INFO: task kworker/0:2:46 blocked for more than 430 seconds.
      Not tainted 6.12.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2     state:D stack:0     pid:46    tgid:46    ppid:2      flags:0x00000000
Workqueue: events bpf_prog_free_deferred
Call trace: 
[<819bb3f4>] (__schedule) from [<819bc034>] (__schedule_loop kernel/sched/core.c:6752 [inline])
[<819bb3f4>] (__schedule) from [<819bc034>] (schedule+0x2c/0xfc kernel/sched/core.c:6767)
 r10:8260ca7c r9:00000000 r8:827174e4 r7:00000002 r6:df91dda4 r5:82fe1800
 r4:82fe1800
[<819bc008>] (schedule) from [<819bc3e8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6824)
 r5:82fe1800 r4:827174e0
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline])
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752)
[<819bebd8>] (__mutex_lock.constprop.0) from [<819bf78c>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040)
 r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:df91de20
 r4:00000000
[<819bf778>] (__mutex_lock_slowpath) from [<819bf7cc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286)
[<819bf790>] (mutex_lock) from [<804adbf0>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2844)
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vm_reset_perms mm/vmalloc.c:3272 [inline])
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vfree+0x170/0x1e4 mm/vmalloc.c:3351)
 r10:82c18005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:854b2700
 r4:00000000
[<804b17dc>] (vfree) from [<8050fb98>] (execmem_free+0x30/0x64 mm/execmem.c:69)
 r9:82fe1800 r8:00800000 r7:00000000 r6:82c18000 r5:00001000 r4:7f02b000
[<8050fb68>] (execmem_free) from [<8039c47c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072)
 r5:00001000 r4:dfe01000
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline])
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241)
[<8039c7f4>] (bpf_jit_free) from [<8039d9b0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2815)
 r5:85319f54 r4:85319c00
[<8039d864>] (bpf_prog_free_deferred) from [<802660d0>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3229)
 r7:dddd00c0 r6:82c18000 r5:85319f54 r4:82f5f100
[<80265f1c>] (process_one_work) from [<80266cb4>] (process_scheduled_works kernel/workqueue.c:3310 [inline])
[<80265f1c>] (process_one_work) from [<80266cb4>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3391)
 r10:82fe1800 r9:82f5f12c r8:61c88647 r7:dddd00e0 r6:82604d40 r5:dddd00c0
 r4:82f5f100
[<80266ac8>] (worker_thread) from [<8026fd20>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:df839e78 r8:82f5d8c0 r7:82f5f100 r6:80266ac8 r5:82fe1800
 r4:82f5d800
[<8026fc1c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdf91dfb0 to 0xdf91dff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fc1c r4:82f5d800
INFO: task kworker/0:6:5122 blocked for more than 430 seconds.
      Not tainted 6.12.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:6     state:D stack:0     pid:5122  tgid:5122  ppid:2      flags:0x00000000
Workqueue: events bpf_prog_free_deferred
Call trace: 
[<819bb3f4>] (__schedule) from [<819bc034>] (__schedule_loop kernel/sched/core.c:6752 [inline])
[<819bb3f4>] (__schedule) from [<819bc034>] (schedule+0x2c/0xfc kernel/sched/core.c:6767)
 r10:8260ca7c r9:00000000 r8:827174e4 r7:00000002 r6:df9a9da4 r5:83d38c00
 r4:83d38c00
[<819bc008>] (schedule) from [<819bc3e8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6824)
 r5:83d38c00 r4:827174e0
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline])
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752)
[<819bebd8>] (__mutex_lock.constprop.0) from [<819bf78c>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040)
 r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:df9a9e20
 r4:00000000
[<819bf778>] (__mutex_lock_slowpath) from [<819bf7cc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286)
[<819bf790>] (mutex_lock) from [<804adbf0>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2844)
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vm_reset_perms mm/vmalloc.c:3272 [inline])
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vfree+0x170/0x1e4 mm/vmalloc.c:3351)
 r10:82c18005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:8510efc0
 r4:00000000
[<804b17dc>] (vfree) from [<8050fb98>] (execmem_free+0x30/0x64 mm/execmem.c:69)
 r9:83d38c00 r8:00800000 r7:00000000 r6:82c18000 r5:00001000 r4:7f02d000
[<8050fb68>] (execmem_free) from [<8039c47c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072)
 r5:00001000 r4:dfecd000
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline])
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241)
[<8039c7f4>] (bpf_jit_free) from [<8039d9b0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2815)
 r5:85318354 r4:85318000
[<8039d864>] (bpf_prog_free_deferred) from [<802660d0>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3229)
 r7:dddd00c0 r6:82c18000 r5:85318354 r4:84b85b80
[<80265f1c>] (process_one_work) from [<80266cb4>] (process_scheduled_works kernel/workqueue.c:3310 [inline])
[<80265f1c>] (process_one_work) from [<80266cb4>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3391)
 r10:83d38c00 r9:84b85bac r8:61c88647 r7:dddd00e0 r6:82604d40 r5:dddd00c0
 r4:84b85b80
[<80266ac8>] (worker_thread) from [<8026fd20>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:ec499e78 r8:854f82c0 r7:84b85b80 r6:80266ac8 r5:83d38c00
 r4:8550d540
[<8026fc1c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdf9a9fb0 to 0xdf9a9ff8)
9fa0:                                     00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fc1c r4:8550d540
INFO: task kworker/1:5:5132 blocked for more than 430 seconds.
      Not tainted 6.12.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5     state:D stack:0     pid:5132  tgid:5132  ppid:2      flags:0x00000000
Workqueue: events bpf_prog_free_deferred
Call trace: 
[<819bb3f4>] (__schedule) from [<819bc034>] (__schedule_loop kernel/sched/core.c:6752 [inline])
[<819bb3f4>] (__schedule) from [<819bc034>] (schedule+0x2c/0xfc kernel/sched/core.c:6767)
 r10:8260ca7c r9:00000000 r8:827174e4 r7:00000002 r6:dfa05da4 r5:83d3e000
 r4:83d3e000
[<819bc008>] (schedule) from [<819bc3e8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6824)
 r5:83d3e000 r4:827174e0
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline])
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752)
[<819bebd8>] (__mutex_lock.constprop.0) from [<819bf78c>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040)
 r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfa05e20
 r4:00000000
[<819bf778>] (__mutex_lock_slowpath) from [<819bf7cc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286)
[<819bf790>] (mutex_lock) from [<804adbf0>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2844)
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vm_reset_perms mm/vmalloc.c:3272 [inline])
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vfree+0x170/0x1e4 mm/vmalloc.c:3351)
 r10:82c18205 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:8519aa00
 r4:00000000
[<804b17dc>] (vfree) from [<8050fb98>] (execmem_free+0x30/0x64 mm/execmem.c:69)
 r9:83d3e000 r8:01800000 r7:00000000 r6:82c18200 r5:00001000 r4:7f00d000
[<8050fb68>] (execmem_free) from [<8039c47c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072)
 r5:00001000 r4:dfa6d000
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline])
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241)
[<8039c7f4>] (bpf_jit_free) from [<8039d9b0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2815)
 r5:85318b54 r4:85318800
[<8039d864>] (bpf_prog_free_deferred) from [<802660d0>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3229)
 r7:ddde40c0 r6:82c18200 r5:85318b54 r4:8536aa80
[<80265f1c>] (process_one_work) from [<80266cb4>] (process_scheduled_works kernel/workqueue.c:3310 [inline])
[<80265f1c>] (process_one_work) from [<80266cb4>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3391)
 r10:83d3e000 r9:8536aaac r8:61c88647 r7:ddde40e0 r6:82604d40 r5:ddde40c0
 r4:8536aa80
[<80266ac8>] (worker_thread) from [<8026fd20>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:ec315e78 r8:854bf240 r7:8536aa80 r6:80266ac8 r5:83d3e000
 r4:854bfc00
[<8026fc1c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdfa05fb0 to 0xdfa05ff8)
5fa0:                                     00000000 00000000 00000000 00000000
5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fc1c r4:854bfc00
INFO: task kworker/0:7:5165 blocked for more than 432 seconds.
      Not tainted 6.12.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:7     state:D stack:0     pid:5165  tgid:5165  ppid:2      flags:0x00000000
Workqueue: events bpf_prog_free_deferred
Call trace: 
[<819bb3f4>] (__schedule) from [<819bc034>] (__schedule_loop kernel/sched/core.c:6752 [inline])
[<819bb3f4>] (__schedule) from [<819bc034>] (schedule+0x2c/0xfc kernel/sched/core.c:6767)
 r10:8260ca7c r9:00000000 r8:827174e4 r7:00000002 r6:dfbddda4 r5:83d3ec00
 r4:83d3ec00
[<819bc008>] (schedule) from [<819bc3e8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6824)
 r5:83d3ec00 r4:827174e0
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline])
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752)
[<819bebd8>] (__mutex_lock.constprop.0) from [<819bf78c>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040)
 r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfbdde20
 r4:00000000
[<819bf778>] (__mutex_lock_slowpath) from [<819bf7cc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286)
[<819bf790>] (mutex_lock) from [<804adbf0>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2844)
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vm_reset_perms mm/vmalloc.c:3272 [inline])
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vfree+0x170/0x1e4 mm/vmalloc.c:3351)
 r10:82c18005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:854dc600
 r4:00000000
[<804b17dc>] (vfree) from [<8050fb98>] (execmem_free+0x30/0x64 mm/execmem.c:69)
 r9:83d3ec00 r8:00800000 r7:00000000 r6:82c18000 r5:00001000 r4:7f02f000
[<8050fb68>] (execmem_free) from [<8039c47c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072)
 r5:00001000 r4:dff5d000
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline])
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241)
[<8039c7f4>] (bpf_jit_free) from [<8039d9b0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2815)
 r5:8531bf54 r4:8531bc00
[<8039d864>] (bpf_prog_free_deferred) from [<802660d0>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3229)
 r7:dddd00c0 r6:82c18000 r5:8531bf54 r4:84b85680
[<80265f1c>] (process_one_work) from [<80266cb4>] (process_scheduled_works kernel/workqueue.c:3310 [inline])
[<80265f1c>] (process_one_work) from [<80266cb4>] (worker_thread+0x1ec/0x3bc kernel/workqueue.c:3391)
 r10:83d3ec00 r9:84b856ac r8:61c88647 r7:dddd00e0 r6:82604d40 r5:dddd00c0
 r4:84b85680
[<80266ac8>] (worker_thread) from [<8026fd20>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:ec499e78 r8:8547d3c0 r7:84b85680 r6:80266ac8 r5:83d3ec00
 r4:854bff40
[<8026fc1c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdfbddfb0 to 0xdfbddff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fc1c r4:854bff40
INFO: task syz.1.366:5792 blocked for more than 433 seconds.
      Not tainted 6.12.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.366       state:D stack:0     pid:5792  tgid:5791  ppid:3114   flags:0x00000001
Call trace: 
[<819bb3f4>] (__schedule) from [<819bc034>] (__schedule_loop kernel/sched/core.c:6752 [inline])
[<819bb3f4>] (__schedule) from [<819bc034>] (schedule+0x2c/0xfc kernel/sched/core.c:6767)
 r10:8260ca7c r9:00000000 r8:827174e4 r7:00000002 r6:df99dad4 r5:852d6000
 r4:852d6000
[<819bc008>] (schedule) from [<819bc3e8>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6824)
 r5:852d6000 r4:827174e0
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline])
[<819bc3d0>] (schedule_preempt_disabled) from [<819beec0>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752)
[<819bebd8>] (__mutex_lock.constprop.0) from [<819bf78c>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040)
 r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:df99db50
 r4:00000000
[<819bf778>] (__mutex_lock_slowpath) from [<819bf7cc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286)
[<819bf790>] (mutex_lock) from [<804adbf0>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2844)
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vm_reset_perms mm/vmalloc.c:3272 [inline])
[<804adb88>] (_vm_unmap_aliases) from [<804b194c>] (vfree+0x170/0x1e4 mm/vmalloc.c:3351)
 r10:00000000 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:84be4700
 r4:00000000
[<804b17dc>] (vfree) from [<8050fb98>] (execmem_free+0x30/0x64 mm/execmem.c:69)
 r9:fffffdf4 r8:8572bdc0 r7:84b20000 r6:df9d3030 r5:00001000 r4:7f033000
[<8050fb68>] (execmem_free) from [<8039c47c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072)
 r5:00001000 r4:df9d9000
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline])
[<8039c46c>] (bpf_jit_free_exec) from [<8039c85c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241)
[<8039c7f4>] (bpf_jit_free) from [<803b7bd0>] (jit_subprogs+0x4f8/0x9e8 kernel/bpf/verifier.c:20185)
 r5:84b25000 r4:00000000
[<803b76d8>] (jit_subprogs) from [<803ce4a8>] (fixup_call_args kernel/bpf/verifier.c:20214 [inline])
[<803b76d8>] (jit_subprogs) from [<803ce4a8>] (bpf_check+0x2828/0x2ac4 kernel/bpf/verifier.c:22467)
 r10:84b20000 r9:00000006 r8:00000006 r7:00000005 r6:00000005 r5:00000095
 r4:00000000
[<803cbc80>] (bpf_check) from [<803a6404>] (bpf_prog_load+0x88c/0xcd0 kernel/bpf/syscall.c:2846)
 r10:852d6000 r9:8531b6f0 r8:00000070 r7:df99dda8 r6:00000000 r5:00000000
 r4:df99dec0
[<803a5b78>] (bpf_prog_load) from [<803a77b4>] (__sys_bpf+0x3d0/0x1fa0 kernel/bpf/syscall.c:5634)
 r10:00000182 r9:00000000 r8:00000070 r7:20000440 r6:00000005 r5:df99de98
 r4:b5403587
[<803a73e4>] (__sys_bpf) from [<803a9924>] (__do_sys_bpf kernel/bpf/syscall.c:5741 [inline])
[<803a73e4>] (__sys_bpf) from [<803a9924>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:5739)
 r10:00000182 r9:852d6000 r8:8020029c r7:00000182 r6:002862f0 r5:00000000
 r4:00000000
[<803a98f8>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdf99dfa8 to 0xdf99dff0)
dfa0:                   00000000 00000000 00000005 20000440 00000070 00000000
dfc0: 00000000 00000000 002862f0 00000182 00000000 00006364 003d0f00 76b820bc
dfe0: 76b81ec0 76b81eb0 00018af8 00132ec0
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
Call trace: 
[<81998f38>] (dump_backtrace) from [<81999034>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257)
 r7:00000000 r6:00000113 r5:60000193 r4:8203d324
[<8199901c>] (show_stack) from [<819b74e0>] (__dump_stack lib/dump_stack.c:94 [inline])
[<8199901c>] (show_stack) from [<819b74e0>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:120)
[<819b7470>] (dump_stack_lvl) from [<819b7504>] (dump_stack+0x18/0x1c lib/dump_stack.c:129)
 r5:00000000 r4:00000001
[<819b74ec>] (dump_stack) from [<819861f8>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113)
[<81986098>] (nmi_cpu_backtrace) from [<81986344>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62)
 r7:00000000 r6:8260c5d0 r5:8261a88c r4:ffffffff
[<81986214>] (nmi_trigger_cpumask_backtrace) from [<802103e8>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:851)
 r9:0000a039 r8:828b6cf8 r7:8260c730 r6:00007f14 r5:8261ae48 r4:82fbd11c
[<802103d0>] (arch_trigger_cpumask_backtrace) from [<80358198>] (trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline])
[<802103d0>] (arch_trigger_cpumask_backtrace) from [<80358198>] (check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline])
[<802103d0>] (arch_trigger_cpumask_backtrace) from [<80358198>] (watchdog+0x498/0x5b8 kernel/hung_task.c:379)
[<80357d00>] (watchdog) from [<8026fd20>] (kthread+0x104/0x134 kernel/kthread.c:389)
 r10:00000000 r9:df819e58 r8:82e9f340 r7:00000000 r6:80357d00 r5:82ee8c00
 r4:82f45ac0
[<8026fc1c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xdf8e1fb0 to 0xdf8e1ff8)
1fa0:                                     00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fc1c r4:82f45ac0
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7057 Comm: syz.0.498 Not tainted 6.12.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at rt6_get_pcpu_route net/ipv6/route.c:1408 [inline]
PC is at ip6_pol_route+0x170/0x4fc net/ipv6/route.c:2264
LR is at __local_bh_disable_ip include/linux/bottom_half.h:13 [inline]
LR is at local_bh_disable include/linux/bottom_half.h:20 [inline]
LR is at ip6_pol_route+0x130/0x4fc net/ipv6/route.c:2263
pc : [<8176d128>]    lr : [<8176d0e8>]    psr: 20000113
sp : df805968  ip : df805968  fp : df8059cc
r10: 00000080  r9 : 852de000  r8 : 00000000
r7 : 8423d900  r6 : df805ad0  r5 : 849e0d00  r4 : df805988
r3 : 00000300  r2 : 5b928000  r1 : 00000000  r0 : 00000200
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84211080  DAC: 00000000
Call trace: frame pointer underflow
[<8176cfb8>] (ip6_pol_route) from [<8176d514>] (ip6_pol_route_output+0x2c/0x34 net/ipv6/route.c:2606)
 r10:849e0d00 r9:00000000 r8:8176d4e8 r7:00000000 r6:df805aa8 r5:00000085
 r4:849e0d00
[<8176d4e8>] (ip6_pol_route_output) from [<817a9c8c>] (pol_lookup_func include/net/ip6_fib.h:616 [inline])
[<8176d4e8>] (ip6_pol_route_output) from [<817a9c8c>] (fib6_rule_lookup+0x54/0x1e8 net/ipv6/fib6_rules.c:117)
[<817a9c38>] (fib6_rule_lookup) from [<81765674>] (ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline])
[<817a9c38>] (fib6_rule_lookup) from [<81765674>] (ip6_route_output_flags+0xbc/0x1cc net/ipv6/route.c:2651)
 r8:df805ad0 r7:00000000 r6:849e0d00 r5:01000000 r4:df805aa8
[<817655b8>] (ip6_route_output_flags) from [<817a84e8>] (ip6_route_output include/net/ip6_route.h:93 [inline])
[<817655b8>] (ip6_route_output_flags) from [<817a84e8>] (__nf_ip6_route+0x2c/0x50 net/ipv6/netfilter.c:113)
 r9:855f65a8 r8:855f6598 r7:00000000 r6:854dfa00 r5:855f6588 r4:df805aa4
[<817a84bc>] (__nf_ip6_route) from [<815fe858>] (nf_ip6_route include/linux/netfilter_ipv6.h:111 [inline])
[<817a84bc>] (__nf_ip6_route) from [<815fe858>] (synproxy_send_tcp_ipv6+0x108/0x200 net/netfilter/nf_synproxy_core.c:835)
 r5:855f6588 r4:8548d840
[<815fe750>] (synproxy_send_tcp_ipv6) from [<815ff214>] (synproxy_send_client_synack_ipv6+0x184/0x1a8 net/netfilter/nf_synproxy_core.c:897)
 r10:855f65a8 r9:855f6c40 r8:855f6c68 r7:df805b98 r6:8548d780 r5:00000014
 r4:8548d840
[<815ff090>] (synproxy_send_client_synack_ipv6) from [<816386a8>] (nft_synproxy_eval_v6 net/netfilter/nft_synproxy.c:90 [inline])
[<815ff090>] (synproxy_send_client_synack_ipv6) from [<816386a8>] (nft_synproxy_do_eval+0x29c/0x2b4 net/netfilter/nft_synproxy.c:145)
 r10:81c63bb8 r9:855f6c68 r8:853c4480 r7:8547a158 r6:df805c64 r5:849e0d00
 r4:8548d780
[<8163840c>] (nft_synproxy_do_eval) from [<816386ec>] (nft_synproxy_eval+0x14/0x18 net/netfilter/nft_synproxy.c:247)
 r9:df805cfc r8:81c63d38 r7:81c63aa4 r6:81c63a60 r5:8547a160 r4:8547a150
[<816386d8>] (nft_synproxy_eval) from [<81601eb4>] (expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline])
[<816386d8>] (nft_synproxy_eval) from [<81601eb4>] (nft_do_chain+0x12c/0x570 net/netfilter/nf_tables_core.c:288)
[<81601d88>] (nft_do_chain) from [<8161a5e0>] (nft_do_chain_inet+0xac/0x120 net/netfilter/nft_chain_filter.c:161)
 r10:ddde50c8 r9:854b7020 r8:df805d54 r7:8548d780 r6:854b7000 r5:00000004
 r4:8547b0b0
[<8161a534>] (nft_do_chain_inet) from [<815c9b68>] (nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline])
[<8161a534>] (nft_do_chain_inet) from [<815c9b68>] (nf_hook_slow+0x40/0x104 net/netfilter/core.c:626)
 r4:00000001
[<815c9b28>] (nf_hook_slow) from [<81755874>] (nf_hook include/linux/netfilter.h:269 [inline])
[<815c9b28>] (nf_hook_slow) from [<81755874>] (NF_HOOK include/linux/netfilter.h:312 [inline])
[<815c9b28>] (nf_hook_slow) from [<81755874>] (ip6_input+0xb0/0xd0 net/ipv6/ip6_input.c:490)
 r9:00000040 r8:0000000c r7:00000000 r6:849e0d00 r5:848c6000 r4:8548d780
[<817557c4>] (ip6_input) from [<81754de0>] (dst_input include/net/dst.h:460 [inline])
[<817557c4>] (ip6_input) from [<81754de0>] (ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline])
[<817557c4>] (ip6_input) from [<81754de0>] (NF_HOOK include/linux/netfilter.h:314 [inline])
[<817557c4>] (ip6_input) from [<81754de0>] (NF_HOOK include/linux/netfilter.h:308 [inline])
[<817557c4>] (ip6_input) from [<81754de0>] (ipv6_rcv+0x150/0x15c net/ipv6/ip6_input.c:309)
 r6:849e0d00 r5:8548d780 r4:00000001
[<81754c90>] (ipv6_rcv) from [<814b9938>] (__netif_receive_skb_one_core+0x5c/0x80 net/core/dev.c:5666)
 r6:00000000 r5:81754c90 r4:848c6000
[<814b98dc>] (__netif_receive_skb_one_core) from [<814b99a4>] (__netif_receive_skb+0x18/0x5c net/core/dev.c:5779)
 r5:ddde51b0 r4:8548d780
[<814b998c>] (__netif_receive_skb) from [<814b9cac>] (process_backlog+0xa0/0x17c net/core/dev.c:6111)
 r5:ddde51b0 r4:8548d780
[<814b9c0c>] (process_backlog) from [<814babb8>] (__napi_poll+0x34/0x240 net/core/dev.c:6775)
 r10:ddde50c0 r9:ddde5300 r8:df805ea0 r7:df805e9b r6:00000040 r5:ddde51b0
 r4:00000001
[<814bab84>] (__napi_poll) from [<814bb42c>] (napi_poll net/core/dev.c:6844 [inline])
[<814bab84>] (__napi_poll) from [<814bb42c>] (net_rx_action+0x358/0x440 net/core/dev.c:6966)
 r9:ddde5300 r8:df805ea0 r7:0000012c r6:0000a03c r5:ddde51b0 r4:00000000
[<814bb0d4>] (net_rx_action) from [<8024b5c0>] (handle_softirqs+0x158/0x464 kernel/softirq.c:554)
 r10:00000082 r9:852de000 r8:00000100 r7:0040044c r6:00000003 r5:00000002
 r4:8260408c
[<8024b468>] (handle_softirqs) from [<8024b9bc>] (__do_softirq kernel/softirq.c:588 [inline])
[<8024b468>] (handle_softirqs) from [<8024b9bc>] (invoke_softirq kernel/softirq.c:428 [inline])
[<8024b468>] (handle_softirqs) from [<8024b9bc>] (__irq_exit_rcu+0xa4/0x164 kernel/softirq.c:637)
 r10:ddeb7c68 r9:852de000 r8:00000000 r7:eb531b10 r6:821ded98 r5:8221f59c
 r4:852de000
[<8024b918>] (__irq_exit_rcu) from [<8024bcbc>] (irq_exit+0x10/0x18 kernel/softirq.c:661)
 r5:8221f59c r4:824bbcdc
[<8024bcac>] (irq_exit) from [<819b7ea0>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240)
[<819b7e24>] (generic_handle_arch_irq) from [<819683e8>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40)
 r9:852de000 r8:00000000 r7:eb531b44 r6:ffffffff r5:60000113 r4:804c8a34
[<819683cc>] (call_with_stack) from [<80200bcc>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:227)
Exception stack(0xeb531b10 to 0xeb531b58)
1b00:                                     00000001 00000200 00000005 60000113
1b20: 82c01240 0000003a 00000001 854cab00 00000000 00000000 ddeb7c68 eb531be4
1b40: eb531b60 eb531b60 804c8a1c 804c8a34 60000113 ffffffff
[<804c88e0>] (__slab_free) from [<804c904c>] (do_slab_free mm/slub.c:4532 [inline])
[<804c88e0>] (__slab_free) from [<804c904c>] (slab_free mm/slub.c:4581 [inline])
[<804c88e0>] (__slab_free) from [<804c904c>] (kfree+0x134/0x394 mm/slub.c:4728)
 r10:85030540 r9:8260c5d0 r8:81c13d08 r7:813547d8 r6:82c01240 r5:ddeb7c68
 r4:854cadc0
[<804c8f18>] (kfree) from [<813547d8>] (binderfs_evict_inode+0xb8/0xc8 drivers/android/binderfs.c:275)
 r10:85030540 r9:8260c5d0 r8:81c13d08 r7:84c4ada8 r6:850785c0 r5:851aff80
 r4:84c4ad40
[<81354720>] (binderfs_evict_inode) from [<8053a5c8>] (evict+0xf0/0x278 fs/inode.c:723)
 r7:84c4ada8 r6:84c4ada8 r5:84c4ae04 r4:84c4ad40
[<8053a4d8>] (evict) from [<8053a870>] (iput_final fs/inode.c:1875 [inline])
[<8053a4d8>] (evict) from [<8053a870>] (iput fs/inode.c:1901 [inline])
[<8053a4d8>] (evict) from [<8053a870>] (iput+0x120/0x2dc fs/inode.c:1887)
 r8:852de000 r7:84c4ada8 r6:81c13d08 r5:84c4ad40 r4:856d5400
[<8053a750>] (iput) from [<805346f0>] (dentry_unlink_inode+0xf8/0x15c fs/dcache.c:412)
 r9:00000000 r8:80533a30 r7:8334d528 r6:8334d528 r5:84c4ad40 r4:8334d4c8
[<805345f8>] (dentry_unlink_inode) from [<805351e4>] (__dentry_kill+0x8c/0x1bc fs/dcache.c:615)
 r5:eb531d3c r4:8334d4c8
[<80535158>] (__dentry_kill) from [<80536b48>] (shrink_kill fs/dcache.c:1060 [inline])
[<80535158>] (__dentry_kill) from [<80536b48>] (shrink_dentry_list+0x68/0xc0 fs/dcache.c:1087)
 r7:8334d528 r6:8334d530 r5:eb531d3c r4:8334d4c8
[<80536ae0>] (shrink_dentry_list) from [<80536dd0>] (shrink_dcache_parent+0xd0/0x144 fs/dcache.c:1521)
 r7:80533ab4 r6:8334d6e8 r5:eb531d3c r4:00000000
[<80536d00>] (shrink_dcache_parent) from [<80537124>] (do_one_tree fs/dcache.c:1550 [inline])
[<80536d00>] (shrink_dcache_parent) from [<80537124>] (shrink_dcache_for_umount+0x34/0x2c8 fs/dcache.c:1567)
 r8:82871694 r7:856d5400 r6:00000000 r5:8334d748 r4:8334d6e8
[<805370f0>] (shrink_dcache_for_umount) from [<80518bcc>] (generic_shutdown_super+0x24/0x104 fs/super.c:620)
 r10:85030540 r9:00000000 r8:82871694 r7:00000000 r6:8260ca7c r5:81c13d08
 r4:856d5400 r3:8334d6e8
[<80518ba8>] (generic_shutdown_super) from [<8051941c>] (kill_anon_super+0x18/0x84 fs/super.c:1237)
 r5:0000002b r4:856d5400
[<80519404>] (kill_anon_super) from [<805194b0>] (kill_litter_super+0x28/0x2c fs/super.c:1247)
 r5:827c8888 r4:856d5400
[<80519488>] (kill_litter_super) from [<813543c8>] (binderfs_kill_super+0x14/0x38 drivers/android/binderfs.c:789)
 r5:827c8888 r4:850785c0
[<813543b4>] (binderfs_kill_super) from [<80519d7c>] (deactivate_locked_super+0x54/0x104 fs/super.c:473)
 r5:827c8888 r4:856d5400
[<80519d28>] (deactivate_locked_super) from [<80519e8c>] (deactivate_super fs/super.c:506 [inline])
[<80519d28>] (deactivate_locked_super) from [<80519e8c>] (deactivate_super+0x60/0x64 fs/super.c:502)
 r5:82237548 r4:856d5400
[<80519e2c>] (deactivate_super) from [<805429f4>] (cleanup_mnt+0xec/0x178 fs/namespace.c:1373)
 r5:82237548 r4:854b4b40
[<80542908>] (cleanup_mnt) from [<80542af0>] (__cleanup_mnt+0x14/0x18 fs/namespace.c:1380)
 r7:852de000 r6:852de884 r5:852de854 r4:854b4620
[<80542adc>] (__cleanup_mnt) from [<8026c668>] (task_work_run+0x90/0xb8 kernel/task_work.c:228)
[<8026c5d8>] (task_work_run) from [<80248f70>] (exit_task_work include/linux/task_work.h:40 [inline])
[<8026c5d8>] (task_work_run) from [<80248f70>] (do_exit+0x304/0xaa0 kernel/exit.c:939)
 r9:00000000 r8:eb531e90 r7:852de880 r6:85f5f978 r5:85f5f900 r4:852de000
[<80248c6c>] (do_exit) from [<802498d0>] (do_group_exit+0x40/0x8c kernel/exit.c:1088)
 r7:400004d8
[<80249890>] (do_group_exit) from [<80259ac4>] (get_signal+0xa34/0xa58 kernel/signal.c:2917)
 r7:400004d8 r4:852de000
[<80259090>] (get_signal) from [<8020bab0>] (do_signal arch/arm/kernel/signal.c:578 [inline])
[<80259090>] (get_signal) from [<8020bab0>] (do_work_pending+0x118/0x4f8 arch/arm/kernel/signal.c:618)
 r10:00000078 r9:fffffff4 r8:8020029c r7:0013437c r6:8020029c r5:eb531fb0
 r4:852de000
[<8020b998>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xeb531fb0 to 0xeb531ff8)
1fa0:                                     fffffff4 76bb10b8 76bb1628 76bb1ac0
1fc0: 76bb1628 76bb15c0 7ef877fc 00000078 7ef87736 7ef87737 003d0f00 00000000
1fe0: 003d0f00 7ef87650 0013491c 0013437c 20000010 003d0f00
 r10:00000078 r9:852de000 r8:8020029c r7:00000078 r6:7ef877fc r5:76bb15c0
 r4:76bb1628