INFO: task kworker/0:1:9 blocked for more than 430 seconds. Not tainted 6.10.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:0 pid:9 tgid:9 ppid:2 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<8190ba40>] (__schedule) from [<8190c5d8>] (__schedule_loop kernel/sched/core.c:6606 [inline]) [<8190ba40>] (__schedule) from [<8190c5d8>] (schedule+0x2c/0xfc kernel/sched/core.c:6621) r10:8260ca7c r9:00000000 r8:827149e0 r7:00000002 r6:df83dda4 r5:82e2e000 r4:82e2e000 [<8190c5ac>] (schedule) from [<8190c98c>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6678) r5:82e2e000 r4:827149dc [<8190c974>] (schedule_preempt_disabled) from [<8190f464>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline]) [<8190c974>] (schedule_preempt_disabled) from [<8190f464>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752) [<8190f17c>] (__mutex_lock.constprop.0) from [<8190fd30>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040) r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:df83de20 r4:00000000 [<8190fd1c>] (__mutex_lock_slowpath) from [<8190fd70>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286) [<8190fd34>] (mutex_lock) from [<804a50cc>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2845) [<804a5064>] (_vm_unmap_aliases) from [<804a8df4>] (vm_reset_perms mm/vmalloc.c:3274 [inline]) [<804a5064>] (_vm_unmap_aliases) from [<804a8df4>] (vfree+0x170/0x1e4 mm/vmalloc.c:3353) r10:82c16005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:84e26f00 r4:00000000 [<804a8c84>] (vfree) from [<804fbd7c>] (execmem_free+0x30/0x64 mm/execmem.c:69) r9:82e2e000 r8:00800000 r7:00000000 r6:82c16000 r5:00001000 r4:7f037000 [<804fbd4c>] (execmem_free) from [<80393694>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072) r5:00001000 r4:dfc5d000 [<80393684>] (bpf_jit_free_exec) from [<80393a74>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline]) [<80393684>] (bpf_jit_free_exec) from [<80393a74>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241) [<80393a0c>] (bpf_jit_free) from [<80394bb0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2800) r5:84e05f54 r4:84e05c00 [<80394a64>] (bpf_prog_free_deferred) from [<802658fc>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3231) r7:dddd0000 r6:82c16000 r5:84e05f54 r4:82cb3100 [<80265748>] (process_one_work) from [<802664e0>] (process_scheduled_works kernel/workqueue.c:3312 [inline]) [<80265748>] (process_one_work) from [<802664e0>] (worker_thread+0x1ec/0x3f4 kernel/workqueue.c:3390) r10:82e2e000 r9:82cb312c r8:61c88647 r7:dddd0020 r6:82604d40 r5:dddd0000 r4:82cb3100 [<802662f4>] (worker_thread) from [<8026f538>] (kthread+0x104/0x134 kernel/kthread.c:389) r10:00000000 r9:df839e78 r8:82cb1a80 r7:82cb3100 r6:802662f4 r5:82e2e000 r4:82cb1180 [<8026f434>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:134) Exception stack(0xdf83dfb0 to 0xdf83dff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026f434 r4:82cb1180 INFO: task kworker/1:53:4157 blocked for more than 430 seconds. Not tainted 6.10.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:53 state:D stack:0 pid:4157 tgid:4157 ppid:2 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<8190ba40>] (__schedule) from [<8190c5d8>] (__schedule_loop kernel/sched/core.c:6606 [inline]) [<8190ba40>] (__schedule) from [<8190c5d8>] (schedule+0x2c/0xfc kernel/sched/core.c:6621) r10:8260ca7c r9:00000000 r8:827149e0 r7:00000002 r6:dfc79da4 r5:84e29800 r4:84e29800 [<8190c5ac>] (schedule) from [<8190c98c>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6678) r5:84e29800 r4:827149dc [<8190c974>] (schedule_preempt_disabled) from [<8190f464>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline]) [<8190c974>] (schedule_preempt_disabled) from [<8190f464>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752) [<8190f17c>] (__mutex_lock.constprop.0) from [<8190fd30>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040) r10:8260ca7c r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfc79e20 r4:00000000 [<8190fd1c>] (__mutex_lock_slowpath) from [<8190fd70>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286) [<8190fd34>] (mutex_lock) from [<804a50cc>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2845) [<804a5064>] (_vm_unmap_aliases) from [<804a8df4>] (vm_reset_perms mm/vmalloc.c:3274 [inline]) [<804a5064>] (_vm_unmap_aliases) from [<804a8df4>] (vfree+0x170/0x1e4 mm/vmalloc.c:3353) r10:82c16205 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:84e26ac0 r4:00000000 [<804a8c84>] (vfree) from [<804fbd7c>] (execmem_free+0x30/0x64 mm/execmem.c:69) r9:84e29800 r8:01800000 r7:00000000 r6:82c16200 r5:00001000 r4:7f033000 [<804fbd4c>] (execmem_free) from [<80393694>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1072) r5:00001000 r4:dfb07000 [<80393684>] (bpf_jit_free_exec) from [<80393a74>] (bpf_jit_binary_free kernel/bpf/core.c:1118 [inline]) [<80393684>] (bpf_jit_free_exec) from [<80393a74>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1241) [<80393a0c>] (bpf_jit_free) from [<80394bb0>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2800) r5:84e05b54 r4:84e05800 [<80394a64>] (bpf_prog_free_deferred) from [<802658fc>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3231) r7:ddde4000 r6:82c16200 r5:84e05b54 r4:84d44e00 [<80265748>] (process_one_work) from [<802664e0>] (process_scheduled_works kernel/workqueue.c:3312 [inline]) [<80265748>] (process_one_work) from [<802664e0>] (worker_thread+0x1ec/0x3f4 kernel/workqueue.c:3390) r10:84e29800 r9:84d44e2c r8:61c88647 r7:ddde4020 r6:82604d40 r5:ddde4000 r4:84d44e00 [<802662f4>] (worker_thread) from [<8026f538>] (kthread+0x104/0x134 kernel/kthread.c:389) r10:00000000 r9:dfbf9e78 r8:84d21700 r7:84d44e00 r6:802662f4 r5:84e29800 r4:84d21840 [<8026f434>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:134) Exception stack(0xdfc79fb0 to 0xdfc79ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026f434 r4:84d21840 NMI backtrace for cpu 1 CPU: 1 PID: 32 Comm: khungtaskd Not tainted 6.10.0-syzkaller #0 Hardware name: ARM-Versatile Express Call trace: [<818ea4a0>] (dump_backtrace) from [<818ea59c>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:00000013 r5:60000093 r4:81fe7c44 [<818ea584>] (show_stack) from [<81907c00>] (__dump_stack lib/dump_stack.c:88 [inline]) [<818ea584>] (show_stack) from [<81907c00>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:114) [<81907b90>] (dump_stack_lvl) from [<81907c24>] (dump_stack+0x18/0x1c lib/dump_stack.c:123) r5:00000001 r4:00000001 [<81907c0c>] (dump_stack) from [<818d779c>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113) [<818d763c>] (nmi_cpu_backtrace) from [<818d78e8>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000001 r6:8260c5d0 r5:8261a7cc r4:ffffffff [<818d77b8>] (nmi_trigger_cpumask_backtrace) from [<802103c8>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:851) r9:00000001 r8:828a7070 r7:8260c734 r6:00007d5b r5:8261ad88 r4:8509d41c [<802103b0>] (arch_trigger_cpumask_backtrace) from [<80350b78>] (trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]) [<802103b0>] (arch_trigger_cpumask_backtrace) from [<80350b78>] (check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]) [<802103b0>] (arch_trigger_cpumask_backtrace) from [<80350b78>] (watchdog+0x48c/0x59c kernel/hung_task.c:379) [<803506ec>] (watchdog) from [<8026f538>] (kthread+0x104/0x134 kernel/kthread.c:389) r10:00000000 r9:df819e58 r8:82f1c840 r7:00000000 r6:803506ec r5:82e49800 r4:82eb6ec0 [<8026f434>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:134) Exception stack(0xdf8e1fb0 to 0xdf8e1ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026f434 r4:82eb6ec0 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 3462 Comm: syz-executor.0 Not tainted 6.10.0-syzkaller #0 Hardware name: ARM-Versatile Express PC is at __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] PC is at _raw_spin_unlock_irqrestore+0x28/0x54 kernel/locking/spinlock.c:194 LR is at __debug_check_no_obj_freed lib/debugobjects.c:999 [inline] LR is at debug_check_no_obj_freed+0x184/0x2a0 lib/debugobjects.c:1020 pc : [<81914df0>] lr : [<80828584>] psr: 60000013 sp : df9d9db0 ip : df9d9dc0 fp : df9d9dbc r10: 00000005 r9 : 845b64c0 r8 : 845b6c40 r7 : 845b6608 r6 : 00000100 r5 : 00000005 r4 : 00000005 r3 : 000007cb r2 : 00000000 r1 : 20000013 r0 : 828ddc34 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 84cc0180 DAC: fffffffd Call trace: [<81914dc8>] (_raw_spin_unlock_irqrestore) from [<80828584>] (__debug_check_no_obj_freed lib/debugobjects.c:999 [inline]) [<81914dc8>] (_raw_spin_unlock_irqrestore) from [<80828584>] (debug_check_no_obj_freed+0x184/0x2a0 lib/debugobjects.c:1020) [<80828400>] (debug_check_no_obj_freed) from [<804bce4c>] (slab_free_hook mm/slub.c:2202 [inline]) [<80828400>] (debug_check_no_obj_freed) from [<804bce4c>] (slab_free mm/slub.c:4464 [inline]) [<80828400>] (debug_check_no_obj_freed) from [<804bce4c>] (kmem_cache_free+0x2f0/0x44c mm/slub.c:4539) r10:00000006 r9:836b4800 r8:0009cd98 r7:813e43d8 r6:dde95cc0 r5:845b64c0 r4:82ca8600 [<804bcb5c>] (kmem_cache_free) from [<813e43d8>] (sk_prot_free net/core/sock.c:2130 [inline]) [<804bcb5c>] (kmem_cache_free) from [<813e43d8>] (__sk_destruct+0x1a0/0x228 net/core/sock.c:2224) r10:00000006 r9:836b4800 r8:82e99310 r7:00000000 r6:00000000 r5:845b64c0 r4:82ca8600 [<813e4238>] (__sk_destruct) from [<813e4d9c>] (sk_destruct+0x48/0x4c net/core/sock.c:2239) r7:00000000 r6:81c537e0 r5:00000000 r4:845b66d8 [<813e4d54>] (sk_destruct) from [<813e4df4>] (__sk_free+0x54/0xfc net/core/sock.c:2250) r5:00000000 r4:845b64c0 [<813e4da0>] (__sk_free) from [<813e4ef0>] (sk_free+0x54/0x58 net/core/sock.c:2261) r5:00000000 r4:845b64c0 [<813e4e9c>] (sk_free) from [<815c75f0>] (sock_put include/net/sock.h:1884 [inline]) [<813e4e9c>] (sk_free) from [<815c75f0>] (tcp_close+0x84/0x94 net/ipv4/tcp.c:2966) [<815c756c>] (tcp_close) from [<81608360>] (inet_release+0x54/0x8c net/ipv4/af_inet.c:437) r5:833caf00 r4:845b64c0 [<8160830c>] (inet_release) from [<813dc994>] (__sock_release+0x44/0xbc net/socket.c:659) r5:833cb000 r4:833caf00 [<813dc950>] (__sock_release) from [<813dca24>] (sock_close+0x18/0x20 net/socket.c:1421) r7:833caf80 r6:831ee4c8 r5:082e0003 r4:84456480 [<813dca0c>] (sock_close) from [<80503b88>] (__fput+0xdc/0x2e4 fs/file_table.c:422) [<80503aac>] (__fput) from [<80503e4c>] (__fput_sync+0x3c/0x40 fs/file_table.c:507) r9:836b4800 r8:8020029c r7:00000006 r6:00000000 r5:84456480 r4:00000000 [<80503e10>] (__fput_sync) from [<804ff100>] (__do_sys_close fs/open.c:1566 [inline]) [<80503e10>] (__fput_sync) from [<804ff100>] (sys_close+0x30/0x64 fs/open.c:1551) [<804ff0d0>] (sys_close) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xdf9d9fa8 to 0xdf9d9ff0) 9fa0: 00000000 00000003 00000003 00000001 00000001 0011c000 9fc0: 00000000 00000003 00000000 00000006 00140000 00000383 7ebb7670 7ebb7630 9fe0: 00000000 7ebb7598 00021574 0004f5a0 r5:00000003 r4:00000000