====================================== | [ 309.679868][ T1628] ================================================================== | [ 309.680119][ T1628] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) | [ 309.680334][ T1628] Write of size 8 at addr ffff888007fd5818 by task ping/1628 | [ 309.680537][ T1628] [ 309.680824][ T1628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 309.681138][ T1628] Call Trace: [ 309.681248][ T1628] <TASK> [ 309.681322][ T1628] dump_stack_lvl (lib/dump_stack.c:123) [ 309.681470][ T1628] print_address_description.constprop.0 (mm/kasan/report.c:378) [ 309.681648][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.681791][ T1628] print_report (mm/kasan/report.c:489) [ 309.681932][ T1628] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 309.682075][ T1628] kasan_report (mm/kasan/report.c:603) [ 309.682181][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.682341][ T1628] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.682479][ T1628] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 309.682620][ T1628] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 309.682758][ T1628] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 309.682896][ T1628] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 309.683034][ T1628] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 309.683178][ T1628] ? raw_sendmsg (net/ipv4/raw.c:651) [ 309.683314][ T1628] raw_sendmsg (net/ipv4/raw.c:658) [ 309.683451][ T1628] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 309.683591][ T1628] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 309.683730][ T1628] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 309.683871][ T1628] ? gup_fast_pte_range (mm/gup.c:2844) [ 309.684007][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.684143][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.684279][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.684413][ T1628] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 309.684557][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.684694][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.684831][ T1628] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 309.684965][ T1628] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 309.685098][ T1628] ? __pfx___sys_sendto (net/socket.c:2184) [ 309.685238][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.685375][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.685505][ T1628] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 309.685642][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.685783][ T1628] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 309.685921][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.686065][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.686199][ T1628] __x64_sys_sendto (net/socket.c:2222) [ 309.686335][ T1628] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 309.686505][ T1628] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 309.686648][ T1628] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 309.686896][ T1628] RIP: 0033:0x7f9f00a6a85a [ 309.687118][ T1628] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 309.687817][ T1628] RSP: 002b:00007ffe7292f7b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 309.688125][ T1628] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f9f00a6a85a [ 309.688433][ T1628] RDX: 0000000000000040 RSI: 000000003d7fa340 RDI: 0000000000000005 [ 309.688718][ T1628] RBP: 00007ffe7292f810 R08: 00000000004185e0 R09: 0000000000000010 [ 309.689002][ T1628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 309.689299][ T1628] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f9f00b90000 | [ 309.693038][ T1628] ------------[ cut here ]------------ | [ 309.693251][ T1628] pool index 93034 out of bounds (728) for stack id 6b6b6b6b | [ 309.693621][ T1628] WARNING: CPU: 1 PID: 1628 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) | [ 309.693999][ T1628] Modules linked in: [ 309.694504][ T1628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 309.694989][ T1628] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 309.695222][ T1628] Code: b8 11 0d ac e8 eb 2d a3 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 80 6c 82 ab 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad All code ======== 0: b8 11 0d ac e8 mov $0xe8ac0d11,%eax 5: eb 2d jmp 0x34 7: a3 01 83 f8 01 75 b8 movabs %eax,0xf90b87501f88301 e: 90 0f 10: 0b 90 eb b2 90 48 or 0x4890b2eb(%rax),%edx 16: c7 c7 80 6c 82 ab mov $0xab826c80,%edi 1c: 44 89 e1 mov %r12d,%ecx 1f: 44 89 ea mov %r13d,%edx 22: 89 ee mov %ebp,%esi 24: e8 7b f2 0d ff call 0xffffffffff0df2a4 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: 31 c0 xor %eax,%eax 30: eb bb jmp 0xffffffffffffffed 32: 90 nop 33: 0f 0b ud2 35: 90 nop 36: eb b5 jmp 0xffffffffffffffed 38: 90 nop 39: 0f 0b ud2 3b: 90 nop 3c: 31 c0 xor %eax,%eax 3e: eb ad jmp 0xffffffffffffffed Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: 31 c0 xor %eax,%eax 6: eb bb jmp 0xffffffffffffffc3 8: 90 nop 9: 0f 0b ud2 b: 90 nop c: eb b5 jmp 0xffffffffffffffc3 e: 90 nop f: 0f 0b ud2 11: 90 nop 12: 31 c0 xor %eax,%eax 14: eb ad jmp 0xffffffffffffffc3 [ 309.696007][ T1628] RSP: 0018:ffffc900035ef7f0 EFLAGS: 00010082 [ 309.696290][ T1628] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff577b43c [ 309.696610][ T1628] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 309.696955][ T1628] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff577b43c [ 309.697285][ T1628] R10: 0000000000000003 R11: 205d383236315420 R12: 000000006b6b6b6b [ 309.697614][ T1628] R13: 00000000000002d8 R14: 0000000000000008 R15: ffff88800616a300 [ 309.697947][ T1628] FS: 00007f9f00794300(0000) GS:ffff88802f480000(0000) knlGS:0000000000000000 [ 309.698378][ T1628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 309.698659][ T1628] CR2: 00007ffe7292ed80 CR3: 00000000090c4004 CR4: 0000000000772ef0 [ 309.698992][ T1628] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 309.699322][ T1628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 309.699636][ T1628] PKRU: 55555554 [ 309.699799][ T1628] Call Trace: [ 309.699969][ T1628] <TASK> [ 309.700095][ T1628] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 309.700316][ T1628] ? __warn (kernel/panic.c:748) [ 309.700478][ T1628] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 309.700686][ T1628] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 309.700901][ T1628] ? handle_bug (arch/x86/kernel/traps.c:285) [ 309.701057][ T1628] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 309.701266][ T1628] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 309.701476][ T1628] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 309.701817][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.702033][ T1628] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.702250][ T1628] stack_depot_print (lib/stackdepot.c:745) [ 309.702458][ T1628] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 309.702843][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.703053][ T1628] print_report (mm/kasan/report.c:489) [ 309.703261][ T1628] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 309.703465][ T1628] kasan_report (mm/kasan/report.c:603) [ 309.703624][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.703957][ T1628] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.704173][ T1628] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 309.704384][ T1628] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 309.704596][ T1628] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 309.705070][ T1628] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 309.705291][ T1628] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 309.705510][ T1628] ? raw_sendmsg (net/ipv4/raw.c:651) [ 309.705720][ T1628] raw_sendmsg (net/ipv4/raw.c:658) [ 309.706073][ T1628] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 309.706291][ T1628] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 309.706520][ T1628] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 309.706748][ T1628] ? gup_fast_pte_range (mm/gup.c:2844) [ 309.706972][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.707204][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.707428][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.707649][ T1628] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 309.707871][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.708224][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.708446][ T1628] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 309.708651][ T1628] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 309.708854][ T1628] ? __pfx___sys_sendto (net/socket.c:2184) [ 309.709065][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.709274][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.709476][ T1628] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 309.709681][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.710044][ T1628] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 309.710282][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.710499][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.710720][ T1628] __x64_sys_sendto (net/socket.c:2222) [ 309.710938][ T1628] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 309.711208][ T1628] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 309.711421][ T1628] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 309.711697][ T1628] RIP: 0033:0x7f9f00a6a85a [ 309.712089][ T1628] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 309.712826][ T1628] RSP: 002b:00007ffe7292f7b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 309.713151][ T1628] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f9f00a6a85a [ 309.713472][ T1628] RDX: 0000000000000040 RSI: 000000003d7fa340 RDI: 0000000000000005 [ 309.713786][ T1628] RBP: 00007ffe7292f810 R08: 00000000004185e0 R09: 0000000000000010 [ 309.714245][ T1628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 309.714560][ T1628] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f9f00b90000 | [ 309.717509][ T1628] corrupt handle or use after stack_depot_put() | [ 309.717559][ T1628] WARNING: CPU: 1 PID: 1628 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) | [ 309.718177][ T1628] Modules linked in: | [ 309.718717][ T1628] Tainted: [W]=WARN [ 309.718877][ T1628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 309.719358][ T1628] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.719580][ T1628] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 60 6d 82 ab e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 All code ======== 0: 74 1a je 0x1c 2: 48 8d 50 20 lea 0x20(%rax),%rdx 6: 48 89 13 mov %rdx,(%rbx) 9: 5b pop %rbx a: 8b 40 14 mov 0x14(%rax),%eax d: 5d pop %rbp e: 41 5c pop %r12 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: 31 c0 xor %eax,%eax 17: c3 ret 18: cc int3 19: cc int3 1a: cc int3 1b: cc int3 1c: 90 nop 1d: 48 c7 c7 60 6d 82 ab mov $0xffffffffab826d60,%rdi 24: e8 62 ed 0d ff call 0xffffffffff0ded8b 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: eb bb jmp 0xffffffffffffffeb 30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) 37: 00 00 00 00 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: eb bb jmp 0xffffffffffffffc1 6: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) d: 00 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 309.720389][ T1628] RSP: 0018:ffffc900035ef818 EFLAGS: 00010086 [ 309.720568][ T1628] RAX: 0000000000000000 RBX: ffffc900035ef838 RCX: 1ffffffff577b43c [ 309.720930][ T1628] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 309.721140][ T1628] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff577b43c [ 309.721349][ T1628] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000 [ 309.721633][ T1628] R13: ffffffffaa2f3488 R14: 0000000000000008 R15: ffff88800616a300 [ 309.721835][ T1628] FS: 00007f9f00794300(0000) GS:ffff88802f480000(0000) knlGS:0000000000000000 [ 309.722159][ T1628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 309.722338][ T1628] CR2: 00007ffe7292ed80 CR3: 00000000090c4004 CR4: 0000000000772ef0 [ 309.722548][ T1628] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 309.722762][ T1628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 309.722968][ T1628] PKRU: 55555554 [ 309.723074][ T1628] Call Trace: [ 309.723178][ T1628] <TASK> [ 309.723250][ T1628] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.723466][ T1628] ? __warn (kernel/panic.c:748) [ 309.723576][ T1628] ? nbcon_get_cpu_emergency_nesting (kernel/printk/nbcon.c:1356) [ 309.723756][ T1628] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.723902][ T1628] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 309.724124][ T1628] ? handle_bug (arch/x86/kernel/traps.c:285) [ 309.724232][ T1628] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 309.724372][ T1628] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 309.724513][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.724655][ T1628] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.724794][ T1628] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 309.724934][ T1628] stack_depot_print (lib/stackdepot.c:745) [ 309.725075][ T1628] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 309.725253][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.725467][ T1628] print_report (mm/kasan/report.c:489) [ 309.725608][ T1628] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 309.725746][ T1628] kasan_report (mm/kasan/report.c:603) [ 309.725853][ T1628] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.726110][ T1628] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 309.726263][ T1628] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 309.726393][ T1628] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 309.726521][ T1628] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 309.726665][ T1628] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 309.726801][ T1628] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 309.726942][ T1628] ? raw_sendmsg (net/ipv4/raw.c:651) [ 309.727084][ T1628] raw_sendmsg (net/ipv4/raw.c:658) [ 309.727216][ T1628] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 309.727429][ T1628] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 309.727565][ T1628] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 309.727699][ T1628] ? gup_fast_pte_range (mm/gup.c:2844) [ 309.727834][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.728035][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.728164][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.728292][ T1628] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 309.728419][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.728622][ T1628] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 309.728750][ T1628] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 309.728886][ T1628] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 309.729018][ T1628] ? __pfx___sys_sendto (net/socket.c:2184) [ 309.729223][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.729350][ T1628] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 309.729476][ T1628] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 309.729602][ T1628] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 309.729730][ T1628] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 309.729930][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.730060][ T1628] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 309.730209][ T1628] __x64_sys_sendto (net/socket.c:2222) [ 309.730341][ T1628] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 309.730574][ T1628] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 309.730702][ T1628] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 309.730862][ T1628] RIP: 0033:0x7f9f00a6a85a [ 309.730996][ T1628] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 309.731546][ T1628] RSP: 002b:00007ffe7292f7b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 309.731741][ T1628] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f9f00a6a85a [ 309.731935][ T1628] RDX: 0000000000000040 RSI: 000000003d7fa340 RDI: 0000000000000005 [ 309.732129][ T1628] RBP: 00007ffe7292f810 R08: 00000000004185e0 R09: 0000000000000010 [ 309.732321][ T1628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 309.732511][ T1628] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f9f00b90000 | [ 310.069009][ T1630] Padding ffff888007fd5fd4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 310.069406][ T1630] Padding ffff888007fd5fe4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 310.069695][ T1630] Padding ffff888007fd5ff4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ | [ 310.070367][ T1630] Tainted: [B]=BAD_PAGE, [W]=WARN [ 310.070513][ T1630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 310.070933][ T1630] Call Trace: [ 310.071064][ T1630] <TASK> [ 310.071137][ T1630] dump_stack_lvl (lib/dump_stack.c:123) [ 310.071383][ T1630] check_object (mm/slub.c:1400) [ 310.071543][ T1630] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) [ 310.071685][ T1630] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) [ 310.071843][ T1630] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) [ 310.071981][ T1630] ? p9_fcall_init (net/9p/client.c:233) [ 310.072225][ T1630] ? fs_reclaim_acquire (mm/page_alloc.c:3851 mm/page_alloc.c:3842) [ 310.072365][ T1630] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 310.072506][ T1630] ? p9_fcall_init (net/9p/client.c:233) [ 310.072653][ T1630] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 310.072794][ T1630] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 310.072969][ T1630] p9_fcall_init (net/9p/client.c:233) [ 310.073110][ T1630] p9_tag_alloc (net/9p/client.c:300) [ 310.073275][ T1630] ? __pfx_p9_tag_alloc (net/9p/client.c:280) [ 310.073413][ T1630] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.073579][ T1630] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 310.073720][ T1630] p9_client_prepare_req (net/9p/client.c:644) [ 310.073857][ T1630] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [ 310.074108][ T1630] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) [ 310.074295][ T1630] ? __kernel_text_address (kernel/extable.c:79) [ 310.074435][ T1630] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [ 310.074602][ T1630] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) [ 310.074742][ T1630] ? __pfx_p9_client_rpc (net/9p/client.c:675) [ 310.074902][ T1630] ? stack_depot_save_flags (lib/stackdepot.c:609) [ 310.075044][ T1630] ? backing_file_read_iter (fs/backing-file.c:183) [ 310.075210][ T1630] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) [ 310.075355][ T1630] ? __pfx_fill_pool (lib/debugobjects.c:129) [ 310.075501][ T1630] p9_client_read_once (net/9p/client.c:1565) [ 310.075657][ T1630] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 310.075797][ T1630] ? __pfx_p9_client_read_once (net/9p/client.c:1537) [ 310.075948][ T1630] ? __debug_object_init (lib/debugobjects.c:622) [ 310.076205][ T1630] ? mempool_alloc_noprof (mm/mempool.c:402) [ 310.076350][ T1630] p9_client_read (net/9p/client.c:1525) [ 310.076511][ T1630] v9fs_issue_read (fs/9p/vfs_addr.c:78) [ 310.076656][ T1630] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 310.076797][ T1630] ? __pfx_v9fs_issue_read (fs/9p/vfs_addr.c:68) [ 310.076952][ T1630] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 310.077104][ T1630] ? netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:79) [ 310.077289][ T1630] netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:90) [ 310.077462][ T1630] netfs_unbuffered_read (fs/netfs/direct_read.c:129) [ 310.077600][ T1630] netfs_unbuffered_read_iter_locked (fs/netfs/direct_read.c:221) [ 310.077774][ T1630] netfs_unbuffered_read_iter (fs/netfs/direct_read.c:257) [ 310.077912][ T1630] do_iter_readv_writev (fs/read_write.c:832) [ 310.078144][ T1630] ? ovl_verify_lowerdata (fs/overlayfs/namei.c:1026) [ 310.078286][ T1630] ? __pfx_do_iter_readv_writev (fs/read_write.c:821) [ 310.078424][ T1630] ? kasan_save_stack (mm/kasan/common.c:49) [ 310.078563][ T1630] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.078702][ T1630] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.078875][ T1630] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 310.079039][ T1630] vfs_iter_read (fs/read_write.c:923) [ 310.079180][ T1630] ? ovl_real_fdget_meta (fs/overlayfs/file.c:110) [ 310.079318][ T1630] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 310.079458][ T1630] backing_file_read_iter (fs/backing-file.c:183) [ 310.079600][ T1630] ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) [ 310.079741][ T1630] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) [ 310.079962][ T1630] ? __pfx_free_object_rcu (mm/kmemleak.c:514) [ 310.080113][ T1630] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) [ 310.080259][ T1630] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) [ 310.080397][ T1630] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 310.080653][ T1630] vfs_read (fs/read_write.c:488 fs/read_write.c:569) [ 310.080760][ T1630] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) [ 310.080897][ T1630] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) [ 310.081039][ T1630] ? do_sys_openat2 (fs/open.c:1424) [ 310.081188][ T1630] ? __pfx_vfs_read (fs/read_write.c:550) [ 310.081412][ T1630] ? __pfx_do_sys_openat2 (fs/open.c:1401) [ 310.081553][ T1630] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.081691][ T1630] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 310.081831][ T1630] ksys_read (fs/read_write.c:712) [ 310.082020][ T1630] ? __pfx_ksys_read (fs/read_write.c:702) [ 310.082162][ T1630] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 310.082337][ T1630] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.082475][ T1630] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.082650][ T1630] RIP: 0033:0x7ff8c2ce5138 [ 310.082798][ T1630] Code: c0 48 8d 44 24 d0 48 89 44 24 c8 eb bb 0f 1f 44 00 00 f7 d8 89 05 b8 f0 00 00 b8 ff ff ff ff c3 66 90 f3 0f 1e fa 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 08 c3 0f 1f 80 00 00 00 00 f7 d8 89 05 90 f0 All code ======== 0: c0 48 8d 44 rorb $0x44,-0x73(%rax) 4: 24 d0 and $0xd0,%al 6: 48 89 44 24 c8 mov %rax,-0x38(%rsp) b: eb bb jmp 0xffffffffffffffc8 d: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 12: f7 d8 neg %eax 14: 89 05 b8 f0 00 00 mov %eax,0xf0b8(%rip) # 0xf0d2 1a: b8 ff ff ff ff mov $0xffffffff,%eax 1f: c3 ret 20: 66 90 xchg %ax,%ax 22: f3 0f 1e fa endbr64 26: 31 c0 xor %eax,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 08 ja 0x3a 32: c3 ret 33: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 3a: f7 d8 neg %eax 3c: 89 .byte 0x89 3d: 05 .byte 0x5 3e: 90 nop 3f: f0 lock Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 08 ja 0x10 8: c3 ret 9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 10: f7 d8 neg %eax 12: 89 .byte 0x89 13: 05 .byte 0x5 14: 90 nop 15: f0 lock [ 310.083377][ T1630] RSP: 002b:00007ffcd9015ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 310.083600][ T1630] RAX: ffffffffffffffda RBX: 00007ffcd9015d7f RCX: 00007ff8c2ce5138 [ 310.083824][ T1630] RDX: 0000000000000340 RSI: 00007ffcd9015d98 RDI: 0000000000000005 [ 310.084160][ T1630] RBP: 00007ffcd9015d10 R08: 0000000000080000 R09: 00007ff8c2cb63f0 [ 310.084392][ T1630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 [ 310.084627][ T1630] R13: 00007ffcd9015d90 R14: 00007ff8c2cb63f0 R15: 0000000000000005 | [ 310.084846][ T1630] </TASK> | [ 310.084971][ T1630] FIX kmalloc-1k: Marking all objects used | [ 310.154816][ T1630] Oops: general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] PREEMPT SMP KASAN NOPTI | [ 310.155495][ T1630] Tainted: [B]=BAD_PAGE, [W]=WARN [ 310.155647][ T1630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 310.155992][ T1630] RIP: 0010:free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) [ 310.156192][ T1630] Code: 90 e9 02 ff ff ff 31 db 41 f6 44 24 08 80 0f 84 9e 00 00 00 8b 0d 5d e9 e0 03 85 c9 75 58 48 8b 45 18 48 8b 55 10 48 8d 7d 10 <48> 3b 38 0f 85 ca 00 00 00 48 3b 7a 08 0f 85 c0 00 00 00 48 89 42 All code ======== 0: 90 nop 1: e9 02 ff ff ff jmp 0xffffffffffffff08 6: 31 db xor %ebx,%ebx 8: 41 f6 44 24 08 80 testb $0x80,0x8(%r12) e: 0f 84 9e 00 00 00 je 0xb2 14: 8b 0d 5d e9 e0 03 mov 0x3e0e95d(%rip),%ecx # 0x3e0e977 1a: 85 c9 test %ecx,%ecx 1c: 75 58 jne 0x76 1e: 48 8b 45 18 mov 0x18(%rbp),%rax 22: 48 8b 55 10 mov 0x10(%rbp),%rdx 26: 48 8d 7d 10 lea 0x10(%rbp),%rdi 2a:* 48 3b 38 cmp (%rax),%rdi <-- trapping instruction 2d: 0f 85 ca 00 00 00 jne 0xfd 33: 48 3b 7a 08 cmp 0x8(%rdx),%rdi 37: 0f 85 c0 00 00 00 jne 0xfd 3d: 48 rex.W 3e: 89 .byte 0x89 3f: 42 rex.X Code starting with the faulting instruction =========================================== 0: 48 3b 38 cmp (%rax),%rdi 3: 0f 85 ca 00 00 00 jne 0xd3 9: 48 3b 7a 08 cmp 0x8(%rdx),%rdi d: 0f 85 c0 00 00 00 jne 0xd3 13: 48 rex.W 14: 89 .byte 0x89 15: 42 rex.X [ 310.156712][ T1630] RSP: 0018:ffffc900037af450 EFLAGS: 00010046 [ 310.156908][ T1630] RAX: dead000000000122 RBX: 0000000000000000 RCX: 0000000000000000 [ 310.157129][ T1630] RDX: dead000000000100 RSI: 0000000005bc01db RDI: ffffea00001ff410 [ 310.157351][ T1630] RBP: ffffea00001ff400 R08: 0000000000000001 R09: 0000000000000000 [ 310.157569][ T1630] R10: ffff888007fd3800 R11: ffffc900037af2c9 R12: ffff8880010430c0 [ 310.157788][ T1630] R13: ffff888007fd3400 R14: 0000000000000286 R15: ffff888001040e00 [ 310.158039][ T1630] FS: 0000000000000000(0000) GS:ffff88802f480000(0000) knlGS:0000000000000000 [ 310.158296][ T1630] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 310.158485][ T1630] CR2: 00007ffe7292ed80 CR3: 0000000008128001 CR4: 0000000000772ef0 [ 310.158712][ T1630] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 310.158932][ T1630] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 310.159158][ T1630] PKRU: 55555554 [ 310.159271][ T1630] Call Trace: [ 310.159384][ T1630] <TASK> [ 310.159461][ T1630] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [ 310.159579][ T1630] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) [ 310.159734][ T1630] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) [ 310.159887][ T1630] ? free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) [ 310.160038][ T1630] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) [ 310.160201][ T1630] qlist_free_all (mm/kasan/quarantine.c:174) [ 310.160349][ T1630] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) [ 310.160498][ T1630] __kasan_slab_alloc (mm/kasan/common.c:329) [ 310.160648][ T1630] kmem_cache_alloc_noprof (./include/linux/kasan.h:247 mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141) [ 310.160809][ T1630] p9_tag_alloc (net/9p/client.c:288) [ 310.160960][ T1630] ? __pfx_p9_tag_alloc (net/9p/client.c:280) [ 310.161110][ T1630] ? __pfx_i_callback (fs/inode.c:251) [ 310.161260][ T1630] ? kasan_save_stack (mm/kasan/common.c:49) [ 310.161432][ T1630] ? kasan_save_stack (mm/kasan/common.c:48) [ 310.161583][ T1630] p9_client_prepare_req (net/9p/client.c:644) [ 310.161735][ T1630] ? vfs_statx (fs/stat.c:313) [ 310.161851][ T1630] ? vfs_fstatat (fs/stat.c:342) [ 310.162001][ T1630] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) [ 310.162184][ T1630] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 310.162336][ T1630] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) [ 310.162484][ T1630] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.162655][ T1630] ? __pfx_p9_client_rpc (net/9p/client.c:675) [ 310.162805][ T1630] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 310.162952][ T1630] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [ 310.163102][ T1630] ? __pfx_i_callback (fs/inode.c:251) [ 310.163249][ T1630] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) [ 310.163400][ T1630] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 310.163586][ T1630] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 310.163737][ T1630] p9_client_clunk (net/9p/client.c:1441 (discriminator 3)) [ 310.163890][ T1630] v9fs_dentry_release (fs/9p/vfs_dentry.c:60) [ 310.164043][ T1630] ? __pfx_v9fs_dentry_release (fs/9p/vfs_dentry.c:49) [ 310.164190][ T1630] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) [ 310.164337][ T1630] ? iput_final (fs/inode.c:1877) [ 310.164488][ T1630] __dentry_kill (fs/dcache.c:620) [ 310.164640][ T1630] ? __pfx_kfree_link (fs/libfs.c:1628) [ 310.164789][ T1630] dput.part.0 (fs/dcache.c:857) [ 310.164935][ T1630] walk_component (fs/namei.c:569 fs/namei.c:1034 fs/namei.c:2058) [ 310.165085][ T1630] link_path_walk.part.0.constprop.0 (fs/namei.c:2420) [ 310.165271][ T1630] ? path_init (fs/namei.c:2484) [ 310.165427][ T1630] ? __pfx_link_path_walk.part.0.constprop.0 (fs/namei.c:2343) [ 310.165699][ T1630] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [ 310.165928][ T1630] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) [ 310.166160][ T1630] path_lookupat (fs/namei.c:2348 (discriminator 2) fs/namei.c:2579 (discriminator 2)) [ 310.166387][ T1630] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [ 310.166676][ T1630] filename_lookup (fs/namei.c:2609) [ 310.166901][ T1630] ? __pfx_filename_lookup (fs/namei.c:2603) [ 310.167144][ T1630] ? __pfx_kfree_link (fs/libfs.c:1628) [ 310.167355][ T1630] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 310.167577][ T1630] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.167779][ T1630] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.168009][ T1630] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 310.168227][ T1630] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.168411][ T1630] vfs_statx (fs/stat.c:313) [ 310.168586][ T1630] ? __pfx_vfs_statx (fs/stat.c:302) [ 310.168818][ T1630] ? getname_flags (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 fs/namei.c:207) [ 310.169050][ T1630] vfs_fstatat (fs/stat.c:342) [ 310.169222][ T1630] __do_sys_newfstatat (fs/stat.c:506) [ 310.169447][ T1630] ? __pfx___do_sys_newfstatat (fs/stat.c:501) [ 310.169679][ T1630] ? __x64_sys_openat (fs/open.c:1441) [ 310.169917][ T1630] ? __pfx_task_work_run (kernel/task_work.c:196) [ 310.170181][ T1630] ? __pfx___x64_sys_openat (fs/open.c:1441) [ 310.170441][ T1630] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 310.170734][ T1630] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 310.171034][ T1630] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.171285][ T1630] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.171575][ T1630] RIP: 0033:0x7ff8c2ce4eae [ 310.171813][ T1630] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 07 00 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 0b 31 c0 c3 0f 1f 84 00 00 00 00 00 f7 d8 89 05 All code ======== 0: 48 89 f2 mov %rsi,%rdx 3: b9 00 01 00 00 mov $0x100,%ecx 8: 48 89 fe mov %rdi,%rsi b: bf 9c ff ff ff mov $0xffffff9c,%edi 10: e9 07 00 00 00 jmp 0x1c 15: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1c: f3 0f 1e fa endbr64 20: 41 89 ca mov %ecx,%r10d 23: b8 06 01 00 00 mov $0x106,%eax 28: 0f 05 syscall 2a:* 3d 00 f0 ff ff cmp $0xfffff000,%eax <-- trapping instruction 2f: 77 0b ja 0x3c 31: 31 c0 xor %eax,%eax 33: c3 ret 34: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 3b: 00 3c: f7 d8 neg %eax 3e: 89 .byte 0x89 3f: 05 .byte 0x5 Code starting with the faulting instruction =========================================== 0: 3d 00 f0 ff ff cmp $0xfffff000,%eax 5: 77 0b ja 0x12 7: 31 c0 xor %eax,%eax 9: c3 ret a: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 11: 00 12: f7 d8 neg %eax 14: 89 .byte 0x89 15: 05 .byte 0x5 [ 310.172631][ T1630] RSP: 002b:00007ffcd90166d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 310.172995][ T1630] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00007ff8c2ce4eae [ 310.173364][ T1630] RDX: 00007ffcd90167b0 RSI: 00007ffcd90166e0 RDI: 00000000ffffff9c [ 310.173704][ T1630] RBP: 00007ffcd9016870 R08: 00000000ffffffff R09: 00007ffcd90166e0 [ 310.174060][ T1630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd90166e7 Finger prints: stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create print_report:kasan_report:___neigh_create:ip_finish_output2:ip_push_pending_frames free_to_partial_list:qlist_free_all:kasan_quarantine_reduce:__kasan_slab_alloc:kmem_cache_alloc_noprof check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:p9_fcall_init depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report