| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHOo4gLWAbArwg+w+AqqkxGmOFX6cm8Tvy85tb4igN6V7Z9BZQ@mail.gmail.com>
Date: Mon, 24 Mar 2025 20:05:29 +0800
From: Hui Guo <guohui.study@...il.com>
To: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: syzkaller-bugs@...glegroups.com
Subject: KASAN: use-after-free Read in poly1305_update_arch
Hi Kernel Maintainers,
we found a crash "KASAN: use-after-free Read in poly1305_update_arch"
(it is a KASAN and makes the kernel reboot) in upstream, we also have
successfully reproduced it manually:
HEAD Commit: 586de92313fcab8ed84ac5f78f4d2aae2db92c59
kernel config: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/a29967be967eebf049e89edb14c4edf9991bc929/.config
console output:
https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/586de92313fcab8ed84ac5f78f4d2aae2db92c59/f3745555675b1b16c0ddf549fbd72fb975100195/repro.log
repro report: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/586de92313fcab8ed84ac5f78f4d2aae2db92c59/f3745555675b1b16c0ddf549fbd72fb975100195/repro.report
syz reproducer:
https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/586de92313fcab8ed84ac5f78f4d2aae2db92c59/f3745555675b1b16c0ddf549fbd72fb975100195/repro.prog
c reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/refs/heads/main/586de92313fcab8ed84ac5f78f4d2aae2db92c59/f3745555675b1b16c0ddf549fbd72fb975100195/repro.cprog
Please let me know if there is anything I can help with.
Best,
Hui Guo
This is the crash log I got by reproducing the bug based on the above
environment,
I have piped this log through decode_stacktrace.sh to better
understand the cause of the bug.
=============================================================================================
2025/03/24 11:50:17 parsed 1 programs
[ 84.317117][ T9599] Adding 124996k swap on ./swap-file. Priority:0
extents:1 across:124996k
[ 85.846374][ T60] audit: type=1400 audit(1742817027.690:8): avc:
denied { execmem } for pid=9615 comm="syz-executor"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process permissive=1
[ 85.970995][ T9653] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.974096][ T9653] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.980118][ T9653] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.997135][ T9653] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.998658][ T9653] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.000139][ T9653] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.273149][ T60] audit: type=1401 audit(1742817028.110:9):
op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 86.464134][ T1151] wlan0: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 86.465682][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.504503][ T96] wlan1: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 86.505750][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.526978][ T9637] chnl_net:caif_netlink_parms(): no params data found
[ 86.589108][ T9637] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.590934][ T9637] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.591956][ T9637] bridge_slave_0: entered allmulticast mode
[ 86.593729][ T9637] bridge_slave_0: entered promiscuous mode
[ 86.596288][ T9637] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.597273][ T9637] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.598304][ T9637] bridge_slave_1: entered allmulticast mode
[ 86.599650][ T9637] bridge_slave_1: entered promiscuous mode
[ 86.625741][ T9637] bond0: (slave bond_slave_0): Enslaving as an
active interface with an up link
[ 86.628209][ T9637] bond0: (slave bond_slave_1): Enslaving as an
active interface with an up link
[ 86.655584][ T9637] team0: Port device team_slave_0 added
[ 86.657634][ T9637] team0: Port device team_slave_1 added
[ 86.688129][ T9637] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.688984][ T9637] batman_adv: batadv0: The MTU of interface
batadv_slave_0 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 86.691855][ T9637] batman_adv: batadv0: Not using interface
batadv_slave_0 (retrying later): interface not active
[ 86.696337][ T9637] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.697241][ T9637] batman_adv: batadv0: The MTU of interface
batadv_slave_1 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 86.700500][ T9637] batman_adv: batadv0: Not using interface
batadv_slave_1 (retrying later): interface not active
[ 86.739582][ T9637] hsr_slave_0: entered promiscuous mode
[ 86.740760][ T9637] hsr_slave_1: entered promiscuous mode
[ 86.870829][ T9637] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 86.875475][ T9637] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 86.878531][ T9637] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 86.881574][ T9637] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 86.897919][ T9637] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.898935][ T9637] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.900314][ T9637] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.901516][ T9637] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.936584][ T9637] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.950832][ T96] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.955164][ T96] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.966527][ T9637] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.972683][ T3579] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.973793][ T3579] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.978878][ T96] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.979967][ T96] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.008199][ T9637] hsr0: Slave B (hsr_slave_1) is not up; please
bring it up to get a fully working HSR network
[ 87.108957][ T9637] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.256320][ T9637] veth0_vlan: entered promiscuous mode
[ 87.260969][ T9637] veth1_vlan: entered promiscuous mode
[ 87.277472][ T9637] veth0_macvtap: entered promiscuous mode
[ 87.280374][ T9637] veth1_macvtap: entered promiscuous mode
[ 87.290443][ T9637] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.295969][ T9637] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.299447][ T9637] netdevsim netdevsim7 netdevsim0: set [1, 0] type
2 family 0 port 6081 - 0
[ 87.300756][ T9637] netdevsim netdevsim7 netdevsim1: set [1, 0] type
2 family 0 port 6081 - 0
[ 87.301968][ T9637] netdevsim netdevsim7 netdevsim2: set [1, 0] type
2 family 0 port 6081 - 0
[ 87.304774][ T9637] netdevsim netdevsim7 netdevsim3: set [1, 0] type
2 family 0 port 6081 - 0
2025/03/24 11:50:29 executed programs: 0
[ 87.415821][ T85] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 87.418787][ T85] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 87.420546][ T85] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 87.422241][ T85] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 87.424108][ T85] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 87.425385][ T85] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 87.509901][T11019] chnl_net:caif_netlink_parms(): no params data found
[ 87.563201][T11019] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.564637][T11019] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.565479][T11019] bridge_slave_0: entered allmulticast mode
[ 87.566585][T11019] bridge_slave_0: entered promiscuous mode
[ 87.568503][T11019] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.569538][T11019] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.570614][T11019] bridge_slave_1: entered allmulticast mode
[ 87.571860][T11019] bridge_slave_1: entered promiscuous mode
[ 87.602767][T11019] bond0: (slave bond_slave_0): Enslaving as an
active interface with an up link
[ 87.608519][T11019] bond0: (slave bond_slave_1): Enslaving as an
active interface with an up link
[ 87.634579][T11019] team0: Port device team_slave_0 added
[ 87.636573][T11019] team0: Port device team_slave_1 added
[ 87.660148][T11019] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.661048][T11019] batman_adv: batadv0: The MTU of interface
batadv_slave_0 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 87.665631][T11019] batman_adv: batadv0: Not using interface
batadv_slave_0 (retrying later): interface not active
[ 87.667657][T11019] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.668523][T11019] batman_adv: batadv0: The MTU of interface
batadv_slave_1 is too small (1500) to handle the transport of
batman-adv packets. Packets going over this interface will be
fragmented on layer2 which could impact the performance. Setting the
MTU to 1560 would solve the problem.
[ 87.671697][T11019] batman_adv: batadv0: Not using interface
batadv_slave_1 (retrying later): interface not active
[ 87.717200][T11019] hsr_slave_0: entered promiscuous mode
[ 87.718492][T11019] hsr_slave_1: entered promiscuous mode
[ 87.719592][T11019] debugfs: Directory 'hsr0' with parent 'hsr'
already present!
[ 87.720959][T11019] Cannot create hsr debugfs directory
[ 87.827241][T11019] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.829744][T11019] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.832224][T11019] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.835215][T11019] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.847029][T11019] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.847885][T11019] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.848778][T11019] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.849602][T11019] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.872807][T11019] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.880118][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.883677][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.895124][T11019] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.900930][ T97] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.902120][ T97] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.908002][T11294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.909741][T11294] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.032278][T11019] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.034050][ T85] Bluetooth: hci0: command tx timeout
[ 88.055135][T11019] veth0_vlan: entered promiscuous mode
[ 88.059506][T11019] veth1_vlan: entered promiscuous mode
[ 88.074272][T11019] veth0_macvtap: entered promiscuous mode
[ 88.077239][T11019] veth1_macvtap: entered promiscuous mode
[ 88.085062][T11019] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 88.086633][T11019] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[ 88.088956][T11019] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.094524][T11019] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 88.095959][T11019] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[ 88.098273][T11019] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.101977][T11019] netdevsim netdevsim0 netdevsim0: set [1, 0] type
2 family 0 port 6081 - 0
[ 88.104171][T11019] netdevsim netdevsim0 netdevsim1: set [1, 0] type
2 family 0 port 6081 - 0
[ 88.105401][T11019] netdevsim netdevsim0 netdevsim2: set [1, 0] type
2 family 0 port 6081 - 0
[ 88.106599][T11019] netdevsim netdevsim0 netdevsim3: set [1, 0] type
2 family 0 port 6081 - 0
[ 88.140817][ T13] wlan0: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 88.142392][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.155795][ T96] wlan1: Created IBSS using preconfigured BSSID
50:50:50:50:50:50
[ 88.156973][ T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.314757][T12039] loop0: detected capacity change from 0 to 32768
[ 88.346885][T12039] bcachefs (loop0): starting version 1.7:
mi_btree_bitmap
opts=metadata_checksum=none,data_checksum=xxhash,nojournal_transaction_names
[ 88.348824][T12039] bcachefs (loop0): recovering from clean shutdown,
journal seq 10
[ 88.349815][T12039] bcachefs (loop0): Doing compatible version
upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size
[ 88.349815][T12039] running recovery passes:
check_allocations,check_extents_to_backpointers,check_inodes
[ 88.360566][T12039] bcachefs (loop0): error validating btree node on
loop0 at btree alloc level 0/0
[ 88.360581][T12039] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0:
seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr:
0:26:0 gen 0
[ 88.360589][T12039] node offset 8/32 bset u64s 375: checksum error,
type chacha20_poly1305_128: got 5125f248dce6c8583c1006bcb40e6d91
should be 56f8c5dd15dee062262778682ebef4d2, shutting down
[ 88.367016][T12039] bcachefs (loop0): inconsistency detected -
emergency read only at journal seq 10
[ 88.368285][T12039] bcachefs (loop0): flagging btree alloc lost data
[ 88.369242][T12039] bcachefs (loop0): running explicit recovery pass
check_topology (2), currently at recovery_pass_empty (0)
[ 88.370747][T12039] bcachefs (loop0): running explicit recovery pass
check_lrus (14), currently at recovery_pass_empty (0)
[ 88.372157][T12039] bcachefs (loop0): running explicit recovery pass
check_backpointers_to_extents (16), currently at recovery_pass_empty
(0)
[ 88.373924][T12039] bcachefs (loop0): running explicit recovery pass
check_alloc_info (13), currently at recovery_pass_empty (0)
[ 88.377400][T12039] error reading btree root btree=alloc level=0:
btree_node_read_error, fixing
[ 88.380073][T12039]
==================================================================
[88.381083][T12039] BUG: KASAN: use-after-free in poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[ 88.382059][T12039] Read of size 8 at addr ffff8880496c7050 by task
syz.0.15/12039
[ 88.383042][T12039]
[ 88.383346][T12039] CPU: 3 UID: 0 PID: 12039 Comm: syz.0.15 Not
tainted 6.14.0-rc7-00205-g586de92313fc #1
[ 88.383357][T12039] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.15.0-1 04/01/2014
[ 88.383363][T12039] Call Trace:
[ 88.383367][T12039] <TASK>
[88.383371][T12039] dump_stack_lvl
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/dump_stack.c:123)
[88.383385][T12039] print_report
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/report.c:409
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/report.c:521)
[88.383398][T12039] ? __phys_addr
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/mm/physaddr.c:32
(discriminator 4))
[88.383408][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.383420][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.383432][T12039] kasan_report
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/report.c:636)
[88.383443][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:196)
[88.383455][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.383468][T12039] kasan_check_range
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/generic.c:183
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/generic.c:189)
[88.383481][T12039] __asan_memcpy
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/shadow.c:105)
[88.383490][T12039] poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.383503][T12039] crypto_poly1305_update
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:232)
[88.383515][T12039] bch2_checksum
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/checksum.c:240)
[88.383527][T12039] ? __pfx_bch2_checksum
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/checksum.c:213)
[88.383539][T12039] ? rcu_is_watching
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/context_tracking.h:128
/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/rcu/tree.c:716)
[88.383550][T12039] ? kfree
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/trace/events/kmem.h:94
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4744)
[88.383566][T12039] ? bch2_journal_seq_is_blacklisted
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/journal_seq_blacklist.c:131)
[88.383580][T12039] bch2_btree_node_read_done
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1130)
[88.383598][T12039] ? bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:347
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:880
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:173)
[88.383611][T12039] ? __pfx_bch2_btree_node_read_done
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1009)
[88.383625][T12039] ? bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:119)
[88.383634][T12039] ? __pfx___lock_acquire
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5079)
[88.383650][T12039] ? __pfx_bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:119)
[88.383661][T12039] ? bch2_mark_io_failure
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:61
(discriminator 2))
[88.383672][T12039] ? btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1357
(discriminator 1))
[88.383680][T12039] btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1357
(discriminator 1))
[88.383688][T12039] ? lockdep_hardirqs_on
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:4470)
[88.383702][T12039] ? __pfx_btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1312)
[88.383711][T12039] ? bch2_latency_acct
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/io_write.c:66)
[88.383723][T12039] ? __pfx_bch2_latency_acct
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/io_write.c:66)
[88.383735][T12039] bch2_btree_node_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1748)
[88.383745][T12039] ? __pfx_bch2_btree_node_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1685)
[88.383753][T12039] ? find_held_lock
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5341)
[88.383765][T12039] ? __pfx_lock_release
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5859)
[88.383777][T12039] ? __bch2_trans_unlock
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_iter.h:111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_locking.c:725)
[88.383787][T12039] ? __pfx_bch2_btree_cache_cmp_fn
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_cache.c:135)
[88.383799][T12039] bch2_btree_root_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/instrumented.h:68
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/bitops/instrumented-non-atomic.h:141
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_types.h:628
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1791
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1811)
[88.383808][T12039] ? __pfx___mutex_unlock_slowpath
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/mutex.c:885)
[88.383820][T12039] ? __pfx_bch2_btree_root_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1810)
[88.383832][T12039] bch2_fs_recovery
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:581
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:928)
[88.383848][T12039] ? __pfx_bch2_fs_recovery
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:699)
[88.383863][T12039] ? bch2_get_next_online_dev
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:347
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:880
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/sb-members.h:157)
[88.383874][T12039] ? __pfx_lock_release
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5859)
[88.383889][T12039] ? bch2_get_next_online_dev
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/sb-members.h:160)
[88.383900][T12039] ? llist_reverse_order
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/llist.c:115)
[88.383915][T12039] ? __closure_wake_up
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/closure.c:89)
[88.383925][T12039] bch2_fs_start
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/super.c:1041)
[88.383940][T12039] bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2204)
[88.383950][T12039] ? __pfx_bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2160)
[88.383958][T12039] ? lock_acquire
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5824)
[88.383974][T12039] ? rcu_is_watching
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/context_tracking.h:128
/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/rcu/tree.c:716)
[88.383986][T12039] ? bpf_lsm_capable
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/lsm_hook_defs.h:44)
[88.383999][T12039] ? security_capable
(/data/ghui/docker_data/linux_kernel/upstream/linux/security/security.c:1143
(discriminator 120))
[88.384013][T12039] vfs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/super.c:1815)
[88.384027][T12039] path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3561
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3887)
[88.384039][T12039] ? kmem_cache_free
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4609
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4711)
[88.384048][T12039] ? __pfx_path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3814)
[88.384060][T12039] ? putname.part.0
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:297)
[88.384073][T12039] __x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3901
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088)
[88.384084][T12039] ? __pfx___x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088)
[88.384097][T12039] do_syscall_64
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:52
/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:83)
[88.384109][T12039] entry_SYSCALL_64_after_hwframe
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/entry_64.S:130)
[ 88.384123][T12039] RIP: 0033:0x7f7c16f9e49e
[ 88.384131][T12039] Code: 48 c7 c0 ff ff ff ff eb aa e8 5e 20 00 00
66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 49 89 ca b8 a5
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8
64 89 01 48
All code
========
0: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
7: eb aa jmp 0xffffffffffffffb3
9: e8 5e 20 00 00 call 0x206c
e: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
15: 00 00 00
18: 0f 1f 40 00 nopl 0x0(%rax)
1c: f3 0f 1e fa endbr64
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 88.384140][T12039] RSP: 002b:00007f7c17ce4da8 EFLAGS: 00000246
ORIG_RAX: 00000000000000a5
[ 88.384149][T12039] RAX: ffffffffffffffda RBX: 00000000000119f4 RCX:
00007f7c16f9e49e
[ 88.384156][T12039] RDX: 0000000020011a00 RSI: 0000000020000000 RDI:
00007f7c17ce4e00
[ 88.384162][T12039] RBP: 00007f7c17ce4e40 R08: 00007f7c17ce4e40 R09:
0000000000000000
[ 88.384167][T12039] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000020011a00
[ 88.384173][T12039] R13: 0000000020000000 R14: 00007f7c17ce4e00 R15:
0000000020000100
[ 88.384195][T12039] </TASK>
[ 88.384198][T12039]
[ 88.434820][T12039] The buggy address belongs to the physical page:
[ 88.435543][T12039] page: refcount:0 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x496c7
[ 88.436519][T12039] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 88.437336][T12039] raw: 00fff00000000000 0000000000000000
dead000000000122 0000000000000000
[ 88.438312][T12039] raw: 0000000000000000 0000000000000000
00000000ffffffff 0000000000000000
[ 88.439298][T12039] page dumped because: kasan: bad access detected
[ 88.440027][T12039] page_owner tracks the page as freed
[ 88.440651][T12039] page last allocated via order 5, migratetype
Reclaimable, gfp_mask
0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE),
pid 12039, tgid 12038 (syz.0.15), ts 88328445083, free_ts 88379542461
[88.443083][T12039] post_alloc_hook
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/page_owner.h:32
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:1551)
[88.443647][T12039] get_page_from_freelist
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:1561
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:3477)
[88.444281][T12039] __alloc_frozen_pages_noprof
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:4741)
[88.444952][T12039] __alloc_pages_noprof
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:4775)
[88.445534][T12039] ___kmalloc_large_node
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4232)
[88.446133][T12039] __kmalloc_large_node_noprof
(/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/bitops.h:417
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/getorder.h:46
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4268)
[88.446800][T12039] __kmalloc_node_noprof
(/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/bitops.h:417
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/getorder.h:46
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4284
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4300)
[88.447416][T12039] __kvmalloc_node_noprof
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/util.c:668)
[88.448024][T12039] btree_node_data_alloc.constprop.0
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_cache.c:156)
[88.448747][T12039] __bch2_btree_node_mem_alloc
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_cache.c:201)
[88.449392][T12039] bch2_fs_btree_cache_init
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_cache.c:655)
[88.450026][T12039] bch2_fs_alloc
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/super.c:919)
[88.450582][T12039] bch2_fs_open
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/err.h:116
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/super.c:2066)
[88.451115][T12039] bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/err.h:116
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2191)
[88.451702][T12039] vfs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/super.c:1815)
[88.452226][T12039] path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3561
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3887)
[ 88.452735][T12039] page last free pid 12039 tgid 12038 stack trace:
[88.453481][T12039] __free_pages_ok
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/page_owner.h:25
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:1127
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/page_alloc.c:1271)
[88.454058][T12039] __folio_put
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/swap.c:112)
[88.454577][T12039] kvfree
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/util.c:709)
[88.455012][T12039] bch2_btree_node_read_done
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1243)
[88.455689][T12039] btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1357
(discriminator 1))
[88.456291][T12039] bch2_btree_node_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1748)
[88.456878][T12039] bch2_btree_root_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/instrumented.h:68
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/bitops/instrumented-non-atomic.h:141
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_types.h:628
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1791
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1811)
[88.457472][T12039] bch2_fs_recovery
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:581
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:928)
[88.458035][T12039] bch2_fs_start
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/super.c:1041)
[88.458565][T12039] bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2204)
[88.459139][T12039] vfs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/super.c:1815)
[88.459647][T12039] path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3561
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3887)
[88.460144][T12039] __x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3901
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088)
[88.460722][T12039] do_syscall_64
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:52
/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:83)
[88.461243][T12039] entry_SYSCALL_64_after_hwframe
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/entry_64.S:130)
[ 88.461903][T12039]
[ 88.462174][T12039] Memory state around the buggy address:
[ 88.462801][T12039] ffff8880496c6f00: ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff
[ 88.463717][T12039] ffff8880496c6f80: ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff
[ 88.464735][T12039] >ffff8880496c7000: ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff
[ 88.465763][T12039] ^
[ 88.466619][T12039] ffff8880496c7080: ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff
[ 88.467647][T12039] ffff8880496c7100: ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff
[ 88.468677][T12039]
==================================================================
[ 88.469819][T12039] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 88.470749][T12039] CPU: 3 UID: 0 PID: 12039 Comm: syz.0.15 Not
tainted 6.14.0-rc7-00205-g586de92313fc #1
[ 88.471966][T12039] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.15.0-1 04/01/2014
[ 88.473133][T12039] Call Trace:
12039] <TASK>[T
[88.474112][T12039] dump_stack_lvl
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/dump_stack.c:124
(discriminator 7))
essage f[ 88.474971][Tr12039] panic+0xo6fd/0x7b0
m sy[ s 8l8.o4g75d6@12s]y[Tzk12a039l]l e ?r mark_held_locks
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:4323)
at [ M a8r8. 4276440 2]1[1T:125003:9] ? __pfx_panic
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/panic.c:288)
70 [ . . 8.8.
71 1k2]e[rTn12e0l39] ? irqentry_exit
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/entry/common.c:358)
:[ [8888..47748566]9[T819]12[039] ? lockdep_hardirqs_on
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:4470)
T12[ 0 3889.47]86 66K][eTrn12e03l9] p ? check_panic_on_warn
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/panic.c:242)
ani[ c 8-8.4 7945n4o][tT s12y0n3c9i] check_panic_on_warn
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/panic.c:243)
ng:[ 8K8A.S4A8N024:9 ][pTa120n3i9]c end_report
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/report.c:227)
_on[ _ w 8a8r.4n80 97s6]e[Tt12 03.9]. . ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.481811][T12039] kasan_report
(/data/ghui/docker_data/linux_kernel/upstream/linux/./arch/x86/include/asm/smap.h:52
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/report.c:639)
[88.482363][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:196)
[88.483019][T12039] ? poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.483664][T12039] kasan_check_range
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/generic.c:183
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/generic.c:189)
[88.484229][T12039] __asan_memcpy
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/kasan/shadow.c:105)
[88.484735][T12039] poly1305_update_arch
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:198)
[88.485333][T12039] crypto_poly1305_update
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/crypto/poly1305_glue.c:232)
[88.485922][T12039] bch2_checksum
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/checksum.c:240)
[88.486453][T12039] ? __pfx_bch2_checksum
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/checksum.c:213)
[88.487035][T12039] ? rcu_is_watching
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/context_tracking.h:128
/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/rcu/tree.c:716)
[88.487588][T12039] ? kfree
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/trace/events/kmem.h:94
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4744)
[88.488064][T12039] ? bch2_journal_seq_is_blacklisted
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/journal_seq_blacklist.c:131)
[88.488806][T12039] bch2_btree_node_read_done
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1130)
[88.489490][T12039] ? bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:347
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:880
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:173)
[88.490261][T12039] ? __pfx_bch2_btree_node_read_done
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1009)
[88.491058][T12039] ? bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:119)
[88.491835][T12039] ? __pfx___lock_acquire
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5079)
[88.492511][T12039] ? __pfx_bch2_bkey_pick_read_device
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:119)
[88.493328][T12039] ? bch2_mark_io_failure
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/extents.c:61
(discriminator 2))
[88.494005][T12039] ? btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1357
(discriminator 1))
[88.494747][T12039] btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1357
(discriminator 1))
[88.495440][T12039] ? lockdep_hardirqs_on
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:4470)
[88.496116][T12039] ? __pfx_btree_node_read_work
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1312)
[88.496858][T12039] ? bch2_latency_acct
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/io_write.c:66)
[88.497530][T12039] ? __pfx_bch2_latency_acct
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/io_write.c:66)
[88.498248][T12039] bch2_btree_node_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1748)
[88.498921][T12039] ? __pfx_bch2_btree_node_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1685)
[88.499664][T12039] ? find_held_lock
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5341)
[88.500290][T12039] ? __pfx_lock_release
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5859)
[88.500940][T12039] ? __bch2_trans_unlock
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_iter.h:111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_locking.c:725)
[88.501616][T12039] ? __pfx_bch2_btree_cache_cmp_fn
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_cache.c:135)
[88.502392][T12039] bch2_btree_root_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/instrumented.h:68
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/asm-generic/bitops/instrumented-non-atomic.h:141
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_types.h:628
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1791
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1811)
[88.503064][T12039] ? __pfx___mutex_unlock_slowpath
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/mutex.c:885)
[88.503849][T12039] ? __pfx_bch2_btree_root_read
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/btree_io.c:1810)
[88.504562][T12039] bch2_fs_recovery
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:581
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:928)
[88.505228][T12039] ? __pfx_bch2_fs_recovery
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/recovery.c:699)
[88.505862][T12039] ? bch2_get_next_online_dev
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:347
/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/rcupdate.h:880
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/sb-members.h:157)
[88.506608][T12039] ? __pfx_lock_release
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5859)
[88.507271][T12039] ? bch2_get_next_online_dev
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/sb-members.h:160)
[88.508010][T12039] ? llist_reverse_order
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/llist.c:115)
[88.508649][T12039] ? __closure_wake_up
(/data/ghui/docker_data/linux_kernel/upstream/linux/lib/closure.c:89)
[88.509258][T12039] bch2_fs_start
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/super.c:1041)
[88.509806][T12039] bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2204)
[88.510403][T12039] ? __pfx_bch2_fs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/bcachefs/fs.c:2160)
[88.511023][T12039] ? lock_acquire
(/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/locking/lockdep.c:5824)
[88.511565][T12039] ? rcu_is_watching
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/context_tracking.h:128
/data/ghui/docker_data/linux_kernel/upstream/linux/kernel/rcu/tree.c:716)
[88.512125][T12039] ? bpf_lsm_capable
(/data/ghui/docker_data/linux_kernel/upstream/linux/./include/linux/lsm_hook_defs.h:44)
[88.512683][T12039] ? security_capable
(/data/ghui/docker_data/linux_kernel/upstream/linux/security/security.c:1143
(discriminator 120))
[88.513382][T12039] vfs_get_tree
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/super.c:1815)
[88.513927][T12039] path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3561
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3887)
[88.514518][T12039] ? kmem_cache_free
(/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4609
/data/ghui/docker_data/linux_kernel/upstream/linux/mm/slub.c:4711)
[88.515169][T12039] ? __pfx_path_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3814)
[88.515828][T12039] ? putname.part.0
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namei.c:297)
[88.516481][T12039] __x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:3901
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4111
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088
/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088)
[88.517116][T12039] ? __pfx___x64_sys_mount
(/data/ghui/docker_data/linux_kernel/upstream/linux/fs/namespace.c:4088)
[88.517828][T12039] do_syscall_64
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:52
/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/common.c:83)
[88.518441][T12039] entry_SYSCALL_64_after_hwframe
(/data/ghui/docker_data/linux_kernel/upstream/linux/arch/x86/entry/entry_64.S:130)
[ 88.519229][T12039] RIP: 0033:0x7f7c16f9e49e
[ 88.519814][T12039] Code: 48 c7 c0 ff ff ff ff eb aa e8 5e 20 00 00
66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 49 89 ca b8 a5
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8
64 89 01 48
All code
========
0: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
7: eb aa jmp 0xffffffffffffffb3
9: e8 5e 20 00 00 call 0x206c
e: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
15: 00 00 00
18: 0f 1f 40 00 nopl 0x0(%rax)
1c: f3 0f 1e fa endbr64
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 c7 c1 a8 ff ff ff mov $0xffffffffffffffa8,%rcx
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 88.522326][T12039] RSP: 002b:00007f7c17ce4da8 EFLAGS: 00000246
ORIG_RAX: 00000000000000a5
[ 88.523371][T12039] RAX: ffffffffffffffda RBX: 00000000000119f4 RCX:
00007f7c16f9e49e
[ 88.524293][T12039] RDX: 0000000020011a00 RSI: 0000000020000000 RDI:
00007f7c17ce4e00
[ 88.525203][T12039] RBP: 00007f7c17ce4e40 R08: 00007f7c17ce4e40 R09:
0000000000000000
[ 88.526106][T12039] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000020011a00
[ 88.527079][T12039] R13: 0000000020000000 R14: 00007f7c17ce4e00 R15:
0000000020000100
[ 88.528111][T12039] </TASK>
[ 88.528793][T12039] Kernel Offset: disabled
[ 88.529305][T12039] Rebooting in 86400 seconds..
Powered by blists - more mailing lists