diff --git a/2022/01/06/linux-kernel-stack.html b/2022/01/06/linux-kernel-stack.html
new file mode 100644
index 0000000..e1638ec
--- /dev/null
+++ b/2022/01/06/linux-kernel-stack.html
@@ -0,0 +1,39 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+
+  <title>Linux kernel stack, PID 0 swapper processes</title>
+  <link rel="alternate" type="application/rss+xml" title="RSS" href="https://rustylife.github.io/rss.xml">
+
+  <link rel="stylesheet" href="/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css">
+</head>
+
+
+<body>
+
+<h1>
+  Linux kernel stack, PID 0 swapper processes
+  <small>
+    <span class="date">January 6, 2022</span>
+    on
+    <span class="site"><a href="https://rustylife.github.io/">Rustam Kovhaev&#39;s blog</a></span>
+  </small>
+</h1>
+
+<main>
+  <article>
+    <p><a href="https://www.youtube.com/watch?v=Pe8FiIVAwfY">https://www.youtube.com/watch?v=Pe8FiIVAwfY</a></p>
+
+  </article>
+</main>
+
+</body>
+
+<footer>
+</footer>
+
+
+</html>
diff --git a/2023/08/15/futex-crash.html b/2023/08/15/futex-crash.html
index 6c4c304..24f52f2 100644
--- a/2023/08/15/futex-crash.html
+++ b/2023/08/15/futex-crash.html
@@ -1,16 +1,19 @@
 <!doctype html>
 <html lang="en">
+
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  
+
   <title>Debugging a futex crash</title>
   <link rel="alternate" type="application/rss+xml" title="RSS" href="https://rustylife.github.io/rss.xml">
-  
-  <link rel="stylesheet" href="/main.min.fbee2ede33c02698d508178167c7556879b09625f70dfe0d8fa551c74788392f.css">
+
+  <link rel="stylesheet" href="/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css">
 </head>
 
 
+<body>
+
 <h1>
   Debugging a futex crash
   <small>
@@ -23,7 +26,7 @@ <h1>
 <main>
   <article>
     <p>I was enjoying my quiet afternoon, when an interesting application core has been submitted to me for research.</p>
-<p>And what made it interesting is that I did not have to load proprietary/private symbols fort the application that crashed.</p>
+<p>And what made it interesting is that I did not have to load proprietary/private symbols for the application that crashed.</p>
 <p>The first thing to check is whether the file is indeed a core file, and it turns out it is not.</p>
 <pre tabindex="0"><code>rusty@nuc10:~/futex$ file veeamagent.0.crash 
 veeamagent.0.crash: ASCII text, with very long lines (44565)
@@ -105,22 +108,22 @@ <h1>
 <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-c" data-lang="c"><span class="line"><span class="cl"><span class="kt">void</span>
 </span></span><span class="line"><span class="cl"><span class="nf">__lll_lock_wait</span> <span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="n">futex</span><span class="p">,</span> <span class="kt">int</span> <span class="n">private</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl"><span class="p">{</span>
-</span></span><span class="line"><span class="cl">  <span class="k">if</span> <span class="p">(</span><span class="n">atomic_load_relaxed</span> <span class="p">(</span><span class="n">futex</span><span class="p">)</span> <span class="o">==</span> <span class="mi">2</span><span class="p">)</span>
+</span></span><span class="line"><span class="cl">  <span class="k">if</span> <span class="p">(</span><span class="nf">atomic_load_relaxed</span> <span class="p">(</span><span class="n">futex</span><span class="p">)</span> <span class="o">==</span> <span class="mi">2</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl">    <span class="k">goto</span> <span class="n">futex</span><span class="p">;</span>
 </span></span><span class="line"><span class="cl">
-</span></span><span class="line"><span class="cl">  <span class="k">while</span> <span class="p">(</span><span class="n">atomic_exchange_acquire</span> <span class="p">(</span><span class="n">futex</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">)</span>
+</span></span><span class="line"><span class="cl">  <span class="k">while</span> <span class="p">(</span><span class="nf">atomic_exchange_acquire</span> <span class="p">(</span><span class="n">futex</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl">    <span class="p">{</span>
 </span></span><span class="line"><span class="cl">    <span class="nl">futex</span><span class="p">:</span>
-</span></span><span class="line"><span class="cl">      <span class="n">LIBC_PROBE</span> <span class="p">(</span><span class="n">lll_lock_wait</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="n">futex</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">      <span class="n">futex_wait</span> <span class="p">((</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="o">*</span><span class="p">)</span> <span class="n">futex</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="n">private</span><span class="p">);</span> <span class="cm">/* Wait if *futex == 2.  */</span>
+</span></span><span class="line"><span class="cl">      <span class="nf">LIBC_PROBE</span> <span class="p">(</span><span class="n">lll_lock_wait</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="n">futex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">      <span class="nf">futex_wait</span> <span class="p">((</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="o">*</span><span class="p">)</span> <span class="n">futex</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="n">private</span><span class="p">);</span> <span class="cm">/* Wait if *futex == 2.  */</span>
 </span></span><span class="line"><span class="cl">    <span class="p">}</span>
 </span></span><span class="line"><span class="cl"><span class="p">}</span>
-</span></span><span class="line"><span class="cl"><span class="n">libc_hidden_def</span> <span class="p">(</span><span class="n">__lll_lock_wait</span><span class="p">)</span>
+</span></span><span class="line"><span class="cl"><span class="nf">libc_hidden_def</span> <span class="p">(</span><span class="n">__lll_lock_wait</span><span class="p">)</span>
 </span></span></code></pre></div><p>futex_wait() is always inlined, that is why it is not in the stack, and futex_wait() calls futex_fatal_error(), which subsequently calls abort()</p>
 <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-c" data-lang="c"><span class="line"><span class="cl"><span class="k">static</span> <span class="n">__always_inline</span> <span class="kt">int</span>
 </span></span><span class="line"><span class="cl"><span class="nf">futex_wait</span> <span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span> <span class="o">*</span><span class="n">futex_word</span><span class="p">,</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">expected</span><span class="p">,</span> <span class="kt">int</span> <span class="n">private</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl"><span class="p">{</span>
-</span></span><span class="line"><span class="cl">  <span class="kt">int</span> <span class="n">err</span> <span class="o">=</span> <span class="n">lll_futex_timed_wait</span> <span class="p">(</span><span class="n">futex_word</span><span class="p">,</span> <span class="n">expected</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="n">private</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">  <span class="kt">int</span> <span class="n">err</span> <span class="o">=</span> <span class="nf">lll_futex_timed_wait</span> <span class="p">(</span><span class="n">futex_word</span><span class="p">,</span> <span class="n">expected</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="n">private</span><span class="p">);</span>
 </span></span><span class="line"><span class="cl">  <span class="k">switch</span> <span class="p">(</span><span class="n">err</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl">    <span class="p">{</span>
 </span></span><span class="line"><span class="cl">    <span class="k">case</span> <span class="mi">0</span><span class="o">:</span>
@@ -136,7 +139,7 @@ <h1>
 </span></span><span class="line"><span class="cl">    <span class="k">case</span> <span class="o">-</span><span class="nl">ENOSYS</span><span class="p">:</span> <span class="cm">/* Must have been caused by a glibc bug.  */</span>
 </span></span><span class="line"><span class="cl">    <span class="cm">/* No other errors are documented at this time.  */</span>
 </span></span><span class="line"><span class="cl">    <span class="k">default</span><span class="o">:</span>
-</span></span><span class="line"><span class="cl">      <span class="n">futex_fatal_error</span> <span class="p">();</span>
+</span></span><span class="line"><span class="cl">      <span class="nf">futex_fatal_error</span> <span class="p">();</span>
 </span></span><span class="line"><span class="cl">    <span class="p">}</span>
 </span></span><span class="line"><span class="cl"><span class="p">}</span>
 </span></span></code></pre></div><p>After reading the comments, let&rsquo;s check the easiest thing first, wrong alignment.</p>
@@ -162,14 +165,14 @@ <h1>
 </span></span></span><span class="line"><span class="cl"><span class="cp">#include</span> <span class="cpf">&lt;unistd.h&gt;</span><span class="cp">
 </span></span></span><span class="line"><span class="cl"><span class="cp">#include</span> <span class="cpf">&lt;pthread.h&gt;</span><span class="cp">
 </span></span></span><span class="line"><span class="cl"><span class="cp"></span>
-</span></span><span class="line"><span class="cl"><span class="n">pthread_mutex_t</span> <span class="n">mutex</span> <span class="nf">__attribute__</span><span class="p">((</span><span class="n">section</span><span class="p">(</span><span class="s">&#34;.reproducer&#34;</span><span class="p">)))</span> <span class="n">__attribute__</span> <span class="p">((</span><span class="n">aligned</span><span class="p">(</span><span class="mi">1</span><span class="p">)));</span>
+</span></span><span class="line"><span class="cl"><span class="kt">pthread_mutex_t</span> <span class="n">mutex</span> <span class="nf">__attribute__</span><span class="p">((</span><span class="nf">section</span><span class="p">(</span><span class="s">&#34;.reproducer&#34;</span><span class="p">)))</span> <span class="nf">__attribute__</span> <span class="p">((</span><span class="nf">aligned</span><span class="p">(</span><span class="mi">1</span><span class="p">)));</span>
 </span></span><span class="line"><span class="cl">
 </span></span><span class="line"><span class="cl"><span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">**</span><span class="n">argv</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl"><span class="p">{</span>
-</span></span><span class="line"><span class="cl">	<span class="n">printf</span><span class="p">(</span><span class="s">&#34;mutex %p</span><span class="se">\n</span><span class="s">&#34;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">	<span class="n">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">	<span class="n">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">	<span class="n">pthread_mutex_unlock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">printf</span><span class="p">(</span><span class="s">&#34;mutex %p</span><span class="se">\n</span><span class="s">&#34;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">pthread_mutex_unlock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
 </span></span><span class="line"><span class="cl">	<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
 </span></span><span class="line"><span class="cl"><span class="p">}</span>
 </span></span></code></pre></div><p>Now, let&rsquo;s compile it and test it, it should crash with the same stack trace as we have in our core.</p>
@@ -201,13 +204,13 @@ <h1>
 </span></span></span><span class="line"><span class="cl"><span class="cp">#include</span> <span class="cpf">&lt;unistd.h&gt;</span><span class="cp">
 </span></span></span><span class="line"><span class="cl"><span class="cp">#include</span> <span class="cpf">&lt;pthread.h&gt;</span><span class="cp">
 </span></span></span><span class="line"><span class="cl"><span class="cp"></span>
-</span></span><span class="line"><span class="cl"><span class="n">pthread_mutex_t</span> <span class="n">mutex</span> <span class="nf">__attribute__</span><span class="p">((</span><span class="n">section</span><span class="p">(</span><span class="s">&#34;.reproducer&#34;</span><span class="p">)))</span> <span class="n">__attribute__</span> <span class="p">((</span><span class="n">aligned</span><span class="p">(</span><span class="mi">1</span><span class="p">)));</span>
+</span></span><span class="line"><span class="cl"><span class="kt">pthread_mutex_t</span> <span class="n">mutex</span> <span class="nf">__attribute__</span><span class="p">((</span><span class="nf">section</span><span class="p">(</span><span class="s">&#34;.reproducer&#34;</span><span class="p">)))</span> <span class="nf">__attribute__</span> <span class="p">((</span><span class="nf">aligned</span><span class="p">(</span><span class="mi">1</span><span class="p">)));</span>
 </span></span><span class="line"><span class="cl">
 </span></span><span class="line"><span class="cl"><span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">**</span><span class="n">argv</span><span class="p">)</span>
 </span></span><span class="line"><span class="cl"><span class="p">{</span>
-</span></span><span class="line"><span class="cl">	<span class="n">printf</span><span class="p">(</span><span class="s">&#34;mutex %p</span><span class="se">\n</span><span class="s">&#34;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">	<span class="n">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
-</span></span><span class="line"><span class="cl">	<span class="n">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">printf</span><span class="p">(</span><span class="s">&#34;mutex %p</span><span class="se">\n</span><span class="s">&#34;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">	<span class="nf">pthread_mutex_lock</span><span class="p">(</span><span class="o">&amp;</span><span class="n">mutex</span><span class="p">);</span>
 </span></span><span class="line"><span class="cl"><span class="p">}</span>
 </span></span></code></pre></div><p>Let&rsquo;s run this:</p>
 <pre tabindex="0"><code>rusty@nuc10:~/futex$ gcc -g futex0.c -lpthread  -Wl,--section-start=.reproducer=0x8001ea1
@@ -249,7 +252,7 @@ <h1>
 </span></span></span><span class="line"><span class="cl"><span class="cm">          * The futex address must be &#34;naturally&#34; aligned.
 </span></span></span><span class="line"><span class="cl"><span class="cm">          */</span>
 </span></span><span class="line"><span class="cl">         <span class="n">key</span><span class="o">-&gt;</span><span class="n">both</span><span class="p">.</span><span class="n">offset</span> <span class="o">=</span> <span class="n">address</span> <span class="o">%</span> <span class="n">PAGE_SIZE</span><span class="p">;</span>
-</span></span><span class="line"><span class="cl">         <span class="k">if</span> <span class="p">(</span><span class="n">unlikely</span><span class="p">((</span><span class="n">address</span> <span class="o">%</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">u32</span><span class="p">))</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">))</span>
+</span></span><span class="line"><span class="cl">         <span class="k">if</span> <span class="p">(</span><span class="nf">unlikely</span><span class="p">((</span><span class="n">address</span> <span class="o">%</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">u32</span><span class="p">))</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">))</span>
 </span></span><span class="line"><span class="cl">                  <span class="k">return</span> <span class="o">-</span><span class="n">EINVAL</span><span class="p">;</span>
 </span></span></code></pre></div><p>And there we have it again, the futex address must be aligned.</p>
 <p>And with that, we can conclude our research and send this bug report to Veeam for fixing.</p>
@@ -258,6 +261,10 @@ <h1>
   </article>
 </main>
 
+</body>
+
 <footer>
 </footer>
 
+
+</html>
diff --git a/2023/10/19/veeamsnap-kernel-crash.html b/2023/10/19/veeamsnap-kernel-crash.html
new file mode 100644
index 0000000..65aed9e
--- /dev/null
+++ b/2023/10/19/veeamsnap-kernel-crash.html
@@ -0,0 +1,187 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+
+  <title>Debugging a kdump kernel crash</title>
+  <link rel="alternate" type="application/rss+xml" title="RSS" href="https://rustylife.github.io/rss.xml">
+
+  <link rel="stylesheet" href="/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css">
+</head>
+
+
+<body>
+
+<h1>
+  Debugging a kdump kernel crash
+  <small>
+    <span class="date">October 19, 2023</span>
+    on
+    <span class="site"><a href="https://rustylife.github.io/">Rustam Kovhaev&#39;s blog</a></span>
+  </small>
+</h1>
+
+<main>
+  <article>
+    <p>Debugging a kernel bug could be a challenging task.</p>
+<p>Let&rsquo;s say a bug lies within the memory management subsystem, slub allocator or page allocator. <br>
+Depending on the debugging tools that you have chosen for troubleshooting, these tools might be calling into the mm subsystem, because they themselves need to allocate memory to show you the trace/debug output that you are interested in, and, therefore, they might be hitting the very same bug and not producing any trace/debug output at all.</p>
+<p>But the crash file that has been submitted to me for research, luckily, turned out to be a relatively easy one.</p>
+<p>And not a kernel bug per se, but an out-of-tree 3rd party kernel module bug.</p>
+<p>First things first, let&rsquo;s check the file&rsquo;s magic number:</p>
+<pre tabindex="0"><code>rusty@thinkpad:~$ file 202310190528/dump.202310190528
+202310190528/dump.202310190528: Flattened kdump compressed dump v6, system Linux, node debian11, release 5.10.0-26-amd64, version #1 SMP Debian 5.10.197-1 (2023-09-29), machine x86_64, domain (none)
+</code></pre><p>Now we need the debug symbols for the debian kernel 5.10.0-26-amd64.</p>
+<p>Since I am opening the kdump crash file on my Arch Linux machine, I need to manually fetch the deb package from debian repo, extract the contents, and get vmlinux file.</p>
+<p>Now we are ready to research it, let&rsquo;s open it in the crash utility:</p>
+<pre tabindex="0"><code>rusty@thinkpad:~$ crash 202310190528/dump.202310190528 vmlinux-5.10.0-26-amd64
+...
+      KERNEL: vmlinux-5.10.0-26-amd64  [TAINTED]
+    DUMPFILE: 202310190528/dump.202310190528  [PARTIAL DUMP]
+        CPUS: 2
+        DATE: Thu Oct 19 05:28:06 PDT 2023
+      UPTIME: 04:28:07
+LOAD AVERAGE: 0.00, 0.00, 0.00
+       TASKS: 144
+    NODENAME: debian11
+     RELEASE: 5.10.0-26-amd64
+     VERSION: #1 SMP Debian 5.10.197-1 (2023-09-29)
+     MACHINE: x86_64  (2112 Mhz)
+      MEMORY: 4 GB
+       PANIC: &#34;Oops: 0010 [#1] SMP NOPTI&#34; (check log for details)
+         PID: 9462
+     COMMAND: &#34;veeamdeferio8_1&#34;
+        TASK: ffff966246d7b100  [THREAD_INFO: ffff966246d7b100]
+         CPU: 1
+       STATE: TASK_RUNNING (PANIC)
+
+crash&gt; ps -p 9462
+PID: 0        TASK: ffffffffbc613940  CPU: 0    COMMAND: &#34;swapper/0&#34;
+ PID: 2        TASK: ffff9662401eb100  CPU: 1    COMMAND: &#34;kthreadd&#34;
+  PID: 9462     TASK: ffff966246d7b100  CPU: 1    COMMAND: &#34;veeamdeferio8_1&#34;
+
+crash&gt; bt 9462
+PID: 9462     TASK: ffff966246d7b100  CPU: 1    COMMAND: &#34;veeamdeferio8_1&#34;
+ #0 [ffffafd080c7bc70] machine_kexec at ffffffffbb067ca1
+ #1 [ffffafd080c7bcc8] __crash_kexec at ffffffffbb14a52a
+ #2 [ffffafd080c7bd88] crash_kexec at ffffffffbb14b669
+ #3 [ffffafd080c7bd98] oops_end at ffffffffbb02ed3f
+ #4 [ffffafd080c7bdb8] exc_page_fault at ffffffffbb8ffb59
+ #5 [ffffafd080c7bde0] asm_exc_page_fault at ffffffffbba00b4e
+ #6 [ffffafd080c7bf10] kthread at ffffffffbb0b5b48
+ #7 [ffffafd080c7bf50] ret_from_fork at ffffffffbb00451f
+
+crash&gt; lsmod |grep -i veeam
+crash&gt;
+</code></pre><p>The kernel crashed in the context of a kernel-space process - a kthread with PID 9462 called veeamdeferio.</p>
+<p>At the moment of the crash, nothing with the name veeam was loaded into the kernel.</p>
+<p>The next step would be to review the kernel ring buffer right before the crash:</p>
+<pre tabindex="0"><code>crash&gt; log
+...
+[16086.429347] veeamsnap:tracker    | ERR | Tracker is already released for device [8:1]
+[16086.447893] veeamsnap:container  | ERR | CRITICAL ERROR: Container is not empty. cnt=2
+[16086.447901] veeamsnap:snapstore  | ERR | Cleanup snapstore devices
+[16086.460295] veeamsnap:container  | ERR | CRITICAL ERROR: Container is not empty. cnt=1
+[16086.460301] veeamsnap:snapstore  | ERR | Unable to perform snapstore cleanup: container is not empty
+[16086.529734] veeamsnap:container  | ERR | CRITICAL ERROR: Container is not empty. cnt=1
+[16086.529757] veeamsnap:ctrl_pipe  | ERR | Unable to perform ctrl pipes cleanup: container is not empty
+[16086.529967] veeamsnap:main       | ERR | container_alloc_counter=3
+[16086.529972] veeamsnap:main       container_alloc_counter=3
+[16086.529976] veeamsnap:main       | ERR | mem_cnt=65608
+[16086.529980] veeamsnap:main       mem_cnt=65608
+[16087.147849] BUG: unable to handle page fault for address: ffffffffc08a65d3
+[16087.149722] #PF: supervisor instruction fetch in kernel mode
+[16087.151349] #PF: error_code(0x0010) - not-present page
+[16087.153012] PGD 6580e067 P4D 6580e067 PUD 65810067 PMD 1047e6067 PTE 0
+[16087.154702] Oops: 0010 [#1] SMP NOPTI
+[16087.156282] CPU: 1 PID: 9462 Comm: veeamdeferio8_1 Kdump: loaded Tainted: G           OE     5.10.0-26-amd64 #1 Debian 5.10.197-1
+[16087.157927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.2-2-2 04/01/2014
+[16087.159468] RIP: 0010:0xffffffffc08a65d3
+[16087.160915] Code: Unable to access opcode bytes at RIP 0xffffffffc08a65a9.
+[16087.162371] RSP: 0018:ffffafd080c7be98 EFLAGS: 00010282
+[16087.163864] RAX: 0000000000000000 RBX: ffff966242162000 RCX: 0000000000000000
+[16087.165331] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246
+[16087.166742] RBP: 00000000000000fa R08: 0000000000000000 R09: 0000000000000000
+[16087.168145] R10: 0000000000000000 R11: 0000000000000000 R12: ffff966242162018
+[16087.169546] R13: ffffafd08410fcf0 R14: ffff966242162000 R15: ffff966246d7b100
+[16087.170909] FS:  0000000000000000(0000) GS:ffff96627bd00000(0000) knlGS:0000000000000000
+[16087.172305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[16087.174165] CR2: ffffffffc08a65a9 CR3: 000000010342e005 CR4: 0000000000370ee0
+[16087.175734] Call Trace:
+[16087.177402]  ? __die_body.cold+0x1a/0x1f
+[16087.178577]  ? no_context+0x1a6/0x3c0
+[16087.179462]  ? exc_page_fault+0xd9/0x160
+[16087.180338]  ? asm_exc_page_fault+0x1e/0x30
+[16087.181203]  ? add_wait_queue_exclusive+0x70/0x70
+[16087.182084]  ? kthread+0x118/0x140
+[16087.182872]  ? __kthread_bind_mask+0x60/0x60
+[16087.183491]  ? ret_from_fork+0x1f/0x30
+[16087.184105] Modules linked in: binfmt_misc dm_mod intel_rapl_msr intel_rapl_common intel_pmc_core kvm_intel kvm irqbypass ghash_clmulni_intel aesni_intel libaes crypto_simd cryptd glue_helper rapl ppdev bochs_drm drm_vram_helper drm_ttm_helper ttm joydev evdev parport_pc drm_kms_helper serio_raw pcspkr parport qemu_fw_cfg cec sg button drm configfs fuse ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic sr_mod cdrom ata_generic crct10dif_pclmul crct10dif_common ata_piix crc32_pclmul libata floppy e1000 scsi_mod crc32c_intel psmouse i2c_piix4 [last unloaded: veeamsnap]
+[16087.186898] CR2: ffffffffc08a65d3
+</code></pre><p>After carefully going over the oops message, we now have the full picture.</p>
+<p>The instruction pointer register (RIP) for the veeamdeferio kthread was pointing to 0xffffffffc08a65a9, which is an unmapped page, accessing which caused the page fault.</p>
+<p>The reason why the page got unmapped is because it has been freed when the veeamsnap kernel module was unloaded.</p>
+<p>And the problem is that veeamsnap did not stop the veeamdeferio kthread when it was being unloaded.</p>
+<p>At this point we can submit a bug report to Veeam, bug we can research the issue a bit further.</p>
+<p>Why? Because we can and it is open-source, we have the code<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>.</p>
+<details>
+<summary>Flame bait</summary>
+I do not recommend anybody reading too much of an out-of-tree code, because the only code that matters is the code that has been merged upstream
+</details>
+<p>The key error message explaining the veeamsnap bug is in the output above:</p>
+<blockquote>
+<p>[16086.429347] veeamsnap:tracker    | ERR | Tracker is already released for device [8:1]</p>
+</blockquote>
+<p>This corresponds to _tracker_release_snapshot() in tracker.c, this function did not call defer_io_stop():</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-c" data-lang="c"><span class="line"><span class="cl"><span class="kt">int</span> <span class="nf">_tracker_release_snapshot</span><span class="p">(</span><span class="kt">tracker_t</span><span class="o">*</span> <span class="n">tracker</span><span class="p">)</span>
+</span></span><span class="line"><span class="cl"><span class="p">{</span>
+</span></span><span class="line"><span class="cl">    <span class="kt">int</span> <span class="n">result</span> <span class="o">=</span> <span class="n">SUCCESS</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl"><span class="cp">#ifdef VEEAMSNAP_BLK_FREEZE
+</span></span></span><span class="line"><span class="cl"><span class="cp"></span>    <span class="k">struct</span> <span class="n">super_block</span><span class="o">*</span> <span class="n">superblock</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl"><span class="cp">#endif
+</span></span></span><span class="line"><span class="cl"><span class="cp"></span>    <span class="kt">defer_io_t</span><span class="o">*</span> <span class="n">defer_io</span> <span class="o">=</span> <span class="n">tracker</span><span class="o">-&gt;</span><span class="n">defer_io</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl">
+</span></span><span class="line"><span class="cl">    <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">tracker</span><span class="o">-&gt;</span><span class="n">defer_io</span><span class="p">)</span> <span class="p">{</span>
+</span></span><span class="line"><span class="cl">        <span class="kt">log_err_dev_t</span><span class="p">(</span><span class="s">&#34;Tracker is already released for device &#34;</span><span class="p">,</span> <span class="n">tracker</span><span class="o">-&gt;</span><span class="n">original_dev_id</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">        <span class="k">return</span> <span class="n">SUCCESS</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl">    <span class="p">}</span>
+</span></span><span class="line"><span class="cl">    <span class="p">...</span>
+</span></span></code></pre></div><p>And the reason for it lies within another code path, in _tracker_capture_snapshot() in the same file:</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-c" data-lang="c"><span class="line"><span class="cl"><span class="kt">int</span> <span class="nf">_tracker_capture_snapshot</span><span class="p">(</span><span class="kt">tracker_t</span><span class="o">*</span> <span class="n">tracker</span><span class="p">)</span>
+</span></span><span class="line"><span class="cl"><span class="p">{</span>
+</span></span><span class="line"><span class="cl">    <span class="kt">int</span> <span class="n">result</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl">    <span class="kt">defer_io_t</span><span class="o">*</span> <span class="n">defer_io</span> <span class="o">=</span> <span class="nb">NULL</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl">
+</span></span><span class="line"><span class="cl">    <span class="n">result</span> <span class="o">=</span> <span class="nf">defer_io_create</span><span class="p">(</span><span class="n">tracker</span><span class="o">-&gt;</span><span class="n">original_dev_id</span><span class="p">,</span> <span class="n">tracker</span><span class="o">-&gt;</span><span class="n">target_dev</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">defer_io</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">    <span class="k">if</span> <span class="p">(</span><span class="n">result</span> <span class="o">!=</span> <span class="n">SUCCESS</span><span class="p">)</span> <span class="p">{</span>
+</span></span><span class="line"><span class="cl">        <span class="nf">log_err</span><span class="p">(</span><span class="s">&#34;Failed to create defer IO processor&#34;</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">        <span class="k">return</span> <span class="n">result</span><span class="p">;</span>
+</span></span><span class="line"><span class="cl">    <span class="p">}</span>
+</span></span><span class="line"><span class="cl">
+</span></span><span class="line"><span class="cl">    <span class="n">tracker</span><span class="o">-&gt;</span><span class="n">defer_io</span> <span class="o">=</span> <span class="nf">defer_io_get_resource</span><span class="p">(</span><span class="n">defer_io</span><span class="p">);</span>
+</span></span><span class="line"><span class="cl">    <span class="p">...</span>
+</span></span></code></pre></div><p>Here, on the last line, tracker-&gt;defer_io pointer gets assigned a new value.</p>
+<p>This assignment overwrites and leaks the existing non-null pointer.</p>
+<p>And this unaccounted-for veeamdeferio kthread never gets stopped, and, subsequently, causes the kernel to crash later on during module removal.</p>
+<p>And now we are good to submit this RCA to Veeam for fixing.</p>
+<div class="footnotes" role="doc-endnotes">
+<hr>
+<ol>
+<li id="fn:1">
+<p><a href="https://github.com/veeam/veeamsnap">https://github.com/veeam/veeamsnap</a>&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p>
+</li>
+</ol>
+</div>
+
+  </article>
+</main>
+
+</body>
+
+<footer>
+</footer>
+
+
+</html>
diff --git a/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css b/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css
new file mode 100644
index 0000000..e551436
--- /dev/null
+++ b/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css
@@ -0,0 +1 @@
+html{font-family:monospace;color:#444;font-size:1rem}body{max-width:920px;margin:0 auto;padding:1rem}h1{margin-top:0;font-size:1.5rem}h1 small{display:block;font-size:1rem}.index{display:flex;flex-direction:row}.index .article-list{flex-grow:1}.index .article-list .article{margin-bottom:1rem}.index .article-list .date{display:block;color:#333}.index aside{width:40%}.index aside img{display:block;margin:0 auto 1rem;border-radius:5px}.index aside dt{font-size:.9rem}.index aside dd{margin-left:0}.index aside dd:not(:last-child){margin-bottom:.5rem}@media(max-width:640px){.index aside{display:none}}article{margin:0 auto;max-width:920px;line-height:1.3}article img,article video,article iframe{display:block!important;margin:0 auto!important;max-width:90%}@media(max-width:640px){article img,article video,article iframe{max-width:calc(100% - 2rem)}}article sup{line-height:1}article .comment{margin:2rem auto 0;max-width:80%;color:#333}.footnotes{font-size:.85rem}footer{margin-top:2rem;text-align:center;font-size:.8rem;color:#333}.float-img{float:right;display:inline;padding-left:1rem}@media(max-width:640px){.float-img{display:block;float:none;padding-left:inherit}}pre{background-color:#eee;padding:.25rem 1rem;margin:0 -1rem;max-width:100%;overflow-x:auto}pre .cp{color:#800}pre .k{color:#008}pre .kt,pre .kd,pre .kc{color:#44f}pre .s{color:#484;font-style:italic}pre .cm,pre .c1{color:#333;font-style:italic}pre .gi{color:green}pre .gd{color:red}pre .gu{color:blue}summary{cursor:pointer;background-color:#eee;padding:.25rem 1rem;margin:0 -1rem}details[open]{border-bottom:1rem solid #eee;margin:0 -1rem 1rem;padding:0 1rem}.text-center{text-align:center}blockquote{border-left:5px solid #bbb;background-color:#eee;padding:0 1rem;margin-left:calc(-1rem - 5px);margin-right:-1rem}blockquote blockquote{margin-right:0;margin-left:0}dl{display:grid;grid-template-columns:auto 1fr;grid-gap:.2rem 1rem}dl dt{font-weight:700;grid-column-start:1}dl dd{grid-column-start:2;margin:0}.alert{padding:.5rem;border:1px solid transparent;margin-bottom:1rem}.alert.alert-danger{background:#f8d7da;color:#721c24;border-color:#f5c6cb}.alert.alert-info{background:#d1ecf1;color:#0c5460;border-color:#bee5eb}table{color:#333;background:#fff;border:1px solid grey;font-size:12pt;border-collapse:collapse}table thead th,table tfoot th{background:rgba(0,0,0,.1)}table caption{padding:.5em}table th,table td{padding:.5em;border:1px solid lightgrey}td.red{background:#f8d7da}td.yellow{background:#fff3cd}td.blue{background:#cfe2ff}
\ No newline at end of file
diff --git a/index.html b/index.html
index b4d2419..a39beb3 100644
--- a/index.html
+++ b/index.html
@@ -1,37 +1,63 @@
 <!doctype html>
 <html lang="en">
+
 <head>
-	<meta name="generator" content="Hugo 0.101.0" />
+	<meta name="generator" content="Hugo 0.119.0">
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  
+
   <title>Rustam Kovhaev&#39;s blog</title>
   <link rel="alternate" type="application/rss+xml" title="RSS" href="https://rustylife.github.io/rss.xml">
-  
-  <link rel="stylesheet" href="/main.min.fbee2ede33c02698d508178167c7556879b09625f70dfe0d8fa551c74788392f.css">
+
+  <link rel="stylesheet" href="/css/main.min.71c6c5c5d13a73b3b5f0778297ce239c59b266c1fcb283b49d1b6113aa5d28d8.css">
 </head>
 
 
+<body>
+
 <main class="index">
   <section class="article-list">
     <h1>Rustam Kovhaev&#39;s blog</h1>
 
-    
+
+    <div class="article">
+      <span class="date">October 19, 2023</span>
+
+	      <a href="https://rustylife.github.io/2023/10/19/veeamsnap-kernel-crash.html">Debugging a kdump kernel crash</a>
+
+    </div>
+
+
     <div class="article">
       <span class="date">August 15, 2023</span>
-      <a href="https://rustylife.github.io/2023/08/15/futex-crash.html">Debugging a futex crash</a>
+
+	      <a href="https://rustylife.github.io/2023/08/15/futex-crash.html">Debugging a futex crash</a>
+
     </div>
-    
-    
+
+
     <div class="article">
-	    <span class="date">January 6, 2022</span>
-	    <a href="https://www.youtube.com/watch?v=Pe8FiIVAwfY">Linux kernel stack, PID 0 swapper processes</a>
+      <span class="date">January 6, 2022</span>
+
+	      <a href="https://www.youtube.com/watch?v=Pe8FiIVAwfY">Linux kernel stack, PID 0 swapper processes</a>
+
     </div>
+
+
   </section>
 
   <aside>
-    <div class="text-center">
-      <a class="rss" href="/rss.xml">rss</a>
-    </div>
+	  <div class="text-center">
+		  <a class="rss" href="/rss.xml">rss</a>
+	  </div>
+	  <dl class="external-links">
+		  <dt>email</dt>
+		  <dd><a href="mailto:rkovhaev@gmail.com">rkovhaev@gmail.com</a></dd>
+	  </dl>
+	  <small>
+	  </small>
   </aside>
 </main>
+
+</body>
+</html>
diff --git a/main.min.fbee2ede33c02698d508178167c7556879b09625f70dfe0d8fa551c74788392f.css b/main.min.fbee2ede33c02698d508178167c7556879b09625f70dfe0d8fa551c74788392f.css
deleted file mode 100644
index d8d5db8..0000000
--- a/main.min.fbee2ede33c02698d508178167c7556879b09625f70dfe0d8fa551c74788392f.css
+++ /dev/null
@@ -1 +0,0 @@
-html{font-family:sans-serif;color:#080808}body{max-width:920px;margin:0 auto;padding:1rem}h1{margin-top:0;font-size:1.5rem}h1 small{display:block;font-size:1rem}.index{display:flex;flex-direction:row}.index .article-list{flex-grow:1}.index .article-list .article{margin-bottom:1rem}.index .article-list .date{display:block;color:#333}.index aside{width:40%}.index aside img{display:block;margin:0 auto 1rem;border-radius:5px}.index aside dt{font-size:.9rem}.index aside dd{margin-left:0}.index aside dd:not(:last-child){margin-bottom:.5rem}@media(max-width:640px){.index aside{display:none}}article{margin:0 auto;max-width:720px;line-height:1.3}article img,article video,article iframe{display:block!important;margin:0 auto!important;max-width:90%}@media(max-width:640px){article img,article video,article iframe{max-width:calc(100% - 2rem)}}article sup{line-height:1}article .comment{margin:2rem auto 0;max-width:80%;color:#333}.footnotes{font-size:.85rem}footer{margin-top:2rem;text-align:center;font-size:.8rem;color:#333}.float-img{float:right;display:inline;padding-left:1rem}@media(max-width:640px){.float-img{display:block;float:none;padding-left:inherit}}pre{background-color:#eee;padding:.25rem 1rem;margin:0 -1rem;max-width:100%;overflow-x:auto}pre .cp{color:#800}pre .k{color:#008}pre .kt,pre .kd,pre .kc{color:#44f}pre .s{color:#484;font-style:italic}pre .cm,pre .c1{color:#333;font-style:italic}pre .gi{color:green}pre .gd{color:red}pre .gu{color:blue}.webring{margin-top:2rem}.webring h2{font-size:1.2rem}.webring .articles{display:flex}@media(max-width:640px){.webring .articles{flex-direction:column}}.webring .title{margin:0}.webring .article{flex:1;display:flex;flex-direction:column;background:#eee;padding:.5rem;margin:0 .5rem}@media(max-width:640px){.webring .article{margin:.5rem 0}}.webring .article:first-child{margin-left:0}.webring .article:last-child{margin-right:0}.webring .summary{font-size:.8rem;flex:1}.webring .attribution{float:right;font-size:.8rem;color:#555;line-height:3}.webring .date{color:#000}summary{cursor:pointer;background-color:#eee;padding:.25rem 1rem;margin:0 -1rem}details[open]{border-bottom:1rem solid #eee;margin:0 -1rem 1rem;padding:0 1rem}.text-center{text-align:center}blockquote{border-left:5px solid #bbb;background-color:#eee;padding:0 1rem;margin-left:calc(-1rem - 5px);margin-right:-1rem}blockquote blockquote{margin-right:0;margin-left:0}dl{display:grid;grid-template-columns:auto 1fr;grid-gap:.2rem 1rem}dl dt{font-weight:700;grid-column-start:1}dl dd{grid-column-start:2;margin:0}.alert{padding:.5rem;border:1px solid transparent;margin-bottom:1rem}.alert.alert-danger{background:#f8d7da;color:#721c24;border-color:#f5c6cb}.alert.alert-info{background:#d1ecf1;color:#0c5460;border-color:#bee5eb}table{color:#333;background:#fff;border:1px solid grey;font-size:12pt;border-collapse:collapse}table thead th,table tfoot th{background:rgba(0,0,0,.1)}table caption{padding:.5em}table th,table td{padding:.5em;border:1px solid lightgrey}td.red{background:#f8d7da}td.yellow{background:#fff3cd}td.blue{background:#cfe2ff}
\ No newline at end of file
diff --git a/rss.xml b/rss.xml
index bb913d6..b06a8fc 100644
--- a/rss.xml
+++ b/rss.xml
@@ -5,7 +5,18 @@
     <link>https://rustylife.github.io/</link>
     <description>Recent content on Rustam Kovhaev&#39;s blog</description>
     <generator>Hugo -- gohugo.io</generator>
-    <lastBuildDate>Tue, 15 Aug 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://rustylife.github.io/rss.xml" rel="self" type="application/rss+xml" />
+    <language>en</language>
+    <lastBuildDate>Thu, 19 Oct 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://rustylife.github.io/rss.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Debugging a kdump kernel crash</title>
+      <link>https://rustylife.github.io/2023/10/19/veeamsnap-kernel-crash.html</link>
+      <pubDate>Thu, 19 Oct 2023 00:00:00 +0000</pubDate>
+      
+      <guid>https://rustylife.github.io/2023/10/19/veeamsnap-kernel-crash.html</guid>
+      <description>Debugging a kernel bug could be a challenging task.
+Let&amp;rsquo;s say a bug lies within the memory management subsystem, slub allocator or page allocator. Depending on the debugging tools that you have chosen for troubleshooting, these tools might be calling into the mm subsystem, because they themselves need to allocate memory to show you the trace/debug output that you are interested in, and, therefore, they might be hitting the very same bug and not producing any trace/debug output at all.</description>
+    </item>
+    
     <item>
       <title>Debugging a futex crash</title>
       <link>https://rustylife.github.io/2023/08/15/futex-crash.html</link>
@@ -13,10 +24,19 @@
       
       <guid>https://rustylife.github.io/2023/08/15/futex-crash.html</guid>
       <description>I was enjoying my quiet afternoon, when an interesting application core has been submitted to me for research.
-And what made it interesting is that I did not have to load proprietary/private symbols fort the application that crashed.
+And what made it interesting is that I did not have to load proprietary/private symbols for the application that crashed.
 The first thing to check is whether the file is indeed a core file, and it turns out it is not.
 rusty@nuc10:~/futex$ file veeamagent.0.crash veeamagent.0.crash: ASCII text, with very long lines (44565) rusty@nuc10:~/futex$ head veeamagent.</description>
     </item>
     
+    <item>
+      <title>Linux kernel stack, PID 0 swapper processes</title>
+      <link>https://rustylife.github.io/2022/01/06/linux-kernel-stack.html</link>
+      <pubDate>Thu, 06 Jan 2022 00:00:00 +0000</pubDate>
+      
+      <guid>https://rustylife.github.io/2022/01/06/linux-kernel-stack.html</guid>
+      <description>https://www.youtube.com/watch?v=Pe8FiIVAwfY</description>
+    </item>
+    
   </channel>
 </rss>