Hi Kernel Maintainers, we found a crash "BUG: unable to handle kernel paging request in build_id_parse_nofault" (it seems like a KASAN and makes the kernel reboot) in upstream, we also have successfully reproduced it manually: HEAD Commit: 9852d85ec9d492ebef56dc5f229416c925758edc(tag 'v6.12-rc1') kernel config: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/6.12.config console output: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/9852d85ec9d492ebef56dc5f229416c925758edc/7a4626c1fd3c932f5ee145636d9b82d152708357/log0 repro report: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/9852d85ec9d492ebef56dc5f229416c925758edc/7a4626c1fd3c932f5ee145636d9b82d152708357/repro.report syz reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/9852d85ec9d492ebef56dc5f229416c925758edc/7a4626c1fd3c932f5ee145636d9b82d152708357/repro.prog c reproducer: https://raw.githubusercontent.com/androidAppGuard/KernelBugs/main/9852d85ec9d492ebef56dc5f229416c925758edc/7a4626c1fd3c932f5ee145636d9b82d152708357/repro.cprog Please let me know if there is anything I can help with. Best, Hui Guo This is the crash log I got by reproducing the bug based on the above environment, I have piped this log through decode_stacktrace.sh to better understand the cause of the bug. ============================================================================================= 2024/10/18 11:15:33 parsed 1 programs [ 38.223243][ T8407] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 39.172894][ T8455] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.174859][ T8455] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.176802][ T8455] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.182619][ T8455] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.185043][ T8455] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.187014][ T8455] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.250575][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.252317][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.261274][ T118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.263161][ T118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.268872][ T8452] chnl_net:caif_netlink_parms(): no params data found [ 39.288658][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.290230][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.291807][ T8452] bridge_slave_0: entered allmulticast mode [ 39.293398][ T8452] bridge_slave_0: entered promiscuous mode [ 39.294994][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.296582][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.297982][ T8452] bridge_slave_1: entered allmulticast mode [ 39.299353][ T8452] bridge_slave_1: entered promiscuous mode [ 39.304797][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.306061][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.316713][ T8452] team0: Port device team_slave_0 added [ 39.317725][ T8452] team0: Port device team_slave_1 added [ 39.323040][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.323927][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over thi. [ 39.327301][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.328902][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.329788][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over thi. [ 39.333021][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.340087][ T8452] hsr_slave_0: entered promiscuous mode [ 39.340975][ T8452] hsr_slave_1: entered promiscuous mode [ 39.356662][ T8452] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 39.358010][ T8452] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 39.359246][ T8452] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 39.360503][ T8452] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 39.366505][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.367461][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.368426][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.369376][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.376067][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.378494][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.380388][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.383573][ T8452] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.385513][ T129] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.386515][ T129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.388285][ T129] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.389212][ T129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.414402][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.443108][ T8452] veth0_vlan: entered promiscuous mode [ 39.444506][ T8452] veth1_vlan: entered promiscuous mode [ 39.447867][ T8452] veth0_macvtap: entered promiscuous mode [ 39.448978][ T8452] veth1_macvtap: entered promiscuous mode [ 39.451123][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.453210][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.454699][ T8452] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.455802][ T8452] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.457000][ T8452] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.458110][ T8452] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2024/10/18 11:15:38 executed programs: 0 [ 39.548206][ T4644] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 39.549912][ T4644] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 39.551576][ T4644] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 39.553419][ T4644] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 39.555163][ T4644] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 39.557166][ T4644] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 39.573072][ T9822] chnl_net:caif_netlink_parms(): no params data found [ 39.591292][ T9822] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.592190][ T9822] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.593076][ T9822] bridge_slave_0: entered allmulticast mode [ 39.593932][ T9822] bridge_slave_0: entered promiscuous mode [ 39.594900][ T9822] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.595782][ T9822] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.596731][ T9822] bridge_slave_1: entered allmulticast mode [ 39.597574][ T9822] bridge_slave_1: entered promiscuous mode [ 39.604530][ T9822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.607029][ T9822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.615457][ T9822] team0: Port device team_slave_0 added [ 39.617375][ T9822] team0: Port device team_slave_1 added [ 39.625282][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.626981][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over thi. [ 39.632560][ T9822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.635076][ T9822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.636636][ T9822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over thi. [ 39.642100][ T9822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.650395][ T9822] hsr_slave_0: entered promiscuous mode [ 39.651267][ T9822] hsr_slave_1: entered promiscuous mode [ 39.652069][ T9822] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 39.653013][ T9822] Cannot create hsr debugfs directory [ 39.672662][ T9822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.673919][ T9822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.675129][ T9822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.676538][ T9822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.682809][ T9822] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.683726][ T9822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.684657][ T9822] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.685542][ T9822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.691506][ T9822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.693763][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.694932][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.697301][ T9822] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.699056][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.699992][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.701780][ T92] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.703361][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.727403][ T9822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.732201][ T9822] veth0_vlan: entered promiscuous mode [ 39.733620][ T9822] veth1_vlan: entered promiscuous mode [ 39.736818][ T9822] veth0_macvtap: entered promiscuous mode [ 39.737994][ T9822] veth1_macvtap: entered promiscuous mode [ 39.740016][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.741405][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.742949][ T9822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.744666][ T9822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.746141][ T9822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.747584][ T9822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.749002][ T9822] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.750120][ T9822] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.751235][ T9822] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.752327][ T9822] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.819569][ T129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.820456][ T129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.824077][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.825846][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.832652][T10850] BUG: unable to handle page fault for address: ffff88810dfe5000 [ 39.833678][T10850] #PF: supervisor read access in kernel mode [ 39.834408][T10850] #PF: error_code(0x0000) - not-present page [ 39.835152][T10850] PGD 8201067 P4D 8201067 PUD 8205067 PMD 10de03063 PTE 800ffffef201a060 [ 39.836238][T10850] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 39.837088][T10850] CPU: 7 UID: 0 PID: 10850 Comm: syz.0.15 Not tainted 6.12.0-rc1 #5 [ 39.838346][T10850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [39.839726][T10850] RIP: 0010:memcmp (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/string.c:676) [ 39.840434][T10850] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 20 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 3 All code ======== 0: 06 (bad) 1: 48 39 07 cmp %rax,(%rdi) 4: 75 17 jne 0x1d 6: 48 83 c7 08 add $0x8,%rdi a: 48 83 c6 08 add $0x8,%rsi e: 48 83 ea 08 sub $0x8,%rdx 12: 48 83 fa 07 cmp $0x7,%rdx 16: 77 e6 ja 0xfffffffffffffffe 18: 48 85 d2 test %rdx,%rdx 1b: 74 20 je 0x3d 1d: 31 c9 xor %ecx,%ecx 1f: eb 09 jmp 0x2a 21: 48 83 c1 01 add $0x1,%rcx 25: 48 39 ca cmp %rcx,%rdx 28: 74 0e je 0x38 2a:* 0f b6 04 0f movzbl (%rdi,%rcx,1),%eax <-- trapping instruction 2e: 03 .byte 0x3 Code starting with the faulting instruction =========================================== 0: 0f b6 04 0f movzbl (%rdi,%rcx,1),%eax 4: 03 .byte 0x3 [ 39.843315][T10850] RSP: 0018:ffff888130933990 EFLAGS: 00010246 [ 39.844231][T10850] RAX: 0000000000000000 RBX: ffff88810dfe5000 RCX: 0000000000000000 [ 39.845431][T10850] RDX: 0000000000000004 RSI: ffffffff863584a0 RDI: ffff88810dfe5000 [ 39.846664][T10850] RBP: ffff888130933a50 R08: ffff88812f519fe4 R09: 0000000000000001 [ 39.847863][T10850] R10: 0000000000000012 R11: ffff888109b8be0c R12: 0000000000000000 [ 39.849014][T10850] R13: ffff888130933b0c R14: 0000000000000000 R15: ffff88812f519000 [ 39.850245][T10850] FS: 00007f597daf8640(0000) GS:ffff88823bf80000(0000) knlGS:0000000000000000 [ 39.851574][T10850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.852590][T10850] CR2: ffff88810dfe5000 CR3: 000000012e65a000 CR4: 00000000000006f0 [ 39.853812][T10850] Call Trace: [ 39.854297][T10850] <TASK> [39.854757][T10850] ? show_regs (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:479) [39.855431][T10850] ? __die (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:421 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/dumpstack.c:434) [39.856046][T10850] ? page_fault_oops (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:711) [39.856834][T10850] ? memcmp (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/string.c:676) [39.857474][T10850] ? is_prefetch.constprop.0 (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:171) [39.858304][T10850] ? kernelmode_fixup_or_oops.constprop.0 (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:738) [39.859320][T10850] ? __bad_area_nosemaphore (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:787) [39.860094][T10850] ? bad_area_nosemaphore (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:835) [39.860772][T10850] ? exc_page_fault (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:1198 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:1479 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/mm/fault.c:1539) [39.861412][T10850] ? __sanitizer_cov_trace_const_cmp4 (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/kcov.c:316) [39.862191][T10850] ? __filemap_get_folio (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/filemap.c:1982) [39.862858][T10850] ? asm_exc_page_fault (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/./arch/x86/include/asm/idtentry.h:623) [39.863520][T10850] ? memcmp (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/string.c:676) [39.864040][T10850] ? __build_id_parse.isra.0 (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/buildid.c:309) [39.864755][T10850] ? d_path (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/fs/d_path.c:295) [39.865301][T10850] ? should_failslab (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/failslab.c:46) [39.865892][T10850] build_id_parse_nofault (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/buildid.c:339) [39.866531][T10850] perf_event_mmap (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/events/core.c:8966 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/kernel/events/core.c:9104) [39.867172][T10850] mmap_region (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/mmap.c:1533) [39.867754][T10850] do_mmap (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/mmap.c:497) [39.868279][T10850] vm_mmap_pgoff (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/util.c:588) [39.868902][T10850] ksys_mmap_pgoff (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/mm/mmap.c:542) [39.869500][T10850] __x64_sys_mmap (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/sys_x86_64.c:86 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/sys_x86_64.c:79 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/kernel/sys_x86_64.c:79) [39.870079][T10850] x64_sys_call (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/syscall_64.c:36) [39.870717][T10850] do_syscall_64 (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/common.c:52 /data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/common.c:83) [39.871325][T10850] entry_SYSCALL_64_after_hwframe (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/arch/x86/entry/entry_64.S:130) [ 39.872205][T10850] RIP: 0033:0x7f597cd9c62d [ 39.872840][T10850] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 8 All code ======== 0: 02 b8 ff ff ff ff add -0x1(%rax),%bh 6: c3 ret 7: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) d: f3 0f 1e fa endbr64 11: 48 89 f8 mov %rdi,%rax 14: 48 89 f7 mov %rsi,%rdi 17: 48 89 d6 mov %rdx,%rsi 1a: 48 89 ca mov %rcx,%rdx 1d: 4d 89 c2 mov %r8,%r10 20: 4d 89 c8 mov %r9,%r8 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 28: 0f 05 syscall 2a:* 48 rex.W <-- trapping instruction 2b: 3d .byte 0x3d 2c: 01 f0 add %esi,%eax 2e: 08 .byte 0x8 Code starting with the faulting instruction =========================================== 0: 48 rex.W 1: 3d .byte 0x3d 2: 01 f0 add %esi,%eax 4: 08 .byte 0x8 [ 39.875549][T10850] RSP: 002b:00007f597daf7f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 39.876779][T10850] RAX: ffffffffffffffda RBX: 00007f597cf65f80 RCX: 00007f597cd9c62d [ 39.877906][T10850] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020ffa000 [ 39.879059][T10850] RBP: 00007f597ce264d3 R08: 0000000000000004 R09: 000000005e0a6000 [ 39.880197][T10850] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 39.881296][T10850] R13: 0000000000000000 R14: 00007f597cf65f80 R15: 00007f597dad8000 [ 39.882408][T10850] </TASK> [ 39.882854][T10850] Modules linked in: [ 39.883421][T10850] CR2: ffff88810dfe5000 [ 39.884011][T10850] ---[ end trace 0000000000000000 ]--- [39.884778][T10850] RIP: 0010:memcmp (/data/ghui/docker_data/linux_kernel/upstream/linux_v6.11/lib/string.c:676) [ 39.885442][T10850] Code: 06 48 39 07 75 17 48 83 c7 08 48 83 c6 08 48 83 ea 08 48 83 fa 07 77 e6 48 85 d2 74 20 31 c9 eb 09 48 83 c1 01 48 39 ca 74 0e <0f> b6 04 0f 3 All code ======== 0: 06 (bad) 1: 48 39 07 cmp %rax,(%rdi) 4: 75 17 jne 0x1d 6: 48 83 c7 08 add $0x8,%rdi a: 48 83 c6 08 add $0x8,%rsi e: 48 83 ea 08 sub $0x8,%rdx 12: 48 83 fa 07 cmp $0x7,%rdx 16: 77 e6 ja 0xfffffffffffffffe 18: 48 85 d2 test %rdx,%rdx 1b: 74 20 je 0x3d 1d: 31 c9 xor %ecx,%ecx 1f: eb 09 jmp 0x2a 21: 48 83 c1 01 add $0x1,%rcx 25: 48 39 ca cmp %rcx,%rdx 28: 74 0e je 0x38 2a:* 0f b6 04 0f movzbl (%rdi,%rcx,1),%eax <-- trapping instruction 2e: 03 .byte 0x3 Code starting with the faulting instruction =========================================== 0: 0f b6 04 0f movzbl (%rdi,%rcx,1),%eax 4: 03 .byte 0x3 [ 39.888119][T10850] RSP: 0018:ffff888130933990 EFLAGS: 00010246 [ 39.888991][T10850] RAX: 0000000000000000 RBX: ffff88810dfe5000 RCX: 0000000000000000 [ 39.890114][T10850] RDX: 0000000000000004 RSI: ffffffff863584a0 RDI: ffff88810dfe5000 [ 39.891243][T10850] RBP: ffff888130933a50 R08: ffff88812f519fe4 R09: 0000000000000001 [ 39.892382][T10850] R10: 0000000000000012 R11: ffff888109b8be0c R12: 0000000000000000 [ 39.893467][T10850] R13: ffff888130933b0c R14: 0000000000000000 R15: ffff88812f519000 [ 39.894608][T10850] FS: 00007f597daf8640(0000) GS:ffff88823bf80000(0000) knlGS:0000000000000000 [ 39.895880][T10850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.896821][T10850] CR2: ffff88810dfe5000 CR3: 000000012e65a000 CR4: 00000000000006f0 [ 39.897961][T10850] Kernel panic - not syncing: Fatal exception [ 39.899085][T10850] Kernel Offset: disabled [ 39.899598][T10850] Rebooting in 86400 seconds..
