syzbot

INFO: task kworker/u4:0:9 blocked for more than 143 seconds.
      Not tainted 5.10.0-rc6-next-20201201-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:0    state:D stack:23600 pid:    9 ppid:     2 flags:0x00004000
Workqueue: tc_filter_workqueue tcindex_partial_destroy_work
Call Trace:
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x8cd/0x2150 kernel/sched/core.c:5076
 schedule+0xcf/0x270 kernel/sched/core.c:5155
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5214
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x81a/0x1110 kernel/locking/mutex.c:1103
 tcindex_partial_destroy_work+0x13/0x50 net/sched/cls_tcindex.c:287
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2272
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2418
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
INFO: task kworker/1:1:8497 blocked for more than 143 seconds.
      Not tainted 5.10.0-rc6-next-20201201-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1     state:D stack:29616 pid: 8497 ppid:     2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x8cd/0x2150 kernel/sched/core.c:5076
 schedule+0xcf/0x270 kernel/sched/core.c:5155
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5214
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x81a/0x1110 kernel/locking/mutex.c:1103
 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4569
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2272
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2418
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
INFO: task syz-executor598:8527 can't die for more than 143 seconds.
task:syz-executor598 state:R  running task     stack:24992 pid: 8527 ppid:  8505 flags:0x00004006
Call Trace:

Showing all locks held in the system:
3 locks held by kworker/u4:0/9:
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff8880151c9138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2243
 #1: ffffc90000ce7da8 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2247
 #2: ffffffff8c940f88 (rtnl_mutex){+.+.}-{3:3}, at: tcindex_partial_destroy_work+0x13/0x50 net/sched/cls_tcindex.c:287
1 lock held by khungtaskd/1656:
 #0: ffffffff8b33a7a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6254
1 lock held by in:imklog/8182:
 #0: ffff8880153fcff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:923
3 locks held by kworker/1:1/8497:
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff888147308138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 kernel/workqueue.c:2243
 #1: ffffc90000edfda8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 kernel/workqueue.c:2247
 #2: ffffffff8c940f88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4569
1 lock held by syz-executor598/8527:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1656 Comm: khungtaskd Not tainted 5.10.0-rc6-next-20201201-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:147 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:253 [inline]
 watchdog+0xd89/0xf30 kernel/hung_task.c:338
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8527 Comm: syz-executor598 Not tainted 5.10.0-rc6-next-20201201-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x39b/0x5500 kernel/locking/lockdep.c:4780
Code: 00 45 09 f9 c1 e0 14 41 09 c1 41 8b 44 24 20 25 ff 1f 00 00 41 09 c1 48 b8 00 00 00 00 00 fc ff df 45 89 4c 24 20 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 96 11 00 00 8b
RSP: 0018:ffffc90000e1e858 EFLAGS: 00000002
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880167059fc
RBP: ffff888016705040 R08: 0000000000000001 R09: 0000000000040640
R10: 0000000000000028 R11: 0000000000000000 R12: ffff8880167059d8
R13: 0000000000000000 R14: ffff888012047668 R15: 0000000000040000
FS:  0000000000ecc880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd789f216c0 CR3: 0000000012079000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire kernel/locking/lockdep.c:5437 [inline]
 lock_acquire+0x29d/0x740 kernel/locking/lockdep.c:5402
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103
 tcf_idr_check_alloc+0x78/0x3b0 net/sched/act_api.c:549
 tcf_police_init+0x347/0x13a0 net/sched/act_police.c:81
 tcf_action_init_1+0x1a3/0x990 net/sched/act_api.c:1013
 tcf_exts_validate+0x138/0x420 net/sched/cls_api.c:3048
 tcindex_set_parms+0x189/0x20d0 net/sched/cls_tcindex.c:342
 tcindex_change+0x212/0x320 net/sched/cls_tcindex.c:546
 tc_new_tfilter+0x1394/0x2120 net/sched/cls_api.c:2129
 rtnetlink_rcv_msg+0x80e/0xad0 net/core/rtnetlink.c:5553
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2340
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2394
 __sys_sendmmsg+0x195/0x470 net/socket.c:2484
 __do_sys_sendmmsg net/socket.c:2513 [inline]
 __se_sys_sendmmsg net/socket.c:2510 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2510
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x441709
Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc72e86e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441709
RDX: 010efe10675dec16 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007ffc72e86e20 R08: 0000000120080522 R09: 0000000120080522
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a2a50
R13: 00000000004025e0 R14: 0000000000000000 R15: 0000000000000000
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.043 msecs