From 8aee4b000d4fdf30cab167d5cf78b413af155098 Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Mon, 2 Jul 2018 17:54:36 +0200
Subject: [PATCH] btrfs-progs: tests: add fuzzed image that triggers crash in
 reloc setup on mount

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: David Sterba <dsterba@suse.com>
---
 .../bko-199833-reloc-recovery-crash.raw.xz    | Bin 0 -> 23428 bytes
 .../bko-199833-reloc-recovery-crash.txt       | 113 ++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.raw.xz
 create mode 100644 tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.txt

diff --git a/tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.raw.xz b/tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.raw.xz
new file mode 100644
index 0000000000000000000000000000000000000000..7d2910414e7d70086440b4ed98160786c2a15b4e
GIT binary patch
literal 23428
zcmeHPXH-;cmaRgv<SaQBIg20}M1n{bD3Tx<K_~<)K#(9HAUTUbAxM%W5*0y^oHGI<
zNhB5}nIcxd?w*-7-SeDo-uUKquXX>`zgz3vz4tkL-}8N^lD<$=5D0r|yh;@d#0F*r
zfk0#f&|VD275lpd2;_E(!Q|Fr)a2Ev?_a&6SC_!ElpBV3h+1S09uaPnmIZ58JnD*!
z)Dq4mo(#zU8pT0wFlR#7<`uaBN7p0;5Z!H>@zk(2&owG{Ei|#YL{mncnv@P{QW_|j
z?7|++RuNd0y3UpQVsvWkLP3YLe8((R1Y<g`b(WM*WM8P`y+G~p16P9bW0TaYDa}UW
zIAwtd4?a+#KR7f-FQ_m@bHZ~2x$!~`F=5<w#EYbsRDlyYh#D)#X&+MG<ae#kbzM~o
z@SQPc(u+^S3$VoVaq+;5x1c38IfGOj2sqr9*%-wga<RnazBwKfpw~?!|8`LZm(xux
zPOrX&aZfE}FxduDn`0fO@Q5n6xSpy9jOT9K?cTlNf1r!Bx=p>No76HX=7dEPD>!aO
zyR3sQAzZSjs)@cqPK&U%&S;z|I_z7lfNLG3P%zmiMUG`1f%hsrMkVN#*pn?1^cvf#
zZxWw=ULDK*mdyL=hE)96lY|W(X%Zp1`n9e^hWZ-=ek)6b(ppLsy&vVql5S$coEGl3
ziDX`ynBdYu8CyoB8*6z!@sJ$GSWlWfe0OWZja6MO%r(NcA^S4-*3kB7gX>B?TjMP;
zt~-+wVUOS+x^tXD(O49@DZz3Z%`U22M6~9k&+#4~6z{`}?#uVIN*(rIDjhT-VDwJF
zuVYV-dhuK;)+|DFn)DzipfxjhI!;_*(9?#wkfFIK?SzN_ee*<FP^&n@<THd!XGs66
zOZwY*(w8XeMB>#~#-`zuQTMs}Prj)2cI%cFDf$W4Pqm94<aBTAM0OBx-f%hE_|ChZ
zluC0y^4hI$&K2oXmc-Vgh258Xj?*pDL-&J1pME^(6&&tvrL$wKSE)2bj*1_A+3E|=
zm%wu%)2W3Ku>=KnUb#VdWJ}077&APw_uXfe5odS|3zYM=of~b_&Jq}n1Yb}LY|!)d
zl1uWpL2uX4oID)rB@r*PC@WgO`jj5Ad|k$<j%m4xZiotpS}xK7<EdfZdhboba&~7w
z9ySUwlc(Ghu3!#|9n>y|@Fcmj$i;Hb!?FrEERj4tp+m`Ok&pP|x4FFzE;Zq%X{DV`
zl#j)cwsIMu_u{XJ;^e(Xxi!PI)QE=S$zPRPF}>@r;HEP-30t+-hc>Q0C^1?5W`=`*
z*fEvfB2S*lea2NHI!OqH7gn-Vomlxj-$$f1b=@_yKs>mw8x%5`4qcsGf>;}b%0cqI
zOw2j@Z|yz5oZtjibDqwA+DNRQlbQ)jY4pw?)}%V~?C*IgvfI27E@@FXNd7f&jAC_6
zsQY1qsdP54tArSR@I^QBhwRoXZTOnLnN@G%Xv8=1teCqyCxXTvbX6tmXT2|pk*jz{
z>X+3;-ymxj@p+Cy^K2`?eKx0sC-Jk6OnoEN#nXdVKAm;FQ#;dqX4#45rCn03p>yAX
zaz-QT<5FS*uSx~Ip*ON>2Fi0^2eLHE#L|LxO8T8k!`ND>oX5sv%0#|65pFH-Ev5=u
z;X|jHrMu;r!G3(=wzE!7g+8`&^6SFm6CU$W^VIi@fqCunNj&ym{T0g)jzTo<)5*Pn
zabgAqe|Yg@DmK@lG2b0|Dg*2PR?*UvV|{+lK4vpk<-;!qa%f&#0-3-bK9|{Qna$P)
zA<I{!@|yO_ag-z&vP87Iw+Z@U-wEd}d<2FJECAZzA&$ITvGY~f^VJsow6V-jlpawV
zE$aI7U;J<Qo0w!CRnnppznSB75h0_d*wCHFK}~k&$J|eNbnvXi76JpqiUG-QKE%Q1
z&G5{Ad#~;AXkA*|0r%;^wK4t?!GiIeItt?@roy-Mph^3a>%lYz^9Z4bZnF>y3GGqm
zn@%I`+g}nfj(5@8gUyKkf%Y=&&X8q@kydIkwV}qx4@QniX1dr5T%}*VUw4%bU|yOh
z8#^oJ;W%@=s}YTA^+DBE8~dps14(14y6a&{D@poaR@Csg3BKF)Ys(#yMi+E@OYg-e
zzK~bdRST!>h7Lhn=}eatQAZN!{%ATM_Xs6%mDsCuO>C%xj8E`sii*=2|GRHwPl=N_
zWFXZf%7izZJHH7#BWQf~F6yi4PLyUd^US($&2eNV^U-E^e&6a?)>NZcXGU5*e~9)N
zXNwNc=e1Xsa8>hBo1kS>#psm0BM$Z|n~${QPHygfqnez&$aTgi<qGT1*mR~T=;>Rf
z>+C$1?`ghBS%tv$lY;C}gi`u@_?n4x#t9Zb1X=NB%*cH7d=|61!TQKqZPkiAO`lBu
zS>W$4N<RT0e*iXHV5+b`vzQ-*^e`v@$opUN_9NZUBUN|<6zo^}0Z_1WHc+5oK*7#2
z^!~*D0%+I|W?F!fKb4Z-z`LN<A;Ip__PcBE0$?nkVDC;NcRpPOuQp0~gtUfyfLw=)
z)(E&C%h-1B7m#DQZ7Nx6&WGk=J&yILW!S!`H)3ISLI@}G-nf^PQ7RIMF9Wuyv(RJt
zddrY#|8|YWezO;I5l7J{3sOB<$8V*BlvZ+m<tzJlknG0tWaHy~LZ`Ay6Nf1_U+=-~
zvL&mmMrTkAn&F;r&26*LWo#|9IJz7;<AQW7ICkBK7JkLj3{I!iHV1qh7x74aVGnv)
zK~GHS2_IHZ^bRQ_NtevDXtWm+CzBFd*VT;iy6YT-ZtLYN*N=IB+XeeiXa1iY?Rm(3
znA2?V5bpCkSh^p<|2+O2Pabz3n2&(@=<gz%^8oxm0)`)<5$ImOse3&G8-j+Ms0x)l
zACs0ldo1bC^<?asH1~ErKXz#HBY}$Y7rU)>@v2C~mlWFw?%{-!ii?S$D-suRSf9gu
zm<i>n1JhppgG}g0uk1Vm^5=l>C!*!|ee?q#Gd)1<0JQ_u?hj8_|1&)MYkSzhp90Mq
zRZWGRA#p@|X`ScmX)EJy3bkupYaH%4q{X(EgwnNMh6URaoK1yJ><lebdGn6v!66*1
zd&F*3jOx<9aGb^b{dwhav2~`U`S|6tSIwz!-@%%V)a<XUM@lXXEbWn@AKmoCpfto6
z#ZFWjR5*th$y1Wq^!p6hYUPM@0zpw-?m4qz?aTS(OGM!+dAOG&N6BcmZ782)5F$Q*
zrwt*58Ftty-f?_D1<HkfK_RzkFrr<`#kxZt%+AH`4*0&S_ujGzTse6CVeh(+_sZL)
z-8fXXJE(s~r3E@s!=#{&Cor0VPuP^x_`0QTFH^y=M$KbwH+b6=Eyc<j<z<tZ7#Ox1
zw#oS^+L5fqvtxm6K=XbU!?aHU{D!OJBjGlzaLE;}{kW)s@0M{1dCW;C#e6PZ$n6u_
zst^hO@Wif%1NTuX@%4C~(~jObyp<Sy!DO{Xs?6*DyWAl%v0HPJWots<!KhNC-jayR
zgTWW(t7cfF{U9+r%IR*xjDG1IlK#T!%NiX?Pvj5wL{abv&Jz06ViUu6-|80Pi<QgQ
z;N=yj({|%=(7-u5>Mc6XS*z(h#8y47-(ax$^}3HZ9&eJfs|#Q9Z{gA(5>ZU@G<a4t
zKu+44LeU+nL5AAa{H623kDlGXo`d_H<AWg<<Q@kDm^gw?Ps6K(ho7SMt3@cUESY9Y
z%Kj=sW@}vP*=s8v-ECr?Hh1^_h59AN+DBr#7O8i@(x>K1C}*c@E4Z%ZZi#CH+Q-fX
z628c`<(-A}EinsJle%|-Hi0%ISa@t&CITAxj0O4qwwb1juS0l~Nlc<?=%mW@Rp;n?
zisK?Lb~_WyGZ!jiUgC%~X{}%hT*A}uRy^_($Dcl`2Jex%R_iS87R_4M2{M8vzpynv
zX5X9-wfR)dX{~Q?jNO08e(83Nqu^JFFgC`dow8xb5k9_R+7$I&<rtr;hGRyod^ml*
zy}V_~V3st?#(fR8YOOWX`sBIff{Wv)`gT($Rc(G>lh0q+iroE8t=|dmixM4b;_*;y
zqF(sw3_su{WE;ajv@gl9@u}gOyuovP)2Is1F;Qk^F;Z&jE#(d$qrY)fi@@tbkxW@@
z@obUR{N=d=YO{HF>X$Eln@AWKd4-~&gkuMGG_wO>E9FH#JfQ@L?Q2S+f*8oF_-y(x
z$)m;_Uuutsl<Cs>rC%Z_O5N_G+(HaG)3iraTMa1_fB9?`kUHb++q_vFp_4m1+^L@P
z6)b@HR>?%H_|)g}6WfhWJCd!T4#Q{B#g!+@-t+7}(j#i>8?a)GcF&yZn3+(HQi@AZ
z)ZoY}NKl=Y1wqPlmp{_MT;IN4_%rmb9SZ4u^d4#TV11@@K!D!MpakXH{M865J0bcd
zKgch_?%_>rtEqmKDV02*_67H#2qPMj>)}t0Vh^WLFXj_BEiVnQDa@piN?01-#KM0t
zm}B-N*xKxAzm#~GXpJ&U=e#&3v9|8pYv^c`#yyfv3n!(7cZM`NQXusi%)3YC<ia@N
zBi_bH0;6!-n_QzGA#G6Z=B~007SycEcdIDln&u6hs`1Jo#C&tqJF6~Zv}rUVhZeHw
z%5K-d*}#$5*(7*f?lNN6C52;4HgzTa6OW^r$l+2JuQAP<Ny?b8HtIcJktzp6FM$q7
zZgVSnQDov-6WWjYV_QDu>vTV@OAzm%424m-tvdWW($fA<HnZ}}k_p3fXhIQvCMJze
zl-P=Vno8>W3=Rb9DLPEi&5PkzN33QV#wnt@=-NE0!!O`PwM-l;tV6mhDT%<1Ot1j_
z;;6dK4!2%RgX4|F%9>}EFV&SUUg3N~D+>ix-0f&bP?v(7hz~Vg%@?4fBiUj#>bHj{
zzFC#0iA26(aJOuT<R&38^>jS3IZmx+XIX_RFHKR>pGsn0d!3c@AHVzFp2t|GI>KKp
z7B}bQtP6AU-7sj=)K5=hu(?J~_vG74T_)59Pmyt}eS4bjm!Y%n_Ub8qp6m}o8!s#s
z-pZg3Y4ho$LLRxGzUlWJ*pbbjtsQ<qzjjoouELNrHsTYk^(3w}GmU*J-B7!bt~<Pj
zAm3KC8RhHNBq!1wx*r}~!n&E^k4;3;FN{{n@$ofg847{R`dq8WauFLa7t_zVl_}Ix
za<?yHBDhP?j}<ce<&z(Xz(c;2n~jfBbQ@JfUNgv#zH$}Jv9!-(ld^XDT#@94D|6Gm
z1@W9T;gbSEK3Rs_g6ymW;w*}_?8}dFsE^@LXLrUC-Qf#p(!9$->WQRNv%bQxfjmt7
z^VplZ3-@(zkK0^M7>T#ih-YPTFy}2%aJQ;$R%S2OUI_(Zp^r1x!q%{iB-`imcq@u(
z;w1#}quPcU;oOMD0lv8^QBeoV9kS2n6wmr?Vj=eawDhb)S+^<`=H3^ysRZ>3f)qI&
zPnaedwhtlHN!Xc|f+3c8p10OOu@a3m)QHj?F4J=Oq%3b0cX{EgJ83K~X+6nxgY^#_
zxwoaBM)L{nacC^Mr`CloT!Xur!M0a+K}M`bmngw-q88sY<V2erTjj2llD2zDwC39Y
zJ5K?aY~aUMuY{V9i)`^<@$A;3eOc@{csud%8GJ?*B80BCrBiY4Du*XW&^QY1mZRRB
zNu3Nb#Bx!nQ_=fRmpNag(AlY)qi|hc9^Z6mKh0n#mUH;T5%~X?wEP1j`ukdozkFo>
z6+`7HYq<kh4#08%mg8T{asVIE|HqEdugKS5mT!Ov?>9ww0Kx!-{mmlePs~XHN&=Mp
zl~r2+VdvaU1_}lg?AI5je>4pJF*XvI!~VDB_8+~gzjjGWa6D+;2`xE7aWqu+hNn9V
z)gME0dUfUkZYT)NZbO~uQ-k#4LrHgpSzgtU$PW!ki<8(Re$fODkg$vYNKS%L3W8hJ
zGT=^qLKuS95^Y)sXXiK(*OU^=)><MBp`LPs9TiUaM*-a;S}$|4Eo9)SN4>^lDr!bB
zYWsQZHMwURH2lejYDe13`U?rTMwhZwvKEFHRrhaghI<K!eEz6=E1o?S_kv{?OopmS
zOfoHx8l1P1OTdSGg)xPc+$W+*C}_O;yPVAUiRyPAT3q;!a}CHu&Yg)o0Pld-<5*Os
z?FsM2Fn8&cWb-6(anbocL3TCWv5|zk3^8=3uvKc*vFSGWG?<YTjp^7ShOXET(~e^C
z#XR6#E-+b%CQq}il`M&=hN+C5_Fs<0*N?e(8zIKNd)Z9bG;_Yd(-1AfHx0Xi>m*-?
z>m(TV%ZH+wrM)&!$zhTYb;u7kTiVo^>x<I@IcK|CX}b)ibV5Oo-uvDm7*O{))0w!p
zSH!%#a&mN~r?>w)x#ufl#*wMi&$I}iP`ZjW_Ts_%xBdJVo0j*58!qDn#BwUK>I?hd
zm49B?V%{>R?r*dv9%ZKTBQBo@VE<N22|r2>f06u_eOb^`fGOu@3gEl}=M6aTKluFI
z-)?vSlmsXVP!gczKXFv~UvL5h;#MGT1>)9!iDUV|Sn(UT`T-65jT$BZLV8wv1itoJ
zWdTyWzrEV!?*hb~hRIkUt^nc+VA%;+cKWAoB?3nMpLBxz4@}2_x#Bm@6~HAve|JaO
zkJJD_7=SRqeFN_MpT6wyM?wO0$#V(`P%xlizpwHF2>bU!SfCU+2oHq3A9S(I)f=P=
ns=LM)!2T8lo~{801_mnra=*6i<bD+ut&GTpUw(tIO-%m;NCE%1

literal 0
HcmV?d00001

diff --git a/tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.txt b/tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.txt
new file mode 100644
index 00000000..a54992ee
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-199833-reloc-recovery-crash.txt
@@ -0,0 +1,113 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=199833
+Wen Xu 2018-05-26 02:27:26 UTC
+
+The (compressed) crafted image which causes crash
+
+- Overview
+Invalid pointer dereference in __del_reloc_root() when mounting a crafted btrfs image
+
+- Reproduce 
+# mkdir mnt
+# mount -t btrfs 82.img mnt
+(Reproduced on Linux 4.17-rc5)
+
+- Comment
+https://elixir.bootlin.com/linux/v4.17-rc5/source/fs/btrfs/relocation.c#L1324
+
+static void __del_reloc_root(struct btrfs_root *root)
+{
+	struct btrfs_fs_info *fs_info = root->fs_info;
+	struct rb_node *rb_node;
+	struct mapping_node *node = NULL;
+	struct reloc_control *rc = fs_info->reloc_ctl;
+
+	spin_lock(&rc->reloc_root_tree.lock);
+
+rc can be NULL, which means that reloc_ctl may be not initialized
+
+- Kernel message
+[  208.623313] BUG: unable to handle kernel NULL pointer dereference at 0000000000000570
+[  208.624890] PGD 80000001e9495067 P4D 80000001e9495067 PUD 1f0d81067 PMD 0
+[  208.626285] Oops: 0002 [#1] SMP KASAN PTI
+[  208.632054] BTRFS info (device loop0): delayed_refs has NO entry
+[  208.636502] CPU: 1 PID: 1330 Comm: mount Tainted: G    B   W         4.17.0-rc5+ #6
+[  208.639306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
+[  208.641177] RIP: 0010:_raw_spin_lock+0x1e/0x40
+[  208.642200] RSP: 0018:ffff8801df437338 EFLAGS: 00010246
+[  208.643240] RAX: 0000000000000000 RBX: 0000000000000570 RCX: 0000000000000000
+[  208.644643] RDX: 0000000000000001 RSI: 0000000000000297 RDI: 0000000000000297
+[  208.646058] RBP: ffff8801df437340 R08: ffffed003ee23ebb R09: ffffed003ee23ebb
+[  208.647464] R10: 0000000000000001 R11: ffffed003ee23eba R12: ffff8801f2e8c400
+[  208.648870] R13: 0000000000000000 R14: ffff8801e3a28000 R15: 0000000000000568
+[  208.650286] FS:  00007fd41a0a7840(0000) GS:ffff8801f7100000(0000) knlGS:0000000000000000
+[  208.651872] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  208.653006] CR2: 0000000000000570 CR3: 00000001e16e6000 CR4: 00000000000006e0
+[  208.654449] Call Trace:
+[  208.654961]  __del_reloc_root+0x5a/0x190
+[  208.655755]  free_reloc_roots+0x40/0xb0
+[  208.656531]  btrfs_recover_relocation+0x2fa/0x750
+[  208.657487]  ? btrfs_cleanup_fs_roots+0x351/0x3b0
+[  208.658428]  ? btrfs_relocate_block_group+0x370/0x370
+[  208.659433]  ? qgroup_reserve+0x650/0x650
+[  208.660237]  ? migrate_swap_stop+0x2e0/0x2e0
+[  208.661090]  ? btrfs_check_rw_degradable+0xb0/0x240
+[  208.662077]  open_ctree+0x37c4/0x3ce9
+[  208.662822]  ? close_ctree+0x4a0/0x4a0
+[  208.663580]  ? bdi_register_va+0x44/0x50
+[  208.664371]  ? super_setup_bdi_name+0x11b/0x1a0
+[  208.665302]  ? kill_block_super+0x80/0x80
+[  208.666111]  ? snprintf+0x96/0xd0
+[  208.666787]  btrfs_mount_root+0xae6/0xc60
+[  208.667596]  ? btrfs_mount_root+0xae6/0xc60
+[  208.668449]  ? pcpu_block_update_hint_alloc+0x1f5/0x2a0
+[  208.669505]  ? btrfs_decode_error+0x40/0x40
+[  208.670345]  ? find_next_bit+0x57/0x90
+[  208.671101]  ? cpumask_next+0x1a/0x20
+[  208.671837]  ? pcpu_alloc+0x449/0x8c0
+[  208.672577]  ? pcpu_free_area+0x410/0x410
+[  208.673393]  ? memcg_kmem_put_cache+0x1b/0xa0
+[  208.674267]  ? memcpy+0x45/0x50
+[  208.674905]  mount_fs+0x60/0x1a0
+[  208.675562]  ? btrfs_decode_error+0x40/0x40
+[  208.676399]  ? mount_fs+0x60/0x1a0
+[  208.677088]  ? alloc_vfsmnt+0x309/0x360
+[  208.677880]  vfs_kern_mount+0x6b/0x1a0
+[  208.678634]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[  208.679671]  btrfs_mount+0x209/0xb71
+[  208.680390]  ? pcpu_block_update_hint_alloc+0x1f5/0x2a0
+[  208.681442]  ? btrfs_remount+0x8e0/0x8e0
+[  208.682247]  ? find_next_zero_bit+0x2c/0xa0
+[  208.683119]  ? find_next_bit+0x57/0x90
+[  208.683876]  ? cpumask_next+0x1a/0x20
+[  208.684619]  ? pcpu_alloc+0x449/0x8c0
+[  208.685371]  ? pcpu_free_area+0x410/0x410
+[  208.686177]  ? memcg_kmem_put_cache+0x1b/0xa0
+[  208.687046]  ? memcpy+0x45/0x50
+[  208.687685]  mount_fs+0x60/0x1a0
+[  208.688337]  ? btrfs_remount+0x8e0/0x8e0
+[  208.689121]  ? mount_fs+0x60/0x1a0
+[  208.689828]  ? alloc_vfsmnt+0x309/0x360
+[  208.690599]  vfs_kern_mount+0x6b/0x1a0
+[  208.691352]  do_mount+0x34a/0x18a0
+[  208.692039]  ? lockref_put_or_lock+0xcf/0x160
+[  208.692909]  ? copy_mount_string+0x20/0x20
+[  208.693742]  ? memcg_kmem_put_cache+0x1b/0xa0
+[  208.694615]  ? kasan_check_write+0x14/0x20
+[  208.695437]  ? _copy_from_user+0x6a/0x90
+[  208.696226]  ? memdup_user+0x42/0x60
+[  208.696948]  ksys_mount+0x83/0xd0
+[  208.697631]  __x64_sys_mount+0x67/0x80
+[  208.698385]  do_syscall_64+0x78/0x170
+[  208.699122]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[  208.700124] RIP: 0033:0x7fd419987b9a
+[  208.700842] RSP: 002b:00007fff30668b88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
+[  208.702345] RAX: ffffffffffffffda RBX: 0000000001829030 RCX: 00007fd419987b9a
+[  208.703742] RDX: 0000000001829210 RSI: 000000000182af30 RDI: 0000000001831ec0
+[  208.705134] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000014
+[  208.706533] R10: 00000000c0ed0000 R11: 0000000000000206 R12: 0000000001831ec0
+[  208.707931] R13: 0000000001829210 R14: 0000000000000000 R15: 0000000000000003
+[  208.713050] RIP: _raw_spin_lock+0x1e/0x40 RSP: ffff8801df437338
+[  208.714238] CR2: 0000000000000570
+[  208.714985] ---[ end trace be56bf4112c4e5e3 ]---
+
+Found by Wen Xu and Po-Ning Tseng from SSLab, Gatech.