bisecting cause commit starting from 4d02da974ea85a62074efedf354e82778f910d82 building syzkaller on 740ff4615a9ced4a8a016365aa44674b9b0e807d testing commit 4d02da974ea85a62074efedf354e82778f910d82 with gcc (GCC) 8.1.0 kernel signature: 37c91283c89ed8b45a26e5abbcca64cefd2d32143944ca77630216d5516dd2fd run #0: crashed: INFO: task hung in linkwatch_event run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in linkwatch_event run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in linkwatch_event run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in addrconf_dad_work testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 934f0a134532bbbd345c7e8b605e59600f755e76ac937b8aa8fb348b839f419b run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in linkwatch_event run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in cfg80211_event_work testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 8730770d68f8e920985126c577ec2dcb31f1816337898b7dcb97124240c2a41c all runs: OK # git bisect start bbf5c979011a099af5dc76498918ed7df445635b bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 7841 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: be74cfddc6034fc1afe831f18fc0c338afcb115920db0d6e55e1cbd86225f5fe all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 3921 revisions left to test after this (roughly 12 steps) [97d052ea3fa853b9aabcc4baca1a605cb1188611] Merge tag 'locking-urgent-2020-08-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 97d052ea3fa853b9aabcc4baca1a605cb1188611 with gcc (GCC) 8.1.0 kernel signature: 115a899e8fd567d63fa17a39540644bbee0b6da8095e2cd89cf3492d5098293d all runs: OK # git bisect good 97d052ea3fa853b9aabcc4baca1a605cb1188611 Bisecting: 1960 revisions left to test after this (roughly 11 steps) [df561f6688fef775baa341a0f5d960becd248b11] treewide: Use fallthrough pseudo-keyword testing commit df561f6688fef775baa341a0f5d960becd248b11 with gcc (GCC) 8.1.0 kernel signature: b8168f52e97049424ac9a1cb46ec582930df79bf15360aa3321a83b97b98e421 all runs: OK # git bisect good df561f6688fef775baa341a0f5d960becd248b11 Bisecting: 982 revisions left to test after this (roughly 10 steps) [e4c26faa426c17274884f759f708bc9ee22fd59a] Merge tag 'usb-5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit e4c26faa426c17274884f759f708bc9ee22fd59a with gcc (GCC) 8.1.0 kernel signature: 40d255e9c3ddbd7ad145b36959dd9009b167ea5790c91fe1ca3b6050100d5d7b all runs: OK # git bisect good e4c26faa426c17274884f759f708bc9ee22fd59a Bisecting: 491 revisions left to test after this (roughly 9 steps) [135f4b9e9340dadb78e9737bb4eb9817b9c89dac] ice: fix memory leak if register_netdev_fails testing commit 135f4b9e9340dadb78e9737bb4eb9817b9c89dac with gcc (GCC) 8.1.0 kernel signature: aa0d579f44cd19edc501f5c5332c58a3c745e4617908a332ca101ffa1a97d420 run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in cfg80211_event_work run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 135f4b9e9340dadb78e9737bb4eb9817b9c89dac Bisecting: 248 revisions left to test after this (roughly 8 steps) [a31128384dfd9ca11f15ef4ea73df25e394846d1] Merge tag 'libnvdimm-fixes-5.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit a31128384dfd9ca11f15ef4ea73df25e394846d1 with gcc (GCC) 8.1.0 kernel signature: ccdfee4a0d605971d4b2d2763279cbaf2527dda1c4d2b294e3b64b68e0a14c9e all runs: OK # git bisect good a31128384dfd9ca11f15ef4ea73df25e394846d1 Bisecting: 124 revisions left to test after this (roughly 7 steps) [5f6857e808a8bd078296575b417c4b9d160b9779] nfp: use correct define to return NONE fec testing commit 5f6857e808a8bd078296575b417c4b9d160b9779 with gcc (GCC) 8.1.0 kernel signature: 82f3df2275ab2b74f4d3cdc3511c818a8d4676c86e574c9a0e5d8a091882b0a7 all runs: OK # git bisect good 5f6857e808a8bd078296575b417c4b9d160b9779 Bisecting: 62 revisions left to test after this (roughly 6 steps) [8b9e03cd08250c60409099c791e858157838d9eb] net: dsa: felix: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries testing commit 8b9e03cd08250c60409099c791e858157838d9eb with gcc (GCC) 8.1.0 kernel signature: 1b9b2eb6e23437ecd31d7a0a9fb288404e47e84f192bc42e93cfe270ef18d22b all runs: OK # git bisect good 8b9e03cd08250c60409099c791e858157838d9eb Bisecting: 28 revisions left to test after this (roughly 5 steps) [0baca070068c58b95e342881d9da4840d5cf3bd1] Merge tag 'io_uring-5.9-2020-09-22' of git://git.kernel.dk/linux-block testing commit 0baca070068c58b95e342881d9da4840d5cf3bd1 with gcc (GCC) 8.1.0 kernel signature: 2d3818f6bb58f39007367110a215d952f14a3f4ee679c93292005bdcb11a6163 all runs: OK # git bisect good 0baca070068c58b95e342881d9da4840d5cf3bd1 Bisecting: 14 revisions left to test after this (roughly 4 steps) [e49d8c22f1261c43a986a7fdbf677ac309682a07] net_sched: defer tcf_idr_insert() in tcf_action_init_1() testing commit e49d8c22f1261c43a986a7fdbf677ac309682a07 with gcc (GCC) 8.1.0 kernel signature: 2c04ec6628607f5589facc4ae2112ae8e374cbcafe46ef8f1b2e5d4e55f91b38 all runs: OK # git bisect good e49d8c22f1261c43a986a7fdbf677ac309682a07 Bisecting: 7 revisions left to test after this (roughly 3 steps) [4ab810a4e04ab6c851007033d39c13e6d3f55110] net: mscc: ocelot: fix fields offset in SG_CONFIG_REG_3 testing commit 4ab810a4e04ab6c851007033d39c13e6d3f55110 with gcc (GCC) 8.1.0 kernel signature: a56f5c0d60dac344ede38c260ee3c2e2cdea0920426d261f2d9ff14462e04ef1 run #0: crashed: INFO: task hung in linkwatch_event run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in linkwatch_event run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 4ab810a4e04ab6c851007033d39c13e6d3f55110 Bisecting: 3 revisions left to test after this (roughly 2 steps) [02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0] net/ipv4: always honour route mtu during forwarding testing commit 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 with gcc (GCC) 8.1.0 kernel signature: 63082a05f9883259381926479972f72a37fae34bb350e403b32c1b1f49d8aad1 run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in linkwatch_event run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in linkwatch_event run #4: crashed: INFO: task hung in switchdev_deferred_process_work run #5: crashed: INFO: task hung in linkwatch_event run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 02a1b175b0e92d9e0fa5df3957ade8d733ceb6a0 Bisecting: 0 revisions left to test after this (roughly 1 step) [6d8899962afdf789f6ec8407ffdf3130724a7005] Merge branch 'net_sched-fix-a-UAF-in-tcf_action_init' testing commit 6d8899962afdf789f6ec8407ffdf3130724a7005 with gcc (GCC) 8.1.0 kernel signature: 9750cf88d6408af6083772d536ab5ca1a88f8c1c921db5642bba5597db86793c run #0: crashed: INFO: task hung in addrconf_dad_work run #1: crashed: INFO: task hung in addrconf_dad_work run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in addrconf_dad_work run #5: crashed: INFO: task hung in addrconf_dad_work run #6: crashed: INFO: task hung in addrconf_dad_work run #7: crashed: INFO: task hung in linkwatch_event run #8: crashed: INFO: task hung in linkwatch_event run #9: crashed: INFO: task hung in linkwatch_event # git bisect bad 6d8899962afdf789f6ec8407ffdf3130724a7005 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0fedc63fadf0404a729e73a35349481c8009c02f] net_sched: commit action insertions together testing commit 0fedc63fadf0404a729e73a35349481c8009c02f with gcc (GCC) 8.1.0 kernel signature: 9750cf88d6408af6083772d536ab5ca1a88f8c1c921db5642bba5597db86793c run #0: crashed: INFO: task hung in linkwatch_event run #1: crashed: INFO: task hung in linkwatch_event run #2: crashed: INFO: task hung in addrconf_dad_work run #3: crashed: INFO: task hung in addrconf_dad_work run #4: crashed: INFO: task hung in addrconf_dad_work run #5: crashed: INFO: task hung in linkwatch_event run #6: crashed: INFO: task hung in linkwatch_event run #7: crashed: INFO: task hung in addrconf_dad_work run #8: crashed: INFO: task hung in addrconf_dad_work run #9: crashed: INFO: task hung in addrconf_dad_work # git bisect bad 0fedc63fadf0404a729e73a35349481c8009c02f 0fedc63fadf0404a729e73a35349481c8009c02f is the first bad commit commit 0fedc63fadf0404a729e73a35349481c8009c02f Author: Cong Wang Date: Tue Sep 22 20:56:24 2020 -0700 net_sched: commit action insertions together syzbot is able to trigger a failure case inside the loop in tcf_action_init(), and when this happens we clean up with tcf_action_destroy(). But, as these actions are already inserted into the global IDR, other parallel process could free them before tcf_action_destroy(), then we will trigger a use-after-free. Fix this by deferring the insertions even later, after the loop, and committing all the insertions in a separate loop, so we will never fail in the middle of the insertions any more. One side effect is that the window between alloction and final insertion becomes larger, now it is more likely that the loop in tcf_del_walker() sees the placeholder -EBUSY pointer. So we have to check for error pointer in tcf_del_walker(). Reported-and-tested-by: syzbot+2287853d392e4b42374a@syzkaller.appspotmail.com Fixes: 0190c1d452a9 ("net: sched: atomically check-allocate action") Cc: Vlad Buslov Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/sched/act_api.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) culprit signature: 9750cf88d6408af6083772d536ab5ca1a88f8c1c921db5642bba5597db86793c parent signature: 2c04ec6628607f5589facc4ae2112ae8e374cbcafe46ef8f1b2e5d4e55f91b38 revisions tested: 17, total time: 3h36m54.358040111s (build: 1h11m51.629520529s, test: 2h23m21.055472301s) first bad commit: 0fedc63fadf0404a729e73a35349481c8009c02f net_sched: commit action insertions together recipients (to): ["davem@davemloft.net" "syzbot+2287853d392e4b42374a@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"] recipients (cc): [] crash: INFO: task hung in addrconf_dad_work INFO: task kworker/1:0:17 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:0 state:D stack:13208 pid: 17 ppid: 2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 addrconf_dad_work+0x3f/0x500 net/ipv6/addrconf.c:4027 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/u4:4:551 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:4 state:D stack:12440 pid: 551 ppid: 2 flags:0x00004000 Workqueue: cfg80211 cfg80211_event_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 cfg80211_event_work+0x9/0x20 net/wireless/core.c:319 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:2:2985 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:2 state:D stack:12472 pid: 2985 ppid: 2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 addrconf_dad_work+0x3f/0x500 net/ipv6/addrconf.c:4027 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:2:3030 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:2 state:D stack:13336 pid: 3030 ppid: 2 flags:0x00004000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 linkwatch_event+0x5/0x30 net/core/link_watch.c:250 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task syz-executor.4:8855 blocked for more than 143 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:11136 pid: 8855 ppid: 1 flags:0x20024004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall net/compat.c:424 [inline] __ia32_compat_sys_socketcall+0x256/0x380 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fd2549 Code: Bad RIP value. RSP: 002b:00000000fffea8a0 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000fffea8b8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000fffea968 RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.3:8857 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:11320 pid: 8857 ppid: 1 flags:0x20024004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall net/compat.c:424 [inline] __ia32_compat_sys_socketcall+0x256/0x380 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f70549 Code: Bad RIP value. RSP: 002b:00000000ff94f800 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000ff94f818 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.1:8861 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:11272 pid: 8861 ppid: 1 flags:0x20020004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall net/compat.c:424 [inline] __ia32_compat_sys_socketcall+0x256/0x380 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fb6549 Code: Bad RIP value. RSP: 002b:00000000ffd77fc0 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000ffd77fd8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.0:8862 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:11544 pid: 8862 ppid: 1 flags:0x20020004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall net/compat.c:424 [inline] __ia32_compat_sys_socketcall+0x256/0x380 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fdd549 Code: Bad RIP value. RSP: 002b:00000000ff84c3f0 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000ff84c408 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.5:8863 blocked for more than 144 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:11160 pid: 8863 ppid: 1 flags:0x20020004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 nl80211_pre_doit+0xf9/0x1b0 net/wireless/nl80211.c:14304 genl_family_rcv_msg_doit net/netlink/genetlink.c:664 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x1b8/0x2ef net/netlink/genetlink.c:731 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall net/compat.c:424 [inline] __ia32_compat_sys_socketcall+0x256/0x380 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f3d549 Code: Bad RIP value. RSP: 002b:00000000ffadceb0 EFLAGS: 00000286 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000ffadcec8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 INFO: task syz-executor.2:10216 blocked for more than 145 seconds. Not tainted 5.9.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:13544 pid:10216 ppid: 8853 flags:0x20024004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x381/0x8d0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x472/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x124/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmmsg+0x13b/0x1e0 net/socket.c:2490 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x1c/0x20 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fd2549 Code: Bad RIP value. RSP: 002b:00000000f778a0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000200 RDX: 00000000924926d3 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Showing all locks held in the system: 3 locks held by kworker/1:0/17: #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000ce7e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000ce7e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000ce7e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x3f/0x500 net/ipv6/addrconf.c:4027 3 locks held by kworker/u4:4/551: #0: ffff88813aa25538 ((wq_completion)cfg80211){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813aa25538 ((wq_completion)cfg80211){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813aa25538 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc900015fbe70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc900015fbe70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc900015fbe70 ((work_completion)(&rdev->event_work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_event_work+0x9/0x20 net/wireless/core.c:319 1 lock held by khungtaskd/1546: #0: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0x17a kernel/locking/lockdep.c:5853 3 locks held by kworker/0:2/2985: #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888237067138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90006523e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90006523e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90006523e70 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x3f/0x500 net/ipv6/addrconf.c:4027 3 locks held by kworker/1:2/3030: #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813b856738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90006593e70 ((linkwatch_work).work){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90006593e70 ((linkwatch_work).work){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90006593e70 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x5/0x30 net/core/link_watch.c:250 1 lock held by in:imklog/8040: #0: ffff88812de112f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x45/0x50 fs/file.c:930 3 locks held by kworker/0:4/8678: #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88813b856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc900011a3e70 ((reg_check_chans).work){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc900011a3e70 ((reg_check_chans).work){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc900011a3e70 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x28/0x4b0 net/wireless/reg.c:2199 1 lock held by syz-executor.4/8855: #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 1 lock held by syz-executor.3/8857: #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 1 lock held by syz-executor.1/8861: #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 1 lock held by syz-executor.0/8862: #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 2 locks held by syz-executor.5/8863: #0: ffffffff84f422b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:741 #1: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xf9/0x1b0 net/wireless/nl80211.c:14304 2 locks held by syz-executor.2/10187: 1 lock held by syz-executor.2/10216: #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff84f2a408 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1546 Comm: khungtaskd Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.8+0x3e/0x58 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xd5/0xec lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x58e/0x680 kernel/hung_task.c:295 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 10187 Comm: syz-executor.2 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:rcu_lockdep_current_cpu_online+0x4c/0x90 kernel/rcu/tree.c:1160 Code: 06 48 83 c4 08 5b c3 65 ff 05 90 96 db 7e e8 6b ff 2d 02 48 c7 c3 40 d6 02 00 89 c0 48 83 f8 07 77 27 48 03 1c c5 c0 36 78 84 <48> 8b 43 18 48 8b 40 70 48 85 43 20 0f 95 c0 65 ff 0d 5e 96 db 7e RSP: 0018:ffffc900027cb420 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffff88813bc2d640 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff846be3e6 RDI: ffffffff8445c831 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88812f507fd8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88812f507f68 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88813bc00000(0063) knlGS:00000000f77ccb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00007f0f714a0020 CR3: 000000011c8cf000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_lock_held_common+0x25/0x40 kernel/rcu/update.c:123 rcu_read_lock_sched_held+0x1e/0x80 kernel/rcu/update.c:134 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x346/0x3c0 kernel/locking/lockdep.c:5003 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103 tcf_idr_check_alloc+0x43/0x120 net/sched/act_api.c:499 tcf_police_init+0x175/0x740 net/sched/act_police.c:81 tcf_action_init_1+0xfd/0x4f0 net/sched/act_api.c:998 tcf_exts_validate+0x58/0xe0 net/sched/cls_api.c:3058 rsvp_change+0x114/0xe30 net/sched/cls_rsvp.h:502 tc_new_tfilter+0x8d2/0xcf0 net/sched/cls_api.c:2129 rtnetlink_rcv_msg+0x352/0x480 net/core/rtnetlink.c:5554 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x124/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmmsg+0x13b/0x1e0 net/socket.c:2490 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x1c/0x20 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fd2549 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000f77cc0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000200 RDX: 00000000924926d3 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000