bisecting cause commit starting from 4eee8d0b64ecc3231040fa68ba750317ffca5c52 building syzkaller on a4a2a50158b25d4af0fd07528f38e6656b903d68 testing commit 4eee8d0b64ecc3231040fa68ba750317ffca5c52 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 21773a4eba2b217674bac3a774b8f730e9823dfcf928bd8e9ee4c696a5db8068 run #0: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #1: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #2: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #3: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #4: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #5: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #6: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #7: crashed: WARNING in hci_cmd_sync_cancel run #8: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #9: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #10: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #11: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #12: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #13: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #14: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #15: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #16: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #17: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #18: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel run #19: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 23b867ff5df3d6cb6b498368a18ae79abf8004bbd96dea98ad38033811273ce5 all runs: OK # git bisect start 4eee8d0b64ecc3231040fa68ba750317ffca5c52 8bb7eca972ad531c9b149c0a51ab43a417385813 Bisecting: 10044 revisions left to test after this (roughly 13 steps) [abfecb39092029c42c79bacac3d1c96a133ff231] Merge tag 'tty-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit abfecb39092029c42c79bacac3d1c96a133ff231 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fa3f5143a4736abd399ee0cad53cdae8036182b877675f8b531a721db75c5c11 all runs: OK # git bisect good abfecb39092029c42c79bacac3d1c96a133ff231 Bisecting: 4975 revisions left to test after this (roughly 12 steps) [b0febc963bafbbd4edda7497e4e54844474016bc] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git testing commit b0febc963bafbbd4edda7497e4e54844474016bc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 823136bf4831d26eb22773c1fe8c7f480c63829430a2eb72fd89176a56994f97 all runs: OK # git bisect good b0febc963bafbbd4edda7497e4e54844474016bc Bisecting: 2481 revisions left to test after this (roughly 11 steps) [3cd6af90fb03acf0556916a0ca953072965c0d2c] Merge branch 'drm-next' of git://git.freedesktop.org/git/drm/drm.git testing commit 3cd6af90fb03acf0556916a0ca953072965c0d2c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2708b55277e359964d192b945d56cd0c63b8f96faf4c140726ee83ff2cd98d57 all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad 3cd6af90fb03acf0556916a0ca953072965c0d2c Bisecting: 1517 revisions left to test after this (roughly 10 steps) [228132c04b62008e158248bee11d7433d2e679d4] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git testing commit 228132c04b62008e158248bee11d7433d2e679d4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 77b432d37f8b8d61cef52a3b4ca963730ed3c2c1d1af49aa07c3f27447668ca6 all runs: OK # git bisect good 228132c04b62008e158248bee11d7433d2e679d4 Bisecting: 708 revisions left to test after this (roughly 10 steps) [4b858931490afee886a5bf52afa0810eb9337a81] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git testing commit 4b858931490afee886a5bf52afa0810eb9337a81 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af008965132790b43811349f0d935866ec3312f324cefd37a146225cacfd50ec all runs: OK # git bisect good 4b858931490afee886a5bf52afa0810eb9337a81 Bisecting: 270 revisions left to test after this (roughly 9 steps) [c305ae99dfd4d0fe70c7fdf13ef5f7650a804ea7] Merge tag 'drm-intel-next-2021-11-30' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit c305ae99dfd4d0fe70c7fdf13ef5f7650a804ea7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c54bc15a7c6a1de48a6e53661cb79949ecde6e3ca9529ab5b4c30887035a71f all runs: OK # git bisect good c305ae99dfd4d0fe70c7fdf13ef5f7650a804ea7 Bisecting: 124 revisions left to test after this (roughly 7 steps) [26641b524cc69ff42c60f990509786e3b7cb008c] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git testing commit 26641b524cc69ff42c60f990509786e3b7cb008c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 61528cd6ef21b9d1b1f9dabfa2e1f6ab39b1aaef0d54f81ec0c13ecd41d4466c all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad 26641b524cc69ff42c60f990509786e3b7cb008c Bisecting: 72 revisions left to test after this (roughly 6 steps) [2da4366f9e2c44afedec4acad65a99a3c7da1a35] iwlwifi: mei: add the driver to allow cooperation with CSME testing commit 2da4366f9e2c44afedec4acad65a99a3c7da1a35 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 78d50c8ecff8217a917c11fb5b4f4bf2d88ad0bd73e7a242bf69a1bf60642889 all runs: OK # git bisect good 2da4366f9e2c44afedec4acad65a99a3c7da1a35 Bisecting: 36 revisions left to test after this (roughly 5 steps) [801b4c027b44a185292007d3cf7513999d644723] Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip testing commit 801b4c027b44a185292007d3cf7513999d644723 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dc71f918b3daad0a8a6acfb9dfed8074a8979ab301c0e2ae921e17acedb70088 all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad 801b4c027b44a185292007d3cf7513999d644723 Bisecting: 17 revisions left to test after this (roughly 4 steps) [ae61a10d9d46c4a0844c46d0863bf991c4dda66c] Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events testing commit ae61a10d9d46c4a0844c46d0863bf991c4dda66c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 754468cfe29d435f9c07c4ecc2aac84dd3a539fdbcec785de264baeef035c420 all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad ae61a10d9d46c4a0844c46d0863bf991c4dda66c Bisecting: 8 revisions left to test after this (roughly 3 steps) [ea13aed5e5dfbabd166759aaf9f4af3cb804875a] Bluetooth: Send device found event on name resolve failure testing commit ea13aed5e5dfbabd166759aaf9f4af3cb804875a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8da0f63faf9bebaa81948a68d02f905ab18f2f662d5ecfcb6171bbb5d7f7972e all runs: OK # git bisect good ea13aed5e5dfbabd166759aaf9f4af3cb804875a Bisecting: 4 revisions left to test after this (roughly 2 steps) [2250abadd3508d6961f1aa56cf8cff59f0196cb8] Bluetooth: hci_core: Cancel sync command if sending a frame failed testing commit 2250abadd3508d6961f1aa56cf8cff59f0196cb8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b415c5061112f0f7fd1af58154131b9915f3a7a2286d96c7b27549bc2253ad55 all runs: OK # git bisect good 2250abadd3508d6961f1aa56cf8cff59f0196cb8 Bisecting: 2 revisions left to test after this (roughly 1 step) [4b4b2228f521c338030b1f310a5dee73fd7d8f26] Bluetooth: btmtksdio: handle runtime pm only when sdio_func is available testing commit 4b4b2228f521c338030b1f310a5dee73fd7d8f26 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 73fbb6cc8e38f64075e0f1cc5358591cfc251dbe9db7d4aa3a3e496eafdc261a all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad 4b4b2228f521c338030b1f310a5dee73fd7d8f26 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c97a747efc93f94a4ad6c707972dfbf8d774edf9] Bluetooth: btusb: Cancel sync commands for certain URB errors testing commit c97a747efc93f94a4ad6c707972dfbf8d774edf9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 73fbb6cc8e38f64075e0f1cc5358591cfc251dbe9db7d4aa3a3e496eafdc261a all runs: crashed: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel # git bisect bad c97a747efc93f94a4ad6c707972dfbf8d774edf9 c97a747efc93f94a4ad6c707972dfbf8d774edf9 is the first bad commit commit c97a747efc93f94a4ad6c707972dfbf8d774edf9 Author: Benjamin Berg Date: Fri Dec 3 15:59:02 2021 +0100 Bluetooth: btusb: Cancel sync commands for certain URB errors Cancel sync commands when transmission of URBs fail. This is done for both failures to send a command URB and also when the interrupt URB used to retrieve a response fails. This approach is sufficient to quickly deal with certain errors such as a device being disconnected while synchronous commands are done during initialization. Signed-off-by: Benjamin Berg Signed-off-by: Luiz Augusto von Dentz drivers/bluetooth/btusb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) culprit signature: 73fbb6cc8e38f64075e0f1cc5358591cfc251dbe9db7d4aa3a3e496eafdc261a parent signature: b415c5061112f0f7fd1af58154131b9915f3a7a2286d96c7b27549bc2253ad55 revisions tested: 16, total time: 3h32m11.519724211s (build: 1h46m14.283460603s, test: 1h44m9.355157762s) first bad commit: c97a747efc93f94a4ad6c707972dfbf8d774edf9 Bluetooth: btusb: Cancel sync commands for certain URB errors recipients (to): ["bberg@redhat.com" "johan.hedberg@gmail.com" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: sleeping function called from invalid context in hci_cmd_sync_cancel BUG: sleeping function called from invalid context at kernel/workqueue.c:3019 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 2959, name: kworker/0:3 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by kworker/0:3/2959: #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888142dd7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2269 #1: ffffc90001acfdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2273 #2: ffff88801c200220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #2: ffff88801c200220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x36c0 drivers/usb/core/hub.c:5662 #3: ffff888010aca220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #3: ffff888010aca220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x4d/0x67e drivers/usb/core/hub.c:2216 #4: ffff88801ac59cb8 (kn->active#327){+.+.}-{0:0}, at: kernfs_remove_by_name_ns+0x3a/0x80 fs/kernfs/dir.c:1544 #5: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #5: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 irq event stamp: 74195 hardirqs last enabled at (74194): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (74194): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (74195): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (74195): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (73900): [] rcu_read_unlock_bh include/linux/rcupdate.h:754 [inline] softirqs last enabled at (73900): [] keep_key_fresh drivers/net/wireguard/send.c:135 [inline] softirqs last enabled at (73900): [] wg_packet_create_data_done drivers/net/wireguard/send.c:259 [inline] softirqs last enabled at (73900): [] wg_packet_tx_worker+0x25b/0x570 drivers/net/wireguard/send.c:276 softirqs last disabled at (74145): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (74145): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:396 [inline] [] __do_softirq+0xe1/0x9c2 kernel/softirq.c:534 CPU: 0 PID: 2959 Comm: kworker/0:3 Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9542 start_flush_work kernel/workqueue.c:3019 [inline] __flush_work+0xdd/0xa30 kernel/workqueue.c:3083 __cancel_work_timer+0x315/0x460 kernel/workqueue.c:3171 hci_cmd_sync_cancel net/bluetooth/hci_sync.c:346 [inline] hci_cmd_sync_cancel+0xaf/0x130 net/bluetooth/hci_sync.c:338 btusb_intr_complete+0x32c/0x400 drivers/bluetooth/btusb.c:937 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1656 dummy_timer+0xeb8/0x2eb0 drivers/usb/gadget/udc/dummy_hcd.c:1987 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x524/0x890 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5605 Code: 16 ae 7e 83 f8 01 0f 85 b4 02 00 00 9c 58 f6 c4 02 0f 85 9f 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffffc90001acf628 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff92000359ec7 RCX: 0000000000000001 RDX: 1ffff1100f7eb88b RSI: ffffffff88eb5a60 RDI: ffffffff89414d60 RBP: 0000000000000001 R08: 0000000000115018 R09: 0000000000000001 R10: fffffbfff1e40318 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88801ac59cb8 R15: 0000000000000000 kernfs_drain fs/kernfs/dir.c:470 [inline] __kernfs_remove+0x6b5/0x8c0 fs/kernfs/dir.c:1351 kernfs_remove_by_name_ns+0x3a/0x80 fs/kernfs/dir.c:1544 kernfs_remove_by_name include/linux/kernfs.h:570 [inline] remove_files+0x87/0x1a0 fs/sysfs/group.c:28 sysfs_remove_group+0x72/0x140 fs/sysfs/group.c:288 sysfs_remove_groups fs/sysfs/group.c:312 [inline] sysfs_remove_groups+0x4a/0x90 fs/sysfs/group.c:304 device_remove_groups drivers/base/core.c:2480 [inline] device_remove_attrs+0xb8/0x150 drivers/base/core.c:2680 device_del+0x48c/0xc20 drivers/base/core.c:3580 device_unregister+0xe/0xa0 drivers/base/core.c:3614 usb_remove_ep_devs+0x32/0x70 drivers/usb/core/endpoint.c:188 remove_intf_ep_devs drivers/usb/core/message.c:1267 [inline] usb_disable_device+0x266/0x660 drivers/usb/core/message.c:1418 usb_disconnect.cold+0x209/0x67e drivers/usb/core/hub.c:2225 hub_port_connect drivers/usb/core/hub.c:5199 [inline] hub_port_connect_change drivers/usb/core/hub.c:5488 [inline] port_event drivers/usb/core/hub.c:5634 [inline] hub_event+0xb22/0x36c0 drivers/usb/core/hub.c:5716 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298 worker_thread+0x598/0x1040 kernel/workqueue.c:2445 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 BUG: sleeping function called from invalid context at kernel/workqueue.c:3019 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 50, name: kworker/u4:2 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by kworker/u4:2/50: #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888022081138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2269 #1: ffffc900017ffdb8 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2273 #2: ffffc90000007d98 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #2: ffffc90000007d98 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 irq event stamp: 558601 hardirqs last enabled at (558600): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (558600): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (558601): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (558601): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (558596): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (558596): [] batadv_nc_purge_paths+0x1e9/0x2d0 net/batman-adv/network-coding.c:475 softirqs last disabled at (558597): [] do_softirq.part.0+0xde/0x130 kernel/softirq.c:459 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 PID: 50 Comm: kworker/u4:2 Tainted: G W 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9542 start_flush_work kernel/workqueue.c:3019 [inline] __flush_work+0xdd/0xa30 kernel/workqueue.c:3083 __cancel_work_timer+0x315/0x460 kernel/workqueue.c:3171 hci_cmd_sync_cancel net/bluetooth/hci_sync.c:346 [inline] hci_cmd_sync_cancel+0xaf/0x130 net/bluetooth/hci_sync.c:338 btusb_intr_complete+0x32c/0x400 drivers/bluetooth/btusb.c:937 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1656 dummy_timer+0xeb8/0x2eb0 drivers/usb/gadget/udc/dummy_hcd.c:1987 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x524/0x890 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 do_softirq.part.0+0xde/0x130 kernel/softirq.c:459 do_softirq kernel/softirq.c:451 [inline] __local_bh_enable_ip+0x102/0x120 kernel/softirq.c:383 spin_unlock_bh include/linux/spinlock.h:394 [inline] batadv_nc_purge_paths+0x1e9/0x2d0 net/batman-adv/network-coding.c:475 batadv_nc_worker+0x6e0/0xd70 net/batman-adv/network-coding.c:724 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298 worker_thread+0x598/0x1040 kernel/workqueue.c:2445 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 BUG: sleeping function called from invalid context at kernel/workqueue.c:3019 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 2959, name: kworker/0:3 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by kworker/0:3/2959: #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2269 #1: ffffc90001acfdb8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2273 #2: ffffffff8c456048 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x5/0x50 net/core/link_watch.c:251 #3: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #3: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 irq event stamp: 97527 hardirqs last enabled at (97526): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (97526): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (97527): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (97527): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (97514): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (97514): [] clusterip_netdev_event+0x34e/0x550 net/ipv4/netfilter/ipt_CLUSTERIP.c:233 softirqs last disabled at (97523): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (97523): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 Preemption disabled at: [] vprintk_emit+0x61/0x2f0 kernel/printk/printk.c:2238 CPU: 0 PID: 2959 Comm: kworker/0:3 Tainted: G W 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events linkwatch_event Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9542 start_flush_work kernel/workqueue.c:3019 [inline] __flush_work+0xdd/0xa30 kernel/workqueue.c:3083 __cancel_work_timer+0x315/0x460 kernel/workqueue.c:3171 hci_cmd_sync_cancel net/bluetooth/hci_sync.c:346 [inline] hci_cmd_sync_cancel+0xaf/0x130 net/bluetooth/hci_sync.c:338 btusb_tx_complete+0x2e4/0x380 drivers/bluetooth/btusb.c:1342 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1656 dummy_timer+0xeb8/0x2eb0 drivers/usb/gadget/udc/dummy_hcd.c:1987 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x524/0x890 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1885 [inline] RIP: 0010:vprintk_emit+0x21c/0x2f0 kernel/printk/printk.c:2244 Code: 8a e8 68 0a fe ff e8 93 09 00 00 48 85 db 0f 85 c5 00 00 00 9c 58 f6 c4 02 0f 85 c4 00 00 00 48 85 db 74 01 fb 68 b7 50 56 81 <45> 31 c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 48 c7 c7 e0 RSP: 0018:ffffc90001acf9d0 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1e10aa6 RDX: 0000000000000000 RSI: ffffffff88eb5780 RDI: ffffffff89414d60 RBP: ffffc90001acfa10 R08: 0000000000000001 R09: ffffffff8f078a27 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000042 R13: 0000000000000000 R14: ffffffff89edb1e0 R15: 0000000000000000 _printk+0xad/0xde kernel/printk/printk.c:2266 addrconf_notify.cold+0x56/0x62 net/ipv6/addrconf.c:3590 notifier_call_chain+0x94/0x170 kernel/notifier.c:83 netdev_state_change net/core/dev.c:1309 [inline] netdev_state_change+0xd7/0x100 net/core/dev.c:1302 linkwatch_do_dev+0xbe/0xf0 net/core/link_watch.c:167 __linkwatch_run_queue+0x1cd/0x590 net/core/link_watch.c:213 linkwatch_event+0x37/0x50 net/core/link_watch.c:252 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298 worker_thread+0x598/0x1040 kernel/workqueue.c:2445 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 BUG: sleeping function called from invalid context at kernel/workqueue.c:3019 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 2, name: kthreadd preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by kthreadd/2: #0: ffffffff8ae938b8 (vmap_area_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #0: ffffffff8ae938b8 (vmap_area_lock){+.+.}-{2:2}, at: alloc_vmap_area+0x6c4/0x1b60 mm/vmalloc.c:1561 #1: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #1: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 irq event stamp: 45547 hardirqs last enabled at (45546): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (45546): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (45547): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (45547): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (43278): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last enabled at (43278): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 softirqs last disabled at (45379): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (45379): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 PID: 2 Comm: kthreadd Tainted: G W 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9542 start_flush_work kernel/workqueue.c:3019 [inline] __flush_work+0xdd/0xa30 kernel/workqueue.c:3083 __cancel_work_timer+0x315/0x460 kernel/workqueue.c:3171 hci_cmd_sync_cancel net/bluetooth/hci_sync.c:346 [inline] hci_cmd_sync_cancel+0xaf/0x130 net/bluetooth/hci_sync.c:338 btusb_intr_complete+0x32c/0x400 drivers/bluetooth/btusb.c:937 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1656 dummy_timer+0xeb8/0x2eb0 drivers/usb/gadget/udc/dummy_hcd.c:1987 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x524/0x890 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:find_va_links mm/vmalloc.c:882 [inline] RIP: 0010:insert_vmap_area.constprop.0+0x67/0x410 mm/vmalloc.c:1038 Code: 8d 7d 08 49 8b 75 00 48 bd 00 00 00 00 00 fc ff df 4d 89 fe 49 c1 ee 03 49 01 ee 48 8d 7b f8 48 89 f8 48 c1 e8 03 80 3c 28 00 <0f> 85 a6 02 00 00 41 80 3e 00 4c 8b 43 f8 0f 85 79 02 00 00 48 8d RSP: 0018:ffffc90000c77870 EFLAGS: 00000246 RAX: 1ffff11003d7afed RBX: ffff88801ebd7f70 RCX: ffffc900026a1000 RDX: ffffc90002691000 RSI: ffffc90002688000 RDI: ffff88801ebd7f68 RBP: dffffc0000000000 R08: ffffc900026a6000 R09: 0000000000000003 R10: fffff5200018ef0a R11: 000000000007c08a R12: ffff88801f33a080 R13: ffff8880671a6360 R14: ffffed100ce34c6d R15: ffff8880671a6368 alloc_vmap_area+0x6cc/0x1b60 mm/vmalloc.c:1562 __get_vm_area_node.constprop.0+0xd5/0x300 mm/vmalloc.c:2434 __vmalloc_node_range+0x108/0x940 mm/vmalloc.c:3055 alloc_thread_stack_node kernel/fork.c:244 [inline] dup_task_struct kernel/fork.c:886 [inline] copy_process+0x720/0x6a60 kernel/fork.c:2023 kernel_clone+0xb8/0x7f0 kernel/fork.c:2582 kernel_thread+0xa3/0xe0 kernel/fork.c:2634 create_kthread kernel/kthread.c:350 [inline] kthreadd+0x455/0x6a0 kernel/kthread.c:685 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 BUG: sleeping function called from invalid context at kernel/workqueue.c:3019 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 8, name: kworker/u4:0 preempt_count: 100, expected: 0 RCU nest depth: 2, expected: 0 6 locks held by kworker/u4:0/8: #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff888079364138 ((wq_completion)phy8){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2269 #1: ffffc90000cd7db8 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2273 #2: ffff888067020d40 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1013 [inline] #2: ffff888067020d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_rx_queued_mgmt+0xf4/0x3000 net/mac80211/ibss.c:1628 #3: ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_update_sta_info net/mac80211/ibss.c:996 [inline] ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_rx_bss_info net/mac80211/ibss.c:1117 [inline] ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline] ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_ibss_rx_queued_mgmt+0xe5a/0x3000 net/mac80211/ibss.c:1639 #4: ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_chandef_rate_flags include/net/cfg80211.h:882 [inline] #4: ffffffff8ad7a300 (rcu_read_lock){....}-{1:2}, at: ieee80211_sta_get_rates+0xed/0x800 net/mac80211/util.c:2101 #5: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #5: ffffc90000007d78 ((&dum_hcd->timer)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 irq event stamp: 778893 hardirqs last enabled at (778892): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (778892): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (778893): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (778893): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (778876): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (778876): [] ieee80211_ibss_work+0x2b5/0xcd0 net/mac80211/ibss.c:1702 softirqs last disabled at (778889): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (778889): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:396 [inline] [] __do_softirq+0xe1/0x9c2 kernel/softirq.c:534 CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy8 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9542 start_flush_work kernel/workqueue.c:3019 [inline] __flush_work+0xdd/0xa30 kernel/workqueue.c:3083 __cancel_work_timer+0x315/0x460 kernel/workqueue.c:3171 hci_cmd_sync_cancel net/bluetooth/hci_sync.c:346 [inline] hci_cmd_sync_cancel+0xaf/0x130 net/bluetooth/hci_sync.c:338 btusb_intr_complete+0x32c/0x400 drivers/bluetooth/btusb.c:937 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1656 dummy_timer+0xeb8/0x2eb0 drivers/usb/gadget/udc/dummy_hcd.c:1987 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x524/0x890 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1747 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5605 Code: 16 ae 7e 83 f8 01 0f 85 b4 02 00 00 9c 58 f6 c4 02 0f 85 9f 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffffc90000cd7950 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff9200019af2c RCX: df4174b92c4a0034 RDX: 1ffff11002118c2b RSI: ffffffff88eb5a60 RDI: ffffffff89414d60 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8f078a07 R10: fffffbfff1e0f140 R11: 000000000007c08a R12: 0000000000000002 R13: 0000000000000000 R14: ffffffff8ad7a300 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:268 [inline] rcu_read_lock include/linux/rcupdate.h:688 [inline] ieee80211_vif_get_shift net/mac80211/ieee80211_i.h:1052 [inline] ieee80211_sta_get_rates+0x112/0x800 net/mac80211/util.c:2102 ieee80211_update_sta_info net/mac80211/ibss.c:1003 [inline] ieee80211_rx_bss_info net/mac80211/ibss.c:1117 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline] ieee80211_ibss_rx_queued_mgmt+0xf15/0x3000 net/mac80211/ibss.c:1639 ieee80211_iface_process_skb net/mac80211/iface.c:1468 [inline] ieee80211_iface_work+0x729/0x970 net/mac80211/iface.c:1522 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298 worker_thread+0x598/0x1040 kernel/workqueue.c:2445 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ae scas %es:(%rdi),%al 1: 7e 83 jle 0xffffff86 3: f8 clc 4: 01 0f add %ecx,(%rdi) 6: 85 b4 02 00 00 9c 58 test %esi,0x589c0000(%rdx,%rax,1) d: f6 c4 02 test $0x2,%ah 10: 0f 85 9f 02 00 00 jne 0x2b5 16: 48 83 7c 24 08 00 cmpq $0x0,0x8(%rsp) 1c: 74 01 je 0x1f 1e: fb sti 1f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 26: fc ff df * 29: 48 01 c3 add %rax,%rbx <-- trapping instruction 2c: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 33: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 3a: 00 3b: 48 rex.W 3c: 8b .byte 0x8b 3d: 84 .byte 0x84 3e: 24 .byte 0x24