[ 13.891498][ T259] ip (259) used greatest stack depth: 23552 bytes left
[ 15.973912][ T292] ==================================================================
[ 15.974260][ T292] BUG: KASAN: slab-use-after-free in emit_its_trampoline+0xa5/0x300
[ 15.974512][ T292] Read of size 1 at addr ffff888001932720 by task modprobe/292
[ 15.974758][ T292]
[ 15.974845][ T292] CPU: 3 UID: 0 PID: 292 Comm: modprobe Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full)
[ 15.974850][ T292] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 15.974852][ T292] Call Trace:
[ 15.974854][ T292]
[ 15.974856][ T292] dump_stack_lvl+0x82/0xd0
[ 15.974863][ T292] print_address_description.constprop.0+0x2c/0x400
[ 15.974870][ T292] ? emit_its_trampoline+0xa5/0x300
[ 15.974874][ T292] print_report+0xb4/0x270
[ 15.974878][ T292] ? emit_its_trampoline+0xa5/0x300
[ 15.974881][ T292] ? kasan_addr_to_slab+0x25/0x80
[ 15.974885][ T292] ? emit_its_trampoline+0xa5/0x300
[ 15.974888][ T292] kasan_report+0xca/0x100
[ 15.974892][ T292] ? emit_its_trampoline+0xa5/0x300
[ 15.974897][ T292] ? emit_its_trampoline+0xa5/0x300
[ 15.974900][ T292] __kasan_check_byte+0x3a/0x50
[ 15.974904][ T292] krealloc_noprof+0x3d/0x320
[ 15.974908][ T292] ? execmem_alloc+0xc0/0x240
[ 15.974915][ T292] emit_its_trampoline+0xa5/0x300
[ 15.974919][ T292] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 15.974925][ T292] ? __do_softirq+0x10/0x10
[ 15.974929][ T292] apply_retpolines+0xcf/0x550
[ 15.974934][ T292] ? __pfx_apply_retpolines+0x10/0x10
[ 15.974938][ T292] ? __pfx___mutex_lock+0x10/0x10
[ 15.974947][ T292] module_finalize+0x3d5/0x9d0
[ 15.974954][ T292] ? add_kallsyms+0x8d7/0xf40
[ 15.974959][ T292] ? __pfx_module_finalize+0x10/0x10
[ 15.974964][ T292] ? __pfx_cmp_ex_sort+0x10/0x10
[ 15.974966][ T292] ? __pfx_swap_ex+0x10/0x10
[ 15.974971][ T292] load_module+0x139a/0x2660
[ 15.974977][ T292] ? __pfx_load_module+0x10/0x10
[ 15.974980][ T292] ? kernel_read_file+0x3f5/0x550
[ 15.974987][ T292] ? kernel_read_file+0x3d0/0x550
[ 15.974991][ T292] ? __pfx_kernel_read_file+0x10/0x10
[ 15.974996][ T292] ? init_module_from_file+0xe9/0x150
[ 15.974999][ T292] init_module_from_file+0xe9/0x150
[ 15.975002][ T292] ? __pfx_init_module_from_file+0x10/0x10
[ 15.975010][ T292] ? idempotent_init_module+0x31a/0x620
[ 15.975013][ T292] ? __lock_release+0x5d/0x170
[ 15.975017][ T292] ? do_raw_spin_unlock+0x58/0x220
[ 15.975022][ T292] idempotent_init_module+0x335/0x620
[ 15.975026][ T292] ? __pfx_idempotent_init_module+0x10/0x10
[ 15.975033][ T292] ? cap_capable+0x94/0x230
[ 15.975039][ T292] __x64_sys_finit_module+0xca/0x150
[ 15.975042][ T292] ? do_syscall_64+0x85/0x380
[ 15.975045][ T292] do_syscall_64+0xc1/0x380
[ 15.975049][ T292] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 15.975052][ T292] RIP: 0033:0x7f03d7c51e5d
[ 15.975056][ T292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
[ 15.975059][ T292] RSP: 002b:00007ffe7fa14138 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 15.975063][ T292] RAX: ffffffffffffffda RBX: 000055aad6314c80 RCX: 00007f03d7c51e5d
[ 15.975065][ T292] RDX: 0000000000000000 RSI: 000055aaacbd7a2a RDI: 0000000000000000
[ 15.975067][ T292] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffe7fa14270
[ 15.975069][ T292] R10: 0000000000000000 R11: 0000000000000246 R12: 000055aaacbd7a2a
[ 15.975071][ T292] R13: 000055aad6314d40 R14: 000055aad6314dc0 R15: 000055aad6314cec
[ 15.975077][ T292]
[ 15.975079][ T292]
[ 15.985107][ T292] Allocated by task 287:
[ 15.985233][ T292] kasan_save_stack+0x24/0x50
[ 15.985409][ T292] kasan_save_track+0x14/0x30
[ 15.985580][ T292] __kasan_kmalloc+0x7f/0x90
[ 15.985751][ T292] __kmalloc_noprof+0x1d4/0x470
[ 15.985926][ T292] virtqueue_add_split+0x6a3/0x1920
[ 15.986099][ T292] virtqueue_add_sgs+0x143/0x270
[ 15.986268][ T292] virtio_fs_enqueue_req+0x58c/0xfe0
[ 15.986441][ T292] virtio_fs_send_req+0x13a/0x710
[ 15.986610][ T292] __fuse_simple_request+0x22a/0xb50
[ 15.986782][ T292] fuse_readlink_folio+0x20b/0x400
[ 15.986952][ T292] fuse_get_link+0x12d/0x350
[ 15.987123][ T292] pick_link+0x7a2/0x1160
[ 15.987254][ T292] step_into+0x85a/0xfc0
[ 15.987383][ T292] link_path_walk+0x3c2/0xa10
[ 15.987551][ T292] path_openat+0x14d/0x380
[ 15.987721][ T292] do_filp_open+0x1d7/0x420
[ 15.987890][ T292] do_sys_openat2+0xd4/0x160
[ 15.988063][ T292] __x64_sys_openat+0x122/0x1e0
[ 15.988232][ T292] do_syscall_64+0xc1/0x380
[ 15.988403][ T292] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 15.988612][ T292]
[ 15.988700][ T292] Freed by task 51:
[ 15.988826][ T292] kasan_save_stack+0x24/0x50
[ 15.988998][ T292] kasan_save_track+0x14/0x30
[ 15.989170][ T292] kasan_save_free_info+0x3b/0x60
[ 15.989340][ T292] __kasan_slab_free+0x38/0x50
[ 15.989515][ T292] kfree+0x144/0x320
[ 15.989643][ T292] detach_buf_split+0x48d/0x6f0
[ 15.989815][ T292] virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 15.990024][ T292] virtio_fs_requests_done_work+0x231/0x890
[ 15.990234][ T292] process_one_work+0xe43/0x1660
[ 15.990405][ T292] worker_thread+0x591/0xcf0
[ 15.990574][ T292] kthread+0x37b/0x600
[ 15.990703][ T292] ret_from_fork+0x243/0x320
[ 15.990877][ T292] ret_from_fork_asm+0x1a/0x30
[ 15.991049][ T292]
[ 15.991134][ T292] The buggy address belongs to the object at ffff888001932720
[ 15.991134][ T292] which belongs to the cache kmalloc-96 of size 96
[ 15.991540][ T292] The buggy address is located 0 bytes inside of
[ 15.991540][ T292] freed 96-byte region [ffff888001932720, ffff888001932780)
[ 15.991952][ T292]
[ 15.992036][ T292] The buggy address belongs to the physical page:
[ 15.992241][ T292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1932
[ 15.992567][ T292] flags: 0x80000000000000(node=0|zone=1)
[ 15.992744][ T292] page_type: f5(slab)
[ 15.992878][ T292] raw: 0080000000000000 ffff888001042340 ffffea0000262690 ffffea000013acd0
[ 15.993188][ T292] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 15.993491][ T292] page dumped because: kasan: bad access detected
[ 15.993699][ T292]
[ 15.993783][ T292] Memory state around the buggy address:
[ 15.993947][ T292] ffff888001932600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[ 15.994189][ T292] ffff888001932680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 15.994435][ T292] >ffff888001932700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 15.994679][ T292] ^
[ 15.994841][ T292] ffff888001932780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 15.995084][ T292] ffff888001932800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[ 15.995332][ T292] ==================================================================
[ 15.995629][ T292] Disabling lock debugging due to kernel taint
[ 247.181212][ T44] INFO: task modprobe:292 blocked for more than 122 seconds.
[ 247.181583][ T44] Tainted: G B 6.16.0-rc2-virtme #1
[ 247.181790][ T44] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.182035][ T44] task:modprobe state:D stack:25792 pid:292 tgid:292 ppid:37 task_flags:0x400100 flags:0x00004002
[ 247.182396][ T44] Call Trace:
[ 247.182516][ T44]
[ 247.182596][ T44] __schedule+0x862/0x1b00
[ 247.182751][ T44] ? __pfx___schedule+0x10/0x10
[ 247.182899][ T44] ? trace_irq_enable.constprop.0+0xd4/0x130
[ 247.183097][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.183246][ T44] ? schedule+0x1ee/0x270
[ 247.183357][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.183517][ T44] schedule+0xe2/0x270
[ 247.183626][ T44] schedule_preempt_disabled+0x18/0x30
[ 247.183770][ T44] __mutex_lock+0x77f/0xcd0
[ 247.183916][ T44] ? text_poke_set+0x86/0x120
[ 247.184073][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.184230][ T44] ? execmem_free+0x10d/0x1d0
[ 247.184372][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.184512][ T44] ? trace_lock_release+0x2a/0xd0
[ 247.184660][ T44] ? text_poke_set+0x86/0x120
[ 247.184799][ T44] text_poke_set+0x86/0x120
[ 247.184956][ T44] ? __pfx_text_poke_set+0x10/0x10
[ 247.185106][ T44] execmem_free+0x11a/0x1d0
[ 247.185251][ T44] ? __pfx_execmem_free+0x10/0x10
[ 247.185393][ T44] ? emit_its_trampoline+0xa5/0x300
[ 247.185538][ T44] ? __kasan_check_byte+0x3a/0x50
[ 247.185689][ T44] ? krealloc_noprof+0x3d/0x320
[ 247.185832][ T44] ? execmem_alloc+0xc0/0x240
[ 247.185976][ T44] emit_its_trampoline+0x258/0x300
[ 247.186127][ T44] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 247.186315][ T44] ? __do_softirq+0x10/0x10
[ 247.186460][ T44] apply_retpolines+0xcf/0x550
[ 247.186605][ T44] ? __pfx_apply_retpolines+0x10/0x10
[ 247.186748][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.186901][ T44] module_finalize+0x3d5/0x9d0
[ 247.187048][ T44] ? add_kallsyms+0x8d7/0xf40
[ 247.187202][ T44] ? __pfx_module_finalize+0x10/0x10
[ 247.187345][ T44] ? __pfx_cmp_ex_sort+0x10/0x10
[ 247.187488][ T44] ? __pfx_swap_ex+0x10/0x10
[ 247.187631][ T44] load_module+0x139a/0x2660
[ 247.187779][ T44] ? __pfx_load_module+0x10/0x10
[ 247.187928][ T44] ? kernel_read_file+0x3f5/0x550
[ 247.188079][ T44] ? kernel_read_file+0x3d0/0x550
[ 247.188219][ T44] ? __pfx_kernel_read_file+0x10/0x10
[ 247.188360][ T44] ? init_module_from_file+0xe9/0x150
[ 247.188499][ T44] init_module_from_file+0xe9/0x150
[ 247.188639][ T44] ? __pfx_init_module_from_file+0x10/0x10
[ 247.188815][ T44] ? idempotent_init_module+0x31a/0x620
[ 247.188957][ T44] ? __lock_release+0x5d/0x170
[ 247.189103][ T44] ? do_raw_spin_unlock+0x58/0x220
[ 247.189244][ T44] idempotent_init_module+0x335/0x620
[ 247.189402][ T44] ? __pfx_idempotent_init_module+0x10/0x10
[ 247.189581][ T44] ? cap_capable+0x94/0x230
[ 247.189726][ T44] __x64_sys_finit_module+0xca/0x150
[ 247.189868][ T44] ? do_syscall_64+0x85/0x380
[ 247.190016][ T44] do_syscall_64+0xc1/0x380
[ 247.190165][ T44] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.190346][ T44] RIP: 0033:0x7f03d7c51e5d
[ 247.190497][ T44] RSP: 002b:00007ffe7fa14138 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 247.190743][ T44] RAX: ffffffffffffffda RBX: 000055aad6314c80 RCX: 00007f03d7c51e5d
[ 247.190972][ T44] RDX: 0000000000000000 RSI: 000055aaacbd7a2a RDI: 0000000000000000
[ 247.191197][ T44] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffe7fa14270
[ 247.191414][ T44] R10: 0000000000000000 R11: 0000000000000246 R12: 000055aaacbd7a2a
[ 247.191630][ T44] R13: 000055aad6314d40 R14: 000055aad6314dc0 R15: 000055aad6314cec
[ 247.191847][ T44]
[ 247.191968][ T44] INFO: task modprobe:292 is blocked on a mutex likely owned by task modprobe:292.
[ 247.192230][ T44] task:modprobe state:D stack:25792 pid:292 tgid:292 ppid:37 task_flags:0x400100 flags:0x00004002
[ 247.192560][ T44] Call Trace:
[ 247.192670][ T44]
[ 247.192744][ T44] __schedule+0x862/0x1b00
[ 247.192892][ T44] ? __pfx___schedule+0x10/0x10
[ 247.193037][ T44] ? trace_irq_enable.constprop.0+0xd4/0x130
[ 247.193229][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.193373][ T44] ? schedule+0x1ee/0x270
[ 247.193481][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.193624][ T44] schedule+0xe2/0x270
[ 247.193735][ T44] schedule_preempt_disabled+0x18/0x30
[ 247.193879][ T44] __mutex_lock+0x77f/0xcd0
[ 247.194023][ T44] ? text_poke_set+0x86/0x120
[ 247.194172][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.194330][ T44] ? execmem_free+0x10d/0x1d0
[ 247.194470][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.194607][ T44] ? trace_lock_release+0x2a/0xd0
[ 247.194750][ T44] ? text_poke_set+0x86/0x120
[ 247.194889][ T44] text_poke_set+0x86/0x120
[ 247.195027][ T44] ? __pfx_text_poke_set+0x10/0x10
[ 247.195175][ T44] execmem_free+0x11a/0x1d0
[ 247.195316][ T44] ? __pfx_execmem_free+0x10/0x10
[ 247.195457][ T44] ? emit_its_trampoline+0xa5/0x300
[ 247.195598][ T44] ? __kasan_check_byte+0x3a/0x50
[ 247.195738][ T44] ? krealloc_noprof+0x3d/0x320
[ 247.195878][ T44] ? execmem_alloc+0xc0/0x240
[ 247.196017][ T44] emit_its_trampoline+0x258/0x300
[ 247.196162][ T44] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 247.196336][ T44] ? __do_softirq+0x10/0x10
[ 247.196478][ T44] apply_retpolines+0xcf/0x550
[ 247.196619][ T44] ? __pfx_apply_retpolines+0x10/0x10
[ 247.196758][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.196902][ T44] module_finalize+0x3d5/0x9d0
[ 247.197045][ T44] ? add_kallsyms+0x8d7/0xf40
[ 247.197189][ T44] ? __pfx_module_finalize+0x10/0x10
[ 247.197329][ T44] ? __pfx_cmp_ex_sort+0x10/0x10
[ 247.197469][ T44] ? __pfx_swap_ex+0x10/0x10
[ 247.197611][ T44] load_module+0x139a/0x2660
[ 247.197753][ T44] ? __pfx_load_module+0x10/0x10
[ 247.197909][ T44] ? kernel_read_file+0x3f5/0x550
[ 247.198051][ T44] ? kernel_read_file+0x3d0/0x550
[ 247.198211][ T44] ? __pfx_kernel_read_file+0x10/0x10
[ 247.198354][ T44] ? init_module_from_file+0xe9/0x150
[ 247.198498][ T44] init_module_from_file+0xe9/0x150
[ 247.198643][ T44] ? __pfx_init_module_from_file+0x10/0x10
[ 247.198821][ T44] ? idempotent_init_module+0x31a/0x620
[ 247.198962][ T44] ? __lock_release+0x5d/0x170
[ 247.199112][ T44] ? do_raw_spin_unlock+0x58/0x220
[ 247.199263][ T44] idempotent_init_module+0x335/0x620
[ 247.199405][ T44] ? __pfx_idempotent_init_module+0x10/0x10
[ 247.199585][ T44] ? cap_capable+0x94/0x230
[ 247.199735][ T44] __x64_sys_finit_module+0xca/0x150
[ 247.199876][ T44] ? do_syscall_64+0x85/0x380
[ 247.200018][ T44] do_syscall_64+0xc1/0x380
[ 247.200173][ T44] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.200373][ T44] RIP: 0033:0x7f03d7c51e5d
[ 247.200519][ T44] RSP: 002b:00007ffe7fa14138 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 247.200735][ T44] RAX: ffffffffffffffda RBX: 000055aad6314c80 RCX: 00007f03d7c51e5d
[ 247.200969][ T44] RDX: 0000000000000000 RSI: 000055aaacbd7a2a RDI: 0000000000000000
[ 247.201191][ T44] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffe7fa14270
[ 247.201407][ T44] R10: 0000000000000000 R11: 0000000000000246 R12: 000055aaacbd7a2a
[ 247.201621][ T44] R13: 000055aad6314d40 R14: 000055aad6314dc0 R15: 000055aad6314cec
[ 247.201844][ T44]
[ 247.201955][ T44] INFO: lockdep is turned off.
HARD STOP (348.132044)
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr