lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <yia64ip2fux45qezdg4lsrsrczt5fcxuzxd7sr2or47qpnrvir@4ow5vl4zubda>
Date: Mon, 17 Mar 2025 17:54:55 +0100
From: Jan Kara <jack@...e.cz>
To: Hui Guo <guohui.study@...il.com>
Cc: Alexander Viro <viro@...iv.linux.org.uk>, 
	Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org, 
	linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, linux-afs@...ts.infradead.org, 
	David Howells <dhowells@...hat.com>, Marc Dionne <marc.dionne@...istor.com>
Subject: Re: general protection fault in afs_atcell_get_link

Hello!

On Mon 17-03-25 10:31:26, Hui Guo wrote:
> Hi Kernel Maintainers,
> we found a crash "general protection fault in afs_atcell_get_link" (it
> is a KASAN and makes the kernel reboot) in upstream, we also have
> successfully reproduced it manually:

Thanks for your report. Couple of remarks here though:

1) Since this looks like a problem in AFS, you have the best chance for
addressing this by writing to AFS maintainers and appropriate mailing list
(added to CC).

2) Lately a lot of various syzkaller clones are run by various people.
Usually they lack a lot of convenience that Google folks added to their
syzbot instance. Hence triaging bugs from these clones is unnecessarily
harder than it has to be and since we are swamped by fuzzer generated
reports anyway, those easier to deal with naturally get preference (some
people outright refuse to deal with bugs reported by other instances). So
if you do your research in fuzzing, I'd suggest working with Google folks
to merge those improvements into syzkaller upstream so everyone can
benefit.

								Honza

> HEAD Commit: a29967be967eebf049e89edb14c4edf9991bc929 (Date: Fri Mar
> 14 14:24:05 2025 -1000 Merge: 2bda981bd5dd 1a2b74d0a2a4)
> kernel config: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/a29967be967eebf049e89edb14c4edf9991bc929/.config
> 
> console output:
> https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.log
> repro report: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.report
> syz reproducer:
> https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.prog
> c reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.cprog
> 
> Please let me know if there is anything I can help with.
> Best,
> Hui Guo
> 
> 
> This is the crash log I got by reproducing the bug based on the above
> environment,
> I have piped this log through decode_stacktrace.sh to better
> understand the cause of the bug.
> =============================================================================================
> 2025/03/17 01:55:23 parsed 1 programs
> [ 329.138947][T17312] Adding 124996k swap on ./swap-file. Priority:0
> extents:1 across:124996k
> [ 330.753074][ T5250] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
> [ 330.760434][ T5250] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
> [ 330.768752][ T5250] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
> [ 330.771350][ T5250] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
> [ 330.773010][ T5250] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
> [ 330.774270][ T5250] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
> [ 330.986164][ T60] audit: type=1401 audit(1742176531.496:12):
> op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
> [ 331.096347][ T131] wlan0: Created IBSS using preconfigured BSSID
> 50:50:50:50:50:50
> [ 331.097349][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 331.136436][T17338] chnl_net:caif_netlink_parms(): no params data found
> [ 331.150094][ T1159] wlan1: Created IBSS using preconfigured BSSID
> 50:50:50:50:50:50
> [ 331.151055][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 331.219305][T17338] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 331.220247][T17338] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 331.221156][T17338] bridge_slave_0: entered allmulticast mode
> [ 331.222353][T17338] bridge_slave_0: entered promiscuous mode
> [ 331.224187][T17338] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 331.225137][T17338] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 331.226071][T17338] bridge_slave_1: entered allmulticast mode
> [ 331.227178][T17338] bridge_slave_1: entered promiscuous mode
> [ 331.262149][T17338] bond0: (slave bond_slave_0): Enslaving as an
> active interface with an up link
> [ 331.264609][T17338] bond0: (slave bond_slave_1): Enslaving as an
> active interface with an up link
> [ 331.292430][T17338] team0: Port device team_slave_0 added
> [ 331.294312][T17338] team0: Port device team_slave_1 added
> [ 331.321785][T17338] batman_adv: batadv0: Adding interface: batadv_slave_0
> [ 331.322627][T17338] batman_adv: batadv0: The MTU of interface
> batadv_slave_0 is too small (1500) to handle the transport of
> batman-adv packets. Packets going over this interface will be
> fragmented o.
> [ 331.325513][T17338] batman_adv: batadv0: Not using interface
> batadv_slave_0 (retrying later): interface not active
> [ 331.327499][T17338] batman_adv: batadv0: Adding interface: batadv_slave_1
> [ 331.328392][T17338] batman_adv: batadv0: The MTU of interface
> batadv_slave_1 is too small (1500) to handle the transport of
> batman-adv packets. Packets going over this interface will be
> fragmented o.
> [ 331.333148][T17338] batman_adv: batadv0: Not using interface
> batadv_slave_1 (retrying later): interface not active
> [ 331.375374][T17338] hsr_slave_0: entered promiscuous mode
> [ 331.376698][T17338] hsr_slave_1: entered promiscuous mode
> [ 331.467995][T17338] netdevsim netdevsim1 netdevsim0: renamed from eth0
> [ 331.470680][T17338] netdevsim netdevsim1 netdevsim1: renamed from eth1
> [ 331.472541][T17338] netdevsim netdevsim1 netdevsim2: renamed from eth2
> [ 331.474378][T17338] netdevsim netdevsim1 netdevsim3: renamed from eth3
> [ 331.485409][T17338] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 331.486459][T17338] bridge0: port 2(bridge_slave_1) entered forwarding state
> [ 331.487383][T17338] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 331.488178][T17338] bridge0: port 1(bridge_slave_0) entered forwarding state
> [ 331.508905][T17338] 8021q: adding VLAN 0 to HW filter on device bond0
> [ 331.514256][T11423] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 331.516164][T11423] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 331.526344][T17338] 8021q: adding VLAN 0 to HW filter on device team0
> [ 331.531824][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 331.533467][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state
> [ 331.537485][T11423] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 331.539499][T11423] bridge0: port 2(bridge_slave_1) entered forwarding state
> [ 331.660674][T17338] 8021q: adding VLAN 0 to HW filter on device batadv0
> [ 331.684355][T17338] veth0_vlan: entered promiscuous mode
> [ 331.687412][T17338] veth1_vlan: entered promiscuous mode
> [ 331.697117][T17338] veth0_macvtap: entered promiscuous mode
> [ 331.700494][T17338] veth1_macvtap: entered promiscuous mode
> [ 331.706258][T17338] batman_adv: batadv0: Interface activated: batadv_slave_0
> [ 331.712543][T17338] batman_adv: batadv0: Interface activated: batadv_slave_1
> [ 331.715646][T17338] netdevsim netdevsim1 netdevsim0: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 331.716833][T17338] netdevsim netdevsim1 netdevsim1: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 331.718006][T17338] netdevsim netdevsim1 netdevsim2: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 331.719262][T17338] netdevsim netdevsim1 netdevsim3: set [1, 0] type
> 2 family 0 port 6081 - 0
> 2025/03/17 01:55:32 executed programs: 0
> [ 331.820640][ T5250] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
> [ 331.823015][ T5250] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
> [ 331.824751][ T5250] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
> [ 331.826775][ T5250] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
> [ 331.828183][ T5250] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
> [ 331.830272][ T5250] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
> [ 331.911544][T18718] chnl_net:caif_netlink_parms(): no params data found
> [ 331.956621][T18718] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 331.957730][T18718] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 331.958932][T18718] bridge_slave_0: entered allmulticast mode
> [ 331.960633][T18718] bridge_slave_0: entered promiscuous mode
> [ 331.963007][T18718] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 331.964012][T18718] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 331.965032][T18718] bridge_slave_1: entered allmulticast mode
> [ 331.966429][T18718] bridge_slave_1: entered promiscuous mode
> [ 332.000753][T18718] bond0: (slave bond_slave_0): Enslaving as an
> active interface with an up link
> [ 332.003664][T18718] bond0: (slave bond_slave_1): Enslaving as an
> active interface with an up link
> [ 332.032450][T18718] team0: Port device team_slave_0 added
> [ 332.034642][T18718] team0: Port device team_slave_1 added
> [ 332.053267][T18718] batman_adv: batadv0: Adding interface: batadv_slave_0
> [ 332.054172][T18718] batman_adv: batadv0: The MTU of interface
> batadv_slave_0 is too small (1500) to handle the transport of
> batman-adv packets. Packets going over this interface will be
> fragmented o.
> [ 332.057325][T18718] batman_adv: batadv0: Not using interface
> batadv_slave_0 (retrying later): interface not active
> [ 332.067562][T18718] batman_adv: batadv0: Adding interface: batadv_slave_1
> [ 332.068369][T18718] batman_adv: batadv0: The MTU of interface
> batadv_slave_1 is too small (1500) to handle the transport of
> batman-adv packets. Packets going over this interface will be
> fragmented o.
> [ 332.072246][T18718] batman_adv: batadv0: Not using interface
> batadv_slave_1 (retrying later): interface not active
> [ 332.104851][T18718] hsr_slave_0: entered promiscuous mode
> [ 332.106110][T18718] hsr_slave_1: entered promiscuous mode
> [ 332.107170][T18718] debugfs: Directory 'hsr0' with parent 'hsr'
> already present!
> [ 332.108195][T18718] Cannot create hsr debugfs directory
> [ 332.643526][T18718] netdevsim netdevsim0 netdevsim0: renamed from eth0
> [ 332.645730][T18718] netdevsim netdevsim0 netdevsim1: renamed from eth1
> [ 332.647741][T18718] netdevsim netdevsim0 netdevsim2: renamed from eth2
> [ 332.650607][T18718] netdevsim netdevsim0 netdevsim3: renamed from eth3
> [ 332.677409][T18718] 8021q: adding VLAN 0 to HW filter on device bond0
> [ 332.692264][T18718] 8021q: adding VLAN 0 to HW filter on device team0
> [ 332.695569][ T131] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 332.696640][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state
> [ 332.701166][ T131] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 332.702172][ T131] bridge0: port 2(bridge_slave_1) entered forwarding state
> [ 332.804497][T18718] 8021q: adding VLAN 0 to HW filter on device batadv0
> [ 332.823489][T18718] veth0_vlan: entered promiscuous mode
> [ 332.828148][T18718] veth1_vlan: entered promiscuous mode
> [ 332.843161][T18718] veth0_macvtap: entered promiscuous mode
> [ 332.845325][T18718] veth1_macvtap: entered promiscuous mode
> [ 332.851089][T18718] batman_adv: The newly added mac address
> (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
> [ 332.852259][T18718] batman_adv: It is strongly recommended to keep
> mac addresses unique to avoid problems!
> [ 332.853803][T18718] batman_adv: batadv0: Interface activated: batadv_slave_0
> [ 332.856714][T18718] batman_adv: The newly added mac address
> (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
> [ 332.857902][T18718] batman_adv: It is strongly recommended to keep
> mac addresses unique to avoid problems!
> [ 332.860525][T18718] batman_adv: batadv0: Interface activated: batadv_slave_1
> [ 332.863772][T18718] netdevsim netdevsim0 netdevsim0: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 332.864788][T18718] netdevsim netdevsim0 netdevsim1: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 332.865835][T18718] netdevsim netdevsim0 netdevsim2: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 332.866943][T18718] netdevsim netdevsim0 netdevsim3: set [1, 0] type
> 2 family 0 port 6081 - 0
> [ 332.868813][ T86] Bluetooth: hci0: command tx timeout
> [ 332.896246][ T131] wlan0: Created IBSS using preconfigured BSSID
> 50:50:50:50:50:50
> [ 332.897396][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 332.912170][ T131] wlan1: Created IBSS using preconfigured BSSID
> 50:50:50:50:50:50
> [ 332.913304][ T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 332.962438][T18718] Oops: general protection fault, probably for
> non-canonical address 0xdffffc0000000056: 0000 [#1] PREEMPT SMP KASAN
> NOPTI
> [ 332.964350][T18718] KASAN: null-ptr-deref in range
> [0x00000000000002b0-0x00000000000002b7]
> [ 332.965503][T18718] CPU: 3 UID: 0 PID: 18718 Comm: syz-executor Not
> tainted 6.14.0-rc6 #1
> [ 332.966645][T18718] Hardware name: QEMU Standard PC (i440FX + PIIX,
> 1996), BIOS 1.15.0-1 04/01/2014
> [332.967893][T18718] RIP: 0010:afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321
> (discriminator 11))
> [ 332.968754][T18718] Code: 89 c3 89 c6 e8 43 2a 41 fe 85 db 75 64 e8
> 4a 2f 41 fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89
> fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 030
> All code
> ========
> 0: 89 c3 mov %eax,%ebx
> 2: 89 c6 mov %eax,%esi
> 4: e8 43 2a 41 fe call 0xfffffffffe412a4c
> 9: 85 db test %ebx,%ebx
> b: 75 64 jne 0x71
> d: e8 4a 2f 41 fe call 0xfffffffffe412f5c
> 12: 48 8d bd b0 02 00 00 lea 0x2b0(%rbp),%rdi
> 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
> 20: fc ff df
> 23: 48 89 fa mov %rdi,%rdx
> 26: 48 c1 ea 03 shr $0x3,%rdx
> 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
> 2e: 0f 85 1f 01 00 00 jne 0x153
> 34: 4c 89 f6 mov %r14,%rsi
> 37: bf .byte 0xbf
> 38: 30 .byte 0x30
> 
> Code starting with the faulting instruction
> ===========================================
> 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
> 4: 0f 85 1f 01 00 00 jne 0x129
> a: 4c 89 f6 mov %r14,%rsi
> d: bf .byte 0xbf
> e: 30 .byte 0x30
> [ 332.971357][T18718] RSP: 0018:ffffc9000926f990 EFLAGS: 00010216
> [ 332.972190][T18718] RAX: dffffc0000000000 RBX: 0000000000000001 RCX:
> ffffffff8377085a
> [ 332.973263][T18718] RDX: 0000000000000056 RSI: ffffffff837707e6 RDI:
> 00000000000002b0
> [ 332.974335][T18718] RBP: 0000000000000000 R08: 0000000000000001 R09:
> fffffbfff2083d82
> [ 332.975412][T18718] R10: 0000000000000001 R11: 0000000000000000 R12:
> 0000000000000000
> [ 332.976457][T18718] R13: ffff888035f97000 R14: 0000000000000003 R15:
> ffffffff837704c0
> [ 332.977537][T18718] FS: 00005555785fb500(0000)
> GS:ffff88823be80000(0000) knlGS:0000000000000000
> [ 332.978748][T18718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 332.979642][T18718] CR2: 00007fffacaeeea8 CR3: 000000003938c000 CR4:
> 00000000000006f0
> [ 332.980713][T18718] Call Trace:
> [ 332.981171][T18718] <TASK>
> [332.981575][T18718] ? die_addr
> (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/dumpstack.c:421
> /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/dumpstack.c:460)
> [332.982173][T18718] ? exc_general_protection
> (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/traps.c:748
> /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/traps.c:693)
> [332.982965][T18718] ? asm_exc_general_protection
> (/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/idtentry.h:617)
> [332.983755][T18718] ? __pfx_afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:310)
> [332.984537][T18718] ? afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:319
> (discriminator 3))
> [332.985269][T18718] ? afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321
> (discriminator 11))
> [332.986008][T18718] ? afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321
> (discriminator 11))
> [332.986732][T18718] ? __pfx_afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:310)
> [332.987510][T18718] step_into
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1915
> /data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1984)
> [332.988131][T18718] ? __pfx_step_into
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1949)
> [332.988789][T18718] ? lookup_fast
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1763)
> [332.989436][T18718] path_openat
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3778
> /data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3986)
> [332.990073][T18718] ? __pfx_path_openat
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3971)
> [332.990750][T18718] ? __pfx___lock_acquire
> (/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5079)
> [332.991477][T18718] ? find_held_lock
> (/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5341)
> [332.992137][T18718] do_filp_open
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4017)
> [332.992747][T18718] ? __pfx_do_filp_open
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4010)
> [332.993418][T18718] ? alloc_fd
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/file.c:584)
> [332.994033][T18718] ? do_raw_spin_unlock
> (/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/atomic.h:23
> /data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/atomic/atomic-arch-fallback.h:457
> /data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/atomic/atomic-instrumented.h:33
> /data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/qspinlock.h:57
> /data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/spinlock_debug.c:101
> /data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/spinlock_debug.c:141)
> [332.994760][T18718] ? alloc_fd
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/file.c:584)
> [332.995366][T18718] do_sys_openat2
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1429)
> [332.996024][T18718] ? __pfx_do_sys_openat2
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1414)
> [332.996740][T18718] ? __pfx_do_unlinkat
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4554)
> [332.997436][T18718] __x64_sys_openat
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1454)
> [332.998116][T18718] ? __pfx___x64_sys_openat
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1454)
> [332.998870][T18718] do_syscall_64
> (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:52
> /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:83)
> [332.999513][T18718] entry_SYSCALL_64_after_hwframe
> (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/entry_64.S:130)
> [ 333.000344][T18718] RIP: 0033:0x7f9f1db9af84
> [ 333.000966][T18718] Code: 24 20 eb 8f 66 90 44 89 54 24 0c e8 e6 03
> 03 00 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01
> 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c4
> All code
> ========
> 0: 24 20 and $0x20,%al
> 2: eb 8f jmp 0xffffffffffffff93
> 4: 66 90 xchg %ax,%ax
> 6: 44 89 54 24 0c mov %r10d,0xc(%rsp)
> b: e8 e6 03 03 00 call 0x303f6
> 10: 44 8b 54 24 0c mov 0xc(%rsp),%r10d
> 15: 44 89 e2 mov %r12d,%edx
> 18: 48 89 ee mov %rbp,%rsi
> 1b: 41 89 c0 mov %eax,%r8d
> 1e: bf 9c ff ff ff mov $0xffffff9c,%edi
> 23: b8 01 01 00 00 mov $0x101,%eax
> 28: 0f 05 syscall
> 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
> 30: 77 34 ja 0x66
> 32: 44 89 c7 mov %r8d,%edi
> 35: 89 44 24 c4 mov %eax,-0x3c(%rsp)
> 
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
> 6: 77 34 ja 0x3c
> 8: 44 89 c7 mov %r8d,%edi
> b: 89 44 24 c4 mov %eax,-0x3c(%rsp)
> [ 333.003592][T18718] RSP: 002b:00007fffacaef610 EFLAGS: 00000293
> ORIG_RAX: 0000000000000101
> [ 333.004746][T18718] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
> 00007f9f1db9af84
> [ 333.005833][T18718] RDX: 0000000000000000 RSI: 00007fffacaef740 RDI:
> 00000000ffffff9c
> [ 333.006910][T18718] RBP: 00007fffacaef740 R08: 0000000000000000 R09:
> 00007fffacaef510
> [ 333.008016][T18718] R10: 0000000000000000 R11: 0000000000000293 R12:
> 0000000000000000
> [ 333.009150][T18718] R13: 00007fffacaf0840 R14: 0000555578616640 R15:
> 00005555785fb4a8
> [ 333.010242][T18718] </TASK>
> [ 333.010665][T18718] Modules linked in:
> [ 333.011499][T18718] ---[ end trace 0000000000000000 ]---
> [333.012276][T18718] RIP: 0010:afs_atcell_get_link
> (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321
> (discriminator 11))
> [ 333.013191][T18718] Code: 89 c3 89 c6 e8 43 2a 41 fe 85 db 75 64 e8
> 4a 2f 41 fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89
> fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 030
> All code
> ========
> 0: 89 c3 mov %eax,%ebx
> 2: 89 c6 mov %eax,%esi
> 4: e8 43 2a 41 fe call 0xfffffffffe412a4c
> 9: 85 db test %ebx,%ebx
> b: 75 64 jne 0x71
> d: e8 4a 2f 41 fe call 0xfffffffffe412f5c
> 12: 48 8d bd b0 02 00 00 lea 0x2b0(%rbp),%rdi
> 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
> 20: fc ff df
> 23: 48 89 fa mov %rdi,%rdx
> 26: 48 c1 ea 03 shr $0x3,%rdx
> 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
> 2e: 0f 85 1f 01 00 00 jne 0x153
> 34: 4c 89 f6 mov %r14,%rsi
> 37: bf .byte 0xbf
> 38: 30 .byte 0x30
> 
> Code starting with the faulting instruction
> ===========================================
> 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
> 4: 0f 85 1f 01 00 00 jne 0x129
> a: 4c 89 f6 mov %r14,%rsi
> d: bf .byte 0xbf
> e: 30 .byte 0x30
> [ 333.016218][T18718] RSP: 0018:ffffc9000926f990 EFLAGS: 00010216
> [ 333.017197][T18718] RAX: dffffc0000000000 RBX: 0000000000000001 RCX:
> ffffffff8377085a
> [ 333.019628][T18718] RDX: 0000000000000056 RSI: ffffffff837707e6 RDI:
> 00000000000002b0
> [ 333.022262][T18718] RBP: 0000000000000000 R08: 0000000000000001 R09:
> fffffbfff2083d82
> [ 333.023397][T18718] R10: 0000000000000001 R11: 0000000000000000 R12:
> 0000000000000000
> [ 333.024568][T18718] R13: ffff888035f97000 R14: 0000000000000003 R15:
> ffffffff837704c0
> [ 333.025981][T18718] FS: 00005555785fb500(0000)
> GS:ffff8880b8780000(0000) knlGS:0000000000000000
> [ 333.027206][T18718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 333.028127][T18718] CR2: 00007f4cf9766050 CR3: 000000003938c000 CR4:
> 00000000000006f0
> [ 333.029388][T18718] Kernel panic - not syncing: Fatal exception
> [ 333.030620][T18718] Kernel Offset: disabled
> [ 333.031229][T18718] Rebooting in 86400 seconds..
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ