Bug 208929

Summary: NULL pointer dereference in extent_io_tree_panic() when mounting crafted btrfs image
Product: File System Reporter: Insu Yun (insu)
Component: btrfsAssignee: BTRFS virtual assignee (fs_btrfs)
Status: NEW ---    
Severity: normal CC: thiemel
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.8.1 Subsystem:
Regression: No Bisected commit-id:
Attachments: The crafted image which causes kernel panic

Description Insu Yun 2020-08-17 02:17:23 UTC
Created attachment 290941 [details]
The crafted image which causes kernel panic

- Overview
NULL pointer deference happen when mounting the crafted image.

- Reproduce
Needs kernel 5.8.1 (also successful on 5.4)
$ mkdir mnt
$ tar -xzvf poc.tar.gz
$ sudo mount -t btrfs poc.img mnt

- Reason
In extent_io_tree_panic, inode could be NULL.

static void extent_io_tree_panic(struct extent_io_tree *tree, int err)
{
  struct inode *inode = tree->private_data;

  btrfs_panic(btrfs_sb(inode->i_sb), err,
      "locking error: extent tree was modified by another thread while locked");
}

- Kernel dump
[ 1385.924421] BTRFS: device fsid a62e00e8-e94e-4200-8217-12444de93c2e devid 1 transid 12 /dev/loop6 scanned by mount (29465)
[ 1385.933105] BTRFS info (device loop6): disk space caching is enabled
[ 1385.933128] BTRFS info (device loop6): has skinny extents
[ 1385.965984] BTRFS critical (device loop6): corrupt leaf: root=3 block=20975616 slot=0, unexpected item end, have 2494 expect 3995
[ 1385.966777] BTRFS error (device loop6): block=20975616 read time tree block corruption detected
[ 1385.967207] BTRFS info (device loop6): read error corrected: ino 0 off 20975616 (dev /dev/loop6 sector 40968)
[ 1385.967410] BTRFS critical (device loop6): corrupt leaf: root=1 block=29405184 slot=4, unexpected item end, have 2105 expect 2661
[ 1385.977912] BTRFS error (device loop6): block=29405184 read time tree block corruption detected
[ 1385.983752] BTRFS info (device loop6): read error corrected: ino 0 off 29405184 (dev /dev/loop6 sector 73816)
[ 1385.983875] BTRFS warning (device loop6): bad eb member start: ptr 0x7c000eb0 start 29409280 member offset 2080378560 size 8
[ 1385.984208] general protection fault, probably for non-canonical address 0xffe928ae987c0ec0: 0000 [#1] SMP PTI
[ 1385.984966] CPU: 0 PID: 81 Comm: kworker/u256:1 Not tainted 5.8.1-050801-generic #202008111432
[ 1385.985341] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019
[ 1385.988241] Workqueue: btrfs-endio-meta btrfs_work_helper [btrfs]
[ 1385.988847] RIP: 0010:btrfs_get_64+0xf6/0x100 [btrfs]
[ 1385.989264] Code: 30 40 88 3c 31 44 39 e2 72 ee 48 8b 45 d0 48 8b 4d d8 65 48 2b 0c 25 28 00 00 00 75 12 48 83 c4 10 5b 41 5c 41 5d 41 5e 5d c3 <48> 8b 03 eb df e8 c0 41 7b e5 0f 1f 44 00 00 55 48 89 e5 41 57 4c
[ 1385.990541] RSP: 0018:ffffad3c40593b60 EFLAGS: 00010283
[ 1385.990975] RAX: 0000000000000ec8 RBX: ffe928ae987c0ec0 RCX: ffff8c707be18cd8
[ 1385.991427] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8c707be18cd0
[ 1385.991884] RBP: ffffad3c40593b90 R08: 0000000000000004 R09: 00000000000006e9
[ 1385.992330] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000ec0
[ 1385.992789] R13: ffff8c707adbf5a0 R14: 000000000007c000 R15: ffff8c707adbf5a0
[ 1385.993234] FS:  0000000000000000(0000) GS:ffff8c707be00000(0000) knlGS:0000000000000000
[ 1385.993699] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1385.994244] CR2: 0000560b0f3da5e8 CR3: 00000000760be004 CR4: 00000000003606f0
[ 1385.994775] Call Trace:
[ 1385.995326]  check_extent_item+0xb7/0x410 [btrfs]
[ 1385.995772]  check_leaf_item+0x114/0x230 [btrfs]
[ 1385.996214]  check_leaf+0x234/0x330 [btrfs]
[ 1385.996647]  btrfs_check_leaf_full+0x13/0x20 [btrfs]
[ 1385.997236]  btree_readpage_end_io_hook+0x249/0x300 [btrfs]
[ 1385.998037]  ? mempool_free_slab+0x17/0x20
[ 1385.998578]  end_bio_extent_readpage+0x1de/0x5d0 [btrfs]
[ 1385.999223]  ? __switch_to_asm+0x42/0x70
[ 1385.999947]  bio_endio+0xe6/0x150
[ 1386.000510]  end_workqueue_fn+0x2d/0x50 [btrfs]
[ 1386.001070]  btrfs_work_helper+0xd3/0x1b0 [btrfs]
[ 1386.001563]  process_one_work+0x1e8/0x3b0
[ 1386.002158]  worker_thread+0x246/0x370
[ 1386.002615]  kthread+0x12f/0x150
[ 1386.003018]  ? process_one_work+0x3b0/0x3b0
[ 1386.003387]  ? __kthread_bind_mask+0x70/0x70
[ 1386.003740]  ret_from_fork+0x22/0x30
[ 1386.004082] Modules linked in: vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua intel_rapl_msr intel_rapl_common rapl vmw_balloon input_leds joydev serio_raw uvcvideo btusb snd_ens1371 btrtl videobuf2_vmalloc btbcm snd_ac97_codec btintel videobuf2_memops videobuf2_v4l2 gameport videobuf2_common snd_rawmidi bluetooth snd_seq_device ac97_bus videodev snd_pcm ecdh_generic mc ecc snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd vmwgfx cryptd glue_helper ttm drm_kms_helper syscopyarea psmouse sysfillrect sysimgblt fb_sys_fops cec mptspi mptscsih rc_core mptbase ahci libahci drm e1000 scsi_transport_spi pata_acpi i2c_piix4 floppy
[ 1386.009219] ---[ end trace bb786c4b1412cb47 ]---
[ 1386.009626] RIP: 0010:btrfs_get_64+0xf6/0x100 [btrfs]
[ 1386.010006] Code: 30 40 88 3c 31 44 39 e2 72 ee 48 8b 45 d0 48 8b 4d d8 65 48 2b 0c 25 28 00 00 00 75 12 48 83 c4 10 5b 41 5c 41 5d 41 5e 5d c3 <48> 8b 03 eb df e8 c0 41 7b e5 0f 1f 44 00 00 55 48 89 e5 41 57 4c
[ 1386.011171] RSP: 0018:ffffad3c40593b60 EFLAGS: 00010283
[ 1386.011563] RAX: 0000000000000ec8 RBX: ffe928ae987c0ec0 RCX: ffff8c707be18cd8
[ 1386.012108] RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8c707be18cd0
[ 1386.012628] RBP: ffffad3c40593b90 R08: 0000000000000004 R09: 00000000000006e9
[ 1386.013098] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000ec0
[ 1386.013644] R13: ffff8c707adbf5a0 R14: 000000000007c000 R15: ffff8c707adbf5a0
[ 1386.014216] FS:  0000000000000000(0000) GS:ffff8c707be00000(0000) knlGS:0000000000000000
[ 1386.014638] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1386.015259] CR2: 0000560b0f3da5e8 CR3: 00000000760be004 CR4: 00000000003606f0


Reported by Insu Yun at SSLab@Gatech
Comment 1 Tomas Thiemel 2020-12-21 21:25:37 UTC
Kernel 5.9.15 / 5.10.0
- download  attachment 290941 [details] above
$ mkdir mnt
$ tar -xzvf poc.tar.gz
$ sudo mount -t btrfs poc.img mnt

[32387.598234] BTRFS: device fsid a62e00e8-e94e-4200-8217-12444de93c2e devid 1 transid 12 /dev/loop0 scanned by mount (29012)
[32387.598690] BTRFS info (device loop0): disk space caching is enabled
[32387.598692] BTRFS info (device loop0): has skinny extents
[32387.600547] BTRFS error (device <unknown>): insert state: end < start 29360127 37748736
[32387.600557] ------------[ cut here ]------------
[32387.600562] WARNING: CPU: 5 PID: 29012 at fs/btrfs/extent_io.c:557 insert_state.cold+0x16/0x3f
[32387.600563] Modules linked in: xt_state tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables fuse nfsd auth_rpcgss oid_registry lockd grace sunrpc f2fs nls_iso8859_1 vfat fat dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx binfmt_misc pm80xx dummy x86_pkg_temp_thermal at24 kvm_intel regmap_i2c f71882fg iTCO_wdt iTCO_vendor_support kvm coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel crypto_simd xhci_pci ehci_pci cryptd xhci_hcd ehci_hcd glue_helper i2c_i801 r8169 i2c_smbus video realtek i2c_core usbcore mei_me fan mdio_devres backlight thermal libphy evdev mei lpc_ich mfd_core usb_common
[32387.600593] CPU: 5 PID: 29012 Comm: mount Tainted: G       A          5.9.15-xeon #2
[32387.600594] Hardware name: MSI MS-7759/Z77MA-G45 (MS-7759), BIOS V1.9 03/01/2013
[32387.600596] RIP: 0010:insert_state.cold+0x16/0x3f
[32387.600598] Code: 73 4f 01 e8 9d 3d 88 ff 48 c7 c7 c0 72 e1 82 e9 d1 d4 b5 ff 48 8b 7f 08 48 89 d1 48 c7 c6 20 22 06 82 48 89 da e8 bb aa ff ff <0f> 0b e9 f9 fa aa ff 49 8b 7c 24 08 4d 89 e8 49 89 d9 48 c7 c6 48
[32387.600600] RSP: 0018:ffffc900029a7960 EFLAGS: 00010292
[32387.600601] RAX: 0000000000000000 RBX: 0000000001bfffff RCX: 0000000000000000
[32387.600602] RDX: 0000000000000000 RSI: ffff8887fefd7e10 RDI: ffff8887fefd7e10
[32387.600603] RBP: ffff888177450d80 R08: ffff8887fefd7e10 R09: 0000000000000000
[32387.600604] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8887a12fd620
[32387.600605] R13: 0000000002400000 R14: 0000000000000000 R15: 0000000000000000
[32387.600607] FS:  00007f3db8748740(0000) GS:ffff8887fee00000(0000) knlGS:0000000000000000
[32387.600608] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[32387.600609] CR2: 00007ffdf8c949d8 CR3: 000000016aaf9004 CR4: 00000000001706e0
[32387.600609] Call Trace:
[32387.600616]  __set_extent_bit+0x2e5/0x5e0
[32387.600619]  set_extent_bits_nowait+0x14/0x20
[32387.600620]  add_extent_mapping+0x24d/0x300
[32387.600623]  read_one_chunk+0x318/0x440
[32387.600624]  btrfs_read_chunk_tree+0x62c/0x800
[32387.600626]  open_ctree+0xabb/0x179b
[32387.600629]  ? super_setup_bdi_name+0x74/0xe0
[32387.600631]  btrfs_mount_root.cold+0x10/0xba
[32387.600634]  legacy_get_tree+0x28/0x60
[32387.600636]  vfs_get_tree+0x18/0xa0
[32387.600637]  fc_mount+0x9/0x40
[32387.600639]  vfs_kern_mount.part.0+0x6c/0x80
[32387.600641]  btrfs_mount+0x136/0x3e0
[32387.600643]  ? legacy_get_tree+0x28/0x60
[32387.600644]  legacy_get_tree+0x28/0x60
[32387.600645]  vfs_get_tree+0x18/0xa0
[32387.600647]  ? ns_capable_common+0x29/0x60
[32387.600649]  path_mount+0x6c3/0xa20
[32387.600650]  do_mount+0x70/0xa0
[32387.600652]  __x64_sys_mount+0x89/0xc0
[32387.600655]  do_syscall_64+0x2d/0x80
[32387.600657]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[32387.600658] RIP: 0033:0x7f3db88956ba
[32387.600660] Code: 48 8b 0d b1 b7 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7e b7 0b 00 f7 d8 64 89 01 48
[32387.600661] RSP: 002b:00007fff6786e998 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[32387.600662] RAX: ffffffffffffffda RBX: 00007f3db89b4fa4 RCX: 00007f3db88956ba
[32387.600662] RDX: 0000558fb08f5670 RSI: 0000558fb08f7390 RDI: 0000558fb08fc700
[32387.600663] RBP: 0000558fb08f5440 R08: 0000000000000000 R09: 0000000000000800
[32387.600664] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[32387.600664] R13: 0000558fb08fc700 R14: 0000000000000000 R15: 0000558fb08f5670
[32387.600665] ---[ end trace 610f89c67d5762c3 ]---
[32387.600667] BTRFS error (device <unknown>): found node 12582912 29360127 on insert of 37748736 29360127
[32387.600671] BUG: kernel NULL pointer dereference, address: 0000000000000028
[32387.608476] #PF: supervisor read access in kernel mode
[32387.608477] #PF: error_code(0x0000) - not-present page
[32387.608478] PGD 0 P4D 0
[32387.608481] Oops: 0000 [#1] SMP
[32387.608484] CPU: 5 PID: 29012 Comm: mount Tainted: G       AW         5.9.15-xeon #2
[32387.608486] Hardware name: MSI MS-7759/Z77MA-G45 (MS-7759), BIOS V1.9 03/01/2013
[32387.647823] RIP: 0010:extent_io_tree_panic.isra.0+0x0/0x27
[32387.647825] Code: f0 20 06 82 48 8b b8 f0 01 00 00 e8 3b ab ff ff 48 8b 53 20 4c 8b 44 24 08 e9 e8 d0 aa ff 48 8b 3d c6 6e 4f 01 e9 e1 3d 88 ff <48> 8b 47 28 89 f1 ba a9 02 00 00 49 c7 c0 d8 21 06 82 48 c7 c6 90
[32387.674834] RSP: 0018:ffffc900029a79a0 EFLAGS: 00010282
[32387.674836] RAX: 00000000ffffffef RBX: 0000000001bfffff RCX: 0000000000000000
[32387.674836] RDX: ffffc900029a79ec RSI: 00000000ffffffef RDI: 0000000000000000
[32387.674837] RBP: ffff8887a12fd620 R08: ffff8887fefd7e10 R09: 0000000000000000
[32387.674837] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000002400000
[32387.674838] R13: ffff888177450e10 R14: 0000000000000000 R15: ffff888177450d80
[32387.674840] FS:  00007f3db8748740(0000) GS:ffff8887fee00000(0000) knlGS:0000000000000000
[32387.733431] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[32387.733432] CR2: 0000000000000028 CR3: 000000016aaf9004 CR4: 00000000001706e0
[32387.733434] Call Trace:
[32387.752882]  __set_extent_bit.cold+0x16/0x21
[32387.752886]  set_extent_bits_nowait+0x14/0x20
[32387.762640]  add_extent_mapping+0x24d/0x300
[32387.762642]  read_one_chunk+0x318/0x440
[32387.762644]  btrfs_read_chunk_tree+0x62c/0x800
[32387.762646]  open_ctree+0xabb/0x179b
[32387.778702]  ? super_setup_bdi_name+0x74/0xe0
[32387.778705]  btrfs_mount_root.cold+0x10/0xba
[32387.787341]  legacy_get_tree+0x28/0x60
[32387.787343]  vfs_get_tree+0x18/0xa0
[32387.794589]  fc_mount+0x9/0x40
[32387.794591]  vfs_kern_mount.part.0+0x6c/0x80
[32387.801922]  btrfs_mount+0x136/0x3e0
[32387.801924]  ? legacy_get_tree+0x28/0x60
[32387.810026]  legacy_get_tree+0x28/0x60
[32387.810028]  vfs_get_tree+0x18/0xa0
[32387.810030]  ? ns_capable_common+0x29/0x60
[32387.810032]  path_mount+0x6c3/0xa20
[32387.810034]  do_mount+0x70/0xa0
[32387.810036]  __x64_sys_mount+0x89/0xc0
[32387.810040]  do_syscall_64+0x2d/0x80
[32387.810042]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[32387.810045] RIP: 0033:0x7f3db88956ba
[32387.849469] Code: 48 8b 0d b1 b7 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7e b7 0b 00 f7 d8 64 89 01 48
[32387.849470] RSP: 002b:00007fff6786e998 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[32387.849472] RAX: ffffffffffffffda RBX: 00007f3db89b4fa4 RCX: 00007f3db88956ba
[32387.849472] RDX: 0000558fb08f5670 RSI: 0000558fb08f7390 RDI: 0000558fb08fc700
[32387.849473] RBP: 0000558fb08f5440 R08: 0000000000000000 R09: 0000000000000800
[32387.849473] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[32387.849474] R13: 0000558fb08fc700 R14: 0000000000000000 R15: 0000558fb08f5670
[32387.849476] Modules linked in: xt_state tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables fuse nfsd auth_rpcgss oid_registry lockd grace sunrpc f2fs nls_iso8859_1 vfat fat dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx binfmt_misc pm80xx dummy x86_pkg_temp_thermal at24 kvm_intel regmap_i2c f71882fg iTCO_wdt iTCO_vendor_support kvm coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel crypto_simd xhci_pci ehci_pci cryptd xhci_hcd ehci_hcd glue_helper i2c_i801 r8169 i2c_smbus video realtek i2c_core usbcore mei_me fan mdio_devres backlight thermal libphy evdev mei lpc_ich mfd_core usb_common
[32387.998002] CR2: 0000000000000028
[32387.998004] ---[ end trace 610f89c67d5762c4 ]---
[32387.998008] RIP: 0010:extent_io_tree_panic.isra.0+0x0/0x27
[32387.998011] Code: f0 20 06 82 48 8b b8 f0 01 00 00 e8 3b ab ff ff 48 8b 53 20 4c 8b 44 24 08 e9 e8 d0 aa ff 48 8b 3d c6 6e 4f 01 e9 e1 3d 88 ff <48> 8b 47 28 89 f1 ba a9 02 00 00 49 c7 c0 d8 21 06 82 48 c7 c6 90
[32388.034202] RSP: 0018:ffffc900029a79a0 EFLAGS: 00010282
[32388.034204] RAX: 00000000ffffffef RBX: 0000000001bfffff RCX: 0000000000000000
[32388.034205] RDX: ffffc900029a79ec RSI: 00000000ffffffef RDI: 0000000000000000
[32388.034205] RBP: ffff8887a12fd620 R08: ffff8887fefd7e10 R09: 0000000000000000
[32388.034206] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000002400000
[32388.034208] R13: ffff888177450e10 R14: 0000000000000000 R15: ffff888177450d80
[32388.080052] FS:  00007f3db8748740(0000) GS:ffff8887fee00000(0000) knlGS:0000000000000000
[32388.080053] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[32388.080055] CR2: 0000000000000028 CR3: 000000016aaf9004 CR4: 00000000001706e0
[32388.103356] note: mount[29012] exited with preempt_count 2
[32388.103357] BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49
[32388.103358] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 29012, name: mount
[32388.103358] INFO: lockdep is turned off.
[32388.103360] CPU: 5 PID: 29012 Comm: mount Tainted: G      DAW         5.9.15-xeon #2
[32388.103361] Hardware name: MSI MS-7759/Z77MA-G45 (MS-7759), BIOS V1.9 03/01/2013
[32388.103361] Call Trace:
[32388.103368]  dump_stack+0x57/0x6a
[32388.156946]  ___might_sleep.cold+0x95/0xa2
[32388.156950]  exit_signals+0x2b/0x220
[32388.166300]  do_exit+0xcb/0xb20
[32388.166303]  ? __x64_sys_mount+0x89/0xc0
[32388.175027]  rewind_stack_do_exit+0x17/0x20
[32388.175029] RIP: 0033:0x7f3db88956ba
[32388.185215] Code: 48 8b 0d b1 b7 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7e b7 0b 00 f7 d8 64 89 01 48
[32388.185218] RSP: 002b:00007fff6786e998 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[32388.214288] RAX: ffffffffffffffda RBX: 00007f3db89b4fa4 RCX: 00007f3db88956ba
[32388.214289] RDX: 0000558fb08f5670 RSI: 0000558fb08f7390 RDI: 0000558fb08fc700
[32388.214290] RBP: 0000558fb08f5440 R08: 0000000000000000 R09: 0000000000000800
[32388.214290] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[32388.214291] R13: 0000558fb08fc700 R14: 0000000000000000 R15: 0000558fb08f5670