From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFFFACD1284 for ; Tue, 9 Apr 2024 11:23:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 57C7B6B0089; Tue, 9 Apr 2024 07:23:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 505876B008C; Tue, 9 Apr 2024 07:23:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3A52E6B0092; Tue, 9 Apr 2024 07:23:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 1A5196B0089 for ; Tue, 9 Apr 2024 07:23:07 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id CF1881A0334 for ; Tue, 9 Apr 2024 11:23:06 +0000 (UTC) X-FDA: 81989756772.27.7280378 Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72]) by imf07.hostedemail.com (Postfix) with ESMTP id 14B764000B for ; Tue, 9 Apr 2024 11:23:04 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf07.hostedemail.com: domain of 3GCUVZgkbAO0hnoZPaaTgPeeXS.VddVaTjhTgRdciTci.Rdb@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.72 as permitted sender) smtp.mailfrom=3GCUVZgkbAO0hnoZPaaTgPeeXS.VddVaTjhTgRdciTci.Rdb@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1712661785; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references; bh=XB80314w848NyGVGFY4b6hjNT5h98IQxWV7Umez7X3Q=; b=phxycMsRDmg7mck07MY7EyFpCYcxmjmiopo8LzIGQrhrx1niJ5hR36lYbTurys8QiktBRV ssJZ6Ubu7twe8x77zLO9IK2OLbcPVwHmFA9tHn69vhkiRFIWPSHNA2ZHlcXwzm8+15YMak q2WdtiiKf43HFmej+CPuaaUL4iUsoqc= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf07.hostedemail.com: domain of 3GCUVZgkbAO0hnoZPaaTgPeeXS.VddVaTjhTgRdciTci.Rdb@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.72 as permitted sender) smtp.mailfrom=3GCUVZgkbAO0hnoZPaaTgPeeXS.VddVaTjhTgRdciTci.Rdb@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1712661785; a=rsa-sha256; cv=none; b=s+GC2Jg/PFRI5tOFy9jOxg2K876pCtL9YSamkB/K4bEen70N+GHAXnWjYa6Mpic/p+j0QJ cfgS1drwQuvsd15o07ikSspItdAe/vYg3r+gWxw80CdFuv+bwP0QriO7w9XUdwBY+AIT+9 kOXubFP4KZS+H5Xi9pTtsiyGMQA4T0A= Received: by mail-io1-f72.google.com with SMTP id ca18e2360f4ac-7d5da88bb06so286324939f.0 for ; Tue, 09 Apr 2024 04:23:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712661784; x=1713266584; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XB80314w848NyGVGFY4b6hjNT5h98IQxWV7Umez7X3Q=; b=rgO2CJcvTIOMJgDo/raBz2O1j/tkHvHZPrflQbyNGrRyjzxGYC+TadjWveaC2HBaad RbANxA3oSMobmDC9x2UZPz317chrnczcljXuTVBTgLYjxeCTwXzAP3NNWyOEXKH+VaYa bzCkrK5q2O5LCNMsPGTQPwHtYVHLeUE4QximYCVcbm61TXpIJVvBzaukOxQMMACueDfS wUTGHPvXx9+GKXxkUU8bR2dyXlZap+OKb7xX5nRaF8yf3Wg7ED2m/HoA/iulaqmASILS 6IKzg/8jHGd99+BXuZZ6cSCbHTFjRT419GzHQzR4+XbWBkBPo26GIBQuz7OM7jK8ZoSO CRRg== X-Forwarded-Encrypted: i=1; AJvYcCVn8Z58b3O/cBmZASss+0JYLMRz2r0hURB/hpsUj6ijMxDU8Vi3TuiUOz++0TKAtTphSDNHu0PnWY5HoErJ+UjNWRg= X-Gm-Message-State: AOJu0YztlHYN2QeqaL9D3n166uYMVhl6cKhGNYzLnlmplnk9aPa+uLi+ v9iBfLe8YGnzHDiMPAIgd/s7XRxlPmOv8EZH5TjKuAEH9vzkXNReTqdEUHmjGCkRov1Ryq2Nq78 Ab3UaCeSM6v4LQ/yr6G2ttMvM6RMfj1jBl3ncaRNERTfUvHRbhGLQVvQ= X-Google-Smtp-Source: AGHT+IHr18O2m/tzwk1iXt7dCCE48nS0UEL87GUWrTVOq5kDDDpdnf+wWM1vRkG92aePc2Vtonr8qPfHLlxx/2kPpJ0pEodBMWQ0 MIME-Version: 1.0 X-Received: by 2002:a05:6638:3792:b0:47e:e557:ba45 with SMTP id w18-20020a056638379200b0047ee557ba45mr411925jal.0.1712661784225; Tue, 09 Apr 2024 04:23:04 -0700 (PDT) Date: Tue, 09 Apr 2024 04:23:04 -0700 In-Reply-To: X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <00000000000044fca50615a82595@google.com> Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in copy_from_kernel_nofault (2) From: syzbot To: akpm@linux-foundation.org, alexei.starovoitov@gmail.com, andrii.nakryiko@gmail.com, bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux@armlinux.org.uk, mark.rutland@arm.com, puranjay12@gmail.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 14B764000B X-Stat-Signature: ng95wz7imkoote7kx7i9cmrqnezmtn1a X-HE-Tag: 1712661784-711217 X-HE-Meta: U2FsdGVkX19hImOBpoVpzVss5Pkrf1Fk+wduaIIL6/q3bj8sPB/ShQErV1KmvtYoe4pwMotFiu8wTWiIlZVkq9PS/3krwRdNlP4GzTpEoJBnDSssgq8nnpPqo2h3RJYYWMSOkq2XUZkl98bHuQhiIhUA8dp1XQ8asht4fCKlvaP1onUIui0+wKEKR7w39VQKgrnW3LRzxtlR/d5W6pVb2TK/BCMJiKdSYWFwCFLG+ATeUuXZWz1/LQZofo/pBPQQEWcJwVxtZg1LQClZXaBMrUfRR9S0qnBOZxmO54esm34792XCUS0VQfdgu2B0X4q+1XFMXjO/1iBWI54DO8iZd2HBbvFvhMcTTk6z3lGo1plY1opNshBEeuCT9xRHokqf1TOiOwyIXfpPpsuZFUcNYt8AZzMasj17kycB6AjgxAdB3O5PTP3ljDiXFbXs0WuEKj+pH6isIyG635qX/u9HIJML8wS+owFazk7gz/7WiWH19uKzieRQQXXcar9aAAZii5uWNw3cVlWf0jeMmZhH6dS29MrumdbLXC4YN3LKmMDfRzBAUb6cDe/MhG9eTd43XjkX+oJpwIoWhgWZM8fF6hYp8gSNu3MHdz6qdbsJqwyW8k3qIk3954umwjze/3E/ByixqXcrl5jr18FVHU+N6pHRRG3ddveWzMHY1TYIrwjcCY6XfcbgaBQNG3aBwRAcjhgNP8X5WrDB63VlFZaliW1UsAAYW11Wta2jQ/FLGwid0P2V7LcqMn3wJBhTbdn/0B3H6C74syTbI8wMaDdFLysmZ/te/2GyXuCrtUwYhDbyWruWEY+R8g4dpC5wKJRXuVj9TZhRqTHspgr/KyKk7I1klOcpAAIRuJVEADCNDdSGWFnbVV4AMk4jhBwoe0QtDw1Ly1Kk6yrP3s6wdylx+hkXDj/nQyN+uhGkzOL3wNJBbM2cWqo/bzj+LI8pmVhpqFbIzeupGwQ0vjzxxHl +TFsto5A bdRBzrEh5XyjknjKVsO9fvjyn66MCcCUwN9IChxeBRj4hMsdQorha7rGXhWOz/SlDqHUBOiy5B7KM+1rAAqPEO7oIAwB12f79OCemrevd39yWlJmFxYjoCwlIAkziQXVDKN/Y4gvh/9K0beleG6i4Im8H4Y8rgVgVGrpS3aA0AFu+00lYTld0xY1BVbyDstGF/HRY9rH5MTCzA2hcOq7liPpW2lAFn1gQZtBFwaVLPyK5YzGz4+S347+sMXxfG+dT1GAWmxLx9Ibx++qDr2vfijxjOtv5fZOZEq4UKPQ3QOTqshFd/2ZmYuG0oe9iAIcLpU5f5SCqJ02giZLEF7e2f4MDUcJ8DssWinRu6SnBKExzW9r7mrY/HjWfIYa8Dy7TSh266pQ/WMct2sB5Lt/OPZigugTXVFGnqN/M1pw14gfBK+Djk0+zcUTOoiiZGA6I8rR/ezDRUyk4FmVnnSJLbh/zH/p76AHXm9lz5QPrzil3fvb+ORw0sBa93PoxlcJZO6zkbV1xibURhDszWBEoc8yxDn5DJhIq1gnlGvWh8vg3P58xnzdfiXcnNu7yiuT1BtB/eu72KgXzZfocz/fSallaNRaclQ0QMJXwMlryFbmijEmMvWP1kq2PbVy3hfaYdCj5RF5BwpnyQlH6dZMY/d/Me5WOm6aPnT8To5390njGeZ/FfQMFv+m9hoig+WsmJ+Lw+RPcA6J+fnC0GAV5lJ+NSPdF3JWG+rrObOLuOnBEMJCiZMWFzZDIQejO/oXRQWsUo2eeiF61baAaatJgnrhKkBST+uvKJMvgn1qdCpG4Q7a+xmB5lQYrBfXh9xklRkplZQqs4rkKZ0HX4/bbc1ulI/wHQEJpHd54eajVmqh7MXwxxTPo7pMGZaITy9+p9K3e6KYrHcJ6nnut9UbBgGUEMyQ4BVzrB6oFjuxI8Osx9byjzFPyOeszmyyYo3fHqTQbhJU29XPaPdQto11iYcM4Xdsg mvregXFj ygevRkQSZfNbfFhbAHDB+IacrAj0fxKM/Qan1Bo3b1o= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: INFO: task hung in _vm_unmap_aliases INFO: task kworker/0:41:4201 blocked for more than 430 seconds. Not tainted 6.9.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:41 state:D stack:0 pid:4201 tgid:4201 ppid:2 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<8189ad40>] (__schedule) from [<8189b97c>] (__schedule_loop kernel/sched/core.c:6823 [inline]) [<8189ad40>] (__schedule) from [<8189b97c>] (schedule+0x2c/0xfc kernel/sched/core.c:6838) r10:82c16005 r9:00000000 r8:82714be8 r7:00000002 r6:dfd0dd94 r5:84dd1800 r4:84dd1800 [<8189b950>] (schedule) from [<8189bf8c>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6895) r5:84dd1800 r4:82714be4 [<8189bf74>] (schedule_preempt_disabled) from [<8189e86c>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline]) [<8189bf74>] (schedule_preempt_disabled) from [<8189e86c>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752) [<8189e584>] (__mutex_lock.constprop.0) from [<8189f138>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040) r10:82c16005 r9:dfd0de20 r8:00000000 r7:ffffffff r6:00000000 r5:84c7a680 r4:00000000 [<8189f124>] (__mutex_lock_slowpath) from [<8189f178>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286) [<8189f13c>] (mutex_lock) from [<8049c624>] (_vm_unmap_aliases+0x60/0x2e8 mm/vmalloc.c:2788) [<8049c5c4>] (_vm_unmap_aliases) from [<804a04a8>] (vm_reset_perms mm/vmalloc.c:3235 [inline]) [<8049c5c4>] (_vm_unmap_aliases) from [<804a04a8>] (vfree+0x170/0x1e4 mm/vmalloc.c:3314) r10:82c16005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:84c7a680 r4:00000000 [<804a0338>] (vfree) from [<802edb08>] (module_memfree+0x30/0x50 kernel/module/main.c:1189) r9:84dd1800 r8:00000080 r7:00000000 r6:82c16000 r5:00001000 r4:7f055000 [<802edad8>] (module_memfree) from [<803916b0>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1058) r5:00001000 r4:dfe91000 [<803916a0>] (bpf_jit_free_exec) from [<80391870>] (bpf_jit_binary_free kernel/bpf/core.c:1104 [inline]) [<803916a0>] (bpf_jit_free_exec) from [<80391870>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1228) [<80391808>] (bpf_jit_free) from [<80392958>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2783) r5:845b0754 r4:845b0400 [<8039280c>] (bpf_prog_free_deferred) from [<8026678c>] (process_one_work+0x1b8/0x508 kernel/workqueue.c:3254) r7:dddd00c0 r6:82c16000 r5:845b0754 r4:84d7cb00 [<802665d4>] (process_one_work) from [<802674b0>] (process_scheduled_works kernel/workqueue.c:3335 [inline]) [<802665d4>] (process_one_work) from [<802674b0>] (worker_thread+0x1ec/0x418 kernel/workqueue.c:3416) r10:84dd1800 r9:84d7cb2c r8:61c88647 r7:dddd00e0 r6:82604d40 r5:dddd00c0 r4:84d7cb00 [<802672c4>] (worker_thread) from [<802701c4>] (kthread+0x104/0x134 kernel/kthread.c:388) r10:00000000 r9:dfa55e90 r8:845d8e80 r7:84d7cb00 r6:802672c4 r5:84dd1800 r4:84c66500 [<802700c0>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134) Exception stack(0xdfd0dfb0 to 0xdfd0dff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:802700c0 r4:84c66500 INFO: task kworker/1:55:4229 blocked for more than 430 seconds. Not tainted 6.9.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:55 state:D stack:0 pid:4229 tgid:4229 ppid:2 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<8189ad40>] (__schedule) from [<8189b97c>] (__schedule_loop kernel/sched/core.c:6823 [inline]) [<8189ad40>] (__schedule) from [<8189b97c>] (schedule+0x2c/0xfc kernel/sched/core.c:6838) r10:82c16205 r9:00000000 r8:82714be8 r7:00000002 r6:dfe39d94 r5:84e83c00 r4:84e83c00 [<8189b950>] (schedule) from [<8189bf8c>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:6895) r5:84e83c00 r4:82714be4 [<8189bf74>] (schedule_preempt_disabled) from [<8189e86c>] (__mutex_lock_common kernel/locking/mutex.c:684 [inline]) [<8189bf74>] (schedule_preempt_disabled) from [<8189e86c>] (__mutex_lock.constprop.0+0x2e8/0xae0 kernel/locking/mutex.c:752) [<8189e584>] (__mutex_lock.constprop.0) from [<8189f138>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1040) r10:82c16205 r9:dfe39e20 r8:00000000 r7:ffffffff r6:00000000 r5:84c7a240 r4:00000000 [<8189f124>] (__mutex_lock_slowpath) from [<8189f178>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:286) [<8189f13c>] (mutex_lock) from [<8049c624>] (_vm_unmap_aliases+0x60/0x2e8 mm/vmalloc.c:2788) [<8049c5c4>] (_vm_unmap_aliases) from [<804a04a8>] (vm_reset_perms mm/vmalloc.c:3235 [inline]) [<8049c5c4>] (_vm_unmap_aliases) from [<804a04a8>] (vfree+0x170/0x1e4 mm/vmalloc.c:3314) r10:82c16205 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:84c7a240 r4:00000000 [<804a0338>] (vfree) from [<802edb08>] (module_memfree+0x30/0x50 kernel/module/main.c:1189) r9:84e83c00 r8:00000180 r7:00000000 r6:82c16200 r5:00001000 r4:7f053000 [<802edad8>] (module_memfree) from [<803916b0>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1058) r5:00001000 r4:dfe73000 [<803916a0>] (bpf_jit_free_exec) from [<80391870>] (bpf_jit_binary_free kernel/bpf/core.c:1104 [inline]) [<803916a0>] (bpf_jit_free_exec) from [<80391870>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1228) [<80391808>] (bpf_jit_free) from [<80392958>] (bpf_prog_free_deferred+0x14c/0x164 kernel/bpf/core.c:2783) r5:845b2b54 r4:845b2800 [<8039280c>] (bpf_prog_free_deferred) from [<8026678c>] (process_one_work+0x1b8/0x508 kernel/workqueue.c:3254) r7:ddde40c0 r6:82c16200 r5:845b2b54 r4:845d9f80 [<802665d4>] (process_one_work) from [<802674b0>] (process_scheduled_works kernel/workqueue.c:3335 [inline]) [<802665d4>] (process_one_work) from [<802674b0>] (worker_thread+0x1ec/0x418 kernel/workqueue.c:3416) r10:84e83c00 r9:845d9fac r8:61c88647 r7:ddde40e0 r6:82604d40 r5:ddde40c0 r4:845d9f80 [<802672c4>] (worker_thread) from [<802701c4>] (kthread+0x104/0x134 kernel/kthread.c:388) r10:00000000 r9:dfde5e90 r8:84640600 r7:845d9f80 r6:802672c4 r5:84e83c00 r4:84c66300 [<802700c0>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134) Exception stack(0xdfe39fb0 to 0xdfe39ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:802700c0 r4:84c66300 NMI backtrace for cpu 0 CPU: 0 PID: 31 Comm: khungtaskd Not tainted 6.9.0-rc1-syzkaller #0 Hardware name: ARM-Versatile Express Call trace: [<818795bc>] (dump_backtrace) from [<818796b8>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:256) r7:00000000 r6:00000113 r5:60000193 r4:81fc4768 [<818796a0>] (show_stack) from [<81896e70>] (__dump_stack lib/dump_stack.c:88 [inline]) [<818796a0>] (show_stack) from [<81896e70>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:114) [<81896e00>] (dump_stack_lvl) from [<81896e94>] (dump_stack+0x18/0x1c lib/dump_stack.c:123) r5:00000000 r4:00000001 [<81896e7c>] (dump_stack) from [<81866994>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113) [<81866834>] (nmi_cpu_backtrace) from [<81866ae0>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000000 r6:8260c590 r5:8261a88c r4:ffffffff [<818669b0>] (nmi_trigger_cpumask_backtrace) from [<802105b4>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:851) r9:8260c6f4 r8:00007b4d r7:8289dfe0 r6:00007d59 r5:8500ee04 r4:850d4b24 [<8021059c>] (arch_trigger_cpumask_backtrace) from [<8034ec48>] (trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]) [<8021059c>] (arch_trigger_cpumask_backtrace) from [<8034ec48>] (check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]) [<8021059c>] (arch_trigger_cpumask_backtrace) from [<8034ec48>] (watchdog+0x480/0x594 kernel/hung_task.c:380) [<8034e7c8>] (watchdog) from [<802701c4>] (kthread+0x104/0x134 kernel/kthread.c:388) r10:00000000 r9:df819e58 r8:82e98440 r7:00000000 r6:8034e7c8 r5:82ee8c00 r4:82f42100 [<802700c0>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134) Exception stack(0xdf8ddfb0 to 0xdf8ddff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:802700c0 r4:82f42100 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 5655 Comm: kworker/1:259 Not tainted 6.9.0-rc1-syzkaller #0 Hardware name: ARM-Versatile Express Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker PC is at poly1305_final_arch+0x0/0x80 arch/arm/crypto/poly1305-glue.c:189 LR is at poly1305_final include/crypto/poly1305.h:94 [inline] LR is at chacha20poly1305_crypt_sg_inplace+0x43c/0x4b4 lib/crypto/chacha20poly1305.c:320 pc : [<80232f80>] lr : [<807fa0e4>] psr: 60000113 sp : eafa1990 ip : eafa1990 fp : eafa1bb4 r10: 00000000 r9 : 00000000 r8 : 00000000 r7 : eafa19e0 r6 : 00000000 r5 : 00000000 r4 : eafa19f0 r3 : 00000000 r2 : 00000000 r1 : eafa19f0 r0 : eafa1a68 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 8461dec0 DAC: 00000000 Call trace: [<807f9ca8>] (chacha20poly1305_crypt_sg_inplace) from [<807fa188>] (chacha20poly1305_encrypt_sg_inplace+0x2c/0x34 lib/crypto/chacha20poly1305.c:338) r10:00000000 r9:00000000 r8:00000074 r7:00000001 r6:84dca018 r5:00000000 r4:00000074 [<807fa15c>] (chacha20poly1305_encrypt_sg_inplace) from [<80bfb0f8>] (encrypt_packet+0x194/0x230 drivers/net/wireguard/send.c:216) r5:00000000 r4:00000074 [<80bfaf64>] (encrypt_packet) from [<80bfb8d0>] (wg_packet_encrypt_worker+0xbc/0x270 drivers/net/wireguard/send.c:297) r10:846c86e8 r9:82f2a540 r8:00000000 r7:846c86a0 r6:8260eea8 r5:00000000 r4:82f2a540 [<80bfb814>] (wg_packet_encrypt_worker) from [<8026678c>] (process_one_work+0x1b8/0x508 kernel/workqueue.c:3254) r10:84032e05 r9:85156000 r8:00000180 r7:ddde40c0 r6:84032e00 r5:ff7ffcf4 r4:8505ff00 [<802665d4>] (process_one_work) from [<802674b0>] (process_scheduled_works kernel/workqueue.c:3335 [inline]) [<802665d4>] (process_one_work) from [<802674b0>] (worker_thread+0x1ec/0x418 kernel/workqueue.c:3416) r10:85156000 r9:8505ff2c r8:61c88647 r7:ddde40e0 r6:82604d40 r5:ddde40c0 r4:8505ff00 [<802672c4>] (worker_thread) from [<802701c4>] (kthread+0x104/0x134 kernel/kthread.c:388) r10:00000000 r9:eaeb1e90 r8:84ed1a40 r7:8505ff00 r6:802672c4 r5:85156000 r4:847e7040 [<802700c0>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134) Exception stack(0xeafa1fb0 to 0xeafa1ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:802700c0 r4:847e7040 Tested on: commit: 7deb8d88 arm32, bpf: Fix sign-extension mov instruction git tree: https://github.com/puranjaymohan/linux.git arm32_movsx_fix console output: https://syzkaller.appspot.com/x/log.txt?x=175200cb180000 kernel config: https://syzkaller.appspot.com/x/.config?x=43f1e0cbdb852271 dashboard link: https://syzkaller.appspot.com/bug?extid=186522670e6722692d86 compiler: arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm Note: no patches were applied.