======================================
| [  827.066772][ T5861] ==================================================================
| [ 827.067138][ T5861] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
| [  827.067455][ T5861] Write of size 8 at addr ffff888005070418 by task ping/5861
| [  827.067776][ T5861]
[  827.068164][ T5861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  827.068583][ T5861] Call Trace:
[  827.068736][ T5861]  <TASK>
[ 827.068839][ T5861] dump_stack_lvl (lib/dump_stack.c:123) 
[ 827.069038][ T5861] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 827.069272][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.069471][ T5861] print_report (mm/kasan/report.c:489) 
[ 827.069662][ T5861] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 827.069859][ T5861] kasan_report (mm/kasan/report.c:603) 
[ 827.069999][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.070192][ T5861] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.070388][ T5861] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 827.070579][ T5861] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 827.070765][ T5861] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 827.070951][ T5861] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 827.071141][ T5861] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 827.071323][ T5861] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 827.071510][ T5861] raw_sendmsg (net/ipv4/raw.c:658) 
[ 827.071700][ T5861] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 827.071889][ T5861] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 827.072078][ T5861] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 827.072275][ T5861] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 827.072460][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.072659][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.072852][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.073043][ T5861] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 827.073233][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.073423][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.073611][ T5861] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 827.073799][ T5861] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 827.073985][ T5861] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 827.074180][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.074376][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.074559][ T5861] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 827.074745][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.074930][ T5861] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 827.075127][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.075322][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.075509][ T5861] __x64_sys_sendto (net/socket.c:2222) 
[ 827.075706][ T5861] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 827.075943][ T5861] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 827.076138][ T5861] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  827.076386][ T5861] RIP: 0033:0x7f38b70fa85a
[ 827.076605][ T5861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  827.077266][ T5861] RSP: 002b:00007ffefeea24c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  827.077552][ T5861] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f38b70fa85a
[  827.077835][ T5861] RDX: 0000000000000040 RSI: 000000003e1b2340 RDI: 0000000000000005
[  827.078116][ T5861] RBP: 00007ffefeea2520 R08: 00000000004185e0 R09: 0000000000000010
[  827.078403][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  827.078685][ T5861] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f38b7220000
| [  827.082124][ T5861] ------------[ cut here ]------------
| [  827.082315][ T5861] pool index 93034 out of bounds (705) for stack id 6b6b6b6b
| [ 827.082659][ T5861] WARNING: CPU: 3 PID: 5861 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
| [  827.083013][ T5861] Modules linked in:
[  827.083498][ T5861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 827.083945][ T5861] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 827.084162][ T5861] Code: b8 11 ad b5 e8 eb 2d a3 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 80 6c 22 b5 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad
All code
========
   0:	b8 11 ad b5 e8       	mov    $0xe8b5ad11,%eax
   5:	eb 2d                	jmp    0x34
   7:	a3 01 83 f8 01 75 b8 	movabs %eax,0xf90b87501f88301
   e:	90 0f 
  10:	0b 90 eb b2 90 48    	or     0x4890b2eb(%rax),%edx
  16:	c7 c7 80 6c 22 b5    	mov    $0xb5226c80,%edi
  1c:	44 89 e1             	mov    %r12d,%ecx
  1f:	44 89 ea             	mov    %r13d,%edx
  22:	89 ee                	mov    %ebp,%esi
  24:	e8 7b f2 0d ff       	call   0xffffffffff0df2a4
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	31 c0                	xor    %eax,%eax
  30:	eb bb                	jmp    0xffffffffffffffed
  32:	90                   	nop
  33:	0f 0b                	ud2
  35:	90                   	nop
  36:	eb b5                	jmp    0xffffffffffffffed
  38:	90                   	nop
  39:	0f 0b                	ud2
  3b:	90                   	nop
  3c:	31 c0                	xor    %eax,%eax
  3e:	eb ad                	jmp    0xffffffffffffffed

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	31 c0                	xor    %eax,%eax
   6:	eb bb                	jmp    0xffffffffffffffc3
   8:	90                   	nop
   9:	0f 0b                	ud2
   b:	90                   	nop
   c:	eb b5                	jmp    0xffffffffffffffc3
   e:	90                   	nop
   f:	0f 0b                	ud2
  11:	90                   	nop
  12:	31 c0                	xor    %eax,%eax
  14:	eb ad                	jmp    0xffffffffffffffc3
[  827.084890][ T5861] RSP: 0018:ffffc9000856f7f0 EFLAGS: 00010082
[  827.085152][ T5861] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff6abb43c
[  827.085462][ T5861] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  827.085775][ T5861] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff6abb43c
[  827.086078][ T5861] R10: 0000000000000003 R11: 205d313638355420 R12: 000000006b6b6b6b
[  827.086399][ T5861] R13: 00000000000002c1 R14: 0000000000000008 R15: ffff888005b78040
[  827.086708][ T5861] FS:  00007f38b6e24300(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  827.087062][ T5861] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  827.087318][ T5861] CR2: 00007ffefeea1a80 CR3: 0000000008fec006 CR4: 0000000000772ef0
[  827.087621][ T5861] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  827.087931][ T5861] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  827.088232][ T5861] PKRU: 55555554
[  827.088389][ T5861] Call Trace:
[  827.088554][ T5861]  <TASK>
[ 827.088659][ T5861] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 827.088871][ T5861] ? __warn (kernel/panic.c:748) 
[ 827.089030][ T5861] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 827.089264][ T5861] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 827.089476][ T5861] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 827.089639][ T5861] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 827.089840][ T5861] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 827.090045][ T5861] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 827.090269][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.090489][ T5861] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.090697][ T5861] stack_depot_print (lib/stackdepot.c:745) 
[ 827.090910][ T5861] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 827.091169][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.091375][ T5861] print_report (mm/kasan/report.c:489) 
[ 827.091582][ T5861] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 827.091787][ T5861] kasan_report (mm/kasan/report.c:603) 
[ 827.091939][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.092163][ T5861] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.092375][ T5861] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 827.092577][ T5861] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 827.092782][ T5861] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 827.093022][ T5861] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 827.093241][ T5861] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 827.093462][ T5861] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 827.093680][ T5861] raw_sendmsg (net/ipv4/raw.c:658) 
[ 827.093900][ T5861] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 827.094117][ T5861] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 827.094363][ T5861] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 827.094601][ T5861] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 827.094816][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.095060][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.095277][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.095486][ T5861] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 827.095696][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.095944][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.096156][ T5861] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 827.096391][ T5861] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 827.096609][ T5861] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 827.096832][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.097053][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.097268][ T5861] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 827.097483][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.097696][ T5861] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 827.098052][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.098273][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.098488][ T5861] __x64_sys_sendto (net/socket.c:2222) 
[ 827.098702][ T5861] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 827.099119][ T5861] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 827.099336][ T5861] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  827.099603][ T5861] RIP: 0033:0x7f38b70fa85a
[ 827.099828][ T5861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  827.100732][ T5861] RSP: 002b:00007ffefeea24c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  827.101193][ T5861] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f38b70fa85a
[  827.101510][ T5861] RDX: 0000000000000040 RSI: 000000003e1b2340 RDI: 0000000000000005
[  827.101831][ T5861] RBP: 00007ffefeea2520 R08: 00000000004185e0 R09: 0000000000000010
[  827.102278][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  827.102605][ T5861] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f38b7220000
| [  827.105415][ T5861] corrupt handle or use after stack_depot_put()
| [ 827.105470][ T5861] WARNING: CPU: 3 PID: 5861 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
| [  827.106216][ T5861] Modules linked in:
| [  827.106762][ T5861] Tainted: [W]=WARN
[  827.106928][ T5861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 827.107679][ T5861] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.107911][ T5861] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 60 6d 22 b5 e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
All code
========
   0:	74 1a                	je     0x1c
   2:	48 8d 50 20          	lea    0x20(%rax),%rdx
   6:	48 89 13             	mov    %rdx,(%rbx)
   9:	5b                   	pop    %rbx
   a:	8b 40 14             	mov    0x14(%rax),%eax
   d:	5d                   	pop    %rbp
   e:	41 5c                	pop    %r12
  10:	c3                   	ret
  11:	cc                   	int3
  12:	cc                   	int3
  13:	cc                   	int3
  14:	cc                   	int3
  15:	31 c0                	xor    %eax,%eax
  17:	c3                   	ret
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	cc                   	int3
  1c:	90                   	nop
  1d:	48 c7 c7 60 6d 22 b5 	mov    $0xffffffffb5226d60,%rdi
  24:	e8 62 ed 0d ff       	call   0xffffffffff0ded8b
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	eb bb                	jmp    0xffffffffffffffeb
  30:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
  37:	00 00 00 00 
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	eb bb                	jmp    0xffffffffffffffc1
   6:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
   d:	00 00 00 00 
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
[  827.108660][ T5861] RSP: 0018:ffffc9000856f818 EFLAGS: 00010086
[  827.108931][ T5861] RAX: 0000000000000000 RBX: ffffc9000856f838 RCX: 1ffffffff6abb43c
[  827.109250][ T5861] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  827.109573][ T5861] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff6abb43c
[  827.109888][ T5861] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000
[  827.110334][ T5861] R13: ffffffffb3cf3488 R14: 0000000000000008 R15: ffff888005b78040
[  827.110651][ T5861] FS:  00007f38b6e24300(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  827.111157][ T5861] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  827.111433][ T5861] CR2: 00007ffefeea1a80 CR3: 0000000008fec006 CR4: 0000000000772ef0
[  827.111747][ T5861] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  827.112065][ T5861] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  827.112381][ T5861] PKRU: 55555554
[  827.112540][ T5861] Call Trace:
[  827.112700][ T5861]  <TASK>
[ 827.112808][ T5861] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.113034][ T5861] ? __warn (kernel/panic.c:748) 
[ 827.113198][ T5861] ? nbcon_get_cpu_emergency_nesting (kernel/printk/nbcon.c:1356) 
[ 827.113458][ T5861] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.113665][ T5861] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 827.114004][ T5861] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 827.114165][ T5861] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 827.114375][ T5861] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 827.114584][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.114805][ T5861] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.115143][ T5861] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 827.115354][ T5861] stack_depot_print (lib/stackdepot.c:745) 
[ 827.115565][ T5861] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 827.115826][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.116172][ T5861] print_report (mm/kasan/report.c:489) 
[ 827.116399][ T5861] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 827.116606][ T5861] kasan_report (mm/kasan/report.c:603) 
[ 827.116766][ T5861] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.117103][ T5861] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 827.117317][ T5861] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 827.117528][ T5861] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 827.117726][ T5861] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 827.117927][ T5861] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 827.118248][ T5861] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 827.118446][ T5861] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 827.118643][ T5861] raw_sendmsg (net/ipv4/raw.c:658) 
[ 827.118843][ T5861] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 827.119169][ T5861] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 827.119378][ T5861] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 827.119579][ T5861] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 827.119777][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.120095][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.120296][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.120489][ T5861] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 827.120688][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.121009][ T5861] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 827.121209][ T5861] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 827.121410][ T5861] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 827.121609][ T5861] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 827.121811][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.122132][ T5861] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 827.122333][ T5861] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 827.122528][ T5861] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 827.122731][ T5861] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 827.123175][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.123416][ T5861] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 827.123628][ T5861] __x64_sys_sendto (net/socket.c:2222) 
[ 827.123845][ T5861] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 827.124241][ T5861] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 827.124472][ T5861] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  827.124759][ T5861] RIP: 0033:0x7f38b70fa85a
[ 827.124991][ T5861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  827.125915][ T5861] RSP: 002b:00007ffefeea24c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  827.126224][ T5861] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f38b70fa85a
[  827.126550][ T5861] RDX: 0000000000000040 RSI: 000000003e1b2340 RDI: 0000000000000005
[  827.126876][ T5861] RBP: 00007ffefeea2520 R08: 00000000004185e0 R09: 0000000000000010
[  827.127197][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  827.127511][ T5861] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f38b7220000
| [  827.571303][ T5863] Padding  ffff888005070bd4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  827.571577][ T5863] Padding  ffff888005070be4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  827.571937][ T5863] Padding  ffff888005070bf4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
| [  827.572559][ T5863] Tainted: [B]=BAD_PAGE, [W]=WARN
[  827.572699][ T5863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  827.573016][ T5863] Call Trace:
[  827.573212][ T5863]  <TASK>
[ 827.573287][ T5863] dump_stack_lvl (lib/dump_stack.c:123) 
[ 827.573440][ T5863] check_object (mm/slub.c:1400) 
[ 827.573583][ T5863] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) 
[ 827.573726][ T5863] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) 
[ 827.573865][ T5863] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) 
[ 827.574006][ T5863] ? p9_fcall_init (net/9p/client.c:233) 
[ 827.574156][ T5863] ? fs_reclaim_acquire (mm/page_alloc.c:3851 mm/page_alloc.c:3842) 
[ 827.574297][ T5863] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 827.574527][ T5863] ? p9_fcall_init (net/9p/client.c:233) 
[ 827.574665][ T5863] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 827.574804][ T5863] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 827.574944][ T5863] p9_fcall_init (net/9p/client.c:233) 
[ 827.575172][ T5863] p9_tag_alloc (net/9p/client.c:300) 
[ 827.575312][ T5863] ? __pfx_p9_tag_alloc (net/9p/client.c:280) 
[ 827.575460][ T5863] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 827.575602][ T5863] p9_client_prepare_req (net/9p/client.c:644) 
[ 827.575741][ T5863] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
[ 827.575882][ T5863] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) 
[ 827.576060][ T5863] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 827.576203][ T5863] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) 
[ 827.576438][ T5863] ? __pfx_p9_client_rpc (net/9p/client.c:675) 
[ 827.576577][ T5863] ? stack_depot_save_flags (lib/stackdepot.c:609) 
[ 827.576723][ T5863] ? backing_file_read_iter (fs/backing-file.c:183) 
[ 827.576863][ T5863] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 827.577005][ T5863] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 827.577242][ T5863] ? __pfx_fill_pool (lib/debugobjects.c:129) 
[ 827.577385][ T5863] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 827.577526][ T5863] p9_client_read_once (net/9p/client.c:1565) 
[ 827.577669][ T5863] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 827.577894][ T5863] ? __pfx_p9_client_read_once (net/9p/client.c:1537) 
[ 827.578048][ T5863] ? __debug_object_init (lib/debugobjects.c:622) 
[ 827.578197][ T5863] ? mempool_alloc_noprof (mm/mempool.c:402) 
[ 827.578349][ T5863] p9_client_read (net/9p/client.c:1525) 
[ 827.578577][ T5863] v9fs_issue_read (fs/9p/vfs_addr.c:78) 
[ 827.578729][ T5863] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 827.578868][ T5863] ? __pfx_v9fs_issue_read (fs/9p/vfs_addr.c:68) 
[ 827.579008][ T5863] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 827.579271][ T5863] ? netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:79) 
[ 827.579454][ T5863] netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:90) 
[ 827.579629][ T5863] netfs_unbuffered_read (fs/netfs/direct_read.c:129) 
[ 827.579768][ T5863] netfs_unbuffered_read_iter_locked (fs/netfs/direct_read.c:221) 
[ 827.579942][ T5863] netfs_unbuffered_read_iter (fs/netfs/direct_read.c:257) 
[ 827.580081][ T5863] do_iter_readv_writev (fs/read_write.c:832) 
[ 827.580221][ T5863] ? ovl_verify_lowerdata (fs/overlayfs/namei.c:1026) 
[ 827.580375][ T5863] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 827.580550][ T5863] ? __pfx_do_iter_readv_writev (fs/read_write.c:821) 
[ 827.580693][ T5863] ? v9fs_vfs_getattr_dotl (fs/9p/vfs_inode_dotl.c:419) 
[ 827.580838][ T5863] vfs_iter_read (fs/read_write.c:923) 
[ 827.580976][ T5863] ? ovl_real_fdget_meta (fs/overlayfs/file.c:110) 
[ 827.581220][ T5863] backing_file_read_iter (fs/backing-file.c:183) 
[ 827.581363][ T5863] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 827.581508][ T5863] ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 827.581646][ T5863] ? _copy_to_user (./arch/x86/include/asm/smap.h:33 ./arch/x86/include/asm/uaccess_64.h:129 ./arch/x86/include/asm/uaccess_64.h:142 ./include/linux/uaccess.h:188 lib/usercopy.c:26) 
[ 827.581797][ T5863] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) 
[ 827.581935][ T5863] ? cp_new_stat (fs/stat.c:436) 
[ 827.582082][ T5863] ? __pfx_cp_new_stat (fs/stat.c:436) 
[ 827.582225][ T5863] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) 
[ 827.582375][ T5863] vfs_read (fs/read_write.c:488 fs/read_write.c:569) 
[ 827.582569][ T5863] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 827.582710][ T5863] ? vfs_getattr_nosec (fs/stat.c:143) 
[ 827.582854][ T5863] ? __pfx_vfs_read (fs/read_write.c:550) 
[ 827.582994][ T5863] ? __do_sys_newfstatat (fs/stat.c:501) 
[ 827.583239][ T5863] ? __pfx___do_sys_newfstatat (fs/stat.c:501) 
[ 827.583385][ T5863] __x64_sys_pread64 (fs/read_write.c:764 fs/read_write.c:774 fs/read_write.c:771 fs/read_write.c:771) 
[ 827.583525][ T5863] ? __pfx___x64_sys_pread64 (fs/read_write.c:771) 
[ 827.583664][ T5863] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 827.583837][ T5863] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 827.583980][ T5863] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  827.584160][ T5863] RIP: 0033:0x7f027d82916e
[ 827.584310][ T5863] Code: 00 00 00 00 f7 d8 89 05 90 f0 00 00 48 c7 c0 ff ff ff ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 f7 d8 89 05
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	f7 d8                	neg    %eax
   6:	89 05 90 f0 00 00    	mov    %eax,0xf090(%rip)        # 0xf09c
   c:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  1b:	00 
  1c:	f3 0f 1e fa          	endbr64
  20:	49 89 ca             	mov    %rcx,%r10
  23:	b8 11 00 00 00       	mov    $0x11,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 0a                	ja     0x3c
  32:	c3                   	ret
  33:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  3a:	00 00 
  3c:	f7 d8                	neg    %eax
  3e:	89                   	.byte 0x89
  3f:	05                   	.byte 0x5

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 0a                	ja     0x12
   8:	c3                   	ret
   9:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  10:	00 00 
  12:	f7 d8                	neg    %eax
  14:	89                   	.byte 0x89
  15:	05                   	.byte 0x5
[  827.584813][ T5863] RSP: 002b:00007ffdbb56b168 EFLAGS: 00000202 ORIG_RAX: 0000000000000011
[  827.585113][ T5863] RAX: ffffffffffffffda RBX: 0000000000000310 RCX: 00007f027d82916e
[  827.585329][ T5863] RDX: 0000000000000310 RSI: 00007ffdbb56b170 RDI: 0000000000000005
[  827.585547][ T5863] RBP: 00007ffdbb56b5e0 R08: 000000000000c0ff R09: 00007f027d742988
[  827.585845][ T5863] R10: 0000000000000040 R11: 0000000000000202 R12: 00007f027d838220
[  827.586057][ T5863] R13: 00007ffdbb56b680 R14: 00007f027d837000 R15: 00007f027d742500
| [  827.586279][ T5863]  </TASK>
| [  827.586402][ T5863] FIX kmalloc-1k: Marking all objects used
| [  827.671553][ T5863] Oops: general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [  827.672171][ T5863] Tainted: [B]=BAD_PAGE, [W]=WARN
[  827.672303][ T5863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 827.672601][ T5863] RIP: 0010:free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 827.672785][ T5863] Code: 90 e9 02 ff ff ff 31 db 41 f6 44 24 08 80 0f 84 9e 00 00 00 8b 0d 5d e9 e0 03 85 c9 75 58 48 8b 45 18 48 8b 55 10 48 8d 7d 10 <48> 3b 38 0f 85 ca 00 00 00 48 3b 7a 08 0f 85 c0 00 00 00 48 89 42
All code
========
   0:	90                   	nop
   1:	e9 02 ff ff ff       	jmp    0xffffffffffffff08
   6:	31 db                	xor    %ebx,%ebx
   8:	41 f6 44 24 08 80    	testb  $0x80,0x8(%r12)
   e:	0f 84 9e 00 00 00    	je     0xb2
  14:	8b 0d 5d e9 e0 03    	mov    0x3e0e95d(%rip),%ecx        # 0x3e0e977
  1a:	85 c9                	test   %ecx,%ecx
  1c:	75 58                	jne    0x76
  1e:	48 8b 45 18          	mov    0x18(%rbp),%rax
  22:	48 8b 55 10          	mov    0x10(%rbp),%rdx
  26:	48 8d 7d 10          	lea    0x10(%rbp),%rdi
  2a:*	48 3b 38             	cmp    (%rax),%rdi		<-- trapping instruction
  2d:	0f 85 ca 00 00 00    	jne    0xfd
  33:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
  37:	0f 85 c0 00 00 00    	jne    0xfd
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89
  3f:	42                   	rex.X

Code starting with the faulting instruction
===========================================
   0:	48 3b 38             	cmp    (%rax),%rdi
   3:	0f 85 ca 00 00 00    	jne    0xd3
   9:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
   d:	0f 85 c0 00 00 00    	jne    0xd3
  13:	48                   	rex.W
  14:	89                   	.byte 0x89
  15:	42                   	rex.X
[  827.673234][ T5863] RSP: 0018:ffffc9000858fc30 EFLAGS: 00010046
[  827.673403][ T5863] RAX: dead000000000122 RBX: 0000000000000000 RCX: 0000000000000000
[  827.673619][ T5863] RDX: dead000000000100 RSI: 00000000078601b7 RDI: ffffea0000141c10
[  827.673819][ T5863] RBP: ffffea0000141c00 R08: 0000000000000001 R09: 0000000000000000
[  827.674004][ T5863] R10: ffff888005077400 R11: ffffc9000858faa9 R12: ffff8880010430c0
[  827.674209][ T5863] R13: ffff888005077000 R14: 0000000000000286 R15: ffff888001040e00
[  827.674397][ T5863] FS:  0000000000000000(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  827.674617][ T5863] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  827.674778][ T5863] CR2: 00007f7c31b28270 CR3: 0000000009c40003 CR4: 0000000000772ef0
[  827.674967][ T5863] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  827.675156][ T5863] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  827.675342][ T5863] PKRU: 55555554
[  827.675437][ T5863] Call Trace:
[  827.675531][ T5863]  <TASK>
[ 827.675596][ T5863] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 827.675705][ T5863] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 827.675837][ T5863] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 827.675966][ T5863] ? free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 827.676114][ T5863] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) 
[ 827.676245][ T5863] qlist_free_all (mm/kasan/quarantine.c:174) 
[ 827.676398][ T5863] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) 
[ 827.676529][ T5863] __kasan_slab_alloc (mm/kasan/common.c:329) 
[ 827.676655][ T5863] kmem_cache_alloc_noprof (./include/linux/kasan.h:247 mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141) 
[ 827.676782][ T5863] getname_flags (fs/namei.c:139) 
[ 827.676913][ T5863] ? do_sys_openat2 (fs/open.c:1424) 
[ 827.677040][ T5863] vfs_fstatat (fs/stat.c:341) 
[ 827.677138][ T5863] __do_sys_newfstatat (fs/stat.c:506) 
[ 827.677264][ T5863] ? __pfx___do_sys_newfstatat (fs/stat.c:501) 
[ 827.677389][ T5863] ? user_path_at (fs/namei.c:3020) 
[ 827.677523][ T5863] ? __x64_sys_openat (fs/open.c:1441) 
[ 827.677646][ T5863] ? __pfx___x64_sys_openat (fs/open.c:1441) 
[ 827.677769][ T5863] ? __pfx_do_faccessat (fs/open.c:468) 
[ 827.677893][ T5863] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 827.678051][ T5863] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 827.678204][ T5863] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 827.678329][ T5863] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  827.678484][ T5863] RIP: 0033:0x7f7c31b5beae
[ 827.678629][ T5863] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 07 00 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 0b 31 c0 c3 0f 1f 84 00 00 00 00 00 f7 d8 89 05
All code
========
   0:	48 89 f2             	mov    %rsi,%rdx
   3:	b9 00 01 00 00       	mov    $0x100,%ecx
   8:	48 89 fe             	mov    %rdi,%rsi
   b:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  10:	e9 07 00 00 00       	jmp    0x1c
  15:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1c:	f3 0f 1e fa          	endbr64
  20:	41 89 ca             	mov    %ecx,%r10d
  23:	b8 06 01 00 00       	mov    $0x106,%eax
  28:	0f 05                	syscall
  2a:*	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax		<-- trapping instruction
  2f:	77 0b                	ja     0x3c
  31:	31 c0                	xor    %eax,%eax
  33:	c3                   	ret
  34:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  3b:	00 
  3c:	f7 d8                	neg    %eax
  3e:	89                   	.byte 0x89
  3f:	05                   	.byte 0x5

Code starting with the faulting instruction
===========================================
   0:	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax
   5:	77 0b                	ja     0x12
   7:	31 c0                	xor    %eax,%eax
   9:	c3                   	ret
   a:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  11:	00 
  12:	f7 d8                	neg    %eax
  14:	89                   	.byte 0x89
  15:	05                   	.byte 0x5
[  827.679072][ T5863] RSP: 002b:00007ffc611448a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[  827.679260][ T5863] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007f7c31b5beae
[  827.679445][ T5863] RDX: 00007ffc61144970 RSI: 00007ffc611448b0 RDI: 00000000ffffff9c
[  827.679636][ T5863] RBP: 00007ffc61144a30 R08: 00000000ffffffff R09: 00007ffc611448b0
[  827.679822][ T5863] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc611448b7


Finger prints:
stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create
print_report:kasan_report:___neigh_create:ip_finish_output2:ip_push_pending_frames
free_to_partial_list:qlist_free_all:kasan_quarantine_reduce:__kasan_slab_alloc:kmem_cache_alloc_noprof
check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:p9_fcall_init
depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report