(Forgot to attach some more debugging details.)
From submitter Dec 12 09:40:11 lambda kernel: [55486.381334] iwd[202645]: segfault at 38 ip 000055b1995e2056 sp 00007ffc966c5360 error 6 in iwd[55b1995c4000+84000] Dec 12 09:40:11 lambda kernel: [55486.381374] Code: 48 83 c4 20 e9 58 fe ff ff 0f 1f 00 3c 21 0f 85 70 ff ff ff 31 c0 80 7c 24 10 00 0f 95 c0 83 c0 01 41 89 47 08 48 8b 44 24 18 <49> 89 46 38 e9 51 ff ff ff 90 41 8b 77 08 85 f6 0f 84 44 ff ff ff
/* * Page fault error code bits: * * bit 0 == 0: no page found 1: protection fault * bit 1 == 0: read access 1: write access * bit 2 == 0: kernel-mode access 1: user-mode access * bit 3 == 1: use of reserved bit detected * bit 4 == 1: fault was an instruction fetch * bit 5 == 1: protection keys block access */ enum x86_pf_error_code { PF_PROT = 1 << 0, PF_WRITE = 1 << 1, PF_USER = 1 << 2, PF_RSVD = 1 << 3, PF_INSTR = 1 << 4, PF_PK = 1 << 5, }; arch/x86/mm/fault.c: printk("%s%s[%d]: segfault at %lx ip %px sp %px error %lx", "error 6" == 0x6 == 0b110 bit 0 == 0: no page found bit 1 == 1: write access bit 2 == 1: user-mode access bit 3 == 0: bit 4 == 0: bit 5 == 0: ############# # Bullseye/testing amd64 qemu VM 2019-12-12 apt update apt dist-upgrade apt install systemd-coredump mc gdb iwd iwd-dbgsym apt build-dep iwd mkdir /home/benutzer/source/iwd/orig -p cd /home/benutzer/source/iwd/orig apt source iwd cd gdb -q --args /usr/libexec/iwd set width 0 set pagination off directory /home/benutzer/source/iwd/orig/iwd-1.2 b main run dele 1 (gdb) info target ... 0x000055555555e830 - 0x00005555555e1001 is .text ... (gdb) find /b 0x000055555555e830, 0x00005555555e1001, 0x48, 0x83, 0xc4, 0x20, 0xe9, 0x58, 0xfe, 0xff, 0xff, 0x0f, 0x1f, 0x00, 0x3c, 0x21, 0x0f, 0x85, 0x70, 0xff, 0xff, 0xff, 0x31, 0xc0, 0x80, 0x7c, 0x24, 0x10, 0x00, 0x0f, 0x95, 0xc0, 0x83, 0xc0, 0x01, 0x41, 0x89, 0x47, 0x08, 0x48, 0x8b, 0x44, 0x24, 0x18, 0x49, 0x89, 0x46, 0x38, 0xe9, 0x51, 0xff, 0xff, 0xff, 0x90, 0x41, 0x8b, 0x77, 0x08, 0x85, 0xf6, 0x0f, 0x84, 0x44, 0xff, 0xff, 0xff 0x55555557c02c <scan_notify+476> 1 pattern found. (gdb) b *0x55555557c02c+42 Breakpoint 2 at 0x55555557c056: file src/scan.c, line 1706. (gdb) info b Num Type Disp Enb Address What 2 breakpoint keep y 0x000055555557c056 in scan_notify at src/scan.c:1706 (gdb) disassemble /r scan_notify Dump of assembler code for function scan_notify: 0x000055555557be50 <+0>: 41 57 push %r15 ... 0x000055555557c027 <+471>: e8 d4 ae 03 00 callq 0x5555555b6f00 <l_log_with_location> 0x000055555557c02c <+476>: 48 83 c4 20 add $0x20,%rsp 0x000055555557c030 <+480>: e9 58 fe ff ff jmpq 0x55555557be8d <scan_notify+61> 0x000055555557c035 <+485>: 0f 1f 00 nopl (%rax) 0x000055555557c038 <+488>: 3c 21 cmp $0x21,%al 0x000055555557c03a <+490>: 0f 85 70 ff ff ff jne 0x55555557bfb0 <scan_notify+352> 0x000055555557c040 <+496>: 31 c0 xor %eax,%eax 0x000055555557c042 <+498>: 80 7c 24 10 00 cmpb $0x0,0x10(%rsp) 0x000055555557c047 <+503>: 0f 95 c0 setne %al 0x000055555557c04a <+506>: 83 c0 01 add $0x1,%eax 0x000055555557c04d <+509>: 41 89 47 08 mov %eax,0x8(%r15) 0x000055555557c051 <+513>: 48 8b 44 24 18 mov 0x18(%rsp),%rax 0x000055555557c056 <+518>: 49 89 46 38 mov %rax,0x38(%r14) <<<<<<<<<<<<< 0x000055555557c05a <+522>: e9 51 ff ff ff jmpq 0x55555557bfb0 <scan_notify+352> 0x000055555557c05f <+527>: 90 nop 0x000055555557c060 <+528>: 41 8b 77 08 mov 0x8(%r15),%esi 0x000055555557c064 <+532>: 85 f6 test %esi,%esi 0x000055555557c066 <+534>: 0f 84 44 ff ff ff je 0x55555557bfb0 <scan_notify+352> 0x000055555557c06c <+540>: 41 0f b6 47 58 movzbl 0x58(%r15),%eax ... 0x000055555557c2ff <+1199>: e8 4c 1f fe ff callq 0x55555555e250 <__stack_chk_fail@plt> End of assembler dump. (gdb) list src/scan.c:1700,src/scan.c:1710 1700 case NL80211_CMD_TRIGGER_SCAN: 1701 if (active_scan) 1702 sc->state = SCAN_STATE_ACTIVE; 1703 else 1704 sc->state = SCAN_STATE_PASSIVE; 1705 1706 sr->start_time_tsf = start_time_tsf; <<<<<<<<<<<< 1707 1708 break; 1709 1710 case NL80211_CMD_SCAN_ABORTED: (gdb) ptype struct scan_request type = struct scan_request { uint32_t id; scan_trigger_func_t trigger; scan_notify_func_t callback; void *userdata; scan_destroy_func_t destroy; _Bool passive : 1; struct l_queue *cmds; uint64_t start_time_tsf; } (gdb) print/x (int)&((struct scan_request*)0)->id $3 = 0x0 (gdb) print/x (int)&((struct scan_request*)0)->start_time_tsf $4 = 0x38 https://git.kernel.org/pub/scm/network/wireless/iwd.git/ https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/src/scan.c?id=d2556a48b7d65eb670fb0ce20e3f929bf9839a20