INFO: task kworker/0:1:11986 blocked for more than 430 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:0 pid:11986 tgid:11986 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81b070bc>] (__schedule) from [<81b0854c>] (__schedule_loop kernel/sched/core.c:7267 [inline]) [<81b070bc>] (__schedule) from [<81b0854c>] (schedule+0x2c/0x134 kernel/sched/core.c:7282) r10:ea545da4 r9:ea545dac r8:00000002 r7:60000013 r6:82ccfb4c r5:8477bd40 r4:8477bd40 [<81b08520>] (schedule) from [<81b086d8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7339) r5:8477bd40 r4:82ccfb48 [<81b086c0>] (schedule_preempt_disabled) from [<81b0b7b4>] (__mutex_lock_common kernel/locking/mutex.c:712 [inline]) [<81b086c0>] (schedule_preempt_disabled) from [<81b0b7b4>] (__mutex_lock.constprop.0+0x530/0xa88 kernel/locking/mutex.c:806) [<81b0b284>] (__mutex_lock.constprop.0) from [<81b0bde0>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1100) r10:82a0b82c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:ea545e28 r4:00000000 [<81b0bdcc>] (__mutex_lock_slowpath) from [<81b0be20>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:305) [<81b0bde4>] (mutex_lock) from [<80507200>] (_vm_unmap_aliases+0x5c/0x238 mm/vmalloc.c:2951) [<805071a4>] (_vm_unmap_aliases) from [<8050aff4>] (vm_reset_perms mm/vmalloc.c:3382 [inline]) [<805071a4>] (_vm_unmap_aliases) from [<8050aff4>] (vfree+0x168/0x1d8 mm/vmalloc.c:3461) r10:8302b005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:87123d80 r4:00000000 [<8050ae8c>] (vfree) from [<8057a880>] (execmem_free+0x30/0x50 mm/execmem.c:506) r9:8477bd40 r8:00800000 r7:00000000 r6:8302b000 r5:00001000 r4:7f2cc000 [<8057a850>] (execmem_free) from [<803d0c5c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1070) r5:00001000 r4:ea873000 [<803d0c4c>] (bpf_jit_free_exec) from [<803d103c>] (bpf_jit_binary_free kernel/bpf/core.c:1116 [inline]) [<803d0c4c>] (bpf_jit_free_exec) from [<803d103c>] (bpf_jit_free+0x64/0xe0 kernel/bpf/core.c:1239) [<803d0fd8>] (bpf_jit_free) from [<803d20e4>] (bpf_prog_free_deferred+0x148/0x160 kernel/bpf/core.c:3029) r5:85f9578c r4:85f9578c [<803d1f9c>] (bpf_prog_free_deferred) from [<80276360>] (process_one_work+0x1c8/0x5a0 kernel/workqueue.c:3302) r7:dddd0e00 r6:8302b000 r5:85f9578c r4:85ca6600 [<80276198>] (process_one_work) from [<80277124>] (process_scheduled_works kernel/workqueue.c:3385 [inline]) [<80276198>] (process_one_work) from [<80277124>] (worker_thread+0x16c/0x318 kernel/workqueue.c:3466) r10:00000000 r9:85ca6630 r8:8477bd40 r7:82a03d80 r6:dddd0e20 r5:dddd0e00 r4:85ca6600 [<80276fb8>] (worker_thread) from [<8028117c>] (kthread+0x11c/0x154 kernel/kthread.c:436) r10:00000000 r9:df83de88 r8:84d26e80 r7:85ca6600 r6:80276fb8 r5:8477bd40 r4:83876840 [<80281060>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xea545fb0 to 0xea545ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80281060 r4:83876840 INFO: task kworker/0:1:11986 is blocked on a mutex likely owned by task kworker/0:2:6501. task:kworker/0:2 state:R running task stack:0 pid:6501 tgid:6501 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81b070bc>] (__schedule) from [<81b08984>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7512) r10:82a0b880 r9:840c24c0 r8:80200c04 r7:dfc09d7c r6:ffffffff r5:840c24c0 r4:00000000 [<81b08944>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdfc09d48 to 0xdfc09d90) 9d40: c9d23000 eb65f000 00000000 80238790 82cceee0 82ccfb24 9d60: 7f2ca000 eb65f000 00000000 00000001 82a0b880 dfc09dbc eb65f000 dfc09d98 9d80: 8022f6e0 802387a8 80000013 ffffffff r5:80000013 r4:802387a8 [<8022f680>] (flush_tlb_kernel_range) from [<80506fb4>] (__purge_vmap_area_lazy+0x294/0x484 mm/vmalloc.c:2376) [<80506d20>] (__purge_vmap_area_lazy) from [<8050738c>] (_vm_unmap_aliases+0x1e8/0x238 mm/vmalloc.c:2990) r10:00000000 r9:dfc09de0 r8:00000000 r7:ffffffff r6:00000008 r5:dfc09e28 r4:dfc09de0 [<805071a4>] (_vm_unmap_aliases) from [<8050aff4>] (vm_reset_perms mm/vmalloc.c:3382 [inline]) [<805071a4>] (_vm_unmap_aliases) from [<8050aff4>] (vfree+0x168/0x1d8 mm/vmalloc.c:3461) r10:8302b005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86d11480 r4:00000000 [<8050ae8c>] (vfree) from [<8057a880>] (execmem_free+0x30/0x50 mm/execmem.c:506) r9:840c24c0 r8:00800000 r7:00000000 r6:8302b000 r5:00001000 r4:7f2ca000 [<8057a850>] (execmem_free) from [<803d0c5c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1070) r5:00001000 r4:ea533000 [<803d0c4c>] (bpf_jit_free_exec) from [<803d103c>] (bpf_jit_binary_free kernel/bpf/core.c:1116 [inline]) [<803d0c4c>] (bpf_jit_free_exec) from [<803d103c>] (bpf_jit_free+0x64/0xe0 kernel/bpf/core.c:1239) [<803d0fd8>] (bpf_jit_free) from [<803d20e4>] (bpf_prog_free_deferred+0x148/0x160 kernel/bpf/core.c:3029) r5:862cfb8c r4:862cfb8c [<803d1f9c>] (bpf_prog_free_deferred) from [<80276360>] (process_one_work+0x1c8/0x5a0 kernel/workqueue.c:3302) r7:dddd0e00 r6:8302b000 r5:862cfb8c r4:86196580 [<80276198>] (process_one_work) from [<80277124>] (process_scheduled_works kernel/workqueue.c:3385 [inline]) [<80276198>] (process_one_work) from [<80277124>] (worker_thread+0x16c/0x318 kernel/workqueue.c:3466) r10:00000000 r9:861965b0 r8:840c24c0 r7:82a03d80 r6:dddd0e20 r5:dddd0e00 r4:86196580 [<80276fb8>] (worker_thread) from [<8028117c>] (kthread+0x11c/0x154 kernel/kthread.c:436) r10:00000000 r9:dfb05e88 r8:87388500 r7:86196580 r6:80276fb8 r5:840c24c0 r4:85ea0100 [<80281060>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfc09fb0 to 0xdfc09ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80281060 r4:85ea0100 NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Call trace: [<80201a14>] (dump_backtrace) from [<80201b08>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:60000093 r6:60000093 r5:8231c0d0 r4:00000000 [<80201af0>] (show_stack) from [<8021e320>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201af0>] (show_stack) from [<8021e320>] (dump_stack_lvl+0x5c/0x70 lib/dump_stack.c:120) [<8021e2c4>] (dump_stack_lvl) from [<8021e34c>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r7:00000000 r6:00000013 r5:00000001 r4:00000001 [<8021e334>] (dump_stack) from [<81af0994>] (nmi_cpu_backtrace+0x150/0x170 lib/nmi_backtrace.c:113) [<81af0844>] (nmi_cpu_backtrace) from [<81af0ae4>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000001 r6:82a0b550 r5:82a19f34 r4:ffffffff [<81af09b4>] (nmi_trigger_cpumask_backtrace) from [<8022f104>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:852) r9:82a0b6d8 r8:00000001 r7:00000048 r6:82cc2de4 r5:00007f17 r4:00000048 [<8022f0ec>] (arch_trigger_cpumask_backtrace) from [<81af8630>] (trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]) [<8022f0ec>] (arch_trigger_cpumask_backtrace) from [<81af8630>] (__sys_info lib/sys_info.c:157 [inline]) [<8022f0ec>] (arch_trigger_cpumask_backtrace) from [<81af8630>] (sys_info+0x68/0xa8 lib/sys_info.c:165) [<81af85c8>] (sys_info) from [<80385d78>] (check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]) [<81af85c8>] (sys_info) from [<80385d78>] (watchdog+0x3a0/0x84c kernel/hung_task.c:561) r5:00007f17 r4:0000000a [<803859d8>] (watchdog) from [<8028117c>] (kthread+0x11c/0x154 kernel/kthread.c:436) r10:00000000 r9:df819e58 r8:83352680 r7:00000000 r6:803859d8 r5:833a0c40 r4:831f7480 [<80281060>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf8d5fb0 to 0xdf8d5ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80281060 r4:831f7480 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 2820 Comm: pr/ttyAMA-1 Not tainted syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express PC is at __dev_queue_xmit+0xb98/0x1260 net/core/dev.c:4870 LR is at debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:58 pc : [<8161606c>] lr : [<81b043f4>] psr: 60030113 sp : df8018b0 ip : df801830 fp : df80195c r10: 00000000 r9 : 00000000 r8 : 828d438c r7 : 85d07800 r6 : 00000000 r5 : 84956600 r4 : 831ddd80 r3 : 00000000 r2 : 00ba1ff0 r1 : 00000000 r0 : 00000000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 856190c0 DAC: fffffffd Call trace: frame pointer underflow [<816154d4>] (__dev_queue_xmit) from [<818d5ecc>] (dev_queue_xmit include/linux/netdevice.h:3401 [inline]) [<816154d4>] (__dev_queue_xmit) from [<818d5ecc>] (neigh_hh_output include/net/neighbour.h:540 [inline]) [<816154d4>] (__dev_queue_xmit) from [<818d5ecc>] (neigh_output include/net/neighbour.h:554 [inline]) [<816154d4>] (__dev_queue_xmit) from [<818d5ecc>] (ip6_finish_output2+0x368/0x998 net/ipv6/ip6_output.c:136) r10:00030113 r9:ff7b1830 r8:00000010 r7:00000000 r6:860ede00 r5:831ddd80 r4:0000000e [<818d5b64>] (ip6_finish_output2) from [<818d8418>] (__ip6_finish_output+0x15c/0x288 net/ipv6/ip6_output.c:208) r10:85e9a000 r9:00000000 r8:85e54400 r7:00010000 r6:00000000 r5:85e9a000 r4:831ddd80 [<818d82bc>] (__ip6_finish_output) from [<818d85dc>] (ip6_finish_output net/ipv6/ip6_output.c:219 [inline]) [<818d82bc>] (__ip6_finish_output) from [<818d85dc>] (NF_HOOK_COND include/linux/netfilter.h:307 [inline]) [<818d82bc>] (__ip6_finish_output) from [<818d85dc>] (ip6_output+0x84/0x1f4 net/ipv6/ip6_output.c:246) r10:85e9a000 r9:00000000 r8:85e54400 r7:00000000 r6:85e9a000 r5:00000001 r4:831ddd80 [<818d8558>] (ip6_output) from [<819631dc>] (dst_output include/net/dst.h:470 [inline]) [<818d8558>] (ip6_output) from [<819631dc>] (ip6_local_out+0x40/0x44 net/ipv6/output_core.c:129) r9:8620a368 r8:8620a358 r7:00000000 r6:00000000 r5:85e9a000 r4:831ddd80 [<8196319c>] (ip6_local_out) from [<817743c8>] (synproxy_send_tcp_ipv6+0x1f0/0x24c net/netfilter/nf_synproxy_core.c:852) r7:00000000 r6:85bbc100 r5:830ebe40 r4:831ddd80 [<817741d8>] (synproxy_send_tcp_ipv6) from [<81774e04>] (synproxy_send_client_synack_ipv6+0x1a0/0x1f8 net/netfilter/nf_synproxy_core.c:898) r10:85d6bc00 r9:85d6bc28 r8:df801b78 r7:831df900 r6:8620a368 r5:00000005 r4:831ddd80 [<81774c64>] (synproxy_send_client_synack_ipv6) from [<817b0178>] (nft_synproxy_eval_v6 net/netfilter/nft_synproxy.c:91 [inline]) [<81774c64>] (synproxy_send_client_synack_ipv6) from [<817b0178>] (nft_synproxy_do_eval+0x344/0x37c net/netfilter/nft_synproxy.c:146) r10:81e763c0 r9:85d6bc28 r8:86184000 r7:85c9a358 r6:df801c44 r5:85e9a000 r4:831df900 [<817afe34>] (nft_synproxy_do_eval) from [<817b01dc>] (nft_synproxy_eval+0x14/0x18 net/netfilter/nft_synproxy.c:248) r9:df801ce0 r8:85c9a348 r7:81e76664 r6:81e76380 r5:85c9a360 r4:85c9a350 [<817b01c8>] (nft_synproxy_eval) from [<81778058>] (expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]) [<817b01c8>] (nft_synproxy_eval) from [<81778058>] (nft_do_chain+0x130/0x570 net/netfilter/nf_tables_core.c:285) [<81777f28>] (nft_do_chain) from [<81791e90>] (nft_do_chain_inet+0x5c/0x150 net/netfilter/nft_chain_filter.c:162) r10:81e708ae r9:860cfe20 r8:df801d44 r7:831df900 r6:860cfe00 r5:87377580 r4:00000000 [<81791e34>] (nft_do_chain_inet) from [<8173e2ec>] (nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]) [<81791e34>] (nft_do_chain_inet) from [<8173e2ec>] (nf_hook_slow+0x44/0x104 net/netfilter/core.c:619) r5:00000004 r4:00000001 [<8173e2a8>] (nf_hook_slow) from [<818dd9c0>] (nf_hook include/linux/netfilter.h:273 [inline]) [<8173e2a8>] (nf_hook_slow) from [<818dd9c0>] (NF_HOOK include/linux/netfilter.h:316 [inline]) [<8173e2a8>] (nf_hook_slow) from [<818dd9c0>] (ip6_input+0xb8/0xd8 net/ipv6/ip6_input.c:540) r10:dddd2460 r9:dddd2348 r8:00000040 r7:00000000 r6:85e9a000 r5:85d07800 r4:831df900 r3:00000000 [<818dd908>] (ip6_input) from [<818dce1c>] (dst_input include/net/dst.h:480 [inline]) [<818dd908>] (ip6_input) from [<818dce1c>] (ip6_rcv_finish net/ipv6/ip6_input.c:119 [inline]) [<818dd908>] (ip6_input) from [<818dce1c>] (NF_HOOK include/linux/netfilter.h:318 [inline]) [<818dd908>] (ip6_input) from [<818dce1c>] (NF_HOOK include/linux/netfilter.h:312 [inline]) [<818dd908>] (ip6_input) from [<818dce1c>] (ipv6_rcv+0x154/0x15c net/ipv6/ip6_input.c:351) r6:85e9a000 r5:85d07800 r4:831df900 [<818dccc8>] (ipv6_rcv) from [<8161883c>] (__netif_receive_skb_one_core+0x60/0x84 net/core/dev.c:6209) r6:00000000 r5:818dccc8 r4:85d07800 [<816187dc>] (__netif_receive_skb_one_core) from [<816188a8>] (__netif_receive_skb+0x18/0x5c net/core/dev.c:6322) r5:0000002f r4:831df900 [<81618890>] (__netif_receive_skb) from [<81618c04>] (process_backlog+0xa0/0x17c net/core/dev.c:6673) r5:0000002f r4:831df900 [<81618b64>] (process_backlog) from [<816193f0>] (__napi_poll+0x34/0x270 net/core/dev.c:7737) r10:df801e98 r9:00000000 r8:0000012c r7:00000040 r6:df801e93 r5:dddd2460 r4:00000001 [<816193bc>] (__napi_poll) from [<81619988>] (napi_poll net/core/dev.c:7800 [inline]) [<816193bc>] (__napi_poll) from [<81619988>] (net_rx_action+0x35c/0x3e8 net/core/dev.c:7957) r9:00000000 r8:0000012c r7:dddd2460 r6:dddd2464 r5:dddd2340 r4:ffffffff [<8161962c>] (net_rx_action) from [<80259e00>] (handle_softirqs+0x160/0x4f4 kernel/softirq.c:622) r10:84f48c40 r9:00000082 r8:00000101 r7:0000000c r6:00000002 r5:00000003 r4:82a0308c [<80259ca0>] (handle_softirqs) from [<8025a330>] (__do_softirq kernel/softirq.c:656 [inline]) [<80259ca0>] (handle_softirqs) from [<8025a330>] (invoke_softirq kernel/softirq.c:496 [inline]) [<80259ca0>] (handle_softirqs) from [<8025a330>] (__irq_exit_rcu+0x150/0x1d0 kernel/softirq.c:735) r10:82b591a4 r9:84f48c40 r8:00000000 r7:eb5a9e78 r6:824cb5ec r5:82506520 r4:84f48c40 [<8025a1e0>] (__irq_exit_rcu) from [<8025a668>] (irq_exit+0x10/0x18 kernel/softirq.c:764) r5:82506520 r4:828d2d6c [<8025a658>] (irq_exit) from [<81b03740>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:293) [<81b036c4>] (generic_handle_arch_irq) from [<81ad05f0>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:84f48c40 r8:00000000 r7:eb5a9eac r6:ffffffff r5:60030013 r4:81b11954 [<81ad05d4>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228) Exception stack(0xeb5a9e78 to 0xeb5a9ec0) 9e60: 848d5c40 60030013 9e80: 00000000 00000e1d 00000001 00000000 82b59108 00000117 00000000 00000000 9ea0: 82b591a4 eb5a9ed4 eb5a9ed8 eb5a9ec8 80add418 81b11954 60030013 ffffffff [<81b1192c>] (_raw_spin_unlock_irqrestore) from [<80add418>] (spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]) [<81b1192c>] (_raw_spin_unlock_irqrestore) from [<80add418>] (__uart_port_unlock_irqrestore include/linux/serial_core.h:616 [inline]) [<81b1192c>] (_raw_spin_unlock_irqrestore) from [<80add418>] (pl011_console_device_unlock+0x20/0x24 drivers/tty/serial/amba-pl011.c:2668) [<80add3f8>] (pl011_console_device_unlock) from [<802e68a8>] (nbcon_emit_one+0x88/0x100 kernel/printk/nbcon.c:1165) [<802e6820>] (nbcon_emit_one) from [<802e6b28>] (nbcon_kthread_func+0x208/0x2ec kernel/printk/nbcon.c:1271) r6:82cbf2d4 r5:82b59108 r4:84f48c40 [<802e6920>] (nbcon_kthread_func) from [<8028117c>] (kthread+0x11c/0x154 kernel/kthread.c:436) r10:00000000 r9:df8f5b38 r8:84d46400 r7:82b59108 r6:802e6920 r5:84f48c40 r4:84d01e00 [<80281060>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xeb5a9fb0 to 0xeb5a9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80281060 r4:84d01e00