syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: task hung in vm_unmap_aliases (2)

Status: auto-closed as invalid on 2021/12/13 19:07
Reported-by: syzbot+c0911d2ff37bbeb8a560@syzkaller.appspotmail.com
First crash: 1195d, last: 1195d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in vm_unmap_aliases 1 1558d 1558d 0/1 auto-closed as invalid on 2020/12/16 01:07
linux-4.14 INFO: task hung in vm_unmap_aliases 1 1677d 1677d 0/1 auto-closed as invalid on 2020/08/18 18:15

Sample crash report:
INFO: task kworker/0:0:31967 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:0     D29096 31967      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
INFO: task kworker/1:1:2791 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1     D27456  2791      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:0:9308 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:0     D25368  9308      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/0:2:12166 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:2     D26120 12166      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:2:12413 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:2     D27456 12413      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
Bluetooth: hci0: command 0x0406 tx timeout
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:3:14401 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:3     D29104 14401      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/0:3:15097 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:3     D29240 15097      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:4:15412 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:4     D29240 15412      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:5:15413 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:5     D25368 15413      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/0:5:15825 blocked for more than 140 seconds.
      Not tainted 4.19.204-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:5     D29240 15825      2 0x80000000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1015 [inline]
 __mutex_lock+0x604/0x1200 kernel/locking/mutex.c:1083
 vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
 change_page_attr_set_clr+0x247/0xc60 arch/x86/mm/pageattr.c:1497
 change_page_attr_set arch/x86/mm/pageattr.c:1553 [inline]
 set_memory_rw+0x78/0xa0 arch/x86/mm/pageattr.c:1794
 bpf_jit_free+0xdd/0x300
 bpf_prog_free_deferred+0x2d8/0x410 kernel/bpf/core.c:1814
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

Showing all locks held in the system:
3 locks held by kworker/u4:3/231:
1 lock held by khungtaskd/1570:
 #0: 000000001da62b2c (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by ion_system_heap/4319:
1 lock held by in:imklog/7861:
 #0: 000000007ab92a3b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
3 locks held by kworker/0:0/31967:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000071f4f60e ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:1/2791:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000f1c5666d ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:0/9308:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000fbda531f ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/0:2/12166:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000005ed88885 ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:2/12413:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000062162e44 ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/u4:0/12837:
 #0: 000000008c774630 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000bfc3d310 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 00000000c95efa55 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:520
3 locks held by kworker/1:3/14401:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000d3b24a98 ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/0:3/15097:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000004858be3b ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:4/15412:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000022fd40ff ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:5/15413:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000006c299dcf ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/0:5/15825:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000008cdb2bd ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
3 locks held by kworker/1:6/15826:
 #0: 0000000081bce156 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000cb306781 ((work_completion)(&aux->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases mm/vmalloc.c:1111 [inline]
 #2: 000000005a35eebf (vmap_purge_lock){+.+.}, at: vm_unmap_aliases+0x3a7/0x510 mm/vmalloc.c:1076
2 locks held by syz-executor.4/16619:
2 locks held by syz-executor.4/16621:
1 lock held by syz-executor.0/16634:
2 locks held by syz-executor.0/16637:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1570 Comm: khungtaskd Not tainted 4.19.204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 16140 Comm: kworker/1:10 Not tainted 4.19.204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_power_efficient gc_worker
RIP: 0010:check_memory_region+0xb1/0x170 mm/kasan/kasan.c:268
Code: 08 48 39 d0 74 7b 48 83 38 00 74 f1 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b <5d> 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74
RSP: 0000:ffff888097f07ac0 EFLAGS: 00000046
RAX: ffffed1012fe0f6c RBX: ffffed1012fe0f63 RCX: ffffffff814a9463
RDX: ffffed1012fe0f6c RSI: 0000000000000008 RDI: ffff888097f07b58
RBP: ffffed1012fe0f6b R08: 0000000000000000 R09: ffffed1012fe0f6b
R10: ffff888097f07b5f R11: 0000000000000000 R12: 0000000000000008
R13: ffff888097f07b58 R14: 0000000000000002 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3079aa8000 CR3: 000000003c3e5000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy+0x20/0x50 mm/kasan/kasan.c:302
 memcpy include/linux/string.h:377 [inline]
 __bpf_trace_lock_acquire+0x193/0x200 include/trace/events/lock.h:13
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0x298/0x3c0 kernel/locking/lockdep.c:3907
 seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline]
 read_seqcount_begin include/linux/seqlock.h:164 [inline]
 nf_conntrack_get_ht include/net/netfilter/nf_conntrack.h:302 [inline]
 gc_worker+0x24e/0xd90 net/netfilter/nf_conntrack_core.c:1225
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
----------------
Code disassembly (best guess):
   0:	08 48 39             	or     %cl,0x39(%rax)
   3:	d0 74 7b 48          	shlb   0x48(%rbx,%rdi,2)
   7:	83 38 00             	cmpl   $0x0,(%rax)
   a:	74 f1                	je     0xfffffffd
   c:	48 8d 50 08          	lea    0x8(%rax),%rdx
  10:	eb 09                	jmp    0x1b
  12:	48 83 c0 01          	add    $0x1,%rax
  16:	48 39 d0             	cmp    %rdx,%rax
  19:	74 0e                	je     0x29
  1b:	80 38 00             	cmpb   $0x0,(%rax)
  1e:	74 f2                	je     0x12
  20:	48 85 c0             	test   %rax,%rax
  23:	0f 85 9c 00 00 00    	jne    0xc5
  29:	5b                   	pop    %rbx
  2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	c3                   	retq   
  2e:	48 85 d2             	test   %rdx,%rdx
  31:	74 f6                	je     0x29
  33:	48 01 ea             	add    %rbp,%rdx
  36:	eb 09                	jmp    0x41
  38:	48 83 c0 01          	add    $0x1,%rax
  3c:	48 39 d0             	cmp    %rdx,%rax
  3f:	74                   	.byte 0x74

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/15 19:06 linux-4.19.y 59456c9cc40c 2489ab88 .config console log report info ci2-linux-4-19 INFO: task hung in vm_unmap_aliases
* Struck through repros no longer work on HEAD.