lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHOo4gL8UJnY=zZOHVioLsemBfA7eZSK+utxWLd7TBCz89X=3w@mail.gmail.com>
Date: Fri, 6 Sep 2024 10:30:58 +0800
From: Hui Guo <guohui.study@...il.com>
To: reiserfs-devel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	"Matthew Wilcox (Oracle)" <willy@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, 
	Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Jeff Layton <jlayton@...nel.org>, 
	Chengming Zhou <zhouchengming@...edance.com>
Cc: syzkaller-bugs@...glegroups.com
Subject: kernel BUG in reiserfs_update_sd_size

Hi Kernel Maintainers,
we found a crash "kernel BUG in reiserfs_update_sd_size" in upstream,
and reproduced it successfully:
by this report "https://groups.google.com/g/syzkaller-bugs/c/3HUP6xnzjo0/m/bP0j4x9rBAAJ",
this bug have been triggered before and fixed, but it can still be
triggered now, .

HEAD Commit: 88fac17500f4ea49c7bac136cf1b27e7b9980075(Merge tag
'fuse-fixes-6.11-rc7')
kernel config: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/6.11.config
console output:
https://github.com/androidAppGuard/KernelBugs/blob/main/88fac17500f4ea49c7bac136cf1b27e7b9980075/331f477773da9111eed5fd0f8bb94f7655b2384c/log0
repro report: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/88fac17500f4ea49c7bac136cf1b27e7b9980075/331f477773da9111eed5fd0f8bb94f7655b2384c/repro.report
syz reproducer:
https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/88fac17500f4ea49c7bac136cf1b27e7b9980075/331f477773da9111eed5fd0f8bb94f7655b2384c/repro.prog
C reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/88fac17500f4ea49c7bac136cf1b27e7b9980075/331f477773da9111eed5fd0f8bb94f7655b2384c/repro.cprog


Please let me know if there is anything I can help.
Best,
Hui Guo

This is the crash log I got by reproducing the bug based on the above
environment,
I have piped this log through decode_stacktrace.sh for better
understand the cause of the bug.
================================================================================
2024/09/06 01:38:39 executed programs: 0
[ 683.192926][ T8481] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 683.195893][ T8481] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 683.198219][ T8481] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 683.201223][ T8481] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 683.204054][ T8481] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 683.205951][ T8481] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 683.376251][T14942] chnl_net:caif_netlink_parms(): no params data found
[ 683.462697][T14942] bridge0: port 1(bridge_slave_0) entered blocking state
[ 683.463612][T14942] bridge0: port 1(bridge_slave_0) entered disabled state
[ 683.464441][T14942] bridge_slave_0: entered allmulticast mode
[ 683.465813][T14942] bridge_slave_0: entered promiscuous mode
[ 683.468075][T14942] bridge0: port 2(bridge_slave_1) entered blocking state
[ 683.468929][T14942] bridge0: port 2(bridge_slave_1) entered disabled state
[ 683.469872][T14942] bridge_slave_1: entered allmulticast mode
[ 683.471199][T14942] bridge_slave_1: entered promiscuous mode
[ 683.520982][T14942] bond0: (slave bond_slave_0): Enslaving as an
active interface with an up link
[ 683.526567][T14942] bond0: (slave bond_slave_1): Enslaving as an
active interface with an up link
[ 683.580532][T14942] team0: Port device team_slave_0 added
[ 683.585273][T14942] team0: Port device team_slave_1 added
[ 683.629086][T14942] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 683.629913][T14942] batman_adv: batadv0: The MTU of interface
batadv_slave_0 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 683.633024][T14942] batman_adv: batadv0: Not using interface
batadv_slave_0 (retrying later): interface not active
[ 683.635746][T14942] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 683.636554][T14942] batman_adv: batadv0: The MTU of interface
batadv_slave_1 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 683.639365][T14942] batman_adv: batadv0: Not using interface
batadv_slave_1 (retrying later): interface not active
[ 683.642514][ T85] Bluetooth: hci0: command tx timeout
[ 683.691138][T14942] hsr_slave_0: entered promiscuous mode
[ 683.692989][T14942] hsr_slave_1: entered promiscuous mode
[ 683.694372][T14942] debugfs: Directory 'hsr0' with parent 'hsr'
already present!
[ 683.695420][T14942] Cannot create hsr debugfs directory
[ 684.271349][T14942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 684.276016][T14942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 684.280518][T14942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 684.284741][T14942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 684.356209][T14942] 8021q: adding VLAN 0 to HW filter on device bond0
[ 684.370383][T14942] 8021q: adding VLAN 0 to HW filter on device team0
[ 684.377190][T11305] bridge0: port 1(bridge_slave_0) entered blocking state
[ 684.378168][T11305] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 684.385531][T11305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 684.386565][T11305] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 684.544722][T14942] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 684.581029][T14942] veth0_vlan: entered promiscuous mode
[ 684.585972][T14942] veth1_vlan: entered promiscuous mode
[ 684.604990][T14942] veth0_macvtap: entered promiscuous mode
[ 684.608466][T14942] veth1_macvtap: entered promiscuous mode
[ 684.616148][T14942] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 684.617444][T14942] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[ 684.619483][T14942] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 684.625191][T14942] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 684.626479][T14942] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[ 684.628458][T14942] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 684.632383][T14942] netdevsim netdevsim0 netdevsim0: set [1, 0] type
2 family 0 port 6081 - 0
[ 684.633521][T14942] netdevsim netdevsim0 netdevsim1: set [1, 0] type
2 family 0 port 6081 - 0
[ 684.634619][T14942] netdevsim netdevsim0 netdevsim2: set [1, 0] type
2 family 0 port 6081 - 0
[ 684.635713][T14942] netdevsim netdevsim0 netdevsim3: set [1, 0] type
2 family 0 port 6081 - 0
[ 684.669845][ T94] wlan0: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 684.671662][ T94] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 684.685104][T11451] wlan1: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 684.686146][T11451] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 684.759342][T15978] loop0: detected capacity change from 0 to 8192
[ 684.763131][T15978] REISERFS warning: read_super_block: reiserfs
filesystem is deprecated and scheduled to be removed from the kernel
in 2025
[ 684.764879][T15978] REISERFS (device loop0): found reiserfs format
"3.6" with non-standard journal
[ 684.766145][T15978] REISERFS (device loop0): using ordered data mode
[ 684.767026][T15978] reiserfs: using flush barriers
[ 684.768944][T15978] REISERFS (device loop0): journal params: device
loop0, size 512, journal first block 18, max trans len 256, max batch
225, max commit age 30, max trans age 30
[ 684.771427][T15978] REISERFS (device loop0): checking transaction log (loop0)
[ 684.815148][T15978] REISERFS (device loop0): Using tea hash to sort names
[ 684.817613][T15978] REISERFS panic (device loop0): vs-13065
update_stat_data: key [1 2 0x0 SD], found item *3.5*[1 2 0(0) DIR],
item_len 80, item_location 3972, free_space(entry_count) 3
[ 684.822115][T15978] ------------[ cut here ]------------
[ 684.823561][T15978] kernel BUG at fs/reiserfs/prints.c:390!
[ 684.825009][T15978] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 684.827201][T15978] CPU: 1 UID: 0 PID: 15978 Comm: syz.0.15 Not
tainted 6.11.0-rc6-00026-g88fac17500f4-dirty #1
[ 684.830348][T15978] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.15.0-1 04/01/2014
[684.833199][T15978] RIP: 0010:__reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[ 684.834855][T15978] Code: 54 ff 4d 89 e8 4c 89 f1 4c 89 e2 48 8d b3
68 06 00 00 49 c7 c1 60 7e 6b 94 48 c7 c7 00 0e 04 8b e8 b2 38 35 ff
e8 ed 4e 54 ff <0f> 0b 49 c7 c6 a0 0c 04 8b 4d 89 f4 eb c5 e8 da 4e 54
ff 4d 85 e4
All code
========
0: 54 push %rsp
1: ff 4d 89 decl -0x77(%rbp)
4: e8 4c 89 f1 4c call 0x4cf18955
9: 89 e2 mov %esp,%edx
b: 48 8d b3 68 06 00 00 lea 0x668(%rbx),%rsi
12: 49 c7 c1 60 7e 6b 94 mov $0xffffffff946b7e60,%r9
19: 48 c7 c7 00 0e 04 8b mov $0xffffffff8b040e00,%rdi
20: e8 b2 38 35 ff call 0xffffffffff3538d7
25: e8 ed 4e 54 ff call 0xffffffffff544f17
2a:* 0f 0b ud2 <-- trapping instruction
2c: 49 c7 c6 a0 0c 04 8b mov $0xffffffff8b040ca0,%r14
33: 4d 89 f4 mov %r14,%r12
36: eb c5 jmp 0xfffffffffffffffd
38: e8 da 4e 54 ff call 0xffffffffff544f17
3d: 4d 85 e4 test %r12,%r12

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 49 c7 c6 a0 0c 04 8b mov $0xffffffff8b040ca0,%r14
9: 4d 89 f4 mov %r14,%r12
c: eb c5 jmp 0xffffffffffffffd3
e: e8 da 4e 54 ff call 0xffffffffff544eed
13: 4d 85 e4 test %r12,%r12
[ 684.840498][T15978] RSP: 0018:ffffc9000c05f650 EFLAGS: 00010293
[ 684.842101][T15978] RAX: 0000000000000000 RBX: ffff88807daaa000 RCX:
ffffffff816af049
[ 684.844484][T15978] RDX: ffff88802f129cc0 RSI: ffffffff8235abd3 RDI:
0000000000000005
[ 684.846937][T15978] RBP: ffffc9000c05f720 R08: 0000000000000001 R09:
ffffed1047785179
[ 684.849278][T15978] R10: 0000000080000000 R11: 0000000000000001 R12:
ffffffff8b039ee0
[ 684.851698][T15978] R13: ffffffff8b03aba0 R14: ffffffff8b040c60 R15:
ffff888073e536a8
[ 684.854093][T15978] FS: 00007f8329000640(0000)
GS:ffff88823bc00000(0000) knlGS:0000000000000000
[ 684.856853][T15978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 684.858846][T15978] CR2: 00007f8328367a8c CR3: 000000005b9f4000 CR4:
00000000000006f0
[ 684.861297][T15978] Call Trace:
[ 684.862298][T15978] <TASK>
[684.863253][T15978] ? show_regs
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:479)
[684.864580][T15978] ? die
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:421
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:434
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:447)
[684.865738][T15978] ? do_trap
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/traps.c:114
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/traps.c:155)
[684.867020][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.868583][T15978] ? do_error_trap
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./arch/x86/include/asm/traps.h:58
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/traps.c:176)
[684.870074][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.871617][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.873167][T15978] ? handle_invalid_op
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/traps.c:214)
[684.874679][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.876222][T15978] ? exc_invalid_op
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/traps.c:267)
[684.877685][T15978] ? asm_exc_invalid_op
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./arch/x86/include/asm/idtentry.h:621)
[684.879259][T15978] ? __wake_up_klogd.part.0
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/printk/printk.c:4011)
[684.880688][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.881968][T15978] ? __reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[684.883218][T15978] ? __pfx___reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:377)
[684.884570][T15978] reiserfs_update_sd_size
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/reiserfs.h:1487
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/reiserfs.h:1484
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/reiserfs.h:1556
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/reiserfs.h:1577
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/inode.c:1417
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/inode.c:1491)
[684.885910][T15978] ? __pfx_reiserfs_update_sd_size
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/inode.c:1433)
[684.887352][T15978] ? reiserfs_mkdir
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/namei.c:870)
[684.888568][T15978] reiserfs_mkdir
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/namei.c:870)
[684.889691][T15978] ? __pfx_reiserfs_mkdir
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/namei.c:780)
[684.890953][T15978] ? __pfx_down_write
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/locking/rwsem.c:1577)
[684.891730][T15978] reiserfs_xattr_init
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/xattr.c:892
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/xattr.c:1007)
[684.892412][T15978] reiserfs_fill_super
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/super.c:2173
(discriminator 1))
[684.893099][T15978] ? __pfx_reiserfs_fill_super
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/super.c:1888)
[684.893814][T15978] ? snprintf
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/vsprintf.c:2954)
[684.894375][T15978] ? __pfx_snprintf
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/vsprintf.c:2954)
[684.895014][T15978] ? do_raw_spin_lock
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./arch/x86/include/asm/atomic.h:107
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./include/linux/atomic/atomic-arch-fallback.h:2170
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./include/linux/atomic/atomic-instrumented.h:1302
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./include/asm-generic/qspinlock.h:111
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/locking/spinlock_debug.c:116)
[684.895653][T15978] ? set_blocksize
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/block/bdev.c:175)
[684.896273][T15978] ? setup_bdev_super
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/super.c:1595)
[684.896935][T15978] mount_bdev
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/super.c:1680)
[684.897496][T15978] ? __pfx_reiserfs_fill_super
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/super.c:1888)
[684.898260][T15978] ? __pfx_mount_bdev
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/super.c:1657)
[684.898894][T15978] ? apparmor_capable
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/security/apparmor/lsm.c:208)
[684.899534][T15978] ? __pfx_get_super_block
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/super.c:2599)
[684.900220][T15978] legacy_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/fs_context.c:664)
[684.900852][T15978] vfs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/super.c:1801)
[684.901421][T15978] path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3473
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3799)
[684.901988][T15978] ? __pfx_path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3726)
[684.902624][T15978] ? putname
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namei.c:281)
[684.903152][T15978] ? putname
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namei.c:281)
[684.903703][T15978] __x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3813
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:4020
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3997
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3997)
[684.904368][T15978] ? __pfx___x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/namespace.c:3997)
[684.905035][T15978] do_syscall_64
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/common.c:52
/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/common.c:83)
[684.905630][T15978] entry_SYSCALL_64_after_hwframe
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/entry_64.S:130)
[ 684.906398][T15978] RIP: 0033:0x7f832819e49e
[ 684.906946][T15978] Code: 48 c7 c0 ff ff ff ff eb aa e8 5e 20 00 00
66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 49 89 ca b8 a5
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8
64 89 01 48
All code
========
0: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
7: eb aa jmp 0xffffffffffffffb3
9: e8 5e 20 00 00 call 0x206c
e: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
15: 00 00 00
18: 0f 1f 40 00 nopl 0x0(%rax)
1c: f3 0f 1e fa endbr64
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W

Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 684.909428][T15978] RSP: 002b:00007f8328fffda8 EFLAGS: 00000246
ORIG_RAX: 00000000000000a5
[ 684.910471][T15978] RAX: ffffffffffffffda RBX: 00000000000010f2 RCX:
00007f832819e49e
[ 684.911528][T15978] RDX: 0000000020001100 RSI: 0000000020001140 RDI:
00007f8328fffe00
[ 684.912521][T15978] RBP: 00007f8328fffe40 R08: 00007f8328fffe40 R09:
0000000000000000
[ 684.913548][T15978] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000020001100
[ 684.914583][T15978] R13: 0000000020001140 R14: 00007f8328fffe00 R15:
0000000020001180
[ 684.915585][T15978] </TASK>
[ 684.915988][T15978] Modules linked in:
[ 684.916687][T15978] ---[ end trace 0000000000000000 ]---
[684.917396][T15978] RIP: 0010:__reiserfs_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/reiserfs/prints.c:390)
[ 684.918146][T15978] Code: 54 ff 4d 89 e8 4c 89 f1 4c 89 e2 48 8d b3
68 06 00 00 49 c7 c1 60 7e 6b 94 48 c7 c7 00 0e 04 8b e8 b2 38 35 ff
e8 ed 4e 54 ff <0f> 0b 49 c7 c6 a0 0c 04 8b 4d 89 f4 eb c5 e8 da 4e 54
ff 4d 85 e4
All code
========
0: 54 push %rsp
1: ff 4d 89 decl -0x77(%rbp)
4: e8 4c 89 f1 4c call 0x4cf18955
9: 89 e2 mov %esp,%edx
b: 48 8d b3 68 06 00 00 lea 0x668(%rbx),%rsi
12: 49 c7 c1 60 7e 6b 94 mov $0xffffffff946b7e60,%r9
19: 48 c7 c7 00 0e 04 8b mov $0xffffffff8b040e00,%rdi
20: e8 b2 38 35 ff call 0xffffffffff3538d7
25: e8 ed 4e 54 ff call 0xffffffffff544f17
2a:* 0f 0b ud2 <-- trapping instruction
2c: 49 c7 c6 a0 0c 04 8b mov $0xffffffff8b040ca0,%r14
33: 4d 89 f4 mov %r14,%r12
36: eb c5 jmp 0xfffffffffffffffd
38: e8 da 4e 54 ff call 0xffffffffff544f17
3d: 4d 85 e4 test %r12,%r12

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 49 c7 c6 a0 0c 04 8b mov $0xffffffff8b040ca0,%r14
9: 4d 89 f4 mov %r14,%r12
c: eb c5 jmp 0xffffffffffffffd3
e: e8 da 4e 54 ff call 0xffffffffff544eed
13: 4d 85 e4 test %r12,%r12
[ 684.920604][T15978] RSP: 0018:ffffc9000c05f650 EFLAGS: 00010293
[ 684.921405][T15978] RAX: 0000000000000000 RBX: ffff88807daaa000 RCX:
ffffffff816af049
[ 684.922419][T15978] RDX: ffff88802f129cc0 RSI: ffffffff8235abd3 RDI:
0000000000000005
[ 684.923460][T15978] RBP: ffffc9000c05f720 R08: 0000000000000001 R09:
ffffed1047785179
[ 684.924446][T15978] R10: 0000000080000000 R11: 0000000000000001 R12:
ffffffff8b039ee0
[ 684.925462][T15978] R13: ffffffff8b03aba0 R14: ffffffff8b040c60 R15:
ffff888073e536a8
[ 684.926492][T15978] FS: 00007f8329000640(0000)
GS:ffff88823bc00000(0000) knlGS:0000000000000000
[ 684.927600][T15978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 684.928444][T15978] CR2: 00007f8328367a8c CR3: 000000005b9f4000 CR4:
00000000000006f0
[ 684.929474][T15978] Kernel panic - not syncing: Fatal exception
[ 684.930460][T15978] Kernel Offset: disabled
[  684.930979][T15978] Rebooting in 86400 seconds..

Powered by blists - more mailing lists