ci starts bisection 2022-11-18 23:26:52.063761606 +0000 UTC m=+33448.133878023 bisecting cause commit starting from 84368d882b9688bfac77ce48d33b1e20a4e4a787 building syzkaller on 5bb7001449cd1dae6cbff2d660374d6d17cbd2c4 ensuring issue is reproducible on original commit 84368d882b9688bfac77ce48d33b1e20a4e4a787 testing commit 84368d882b9688bfac77ce48d33b1e20a4e4a787 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bd2b5145225e630c5bd1dd53541f7c3fce38edd3bd790d292b35b21bda08e3ee all runs: crashed: possible deadlock in __inet_inherit_port testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 62637dac85eb9fd4c5fa0c18c5a6a946bc193ad55aaa83e2b5066357010dd0d1 all runs: OK # git bisect start 84368d882b9688bfac77ce48d33b1e20a4e4a787 4fe89d07dcc2804c8b562f6c7896a45643d34b2f Bisecting: 7061 revisions left to test after this (roughly 13 steps) [11c747e5a1f908e9e3a868461ba9992e5396402a] Merge tag 'for-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 11c747e5a1f908e9e3a868461ba9992e5396402a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cde335b6c4ac225c253aceeb0ade2517015698db41700eaca461c338501e4cda all runs: OK # git bisect good 11c747e5a1f908e9e3a868461ba9992e5396402a Bisecting: 3421 revisions left to test after this (roughly 12 steps) [27bc50fc90647bbf7b734c3fc306a5e61350da53] Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 27bc50fc90647bbf7b734c3fc306a5e61350da53 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4872947f76e77797e5c79f3f019fd6e33f7ee2947cc86ef9dd1b6d9443a1fde6 all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip 27bc50fc90647bbf7b734c3fc306a5e61350da53 Bisecting: 3421 revisions left to test after this (roughly 12 steps) [2de6f3bf75058e35eff04e6fab7ca41533bdb027] kmsan: disable strscpy() optimization under KMSAN testing commit 2de6f3bf75058e35eff04e6fab7ca41533bdb027 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6930f82fd6d16c817a292124fd1fa67bc1c7fde3a9b91ac6986b27f22fd909bd all runs: OK # git bisect good 2de6f3bf75058e35eff04e6fab7ca41533bdb027 Bisecting: 3284 revisions left to test after this (roughly 12 steps) [eec4ed317dccdef610b54224f45e0e1f4fdb75fb] Merge tag 'fbdev-for-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev testing commit eec4ed317dccdef610b54224f45e0e1f4fdb75fb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ce1f5c44eb90895e4d536452d836e109ae397d70280266c622fcfdf37c963e8c all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip eec4ed317dccdef610b54224f45e0e1f4fdb75fb Bisecting: 3284 revisions left to test after this (roughly 12 steps) [bcdfa1f77ea7f67368d20384932a9d1e3047ddd2] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix testing commit bcdfa1f77ea7f67368d20384932a9d1e3047ddd2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3816bbe2f051b2469775ae430d1c61dde2e923896c5cdadd0a15ce0738752c50 all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip bcdfa1f77ea7f67368d20384932a9d1e3047ddd2 Bisecting: 3284 revisions left to test after this (roughly 12 steps) [ed87277f122674a943239c6e60d352c8d56deb50] tracing: Remove unused variable 'dups' testing commit ed87277f122674a943239c6e60d352c8d56deb50 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3c92ff2f02460c847ded796dea166075b23a7a1282fe10c4f49acdc629018f17 all runs: OK # git bisect good ed87277f122674a943239c6e60d352c8d56deb50 Bisecting: 3284 revisions left to test after this (roughly 12 steps) [c44f15c1c09481d50fd33478ebb5b8284f8f5edb] arc: iounmap() arg is volatile testing commit c44f15c1c09481d50fd33478ebb5b8284f8f5edb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2cc8ea2803c0bd82106c7b1bc8e5a3591a44d507b77e140b31b6522db4954c4 all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip c44f15c1c09481d50fd33478ebb5b8284f8f5edb Bisecting: 3284 revisions left to test after this (roughly 12 steps) [104827ec920d73db1c0176536f02ba5272c4b8fb] staging: iio: cdc: ad7746: Push handling of supply voltage scale to userspace. testing commit 104827ec920d73db1c0176536f02ba5272c4b8fb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2c5caa86b13a27bed2f46c180824a75b963f87a5d3bd9796d13a9a693b365201 run #0: boot failed: general protection fault in rcu_core run #1: boot failed: general protection fault in getname_kernel run #2: boot failed: general protection fault in driver_register run #3: boot failed: general protection fault in driver_register run #4: boot failed: general protection fault in netdev_queue_update_kobjects run #5: boot failed: WARNING: ODEBUG bug in __do_softirq run #6: boot failed: WARNING in wiphy_register run #7: boot failed: BUG: unable to handle kernel paging request in kernel_execve run #8: boot failed: general protection fault in enqueue_entity run #9: boot failed: general protection fault in driver_register # git bisect skip 104827ec920d73db1c0176536f02ba5272c4b8fb Bisecting: 3284 revisions left to test after this (roughly 12 steps) [d3e021adac7c51a26d9ede167c789fcc1b878467] x86/fpu: Fix the init_fpstate size check with the actual size testing commit d3e021adac7c51a26d9ede167c789fcc1b878467 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7da7ba21e8070d59c4c818e55d1f6c1e1e0cb55baf1d9459a9d09f30d1177473 all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip d3e021adac7c51a26d9ede167c789fcc1b878467 Bisecting: 3284 revisions left to test after this (roughly 12 steps) [b9eb3ab6f30bf32f7326909f17949ccb11bab514] media: ipu3-imgu: Fix NULL pointer dereference in active selection access testing commit b9eb3ab6f30bf32f7326909f17949ccb11bab514 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 71db83078da36a748348583cbfa4a962b4f99f075faf5ca3769f2fea7a59e7bf run #0: boot failed: general protection fault in netdev_queue_update_kobjects run #1: boot failed: BUG: unable to handle kernel paging request in scsi_mq_exit_request run #2: boot failed: general protection fault in netdev_queue_update_kobjects run #3: boot failed: general protection fault in netdev_queue_update_kobjects run #4: boot failed: general protection fault in driver_register run #5: boot failed: general protection fault in netdev_queue_update_kobjects run #6: boot failed: BUG: corrupted list in neigh_parms_alloc run #7: boot failed: general protection fault in driver_register run #8: boot failed: general protection fault in rcu_core run #9: boot failed: WARNING in copy_process # git bisect skip b9eb3ab6f30bf32f7326909f17949ccb11bab514 Bisecting: 3284 revisions left to test after this (roughly 12 steps) [17747577bbcb496e1b1c4096d64c2fc1e7bc0fef] pinctrl: Ingenic: JZ4755 bug fixes testing commit 17747577bbcb496e1b1c4096d64c2fc1e7bc0fef gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 177eeb3c2768fd2c62aa5682c13bef37e3e91e064caaf24398fd40277e454670 all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip 17747577bbcb496e1b1c4096d64c2fc1e7bc0fef Bisecting: 3284 revisions left to test after this (roughly 12 steps) [b7319e2bd7bd7740a405719727e6fc01be1363ef] media: mc: entity: Rename streaming_count -> start_count testing commit b7319e2bd7bd7740a405719727e6fc01be1363ef gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fbc03f5e1bc1ffcb50bc20c466c1963e968bbfe4cf088f8b8fa19e7e910a239a run #0: boot failed: BUG: unable to handle kernel paging request in __scsi_init_queue run #1: boot failed: general protection fault in getname_kernel run #2: boot failed: BUG: unable to handle kernel paging request in kernel_execve run #3: boot failed: general protection fault in driver_register run #4: boot failed: BUG: unable to handle kernel paging request in kernfs_link_sibling run #5: boot failed: general protection fault in netdev_queue_update_kobjects run #6: boot failed: general protection fault in __handle_irq_event_percpu run #7: boot failed: general protection fault in driver_register run #8: boot failed: BUG: unable to handle kernel paging request in copy_namespaces run #9: boot failed: possible deadlock in vivid_update_format_cap # git bisect skip b7319e2bd7bd7740a405719727e6fc01be1363ef Bisecting: 3284 revisions left to test after this (roughly 12 steps) [ff2f5ec5d009844ec28f171123f9e58750cef4bf] net: hns: fix possible memory leak in hnae_ae_register() testing commit ff2f5ec5d009844ec28f171123f9e58750cef4bf gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 17d956f59a846b1b44be09e350fe3ea42176b74ef2bb4d3ff7ad3ad0be1bfea0 all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip ff2f5ec5d009844ec28f171123f9e58750cef4bf Bisecting: 3284 revisions left to test after this (roughly 12 steps) [7efc3b7261030da79001c00d92bc3392fd6c664c] mm/compaction: fix set skip in fast_find_migrateblock testing commit 7efc3b7261030da79001c00d92bc3392fd6c664c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3875b8c2af0104b75cca201eb675a7482e03709c0b23c5dd4918a76410f61889 all runs: OK # git bisect good 7efc3b7261030da79001c00d92bc3392fd6c664c Bisecting: 3189 revisions left to test after this (roughly 12 steps) [694b37a5dd3c87235e02fabbe7b394f6ab1f444b] Merge tag 'input-for-v6.1-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 694b37a5dd3c87235e02fabbe7b394f6ab1f444b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 432e6ed7b01721b523f635fdc029ed65a16b03635acfbf25d3c7c058a6f10c3d all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip 694b37a5dd3c87235e02fabbe7b394f6ab1f444b Bisecting: 3189 revisions left to test after this (roughly 12 steps) [a47126ec29f538e1197862919f94d3b6668144a4] PCI/PTM: Cache PTM Capability offset testing commit a47126ec29f538e1197862919f94d3b6668144a4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4ca8f2ce4986284ca07b5be8df926039786a961639290c92c04029204536f5c0 run #0: boot failed: general protection fault in netdev_queue_update_kobjects run #1: boot failed: general protection fault in netdev_queue_update_kobjects run #2: boot failed: BUG: unable to handle kernel paging request in blk_mq_put_tag run #3: boot failed: general protection fault in netdev_queue_update_kobjects run #4: boot failed: BUG: unable to handle kernel paging request in kernel_execve run #5: boot failed: general protection fault in driver_register run #6: boot failed: general protection fault in copy_process run #7: boot failed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #8: boot failed: general protection fault in really_probe run #9: boot failed: BUG: unable to handle kernel paging request in copy_process # git bisect skip a47126ec29f538e1197862919f94d3b6668144a4 Bisecting: 3189 revisions left to test after this (roughly 12 steps) [f86a48667b91202d502d753c707e8576a6fe265b] ceph: fix a NULL vs IS_ERR() check when calling ceph_lookup_inode() testing commit f86a48667b91202d502d753c707e8576a6fe265b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7971709e7d72d2ef840928acb2a7f855ba11e63c29d2a62e3906ca8e0ac007e5 all runs: OK # git bisect good f86a48667b91202d502d753c707e8576a6fe265b Bisecting: 85 revisions left to test after this (roughly 6 steps) [58e0be1ef6118c5352b56a4d06e974c5599993a5] net: use struct_group to copy ip/ipv6 header addresses testing commit 58e0be1ef6118c5352b56a4d06e974c5599993a5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 930c3431cf5a525c26e2a82e48692ee877a81515cfaa77771004358522e0a568 all runs: crashed: possible deadlock in __inet_inherit_port # git bisect bad 58e0be1ef6118c5352b56a4d06e974c5599993a5 Bisecting: 27 revisions left to test after this (roughly 5 steps) [9d3ff7131877fb092185c369fbb14b57ac4e7cec] octeon_ep: ensure octep_get_link_status() successfully before octep_link_up() testing commit 9d3ff7131877fb092185c369fbb14b57ac4e7cec gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: df6e98e4febcbb14f307e61c2f92085f50aab12a18c852b04e188f561311337a all runs: OK # git bisect good 9d3ff7131877fb092185c369fbb14b57ac4e7cec Bisecting: 13 revisions left to test after this (roughly 4 steps) [598ab4b12eae70654b6d8af6038e6cdb45f22634] Merge branch 'net-hns3-this-series-bugfix-for-the-hns3-ethernet-driver' testing commit 598ab4b12eae70654b6d8af6038e6cdb45f22634 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da4da7456cbcd96bb476a7aa6f4b087ad3e8af3285732d9e0c89d246ddf309cc all runs: OK # git bisect good 598ab4b12eae70654b6d8af6038e6cdb45f22634 Bisecting: 6 revisions left to test after this (roughly 3 steps) [e4aa85cf0d43e293f474e3b415ff44e49ef768ae] Merge branch 'microchip-fixes' testing commit e4aa85cf0d43e293f474e3b415ff44e49ef768ae gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ddf61ff57658523bc4767cebc744e9ab5c68f66fe56c8f6af5a6ef4bfafc54be all runs: OK # git bisect good e4aa85cf0d43e293f474e3b415ff44e49ef768ae Bisecting: 2 revisions left to test after this (roughly 2 steps) [064bc7312bd09a48798418663090be0c776183db] netdevsim: Fix memory leak of nsim_dev->fa_cookie testing commit 064bc7312bd09a48798418663090be0c776183db gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 84b72903c0fdcfb9c5582715b1adaa903bd96ba2d29ff21b07fe13e7099b3343 all runs: crashed: possible deadlock in __inet_inherit_port # git bisect bad 064bc7312bd09a48798418663090be0c776183db Bisecting: 1 revision left to test after this (roughly 1 step) [b68777d54fac21fc833ec26ea1a2a84f975ab035] l2tp: Serialize access to sk_user_data with sk_callback_lock testing commit b68777d54fac21fc833ec26ea1a2a84f975ab035 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2e72b1a4e3a25133ebbb98d08c24a94ac2779ddba56810d501d1c427de9500d2 all runs: crashed: possible deadlock in __inet_inherit_port # git bisect bad b68777d54fac21fc833ec26ea1a2a84f975ab035 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2] net: thunderbolt: Fix error handling in tbnet_init() testing commit f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 50786a346ea0ff5daf0d763e60b12f789cfbfa8cb45b134605985e5d460e920d all runs: OK # git bisect good f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2 b68777d54fac21fc833ec26ea1a2a84f975ab035 is the first bad commit commit b68777d54fac21fc833ec26ea1a2a84f975ab035 Author: Jakub Sitnicki Date: Mon Nov 14 20:16:19 2022 +0100 l2tp: Serialize access to sk_user_data with sk_callback_lock sk->sk_user_data has multiple users, which are not compatible with each other. Writers must synchronize by grabbing the sk->sk_callback_lock. l2tp currently fails to grab the lock when modifying the underlying tunnel socket fields. Fix it by adding appropriate locking. We err on the side of safety and grab the sk_callback_lock also inside the sk_destruct callback overridden by l2tp, even though there should be no refs allowing access to the sock at the time when sk_destruct gets called. v4: - serialize write to sk_user_data in l2tp sk_destruct v3: - switch from sock lock to sk_callback_lock - document write-protection for sk_user_data v2: - update Fixes to point to origin of the bug - use real names in Reported/Tested-by tags Cc: Tom Parkin Fixes: 3557baabf280 ("[L2TP]: PPP over L2TP driver core") Reported-by: Haowei Yan Signed-off-by: Jakub Sitnicki Signed-off-by: David S. Miller include/net/sock.h | 2 +- net/l2tp/l2tp_core.c | 19 +++++++++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) culprit signature: 2e72b1a4e3a25133ebbb98d08c24a94ac2779ddba56810d501d1c427de9500d2 parent signature: 50786a346ea0ff5daf0d763e60b12f789cfbfa8cb45b134605985e5d460e920d revisions tested: 26, total time: 7h50m12.971886671s (build: 3h58m1.788765594s, test: 3h47m0.896436234s) first bad commit: b68777d54fac21fc833ec26ea1a2a84f975ab035 l2tp: Serialize access to sk_user_data with sk_callback_lock recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "edumazet@google.com" "jakub@cloudflare.com" "kuba@kernel.org" "netdev@vger.kernel.org" "pabeni@redhat.com"] recipients (cc): ["linux-kernel@vger.kernel.org" "tparkin@katalix.com"] crash: possible deadlock in __inet_inherit_port ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.1.0-rc4-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.0/4177 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire: ffff88801dba1bb8 (k-clock-AF_INET){+++.}-{2:2}, at: sock_i_uid+0x1a/0xa0 net/core/sock.c:2542 and this task is already holding: ffffc900018706a8 (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline] ffffc900018706a8 (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2}, at: inet_csk_get_port+0x44c/0x2210 net/ipv4/inet_connection_sock.c:496 which would create a new lock dependency: (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} -> (k-clock-AF_INET){+++.}-{2:2} but this new dependency connects a SOFTIRQ-irq-safe lock: (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] __inet_inherit_port+0x260/0x1470 net/ipv4/inet_hashtables.c:229 tcp_v4_syn_recv_sock+0xa07/0x1290 net/ipv4/tcp_ipv4.c:1588 tcp_check_req+0x384/0x1650 net/ipv4/tcp_minisocks.c:786 tcp_v4_rcv+0x1d4d/0x33d0 net/ipv4/tcp_ipv4.c:2030 ip_protocol_deliver_rcu+0x7f/0x5f0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x29c/0x400 net/ipv4/ip_input.c:233 dst_input include/net/dst.h:455 [inline] ip_sublist_rcv_finish+0x88/0x250 net/ipv4/ip_input.c:575 ip_list_rcv_finish net/ipv4/ip_input.c:625 [inline] ip_sublist_rcv+0x436/0x840 net/ipv4/ip_input.c:633 ip_list_rcv+0x2a5/0x3e0 net/ipv4/ip_input.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5532 [inline] __netif_receive_skb_list_core+0x490/0x8a0 net/core/dev.c:5580 __netif_receive_skb_list net/core/dev.c:5632 [inline] netif_receive_skb_list_internal+0x5f3/0xc90 net/core/dev.c:5723 gro_normal_list include/net/gro.h:433 [inline] gro_normal_list include/net/gro.h:429 [inline] napi_complete_done+0x187/0x700 net/core/dev.c:6064 virtqueue_napi_complete drivers/net/virtio_net.c:401 [inline] virtnet_poll+0xabc/0x10f0 drivers/net/virtio_net.c:1678 __napi_poll+0x9e/0x5c0 net/core/dev.c:6498 napi_poll net/core/dev.c:6565 [inline] net_rx_action+0x8c8/0xcc0 net/core/dev.c:6676 __do_softirq+0x1fb/0xadc kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 common_interrupt+0xad/0xd0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline] acpi_idle_do_entry+0x185/0x200 drivers/acpi/processor_idle.c:572 acpi_idle_enter+0x2c7/0x4c0 drivers/acpi/processor_idle.c:709 cpuidle_enter_state+0x156/0xc40 drivers/cpuidle/cpuidle.c:239 cpuidle_enter+0x49/0xa0 drivers/cpuidle/cpuidle.c:356 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x3f7/0x590 kernel/sched/idle.c:303 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:400 start_secondary+0x256/0x300 arch/x86/kernel/smpboot.c:262 secondary_startup_64_no_verify+0xce/0xdb to a SOFTIRQ-irq-unsafe lock: (k-clock-AF_INET){+++.}-{2:2} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline] _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300 l2tp_tunnel_register+0xf9/0xf60 net/l2tp/l2tp_core.c:1477 l2tp_nl_cmd_tunnel_create+0x364/0x9a0 net/l2tp/l2tp_netlink.c:245 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x34c/0x630 net/netlink/genetlink.c:850 netlink_rcv_skb+0x11c/0x370 net/netlink/af_netlink.c:2540 genl_rcv+0x23/0x30 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x437/0x710 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x786/0xc30 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xaf/0xe0 net/socket.c:734 ____sys_sendmsg+0x5f7/0x8a0 net/socket.c:2482 ___sys_sendmsg+0xdb/0x160 net/socket.c:2536 __sys_sendmsg+0xc7/0x160 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(k-clock-AF_INET); local_irq_disable(); lock(&tcp_hashinfo.bhash[i].lock); lock(k-clock-AF_INET); lock(&tcp_hashinfo.bhash[i].lock); *** DEADLOCK *** 3 locks held by syz-executor.0/4177: #0: ffff888028068130 (sk_lock-AF_SMC){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline] #0: ffff888028068130 (sk_lock-AF_SMC){+.+.}-{0:0}, at: smc_bind+0xcc/0x320 net/smc/af_smc.c:424 #1: ffff88801dba1930 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline] #1: ffff88801dba1930 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: __inet_bind+0x69d/0xb50 net/ipv4/af_inet.c:511 #2: ffffc900018706a8 (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline] #2: ffffc900018706a8 (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2}, at: inet_csk_get_port+0x44c/0x2210 net/ipv4/inet_connection_sock.c:496 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:355 [inline] inet_csk_get_port+0x44c/0x2210 net/ipv4/inet_connection_sock.c:496 __inet6_bind+0x45c/0x1940 net/ipv6/af_inet6.c:412 inet6_bind+0x133/0x1b0 net/ipv6/af_inet6.c:471 rds_tcp_listen_init+0x263/0x450 net/rds/tcp_listen.c:307 rds_tcp_init_net+0x1c8/0x420 net/rds/tcp.c:573 ops_init+0x9a/0x590 net/core/net_namespace.c:135 __register_pernet_operations net/core/net_namespace.c:1153 [inline] register_pernet_operations+0x2df/0x750 net/core/net_namespace.c:1222 register_pernet_device+0x25/0x60 net/core/net_namespace.c:1309 rds_tcp_init+0x48/0x98 net/rds/tcp.c:731 do_one_initcall+0xf8/0x550 init/main.c:1303 do_initcall_level init/main.c:1376 [inline] do_initcalls init/main.c:1392 [inline] do_basic_setup init/main.c:1411 [inline] kernel_init_freeable+0x5e5/0x63f init/main.c:1631 kernel_init+0x18/0x130 init/main.c:1519 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] __inet_inherit_port+0x260/0x1470 net/ipv4/inet_hashtables.c:229 tcp_v4_syn_recv_sock+0xa07/0x1290 net/ipv4/tcp_ipv4.c:1588 tcp_check_req+0x384/0x1650 net/ipv4/tcp_minisocks.c:786 tcp_v4_rcv+0x1d4d/0x33d0 net/ipv4/tcp_ipv4.c:2030 ip_protocol_deliver_rcu+0x7f/0x5f0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x29c/0x400 net/ipv4/ip_input.c:233 dst_input include/net/dst.h:455 [inline] ip_sublist_rcv_finish+0x88/0x250 net/ipv4/ip_input.c:575 ip_list_rcv_finish net/ipv4/ip_input.c:625 [inline] ip_sublist_rcv+0x436/0x840 net/ipv4/ip_input.c:633 ip_list_rcv+0x2a5/0x3e0 net/ipv4/ip_input.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5532 [inline] __netif_receive_skb_list_core+0x490/0x8a0 net/core/dev.c:5580 __netif_receive_skb_list net/core/dev.c:5632 [inline] netif_receive_skb_list_internal+0x5f3/0xc90 net/core/dev.c:5723 gro_normal_list include/net/gro.h:433 [inline] gro_normal_list include/net/gro.h:429 [inline] napi_complete_done+0x187/0x700 net/core/dev.c:6064 virtqueue_napi_complete drivers/net/virtio_net.c:401 [inline] virtnet_poll+0xabc/0x10f0 drivers/net/virtio_net.c:1678 __napi_poll+0x9e/0x5c0 net/core/dev.c:6498 napi_poll net/core/dev.c:6565 [inline] net_rx_action+0x8c8/0xcc0 net/core/dev.c:6676 __do_softirq+0x1fb/0xadc kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 common_interrupt+0xad/0xd0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline] acpi_idle_do_entry+0x185/0x200 drivers/acpi/processor_idle.c:572 acpi_idle_enter+0x2c7/0x4c0 drivers/acpi/processor_idle.c:709 cpuidle_enter_state+0x156/0xc40 drivers/cpuidle/cpuidle.c:239 cpuidle_enter+0x49/0xa0 drivers/cpuidle/cpuidle.c:356 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x3f7/0x590 kernel/sched/idle.c:303 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:400 start_secondary+0x256/0x300 arch/x86/kernel/smpboot.c:262 secondary_startup_64_no_verify+0xce/0xdb INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:355 [inline] inet_csk_get_port+0x44c/0x2210 net/ipv4/inet_connection_sock.c:496 __inet6_bind+0x45c/0x1940 net/ipv6/af_inet6.c:412 inet6_bind+0x133/0x1b0 net/ipv6/af_inet6.c:471 rds_tcp_listen_init+0x263/0x450 net/rds/tcp_listen.c:307 rds_tcp_init_net+0x1c8/0x420 net/rds/tcp.c:573 ops_init+0x9a/0x590 net/core/net_namespace.c:135 __register_pernet_operations net/core/net_namespace.c:1153 [inline] register_pernet_operations+0x2df/0x750 net/core/net_namespace.c:1222 register_pernet_device+0x25/0x60 net/core/net_namespace.c:1309 rds_tcp_init+0x48/0x98 net/rds/tcp.c:731 do_one_initcall+0xf8/0x550 init/main.c:1303 do_initcall_level init/main.c:1376 [inline] do_initcalls init/main.c:1392 [inline] do_basic_setup init/main.c:1411 [inline] kernel_init_freeable+0x5e5/0x63f init/main.c:1631 kernel_init+0x18/0x130 init/main.c:1519 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 } ... key at: [] __key.1+0x0/0x40 the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (k-clock-AF_INET){+++.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_write_lock_bh include/linux/rwlock_api_smp.h:202 [inline] _raw_write_lock_bh+0x33/0x40 kernel/locking/spinlock.c:334 sock_orphan include/net/sock.h:2090 [inline] sk_common_release+0xb4/0x2e0 net/core/sock.c:3672 inet_release+0xf3/0x210 net/ipv4/af_inet.c:428 __sock_release net/socket.c:650 [inline] sock_release+0x81/0x190 net/socket.c:678 sock_free drivers/net/wireguard/socket.c:339 [inline] wg_socket_reinit+0x1aa/0x300 drivers/net/wireguard/socket.c:435 wg_netns_pre_exit+0xed/0x1e0 drivers/net/wireguard/device.c:427 ops_pre_exit_list net/core/net_namespace.c:159 [inline] cleanup_net+0x3a8/0x980 net/core/net_namespace.c:589 process_one_work+0x8ba/0x14c0 kernel/workqueue.c:2289 worker_thread+0x59c/0xec0 kernel/workqueue.c:2436 kthread+0x298/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3f/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1a/0xa0 net/core/sock.c:2542 udp_lib_lport_inuse+0x2c/0x3f0 net/ipv4/udp.c:140 udp_lib_get_port+0x719/0x1630 net/ipv4/udp.c:306 __inet_bind+0x635/0xb50 net/ipv4/af_inet.c:525 inet_bind+0x133/0x1b0 net/ipv4/af_inet.c:456 udp_sock_create4+0x19c/0x420 net/ipv4/udp_tunnel_core.c:30 udp_sock_create include/net/udp_tunnel.h:59 [inline] rxe_setup_udp_tunnel.constprop.0+0xd0/0x190 drivers/infiniband/sw/rxe/rxe_net.c:186 rxe_net_ipv4_init drivers/infiniband/sw/rxe/rxe_net.c:622 [inline] rxe_net_init+0x18/0x70 drivers/infiniband/sw/rxe/rxe_net.c:667 rxe_module_init+0xb/0x30 drivers/infiniband/sw/rxe/rxe.c:213 do_one_initcall+0xf8/0x550 init/main.c:1303 do_initcall_level init/main.c:1376 [inline] do_initcalls init/main.c:1392 [inline] do_basic_setup init/main.c:1411 [inline] kernel_init_freeable+0x5e5/0x63f init/main.c:1631 kernel_init+0x18/0x130 init/main.c:1519 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 SOFTIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline] _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300 l2tp_tunnel_register+0xf9/0xf60 net/l2tp/l2tp_core.c:1477 l2tp_nl_cmd_tunnel_create+0x364/0x9a0 net/l2tp/l2tp_netlink.c:245 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x34c/0x630 net/netlink/genetlink.c:850 netlink_rcv_skb+0x11c/0x370 net/netlink/af_netlink.c:2540 genl_rcv+0x23/0x30 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x437/0x710 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x786/0xc30 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xaf/0xe0 net/socket.c:734 ____sys_sendmsg+0x5f7/0x8a0 net/socket.c:2482 ___sys_sendmsg+0xdb/0x160 net/socket.c:2536 __sys_sendmsg+0xc7/0x160 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_write_lock_bh include/linux/rwlock_api_smp.h:202 [inline] _raw_write_lock_bh+0x33/0x40 kernel/locking/spinlock.c:334 sock_orphan include/net/sock.h:2090 [inline] sk_common_release+0xb4/0x2e0 net/core/sock.c:3672 inet_release+0xf3/0x210 net/ipv4/af_inet.c:428 __sock_release net/socket.c:650 [inline] sock_release+0x81/0x190 net/socket.c:678 sock_free drivers/net/wireguard/socket.c:339 [inline] wg_socket_reinit+0x1aa/0x300 drivers/net/wireguard/socket.c:435 wg_netns_pre_exit+0xed/0x1e0 drivers/net/wireguard/device.c:427 ops_pre_exit_list net/core/net_namespace.c:159 [inline] cleanup_net+0x3a8/0x980 net/core/net_namespace.c:589 process_one_work+0x8ba/0x14c0 kernel/workqueue.c:2289 worker_thread+0x59c/0xec0 kernel/workqueue.c:2436 kthread+0x298/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3f/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1a/0xa0 net/core/sock.c:2542 udp_lib_lport_inuse+0x2c/0x3f0 net/ipv4/udp.c:140 udp_lib_get_port+0x719/0x1630 net/ipv4/udp.c:306 __inet_bind+0x635/0xb50 net/ipv4/af_inet.c:525 inet_bind+0x133/0x1b0 net/ipv4/af_inet.c:456 udp_sock_create4+0x19c/0x420 net/ipv4/udp_tunnel_core.c:30 udp_sock_create include/net/udp_tunnel.h:59 [inline] rxe_setup_udp_tunnel.constprop.0+0xd0/0x190 drivers/infiniband/sw/rxe/rxe_net.c:186 rxe_net_ipv4_init drivers/infiniband/sw/rxe/rxe_net.c:622 [inline] rxe_net_init+0x18/0x70 drivers/infiniband/sw/rxe/rxe_net.c:667 rxe_module_init+0xb/0x30 drivers/infiniband/sw/rxe/rxe.c:213 do_one_initcall+0xf8/0x550 init/main.c:1303 do_initcall_level init/main.c:1376 [inline] do_initcalls init/main.c:1392 [inline] do_basic_setup init/main.c:1411 [inline] kernel_init_freeable+0x5e5/0x63f init/main.c:1631 kernel_init+0x18/0x130 init/main.c:1519 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 } ... key at: [] af_kern_callback_keys+0x20/0x300 ... acquired at: lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3f/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1a/0xa0 net/core/sock.c:2542 inet_bhash2_addr_any_conflict+0x24/0x360 net/ipv4/inet_connection_sock.c:248 inet_csk_get_port+0x16ec/0x2210 net/ipv4/inet_connection_sock.c:519 __inet_bind+0x635/0xb50 net/ipv4/af_inet.c:525 inet_bind+0x133/0x1b0 net/ipv4/af_inet.c:456 smc_bind+0x27b/0x320 net/smc/af_smc.c:433 __sys_bind+0x16f/0x1d0 net/socket.c:1776 __do_sys_bind net/socket.c:1787 [inline] __se_sys_bind net/socket.c:1785 [inline] __x64_sys_bind+0x6e/0xb0 net/socket.c:1785 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd stack backtrace: CPU: 0 PID: 4177 Comm: syz-executor.0 Not tainted 6.1.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x5b/0x81 lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2611 [inline] check_irq_usage.cold+0x4e4/0x761 kernel/locking/lockdep.c:2850 check_prev_add kernel/locking/lockdep.c:3101 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x2a5b/0x56d0 kernel/locking/lockdep.c:5055 lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3f/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1a/0xa0 net/core/sock.c:2542 inet_bhash2_addr_any_conflict+0x24/0x360 net/ipv4/inet_connection_sock.c:248 inet_csk_get_port+0x16ec/0x2210 net/ipv4/inet_connection_sock.c:519 __inet_bind+0x635/0xb50 net/ipv4/af_inet.c:525 inet_bind+0x133/0x1b0 net/ipv4/af_inet.c:456 smc_bind+0x27b/0x320 net/smc/af_smc.c:433 __sys_bind+0x16f/0x1d0 net/socket.c:1776 __do_sys_bind net/socket.c:1787 [inline] __se_sys_bind net/socket.c:1785 [inline] __x64_sys_bind+0x6e/0xb0 net/socket.c:1785 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f945768b639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9458419168 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007f94577abf80 RCX: 00007f945768b639 RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 00007f94576e6ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2950ce7f R14: 00007f9458419300 R15: 0000000000022000