======================================
| [  830.043707][ T5884] ==================================================================
| [ 830.043981][ T5884] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
| [  830.044207][ T5884] Write of size 8 at addr ffff888005af5818 by task ping/5884
| [  830.044431][ T5884]
[  830.044739][ T5884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  830.045082][ T5884] Call Trace:
[  830.045194][ T5884]  <TASK>
[ 830.045275][ T5884] dump_stack_lvl (lib/dump_stack.c:123) 
[ 830.045440][ T5884] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 830.045623][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.045770][ T5884] print_report (mm/kasan/report.c:489) 
[ 830.045925][ T5884] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 830.046067][ T5884] kasan_report (mm/kasan/report.c:603) 
[ 830.046176][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.046333][ T5884] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.046477][ T5884] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 830.046640][ T5884] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 830.046798][ T5884] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 830.046943][ T5884] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 830.047089][ T5884] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 830.047231][ T5884] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 830.047383][ T5884] raw_sendmsg (net/ipv4/raw.c:658) 
[ 830.047524][ T5884] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 830.047700][ T5884] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 830.047856][ T5884] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 830.048001][ T5884] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 830.048141][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.048297][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.048439][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.048580][ T5884] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 830.048745][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.048888][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.049032][ T5884] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 830.049192][ T5884] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 830.049339][ T5884] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 830.049486][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.049637][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.049794][ T5884] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 830.049934][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.050071][ T5884] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 830.050222][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.050364][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.050507][ T5884] __x64_sys_sendto (net/socket.c:2222) 
[ 830.050670][ T5884] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 830.050846][ T5884] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 830.050990][ T5884] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  830.051179][ T5884] RIP: 0033:0x7f6f43f7785a
[ 830.051337][ T5884] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  830.051865][ T5884] RSP: 002b:00007ffca1410048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  830.052085][ T5884] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f6f43f7785a
[  830.052305][ T5884] RDX: 0000000000000040 RSI: 0000000017330340 RDI: 0000000000000005
[  830.052520][ T5884] RBP: 00007ffca14100a0 R08: 00000000004185e0 R09: 0000000000000010
[  830.052770][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  830.052984][ T5884] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f6f4409d000
| [  830.055690][ T5884] ------------[ cut here ]------------
| [  830.055835][ T5884] pool index 93034 out of bounds (706) for stack id 6b6b6b6b
| [ 830.056121][ T5884] WARNING: CPU: 3 PID: 5884 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
| [  830.056379][ T5884] Modules linked in:
[  830.056783][ T5884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 830.057113][ T5884] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 830.057271][ T5884] Code: b8 11 6d 93 e8 eb 2d a3 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 80 6c e2 92 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad
All code
========
   0:	b8 11 6d 93 e8       	mov    $0xe8936d11,%eax
   5:	eb 2d                	jmp    0x34
   7:	a3 01 83 f8 01 75 b8 	movabs %eax,0xf90b87501f88301
   e:	90 0f 
  10:	0b 90 eb b2 90 48    	or     0x4890b2eb(%rax),%edx
  16:	c7 c7 80 6c e2 92    	mov    $0x92e26c80,%edi
  1c:	44 89 e1             	mov    %r12d,%ecx
  1f:	44 89 ea             	mov    %r13d,%edx
  22:	89 ee                	mov    %ebp,%esi
  24:	e8 7b f2 0d ff       	call   0xffffffffff0df2a4
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	31 c0                	xor    %eax,%eax
  30:	eb bb                	jmp    0xffffffffffffffed
  32:	90                   	nop
  33:	0f 0b                	ud2
  35:	90                   	nop
  36:	eb b5                	jmp    0xffffffffffffffed
  38:	90                   	nop
  39:	0f 0b                	ud2
  3b:	90                   	nop
  3c:	31 c0                	xor    %eax,%eax
  3e:	eb ad                	jmp    0xffffffffffffffed

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	31 c0                	xor    %eax,%eax
   6:	eb bb                	jmp    0xffffffffffffffc3
   8:	90                   	nop
   9:	0f 0b                	ud2
   b:	90                   	nop
   c:	eb b5                	jmp    0xffffffffffffffc3
   e:	90                   	nop
   f:	0f 0b                	ud2
  11:	90                   	nop
  12:	31 c0                	xor    %eax,%eax
  14:	eb ad                	jmp    0xffffffffffffffc3
[  830.057818][ T5884] RSP: 0018:ffffc900085df7f0 EFLAGS: 00010082
[  830.058010][ T5884] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff263b43c
[  830.058233][ T5884] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  830.058457][ T5884] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff263b43c
[  830.058690][ T5884] R10: 0000000000000003 R11: 205d343838355420 R12: 000000006b6b6b6b
[  830.058914][ T5884] R13: 00000000000002c2 R14: 0000000000000008 R15: ffff888004ec45c0
[  830.059135][ T5884] FS:  00007f6f43ca1300(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  830.059403][ T5884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  830.059590][ T5884] CR2: 000000000041aad0 CR3: 0000000006418003 CR4: 0000000000772ef0
[  830.059846][ T5884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  830.060093][ T5884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  830.060316][ T5884] PKRU: 55555554
[  830.060432][ T5884] Call Trace:
[  830.060547][ T5884]  <TASK>
[ 830.060644][ T5884] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 830.060807][ T5884] ? __warn (kernel/panic.c:748) 
[ 830.060928][ T5884] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 830.061075][ T5884] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 830.061229][ T5884] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 830.061341][ T5884] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 830.061491][ T5884] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 830.061652][ T5884] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 830.061801][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.061966][ T5884] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.062119][ T5884] stack_depot_print (lib/stackdepot.c:745) 
[ 830.062273][ T5884] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 830.062464][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.062624][ T5884] print_report (mm/kasan/report.c:489) 
[ 830.062774][ T5884] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 830.062922][ T5884] kasan_report (mm/kasan/report.c:603) 
[ 830.063038][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.063190][ T5884] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.063353][ T5884] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 830.063506][ T5884] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 830.063665][ T5884] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 830.063817][ T5884] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 830.064003][ T5884] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 830.064164][ T5884] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 830.064329][ T5884] raw_sendmsg (net/ipv4/raw.c:658) 
[ 830.064493][ T5884] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 830.064667][ T5884] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 830.064820][ T5884] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 830.064974][ T5884] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 830.065132][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.065293][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.065442][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.065592][ T5884] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 830.065768][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.065919][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.066065][ T5884] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 830.066216][ T5884] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 830.066368][ T5884] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 830.066527][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.066686][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.066854][ T5884] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 830.067003][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.067153][ T5884] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 830.067316][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.067464][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.067619][ T5884] __x64_sys_sendto (net/socket.c:2222) 
[ 830.067783][ T5884] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 830.067983][ T5884] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 830.068133][ T5884] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  830.068335][ T5884] RIP: 0033:0x7f6f43f7785a
[ 830.068491][ T5884] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  830.069063][ T5884] RSP: 002b:00007ffca1410048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  830.069304][ T5884] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f6f43f7785a
[  830.069529][ T5884] RDX: 0000000000000040 RSI: 0000000017330340 RDI: 0000000000000005
[  830.069758][ T5884] RBP: 00007ffca14100a0 R08: 00000000004185e0 R09: 0000000000000010
[  830.069984][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  830.070209][ T5884] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f6f4409d000
| [  830.072137][ T5884] corrupt handle or use after stack_depot_put()
| [ 830.072181][ T5884] WARNING: CPU: 3 PID: 5884 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
| [  830.072655][ T5884] Modules linked in:
| [  830.073048][ T5884] Tainted: [W]=WARN
[  830.073162][ T5884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 830.073531][ T5884] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.073716][ T5884] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 60 6d e2 92 e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
All code
========
   0:	74 1a                	je     0x1c
   2:	48 8d 50 20          	lea    0x20(%rax),%rdx
   6:	48 89 13             	mov    %rdx,(%rbx)
   9:	5b                   	pop    %rbx
   a:	8b 40 14             	mov    0x14(%rax),%eax
   d:	5d                   	pop    %rbp
   e:	41 5c                	pop    %r12
  10:	c3                   	ret
  11:	cc                   	int3
  12:	cc                   	int3
  13:	cc                   	int3
  14:	cc                   	int3
  15:	31 c0                	xor    %eax,%eax
  17:	c3                   	ret
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	cc                   	int3
  1c:	90                   	nop
  1d:	48 c7 c7 60 6d e2 92 	mov    $0xffffffff92e26d60,%rdi
  24:	e8 62 ed 0d ff       	call   0xffffffffff0ded8b
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	eb bb                	jmp    0xffffffffffffffeb
  30:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
  37:	00 00 00 00 
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	eb bb                	jmp    0xffffffffffffffc1
   6:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
   d:	00 00 00 00 
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
[  830.074331][ T5884] RSP: 0018:ffffc900085df818 EFLAGS: 00010086
[  830.074543][ T5884] RAX: 0000000000000000 RBX: ffffc900085df838 RCX: 1ffffffff263b43c
[  830.074862][ T5884] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  830.075093][ T5884] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff263b43c
[  830.075313][ T5884] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000
[  830.075627][ T5884] R13: ffffffff918f3488 R14: 0000000000000008 R15: ffff888004ec45c0
[  830.075860][ T5884] FS:  00007f6f43ca1300(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  830.076135][ T5884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  830.076502][ T5884] CR2: 000000000041aad0 CR3: 0000000006418003 CR4: 0000000000772ef0
[  830.076733][ T5884] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  830.076964][ T5884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  830.077184][ T5884] PKRU: 55555554
[  830.077296][ T5884] Call Trace:
[  830.077423][ T5884]  <TASK>
[ 830.077506][ T5884] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.077759][ T5884] ? __warn (kernel/panic.c:748) 
[ 830.077875][ T5884] ? nbcon_get_cpu_emergency_nesting (kernel/printk/nbcon.c:1356) 
[ 830.078064][ T5884] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.078216][ T5884] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 830.078373][ T5884] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 830.078560][ T5884] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 830.078732][ T5884] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 830.078882][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.079042][ T5884] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.079280][ T5884] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 830.079426][ T5884] stack_depot_print (lib/stackdepot.c:745) 
[ 830.079588][ T5884] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 830.079792][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.079945][ T5884] print_report (mm/kasan/report.c:489) 
[ 830.080106][ T5884] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 830.080255][ T5884] kasan_report (mm/kasan/report.c:603) 
[ 830.080371][ T5884] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.080520][ T5884] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 830.080795][ T5884] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) 
[ 830.080947][ T5884] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) 
[ 830.081105][ T5884] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 830.081261][ T5884] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) 
[ 830.081485][ T5884] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) 
[ 830.081669][ T5884] ? raw_sendmsg (net/ipv4/raw.c:651) 
[ 830.081827][ T5884] raw_sendmsg (net/ipv4/raw.c:658) 
[ 830.081983][ T5884] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) 
[ 830.082204][ T5884] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) 
[ 830.082355][ T5884] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) 
[ 830.082507][ T5884] ? gup_fast_pte_range (mm/gup.c:2844) 
[ 830.082676][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.082899][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.083050][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.083214][ T5884] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 830.083372][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.083523][ T5884] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 830.083782][ T5884] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) 
[ 830.083931][ T5884] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 830.084078][ T5884] ? __pfx___sys_sendto (net/socket.c:2184) 
[ 830.084242][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.084468][ T5884] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 830.084626][ T5884] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) 
[ 830.084782][ T5884] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.084956][ T5884] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 830.085103][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.085269][ T5884] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) 
[ 830.085414][ T5884] __x64_sys_sendto (net/socket.c:2222) 
[ 830.085557][ T5884] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 830.085861][ T5884] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 830.086007][ T5884] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  830.086198][ T5884] RIP: 0033:0x7f6f43f7785a
[ 830.086362][ T5884] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[  830.086987][ T5884] RSP: 002b:00007ffca1410048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  830.087300][ T5884] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007f6f43f7785a
[  830.087526][ T5884] RDX: 0000000000000040 RSI: 0000000017330340 RDI: 0000000000000005
[  830.087753][ T5884] RBP: 00007ffca14100a0 R08: 00000000004185e0 R09: 0000000000000010
[  830.088069][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  830.088286][ T5884] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007f6f4409d000
| [  830.461514][ T5886] Padding  ffff888005af5fd4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  830.461838][ T5886] Padding  ffff888005af5fe4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  830.462159][ T5886] Padding  ffff888005af5ff4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
| [  830.462808][ T5886] Tainted: [B]=BAD_PAGE, [W]=WARN
[  830.462972][ T5886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  830.463434][ T5886] Call Trace:
[  830.463562][ T5886]  <TASK>
[ 830.463647][ T5886] dump_stack_lvl (lib/dump_stack.c:123) 
[ 830.463818][ T5886] check_object (mm/slub.c:1400) 
[ 830.464075][ T5886] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) 
[ 830.464238][ T5886] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) 
[ 830.464403][ T5886] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) 
[ 830.464564][ T5886] ? p9_fcall_init (net/9p/client.c:233) 
[ 830.464826][ T5886] ? fs_reclaim_acquire (mm/page_alloc.c:3851 mm/page_alloc.c:3842) 
[ 830.464990][ T5886] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 830.465161][ T5886] ? p9_fcall_init (net/9p/client.c:233) 
[ 830.465320][ T5886] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 830.465572][ T5886] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 830.465735][ T5886] p9_fcall_init (net/9p/client.c:233) 
[ 830.465897][ T5886] p9_tag_alloc (net/9p/client.c:300) 
[ 830.466058][ T5886] ? __pfx_p9_tag_alloc (net/9p/client.c:280) 
[ 830.466222][ T5886] ? kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 830.466501][ T5886] ? __kasan_slab_alloc (mm/kasan/common.c:348) 
[ 830.466664][ T5886] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) 
[ 830.466828][ T5886] p9_client_prepare_req (net/9p/client.c:644) 
[ 830.466991][ T5886] ? kernel_text_address (kernel/extable.c:99) 
[ 830.467155][ T5886] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) 
[ 830.467356][ T5886] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:27 (discriminator 1)) 
[ 830.467523][ T5886] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) 
[ 830.467686][ T5886] ? __pfx_p9_client_rpc (net/9p/client.c:675) 
[ 830.467847][ T5886] ? stack_depot_save_flags (lib/stackdepot.c:609) 
[ 830.468012][ T5886] ? backing_file_read_iter (fs/backing-file.c:183) 
[ 830.468180][ T5886] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 830.468345][ T5886] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 830.468510][ T5886] ? __pfx_fill_pool (lib/debugobjects.c:129) 
[ 830.468678][ T5886] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 830.468844][ T5886] p9_client_read_once (net/9p/client.c:1565) 
[ 830.469008][ T5886] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 830.469282][ T5886] ? __pfx_p9_client_read_once (net/9p/client.c:1537) 
[ 830.469449][ T5886] ? __debug_object_init (lib/debugobjects.c:622) 
[ 830.469611][ T5886] ? mempool_alloc_noprof (mm/mempool.c:402) 
[ 830.469777][ T5886] p9_client_read (net/9p/client.c:1525) 
[ 830.469942][ T5886] v9fs_issue_read (fs/9p/vfs_addr.c:78) 
[ 830.470105][ T5886] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 830.470264][ T5886] ? __pfx_v9fs_issue_read (fs/9p/vfs_addr.c:68) 
[ 830.470425][ T5886] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 830.470587][ T5886] ? netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:79) 
[ 830.470793][ T5886] netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:90) 
[ 830.470996][ T5886] netfs_unbuffered_read (fs/netfs/direct_read.c:129) 
[ 830.471156][ T5886] netfs_unbuffered_read_iter_locked (fs/netfs/direct_read.c:221) 
[ 830.471448][ T5886] netfs_unbuffered_read_iter (fs/netfs/direct_read.c:257) 
[ 830.471608][ T5886] do_iter_readv_writev (fs/read_write.c:832) 
[ 830.471771][ T5886] ? ovl_verify_lowerdata (fs/overlayfs/namei.c:1026) 
[ 830.471935][ T5886] ? __pfx_do_iter_readv_writev (fs/read_write.c:821) 
[ 830.472099][ T5886] ? stack_trace_save (kernel/stacktrace.c:123) 
[ 830.472356][ T5886] vfs_iter_read (fs/read_write.c:923) 
[ 830.472516][ T5886] ? ovl_real_fdget_meta (fs/overlayfs/file.c:110) 
[ 830.472677][ T5886] backing_file_read_iter (fs/backing-file.c:183) 
[ 830.472839][ T5886] ? load_elf_phdrs (./include/linux/slab.h:882 fs/binfmt_elf.c:526) 
[ 830.473003][ T5886] ? load_elf_binary (fs/binfmt_elf.c:855) 
[ 830.473164][ T5886] ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 830.473333][ T5886] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) 
[ 830.473497][ T5886] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) 
[ 830.473659][ T5886] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 830.473820][ T5886] ? stack_depot_save_flags (lib/stackdepot.c:609) 
[ 830.473983][ T5886] __kernel_read (fs/read_write.c:527 (discriminator 1)) 
[ 830.474150][ T5886] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 830.474405][ T5886] ? __pfx___kernel_read (fs/read_write.c:504) 
[ 830.474567][ T5886] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 830.474749][ T5886] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 830.474954][ T5886] ? __kasan_kmalloc (mm/kasan/common.c:398) 
[ 830.475206][ T5886] ? trace_kmalloc (./include/trace/events/kmem.h:54 (discriminator 52)) 
[ 830.475372][ T5886] ? __kmalloc_noprof (mm/slub.c:4277) 
[ 830.475533][ T5886] load_elf_phdrs (fs/binfmt_elf.c:471 fs/binfmt_elf.c:531) 
[ 830.475696][ T5886] ? __pfx_load_elf_phdrs (fs/binfmt_elf.c:508) 
[ 830.475860][ T5886] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) 
[ 830.476115][ T5886] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 830.476321][ T5886] load_elf_binary (fs/binfmt_elf.c:855) 
[ 830.476495][ T5886] ? __kernel_read (fs/read_write.c:527 (discriminator 1)) 
[ 830.476656][ T5886] ? __pfx___kernel_read (fs/read_write.c:504) 
[ 830.476910][ T5886] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.477073][ T5886] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 830.477234][ T5886] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 830.477394][ T5886] ? __pfx_load_elf_binary (fs/binfmt_elf.c:820) 
[ 830.477648][ T5886] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 830.477818][ T5886] search_binary_handler (fs/exec.c:1752) 
[ 830.477985][ T5886] ? __pfx_search_binary_handler (fs/exec.c:1731) 
[ 830.478187][ T5886] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 830.478471][ T5886] exec_binprm (fs/exec.c:1795) 
[ 830.478636][ T5886] bprm_execve (fs/exec.c:1845 fs/exec.c:1821) 
[ 830.478758][ T5886] do_execveat_common.isra.0 (fs/exec.c:1952) 
[ 830.478923][ T5886] __x64_sys_execve (fs/exec.c:2097) 
[ 830.479096][ T5886] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 830.479265][ T5886] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  830.479466][ T5886] RIP: 0033:0x7f486013540b
[ 830.479634][ T5886] Code: c0 75 03 5f ff e7 c3 48 8b 0d f1 a9 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 80 00 00 00 00 f3 0f 1e fa b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c5 a9 1b 00 f7 d8 64 89 01 48
All code
========
   0:	c0 75 03 5f          	shlb   $0x5f,0x3(%rbp)
   4:	ff e7                	jmp    *%rdi
   6:	c3                   	ret
   7:	48 8b 0d f1 a9 1b 00 	mov    0x1ba9f1(%rip),%rcx        # 0x1ba9ff
   e:	f7 d8                	neg    %eax
  10:	64 89 01             	mov    %eax,%fs:(%rcx)
  13:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  17:	c3                   	ret
  18:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 3b 00 00 00       	mov    $0x3b,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d c5 a9 1b 00 	mov    0x1ba9c5(%rip),%rcx        # 0x1ba9ff
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d c5 a9 1b 00 	mov    0x1ba9c5(%rip),%rcx        # 0x1ba9d5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[  830.480207][ T5886] RSP: 002b:00007ffceb857ee8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  830.480456][ T5886] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f486013540b
[  830.480698][ T5886] RDX: 000055b9b2d09f20 RSI: 000055b9b2d1e000 RDI: 000055b9b2e80150
[  830.480937][ T5886] RBP: 000055b9b2e80150 R08: 000055b9b2e7d8f0 R09: 0000000000000020
[  830.481304][ T5886] R10: 00000000000001b6 R11: 0000000000000246 R12: 00000000ffffffff
[  830.481546][ T5886] R13: 000055b9b2d1e000 R14: 000055b9b2d09f20 R15: 000055b9b2e7ff40
| [  830.481795][ T5886]  </TASK>
| [  830.481918][ T5886] FIX kmalloc-1k: Marking all objects used
| [  831.298990][ T5888] Oops: general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [  831.299654][ T5888] Tainted: [B]=BAD_PAGE, [W]=WARN
[  831.299792][ T5888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 831.300120][ T5888] RIP: 0010:free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 831.300320][ T5888] Code: 90 e9 02 ff ff ff 31 db 41 f6 44 24 08 80 0f 84 9e 00 00 00 8b 0d 5d e9 e0 03 85 c9 75 58 48 8b 45 18 48 8b 55 10 48 8d 7d 10 <48> 3b 38 0f 85 ca 00 00 00 48 3b 7a 08 0f 85 c0 00 00 00 48 89 42
All code
========
   0:	90                   	nop
   1:	e9 02 ff ff ff       	jmp    0xffffffffffffff08
   6:	31 db                	xor    %ebx,%ebx
   8:	41 f6 44 24 08 80    	testb  $0x80,0x8(%r12)
   e:	0f 84 9e 00 00 00    	je     0xb2
  14:	8b 0d 5d e9 e0 03    	mov    0x3e0e95d(%rip),%ecx        # 0x3e0e977
  1a:	85 c9                	test   %ecx,%ecx
  1c:	75 58                	jne    0x76
  1e:	48 8b 45 18          	mov    0x18(%rbp),%rax
  22:	48 8b 55 10          	mov    0x10(%rbp),%rdx
  26:	48 8d 7d 10          	lea    0x10(%rbp),%rdi
  2a:*	48 3b 38             	cmp    (%rax),%rdi		<-- trapping instruction
  2d:	0f 85 ca 00 00 00    	jne    0xfd
  33:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
  37:	0f 85 c0 00 00 00    	jne    0xfd
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89
  3f:	42                   	rex.X

Code starting with the faulting instruction
===========================================
   0:	48 3b 38             	cmp    (%rax),%rdi
   3:	0f 85 ca 00 00 00    	jne    0xd3
   9:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
   d:	0f 85 c0 00 00 00    	jne    0xd3
  13:	48                   	rex.W
  14:	89                   	.byte 0x89
  15:	42                   	rex.X
[  831.300821][ T5888] RSP: 0018:ffffc9000861fa30 EFLAGS: 00010046
[  831.301014][ T5888] RAX: dead000000000122 RBX: 0000000000000000 RCX: 0000000000000000
[  831.301236][ T5888] RDX: dead000000000100 RSI: 0000000005ec01dc RDI: ffffea000016bc10
[  831.301449][ T5888] RBP: ffffea000016bc00 R08: 0000000000000001 R09: 0000000000000000
[  831.301663][ T5888] R10: ffff888005af2000 R11: ffffc9000861f8a9 R12: ffff8880010430c0
[  831.301896][ T5888] R13: ffff888005af1c00 R14: 0000000000000286 R15: ffff888001040e00
[  831.302100][ T5888] FS:  0000000000000000(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[  831.302355][ T5888] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  831.302554][ T5888] CR2: 00007fbadd142270 CR3: 0000000008fc8004 CR4: 0000000000772ef0
[  831.302758][ T5888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  831.302958][ T5888] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  831.303168][ T5888] PKRU: 55555554
[  831.303289][ T5888] Call Trace:
[  831.303391][ T5888]  <TASK>
[ 831.303461][ T5888] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 831.303575][ T5888] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 831.303717][ T5888] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 831.303857][ T5888] ? free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 831.303992][ T5888] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) 
[ 831.304131][ T5888] qlist_free_all (mm/kasan/quarantine.c:174) 
[ 831.304274][ T5888] ? p9_client_getattr_dotl (./include/linux/slab.h:878 net/9p/client.c:1777) 
[ 831.304415][ T5888] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) 
[ 831.304554][ T5888] __kasan_slab_alloc (mm/kasan/common.c:329) 
[ 831.304692][ T5888] __kmalloc_cache_noprof (mm/slub.c:4086 mm/slub.c:4134 mm/slub.c:4290) 
[ 831.304829][ T5888] p9_client_getattr_dotl (./include/linux/slab.h:878 net/9p/client.c:1777) 
[ 831.304965][ T5888] v9fs_vfs_getattr_dotl (fs/9p/vfs_inode_dotl.c:408) 
[ 831.305105][ T5888] ovl_getattr (fs/overlayfs/overlayfs.h:419 fs/overlayfs/inode.c:173) 
[ 831.305242][ T5888] ? backing_file_read_iter (fs/backing-file.c:203) 
[ 831.305385][ T5888] ? __pfx_ovl_getattr (fs/overlayfs/inode.c:158) 
[ 831.305521][ T5888] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 831.305668][ T5888] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) 
[ 831.305803][ T5888] ? __pfx_free_object_rcu (mm/kmemleak.c:514) 
[ 831.305939][ T5888] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) 
[ 831.306083][ T5888] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) 
[ 831.306218][ T5888] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 831.306357][ T5888] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 831.306528][ T5888] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 831.306663][ T5888] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 831.306801][ T5888] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 831.306933][ T5888] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 831.307067][ T5888] ? vfs_getattr_nosec (fs/stat.c:143) 
[ 831.307206][ T5888] vfs_fstat (./include/linux/file.h:68 fs/stat.c:230) 
[ 831.307311][ T5888] __do_sys_newfstatat (fs/stat.c:506) 
[ 831.307447][ T5888] ? __pfx___do_sys_newfstatat (fs/stat.c:501) 
[ 831.307587][ T5888] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 831.307756][ T5888] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 831.307925][ T5888] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 831.308059][ T5888] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  831.308224][ T5888] RIP: 0033:0x7f9202efaeae
[ 831.308369][ T5888] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 07 00 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 0b 31 c0 c3 0f 1f 84 00 00 00 00 00 f7 d8 89 05
All code
========
   0:	48 89 f2             	mov    %rsi,%rdx
   3:	b9 00 01 00 00       	mov    $0x100,%ecx
   8:	48 89 fe             	mov    %rdi,%rsi
   b:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  10:	e9 07 00 00 00       	jmp    0x1c
  15:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1c:	f3 0f 1e fa          	endbr64
  20:	41 89 ca             	mov    %ecx,%r10d
  23:	b8 06 01 00 00       	mov    $0x106,%eax
  28:	0f 05                	syscall
  2a:*	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax		<-- trapping instruction
  2f:	77 0b                	ja     0x3c
  31:	31 c0                	xor    %eax,%eax
  33:	c3                   	ret
  34:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  3b:	00 
  3c:	f7 d8                	neg    %eax
  3e:	89                   	.byte 0x89
  3f:	05                   	.byte 0x5

Code starting with the faulting instruction
===========================================
   0:	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax
   5:	77 0b                	ja     0x12
   7:	31 c0                	xor    %eax,%eax
   9:	c3                   	ret
   a:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  11:	00 
  12:	f7 d8                	neg    %eax
  14:	89                   	.byte 0x89
  15:	05                   	.byte 0x5
[  831.308840][ T5888] RSP: 002b:00007ffdf12a8b28 EFLAGS: 00000206 ORIG_RAX: 0000000000000106
[  831.309053][ T5888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9202efaeae
[  831.309257][ T5888] RDX: 00007ffdf12a8bc0 RSI: 00007f9202efecfb RDI: 0000000000000005
[  831.309460][ T5888] RBP: 00007ffdf12a8c80 R08: 00007f9202ecc920 R09: 00007f9202f0a220
[  831.309658][ T5888] R10: 0000000000001000 R11: 0000000000000206 R12: 00007f9202f0a220


Finger prints:
stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create
free_to_partial_list:qlist_free_all:kasan_quarantine_reduce:__kasan_slab_alloc:__kmalloc_cache_noprof
print_report:kasan_report:___neigh_create:ip_finish_output2:ip_push_pending_frames
check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:p9_fcall_init
depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report