bisecting cause commit starting from 14e8e0f6008865d823a8184a276702a6c3cbef3d building syzkaller on fc9fd31ee7998c8b747752791000ea4eef07b5c6 testing commit 14e8e0f6008865d823a8184a276702a6c3cbef3d with gcc (GCC) 8.1.0 kernel signature: c702bc93410230583268eb325d27f894cbdfd08cbffc536c03685c1e177d307f run #0: crashed: INFO: task hung in linkwatch_event run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in linkwatch_event run #4: crashed: INFO: task hung in addrconf_dad_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in rsvp_delete_filter_work run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in linkwatch_event testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: 0ac21c7bec8a01fc2233fe2faf9cb6641f5d6068f7226445cdb28206bf6f01d9 run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in rsvp_delete_filter_work run #4: crashed: INFO: task hung in cfg80211_event_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in rsvp_delete_filter_work run #7: crashed: INFO: task hung in linkwatch_event run #8: crashed: INFO: task hung in rsvp_delete_filter_work run #9: crashed: INFO: task hung in addrconf_dad_work testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 2ed500e43c4488b8a0bfec1335443a98eaed201e0caf50ae5ffe968a69394ff9 run #0: crashed: INFO: task hung in cfg80211_event_work run #1: crashed: INFO: task hung in rsvp_delete_filter_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in linkwatch_event run #4: crashed: INFO: task hung in rsvp_delete_filter_work run #5: crashed: INFO: task hung in linkwatch_event run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in rsvp_delete_filter_work run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in linkwatch_event testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: d37c971261f4f9cb0075fada73f6cbd2e5bbbf33326486a525c13752b479eaed all runs: OK # git bisect start bbf5c979011a099af5dc76498918ed7df445635b bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 7841 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: 844a0971a7a854a0b1d68a977c69ab0adaeec9f187a77d66d1e254153bd216ba all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 3921 revisions left to test after this (roughly 12 steps) [97d052ea3fa853b9aabcc4baca1a605cb1188611] Merge tag 'locking-urgent-2020-08-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 97d052ea3fa853b9aabcc4baca1a605cb1188611 with gcc (GCC) 8.1.0 kernel signature: a2c47de389add60baca5411bf246e4a500404257387436ecaa6cf14fb0a50392 all runs: OK # git bisect good 97d052ea3fa853b9aabcc4baca1a605cb1188611 Bisecting: 1960 revisions left to test after this (roughly 11 steps) [df561f6688fef775baa341a0f5d960becd248b11] treewide: Use fallthrough pseudo-keyword testing commit df561f6688fef775baa341a0f5d960becd248b11 with gcc (GCC) 8.1.0 kernel signature: 2533cdc88313f6123710049b57005604f6121a4823820c1d4a17ed1299552e1b all runs: OK # git bisect good df561f6688fef775baa341a0f5d960becd248b11 Bisecting: 982 revisions left to test after this (roughly 10 steps) [e4c26faa426c17274884f759f708bc9ee22fd59a] Merge tag 'usb-5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit e4c26faa426c17274884f759f708bc9ee22fd59a with gcc (GCC) 8.1.0 kernel signature: 938d015fe217c8a1136e3ea4c34e71ef6c13739282b516004f4fa3c990e41bd7 all runs: OK # git bisect good e4c26faa426c17274884f759f708bc9ee22fd59a Bisecting: 491 revisions left to test after this (roughly 9 steps) [135f4b9e9340dadb78e9737bb4eb9817b9c89dac] ice: fix memory leak if register_netdev_fails testing commit 135f4b9e9340dadb78e9737bb4eb9817b9c89dac with gcc (GCC) 8.1.0 kernel signature: 4c001ebcdfd2379b5775c5112c4150ab06002d9f30a7143f4d98487e36d2c245 run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in linkwatch_event run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in rsvp_delete_filter_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in rsvp_delete_filter_work run #8: crashed: INFO: task hung in rsvp_delete_filter_work run #9: crashed: INFO: task hung in linkwatch_event # git bisect bad 135f4b9e9340dadb78e9737bb4eb9817b9c89dac Bisecting: 248 revisions left to test after this (roughly 8 steps) [a31128384dfd9ca11f15ef4ea73df25e394846d1] Merge tag 'libnvdimm-fixes-5.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit a31128384dfd9ca11f15ef4ea73df25e394846d1 with gcc (GCC) 8.1.0 kernel signature: fa604cec8155923171cab4ca1bdae93035c3f4de52f938bbe6ca920765f155aa all runs: OK # git bisect good a31128384dfd9ca11f15ef4ea73df25e394846d1 Bisecting: 124 revisions left to test after this (roughly 7 steps) [5f6857e808a8bd078296575b417c4b9d160b9779] nfp: use correct define to return NONE fec testing commit 5f6857e808a8bd078296575b417c4b9d160b9779 with gcc (GCC) 8.1.0 kernel signature: b2facb694e948e7df76c33adfc3f3cd2d47665d9e7e2debbf4c39a33b365d59c all runs: OK # git bisect good 5f6857e808a8bd078296575b417c4b9d160b9779 Bisecting: 62 revisions left to test after this (roughly 6 steps) [8b9e03cd08250c60409099c791e858157838d9eb] net: dsa: felix: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries testing commit 8b9e03cd08250c60409099c791e858157838d9eb with gcc (GCC) 8.1.0 kernel signature: 128e786ed1b24e29f8330ba3a18eaf43ea0c9f17e1d101aae0d4465bead57bd5 all runs: OK # git bisect good 8b9e03cd08250c60409099c791e858157838d9eb Bisecting: 28 revisions left to test after this (roughly 5 steps) [0baca070068c58b95e342881d9da4840d5cf3bd1] Merge tag 'io_uring-5.9-2020-09-22' of git://git.kernel.dk/linux-block testing commit 0baca070068c58b95e342881d9da4840d5cf3bd1 with gcc (GCC) 8.1.0 kernel signature: ed052e80aa636586d630b0e47cf3d08601284fa9bf6ae1a9d63c914c4589619e all runs: OK # git bisect good 0baca070068c58b95e342881d9da4840d5cf3bd1 Bisecting: 14 revisions left to test after this (roughly 4 steps) [e49d8c22f1261c43a986a7fdbf677ac309682a07] net_sched: defer tcf_idr_insert() in tcf_action_init_1() testing commit e49d8c22f1261c43a986a7fdbf677ac309682a07 with gcc (GCC) 8.1.0 kernel signature: c38e38a1537e8c448fc7873c08f0435f844b9fb45caf307b33f4496992831ec8 all runs: OK # git bisect good e49d8c22f1261c43a986a7fdbf677ac309682a07 Bisecting: 7 revisions left to test after this (roughly 3 steps) [4ab810a4e04ab6c851007033d39c13e6d3f55110] net: mscc: ocelot: fix fields offset in SG_CONFIG_REG_3 testing commit 4ab810a4e04ab6c851007033d39c13e6d3f55110 with gcc (GCC) 8.1.0 kernel signature: c45db170054b7a797f31658a216323d3ec715b1db56b78f4954968c49a9b94af run #0: crashed: INFO: task hung in rsvp_delete_filter_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in addrconf_dad_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in rsvp_delete_filter_work # git bisect bad 4ab810a4e04ab6c851007033d39c13e6d3f55110 Bisecting: 3 revisions left to test after this (roughly 2 steps) [02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0] net/ipv4: always honour route mtu during forwarding testing commit 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 with gcc (GCC) 8.1.0 kernel signature: c45db170054b7a797f31658a216323d3ec715b1db56b78f4954968c49a9b94af run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in rsvp_delete_filter_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in addrconf_dad_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in cfg80211_event_work run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 Bisecting: 0 revisions left to test after this (roughly 1 step) [6d8899962afdf789f6ec8407ffdf3130724a7005] Merge branch 'net_sched-fix-a-UAF-in-tcf_action_init' testing commit 6d8899962afdf789f6ec8407ffdf3130724a7005 with gcc (GCC) 8.1.0 kernel signature: 92ff20d9e522e5cf50906dc5d8afd4ba5636096e7954d5902c574bb0feb6d334 run #0: crashed: INFO: task hung in cfg80211_event_work run #1: crashed: INFO: task hung in cfg80211_event_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in linkwatch_event run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 6d8899962afdf789f6ec8407ffdf3130724a7005 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0fedc63fadf0404a729e73a35349481c8009c02f] net_sched: commit action insertions together testing commit 0fedc63fadf0404a729e73a35349481c8009c02f with gcc (GCC) 8.1.0 kernel signature: 92ff20d9e522e5cf50906dc5d8afd4ba5636096e7954d5902c574bb0feb6d334 run #0: crashed: INFO: task hung in rsvp_delete_filter_work run #1: crashed: INFO: task hung in rsvp_delete_filter_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in rsvp_delete_filter_work run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in cfg80211_event_work # git bisect bad 0fedc63fadf0404a729e73a35349481c8009c02f 0fedc63fadf0404a729e73a35349481c8009c02f is the first bad commit commit 0fedc63fadf0404a729e73a35349481c8009c02f Author: Cong Wang Date: Tue Sep 22 20:56:24 2020 -0700 net_sched: commit action insertions together syzbot is able to trigger a failure case inside the loop in tcf_action_init(), and when this happens we clean up with tcf_action_destroy(). But, as these actions are already inserted into the global IDR, other parallel process could free them before tcf_action_destroy(), then we will trigger a use-after-free. Fix this by deferring the insertions even later, after the loop, and committing all the insertions in a separate loop, so we will never fail in the middle of the insertions any more. One side effect is that the window between alloction and final insertion becomes larger, now it is more likely that the loop in tcf_del_walker() sees the placeholder -EBUSY pointer. So we have to check for error pointer in tcf_del_walker(). Reported-and-tested-by: syzbot+2287853d392e4b42374a@syzkaller.appspotmail.com Fixes: 0190c1d452a9 ("net: sched: atomically check-allocate action") Cc: Vlad Buslov Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/sched/act_api.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) culprit signature: 92ff20d9e522e5cf50906dc5d8afd4ba5636096e7954d5902c574bb0feb6d334 parent signature: c38e38a1537e8c448fc7873c08f0435f844b9fb45caf307b33f4496992831ec8 revisions tested: 18, total time: 4h5m14.855967307s (build: 1h29m3.910860103s, test: 2h33m56.316128912s) first bad commit: 0fedc63fadf0404a729e73a35349481c8009c02f net_sched: commit action insertions together recipients (to): ["davem@davemloft.net" "syzbot+2287853d392e4b42374a@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"] recipients (cc): [] crash: INFO: task hung in cfg80211_event_work INFO: task kworker/u4:0:8 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:0 state:D stack:11296 pid: 8 ppid: 2 flags:0x00004000 Workqueue: cfg80211 cfg80211_event_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 cfg80211_event_work+0x9/0x20 net/wireless/core.c:319 process_one_work+0x26a/0x650 kernel/workqueue.c:2269 worker_thread+0x38/0x390 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:1:23 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:1 state:D stack:12864 pid: 23 ppid: 2 flags:0x00004000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 linkwatch_event+0x5/0x30 net/core/link_watch.c:250 process_one_work+0x26a/0x650 kernel/workqueue.c:2269 worker_thread+0x38/0x390 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/u4:2:27 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:2 state:D stack:12320 pid: 27 ppid: 2 flags:0x00004000 Workqueue: tc_filter_workqueue rsvp_delete_filter_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 rsvp_delete_filter_work+0x9/0x20 net/sched/cls_rsvp.h:293 process_one_work+0x26a/0x650 kernel/workqueue.c:2269 worker_thread+0x38/0x390 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:2:3062 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:2 state:D stack:13320 pid: 3062 ppid: 2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 addrconf_dad_work+0x3f/0x4f0 net/ipv6/addrconf.c:4027 process_one_work+0x26a/0x650 kernel/workqueue.c:2269 worker_thread+0x38/0x390 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:3:8625 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:3 state:D stack:12336 pid: 8625 ppid: 2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 addrconf_dad_work+0x3f/0x4f0 net/ipv6/addrconf.c:4027 process_one_work+0x26a/0x650 kernel/workqueue.c:2269 worker_thread+0x38/0x390 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task syz-executor.3:8791 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:11312 pid: 8791 ppid: 1 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 genl_lock net/netlink/genetlink.c:33 [inline] genl_rcv_msg+0x220/0x2d0 net/netlink/genetlink.c:729 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417c97 Code: Bad RIP value. RSP: 002b:00007fff3a800d30 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000028 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007fff3a800d40 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 00007fff3a800da4 R13: 0000000000000010 R14: 00000000016b4350 R15: 0000000000000003 INFO: task syz-executor.2:8792 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:11376 pid: 8792 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417c97 Code: Bad RIP value. RSP: 002b:00007ffdf0212780 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000028 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffdf0212790 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016b4350 R15: 0000000000000003 INFO: task syz-executor.4:8794 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:11200 pid: 8794 ppid: 1 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417c97 Code: Bad RIP value. RSP: 002b:00007ffd0c113eb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000028 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffd0c113ec0 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016b4350 R15: 0000000000000003 INFO: task syz-executor.1:8799 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:11376 pid: 8799 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 wiphy_register+0x859/0xaa0 net/wireless/core.c:911 ieee80211_register_hw+0x683/0xdc0 net/mac80211/main.c:1279 mac80211_hwsim_new_radio+0xada/0x1730 drivers/net/wireless/mac80211_hwsim.c:3183 hwsim_new_radio_nl+0x302/0x570 drivers/net/wireless/mac80211_hwsim.c:3744 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x1e3/0x2d0 net/netlink/genetlink.c:731 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417c97 Code: Bad RIP value. RSP: 002b:00007ffe77b17cb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000024 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffe77b17cc0 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016b4350 R15: 0000000000000003 INFO: task syz-executor.5:8800 blocked for more than 145 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:11216 pid: 8800 ppid: 1 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x3af/0x9e0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x4a4/0xa30 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417c97 Code: Bad RIP value. RSP: 002b:00007ffc51892ce0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000028 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffc51892cf0 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016b4350 R15: 0000000000000003 Showing all locks held in the system: 3 locks held by kworker/u4:0/8: #0: ffff88813aa50938 ((wq_completion)cfg80211){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813aa50938 ((wq_completion)cfg80211){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813aa50938 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc90000c97e70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000c97e70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000c97e70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_event_work+0x9/0x20 net/wireless/core.c:319 3 locks held by kworker/1:1/23: #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc90000d1be70 ((linkwatch_work).work){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d1be70 ((linkwatch_work).work){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d1be70 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x5/0x30 net/core/link_watch.c:250 3 locks held by kworker/u4:2/27: #0: ffff888139cff938 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff888139cff938 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888139cff938 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc90000d4be70 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d4be70 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d4be70 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rsvp_delete_filter_work+0x9/0x20 net/sched/cls_rsvp.h:293 1 lock held by khungtaskd/1201: #0: ffffffff84f43180 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0x1a6 kernel/locking/lockdep.c:5853 3 locks held by kworker/0:2/2977: #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc900067efe70 ((reg_check_chans).work){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc900067efe70 ((reg_check_chans).work){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc900067efe70 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x28/0x4e0 net/wireless/reg.c:2199 3 locks held by kworker/1:2/3062: #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc90006acfe70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90006acfe70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90006acfe70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x3f/0x4f0 net/ipv6/addrconf.c:4027 1 lock held by in:imklog/8009: #0: ffff888133a598f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x45/0x50 fs/file.c:930 3 locks held by kworker/0:3/8625: #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888237347138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #1: ffffc90001217e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90001217e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90001217e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x650 kernel/workqueue.c:2240 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x3f/0x4f0 net/ipv6/addrconf.c:4027 2 locks held by syz-executor.3/8791: #0: ffffffff85582bf0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:741 #1: ffffffff85582c88 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: ffffffff85582c88 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x220/0x2d0 net/netlink/genetlink.c:729 1 lock held by syz-executor.2/8792: #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 1 lock held by syz-executor.4/8794: #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 3 locks held by syz-executor.1/8799: #0: ffffffff85582bf0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:741 #1: ffffffff85582c88 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: ffffffff85582c88 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x220/0x2d0 net/netlink/genetlink.c:729 #2: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: wiphy_register+0x859/0xaa0 net/wireless/core.c:911 1 lock held by syz-executor.5/8800: #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 1 lock held by syz-executor.0/10125: 1 lock held by syz-executor.0/10134: #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: tc_new_tfilter+0x391/0xc80 net/sched/cls_api.c:2020 1 lock held by syz-executor.0/10139: #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8555a3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x15e/0x4c0 net/core/rtnetlink.c:5560 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1201 Comm: khungtaskd Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x2e/0x33 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xd5/0xec lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x600/0x7b0 kernel/hung_task.c:295 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 10125 Comm: syz-executor.0 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__lock_acquire+0x641/0x3590 kernel/locking/lockdep.c:4351 Code: ff 41 89 dc 49 83 fc 01 0f 87 5e 23 00 00 4b 8b 44 e6 08 48 85 c0 0f 85 63 fa ff ff e9 35 fa ff ff 48 8d 74 38 d8 0f b7 4e 20 <81> e1 ff 1f 00 00 39 d9 0f 85 a2 fa ff ff 48 83 3c 24 00 0f 84 97 RSP: 0018:ffffc90002ee33f0 EFLAGS: 00000002 RAX: 0000000000000028 RBX: 0000000000000919 RCX: 00000000000000ea RDX: 0000000000000000 RSI: ffff88811f2f3ae8 RDI: ffff88811f2f3ae8 RBP: ffff88811f2f3200 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: ffff888131bd2168 R15: 0000000000000000 FS: 00007f24b0549700(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbb73354fcc CR3: 000000011d5b7000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0xb0/0x410 kernel/locking/lockdep.c:5029 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x94/0xa30 kernel/locking/mutex.c:1103 tcf_idr_check_alloc+0x43/0x120 net/sched/act_api.c:499 tcf_police_init+0x180/0x800 net/sched/act_police.c:81 tcf_action_init_1+0x10f/0x540 net/sched/act_api.c:998 tcf_exts_validate+0x58/0xe0 net/sched/cls_api.c:3058 rsvp_change+0x15d/0x112e net/sched/cls_rsvp.h:508 tc_new_tfilter+0x923/0xc80 net/sched/cls_api.c:2129 rtnetlink_rcv_msg+0x38d/0x4c0 net/core/rtnetlink.c:5554 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x276/0x4c0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x1ed/0x240 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmsg+0x52/0xa0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e219 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f24b0548c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007ffd0f9d5a7f R14: 00007f24b05499c0 R15: 000000000119bf8c