====================================== | [ 310.723620][ T1632] ================================================================== | [ 310.723850][ T1632] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) | [ 310.724049][ T1632] Write of size 8 at addr ffff888005ccc018 by task ping/1632 | [ 310.724249][ T1632] [ 310.724518][ T1632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 310.724790][ T1632] Call Trace: [ 310.724893][ T1632] [ 310.724960][ T1632] dump_stack_lvl (lib/dump_stack.c:123) [ 310.725093][ T1632] print_address_description.constprop.0 (mm/kasan/report.c:378) [ 310.725253][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.725384][ T1632] print_report (mm/kasan/report.c:489) [ 310.725516][ T1632] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 310.725640][ T1632] kasan_report (mm/kasan/report.c:603) [ 310.725734][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.725861][ T1632] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.725991][ T1632] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 310.726119][ T1632] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 310.726246][ T1632] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 310.726373][ T1632] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 310.726496][ T1632] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 310.726621][ T1632] ? raw_sendmsg (net/ipv4/raw.c:651) [ 310.726747][ T1632] raw_sendmsg (net/ipv4/raw.c:658) [ 310.726871][ T1632] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 310.726993][ T1632] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 310.727122][ T1632] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 310.727248][ T1632] ? gup_fast_pte_range (mm/gup.c:2844) [ 310.727375][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.727499][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.727624][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.727744][ T1632] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 310.727864][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.727984][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.728109][ T1632] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 310.728234][ T1632] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 310.728359][ T1632] ? __pfx___sys_sendto (net/socket.c:2184) [ 310.728485][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.728608][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.728732][ T1632] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 310.728852][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.728978][ T1632] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 310.729101][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.729227][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.729359][ T1632] __x64_sys_sendto (net/socket.c:2222) [ 310.729495][ T1632] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 310.729662][ T1632] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.729816][ T1632] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.729986][ T1632] RIP: 0033:0x7feec754985a [ 310.730129][ T1632] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 310.730615][ T1632] RSP: 002b:00007ffd51e03468 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 310.730823][ T1632] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007feec754985a [ 310.731030][ T1632] RDX: 0000000000000040 RSI: 000000003b3dc340 RDI: 0000000000000005 [ 310.731232][ T1632] RBP: 00007ffd51e034c0 R08: 00000000004185e0 R09: 0000000000000010 [ 310.731440][ T1632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 310.731644][ T1632] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007feec766f000 | [ 310.734131][ T1632] ------------[ cut here ]------------ | [ 310.734269][ T1632] pool index 93034 out of bounds (732) for stack id 6b6b6b6b | [ 310.734520][ T1632] WARNING: CPU: 3 PID: 1632 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) | [ 310.734775][ T1632] Modules linked in: [ 310.735113][ T1632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 310.735417][ T1632] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 310.735553][ T1632] Code: b8 11 cd a6 e8 eb 2d a3 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 80 6c 42 a6 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad All code ======== 0: b8 11 cd a6 e8 mov $0xe8a6cd11,%eax 5: eb 2d jmp 0x34 7: a3 01 83 f8 01 75 b8 movabs %eax,0xf90b87501f88301 e: 90 0f 10: 0b 90 eb b2 90 48 or 0x4890b2eb(%rax),%edx 16: c7 c7 80 6c 42 a6 mov $0xa6426c80,%edi 1c: 44 89 e1 mov %r12d,%ecx 1f: 44 89 ea mov %r13d,%edx 22: 89 ee mov %ebp,%esi 24: e8 7b f2 0d ff call 0xffffffffff0df2a4 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: 31 c0 xor %eax,%eax 30: eb bb jmp 0xffffffffffffffed 32: 90 nop 33: 0f 0b ud2 35: 90 nop 36: eb b5 jmp 0xffffffffffffffed 38: 90 nop 39: 0f 0b ud2 3b: 90 nop 3c: 31 c0 xor %eax,%eax 3e: eb ad jmp 0xffffffffffffffed Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: 31 c0 xor %eax,%eax 6: eb bb jmp 0xffffffffffffffc3 8: 90 nop 9: 0f 0b ud2 b: 90 nop c: eb b5 jmp 0xffffffffffffffc3 e: 90 nop f: 0f 0b ud2 11: 90 nop 12: 31 c0 xor %eax,%eax 14: eb ad jmp 0xffffffffffffffc3 [ 310.736027][ T1632] RSP: 0018:ffffc900035cf7f0 EFLAGS: 00010082 [ 310.736208][ T1632] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff4cfb43c [ 310.736406][ T1632] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 310.736604][ T1632] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff4cfb43c [ 310.736803][ T1632] R10: 0000000000000003 R11: 205d323336315420 R12: 000000006b6b6b6b [ 310.737008][ T1632] R13: 00000000000002dc R14: 0000000000000008 R15: ffff888006610040 [ 310.737206][ T1632] FS: 00007feec7273300(0000) GS:ffff88802f780000(0000) knlGS:0000000000000000 [ 310.737438][ T1632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 310.737605][ T1632] CR2: 00007ffd51e02a40 CR3: 0000000005fd2002 CR4: 0000000000772ef0 [ 310.737803][ T1632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 310.738011][ T1632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 310.738207][ T1632] PKRU: 55555554 [ 310.738307][ T1632] Call Trace: [ 310.738410][ T1632] [ 310.738480][ T1632] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 310.738617][ T1632] ? __warn (kernel/panic.c:748) [ 310.738719][ T1632] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 310.738853][ T1632] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 310.738996][ T1632] ? handle_bug (arch/x86/kernel/traps.c:285) [ 310.739099][ T1632] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 310.739229][ T1632] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 310.739361][ T1632] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 310.739492][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.739622][ T1632] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.739777][ T1632] stack_depot_print (lib/stackdepot.c:745) [ 310.739907][ T1632] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 310.740072][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.740206][ T1632] print_report (mm/kasan/report.c:489) [ 310.740341][ T1632] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 310.740478][ T1632] kasan_report (mm/kasan/report.c:603) [ 310.740579][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.740715][ T1632] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.740853][ T1632] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 310.740995][ T1632] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 310.741144][ T1632] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 310.741289][ T1632] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 310.741442][ T1632] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 310.741584][ T1632] ? raw_sendmsg (net/ipv4/raw.c:651) [ 310.741732][ T1632] raw_sendmsg (net/ipv4/raw.c:658) [ 310.741881][ T1632] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 310.742029][ T1632] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 310.742180][ T1632] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 310.742331][ T1632] ? gup_fast_pte_range (mm/gup.c:2844) [ 310.742475][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.742607][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.742744][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.742876][ T1632] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 310.743010][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.743141][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.743365][ T1632] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 310.743500][ T1632] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 310.743632][ T1632] ? __pfx___sys_sendto (net/socket.c:2184) [ 310.743773][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.743908][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.744042][ T1632] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 310.744174][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.744305][ T1632] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 310.744436][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.744643][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.744777][ T1632] __x64_sys_sendto (net/socket.c:2222) [ 310.744908][ T1632] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 310.745083][ T1632] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.745379][ T1632] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.745547][ T1632] RIP: 0033:0x7feec754985a [ 310.745683][ T1632] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 310.746228][ T1632] RSP: 002b:00007ffd51e03468 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 310.746426][ T1632] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007feec754985a [ 310.746698][ T1632] RDX: 0000000000000040 RSI: 000000003b3dc340 RDI: 0000000000000005 [ 310.746894][ T1632] RBP: 00007ffd51e034c0 R08: 00000000004185e0 R09: 0000000000000010 [ 310.747094][ T1632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 310.747371][ T1632] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007feec766f000 | [ 310.749238][ T1632] corrupt handle or use after stack_depot_put() | [ 310.749279][ T1632] WARNING: CPU: 3 PID: 1632 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) | [ 310.749667][ T1632] Modules linked in: | [ 310.750089][ T1632] Tainted: [W]=WARN [ 310.750199][ T1632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 310.750600][ T1632] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.750745][ T1632] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 60 6d 42 a6 e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 All code ======== 0: 74 1a je 0x1c 2: 48 8d 50 20 lea 0x20(%rax),%rdx 6: 48 89 13 mov %rdx,(%rbx) 9: 5b pop %rbx a: 8b 40 14 mov 0x14(%rax),%eax d: 5d pop %rbp e: 41 5c pop %r12 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: 31 c0 xor %eax,%eax 17: c3 ret 18: cc int3 19: cc int3 1a: cc int3 1b: cc int3 1c: 90 nop 1d: 48 c7 c7 60 6d 42 a6 mov $0xffffffffa6426d60,%rdi 24: e8 62 ed 0d ff call 0xffffffffff0ded8b 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: eb bb jmp 0xffffffffffffffeb 30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) 37: 00 00 00 00 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: eb bb jmp 0xffffffffffffffc1 6: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) d: 00 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 310.751322][ T1632] RSP: 0018:ffffc900035cf818 EFLAGS: 00010086 [ 310.751504][ T1632] RAX: 0000000000000000 RBX: ffffc900035cf838 RCX: 1ffffffff4cfb43c [ 310.751720][ T1632] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 310.752007][ T1632] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff4cfb43c [ 310.752218][ T1632] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000 [ 310.752429][ T1632] R13: ffffffffa4ef3488 R14: 0000000000000008 R15: ffff888006610040 [ 310.752719][ T1632] FS: 00007feec7273300(0000) GS:ffff88802f780000(0000) knlGS:0000000000000000 [ 310.752973][ T1632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 310.753225][ T1632] CR2: 00007ffd51e02a40 CR3: 0000000005fd2002 CR4: 0000000000772ef0 [ 310.753442][ T1632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 310.753654][ T1632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 310.753945][ T1632] PKRU: 55555554 [ 310.754054][ T1632] Call Trace: [ 310.754170][ T1632] [ 310.754244][ T1632] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.754388][ T1632] ? __warn (kernel/panic.c:748) [ 310.754498][ T1632] ? nbcon_get_cpu_emergency_nesting (kernel/printk/nbcon.c:1356) [ 310.754755][ T1632] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.754899][ T1632] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 310.755044][ T1632] ? handle_bug (arch/x86/kernel/traps.c:285) [ 310.755150][ T1632] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 310.755371][ T1632] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 310.755517][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.755665][ T1632] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.755809][ T1632] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 310.756100][ T1632] stack_depot_print (lib/stackdepot.c:745) [ 310.756245][ T1632] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 310.756426][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.756566][ T1632] print_report (mm/kasan/report.c:489) [ 310.756784][ T1632] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 310.756928][ T1632] kasan_report (mm/kasan/report.c:603) [ 310.757041][ T1632] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.757179][ T1632] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 310.757309][ T1632] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 310.757529][ T1632] ? __ip_make_skb (net/ipv4/ip_output.c:1391 net/ipv4/ip_output.c:1501) [ 310.757659][ T1632] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 310.757790][ T1632] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307) [ 310.757922][ T1632] ip_push_pending_frames (net/ipv4/ip_output.c:1511 net/ipv4/ip_output.c:1530) [ 310.758067][ T1632] ? raw_sendmsg (net/ipv4/raw.c:651) [ 310.758213][ T1632] raw_sendmsg (net/ipv4/raw.c:658) [ 310.758361][ T1632] ? __pfx_raw_sendmsg (net/ipv4/raw.c:483) [ 310.758492][ T1632] ? __free_zapped_classes (./include/linux/bitmap.h:356 kernel/locking/lockdep.c:6305) [ 310.758708][ T1632] ? do_anonymous_page (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/pgtable.h:115 mm/memory.c:4835) [ 310.758846][ T1632] ? gup_fast_pte_range (mm/gup.c:2844) [ 310.758979][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.759110][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.759319][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.759450][ T1632] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 310.759579][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.759717][ T1632] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 310.759849][ T1632] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 310.760063][ T1632] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) [ 310.760206][ T1632] ? __pfx___sys_sendto (net/socket.c:2184) [ 310.760352][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.760495][ T1632] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 310.760715][ T1632] ? __up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1345) [ 310.760857][ T1632] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 310.761002][ T1632] ? __pfx___up_read (kernel/locking/rwsem.c:1337) [ 310.761156][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.761381][ T1632] ? do_user_addr_fault (./include/linux/rcupdate.h:882 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) [ 310.761523][ T1632] __x64_sys_sendto (net/socket.c:2222) [ 310.761667][ T1632] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 310.761845][ T1632] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 310.761995][ T1632] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 310.762175][ T1632] RIP: 0033:0x7feec754985a [ 310.762322][ T1632] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 310.762925][ T1632] RSP: 002b:00007ffd51e03468 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 310.763146][ T1632] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007feec754985a [ 310.763450][ T1632] RDX: 0000000000000040 RSI: 000000003b3dc340 RDI: 0000000000000005 [ 310.763664][ T1632] RBP: 00007ffd51e034c0 R08: 00000000004185e0 R09: 0000000000000010 [ 310.763888][ T1632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 310.764101][ T1632] R13: 000000000040305a R14: 0000000000415dd0 R15: 00007feec766f000 | [ 311.772721][ T1636] Padding ffff888005ccc7d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 311.773005][ T1636] Padding ffff888005ccc7e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 311.773279][ T1636] Padding ffff888005ccc7f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ | [ 311.773909][ T1636] Tainted: [B]=BAD_PAGE, [W]=WARN [ 311.774053][ T1636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 311.774461][ T1636] Call Trace: [ 311.774573][ T1636] [ 311.774656][ T1636] dump_stack_lvl (lib/dump_stack.c:123) [ 311.774804][ T1636] check_object (mm/slub.c:1400) [ 311.774946][ T1636] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) [ 311.775099][ T1636] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) [ 311.775244][ T1636] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) [ 311.775383][ T1636] ? p9_fcall_init (net/9p/client.c:233) [ 311.775538][ T1636] ? fs_reclaim_acquire (mm/page_alloc.c:3851 mm/page_alloc.c:3842) [ 311.775774][ T1636] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 311.775922][ T1636] ? p9_fcall_init (net/9p/client.c:233) [ 311.776060][ T1636] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 311.776198][ T1636] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 311.776436][ T1636] p9_fcall_init (net/9p/client.c:233) [ 311.776576][ T1636] p9_tag_alloc (net/9p/client.c:300) [ 311.776767][ T1636] ? __pfx_p9_tag_alloc (net/9p/client.c:280) [ 311.776913][ T1636] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 311.777058][ T1636] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 311.777199][ T1636] p9_client_prepare_req (net/9p/client.c:644) [ 311.777345][ T1636] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [ 311.777488][ T1636] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) [ 311.777758][ T1636] ? __kernel_text_address (kernel/extable.c:79) [ 311.777899][ T1636] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [ 311.778051][ T1636] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) [ 311.778192][ T1636] ? __pfx_p9_client_rpc (net/9p/client.c:675) [ 311.778428][ T1636] ? stack_depot_save_flags (lib/stackdepot.c:609) [ 311.778570][ T1636] ? backing_file_read_iter (fs/backing-file.c:183) [ 311.778748][ T1636] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) [ 311.778897][ T1636] ? __pfx_fill_pool (lib/debugobjects.c:129) [ 311.779047][ T1636] p9_client_read_once (net/9p/client.c:1565) [ 311.779187][ T1636] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 311.779364][ T1636] ? __pfx_p9_client_read_once (net/9p/client.c:1537) [ 311.779510][ T1636] ? __debug_object_init (lib/debugobjects.c:622) [ 311.779654][ T1636] ? mempool_alloc_noprof (mm/mempool.c:402) [ 311.780017][ T1636] p9_client_read (net/9p/client.c:1525) [ 311.780167][ T1636] v9fs_issue_read (fs/9p/vfs_addr.c:78) [ 311.780318][ T1636] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 311.780464][ T1636] ? __pfx_v9fs_issue_read (fs/9p/vfs_addr.c:68) [ 311.780704][ T1636] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 311.780866][ T1636] ? netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:79) [ 311.781047][ T1636] netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:90) [ 311.781253][ T1636] netfs_unbuffered_read (fs/netfs/direct_read.c:129) [ 311.781490][ T1636] netfs_unbuffered_read_iter_locked (fs/netfs/direct_read.c:221) [ 311.781719][ T1636] netfs_unbuffered_read_iter (fs/netfs/direct_read.c:257) [ 311.781866][ T1636] do_iter_readv_writev (fs/read_write.c:832) [ 311.782013][ T1636] ? ovl_verify_lowerdata (fs/overlayfs/namei.c:1026) [ 311.782161][ T1636] ? __pfx_do_iter_readv_writev (fs/read_write.c:821) [ 311.782325][ T1636] ? kasan_save_stack (mm/kasan/common.c:49) [ 311.782467][ T1636] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 311.782620][ T1636] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 311.782925][ T1636] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 311.783073][ T1636] vfs_iter_read (fs/read_write.c:923) [ 311.783214][ T1636] ? ovl_real_fdget_meta (fs/overlayfs/file.c:110) [ 311.783367][ T1636] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 311.783597][ T1636] backing_file_read_iter (fs/backing-file.c:183) [ 311.783747][ T1636] ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) [ 311.783891][ T1636] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) [ 311.784037][ T1636] ? __pfx_free_object_rcu (mm/kmemleak.c:514) [ 311.784297][ T1636] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) [ 311.784447][ T1636] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) [ 311.784591][ T1636] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 311.784801][ T1636] vfs_read (fs/read_write.c:488 fs/read_write.c:569) [ 311.784908][ T1636] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) [ 311.785142][ T1636] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) [ 311.785304][ T1636] ? do_sys_openat2 (fs/open.c:1424) [ 311.785450][ T1636] ? __pfx_vfs_read (fs/read_write.c:550) [ 311.785594][ T1636] ? __pfx_do_sys_openat2 (fs/open.c:1401) [ 311.785834][ T1636] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 311.785979][ T1636] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [ 311.786121][ T1636] ksys_read (fs/read_write.c:712) [ 311.786233][ T1636] ? __pfx_ksys_read (fs/read_write.c:702) [ 311.786459][ T1636] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 311.786664][ T1636] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 311.786811][ T1636] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 311.786985][ T1636] RIP: 0033:0x7ffab2cab138 [ 311.787250][ T1636] Code: c0 48 8d 44 24 d0 48 89 44 24 c8 eb bb 0f 1f 44 00 00 f7 d8 89 05 b8 f0 00 00 b8 ff ff ff ff c3 66 90 f3 0f 1e fa 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 08 c3 0f 1f 80 00 00 00 00 f7 d8 89 05 90 f0 All code ======== 0: c0 48 8d 44 rorb $0x44,-0x73(%rax) 4: 24 d0 and $0xd0,%al 6: 48 89 44 24 c8 mov %rax,-0x38(%rsp) b: eb bb jmp 0xffffffffffffffc8 d: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 12: f7 d8 neg %eax 14: 89 05 b8 f0 00 00 mov %eax,0xf0b8(%rip) # 0xf0d2 1a: b8 ff ff ff ff mov $0xffffffff,%eax 1f: c3 ret 20: 66 90 xchg %ax,%ax 22: f3 0f 1e fa endbr64 26: 31 c0 xor %eax,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 08 ja 0x3a 32: c3 ret 33: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 3a: f7 d8 neg %eax 3c: 89 .byte 0x89 3d: 05 .byte 0x5 3e: 90 nop 3f: f0 lock Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 08 ja 0x10 8: c3 ret 9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 10: f7 d8 neg %eax 12: 89 .byte 0x89 13: 05 .byte 0x5 14: 90 nop 15: f0 lock [ 311.787797][ T1636] RSP: 002b:00007ffd6d07cff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 311.788113][ T1636] RAX: ffffffffffffffda RBX: 00007ffd6d07d27f RCX: 00007ffab2cab138 [ 311.788338][ T1636] RDX: 0000000000000340 RSI: 00007ffd6d07d298 RDI: 0000000000000005 [ 311.788558][ T1636] RBP: 00007ffd6d07d060 R08: 0000000000080000 R09: 00007ffd6d07d070 [ 311.788883][ T1636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 [ 311.789133][ T1636] R13: 00007ffd6d07d290 R14: 00007ffd6d07d070 R15: 0000000000000005 | [ 325.787018][ T37] br0: port 1(s0) entered disabled state | [ 325.787937][ T37] br0: port 2(s1) entered disabled state | [ 326.149489][ T1674] Oops: general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] PREEMPT SMP KASAN NOPTI | [ 326.150495][ T1674] Tainted: [B]=BAD_PAGE, [W]=WARN [ 326.150719][ T1674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 326.151216][ T1674] RIP: 0010:free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) [ 326.151521][ T1674] Code: 90 e9 02 ff ff ff 31 db 41 f6 44 24 08 80 0f 84 9e 00 00 00 8b 0d 5d e9 e0 03 85 c9 75 58 48 8b 45 18 48 8b 55 10 48 8d 7d 10 <48> 3b 38 0f 85 ca 00 00 00 48 3b 7a 08 0f 85 c0 00 00 00 48 89 42 All code ======== 0: 90 nop 1: e9 02 ff ff ff jmp 0xffffffffffffff08 6: 31 db xor %ebx,%ebx 8: 41 f6 44 24 08 80 testb $0x80,0x8(%r12) e: 0f 84 9e 00 00 00 je 0xb2 14: 8b 0d 5d e9 e0 03 mov 0x3e0e95d(%rip),%ecx # 0x3e0e977 1a: 85 c9 test %ecx,%ecx 1c: 75 58 jne 0x76 1e: 48 8b 45 18 mov 0x18(%rbp),%rax 22: 48 8b 55 10 mov 0x10(%rbp),%rdx 26: 48 8d 7d 10 lea 0x10(%rbp),%rdi 2a:* 48 3b 38 cmp (%rax),%rdi <-- trapping instruction 2d: 0f 85 ca 00 00 00 jne 0xfd 33: 48 3b 7a 08 cmp 0x8(%rdx),%rdi 37: 0f 85 c0 00 00 00 jne 0xfd 3d: 48 rex.W 3e: 89 .byte 0x89 3f: 42 rex.X Code starting with the faulting instruction =========================================== 0: 48 3b 38 cmp (%rax),%rdi 3: 0f 85 ca 00 00 00 jne 0xd3 9: 48 3b 7a 08 cmp 0x8(%rdx),%rdi d: 0f 85 c0 00 00 00 jne 0xd3 13: 48 rex.W 14: 89 .byte 0x89 15: 42 rex.X [ 326.152312][ T1674] RSP: 0018:ffffc9000375f450 EFLAGS: 00010046 [ 326.152622][ T1674] RAX: dead000000000122 RBX: 0000000000000000 RCX: 0000000000000000 [ 326.152973][ T1674] RDX: dead000000000100 RSI: 0000000004d001d7 RDI: ffffea0000173210 [ 326.153319][ T1674] RBP: ffffea0000173200 R08: 0000000000000001 R09: 0000000000000000 [ 326.153668][ T1674] R10: ffff888005ccdc00 R11: ffffc9000375f2c9 R12: ffff8880010430c0 [ 326.154011][ T1674] R13: ffff888005ccd800 R14: 0000000000000286 R15: ffff888001040e00 [ 326.154340][ T1674] FS: 0000000000000000(0000) GS:ffff88802f700000(0000) knlGS:0000000000000000 [ 326.154730][ T1674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 326.155021][ T1674] CR2: 00007f3b40603270 CR3: 0000000006b8e001 CR4: 0000000000772ef0 [ 326.155359][ T1674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 326.155704][ T1674] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 326.156052][ T1674] PKRU: 55555554 [ 326.156215][ T1674] Call Trace: [ 326.156383][ T1674] [ 326.156506][ T1674] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [ 326.156686][ T1674] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) [ 326.156916][ T1674] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) [ 326.157142][ T1674] ? free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) [ 326.157370][ T1674] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) [ 326.157583][ T1674] qlist_free_all (mm/kasan/quarantine.c:174) [ 326.157819][ T1674] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) [ 326.158036][ T1674] __kasan_slab_alloc (mm/kasan/common.c:329) [ 326.158258][ T1674] kmem_cache_alloc_noprof (./include/linux/kasan.h:247 mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141) [ 326.158473][ T1674] p9_tag_alloc (net/9p/client.c:288) [ 326.158693][ T1674] ? __pfx_p9_tag_alloc (net/9p/client.c:280) [ 326.158922][ T1674] ? __pfx_i_callback (fs/inode.c:251) [ 326.159153][ T1674] ? kasan_save_stack (mm/kasan/common.c:49) [ 326.159374][ T1674] ? kasan_save_stack (mm/kasan/common.c:48) [ 326.159607][ T1674] p9_client_prepare_req (net/9p/client.c:644) [ 326.159834][ T1674] ? vfs_statx (fs/stat.c:313) [ 326.160001][ T1674] ? vfs_fstatat (fs/stat.c:342) [ 326.160223][ T1674] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) [ 326.160509][ T1674] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 326.160739][ T1674] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) [ 326.160977][ T1674] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 326.161210][ T1674] ? __pfx_p9_client_rpc (net/9p/client.c:675) [ 326.161460][ T1674] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 326.161695][ T1674] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [ 326.161925][ T1674] ? __pfx_i_callback (fs/inode.c:251) [ 326.162155][ T1674] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) [ 326.162385][ T1674] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 326.162665][ T1674] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 326.162885][ T1674] p9_client_clunk (net/9p/client.c:1441 (discriminator 3)) [ 326.163116][ T1674] v9fs_dentry_release (fs/9p/vfs_dentry.c:60) [ 326.163349][ T1674] ? __pfx_v9fs_dentry_release (fs/9p/vfs_dentry.c:49) [ 326.163578][ T1674] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) [ 326.163804][ T1674] ? iput_final (fs/inode.c:1877) [ 326.164025][ T1674] __dentry_kill (fs/dcache.c:620) [ 326.164257][ T1674] ? __pfx_kfree_link (fs/libfs.c:1628) [ 326.164497][ T1674] dput.part.0 (fs/dcache.c:857) [ 326.164715][ T1674] walk_component (fs/namei.c:569 fs/namei.c:1034 fs/namei.c:2058) [ 326.164939][ T1674] link_path_walk.part.0.constprop.0 (fs/namei.c:2420) [ 326.165219][ T1674] ? path_init (fs/namei.c:2484) [ 326.165444][ T1674] ? __pfx_link_path_walk.part.0.constprop.0 (fs/namei.c:2343) [ 326.165718][ T1674] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [ 326.165942][ T1674] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) [ 326.166166][ T1674] path_lookupat (fs/namei.c:2348 (discriminator 2) fs/namei.c:2579 (discriminator 2)) [ 326.166388][ T1674] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [ 326.166666][ T1674] filename_lookup (fs/namei.c:2609) [ 326.166877][ T1674] ? __pfx_filename_lookup (fs/namei.c:2603) [ 326.167092][ T1674] ? __pfx_kfree_link (fs/libfs.c:1628) [ 326.167304][ T1674] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 326.167510][ T1674] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 326.167722][ T1674] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 326.167925][ T1674] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 326.168137][ T1674] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 326.168353][ T1674] vfs_statx (fs/stat.c:313) [ 326.168519][ T1674] ? __pfx_vfs_statx (fs/stat.c:302) [ 326.168746][ T1674] ? getname_flags (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 fs/namei.c:207) [ 326.168985][ T1674] vfs_fstatat (fs/stat.c:342) [ 326.169165][ T1674] __do_sys_newfstatat (fs/stat.c:506) [ 326.169399][ T1674] ? __pfx___do_sys_newfstatat (fs/stat.c:501) [ 326.169631][ T1674] ? user_path_at (fs/namei.c:3020) [ 326.169843][ T1674] ? __x64_sys_openat (fs/open.c:1441) [ 326.170051][ T1674] ? __pfx___x64_sys_openat (fs/open.c:1441) [ 326.170257][ T1674] ? __pfx_do_faccessat (fs/open.c:468) [ 326.170463][ T1674] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 326.170723][ T1674] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 326.170979][ T1674] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 326.171184][ T1674] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 326.171447][ T1674] RIP: 0033:0x7f3b40636eae [ 326.171673][ T1674] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 07 00 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 0b 31 c0 c3 0f 1f 84 00 00 00 00 00 f7 d8 89 05 All code ======== 0: 48 89 f2 mov %rsi,%rdx 3: b9 00 01 00 00 mov $0x100,%ecx 8: 48 89 fe mov %rdi,%rsi b: bf 9c ff ff ff mov $0xffffff9c,%edi 10: e9 07 00 00 00 jmp 0x1c 15: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1c: f3 0f 1e fa endbr64 20: 41 89 ca mov %ecx,%r10d 23: b8 06 01 00 00 mov $0x106,%eax 28: 0f 05 syscall 2a:* 3d 00 f0 ff ff cmp $0xfffff000,%eax <-- trapping instruction 2f: 77 0b ja 0x3c 31: 31 c0 xor %eax,%eax 33: c3 ret 34: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 3b: 00 3c: f7 d8 neg %eax 3e: 89 .byte 0x89 3f: 05 .byte 0x5 Code starting with the faulting instruction =========================================== 0: 3d 00 f0 ff ff cmp $0xfffff000,%eax 5: 77 0b ja 0x12 7: 31 c0 xor %eax,%eax 9: c3 ret a: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 11: 00 12: f7 d8 neg %eax 14: 89 .byte 0x89 15: 05 .byte 0x5 [ 326.172421][ T1674] RSP: 002b:00007ffd4690d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 326.172738][ T1674] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f3b40636eae [ 326.173049][ T1674] RDX: 00007ffd4690d260 RSI: 00007ffd4690d190 RDI: 00000000ffffff9c [ 326.173350][ T1674] RBP: 00007ffd4690d320 R08: 00000000ffffffff R09: 00007ffd4690d190 [ 326.173683][ T1674] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd4690d197 Finger prints: stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create print_report:kasan_report:___neigh_create:ip_finish_output2:ip_push_pending_frames free_to_partial_list:qlist_free_all:kasan_quarantine_reduce:__kasan_slab_alloc:kmem_cache_alloc_noprof check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:p9_fcall_init depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report