* WARNING in shmem_release_dquot
@ 2024-01-29 8:51 Ubisectech Sirius
2024-02-20 4:26 ` Hugh Dickins
0 siblings, 1 reply; 3+ messages in thread
From: Ubisectech Sirius @ 2024-01-29 8:51 UTC (permalink / raw)
To: linux-kernel, linux-trace-kernel; +Cc: linux-mm, akpm, hughd
[-- Attachment #1: Type: text/plain, Size: 10355 bytes --]
Hello.
We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.8.0-rc1-gecb1b8288dc7. Attached to the email were a POC file of the issue.
Stack dump:
[ 246.195553][ T4096] ------------[ cut here ]------------
[ 246.196540][ T4096] quota id 16384 from dquot ffff888051bd3000, not in rb tree!
[ 246.198829][ T4096] WARNING: CPU: 1 PID: 4096 at mm/shmem_quota.c:290 shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.199955][ T4096] Modules linked in:
[ 246.200435][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
[ 246.201566][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 246.202667][ T4096] Workqueue: events_unbound quota_release_workfn
[ 246.203516][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.204276][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
All code
========
0: e8 28 d9 18 00 call 0x18d92d
5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
16: 90 nop
17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
1e: 4c 89 ea mov %r13,%rdx
21: 44 89 e6 mov %r12d,%esi
24: e8 14 6d 89 ff call 0xffffffffff896d3d
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: 90 nop
2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
33: e8 f5 d8 18 00 call 0x18d92d
38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
3d: e8 .byte 0xe8
3e: 0b d9 or %ecx,%ebx
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: 90 nop
4: e9 18 fb ff ff jmp 0xfffffffffffffb21
9: e8 f5 d8 18 00 call 0x18d903
e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
13: e8 .byte 0xe8
14: 0b d9 or %ecx,%ebx
[ 246.206640][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
[ 246.207403][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
[ 246.208514][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
[ 246.209429][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 246.210362][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
[ 246.211367][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
[ 246.212327][ T4096] FS: 0000000000000000(0000) GS:ffff88807ec00000(0000) knlGS:0000000000000000
[ 246.213387][ T4096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 246.214232][ T4096] CR2: 00007ffee748ec80 CR3: 000000000cb78000 CR4: 0000000000750ef0
[ 246.215216][ T4096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 246.216187][ T4096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 246.217148][ T4096] PKRU: 55555554
[ 246.217615][ T4096] Call Trace:
[ 246.218090][ T4096] <TASK>
[ 246.218467][ T4096] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 246.218979][ T4096] ? __warn (kernel/panic.c:677)
[ 246.219505][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.220197][ T4096] ? report_bug (lib/bug.c:201 lib/bug.c:219)
[ 246.220775][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.221500][ T4096] ? handle_bug (arch/x86/kernel/traps.c:238)
[ 246.222081][ T4096] ? exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
[ 246.222687][ T4096] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
[ 246.223296][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
[ 246.223878][ T4096] ? __warn_printk (kernel/panic.c:717)
[ 246.224460][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.225125][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
[ 246.225792][ T4096] ? dquot_release (fs/quota/dquot.c:810)
[ 246.226401][ T4096] process_one_work (kernel/workqueue.c:2638)
[ 246.227001][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
[ 246.227509][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
[ 246.228266][ T4096] ? assign_work (kernel/workqueue.c:1102)
[ 246.228846][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
[ 246.229477][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
[ 246.230150][ T4096] ? process_one_work (kernel/workqueue.c:2733)
[ 246.230735][ T4096] kthread (kernel/kthread.c:388)
[ 246.231247][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
[ 246.231950][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
[ 246.232465][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
[ 246.233153][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
[ 246.233783][ T4096] </TASK>
[ 246.234175][ T4096] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 246.235087][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
[ 246.236174][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 246.237207][ T4096] Workqueue: events_unbound quota_release_workfn
[ 246.237927][ T4096] Call Trace:
[ 246.238294][ T4096] <TASK>
[ 246.238619][ T4096] dump_stack_lvl (lib/dump_stack.c:107)
[ 246.239144][ T4096] panic (kernel/panic.c:344)
[ 246.239584][ T4096] ? panic_smp_self_stop+0xa0/0xa0
[ 246.240154][ T4096] ? check_panic_on_warn (kernel/panic.c:236)
[ 246.240714][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.241303][ T4096] check_panic_on_warn (kernel/panic.c:237)
[ 246.241915][ T4096] __warn (./arch/x86/include/asm/current.h:42 kernel/panic.c:682)
[ 246.242428][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.243117][ T4096] report_bug (lib/bug.c:201 lib/bug.c:219)
[ 246.243688][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.244390][ T4096] handle_bug (arch/x86/kernel/traps.c:238)
[ 246.244957][ T4096] exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
[ 246.245551][ T4096] asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
[ 246.246189][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
[ 246.246945][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
All code
========
0: e8 28 d9 18 00 call 0x18d92d
5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
16: 90 nop
17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
1e: 4c 89 ea mov %r13,%rdx
21: 44 89 e6 mov %r12d,%esi
24: e8 14 6d 89 ff call 0xffffffffff896d3d
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: 90 nop
2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
33: e8 f5 d8 18 00 call 0x18d92d
38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
3d: e8 .byte 0xe8
3e: 0b d9 or %ecx,%ebx
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: 90 nop
4: e9 18 fb ff ff jmp 0xfffffffffffffb21
9: e8 f5 d8 18 00 call 0x18d903
e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
13: e8 .byte 0xe8
14: 0b d9 or %ecx,%ebx
[ 246.249288][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
[ 246.250033][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
[ 246.251035][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
[ 246.252036][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 246.253028][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
[ 246.254060][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
[ 246.255058][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
[ 246.255694][ T4096] ? __warn_printk (kernel/panic.c:717)
[ 246.256256][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
[ 246.256877][ T4096] ? dquot_release (fs/quota/dquot.c:810)
[ 246.257467][ T4096] process_one_work (kernel/workqueue.c:2638)
[ 246.258126][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
[ 246.258718][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
[ 246.259339][ T4096] ? assign_work (kernel/workqueue.c:1102)
[ 246.259915][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
[ 246.260529][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
[ 246.261176][ T4096] ? process_one_work (kernel/workqueue.c:2733)
[ 246.261855][ T4096] kthread (kernel/kthread.c:388)
[ 246.262382][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
[ 246.263077][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
[ 246.263620][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
[ 246.264331][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
[ 246.264910][ T4096] </TASK>
[ 246.265598][ T4096] Kernel Offset: disabled
[ 246.266259][ T4096] Rebooting in 86400 seconds..
Thank you for taking the time to read this email and we look forward to working with you further.
[-- Attachment #2: poc.c --]
[-- Type: application/octet-stream, Size: 7079 bytes --]
// autogenerated by syzkaller (https://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
static unsigned long long procid;
static void sleep_ms(uint64_t ms)
{
usleep(ms * 1000);
}
static uint64_t current_time_ms(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
exit(1);
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void use_temporary_dir(void)
{
char tmpdir_template[] = "./syzkaller.XXXXXX";
char* tmpdir = mkdtemp(tmpdir_template);
if (!tmpdir)
exit(1);
if (chmod(tmpdir, 0777))
exit(1);
if (chdir(tmpdir))
exit(1);
}
static bool write_file(const char* file, const char* what, ...)
{
char buf[1024];
va_list args;
va_start(args, what);
vsnprintf(buf, sizeof(buf), what, args);
va_end(args);
buf[sizeof(buf) - 1] = 0;
int len = strlen(buf);
int fd = open(file, O_WRONLY | O_CLOEXEC);
if (fd == -1)
return false;
if (write(fd, buf, len) != len) {
int err = errno;
close(fd);
errno = err;
return false;
}
close(fd);
return true;
}
#define FS_IOC_SETFLAGS _IOW('f', 2, long)
static void remove_dir(const char* dir)
{
int iter = 0;
DIR* dp = 0;
retry:
while (umount2(dir, MNT_DETACH | UMOUNT_NOFOLLOW) == 0) {
}
dp = opendir(dir);
if (dp == NULL) {
if (errno == EMFILE) {
exit(1);
}
exit(1);
}
struct dirent* ep = 0;
while ((ep = readdir(dp))) {
if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
continue;
char filename[FILENAME_MAX];
snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
while (umount2(filename, MNT_DETACH | UMOUNT_NOFOLLOW) == 0) {
}
struct stat st;
if (lstat(filename, &st))
exit(1);
if (S_ISDIR(st.st_mode)) {
remove_dir(filename);
continue;
}
int i;
for (i = 0;; i++) {
if (unlink(filename) == 0)
break;
if (errno == EPERM) {
int fd = open(filename, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno != EBUSY || i > 100)
exit(1);
if (umount2(filename, MNT_DETACH | UMOUNT_NOFOLLOW))
exit(1);
}
}
closedir(dp);
for (int i = 0;; i++) {
if (rmdir(dir) == 0)
break;
if (i < 100) {
if (errno == EPERM) {
int fd = open(dir, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno == EBUSY) {
if (umount2(dir, MNT_DETACH | UMOUNT_NOFOLLOW))
exit(1);
continue;
}
if (errno == ENOTEMPTY) {
if (iter < 100) {
iter++;
goto retry;
}
}
}
exit(1);
}
}
static void kill_and_wait(int pid, int* status)
{
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
for (int i = 0; i < 100; i++) {
if (waitpid(-1, status, WNOHANG | __WALL) == pid)
return;
usleep(1000);
}
DIR* dir = opendir("/sys/fs/fuse/connections");
if (dir) {
for (;;) {
struct dirent* ent = readdir(dir);
if (!ent)
break;
if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
continue;
char abort[300];
snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
ent->d_name);
int fd = open(abort, O_WRONLY);
if (fd == -1) {
continue;
}
if (write(fd, abort, 1) < 0) {
}
close(fd);
}
closedir(dir);
} else {
}
while (waitpid(-1, status, __WALL) != pid) {
}
}
static void setup_test()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
write_file("/proc/self/oom_score_adj", "1000");
if (symlink("/dev/binderfs", "./binderfs")) {
}
}
static void execute_one(void);
#define WAIT_FLAGS __WALL
static void loop(void)
{
int iter = 0;
for (;; iter++) {
char cwdbuf[32];
sprintf(cwdbuf, "./%d", iter);
if (mkdir(cwdbuf, 0777))
exit(1);
int pid = fork();
if (pid < 0)
exit(1);
if (pid == 0) {
if (chdir(cwdbuf))
exit(1);
setup_test();
execute_one();
exit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
break;
sleep_ms(1);
if (current_time_ms() - start < 5000)
continue;
kill_and_wait(pid, &status);
break;
}
remove_dir(cwdbuf);
}
}
uint64_t r[1] = {0x0};
void execute_one(void)
{
intptr_t res = 0;
memcpy((void*)0x20000440, "./file1\000", 8);
syscall(__NR_mkdir, /*path=*/0x20000440ul, /*mode=*/0ul);
memcpy((void*)0x20000240, "./file1\000", 8);
memcpy((void*)0x200002c0, "tmpfs\000", 6);
memcpy((void*)0x20000300, "usrquota", 8);
syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x20000240ul, /*type=*/0x200002c0ul,
/*flags=*/0ul, /*data=*/0x20000300ul);
memcpy((void*)0x20000080, "./file1\000", 8);
syscall(__NR_chdir, /*dir=*/0x20000080ul);
memcpy((void*)0x20000200, "./file1\000", 8);
syscall(__NR_mkdir, /*path=*/0x20000200ul, /*mode=*/0ul);
memcpy((void*)0x20000180, "./file1\000", 8);
res = syscall(__NR_stat, /*file=*/0x20000180ul, /*statbuf=*/0x20000340ul);
if (res != -1)
r[0] = *(uint32_t*)0x20000358;
memcpy((void*)0x20000000, "./file1\000", 8);
syscall(__NR_lchown, /*file=*/0x20000000ul, /*uid=*/r[0], /*gid=*/0);
memcpy((void*)0x20000100, "./file1\000", 8);
syscall(__NR_rmdir, /*path=*/0x20000100ul);
memcpy((void*)0x200000c0, "./file1\000", 8);
memcpy((void*)0x20000140, "./file1\000", 8);
syscall(__NR_symlinkat, /*old=*/0x200000c0ul, /*newfd=*/0xffffff9c,
/*new=*/0x20000140ul);
memcpy((void*)0x20000040, "./file1\000", 8);
syscall(__NR_lchown, /*file=*/0x20000040ul, /*uid=*/0xee01, /*gid=*/-1);
}
int main(void)
{
syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul,
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
for (procid = 0; procid < 4; procid++) {
if (fork() == 0) {
use_temporary_dir();
loop();
}
}
sleep(1000000);
return 0;
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: WARNING in shmem_release_dquot
2024-01-29 8:51 WARNING in shmem_release_dquot Ubisectech Sirius
@ 2024-02-20 4:26 ` Hugh Dickins
2024-02-20 8:02 ` Carlos Maiolino
0 siblings, 1 reply; 3+ messages in thread
From: Hugh Dickins @ 2024-02-20 4:26 UTC (permalink / raw)
To: Carlos Maiolino
Cc: linux-kernel, linux-trace-kernel, linux-mm, Andrew Morton,
Hugh Dickins, Jan Kara, Ubisectech Sirius
On Mon, 29 Jan 2024, Ubisectech Sirius wrote:
> Hello.
> We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.8.0-rc1-gecb1b8288dc7. Attached to the email were a POC file of the issue.
>
> Stack dump:
> [ 246.195553][ T4096] ------------[ cut here ]------------
> [ 246.196540][ T4096] quota id 16384 from dquot ffff888051bd3000, not in rb tree!
> [ 246.198829][ T4096] WARNING: CPU: 1 PID: 4096 at mm/shmem_quota.c:290 shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.199955][ T4096] Modules linked in:
> [ 246.200435][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
> [ 246.201566][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> [ 246.202667][ T4096] Workqueue: events_unbound quota_release_workfn
> [ 246.203516][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.204276][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
> All code
> ========
> 0: e8 28 d9 18 00 call 0x18d92d
> 5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
> a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
> f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
> 16: 90 nop
> 17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
> 1e: 4c 89 ea mov %r13,%rdx
> 21: 44 89 e6 mov %r12d,%esi
> 24: e8 14 6d 89 ff call 0xffffffffff896d3d
> 29: 90 nop
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: 90 nop
> 2d: 90 nop
> 2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
> 33: e8 f5 d8 18 00 call 0x18d92d
> 38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
> 3d: e8 .byte 0xe8
> 3e: 0b d9 or %ecx,%ebx
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 90 nop
> 3: 90 nop
> 4: e9 18 fb ff ff jmp 0xfffffffffffffb21
> 9: e8 f5 d8 18 00 call 0x18d903
> e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
> 13: e8 .byte 0xe8
> 14: 0b d9 or %ecx,%ebx
> [ 246.206640][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
> [ 246.207403][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
> [ 246.208514][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
> [ 246.209429][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> [ 246.210362][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
> [ 246.211367][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
> [ 246.212327][ T4096] FS: 0000000000000000(0000) GS:ffff88807ec00000(0000) knlGS:0000000000000000
> [ 246.213387][ T4096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 246.214232][ T4096] CR2: 00007ffee748ec80 CR3: 000000000cb78000 CR4: 0000000000750ef0
> [ 246.215216][ T4096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 246.216187][ T4096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 246.217148][ T4096] PKRU: 55555554
> [ 246.217615][ T4096] Call Trace:
> [ 246.218090][ T4096] <TASK>
> [ 246.218467][ T4096] ? show_regs (arch/x86/kernel/dumpstack.c:479)
> [ 246.218979][ T4096] ? __warn (kernel/panic.c:677)
> [ 246.219505][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.220197][ T4096] ? report_bug (lib/bug.c:201 lib/bug.c:219)
> [ 246.220775][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.221500][ T4096] ? handle_bug (arch/x86/kernel/traps.c:238)
> [ 246.222081][ T4096] ? exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
> [ 246.222687][ T4096] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
> [ 246.223296][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
> [ 246.223878][ T4096] ? __warn_printk (kernel/panic.c:717)
> [ 246.224460][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.225125][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
> [ 246.225792][ T4096] ? dquot_release (fs/quota/dquot.c:810)
> [ 246.226401][ T4096] process_one_work (kernel/workqueue.c:2638)
> [ 246.227001][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
> [ 246.227509][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
> [ 246.228266][ T4096] ? assign_work (kernel/workqueue.c:1102)
> [ 246.228846][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
> [ 246.229477][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
> [ 246.230150][ T4096] ? process_one_work (kernel/workqueue.c:2733)
> [ 246.230735][ T4096] kthread (kernel/kthread.c:388)
> [ 246.231247][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> [ 246.231950][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
> [ 246.232465][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> [ 246.233153][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
> [ 246.233783][ T4096] </TASK>
> [ 246.234175][ T4096] Kernel panic - not syncing: kernel: panic_on_warn set ...
> [ 246.235087][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
> [ 246.236174][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> [ 246.237207][ T4096] Workqueue: events_unbound quota_release_workfn
> [ 246.237927][ T4096] Call Trace:
> [ 246.238294][ T4096] <TASK>
> [ 246.238619][ T4096] dump_stack_lvl (lib/dump_stack.c:107)
> [ 246.239144][ T4096] panic (kernel/panic.c:344)
> [ 246.239584][ T4096] ? panic_smp_self_stop+0xa0/0xa0
> [ 246.240154][ T4096] ? check_panic_on_warn (kernel/panic.c:236)
> [ 246.240714][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.241303][ T4096] check_panic_on_warn (kernel/panic.c:237)
> [ 246.241915][ T4096] __warn (./arch/x86/include/asm/current.h:42 kernel/panic.c:682)
> [ 246.242428][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.243117][ T4096] report_bug (lib/bug.c:201 lib/bug.c:219)
> [ 246.243688][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.244390][ T4096] handle_bug (arch/x86/kernel/traps.c:238)
> [ 246.244957][ T4096] exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
> [ 246.245551][ T4096] asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
> [ 246.246189][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> [ 246.246945][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
> All code
> ========
> 0: e8 28 d9 18 00 call 0x18d92d
> 5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
> a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
> f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
> 16: 90 nop
> 17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
> 1e: 4c 89 ea mov %r13,%rdx
> 21: 44 89 e6 mov %r12d,%esi
> 24: e8 14 6d 89 ff call 0xffffffffff896d3d
> 29: 90 nop
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: 90 nop
> 2d: 90 nop
> 2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
> 33: e8 f5 d8 18 00 call 0x18d92d
> 38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
> 3d: e8 .byte 0xe8
> 3e: 0b d9 or %ecx,%ebx
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 90 nop
> 3: 90 nop
> 4: e9 18 fb ff ff jmp 0xfffffffffffffb21
> 9: e8 f5 d8 18 00 call 0x18d903
> e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
> 13: e8 .byte 0xe8
> 14: 0b d9 or %ecx,%ebx
> [ 246.249288][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
> [ 246.250033][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
> [ 246.251035][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
> [ 246.252036][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> [ 246.253028][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
> [ 246.254060][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
> [ 246.255058][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
> [ 246.255694][ T4096] ? __warn_printk (kernel/panic.c:717)
> [ 246.256256][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
> [ 246.256877][ T4096] ? dquot_release (fs/quota/dquot.c:810)
> [ 246.257467][ T4096] process_one_work (kernel/workqueue.c:2638)
> [ 246.258126][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
> [ 246.258718][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
> [ 246.259339][ T4096] ? assign_work (kernel/workqueue.c:1102)
> [ 246.259915][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
> [ 246.260529][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
> [ 246.261176][ T4096] ? process_one_work (kernel/workqueue.c:2733)
> [ 246.261855][ T4096] kthread (kernel/kthread.c:388)
> [ 246.262382][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> [ 246.263077][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
> [ 246.263620][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> [ 246.264331][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
> [ 246.264910][ T4096] </TASK>
> [ 246.265598][ T4096] Kernel Offset: disabled
> [ 246.266259][ T4096] Rebooting in 86400 seconds..
>
> Thank you for taking the time to read this email and we look forward to working with you further.
Carlos, this looks like one for you to puzzle over -
thanks,
Hugh
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: WARNING in shmem_release_dquot
2024-02-20 4:26 ` Hugh Dickins
@ 2024-02-20 8:02 ` Carlos Maiolino
0 siblings, 0 replies; 3+ messages in thread
From: Carlos Maiolino @ 2024-02-20 8:02 UTC (permalink / raw)
To: Hugh Dickins
Cc: linux-kernel, linux-trace-kernel, linux-mm, Andrew Morton,
Jan Kara, Ubisectech Sirius
On Mon, Feb 19, 2024 at 08:26:20PM -0800, Hugh Dickins wrote:
> On Mon, 29 Jan 2024, Ubisectech Sirius wrote:
>
> > Hello.
> > We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.8.0-rc1-gecb1b8288dc7. Attached to the email were a POC file of the issue.
> >
> > Stack dump:
> > [ 246.195553][ T4096] ------------[ cut here ]------------
> > [ 246.196540][ T4096] quota id 16384 from dquot ffff888051bd3000, not in rb tree!
> > [ 246.198829][ T4096] WARNING: CPU: 1 PID: 4096 at mm/shmem_quota.c:290 shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.199955][ T4096] Modules linked in:
> > [ 246.200435][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
> > [ 246.201566][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> > [ 246.202667][ T4096] Workqueue: events_unbound quota_release_workfn
> > [ 246.203516][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.204276][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
> > All code
> > ========
> > 0: e8 28 d9 18 00 call 0x18d92d
> > 5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
> > a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
> > f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
> > 16: 90 nop
> > 17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
> > 1e: 4c 89 ea mov %r13,%rdx
> > 21: 44 89 e6 mov %r12d,%esi
> > 24: e8 14 6d 89 ff call 0xffffffffff896d3d
> > 29: 90 nop
> > 2a:* 0f 0b ud2 <-- trapping instruction
> > 2c: 90 nop
> > 2d: 90 nop
> > 2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
> > 33: e8 f5 d8 18 00 call 0x18d92d
> > 38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
> > 3d: e8 .byte 0xe8
> > 3e: 0b d9 or %ecx,%ebx
> >
> > Code starting with the faulting instruction
> > ===========================================
> > 0: 0f 0b ud2
> > 2: 90 nop
> > 3: 90 nop
> > 4: e9 18 fb ff ff jmp 0xfffffffffffffb21
> > 9: e8 f5 d8 18 00 call 0x18d903
> > e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
> > 13: e8 .byte 0xe8
> > 14: 0b d9 or %ecx,%ebx
> > [ 246.206640][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
> > [ 246.207403][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
> > [ 246.208514][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
> > [ 246.209429][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> > [ 246.210362][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
> > [ 246.211367][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
> > [ 246.212327][ T4096] FS: 0000000000000000(0000) GS:ffff88807ec00000(0000) knlGS:0000000000000000
> > [ 246.213387][ T4096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 246.214232][ T4096] CR2: 00007ffee748ec80 CR3: 000000000cb78000 CR4: 0000000000750ef0
> > [ 246.215216][ T4096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > [ 246.216187][ T4096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > [ 246.217148][ T4096] PKRU: 55555554
> > [ 246.217615][ T4096] Call Trace:
> > [ 246.218090][ T4096] <TASK>
> > [ 246.218467][ T4096] ? show_regs (arch/x86/kernel/dumpstack.c:479)
> > [ 246.218979][ T4096] ? __warn (kernel/panic.c:677)
> > [ 246.219505][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.220197][ T4096] ? report_bug (lib/bug.c:201 lib/bug.c:219)
> > [ 246.220775][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.221500][ T4096] ? handle_bug (arch/x86/kernel/traps.c:238)
> > [ 246.222081][ T4096] ? exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
> > [ 246.222687][ T4096] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
> > [ 246.223296][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
> > [ 246.223878][ T4096] ? __warn_printk (kernel/panic.c:717)
> > [ 246.224460][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.225125][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
> > [ 246.225792][ T4096] ? dquot_release (fs/quota/dquot.c:810)
> > [ 246.226401][ T4096] process_one_work (kernel/workqueue.c:2638)
> > [ 246.227001][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
> > [ 246.227509][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
> > [ 246.228266][ T4096] ? assign_work (kernel/workqueue.c:1102)
> > [ 246.228846][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
> > [ 246.229477][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
> > [ 246.230150][ T4096] ? process_one_work (kernel/workqueue.c:2733)
> > [ 246.230735][ T4096] kthread (kernel/kthread.c:388)
> > [ 246.231247][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> > [ 246.231950][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
> > [ 246.232465][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> > [ 246.233153][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
> > [ 246.233783][ T4096] </TASK>
> > [ 246.234175][ T4096] Kernel panic - not syncing: kernel: panic_on_warn set ...
> > [ 246.235087][ T4096] CPU: 1 PID: 4096 Comm: kworker/u6:6 Not tainted 6.8.0-rc1-gecb1b8288dc7 #21
> > [ 246.236174][ T4096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> > [ 246.237207][ T4096] Workqueue: events_unbound quota_release_workfn
> > [ 246.237927][ T4096] Call Trace:
> > [ 246.238294][ T4096] <TASK>
> > [ 246.238619][ T4096] dump_stack_lvl (lib/dump_stack.c:107)
> > [ 246.239144][ T4096] panic (kernel/panic.c:344)
> > [ 246.239584][ T4096] ? panic_smp_self_stop+0xa0/0xa0
> > [ 246.240154][ T4096] ? check_panic_on_warn (kernel/panic.c:236)
> > [ 246.240714][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.241303][ T4096] check_panic_on_warn (kernel/panic.c:237)
> > [ 246.241915][ T4096] __warn (./arch/x86/include/asm/current.h:42 kernel/panic.c:682)
> > [ 246.242428][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.243117][ T4096] report_bug (lib/bug.c:201 lib/bug.c:219)
> > [ 246.243688][ T4096] ? shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.244390][ T4096] handle_bug (arch/x86/kernel/traps.c:238)
> > [ 246.244957][ T4096] exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1))
> > [ 246.245551][ T4096] asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568)
> > [ 246.246189][ T4096] RIP: 0010:shmem_release_dquot (mm/shmem_quota.c:290 (discriminator 3))
> > [ 246.246945][ T4096] Code: e8 28 d9 18 00 e9 b3 f8 ff ff e8 6e e1 c2 ff c6 05 bf e8 1b 0d 01 90 48 c7 c7 80 f0 b8 8a 4c 89 ea 44 89 e6 e8 14 6d 89 ff 90 <0f> 0b 90 90 e9 18 fb ff ff e8 f5 d8 18 00 e9 a2 fa ff ff e8 0b d9
> > All code
> > ========
> > 0: e8 28 d9 18 00 call 0x18d92d
> > 5: e9 b3 f8 ff ff jmp 0xfffffffffffff8bd
> > a: e8 6e e1 c2 ff call 0xffffffffffc2e17d
> > f: c6 05 bf e8 1b 0d 01 movb $0x1,0xd1be8bf(%rip) # 0xd1be8d5
> > 16: 90 nop
> > 17: 48 c7 c7 80 f0 b8 8a mov $0xffffffff8ab8f080,%rdi
> > 1e: 4c 89 ea mov %r13,%rdx
> > 21: 44 89 e6 mov %r12d,%esi
> > 24: e8 14 6d 89 ff call 0xffffffffff896d3d
> > 29: 90 nop
> > 2a:* 0f 0b ud2 <-- trapping instruction
> > 2c: 90 nop
> > 2d: 90 nop
> > 2e: e9 18 fb ff ff jmp 0xfffffffffffffb4b
> > 33: e8 f5 d8 18 00 call 0x18d92d
> > 38: e9 a2 fa ff ff jmp 0xfffffffffffffadf
> > 3d: e8 .byte 0xe8
> > 3e: 0b d9 or %ecx,%ebx
> >
> > Code starting with the faulting instruction
> > ===========================================
> > 0: 0f 0b ud2
> > 2: 90 nop
> > 3: 90 nop
> > 4: e9 18 fb ff ff jmp 0xfffffffffffffb21
> > 9: e8 f5 d8 18 00 call 0x18d903
> > e: e9 a2 fa ff ff jmp 0xfffffffffffffab5
> > 13: e8 .byte 0xe8
> > 14: 0b d9 or %ecx,%ebx
> > [ 246.249288][ T4096] RSP: 0018:ffffc9000604fbc0 EFLAGS: 00010286
> > [ 246.250033][ T4096] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c77da
> > [ 246.251035][ T4096] RDX: ffff888049a58000 RSI: ffffffff814c77e7 RDI: 0000000000000001
> > [ 246.252036][ T4096] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
> > [ 246.253028][ T4096] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000004000
> > [ 246.254060][ T4096] R13: ffff888051bd3000 R14: dffffc0000000000 R15: ffff888051bd3040
> > [ 246.255058][ T4096] ? __warn_printk (./include/linux/context_tracking.h:155 kernel/panic.c:726)
> > [ 246.255694][ T4096] ? __warn_printk (kernel/panic.c:717)
> > [ 246.256256][ T4096] quota_release_workfn (fs/quota/dquot.c:839)
> > [ 246.256877][ T4096] ? dquot_release (fs/quota/dquot.c:810)
> > [ 246.257467][ T4096] process_one_work (kernel/workqueue.c:2638)
> > [ 246.258126][ T4096] ? lock_sync (kernel/locking/lockdep.c:5722)
> > [ 246.258718][ T4096] ? workqueue_congested (kernel/workqueue.c:2542)
> > [ 246.259339][ T4096] ? assign_work (kernel/workqueue.c:1102)
> > [ 246.259915][ T4096] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787)
> > [ 246.260529][ T4096] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423)
> > [ 246.261176][ T4096] ? process_one_work (kernel/workqueue.c:2733)
> > [ 246.261855][ T4096] kthread (kernel/kthread.c:388)
> > [ 246.262382][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> > [ 246.263077][ T4096] ret_from_fork (arch/x86/kernel/process.c:153)
> > [ 246.263620][ T4096] ? kthread_complete_and_exit (kernel/kthread.c:341)
> > [ 246.264331][ T4096] ret_from_fork_asm (arch/x86/entry/entry_64.S:250)
> > [ 246.264910][ T4096] </TASK>
> > [ 246.265598][ T4096] Kernel Offset: disabled
> > [ 246.266259][ T4096] Rebooting in 86400 seconds..
> >
> > Thank you for taking the time to read this email and we look forward to working with you further.
>
> Carlos, this looks like one for you to puzzle over -
> thanks,
> Hugh
I'll look into it, thanks!
Carlos
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-20 8:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-29 8:51 WARNING in shmem_release_dquot Ubisectech Sirius
2024-02-20 4:26 ` Hugh Dickins
2024-02-20 8:02 ` Carlos Maiolino
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox