15: ffff88802496a608
FS:  00007fcd70eed8c0(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcd6e49d040 CR3: 000000001a9a4000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __lock_is_held kernel/locking/lockdep.c:5185 [inline]
 lock_is_held_type+0x7e/0x100 kernel/locking/lockdep.c:5476
 lock_is_held include/linux/lockdep.h:271 [inline]
 rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0x5c9/0x740 kernel/locking/lockdep.c:5408
 rcu_lock_acquire include/linux/rcupdate.h:265 [inline]
 rcu_read_lock include/linux/rcupdate.h:654 [inline]
 is_bpf_text_address+0x36/0x160 kernel/bpf/core.c:700
 kernel_text_address kernel/extable.c:151 [inline]
 kernel_text_address+0xbd/0xf0 kernel/extable.c:120
 __kernel_text_address+0x9/0x30 kernel/extable.c:105
 unwind_get_return_address arch/x86/kernel/unwind_orc.c:318 [inline]
 unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:313
 arch_stack_walk+0x93/0xe0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_record_aux_stack+0xe5/0x110 mm/kasan/generic.c:345
 insert_work+0x48/0x370 kernel/workqueue.c:1331
 __queue_work+0x5c1/0xf00 kernel/workqueue.c:1497
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1430
 expire_timers kernel/time/timer.c:1470 [inline]
 __run_timers.part.0+0x4a6/0xa50 kernel/time/timer.c:1744
 __run_timers kernel/time/timer.c:1725 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1757
 __do_softirq+0x2a5/0x9f7 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x1c/0x60 kernel/kcov.c:197
Code: e9 00 fd ff ff 66 0f 1f 84 00 00 00 00 00 65 8b 05 19 39 8f 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 f0 01 00 <a9> 00 01 ff 00 74 0e 85 c9 74 35 8b 82 d4 14 00 00 85 c0 74 2b 8b
RSP: 0018:ffffc9000160f908 EFLAGS: 00000246
RAX: 0000000080000000 RBX: 000000000000000c RCX: 0000000000000000
RDX: ffff888024969c00 RSI: ffffffff8387005a RDI: 0000000000000003
RBP: ffff888021019480 R08: 0000000000000000 R09: 000000000000000c
R10: ffffffff83870047 R11: 0000000000000010 R12: 0000000000000022
R13: 00000000000002f9 R14: dffffc0000000000 R15: 0000000000000000
 tomoyo_domain_quota_is_ok+0x31a/0x550 security/tomoyo/util.c:1092
 tomoyo_supervisor+0x2f2/0xef0 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_permission+0x270/0x3a0 security/tomoyo/file.c:573
 tomoyo_path_perm+0x2f0/0x400 security/tomoyo/file.c:838
 security_inode_getattr+0xcf/0x140 security/security.c:1280
 vfs_getattr fs/stat.c:121 [inline]
 vfs_fstat+0x43/0xb0 fs/stat.c:146
 __do_sys_newfstat+0x81/0x100 fs/stat.c:386
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fcd701a92e2
Code: 48 8b 05 b9 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 77 33 48 63 fe b8 05 00 00 00 48 89 d6 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 8b 15 81 db 2b 00 f7
RSP: 002b:00007fffb332f8f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005
RAX: ffffffffffffffda RBX: 000055f3af2dab90 RCX: 00007fcd701a92e2
RDX: 00007fffb332f910 RSI: 00007fffb332f910 RDI: 0000000000000015
RBP: 00007fffb332fa80 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000080000 R11: 0000000000000246 R12: 000055f3af2dab90
R13: 00007fffb332fa10 R14: 000000000000001f R15: 000055f3af2d917f