INFO: task kworker/0:125:7832 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:125 state:D stack:0 pid:7832 tgid:7832 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfacdd84 r9:829174e8 r8:60000113 r7:829174e8 r6:dfacdd8c r5:84fc1800 r4:84fc1800 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:84fc1800 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfacde08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86cb89c0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:84fc1800 r7:00000000 r6:83018400 r5:00001000 r4:7f346000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:eae23000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:8538cf94 r4:84dbbf00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:8538cf94 r4:84dbbf00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:84fc1800 r8:84dbbf2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:84dbbf00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:84dbbf00 r8:802762fc r7:dfa5de60 r6:85ff3c80 r5:84fc1800 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfacdfb0 to 0xdfacdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:85cfd640 INFO: task kworker/0:125:7832 is blocked on a mutex likely owned by task kworker/0:115:7798. task:kworker/0:115 state:R running task stack:0 pid:7798 tgid:7798 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:85f28c00 r8:80200c04 r7:dfbbdd54 r6:ffffffff r5:85f28c00 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdfbbdd20 to 0xdfbbdd68) dd20: dd523000 ea8bb000 00000001 80239018 7f234000 00000001 82ace204 82acd5e0 dd40: 7f234000 ea8bb000 8280ca38 dfbbdd9c dfbbdda0 dfbbdd70 8022fe10 80239030 dd60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:dfbbddc0 r5:dfbbde08 r4:dfbbddc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86844ec0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:85f28c00 r7:00000000 r6:83018400 r5:00001000 r4:7f326000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea3a5000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:84e0eb94 r4:8611e600 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:84e0eb94 r4:8611e600 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:85f28c00 r8:8611e62c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8611e600 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8611e600 r8:802762fc r7:ec6dde60 r6:8611e180 r5:85f28c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfbbdfb0 to 0xdfbbdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8612e0c0 INFO: task kworker/0:126:7836 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:126 state:D stack:0 pid:7836 tgid:7836 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfba9d84 r9:829174e8 r8:60000013 r7:829174e8 r6:dfba9d8c r5:86204800 r4:86204800 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:86204800 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfba9e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9180 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:86204800 r7:00000000 r6:83018400 r5:00001000 r4:7f342000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea93a000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d3394 r4:84dbb000 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d3394 r4:84dbb000 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:86204800 r8:84dbb02c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:84dbb000 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:84dbb000 r8:802762fc r7:dfa5de60 r6:85ff3000 r5:86204800 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfba9fb0 to 0xdfba9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:85e9b340 INFO: task kworker/0:126:7836 is blocked on a mutex likely owned by task kworker/0:115:7798. task:kworker/0:115 state:R running task stack:0 pid:7798 tgid:7798 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:85f28c00 r8:80200c04 r7:dfbbdd54 r6:ffffffff r5:85f28c00 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdfbbdd20 to 0xdfbbdd68) dd20: dd523000 ea8bb000 00000001 80239018 7f234000 00000001 82ace204 82acd5e0 dd40: 7f234000 ea8bb000 8280ca38 dfbbdd9c dfbbdda0 dfbbdd70 8022fe10 80239030 dd60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:dfbbddc0 r5:dfbbde08 r4:dfbbddc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86844ec0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:85f28c00 r7:00000000 r6:83018400 r5:00001000 r4:7f326000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea3a5000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:84e0eb94 r4:8611e600 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:84e0eb94 r4:8611e600 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:85f28c00 r8:8611e62c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8611e600 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8611e600 r8:802762fc r7:ec6dde60 r6:8611e180 r5:85f28c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfbbdfb0 to 0xdfbbdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8612e0c0 INFO: task kworker/0:8:15650 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:8 state:D stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:df999d84 r9:829174e8 r8:60000113 r7:829174e8 r6:df999d8c r5:8619a400 r4:8619a400 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:8619a400 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:df999e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 INFO: task kworker/0:8:15650 is blocked on a mutex likely owned by task kworker/0:115:7798. task:kworker/0:115 state:R running task stack:0 pid:7798 tgid:7798 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:85f28c00 r8:80200c04 r7:dfbbdd54 r6:ffffffff r5:85f28c00 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdfbbdd20 to 0xdfbbdd68) dd20: dd721000 ea8bb000 00000001 80239018 7f234000 00000001 82ace204 82acd5e0 dd40: 7f234000 ea8bb000 8280ca38 dfbbdd9c dfbbdda0 dfbbdd70 8022fe10 80239030 dd60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:dfbbddc0 r5:dfbbde08 r4:dfbbddc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86844ec0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:85f28c00 r7:00000000 r6:83018400 r5:00001000 r4:7f326000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea3a5000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:84e0eb94 r4:8611e600 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:84e0eb94 r4:8611e600 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:85f28c00 r8:8611e62c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8611e600 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8611e600 r8:802762fc r7:ec6dde60 r6:8611e180 r5:85f28c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfbbdfb0 to 0xdfbbdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8612e0c0 INFO: task kworker/1:23:19836 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:23 state:D stack:0 pid:19836 tgid:19836 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:e0195d84 r9:829174e8 r8:600f0113 r7:829174e8 r6:e0195d8c r5:86bcb000 r4:86bcb000 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:86bcb000 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:e0195e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9100 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018605 r8:86bcb000 r7:00000000 r6:83018600 r5:00001000 r4:7f344000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea997000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d1b94 r4:85e3f180 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:ddde3b40 r6:83018600 r5:867d1b94 r4:85e3f180 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:86bcb000 r8:85e3f1ac r7:82804d80 r6:ddde3b40 r5:ddde3b60 r4:85e3f180 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:85e3f180 r8:802762fc r7:ebc95e60 r6:857e2b00 r5:86bcb000 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xe0195fb0 to 0xe0195ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:865b7840 INFO: task kworker/1:23:19836 is blocked on a mutex likely owned by task kworker/0:115:7798. task:kworker/0:115 state:R running task stack:0 pid:7798 tgid:7798 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:85f28c00 r8:80200c04 r7:dfbbdd54 r6:ffffffff r5:85f28c00 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdfbbdd20 to 0xdfbbdd68) dd20: dd9f3000 ea8bb000 00000001 80239018 7f234000 00000001 82ace204 82acd5e0 dd40: 7f234000 ea8bb000 8280ca38 dfbbdd9c dfbbdda0 dfbbdd70 8022fe10 80239030 dd60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:dfbbddc0 r5:dfbbde08 r4:dfbbddc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86844ec0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:85f28c00 r7:00000000 r6:83018400 r5:00001000 r4:7f326000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea3a5000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:84e0eb94 r4:8611e600 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:84e0eb94 r4:8611e600 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:85f28c00 r8:8611e62c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8611e600 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8611e600 r8:802762fc r7:ec6dde60 r6:8611e180 r5:85f28c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfbbdfb0 to 0xdfbbdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8612e0c0 NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express Call trace: [<80201a74>] (dump_backtrace) from [<80201b70>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:00000113 r5:60000193 r4:82295830 [<80201b58>] (show_stack) from [<8021ee34>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201b58>] (show_stack) from [<8021ee34>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:120) [<8021edc4>] (dump_stack_lvl) from [<8021ee58>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000001 r4:00000001 [<8021ee40>] (dump_stack) from [<81a9b8e0>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113) [<81a9b780>] (nmi_cpu_backtrace) from [<81a9ba2c>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000001 r6:8280c710 r5:8281af5c r4:ffffffff [<81a9b8fc>] (nmi_trigger_cpumask_backtrace) from [<8022f818>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:852) r9:00007e62 r8:8280c890 r7:000510d2 r6:00007e62 r5:82ac27e4 r4:00000048 [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]) [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (__sys_info lib/sys_info.c:157 [inline]) [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (sys_info+0x68/0xa8 lib/sys_info.c:165) [<81aa34d4>] (sys_info) from [<80383780>] (check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]) [<81aa34d4>] (sys_info) from [<80383780>] (watchdog+0x464/0x8a0 kernel/hung_task.c:515) r5:82ac27e4 r4:861a6c0c [<8038331c>] (watchdog) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:00000000 r8:8038331c r7:832a2b00 r6:832a2b00 r5:832e8c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf8d9fb0 to 0xdf8d9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8332cb00 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 2815 Comm: pr/ttyAMA-1 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express PC is at __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] PC is at _raw_spin_unlock_irqrestore+0x28/0x54 kernel/locking/spinlock.c:194 LR is at spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] LR is at __uart_port_unlock_irqrestore include/linux/serial_core.h:616 [inline] LR is at pl011_console_device_unlock+0x20/0x24 drivers/tty/serial/amba-pl011.c:2603 pc : [<81abca50>] lr : [<80aa3928>] psr: 60000113 sp : eb0cdeb0 ip : eb0cdec0 fp : eb0cdebc r10: 82959c04 r9 : 00000000 r8 : 00000000 r7 : 00000117 r6 : 82959b68 r5 : 00000000 r4 : 00000001 r3 : 00002ba3 r2 : 00000000 r1 : 60000113 r0 : 84687840 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 86fb81c0 DAC: fffffffd Call trace: [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]) [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (__uart_port_unlock_irqrestore include/linux/serial_core.h:616 [inline]) [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (pl011_console_device_unlock+0x20/0x24 drivers/tty/serial/amba-pl011.c:2603) [<80aa3908>] (pl011_console_device_unlock) from [<802e5720>] (nbcon_emit_one+0x88/0x100 kernel/printk/nbcon.c:1149) [<802e5698>] (nbcon_emit_one) from [<802e59a0>] (nbcon_kthread_func+0x208/0x2e4 kernel/printk/nbcon.c:1255) r6:82abf0fc r5:82959b68 r4:8389bc00 [<802e5798>] (nbcon_kthread_func) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:82959b68 r8:802e5798 r7:84b48480 r6:84b48480 r5:8389bc00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xeb0cdfb0 to 0xeb0cdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:844fba40 INFO: task kworker/1:145:7796 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:145 state:D stack:0 pid:7796 tgid:7796 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfc85d84 r9:829174e8 r8:60000013 r7:829174e8 r6:dfc85d8c r5:84fc6000 r4:84fc6000 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:84fc6000 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfc85e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86d4bac0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018605 r8:84fc6000 r7:00000000 r6:83018600 r5:00001000 r4:7f270000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:dfba3000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:8538d394 r4:85ff3180 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:ddde3b40 r6:83018600 r5:8538d394 r4:85ff3180 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:84fc6000 r8:85ff31ac r7:82804d80 r6:ddde3b40 r5:ddde3b60 r4:85ff3180 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:85ff3180 r8:802762fc r7:dfb1de60 r6:85ff3080 r5:84fc6000 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfc85fb0 to 0xdfc85ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:84d73400 INFO: task kworker/1:145:7796 is blocked on a mutex likely owned by task kworker/0:8:15650. task:kworker/0:8 state:R running task stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:8619a400 r8:80200c04 r7:df999d54 r6:ffffffff r5:8619a400 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdf999d20 to 0xdf999d68) 9d20: d322e000 ea73f000 00000001 80239018 7f308000 00000001 82ace204 82acd5e0 9d40: 7f308000 ea73f000 8280ca38 df999d9c df999da0 df999d70 8022fe10 80239030 9d60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:df999dc0 r5:df999e08 r4:df999dc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 INFO: task kworker/0:125:7832 blocked for more than 451 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:125 state:D stack:0 pid:7832 tgid:7832 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfacdd84 r9:829174e8 r8:60000113 r7:829174e8 r6:dfacdd8c r5:84fc1800 r4:84fc1800 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:84fc1800 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfacde08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86cb89c0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:84fc1800 r7:00000000 r6:83018400 r5:00001000 r4:7f346000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:eae23000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:8538cf94 r4:84dbbf00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:8538cf94 r4:84dbbf00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:84fc1800 r8:84dbbf2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:84dbbf00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:84dbbf00 r8:802762fc r7:dfa5de60 r6:85ff3c80 r5:84fc1800 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfacdfb0 to 0xdfacdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:85cfd640 INFO: task kworker/0:125:7832 is blocked on a mutex likely owned by task kworker/0:8:15650. task:kworker/0:8 state:R running task stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:8619a400 r8:80200c04 r7:df999d54 r6:ffffffff r5:8619a400 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdf999d20 to 0xdf999d68) 9d20: d3707000 ea73f000 00000001 80239018 7f308000 00000001 82ace204 82acd5e0 9d40: 7f308000 ea73f000 8280ca38 df999d9c df999da0 df999d70 8022fe10 80239030 9d60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:df999dc0 r5:df999e08 r4:df999dc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 INFO: task kworker/0:126:7836 blocked for more than 451 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:126 state:D stack:0 pid:7836 tgid:7836 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfba9d84 r9:829174e8 r8:60000013 r7:829174e8 r6:dfba9d8c r5:86204800 r4:86204800 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:86204800 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfba9e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9180 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:86204800 r7:00000000 r6:83018400 r5:00001000 r4:7f342000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea93a000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d3394 r4:84dbb000 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d3394 r4:84dbb000 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:86204800 r8:84dbb02c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:84dbb000 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:84dbb000 r8:802762fc r7:dfa5de60 r6:85ff3000 r5:86204800 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfba9fb0 to 0xdfba9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:85e9b340 INFO: task kworker/0:126:7836 is blocked on a mutex likely owned by task kworker/0:8:15650. task:kworker/0:8 state:R running task stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:8619a400 r8:80200c04 r7:df999d54 r6:ffffffff r5:8619a400 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdf999d20 to 0xdf999d68) 9d20: d3707000 ea73f000 00000001 80239018 7f308000 00000001 82ace204 82acd5e0 9d40: 7f308000 ea73f000 8280ca38 df999d9c df999da0 df999d70 8022fe10 80239030 9d60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:df999dc0 r5:df999e08 r4:df999dc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 INFO: task kworker/1:17:18904 blocked for more than 430 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:17 state:D stack:0 pid:18904 tgid:18904 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:dfb51d84 r9:829174e8 r8:600f0113 r7:829174e8 r6:dfb51d8c r5:861bbc00 r4:861bbc00 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:861bbc00 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:dfb51e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:86d4bcc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018605 r8:861bbc00 r7:00000000 r6:83018600 r5:00001000 r4:7f246000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:dfb6d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:8538c394 r4:84ceb580 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:ddde3b40 r6:83018600 r5:8538c394 r4:84ceb580 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:861bbc00 r8:84ceb5ac r7:82804d80 r6:ddde3b40 r5:ddde3b60 r4:84ceb580 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:84ceb580 r8:802762fc r7:dfb01e60 r6:84ceb600 r5:861bbc00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfb51fb0 to 0xdfb51ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86af0900 INFO: task kworker/1:17:18904 is blocked on a mutex likely owned by task kworker/0:8:15650. task:kworker/0:8 state:R running task stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:8619a400 r8:80200c04 r7:df999d54 r6:ffffffff r5:8619a400 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdf999d20 to 0xdf999d68) 9d20: d39ce000 ea73f000 00000001 80239018 7f308000 00000001 82ace204 82acd5e0 9d40: 7f308000 ea73f000 8280ca38 df999d9c df999da0 df999d70 8022fe10 80239030 9d60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:df999dc0 r5:df999e08 r4:df999dc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 INFO: task kworker/1:23:19836 blocked for more than 451 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:23 state:D stack:0 pid:19836 tgid:19836 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab30a8>] (__schedule_loop kernel/sched/core.c:6945 [inline]) [<81ab1dfc>] (__schedule) from [<81ab30a8>] (schedule+0x2c/0x130 kernel/sched/core.c:6960) r10:e0195d84 r9:829174e8 r8:600f0113 r7:829174e8 r6:e0195d8c r5:86bcb000 r4:86bcb000 [<81ab307c>] (schedule) from [<81ab3230>] (schedule_preempt_disabled+0x18/0x24 kernel/sched/core.c:7017) r5:86bcb000 r4:829174e4 [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock_common kernel/locking/mutex.c:692 [inline]) [<81ab3218>] (schedule_preempt_disabled) from [<81ab68b4>] (__mutex_lock.constprop.0+0x658/0xf8c kernel/locking/mutex.c:776) [<81ab625c>] (__mutex_lock.constprop.0) from [<81ab72bc>] (__mutex_lock_slowpath+0x14/0x18 kernel/locking/mutex.c:1065) r10:8280c9e4 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:e0195e08 r4:00000000 [<81ab72a8>] (__mutex_lock_slowpath) from [<81ab72fc>] (mutex_lock+0x3c/0x40 kernel/locking/mutex.c:290) [<81ab72c0>] (mutex_lock) from [<804f4368>] (_vm_unmap_aliases+0x68/0x240 mm/vmalloc.c:2944) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9100 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018605 r8:86bcb000 r7:00000000 r6:83018600 r5:00001000 r4:7f344000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea997000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d1b94 r4:85e3f180 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:ddde3b40 r6:83018600 r5:867d1b94 r4:85e3f180 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:86bcb000 r8:85e3f1ac r7:82804d80 r6:ddde3b40 r5:ddde3b60 r4:85e3f180 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:85e3f180 r8:802762fc r7:ebc95e60 r6:857e2b00 r5:86bcb000 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xe0195fb0 to 0xe0195ff8) 5fa0: 00000000 00000000 00000000 00000000 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:865b7840 INFO: task kworker/1:23:19836 is blocked on a mutex likely owned by task kworker/0:8:15650. task:kworker/0:8 state:R running task stack:0 pid:15650 tgid:15650 ppid:2 task_flags:0x4208060 flags:0x00000000 Workqueue: events bpf_prog_free_deferred Call trace: [<81ab1dfc>] (__schedule) from [<81ab34dc>] (preempt_schedule_irq+0x40/0xa8 kernel/sched/core.c:7190) r10:8280ca38 r9:8619a400 r8:80200c04 r7:df999d54 r6:ffffffff r5:8619a400 r4:00000000 [<81ab349c>] (preempt_schedule_irq) from [<80200c24>] (svc_preempt+0x8/0x18) Exception stack(0xdf999d20 to 0xdf999d68) 9d20: d39ce000 ea73f000 00000001 80239018 7f308000 00000001 82ace204 82acd5e0 9d40: 7f308000 ea73f000 8280ca38 df999d9c df999da0 df999d70 8022fe10 80239030 9d60: 80000113 ffffffff r5:80000113 r4:80239030 [<8022fdac>] (flush_tlb_kernel_range) from [<804f412c>] (__purge_vmap_area_lazy+0x284/0x458 mm/vmalloc.c:2369) r4:82ace224 [<804f3ea8>] (__purge_vmap_area_lazy) from [<804f44e4>] (_vm_unmap_aliases+0x1e4/0x240 mm/vmalloc.c:2983) r10:00000000 r9:00000000 r8:00000000 r7:ffffffff r6:df999dc0 r5:df999e08 r4:df999dc0 [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vm_reset_perms mm/vmalloc.c:3375 [inline]) [<804f4300>] (_vm_unmap_aliases) from [<804f8150>] (vfree+0x16c/0x210 mm/vmalloc.c:3454) r10:83016170 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:864d9bc0 r4:00000000 [<804f7fe4>] (vfree) from [<80563f5c>] (execmem_free+0x30/0x50 mm/execmem.c:503) r9:83018405 r8:8619a400 r7:00000000 r6:83018400 r5:00001000 r4:7f340000 [<80563f2c>] (execmem_free) from [<803cb24c>] (bpf_jit_free_exec+0x10/0x14 kernel/bpf/core.c:1068) r5:00001000 r4:ea78d000 [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_binary_free kernel/bpf/core.c:1114 [inline]) [<803cb23c>] (bpf_jit_free_exec) from [<803cb62c>] (bpf_jit_free+0x68/0xe4 kernel/bpf/core.c:1237) [<803cb5c4>] (bpf_jit_free) from [<803cc754>] (bpf_prog_free_deferred+0x140/0x158 kernel/bpf/core.c:2935) r5:867d2394 r4:8668fc00 [<803cc614>] (bpf_prog_free_deferred) from [<80275db8>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3257) r7:dddcfb40 r6:83018400 r5:867d2394 r4:8668fc00 [<80275c04>] (process_one_work) from [<802764f8>] (process_scheduled_works kernel/workqueue.c:3340 [inline]) [<80275c04>] (process_one_work) from [<802764f8>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3421) r10:61c88647 r9:8619a400 r8:8668fc2c r7:82804d80 r6:dddcfb40 r5:dddcfb60 r4:8668fc00 [<802762fc>] (worker_thread) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:8668fc00 r8:802762fc r7:dfbbde60 r6:8668f680 r5:8619a400 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf999fb0 to 0xdf999ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:86542300 NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express Call trace: [<80201a74>] (dump_backtrace) from [<80201b70>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:00000113 r5:60000193 r4:82295830 [<80201b58>] (show_stack) from [<8021ee34>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201b58>] (show_stack) from [<8021ee34>] (dump_stack_lvl+0x70/0x7c lib/dump_stack.c:120) [<8021edc4>] (dump_stack_lvl) from [<8021ee58>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000000 r4:00000001 [<8021ee40>] (dump_stack) from [<81a9b8e0>] (nmi_cpu_backtrace+0x160/0x17c lib/nmi_backtrace.c:113) [<81a9b780>] (nmi_cpu_backtrace) from [<81a9ba2c>] (nmi_trigger_cpumask_backtrace+0x130/0x1d8 lib/nmi_backtrace.c:62) r7:00000000 r6:8280c710 r5:8281af5c r4:ffffffff [<81a9b8fc>] (nmi_trigger_cpumask_backtrace) from [<8022f818>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:852) r9:00007e80 r8:8280c890 r7:00051926 r6:00007e80 r5:82ac27e4 r4:00000048 [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]) [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (__sys_info lib/sys_info.c:157 [inline]) [<8022f800>] (arch_trigger_cpumask_backtrace) from [<81aa353c>] (sys_info+0x68/0xa8 lib/sys_info.c:165) [<81aa34d4>] (sys_info) from [<80383780>] (check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]) [<81aa34d4>] (sys_info) from [<80383780>] (watchdog+0x464/0x8a0 kernel/hung_task.c:515) r5:82ac27e4 r4:85d5d70c [<8038331c>] (watchdog) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:00000000 r8:8038331c r7:832a2b00 r6:832a2b00 r5:832e8c00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdf8d9fb0 to 0xdf8d9ff8) 9fa0: 00000000 00000000 00000000 00000000 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:8332cb00 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 2815 Comm: pr/ttyAMA-1 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express PC is at __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] PC is at _raw_spin_unlock_irqrestore+0x28/0x54 kernel/locking/spinlock.c:194 LR is at unlock_hrtimer_base kernel/time/hrtimer.c:1013 [inline] LR is at hrtimer_start_range_ns+0x16c/0x528 kernel/time/hrtimer.c:1325 pc : [<81abca50>] lr : [<8032a5d4>] psr: 600f0113 sp : df805de0 ip : df805df0 fp : df805dec r10: ddddb000 r9 : ddddb040 r8 : c7b16f12 r7 : 00000000 r6 : ddddb000 r5 : ddddb040 r4 : 86cce5a8 r3 : 000077c4 r2 : 0000003e r1 : 200f0113 r0 : ddddb000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 86ad64c0 DAC: 00000000 Call trace: frame pointer underflow [<81abca28>] (_raw_spin_unlock_irqrestore) from [<8032a5d4>] (unlock_hrtimer_base kernel/time/hrtimer.c:1013 [inline]) [<81abca28>] (_raw_spin_unlock_irqrestore) from [<8032a5d4>] (hrtimer_start_range_ns+0x16c/0x528 kernel/time/hrtimer.c:1325) [<8032a468>] (hrtimer_start_range_ns) from [<81653e24>] (qdisc_watchdog_schedule_range_ns net/sched/sch_api.c:653 [inline]) [<8032a468>] (hrtimer_start_range_ns) from [<81653e24>] (qdisc_watchdog_schedule_range_ns+0x8c/0x94 net/sched/sch_api.c:630) r10:c7b16f12 r9:00000000 r8:00000000 r7:00000000 r6:0000034f r5:c7b16f12 r4:86cce5a8 [<81653d98>] (qdisc_watchdog_schedule_range_ns) from [<81688470>] (qdisc_watchdog_schedule_ns include/net/pkt_sched.h:75 [inline]) [<81653d98>] (qdisc_watchdog_schedule_range_ns) from [<81688470>] (tbf_dequeue+0x354/0x400 net/sched/sch_tbf.c:317) r9:00000000 r8:fffffffd r7:000000be r6:86cce540 r5:147b2cca r4:86cce400 [<8168811c>] (tbf_dequeue) from [<81650548>] (dequeue_skb net/sched/sch_generic.c:297 [inline]) [<8168811c>] (tbf_dequeue) from [<81650548>] (qdisc_restart net/sched/sch_generic.c:402 [inline]) [<8168811c>] (tbf_dequeue) from [<81650548>] (__qdisc_run+0x84/0x7fc net/sched/sch_generic.c:420) r10:8389bc00 r9:00000001 r8:85d42600 r7:00000040 r6:00000000 r5:86cce400 r4:86cce400 [<816504c4>] (__qdisc_run) from [<815c28bc>] (qdisc_run include/net/pkt_sched.h:120 [inline]) [<816504c4>] (__qdisc_run) from [<815c28bc>] (qdisc_run include/net/pkt_sched.h:117 [inline]) [<816504c4>] (__qdisc_run) from [<815c28bc>] (net_tx_action+0x128/0x3f4 net/core/dev.c:5781) r10:8389bc00 r9:00000001 r8:86cce490 r7:ddde5000 r6:00000000 r5:86cce48c r4:86cce400 [<815c2794>] (net_tx_action) from [<8025b65c>] (handle_softirqs+0x140/0x458 kernel/softirq.c:622) r10:8389bc00 r9:82804d80 r8:00000101 r7:00000002 r6:00000004 r5:00000003 r4:82804088 [<8025b51c>] (handle_softirqs) from [<8025bad0>] (__do_softirq kernel/softirq.c:656 [inline]) [<8025b51c>] (handle_softirqs) from [<8025bad0>] (invoke_softirq kernel/softirq.c:496 [inline]) [<8025b51c>] (handle_softirqs) from [<8025bad0>] (__irq_exit_rcu+0x110/0x1d0 kernel/softirq.c:723) r10:82959c04 r9:8389bc00 r8:00000000 r7:eb0cde60 r6:82444074 r5:8247f1f4 r4:8389bc00 [<8025b9c0>] (__irq_exit_rcu) from [<8025be48>] (irq_exit+0x10/0x18 kernel/softirq.c:751) r5:8247f1f4 r4:826c3a9c [<8025be38>] (irq_exit) from [<81aae624>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:295) [<81aae5a8>] (generic_handle_arch_irq) from [<81a7e5c4>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:8389bc00 r8:00000000 r7:eb0cde94 r6:ffffffff r5:600f0113 r4:81abca50 [<81a7e5a8>] (call_with_stack) from [<80200bec>] (__irq_svc+0x8c/0xbc arch/arm/kernel/entry-armv.S:228) Exception stack(0xeb0cde60 to 0xeb0cdea8) de60: 84687840 600f0113 00000000 00002cb4 00000001 00000000 82959b68 00000117 de80: 00000000 00000001 82959c04 eb0cdebc eb0cdec0 eb0cdeb0 80aa3928 81abca50 dea0: 600f0113 ffffffff [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]) [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (__uart_port_unlock_irqrestore include/linux/serial_core.h:616 [inline]) [<81abca28>] (_raw_spin_unlock_irqrestore) from [<80aa3928>] (pl011_console_device_unlock+0x20/0x24 drivers/tty/serial/amba-pl011.c:2603) [<80aa3908>] (pl011_console_device_unlock) from [<802e5720>] (nbcon_emit_one+0x88/0x100 kernel/printk/nbcon.c:1149) [<802e5698>] (nbcon_emit_one) from [<802e59a0>] (nbcon_kthread_func+0x208/0x2e4 kernel/printk/nbcon.c:1255) r6:82abf0fc r5:82959b68 r4:8389bc00 [<802e5798>] (nbcon_kthread_func) from [<8027f6fc>] (kthread+0x12c/0x280 kernel/kthread.c:463) r10:00000000 r9:82959b68 r8:802e5798 r7:84b48480 r6:84b48480 r5:8389bc00 r4:00000001 [<8027f5d0>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xeb0cdfb0 to 0xeb0cdff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8027f5d0 r4:844fba40