| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHOo4gLcS839f=PR6Rdv9fkeyQ42GzJ2Taw551f0AQ-M5y-obA@mail.gmail.com> Date: Mon, 17 Mar 2025 10:31:26 +0800 From: Hui Guo <guohui.study@...il.com> To: Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Cc: syzkaller-bugs@...glegroups.com Subject: general protection fault in afs_atcell_get_link Hi Kernel Maintainers, we found a crash "general protection fault in afs_atcell_get_link" (it is a KASAN and makes the kernel reboot) in upstream, we also have successfully reproduced it manually: HEAD Commit: a29967be967eebf049e89edb14c4edf9991bc929 (Date: Fri Mar 14 14:24:05 2025 -1000 Merge: 2bda981bd5dd 1a2b74d0a2a4) kernel config: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/a29967be967eebf049e89edb14c4edf9991bc929/.config console output: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.log repro report: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.report syz reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.prog c reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/a29967be967eebf049e89edb14c4edf9991bc929/6bb2f3cbecb24c76144c18fe87734ba971041b74/repro.cprog Please let me know if there is anything I can help with. Best, Hui Guo This is the crash log I got by reproducing the bug based on the above environment, I have piped this log through decode_stacktrace.sh to better understand the cause of the bug. ============================================================================================= 2025/03/17 01:55:23 parsed 1 programs [ 329.138947][T17312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 330.753074][ T5250] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 330.760434][ T5250] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 330.768752][ T5250] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 330.771350][ T5250] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 330.773010][ T5250] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 330.774270][ T5250] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 330.986164][ T60] audit: type=1401 audit(1742176531.496:12): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 331.096347][ T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.097349][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.136436][T17338] chnl_net:caif_netlink_parms(): no params data found [ 331.150094][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.151055][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.219305][T17338] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.220247][T17338] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.221156][T17338] bridge_slave_0: entered allmulticast mode [ 331.222353][T17338] bridge_slave_0: entered promiscuous mode [ 331.224187][T17338] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.225137][T17338] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.226071][T17338] bridge_slave_1: entered allmulticast mode [ 331.227178][T17338] bridge_slave_1: entered promiscuous mode [ 331.262149][T17338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.264609][T17338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.292430][T17338] team0: Port device team_slave_0 added [ 331.294312][T17338] team0: Port device team_slave_1 added [ 331.321785][T17338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 331.322627][T17338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented o. [ 331.325513][T17338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.327499][T17338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.328392][T17338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented o. [ 331.333148][T17338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.375374][T17338] hsr_slave_0: entered promiscuous mode [ 331.376698][T17338] hsr_slave_1: entered promiscuous mode [ 331.467995][T17338] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 331.470680][T17338] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 331.472541][T17338] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 331.474378][T17338] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 331.485409][T17338] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.486459][T17338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.487383][T17338] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.488178][T17338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.508905][T17338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.514256][T11423] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.516164][T11423] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.526344][T17338] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.531824][ T1159] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.533467][ T1159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.537485][T11423] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.539499][T11423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.660674][T17338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.684355][T17338] veth0_vlan: entered promiscuous mode [ 331.687412][T17338] veth1_vlan: entered promiscuous mode [ 331.697117][T17338] veth0_macvtap: entered promiscuous mode [ 331.700494][T17338] veth1_macvtap: entered promiscuous mode [ 331.706258][T17338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 331.712543][T17338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 331.715646][T17338] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.716833][T17338] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.718006][T17338] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.719262][T17338] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/03/17 01:55:32 executed programs: 0 [ 331.820640][ T5250] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 331.823015][ T5250] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 331.824751][ T5250] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 331.826775][ T5250] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 331.828183][ T5250] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 331.830272][ T5250] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 331.911544][T18718] chnl_net:caif_netlink_parms(): no params data found [ 331.956621][T18718] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.957730][T18718] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.958932][T18718] bridge_slave_0: entered allmulticast mode [ 331.960633][T18718] bridge_slave_0: entered promiscuous mode [ 331.963007][T18718] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.964012][T18718] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.965032][T18718] bridge_slave_1: entered allmulticast mode [ 331.966429][T18718] bridge_slave_1: entered promiscuous mode [ 332.000753][T18718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 332.003664][T18718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 332.032450][T18718] team0: Port device team_slave_0 added [ 332.034642][T18718] team0: Port device team_slave_1 added [ 332.053267][T18718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 332.054172][T18718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented o. [ 332.057325][T18718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 332.067562][T18718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 332.068369][T18718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented o. [ 332.072246][T18718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 332.104851][T18718] hsr_slave_0: entered promiscuous mode [ 332.106110][T18718] hsr_slave_1: entered promiscuous mode [ 332.107170][T18718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 332.108195][T18718] Cannot create hsr debugfs directory [ 332.643526][T18718] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 332.645730][T18718] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 332.647741][T18718] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 332.650607][T18718] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 332.677409][T18718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.692264][T18718] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.695569][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.696640][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.701166][ T131] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.702172][ T131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.804497][T18718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.823489][T18718] veth0_vlan: entered promiscuous mode [ 332.828148][T18718] veth1_vlan: entered promiscuous mode [ 332.843161][T18718] veth0_macvtap: entered promiscuous mode [ 332.845325][T18718] veth1_macvtap: entered promiscuous mode [ 332.851089][T18718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.852259][T18718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.853803][T18718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.856714][T18718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.857902][T18718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.860525][T18718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.863772][T18718] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.864788][T18718] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.865835][T18718] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.866943][T18718] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.868813][ T86] Bluetooth: hci0: command tx timeout [ 332.896246][ T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.897396][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.912170][ T131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.913304][ T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.962438][T18718] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 332.964350][T18718] KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7] [ 332.965503][T18718] CPU: 3 UID: 0 PID: 18718 Comm: syz-executor Not tainted 6.14.0-rc6 #1 [ 332.966645][T18718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [332.967893][T18718] RIP: 0010:afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321 (discriminator 11)) [ 332.968754][T18718] Code: 89 c3 89 c6 e8 43 2a 41 fe 85 db 75 64 e8 4a 2f 41 fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 030 All code ======== 0: 89 c3 mov %eax,%ebx 2: 89 c6 mov %eax,%esi 4: e8 43 2a 41 fe call 0xfffffffffe412a4c 9: 85 db test %ebx,%ebx b: 75 64 jne 0x71 d: e8 4a 2f 41 fe call 0xfffffffffe412f5c 12: 48 8d bd b0 02 00 00 lea 0x2b0(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 1f 01 00 00 jne 0x153 34: 4c 89 f6 mov %r14,%rsi 37: bf .byte 0xbf 38: 30 .byte 0x30 Code starting with the faulting instruction =========================================== 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 1f 01 00 00 jne 0x129 a: 4c 89 f6 mov %r14,%rsi d: bf .byte 0xbf e: 30 .byte 0x30 [ 332.971357][T18718] RSP: 0018:ffffc9000926f990 EFLAGS: 00010216 [ 332.972190][T18718] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8377085a [ 332.973263][T18718] RDX: 0000000000000056 RSI: ffffffff837707e6 RDI: 00000000000002b0 [ 332.974335][T18718] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff2083d82 [ 332.975412][T18718] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 332.976457][T18718] R13: ffff888035f97000 R14: 0000000000000003 R15: ffffffff837704c0 [ 332.977537][T18718] FS: 00005555785fb500(0000) GS:ffff88823be80000(0000) knlGS:0000000000000000 [ 332.978748][T18718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 332.979642][T18718] CR2: 00007fffacaeeea8 CR3: 000000003938c000 CR4: 00000000000006f0 [ 332.980713][T18718] Call Trace: [ 332.981171][T18718] <TASK> [332.981575][T18718] ? die_addr (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/dumpstack.c:421 /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/dumpstack.c:460) [332.982173][T18718] ? exc_general_protection (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/traps.c:748 /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/kernel/traps.c:693) [332.982965][T18718] ? asm_exc_general_protection (/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/idtentry.h:617) [332.983755][T18718] ? __pfx_afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:310) [332.984537][T18718] ? afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:319 (discriminator 3)) [332.985269][T18718] ? afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321 (discriminator 11)) [332.986008][T18718] ? afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321 (discriminator 11)) [332.986732][T18718] ? __pfx_afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:310) [332.987510][T18718] step_into (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1915 /data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1984) [332.988131][T18718] ? __pfx_step_into (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1949) [332.988789][T18718] ? lookup_fast (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:1763) [332.989436][T18718] path_openat (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3778 /data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3986) [332.990073][T18718] ? __pfx_path_openat (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:3971) [332.990750][T18718] ? __pfx___lock_acquire (/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5079) [332.991477][T18718] ? find_held_lock (/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5341) [332.992137][T18718] do_filp_open (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4017) [332.992747][T18718] ? __pfx_do_filp_open (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4010) [332.993418][T18718] ? alloc_fd (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/file.c:584) [332.994033][T18718] ? do_raw_spin_unlock (/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/atomic.h:23 /data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/atomic/atomic-arch-fallback.h:457 /data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/atomic/atomic-instrumented.h:33 /data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/qspinlock.h:57 /data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/spinlock_debug.c:101 /data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/spinlock_debug.c:141) [332.994760][T18718] ? alloc_fd (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/file.c:584) [332.995366][T18718] do_sys_openat2 (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1429) [332.996024][T18718] ? __pfx_do_sys_openat2 (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1414) [332.996740][T18718] ? __pfx_do_unlinkat (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:4554) [332.997436][T18718] __x64_sys_openat (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1454) [332.998116][T18718] ? __pfx___x64_sys_openat (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/open.c:1454) [332.998870][T18718] do_syscall_64 (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:52 /data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:83) [332.999513][T18718] entry_SYSCALL_64_after_hwframe (/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/entry_64.S:130) [ 333.000344][T18718] RIP: 0033:0x7f9f1db9af84 [ 333.000966][T18718] Code: 24 20 eb 8f 66 90 44 89 54 24 0c e8 e6 03 03 00 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c4 All code ======== 0: 24 20 and $0x20,%al 2: eb 8f jmp 0xffffffffffffff93 4: 66 90 xchg %ax,%ax 6: 44 89 54 24 0c mov %r10d,0xc(%rsp) b: e8 e6 03 03 00 call 0x303f6 10: 44 8b 54 24 0c mov 0xc(%rsp),%r10d 15: 44 89 e2 mov %r12d,%edx 18: 48 89 ee mov %rbp,%rsi 1b: 41 89 c0 mov %eax,%r8d 1e: bf 9c ff ff ff mov $0xffffff9c,%edi 23: b8 01 01 00 00 mov $0x101,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 34 ja 0x66 32: 44 89 c7 mov %r8d,%edi 35: 89 44 24 c4 mov %eax,-0x3c(%rsp) Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 34 ja 0x3c 8: 44 89 c7 mov %r8d,%edi b: 89 44 24 c4 mov %eax,-0x3c(%rsp) [ 333.003592][T18718] RSP: 002b:00007fffacaef610 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 333.004746][T18718] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9f1db9af84 [ 333.005833][T18718] RDX: 0000000000000000 RSI: 00007fffacaef740 RDI: 00000000ffffff9c [ 333.006910][T18718] RBP: 00007fffacaef740 R08: 0000000000000000 R09: 00007fffacaef510 [ 333.008016][T18718] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 333.009150][T18718] R13: 00007fffacaf0840 R14: 0000555578616640 R15: 00005555785fb4a8 [ 333.010242][T18718] </TASK> [ 333.010665][T18718] Modules linked in: [ 333.011499][T18718] ---[ end trace 0000000000000000 ]--- [333.012276][T18718] RIP: 0010:afs_atcell_get_link (/data/ghui/docker_data/linux_kernel/upstream/linux/fs/afs/dynroot.c:321 (discriminator 11)) [ 333.013191][T18718] Code: 89 c3 89 c6 e8 43 2a 41 fe 85 db 75 64 e8 4a 2f 41 fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 030 All code ======== 0: 89 c3 mov %eax,%ebx 2: 89 c6 mov %eax,%esi 4: e8 43 2a 41 fe call 0xfffffffffe412a4c 9: 85 db test %ebx,%ebx b: 75 64 jne 0x71 d: e8 4a 2f 41 fe call 0xfffffffffe412f5c 12: 48 8d bd b0 02 00 00 lea 0x2b0(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 1f 01 00 00 jne 0x153 34: 4c 89 f6 mov %r14,%rsi 37: bf .byte 0xbf 38: 30 .byte 0x30 Code starting with the faulting instruction =========================================== 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 1f 01 00 00 jne 0x129 a: 4c 89 f6 mov %r14,%rsi d: bf .byte 0xbf e: 30 .byte 0x30 [ 333.016218][T18718] RSP: 0018:ffffc9000926f990 EFLAGS: 00010216 [ 333.017197][T18718] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8377085a [ 333.019628][T18718] RDX: 0000000000000056 RSI: ffffffff837707e6 RDI: 00000000000002b0 [ 333.022262][T18718] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff2083d82 [ 333.023397][T18718] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 333.024568][T18718] R13: ffff888035f97000 R14: 0000000000000003 R15: ffffffff837704c0 [ 333.025981][T18718] FS: 00005555785fb500(0000) GS:ffff8880b8780000(0000) knlGS:0000000000000000 [ 333.027206][T18718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 333.028127][T18718] CR2: 00007f4cf9766050 CR3: 000000003938c000 CR4: 00000000000006f0 [ 333.029388][T18718] Kernel panic - not syncing: Fatal exception [ 333.030620][T18718] Kernel Offset: disabled [ 333.031229][T18718] Rebooting in 86400 seconds..
Powered by blists - more mailing lists