INFO: task kworker/1:13:18504 blocked for more than 430 seconds. Not tainted 6.15.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:13 state:D stack:0 pid:18504 tgid:18504 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81a53224>] (__schedule) from [<81a541a8>] (__schedule_loop kernel/sched/core.c:6845 [inline]) [<81a53224>] (__schedule) from [<81a541a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6860) r10:8291a684 r9:dfbc9d84 r8:00000002 r7:600f0013 r6:dfbc9d8c r5:83ad5400 r4:83ad5400 [<81a5417c>] (schedule) from [<81a54590>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6917) r5:83ad5400 r4:8291a680 [<81a54578>] (schedule_preempt_disabled) from [<81a56c74>] (__mutex_lock_common kernel/locking/mutex.c:678 [inline]) [<81a54578>] (schedule_preempt_disabled) from [<81a56c74>] (__mutex_lock.constprop.0+0x300/0x6f8 kernel/locking/mutex.c:746) [<81a56974>] (__mutex_lock.constprop.0) from [<81a57140>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1033) r10:8280c8d4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfbc9e08 r4:00000000 [<81a5712c>] (__mutex_lock_slowpath) from [<81a57180>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:277) [<81a57144>] (mutex_lock) from [<804e7848>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2860) [<804e77e0>] (_vm_unmap_aliases) from [<804eb728>] (vm_reset_perms mm/vmalloc.c:3294 [inline]) [<804e77e0>] (_vm_unmap_aliases) from [<804eb728>] (vfree+0x168/0x204 mm/vmalloc.c:3373) r10:83016070 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:856abb80 r4:00000000 [<804eb5c0>] (vfree) from [<8054b0fc>] (execmem_free+0x30/0x50 mm/execmem.c:431) r9:83018205 r8:83ad5400 r7:00000000 r6:83018200 r5:00001000 r4:7f254000 [<8054b0cc>] (execmem_free) from [<803cc268>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1077) r5:00001000 r4:dfa85000 [<803cc258>] (bpf_jit_free_exec) from [<803cc648>] (bpf_jit_binary_free kernel/bpf/core.c:1123 [inline]) [<803cc258>] (bpf_jit_free_exec) from [<803cc648>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1246) [<803cc5e0>] (bpf_jit_free) from [<803cd7a4>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2886) r5:85609f8c r4:85609c00 [<803cd658>] (bpf_prog_free_deferred) from [<802873bc>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3238) r7:ddde2d80 r6:83018200 r5:85609f8c r4:857bc180 [<80287208>] (process_one_work) from [<80288004>] (process_scheduled_works kernel/workqueue.c:3319 [inline]) [<80287208>] (process_one_work) from [<80288004>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3400) r10:61c88647 r9:83ad5400 r8:857bc1ac r7:82804d40 r6:ddde2d80 r5:ddde2da0 r4:857bc180 [<80287e08>] (worker_thread) from [<8028f07c>] (kthread+0x12c/0x280 kernel/kthread.c:464) r10:00000000 r9:857bc180 r8:80287e08 r7:dfd19e60 r6:857bcf80 r5:83ad5400 r4:00000001 [<8028ef50>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfbc9fb0 to 0xdfbc9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8028ef50 r4:84f8d900 INFO: task kworker/1:13:18504 is blocked on a mutex likely owned by task kworker/1:10:18493. task:kworker/1:10 state:R running task stack:0 pid:18493 tgid:18493 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81a53224>] (__schedule) from [<81a545dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7090) r10:82ac21c4 r9:8496b000 r8:80200be4 r7:dfb6dd5c r6:ffffffff r5:8496b000 r4:00000000 [<81a5459c>] (preempt_schedule_irq) from [<80200c04>] (svc_preempt+0x8/0x18) Exception stack(0xdfb6dd28 to 0xdfb6dd70) dd20: 876a3000 e07af000 00000001 80239b98 7f262000 00000001 dd40: 82ac15a0 7f262000 e07af000 8280c928 82ac21c4 dfb6dda4 dfb6dda8 dfb6dd78 dd60: 80230ad0 80239bb0 80000013 ffffffff r5:80000013 r4:80239bb0 [<80230a6c>] (flush_tlb_kernel_range) from [<804e761c>] (__purge_vmap_area_lazy+0x210/0x3d4 mm/vmalloc.c:2284) r4:82ac21e4 [<804e740c>] (__purge_vmap_area_lazy) from [<804e79c4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2899) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:dfb6ddc0 r5:dfb6de08 r4:dfb6ddc0 [<804e77e0>] (_vm_unmap_aliases) from [<804eb728>] (vm_reset_perms mm/vmalloc.c:3294 [inline]) [<804e77e0>] (_vm_unmap_aliases) from [<804eb728>] (vfree+0x168/0x204 mm/vmalloc.c:3373) r10:83016070 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:856ab700 r4:00000000 [<804eb5c0>] (vfree) from [<8054b0fc>] (execmem_free+0x30/0x50 mm/execmem.c:431) r9:83018205 r8:8496b000 r7:00000000 r6:83018200 r5:00001000 r4:7f256000 [<8054b0cc>] (execmem_free) from [<803cc268>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1077) r5:00001000 r4:dfab9000 [<803cc258>] (bpf_jit_free_exec) from [<803cc648>] (bpf_jit_binary_free kernel/bpf/core.c:1123 [inline]) [<803cc258>] (bpf_jit_free_exec) from [<803cc648>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1246) [<803cc5e0>] (bpf_jit_free) from [<803cd7a4>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2886) r5:8560b38c r4:8560b000 [<803cd658>] (bpf_prog_free_deferred) from [<802873bc>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3238) r7:ddde2d80 r6:83018200 r5:8560b38c r4:85444b80 [<80287208>] (process_one_work) from [<80288004>] (process_scheduled_works kernel/workqueue.c:3319 [inline]) [<80287208>] (process_one_work) from [<80288004>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3400) r10:61c88647 r9:8496b000 r8:85444bac r7:82804d40 r6:ddde2d80 r5:ddde2da0 r4:85444b80 [<80287e08>] (worker_thread) from [<8028f07c>] (kthread+0x12c/0x280 kernel/kthread.c:464) r10:00000000 r9:85444b80 r8:80287e08 r7:dff35e60 r6:85444200 r5:8496b000 r4:00000001 [<8028ef50>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfb6dfb0 to 0xdfb6dff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8028ef50 r4:84c69a00 NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Not tainted 6.15.0-syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Call trace: [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:000e0013 r5:600e0093 r4:82257fc0 [<80201ac8>] (show_stack) from [<8021ff98>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201ac8>] (show_stack) from [<8021ff98>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:120) [<8021ff28>] (dump_stack_lvl) from [<8021ffbc>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000000 r4:00000001 [<8021ffa4>] (dump_stack) from [<81a3d38c>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113) [<81a3d22c>] (nmi_cpu_backtrace) from [<81a3d4d8>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000000 r6:8280c610 r5:8281af00 r4:ffffffff [<81a3d3a8>] (nmi_trigger_cpumask_backtrace) from [<802304dc>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:852) r9:0004ec1e r8:82ab6564 r7:8280c788 r6:00007ef8 r5:8281b4c8 r4:8b536f0c [<802304c4>] (arch_trigger_cpumask_backtrace) from [<80386da8>] (trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]) [<802304c4>] (arch_trigger_cpumask_backtrace) from [<80386da8>] (check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]) [<802304c4>] (arch_trigger_cpumask_backtrace) from [<80386da8>] (watchdog+0x4a8/0x69c kernel/hung_task.c:437) [<80386900>] (watchdog) from [<8028f07c>] (kthread+0x12c/0x280 kernel/kthread.c:464) r10:00000000 r9:00000000 r8:80386900 r7:8339ae80 r6:8339ae80 r5:832dc800 r4:00000001 [<8028ef50>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf8e1fb0 to 0xdf8e1ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8028ef50 r4:833a2180 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 2820 Comm: pr/ttyAMA0 Not tainted 6.15.0-syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express PC is at __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] PC is at _raw_spin_unlock_irqrestore+0x28/0x54 kernel/locking/spinlock.c:194 LR is at __debug_check_no_obj_freed lib/debugobjects.c:1108 [inline] LR is at debug_check_no_obj_freed+0x184/0x2a4 lib/debugobjects.c:1129 pc : [<81a5c5ac>] lr : [<808ca6e8>] psr: 600f0113 sp : df805a38 ip : df805a48 fp : df805a44 r10: 81e68b40 r9 : 85a71b00 r8 : 85a71d40 r7 : 8152aa50 r6 : 00000100 r5 : 00000000 r4 : 00000000 r3 : 0000b20c r2 : 000036bc r1 : 200f0113 r0 : 82af8754 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 8471b2c0 DAC: 00000000 Call trace: frame pointer underflow [<81a5c584>] (_raw_spin_unlock_irqrestore) from [<808ca6e8>] (__debug_check_no_obj_freed lib/debugobjects.c:1108 [inline]) [<81a5c584>] (_raw_spin_unlock_irqrestore) from [<808ca6e8>] (debug_check_no_obj_freed+0x184/0x2a4 lib/debugobjects.c:1129) [<808ca564>] (debug_check_no_obj_freed) from [<8050738c>] (slab_free_hook mm/slub.c:2311 [inline]) [<808ca564>] (debug_check_no_obj_freed) from [<8050738c>] (slab_free mm/slub.c:4642 [inline]) [<808ca564>] (debug_check_no_obj_freed) from [<8050738c>] (kmem_cache_free+0x2d4/0x494 mm/slub.c:4744) r10:81e68b40 r9:84488000 r8:000cb7e4 r7:8152aa50 r6:ddec47c0 r5:85a71b00 r4:832cc180 [<805070b8>] (kmem_cache_free) from [<8152aa50>] (skb_kfree_head net/core/skbuff.c:1056 [inline]) [<805070b8>] (kmem_cache_free) from [<8152aa50>] (skb_kfree_head net/core/skbuff.c:1053 [inline]) [<805070b8>] (kmem_cache_free) from [<8152aa50>] (skb_free_head+0x8c/0x90 net/core/skbuff.c:1070) r10:81e68b40 r9:00000002 r8:85a71c40 r7:849801d8 r6:df805c4c r5:84c530c0 r4:85a71b00 [<8152a9c4>] (skb_free_head) from [<8152cae8>] (skb_release_data+0x1ac/0x1fc net/core/skbuff.c:1097) r5:84c530c0 r4:84c530c0 [<8152c93c>] (skb_release_data) from [<8153049c>] (skb_release_all net/core/skbuff.c:1162 [inline]) [<8152c93c>] (skb_release_data) from [<8153049c>] (__kfree_skb net/core/skbuff.c:1176 [inline]) [<8152c93c>] (skb_release_data) from [<8153049c>] (consume_skb net/core/skbuff.c:1408 [inline]) [<8152c93c>] (skb_release_data) from [<8153049c>] (consume_skb+0x7c/0x130 net/core/skbuff.c:1402) r9:85a71c14 r8:848e76c0 r7:849801d8 r6:df805c4c r5:816db3c4 r4:84c530c0 [<81530420>] (consume_skb) from [<816db3c4>] (nft_synproxy_eval_v4 net/netfilter/nft_synproxy.c:60 [inline]) [<81530420>] (consume_skb) from [<816db3c4>] (nft_synproxy_do_eval+0x264/0x2b4 net/netfilter/nft_synproxy.c:141) r7:849801d8 r6:df805c4c r5:84ae8000 r4:84c530c0 [<816db160>] (nft_synproxy_do_eval) from [<816db440>] (nft_synproxy_eval+0x14/0x18 net/netfilter/nft_synproxy.c:247) r9:df805ce4 r8:81e68cc8 r7:81e68a2c r6:81e689e8 r5:849801e0 r4:849801d0 [<816db42c>] (nft_synproxy_eval) from [<816a44a0>] (expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]) [<816db42c>] (nft_synproxy_eval) from [<816a44a0>] (nft_do_chain+0x12c/0x570 net/netfilter/nf_tables_core.c:285) [<816a4374>] (nft_do_chain) from [<816bcff8>] (nft_do_chain_inet+0xac/0x120 net/netfilter/nft_chain_filter.c:161) r10:ddde3e48 r9:84f678a0 r8:df805d3c r7:84c530c0 r6:84f67880 r5:00000004 r4:84f67f30 [<816bcf4c>] (nft_do_chain_inet) from [<8166bb44>] (nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]) [<816bcf4c>] (nft_do_chain_inet) from [<8166bb44>] (nf_hook_slow+0x40/0x104 net/netfilter/core.c:626) r4:00000001 [<8166bb04>] (nf_hook_slow) from [<816fd59c>] (nf_hook include/linux/netfilter.h:269 [inline]) [<8166bb04>] (nf_hook_slow) from [<816fd59c>] (NF_HOOK include/linux/netfilter.h:312 [inline]) [<8166bb04>] (nf_hook_slow) from [<816fd59c>] (ip_local_deliver+0xf0/0x110 net/ipv4/ip_input.c:254) r9:00000040 r8:00000018 r7:00000000 r6:84ae8000 r5:85729800 r4:84c530c0 [<816fd4ac>] (ip_local_deliver) from [<816fc6e0>] (dst_input include/net/dst.h:469 [inline]) [<816fd4ac>] (ip_local_deliver) from [<816fc6e0>] (ip_rcv_finish+0x98/0xb0 net/ipv4/ip_input.c:447) r6:85729800 r5:84ae8000 r4:84c530c0 [<816fc648>] (ip_rcv_finish) from [<816fd690>] (NF_HOOK include/linux/netfilter.h:314 [inline]) [<816fc648>] (ip_rcv_finish) from [<816fd690>] (NF_HOOK include/linux/netfilter.h:308 [inline]) [<816fc648>] (ip_rcv_finish) from [<816fd690>] (ip_rcv+0xd4/0xe0 net/ipv4/ip_input.c:567) r7:00000000 r6:84ae8000 r5:84c530c0 r4:00000001 [<816fd5bc>] (ip_rcv) from [<81552110>] (__netif_receive_skb_one_core+0x5c/0x80 net/core/dev.c:5887) r6:00000000 r5:816fd5bc r4:85729800 [<815520b4>] (__netif_receive_skb_one_core) from [<8155217c>] (__netif_receive_skb+0x18/0x5c net/core/dev.c:6000) r5:ddde3f30 r4:84c530c0 [<81552164>] (__netif_receive_skb) from [<81552484>] (process_backlog+0xa0/0x17c net/core/dev.c:6352) r5:ddde3f30 r4:84c530c0 [<815523e4>] (process_backlog) from [<81553384>] (__napi_poll+0x34/0x240 net/core/dev.c:7324) r10:ddde3e40 r9:ddde40c0 r8:df805ea8 r7:df805ea3 r6:00000040 r5:ddde3f30 r4:00000001 [<81553350>] (__napi_poll) from [<81553c28>] (napi_poll net/core/dev.c:7388 [inline]) [<81553350>] (__napi_poll) from [<81553c28>] (net_rx_action+0x358/0x440 net/core/dev.c:7510) r9:ddde40c0 r8:df805ea8 r7:0000012c r6:0004ec20 r5:ddde3f30 r4:00000000 [<815538d0>] (net_rx_action) from [<8026add8>] (handle_softirqs+0x140/0x458 kernel/softirq.c:579) r10:84488000 r9:82804d40 r8:00000101 r7:00000003 r6:00000008 r5:00000004 r4:8280408c [<8026ac98>] (handle_softirqs) from [<8026b24c>] (__do_softirq kernel/softirq.c:613 [inline]) [<8026ac98>] (handle_softirqs) from [<8026b24c>] (invoke_softirq kernel/softirq.c:453 [inline]) [<8026ac98>] (handle_softirqs) from [<8026b24c>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:680) r10:8295b3bc r9:84488000 r8:00000000 r7:ebd15e60 r6:82404618 r5:82445a9c r4:84488000 [<8026b13c>] (__irq_exit_rcu) from [<8026b5c4>] (irq_exit+0x10/0x18 kernel/softirq.c:708) r5:82445a9c r4:826c199c [<8026b5b4>] (irq_exit) from [<81a4fa98>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240) [<81a4fa1c>] (generic_handle_arch_irq) from [<81a1e57c>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:84488000 r8:00000000 r7:ebd15e94 r6:ffffffff r5:600f0013 r4:81a5c5ac [<81a1e560>] (call_with_stack) from [<80200bcc>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228) Exception stack(0xebd15e60 to 0xebd15ea8) 5e60: 84107c40 600f0013 00000000 00001192 00000001 00000000 8295b320 00000117 5e80: 00000000 00000001 8295b3bc ebd15ebc ebd15ec0 ebd15eb0 80a62a4c 81a5c5ac 5ea0: 600f0013 ffffffff [<81a5c584>] (_raw_spin_unlock_irqrestore) from [<80a62a4c>] (spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]) [<81a5c584>] (_raw_spin_unlock_irqrestore) from [<80a62a4c>] (__uart_port_unlock_irqrestore include/linux/serial_core.h:614 [inline]) [<81a5c584>] (_raw_spin_unlock_irqrestore) from [<80a62a4c>] (pl011_console_device_unlock+0x20/0x24 drivers/tty/serial/amba-pl011.c:2603) [<80a62a2c>] (pl011_console_device_unlock) from [<802efd14>] (nbcon_emit_one+0x80/0xf8 kernel/printk/nbcon.c:1123) [<802efc94>] (nbcon_emit_one) from [<802eff34>] (nbcon_kthread_func+0x1a8/0x2a4 kernel/printk/nbcon.c:1210) r6:8280c610 r5:84488000 r4:8295b320 [<802efd8c>] (nbcon_kthread_func) from [<8028f07c>] (kthread+0x12c/0x280 kernel/kthread.c:464) r10:00000000 r9:8295b320 r8:802efd8c r7:84575180 r6:84575180 r5:84488000 r4:00000001 [<8028ef50>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xebd15fb0 to 0xebd15ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8028ef50 r4:841ff940