| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Jun 2024 14:33:38 -0400 From: Shuangpeng Bai <shuangpengbai@...il.com> To: brauner@...nel.org, jack@...e.cz, edward.shishkin@...il.com, willy@...radead.org, yukuai3@...wei.com Cc: linux-kernel@...r.kernel.org, reiserfs-devel@...r.kernel.org Subject: Follow-Up on Reported Kernel Bug KASAN: slab-use-after-free in __discard_prealloc in v6.9 Dear Kernel Maintainers, I hope this message finds you well. I am writing to follow up on the recent bug report KASAN: slab-use-after-free in __discard_prealloc. I was wondering if there have been any updates or progress on this issue. Additionally, please let me know if there is any assistance I can provide. Thank you for your time and attention to this matter. Best regards, Shuangpeng > On May 21, 2024, at 23:19, Shuangpeng Bai <shuangpengbai@...il.com> wrote: > > Hi Kernel Maintainers, > > Our tool found a kernel bug KASAN: slab-use-after-free in __discard_prealloc. Please see the details below. > > Kernel commit: v6.9 (Commits on May 12, 2024) > Kernel config: attachment > C/Syz reproducer: attachment > > Please let me know for anything I can help. > > Best, > Shuangpeng > > > > [ 194.668209][ T8083] BUG: KASAN: slab-use-after-free in __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.669126][ T9920] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. > [ 194.669524][ T8083] Read of size 4 at addr ffff888159b1d63c by task a.out/8083 > [ 194.671126][ T8083] > [ 194.671351][ T8083] CPU: 0 PID: 8083 Comm: a.out Not tainted 6.9.0 #8 > [ 194.671950][ T8083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 > [ 194.672773][ T8083] Call Trace: > [ 194.673475][ T8083] <TASK> > [ 194.674042][ T8083] dump_stack_lvl (lib/dump_stack.c:117) > [ 194.674927][ T8083] print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) > [ 194.675770][ T8083] ? __phys_addr (arch/x86/mm/physaddr.c:32 (discriminator 4)) > [ 194.676638][ T8083] ? __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.677662][ T8083] kasan_report (mm/kasan/report.c:603) > [ 194.678475][ T8083] ? __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.679462][ T8083] __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.680432][ T8083] ? __pfx_mutex_lock (kernel/locking/mutex.c:282) > [ 194.681530][ T8083] ? mutex_lock (./arch/x86/include/asm/atomic64_64.h:109 ./include/linux/atomic/atomic-arch-fallback.h:4296 ./include/linux/atomic/atomic-long.h:1482 ./include/linux/atomic/atomic-instrumented.h:4458 kernel/locking/mutex.c:171 kernel/locking/mutex.c:285) > [ 194.682461][ T8083] ? __pfx_mutex_lock (kernel/locking/mutex.c:282) > [ 194.683525][ T8083] reiserfs_discard_all_prealloc (./include/linux/list.h:373 fs/reiserfs/bitmap.c:551) > [ 194.684860][ T8083] do_journal_end (fs/reiserfs/journal.c:4071) > [ 194.685990][ T8083] ? reiserfs_write_lock_nested (fs/reiserfs/lock.c:79) > [ 194.687258][ T8083] ? do_journal_begin_r (fs/reiserfs/journal.c:3030) > [ 194.688388][ T8083] ? down_read_trylock (./arch/x86/include/asm/preempt.h:103 kernel/locking/rwsem.c:1293 kernel/locking/rwsem.c:1565) > [ 194.689512][ T8083] ? __pfx_down_read_trylock (kernel/locking/rwsem.c:1564) > [ 194.690730][ T8083] ? __pfx_do_journal_end (fs/reiserfs/journal.c:3985) > [ 194.691867][ T8083] ? __pfx_wake_up_bit (kernel/sched/wait_bit.c:148) > [ 194.692943][ T8083] ? dquot_disable (fs/quota/dquot.c:2241) > [ 194.694043][ T8083] ? journal_mark_dirty (fs/reiserfs/journal.c:3384) > [ 194.695187][ T8083] journal_release (fs/reiserfs/journal.c:1939 fs/reiserfs/journal.c:1970) > [ 194.696249][ T8083] ? __pfx_journal_release (fs/reiserfs/journal.c:1969) > [ 194.697302][ T8083] reiserfs_put_super (fs/reiserfs/super.c:618) > [ 194.698273][ T8083] ? __pfx_reiserfs_put_super (fs/reiserfs/super.c:590) > [ 194.699338][ T8083] ? __pfx_evict_inodes (fs/inode.c:715) > [ 194.700303][ T8083] ? shrink_dcache_for_umount (./include/linux/list_bl.h:60 fs/dcache.c:1558) > [ 194.701507][ T8083] ? __pfx_reiserfs_put_super (fs/reiserfs/super.c:590) > [ 194.702633][ T8083] generic_shutdown_super (fs/super.c:647) > [ 194.703776][ T8083] kill_block_super (fs/super.c:1676) > [ 194.704890][ T8083] deactivate_locked_super (fs/super.c:433 fs/super.c:474) > [ 194.706120][ T8083] deactivate_super (fs/super.c:507) > [ 194.707137][ T8083] cleanup_mnt (fs/namespace.c:144 fs/namespace.c:1268) > [ 194.708143][ T8083] task_work_run (kernel/task_work.c:181 (discriminator 1)) > [ 194.709182][ T8083] ? __pfx_task_work_run (kernel/task_work.c:148) > [ 194.710362][ T8083] ? __x64_sys_umount (fs/namespace.c:1922) > [ 194.711486][ T8083] ? __pfx___x64_sys_umount (fs/namespace.c:1922) > [ 194.712665][ T8083] syscall_exit_to_user_mode (./include/linux/resume_user_mode.h:50 kernel/entry/common.c:114 ./include/linux/entry-common.h:328 kernel/entry/common.c:207 kernel/entry/common.c:218) > [ 194.713939][ T8083] do_syscall_64 (arch/x86/entry/common.c:102) > [ 194.715010][ T8083] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) > [ 194.716446][ T8083] RIP: 0033:0x7f41ac14d16b > [ 194.717471][ T8083] Code: cd 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 78 > All code > ======== > 0: cd 0c int $0xc > 2: 00 f7 add %dh,%bh > 4: d8 64 89 01 fsubs 0x1(%rcx,%rcx,4) > 8: 48 83 c8 ff or $0xffffffffffffffff,%rax > c: c3 ret > d: 66 90 xchg %ax,%ax > f: f3 0f 1e fa endbr64 > 13: 31 f6 xor %esi,%esi > 15: e9 05 00 00 00 jmp 0x1f > 1a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) > 1f: f3 0f 1e fa endbr64 > 23: b8 a6 00 00 00 mov $0xa6,%eax > 28: 0f 05 syscall > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction > 30: 78 .byte 0x78 > > Code starting with the faulting instruction > =========================================== > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax > 6: 78 .byte 0x78 > [ 194.721957][ T8083] RSP: 002b:00007ffc1c01ee98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 > [ 194.723594][ T8083] RAX: 0000000000000000 RBX: 00005571e220fe30 RCX: 00007f41ac14d16b > [ 194.725053][ T8083] RDX: 0000000000000009 RSI: 0000000000000009 RDI: 00007ffc1c01ef70 > [ 194.726613][ T8083] RBP: 00007ffc1c01ff80 R08: 00000000ffffffff R09: 00007ffc1c01ed30 > [ 194.728147][ T8083] R10: 00005571e22100ee R11: 0000000000000202 R12: 00005571e220c720 > [ 194.729713][ T8083] R13: 00007ffc1c020100 R14: 0000000000000000 R15: 0000000000000000 > [ 194.731261][ T8083] </TASK> > [ 194.731856][ T8083] > [ 194.732313][ T8083] Allocated by task 9876: > [ 194.733176][ T8083] kasan_save_stack (mm/kasan/common.c:48) > [ 194.734236][ T8083] kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) > [ 194.735295][ T8083] __kasan_slab_alloc (mm/kasan/common.c:341) > [ 194.736401][ T8083] kmem_cache_alloc_lru (mm/slub.c:3805 mm/slub.c:3851 mm/slub.c:3870) > [ 194.737539][ T8083] reiserfs_alloc_inode (fs/reiserfs/super.c:643) > [ 194.738710][ T8083] alloc_inode (fs/inode.c:261) > [ 194.739657][ T8083] new_inode (fs/inode.c:1009 fs/inode.c:1033) > [ 194.740574][ T8083] reiserfs_create (fs/reiserfs/namei.c:634) > [ 194.741656][ T8083] path_openat (fs/namei.c:3499 fs/namei.c:3566 fs/namei.c:3796) > [ 194.742716][ T8083] do_filp_open (fs/namei.c:3827) > [ 194.743724][ T8083] do_sys_openat2 (fs/open.c:1407) > [ 194.744693][ T8083] __x64_sys_openat (fs/open.c:1432) > [ 194.745767][ T8083] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) > [ 194.746687][ T8083] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) > [ 194.747925][ T8083] > [ 194.748522][ T8083] Freed by task 0: > [ 194.749336][ T8083] kasan_save_stack (mm/kasan/common.c:48) > [ 194.750377][ T8083] kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) > [ 194.751394][ T8083] kasan_save_free_info (mm/kasan/generic.c:582) > [ 194.752535][ T8083] __kasan_slab_free (mm/kasan/common.c:274) > [ 194.753686][ T8083] kmem_cache_free (mm/slub.c:4286 mm/slub.c:4350) > [ 194.754683][ T8083] i_callback (fs/inode.c:253) > [ 194.755732][ T8083] rcu_core (./arch/x86/include/asm/preempt.h:26 kernel/rcu/tree.c:2203 kernel/rcu/tree.c:2471) > [ 194.756660][ T8083] handle_softirqs (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:555) > [ 194.757702][ T8083] irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649) > [ 194.758656][ T8083] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) > [ 194.760169][ T8083] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) > [ 194.761723][ T8083] > [ 194.762293][ T8083] Last potentially related work creation: > [ 194.763678][ T8083] kasan_save_stack (mm/kasan/common.c:48) > [ 194.764850][ T8083] __kasan_record_aux_stack (mm/kasan/generic.c:541) > [ 194.766173][ T8083] __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:103 kernel/rcu/tree.c:2735) > [ 194.767683][ T8083] destroy_inode (fs/inode.c:317) > [ 194.768869][ T8083] iput.part.0 (fs/inode.c:1741 fs/inode.c:1767) > [ 194.770085][ T8083] iput (fs/inode.c:1769) > [ 194.771070][ T8083] dentry_unlink_inode (fs/dcache.c:401) > [ 194.772602][ T8083] __dentry_kill (fs/dcache.c:606) > [ 194.773978][ T8083] dput (fs/dcache.c:846 fs/dcache.c:833) > [ 194.775098][ T8083] path_put (fs/namei.c:562) > [ 194.776263][ T8083] do_sys_truncate.part.0 (fs/open.c:135) > [ 194.778042][ T8083] __x64_sys_truncate (fs/open.c:128 fs/open.c:146 fs/open.c:144 fs/open.c:144) > [ 194.779444][ T8083] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) > [ 194.780764][ T8083] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) > [ 194.782457][ T8083] > [ 194.783131][ T8083] The buggy address belongs to the object at ffff888159b1d620 > [ 194.783131][ T8083] which belongs to the cache reiser_inode_cache of size 816 > [ 194.787449][ T8083] The buggy address is located 28 bytes inside of > [ 194.787449][ T8083] freed 816-byte region [ffff888159b1d620, ffff888159b1d950) > [ 194.791445][ T8083] > [ 194.792122][ T8083] The buggy address belongs to the physical page: > [ 194.793790][ T8083] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888159b1c3b0 pfn:0x159b1c > [ 194.795987][ T8083] head: order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 > [ 194.797483][ T8083] flags: 0x57ff00000000840(slab|head|node=1|zone=2|lastcpupid=0x7ff) > [ 194.801436][ T8083] page_type: 0xffffffff() > [ 194.802430][ T8083] raw: 057ff00000000840 ffff888145e9f8c0 ffffea0001c2a600 0000000000000004 > [ 194.804299][ T8083] raw: ffff888159b1c3b0 0000000080110010 00000001ffffffff 0000000000000000 > [ 194.806266][ T8083] head: 057ff00000000840 ffff888145e9f8c0 ffffea0001c2a600 0000000000000004 > [ 194.808198][ T8083] head: ffff888159b1c3b0 0000000080110010 00000001ffffffff 0000000000000000 > [ 194.810058][ T8083] head: 057ff00000000002 ffffea000566c701 dead000000000122 00000000ffffffff > [ 194.811978][ T8083] head: 0000000400000000 0000000000000000 00000000ffffffff 0000000000000000 > [ 194.813914][ T8083] page dumped because: kasan: bad access detected > [ 194.815313][ T8083] page_owner tracks the page as allocated > [ 194.816509][ T8083] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP0 > [ 194.821336][ T8083] post_alloc_hook (./include/linux/page_owner.h:32 mm/page_alloc.c:1534) > [ 194.822457][ T8083] get_page_from_freelist (mm/page_alloc.c:1543 mm/page_alloc.c:3317) > [ 194.823688][ T8083] __alloc_pages (mm/page_alloc.c:4576) > [ 194.824723][ T8083] allocate_slab (mm/slub.c:2181 mm/slub.c:2343) > [ 194.825743][ T8083] ___slab_alloc (mm/slub.c:3531) > [ 194.826760][ T8083] __slab_alloc.constprop.0 (mm/slub.c:3615) > [ 194.827911][ T8083] kmem_cache_alloc_lru (mm/slub.c:3668 mm/slub.c:3841 mm/slub.c:3870) > [ 194.829067][ T8083] reiserfs_alloc_inode (fs/reiserfs/super.c:643) > [ 194.830189][ T8083] alloc_inode (fs/inode.c:261) > [ 194.831173][ T8083] iget5_locked (fs/inode.c:1237 fs/inode.c:1228) > [ 194.832182][ T8083] reiserfs_fill_super (fs/reiserfs/super.c:2054) > [ 194.833323][ T8083] mount_bdev (fs/super.c:1659) > [ 194.834269][ T8083] legacy_get_tree (fs/fs_context.c:664) > [ 194.835264][ T8083] vfs_get_tree (fs/super.c:1780) > [ 194.836191][ T8083] path_mount (fs/namespace.c:3353 fs/namespace.c:3679) > [ 194.837120][ T8083] __x64_sys_mount (fs/namespace.c:3693 fs/namespace.c:3898 fs/namespace.c:3875 fs/namespace.c:3875) > [ 194.838189][ T8083] page_owner free stack trace missing > [ 194.839319][ T8083] > [ 194.839838][ T8083] Memory state around the buggy address: > [ 194.841035][ T8083] ffff888159b1d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 194.842751][ T8083] ffff888159b1d580: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc > [ 194.844459][ T8083] >ffff888159b1d600: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb > [ 194.846244][ T8083] ^ > [ 194.847615][ T8083] ffff888159b1d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 194.849333][ T8083] ffff888159b1d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb > [ 194.850693][ T8083] ================================================================== > [ 194.863761][ T8083] Kernel panic - not syncing: KASAN: panic_on_warn set ... > [ 194.865484][ T8083] CPU: 0 PID: 8083 Comm: a.out Not tainted 6.9.0 #8 > [ 194.867008][ T8083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 > [ 194.868970][ T8083] Call Trace: > [ 194.869630][ T8083] <TASK> > [ 194.870254][ T8083] dump_stack_lvl (lib/dump_stack.c:118 (discriminator 4)) > [ 194.871333][ T8083] panic (kernel/panic.c:348) > [ 194.872907][ T8083] ? __pfx_panic (kernel/panic.c:282) > [ 194.873915][ T8083] ? preempt_schedule_thunk (arch/x86/entry/thunk_64.S:12) > [ 194.875119][ T8083] ? preempt_schedule_common (./arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6927) > [ 194.876293][ T8083] ? check_panic_on_warn (kernel/panic.c:240) > [ 194.877435][ T8083] ? __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.878672][ T8083] check_panic_on_warn (kernel/panic.c:241) > [ 194.879809][ T8083] end_report (mm/kasan/report.c:226) > [ 194.880719][ T8083] kasan_report (./arch/x86/include/asm/smap.h:56 mm/kasan/report.c:606) > [ 194.881700][ T8083] ? __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.882817][ T8083] __discard_prealloc (fs/reiserfs/bitmap.c:505) > [ 194.883890][ T8083] ? __pfx_mutex_lock (kernel/locking/mutex.c:282) > [ 194.884990][ T8083] ? mutex_lock (./arch/x86/include/asm/atomic64_64.h:109 ./include/linux/atomic/atomic-arch-fallback.h:4296 ./include/linux/atomic/atomic-long.h:1482 ./include/linux/atomic/atomic-instrumented.h:4458 kernel/locking/mutex.c:171 kernel/locking/mutex.c:285) > [ 194.885973][ T8083] ? __pfx_mutex_lock (kernel/locking/mutex.c:282) > [ 194.887042][ T8083] reiserfs_discard_all_prealloc (./include/linux/list.h:373 fs/reiserfs/bitmap.c:551) > [ 194.888315][ T8083] do_journal_end (fs/reiserfs/journal.c:4071) > [ 194.889386][ T8083] ? reiserfs_write_lock_nested (fs/reiserfs/lock.c:79) > [ 194.890629][ T8083] ? do_journal_begin_r (fs/reiserfs/journal.c:3030) > [ 194.892411][ T8083] ? down_read_trylock (./arch/x86/include/asm/preempt.h:103 kernel/locking/rwsem.c:1293 kernel/locking/rwsem.c:1565) > [ 194.896737][ T8083] ? __pfx_down_read_trylock (kernel/locking/rwsem.c:1564) > [ 194.899681][ T8083] ? __pfx_do_journal_end (fs/reiserfs/journal.c:3985) > [ 194.900992][ T8083] ? __pfx_wake_up_bit (kernel/sched/wait_bit.c:148) > [ 194.902147][ T8083] ? dquot_disable (fs/quota/dquot.c:2241) > [ 194.903276][ T8083] ? journal_mark_dirty (fs/reiserfs/journal.c:3384) > [ 194.904466][ T8083] journal_release (fs/reiserfs/journal.c:1939 fs/reiserfs/journal.c:1970) > [ 194.905596][ T8083] ? __pfx_journal_release (fs/reiserfs/journal.c:1969) > [ 194.906839][ T8083] reiserfs_put_super (fs/reiserfs/super.c:618) > [ 194.908016][ T8083] ? __pfx_reiserfs_put_super (fs/reiserfs/super.c:590) > [ 194.909296][ T8083] ? __pfx_evict_inodes (fs/inode.c:715) > [ 194.910506][ T8083] ? shrink_dcache_for_umount (./include/linux/list_bl.h:60 fs/dcache.c:1558) > [ 194.911809][ T8083] ? __pfx_reiserfs_put_super (fs/reiserfs/super.c:590) > [ 194.913079][ T8083] generic_shutdown_super (fs/super.c:647) > [ 194.914265][ T8083] kill_block_super (fs/super.c:1676) > [ 194.915356][ T8083] deactivate_locked_super (fs/super.c:433 fs/super.c:474) > [ 194.916558][ T8083] deactivate_super (fs/super.c:507) > [ 194.917643][ T8083] cleanup_mnt (fs/namespace.c:144 fs/namespace.c:1268) > [ 194.918633][ T8083] task_work_run (kernel/task_work.c:181 (discriminator 1)) > [ 194.919696][ T8083] ? __pfx_task_work_run (kernel/task_work.c:148) > [ 194.921028][ T8083] ? __x64_sys_umount (fs/namespace.c:1922) > [ 194.922198][ T8083] ? __pfx___x64_sys_umount (fs/namespace.c:1922) > [ 194.923455][ T8083] syscall_exit_to_user_mode (./include/linux/resume_user_mode.h:50 kernel/entry/common.c:114 ./include/linux/entry-common.h:328 kernel/entry/common.c:207 kernel/entry/common.c:218) > [ 194.924701][ T8083] do_syscall_64 (arch/x86/entry/common.c:102) > [ 194.925719][ T8083] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) > [ 194.927021][ T8083] RIP: 0033:0x7f41ac14d16b > [ 194.928007][ T8083] Code: cd 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 78 > All code > ======== > 0: cd 0c int $0xc > 2: 00 f7 add %dh,%bh > 4: d8 64 89 01 fsubs 0x1(%rcx,%rcx,4) > 8: 48 83 c8 ff or $0xffffffffffffffff,%rax > c: c3 ret > d: 66 90 xchg %ax,%ax > f: f3 0f 1e fa endbr64 > 13: 31 f6 xor %esi,%esi > 15: e9 05 00 00 00 jmp 0x1f > 1a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) > 1f: f3 0f 1e fa endbr64 > 23: b8 a6 00 00 00 mov $0xa6,%eax > 28: 0f 05 syscall > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction > 30: 78 .byte 0x78 > > Code starting with the faulting instruction > =========================================== > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax > 6: 78 .byte 0x78 > [ 194.932455][ T8083] RSP: 002b:00007ffc1c01ee98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 > [ 194.934448][ T8083] RAX: 0000000000000000 RBX: 00005571e220fe30 RCX: 00007f41ac14d16b > [ 194.936283][ T8083] RDX: 0000000000000009 RSI: 0000000000000009 RDI: 00007ffc1c01ef70 > [ 194.938032][ T8083] RBP: 00007ffc1c01ff80 R08: 00000000ffffffff R09: 00007ffc1c01ed30 > [ 194.939839][ T8083] R10: 00005571e22100ee R11: 0000000000000202 R12: 00005571e220c720 > [ 194.941774][ T8083] R13: 00007ffc1c020100 R14: 0000000000000000 R15: 0000000000000000 > [ 194.943577][ T8083] </TASK> > [ 194.944402][ T8083] Kernel Offset: disabled > [ 194.945399][ T8083] Rebooting in 86400 seconds.. > Download attachment "repro.c" of type "application/octet-stream" (50046 bytes) Download attachment ".config" of type "application/octet-stream" (247338 bytes) > >
Powered by blists - more mailing lists