INFO: task hung in tcindex_partial_destroy

INFO: task hung in tcindex_partial_destroy_work
Status: upstream: reported C repro on 2020/09/28 07:17
Reported-by: syzbot+e3c2598c1486366a941b@syzkaller.appspotmail.com
First crash: 397d, last: 259d

Cause bisection: introduced by (bisect log) :
commit f9317ae5523f99999fb54c513ebabbb2bc887ddf
Author: Hauke Mehrtens <hauke@hauke-m.de>
Date: Tue Sep 22 21:41:12 2020 +0000

net: lantiq: Add locking for TX DMA channel

Crash: WARNING: ODEBUG bug in netdev_run_todo (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [no-op commit]:
commit 3af409ca278d4a8d50e91f9f7c4c33b175645cf3
Author: Vladimir Oltean <vladimir.oltean@nxp.com>
Date: Tue Feb 16 10:16:28 2021 +0000

net: enetc: fix destroyed phylink dereference during unbind

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/10/01 01:12	12m	xiyou.wangcong@gmail.com		https://github.com/congwang/linux.git net	report log

Sample crash report:

INFO: task kworker/u4:4:194 blocked for more than 143 seconds.
      Not tainted 5.11.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:4    state:D stack:23656 pid:  194 ppid:     2 flags:0x00004000
Workqueue: tc_filter_workqueue tcindex_partial_destroy_work
Call Trace:
 context_switch kernel/sched/core.c:4327 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5078
 schedule+0xcf/0x270 kernel/sched/core.c:5157
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5216
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x81a/0x1110 kernel/locking/mutex.c:1103
 tcindex_partial_destroy_work+0x13/0x50 net/sched/cls_tcindex.c:287
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
INFO: task kworker/0:2:2918 blocked for more than 143 seconds.
      Not tainted 5.11.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2     state:D stack:28872 pid: 2918 ppid:     2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 context_switch kernel/sched/core.c:4327 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5078
 schedule+0xcf/0x270 kernel/sched/core.c:5157
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5216
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x81a/0x1110 kernel/locking/mutex.c:1103
 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4570
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Showing all locks held in the system:
3 locks held by kworker/u4:4/194:
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2246
 #1: ffffc90001417da8 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2250
 #2: ffffffff8d45c2e8 (rtnl_mutex){+.+.}-{3:3}, at: tcindex_partial_destroy_work+0x13/0x50 net/sched/cls_tcindex.c:287
1 lock held by khungtaskd/1645:
 #0: ffffffff8bd73da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6259
3 locks held by kworker/0:2/2918:
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2246
 #1: ffffc900012c7da8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2250
 #2: ffffffff8d45c2e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4570
1 lock held by in:imklog/8147:
 #0: ffff88801a916df0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:947
2 locks held by syz-executor797/8477:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1645 Comm: khungtaskd Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd43/0xfa0 kernel/hung_task.c:294
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8477 Comm: syz-executor797 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x13/0x60 kernel/kcov.c:196
Code: ff ff ff 4c 01 ca 49 89 13 e9 00 fd ff ff 66 0f 1f 84 00 00 00 00 00 65 8b 05 e9 18 8f 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 <65> 48 8b 14 25 00 f0 01 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82
RSP: 0018:ffffc90001b96b90 EFLAGS: 00000246
RAX: 0000000080000000 RBX: ffff888024f4a090 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff83da1121 RDI: ffff888024f4a090
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffff888024f4a007
R10: ffffffff8717d3d9 R11: 0000000000000001 R12: ffffc90001b96e38
R13: 0000000000000001 R14: 0000000000001000 R15: ffff888024f4a090
FS:  0000000000875300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 000000002412b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __radix_tree_lookup+0x31/0x2a0 lib/radix-tree.c:755
 tcf_idr_check_alloc+0xb0/0x3b0 net/sched/act_api.c:551
 tcf_police_init+0x34f/0x1460 net/sched/act_police.c:81
 tcf_action_init_1+0x1a3/0x990 net/sched/act_api.c:1013
 tcf_exts_validate+0x138/0x420 net/sched/cls_api.c:3046
 tcindex_set_parms+0x182/0x2320 net/sched/cls_tcindex.c:342
 tcindex_change+0x212/0x320 net/sched/cls_tcindex.c:550
 tc_new_tfilter+0x1394/0x2120 net/sched/cls_api.c:2127
 rtnetlink_rcv_msg+0x80e/0xad0 net/core/rtnetlink.c:5544
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x331/0x810 net/socket.c:2345
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2399
 __sys_sendmmsg+0x195/0x470 net/socket.c:2489
 __do_sys_sendmmsg net/socket.c:2518 [inline]
 __se_sys_sendmmsg net/socket.c:2515 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2515
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440399
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffca1d5fea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440399
RDX: 04924924924924b3 RSI: 0000000020000200 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00000000004ab000 R09: 00000000004ab000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca1d5fee0
R13: 00007ffca1d5fed0 R14: 00007ffca1d5fec0 R15: 0000000000400488
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.299 msecs

Crashes (84):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-selinux-root	2021/02/11 03:40	upstream	291009f656e8	a52ee10a	.config	log	report	syz	C		INFO: task hung in tcindex_partial_destroy_work
ci-upstream-kasan-gce-smack-root	2021/02/05 11:11	upstream	5c279c4cf206	23a562df	.config	log	report	syz	C		INFO: task hung in tcindex_partial_destroy_work
ci-upstream-kasan-gce	2021/01/09 06:50	upstream	6279d812eab6	c104d4a3	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/01/03 17:06	upstream	3516bd729358	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/01/01 08:00	upstream	f6e1ea196492	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/01/01 07:03	upstream	f6e1ea196492	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce	2020/12/08 16:03	upstream	cd796ed33450	51a9082e	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/11/30 07:12	upstream	aae5ab854e38	a0092f9d	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2021/01/03 09:40	net	4bfc4714849d	79264ae3	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/12/22 11:34	net	54ddbdb02488	04201c06	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/11/30 10:45	net	4d521943f76b	a0092f9d	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/11/25 02:18	net	d549699048b4	e34b696c	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/10/12 12:01	net	874fb9e2ca94	4a77ae0b	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/09/30 10:06	net	c92a79829c7c	5abc3f1a	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/09/27 20:33	net	059432495e20	5dd8aee8	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2021/01/01 13:31	net-next	3db1a3fa9880	79264ae3	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2021/01/01 08:53	net-next	3db1a3fa9880	79264ae3	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/12/22 07:15	net-next	3db1a3fa9880	04201c06	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/10/31 06:37	net-next	1fb74191988f	18e33098	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/10/08 05:17	net-next	9faebeb2d800	1880b4a9	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/10/07 22:24	net-next	9faebeb2d800	1880b4a9	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/10/06 19:37	net-next	8b0308fe319b	1880b4a9	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/12/04 00:51	linux-next	0eedceafd3a6	e6b0d314	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/01/21 16:58	upstream	9791581c049c	d4f4eca5	.config	log	report			info	INFO: task hung in tcindex_partial_destroy_work
ci-upstream-kasan-gce-root	2021/01/01 02:19	upstream	f6e1ea196492	79264ae3	.config	log	report			info
ci-upstream-kasan-gce	2020/11/02 15:52	upstream	3cea11cd5e3b	8bc4594f	.config	log	report			info
ci-upstream-kasan-gce-root	2020/10/08 01:00	upstream	c85fb28b6f99	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce	2020/10/06 21:23	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce	2020/10/06 09:29	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce	2020/10/06 03:02	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce	2020/10/06 02:14	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/10/06 01:01	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce-386	2020/10/06 03:19	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-kasan-gce-386	2020/10/06 00:27	upstream	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/07 21:42	net	d91dc434f2ba	1880b4a9	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/06 23:07	net	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/06 20:16	net	7575fdda569b	1880b4a9	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/05 23:27	net	4296adc3e32f	1880b4a9	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/03 06:23	net	ab0faf5f04e8	2653fa43	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/03 05:46	net	ab0faf5f04e8	2653fa43	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/03 05:14	net	ab0faf5f04e8	2653fa43	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 19:43	net	ef9da46ddef0	4969d6ca	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 17:30	net	ef9da46ddef0	4969d6ca	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 16:35	net	ef9da46ddef0	4969d6ca	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 16:22	net	ef9da46ddef0	4969d6ca	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 05:51	net	bb13a800620c	9602ddf4	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/02 05:16	net	bb13a800620c	9602ddf4	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/01 08:10	net	a59cf619787e	a9767fb2	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/10/01 03:23	net	2b3e981a94d8	8516f6d3	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/30 22:02	net	2b3e981a94d8	8516f6d3	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/30 14:51	net	2b3e981a94d8	8516f6d3	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/30 09:25	net	c92a79829c7c	5abc3f1a	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/30 05:40	net	c92a79829c7c	5abc3f1a	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/29 20:31	net	c92a79829c7c	5abc3f1a	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/29 19:00	net	c92a79829c7c	1b88c6d5	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/28 22:36	net	709a16be0593	6bfdbe89	.config	log	report			info
ci-upstream-net-this-kasan-gce	2020/09/25 15:28	net	ad2b9b0f8d01	4a006f63	.config	log	report			info
ci-upstream-net-kasan-gce	2021/01/10 23:38	net-next	73b7a6047971	2c1f2513	.config	log	report			info
ci-upstream-net-kasan-gce	2021/01/02 12:49	net-next	3db1a3fa9880	79264ae3	.config	log	report			info
ci-upstream-net-kasan-gce	2021/01/01 04:14	net-next	3db1a3fa9880	79264ae3	.config	log	report			info
ci-upstream-net-kasan-gce	2020/12/20 02:02	net-next	3db1a3fa9880	04201c06	.config	log	report			info
ci-upstream-net-kasan-gce	2020/12/05 21:50	net-next	bcd684aace34	50503117	.config	log	report			info
ci-upstream-net-kasan-gce	2020/12/03 08:59	net-next	cec85994c6b4	8c9190ef	.config	log	report			info
ci-upstream-net-kasan-gce	2020/10/16 02:03	net-next	346e320cb210	6e262c73	.config	log	report			info
ci-upstream-net-kasan-gce	2020/10/07 05:15	net-next	9faebeb2d800	1880b4a9	.config	log	report			info
ci-upstream-net-kasan-gce	2020/10/06 14:25	net-next	8b0308fe319b	1880b4a9	.config	log	report			info
ci-upstream-net-kasan-gce	2020/10/06 13:32	net-next	8b0308fe319b	1880b4a9	.config	log	report			info
ci-upstream-net-kasan-gce	2020/10/06 13:09	net-next	8b0308fe319b	1880b4a9	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/01 22:20	linux-next	d7a03a44a5e9	79264ae3	.config	log	report			info