====================================== | [ 1098.223526][ C1] ================================================================== | [ 1098.223848][ C1] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) | [ 1098.224117][ C1] Write of size 8 at addr ffff888002081018 by task mausezahn/5929 | [ 1098.224371][ C1] [ 1098.224814][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1098.225237][ C1] Call Trace: [ 1098.225383][ C1] [ 1098.225484][ C1] dump_stack_lvl (lib/dump_stack.c:123) [ 1098.225719][ C1] print_address_description.constprop.0 (mm/kasan/report.c:378) [ 1098.226012][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.226200][ C1] print_report (mm/kasan/report.c:489) [ 1098.226386][ C1] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 1098.226576][ C1] kasan_report (mm/kasan/report.c:603) [ 1098.226740][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.226926][ C1] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.227097][ C1] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 1098.227281][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.227422][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 1098.227605][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) [ 1098.227800][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) [ 1098.227942][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) [ 1098.228133][ C1] ? ip_local_out (net/ipv4/ip_output.c:128) [ 1098.228326][ C1] iptunnel_xmit (net/ipv4/ip_tunnel_core.c:84 (discriminator 4)) [ 1098.228518][ C1] ? dst_cache_per_cpu_dst_set (./arch/x86/include/asm/atomic.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2401 ./include/linux/atomic/atomic-instrumented.h:1476 ./include/linux/rcuref.h:67 ./include/net/dst.h:238 net/core/dst_cache.c:33) [ 1098.228721][ C1] ip_tunnel_xmit (net/ipv4/ip_tunnel.c:860) [ 1098.228915][ C1] ? __pfx_ip_tunnel_xmit (net/ipv4/ip_tunnel.c:684) [ 1098.229102][ C1] ? kasan_set_track (mm/kasan/common.c:62) [ 1098.229286][ C1] ? __kasan_kmalloc (mm/kasan/common.c:398) [ 1098.229477][ C1] ? skb_release_data (./include/linux/atomic/atomic-arch-fallback.h:787 ./include/linux/atomic/atomic-instrumented.h:290 ./include/linux/skbuff.h:1253 net/core/skbuff.c:1107) [ 1098.229703][ C1] __gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.229929][ C1] ? __pfx___gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.230115][ C1] ? __pfx_pskb_expand_head (net/core/skbuff.c:2259) [ 1098.230301][ C1] ? __pfx_packet_rcv (net/packet/af_packet.c:2184) [ 1098.230492][ C1] gre_tap_xmit (net/ipv4/ip_gre.c:773) ip_gre [ 1098.230705][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4997 ./include/linux/netdevice.h:5006 net/core/dev.c:3590 net/core/dev.c:3606) [ 1098.230893][ C1] sch_direct_xmit (net/sched/sch_generic.c:343) [ 1098.231079][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.231269][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.231460][ C1] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) [ 1098.231651][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.231838][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.232026][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.232210][ C1] __dev_xmit_skb (net/core/dev.c:3823) [ 1098.232399][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.232582][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.232780][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3798) [ 1098.232976][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.233163][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.233349][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.233538][ C1] __dev_queue_xmit (net/core/dev.c:4396) [ 1098.233741][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.233937][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 1098.234139][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.234325][ C1] ? __create_object (mm/kmemleak.c:766) [ 1098.234520][ C1] ? trace_kmem_cache_alloc (./include/trace/events/kmem.h:12 (discriminator 52)) [ 1098.234726][ C1] ? kmem_cache_alloc_noprof (mm/slub.c:4147) [ 1098.234911][ C1] ? __copy_skb_header (./include/net/dst.h:290 net/core/skbuff.c:1534) [ 1098.235096][ C1] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) [ 1098.235287][ C1] tcf_mirred_to_dev (net/sched/act_mirred.c:319) act_mirred [ 1098.235524][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.235720][ C1] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [ 1098.235909][ C1] tcf_mirred_act (net/sched/act_mirred.c:453 (discriminator 2)) act_mirred [ 1098.236144][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.236329][ C1] tcf_action_exec.part.0 (./include/net/tc_wrapper.h:130 net/sched/act_api.c:1143) [ 1098.236514][ C1] fl_classify (net/sched/cls_flower.c:356) cls_flower [ 1098.236717][ C1] ? __pfx_fl_classify (net/sched/cls_flower.c:327) cls_flower [ 1098.236954][ C1] ? get_stack_info_noinstr (arch/x86/kernel/dumpstack_64.c:173) [ 1098.237133][ C1] ? get_stack_info (arch/x86/kernel/dumpstack_64.c:199) [ 1098.237306][ C1] ? stack_access_ok (arch/x86/kernel/unwind_orc.c:396) [ 1098.237487][ C1] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) [ 1098.237745][ C1] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:643) [ 1098.237931][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.238139][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.238350][ C1] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) [ 1098.238533][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.238720][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.238908][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.239100][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.239289][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.239473][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.239658][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.239786][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.239965][ C1] __tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1770) [ 1098.240160][ C1] tcf_classify (net/sched/cls_api.c:1866) [ 1098.240344][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.240529][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.240731][ C1] ? __pfx_tcf_classify (net/sched/cls_api.c:1815) [ 1098.240922][ C1] tc_run (net/core/dev.c:4009) [ 1098.241067][ C1] ? sock_def_readable (net/core/sock.c:3465) [ 1098.241251][ C1] ? __pfx_tc_run (net/core/dev.c:3988) [ 1098.241436][ C1] ? packet_rcv (net/packet/af_packet.c:2277) [ 1098.241623][ C1] __netif_receive_skb_core.constprop.0 (net/core/dev.c:4084 net/core/dev.c:5528) [ 1098.241859][ C1] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) [ 1098.242045][ C1] ? __pfx___netif_receive_skb_core.constprop.0 (net/core/dev.c:5455) [ 1098.242282][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.242468][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.242612][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.242799][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.242983][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) [ 1098.243167][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.243355][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.243544][ C1] __netif_receive_skb_one_core (net/core/dev.c:5667) [ 1098.243778][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5661) [ 1098.244009][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.244198][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.244382][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.244574][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6114) [ 1098.244762][ C1] __napi_poll.constprop.0 (net/core/dev.c:6884) [ 1098.244964][ C1] net_rx_action (net/core/dev.c:6953 net/core/dev.c:7075) [ 1098.245136][ C1] ? __pfx_net_rx_action (net/core/dev.c:7037) [ 1098.245314][ C1] ? clockevents_program_event (kernel/time/clockevents.c:326) [ 1098.245489][ C1] ? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:94 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) [ 1098.245668][ C1] ? ktime_get (kernel/time/timekeeping.c:195 (discriminator 4) kernel/time/timekeeping.c:395 (discriminator 4) kernel/time/timekeeping.c:403 (discriminator 4) kernel/time/timekeeping.c:850 (discriminator 4)) [ 1098.245800][ C1] ? clockevents_program_event (kernel/time/clockevents.c:334 (discriminator 3)) [ 1098.246013][ C1] ? hrtimer_interrupt (kernel/time/hrtimer.c:1830) [ 1098.246181][ C1] handle_softirqs (kernel/softirq.c:554) [ 1098.246354][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.246525][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) [ 1098.246658][ C1] [ 1098.246751][ C1] [ 1098.246836][ C1] __local_bh_enable_ip (kernel/softirq.c:382) [ 1098.247005][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.247182][ C1] __dev_queue_xmit (net/core/dev.c:4458) [ 1098.247358][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.247530][ C1] ? packet_parse_headers (./include/linux/skbuff.h:3070 net/packet/af_packet.c:2006) [ 1098.247700][ C1] ? __pfx_sock_alloc_send_pskb (net/core/sock.c:2845) [ 1098.247897][ C1] ? __pfx_packet_parse_headers (net/packet/af_packet.c:1991) [ 1098.248087][ C1] ? skb_copy_datagram_from_iter (net/core/datagram.c:564) [ 1098.248327][ C1] ? dev_get_by_index (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/dev.c:892) [ 1098.248502][ C1] packet_snd (net/packet/af_packet.c:3146) [ 1098.248681][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.248850][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.249022][ C1] ? __pfx_packet_snd (net/packet/af_packet.c:3009) [ 1098.249192][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.249365][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.249547][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.249725][ C1] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 1098.249928][ C1] ? __pfx___sys_sendto (net/socket.c:2184) [ 1098.250104][ C1] ? sock_ioctl (net/socket.c:1349) [ 1098.250347][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.250545][ C1] ? trace_rseq_update (./include/trace/events/rseq.h:11 (discriminator 52)) [ 1098.250745][ C1] ? __rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.250974][ C1] ? do_user_addr_fault (./include/linux/mmap_lock.h:172 arch/x86/mm/fault.c:1417) [ 1098.251193][ C1] ? __pfx___rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.251433][ C1] __x64_sys_sendto (net/socket.c:2222) [ 1098.251634][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 1098.251845][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 1098.252059][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1098.252317][ C1] RIP: 0033:0x7f67e29cb85a [ 1098.252518][ C1] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 1098.253156][ C1] RSP: 002b:00007ffcb38f8d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1098.253440][ C1] RAX: ffffffffffffffda RBX: 0000000019d929d0 RCX: 00007f67e29cb85a [ 1098.253704][ C1] RDX: 000000000000002a RSI: 0000000019d92c92 RDI: 0000000000000005 [ 1098.254015][ C1] RBP: 0000000019d92c92 R08: 00007ffcb38f8d40 R09: 0000000000000014 [ 1098.254314][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.254607][ C1] R13: 000000000000002a R14: 00007ffcb38f8d40 R15: 0000000000000000 | [ 1098.260449][ C1] ------------[ cut here ]------------ | [ 1098.260862][ C1] pool index 93034 out of bounds (831) for stack id 6b6b6b6b | [ 1098.261189][ C1] WARNING: CPU: 1 PID: 5929 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) | [ 1098.261502][ C1] Modules linked in: act_mirred 8021q ip_gre gre act_gact cls_flower vxlan ip6_udp_tunnel udp_tunnel bridge stp llc sch_ingress vrf veth [ 1098.262420][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1098.262973][ C1] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 1098.263167][ C1] Code: b8 11 cd 9a e8 cb c0 9a 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 28 47 40 9a 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad All code ======== 0: b8 11 cd 9a e8 mov $0xe89acd11,%eax 5: cb lret 6: c0 9a 01 83 f8 01 75 rcrb $0x75,0x1f88301(%rdx) d: b8 90 0f 0b 90 mov $0x900b0f90,%eax 12: eb b2 jmp 0xffffffffffffffc6 14: 90 nop 15: 48 c7 c7 28 47 40 9a mov $0xffffffff9a404728,%rdi 1c: 44 89 e1 mov %r12d,%ecx 1f: 44 89 ea mov %r13d,%edx 22: 89 ee mov %ebp,%esi 24: e8 7b f2 0d ff call 0xffffffffff0df2a4 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: 31 c0 xor %eax,%eax 30: eb bb jmp 0xffffffffffffffed 32: 90 nop 33: 0f 0b ud2 35: 90 nop 36: eb b5 jmp 0xffffffffffffffed 38: 90 nop 39: 0f 0b ud2 3b: 90 nop 3c: 31 c0 xor %eax,%eax 3e: eb ad jmp 0xffffffffffffffed Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: 31 c0 xor %eax,%eax 6: eb bb jmp 0xffffffffffffffc3 8: 90 nop 9: 0f 0b ud2 b: 90 nop c: eb b5 jmp 0xffffffffffffffc3 e: 90 nop f: 0f 0b ud2 11: 90 nop 12: 31 c0 xor %eax,%eax 14: eb ad jmp 0xffffffffffffffc3 [ 1098.263938][ C1] RSP: 0018:ffffc900001e78d0 EFLAGS: 00010082 [ 1098.264172][ C1] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff34fb43c [ 1098.264572][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 1098.264835][ C1] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff34fb43c [ 1098.265099][ C1] R10: 0000000000000003 R11: 205d314320202020 R12: 000000006b6b6b6b [ 1098.265366][ C1] R13: 000000000000033f R14: 0000000000000008 R15: ffff888006e945c0 [ 1098.265641][ C1] FS: 00007f67e2771740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 1098.265952][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.266294][ C1] CR2: 000000000043bbda CR3: 0000000006de0005 CR4: 0000000000772ef0 [ 1098.266563][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1098.266828][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1098.267217][ C1] PKRU: 55555554 [ 1098.267367][ C1] Call Trace: [ 1098.267510][ C1] [ 1098.267599][ C1] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 1098.267914][ C1] ? __warn (kernel/panic.c:748) [ 1098.268090][ C1] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 1098.268269][ C1] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 1098.268448][ C1] ? handle_bug (arch/x86/kernel/traps.c:285) [ 1098.268581][ C1] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 1098.268873][ C1] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 1098.269056][ C1] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 1098.269232][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.269432][ C1] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.269730][ C1] stack_depot_print (lib/stackdepot.c:745) [ 1098.269935][ C1] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 1098.270154][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.270350][ C1] print_report (mm/kasan/report.c:489) [ 1098.270666][ C1] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 1098.270862][ C1] kasan_report (mm/kasan/report.c:603) [ 1098.271017][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.271193][ C1] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.271395][ C1] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 1098.271715][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.271850][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 1098.272037][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) [ 1098.272216][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) [ 1098.272394][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) [ 1098.272604][ C1] ? ip_local_out (net/ipv4/ip_output.c:128) [ 1098.272804][ C1] iptunnel_xmit (net/ipv4/ip_tunnel_core.c:84 (discriminator 4)) [ 1098.273014][ C1] ? dst_cache_per_cpu_dst_set (./arch/x86/include/asm/atomic.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2401 ./include/linux/atomic/atomic-instrumented.h:1476 ./include/linux/rcuref.h:67 ./include/net/dst.h:238 net/core/dst_cache.c:33) [ 1098.273225][ C1] ip_tunnel_xmit (net/ipv4/ip_tunnel.c:860) [ 1098.273580][ C1] ? __pfx_ip_tunnel_xmit (net/ipv4/ip_tunnel.c:684) [ 1098.273768][ C1] ? kasan_set_track (mm/kasan/common.c:62) [ 1098.273965][ C1] ? __kasan_kmalloc (mm/kasan/common.c:398) [ 1098.274162][ C1] ? skb_release_data (./include/linux/atomic/atomic-arch-fallback.h:787 ./include/linux/atomic/atomic-instrumented.h:290 ./include/linux/skbuff.h:1253 net/core/skbuff.c:1107) [ 1098.274395][ C1] __gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.274591][ C1] ? __pfx___gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.274796][ C1] ? __pfx_pskb_expand_head (net/core/skbuff.c:2259) [ 1098.274973][ C1] ? __pfx_packet_rcv (net/packet/af_packet.c:2184) [ 1098.275452][ C1] gre_tap_xmit (net/ipv4/ip_gre.c:773) ip_gre [ 1098.275678][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4997 ./include/linux/netdevice.h:5006 net/core/dev.c:3590 net/core/dev.c:3606) [ 1098.275912][ C1] sch_direct_xmit (net/sched/sch_generic.c:343) [ 1098.276171][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.276376][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.276585][ C1] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) [ 1098.276771][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.276970][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.277148][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.277492][ C1] __dev_xmit_skb (net/core/dev.c:3823) [ 1098.277695][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.277896][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.278116][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3798) [ 1098.278318][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.278518][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.278703][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.278919][ C1] __dev_queue_xmit (net/core/dev.c:4396) [ 1098.279289][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.279472][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 1098.279702][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.279908][ C1] ? __create_object (mm/kmemleak.c:766) [ 1098.280092][ C1] ? trace_kmem_cache_alloc (./include/trace/events/kmem.h:12 (discriminator 52)) [ 1098.280396][ C1] ? kmem_cache_alloc_noprof (mm/slub.c:4147) [ 1098.280601][ C1] ? __copy_skb_header (./include/net/dst.h:290 net/core/skbuff.c:1534) [ 1098.280790][ C1] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) [ 1098.280999][ C1] tcf_mirred_to_dev (net/sched/act_mirred.c:319) act_mirred [ 1098.281359][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.281534][ C1] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [ 1098.281740][ C1] tcf_mirred_act (net/sched/act_mirred.c:453 (discriminator 2)) act_mirred [ 1098.281957][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.282257][ C1] tcf_action_exec.part.0 (./include/net/tc_wrapper.h:130 net/sched/act_api.c:1143) [ 1098.282436][ C1] fl_classify (net/sched/cls_flower.c:356) cls_flower [ 1098.282647][ C1] ? __pfx_fl_classify (net/sched/cls_flower.c:327) cls_flower [ 1098.282868][ C1] ? get_stack_info_noinstr (arch/x86/kernel/dumpstack_64.c:173) [ 1098.283193][ C1] ? get_stack_info (arch/x86/kernel/dumpstack_64.c:199) [ 1098.283394][ C1] ? stack_access_ok (arch/x86/kernel/unwind_orc.c:396) [ 1098.283579][ C1] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) [ 1098.283764][ C1] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:643) [ 1098.284088][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.284288][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.284498][ C1] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) [ 1098.284676][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.285010][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.285213][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.285388][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.285588][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.285915][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.286099][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.286254][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.286435][ C1] __tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1770) [ 1098.286616][ C1] tcf_classify (net/sched/cls_api.c:1866) [ 1098.286916][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.287099][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.287277][ C1] ? __pfx_tcf_classify (net/sched/cls_api.c:1815) [ 1098.287466][ C1] tc_run (net/core/dev.c:4009) [ 1098.287744][ C1] ? sock_def_readable (net/core/sock.c:3465) [ 1098.287926][ C1] ? __pfx_tc_run (net/core/dev.c:3988) [ 1098.288132][ C1] ? packet_rcv (net/packet/af_packet.c:2277) [ 1098.288315][ C1] __netif_receive_skb_core.constprop.0 (net/core/dev.c:4084 net/core/dev.c:5528) [ 1098.288679][ C1] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) [ 1098.288878][ C1] ? __pfx___netif_receive_skb_core.constprop.0 (net/core/dev.c:5455) [ 1098.289117][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.289301][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.289436][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.289788][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.289988][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) [ 1098.290181][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.290370][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.290861][ C1] __netif_receive_skb_one_core (net/core/dev.c:5667) [ 1098.291141][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5661) [ 1098.291389][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.291566][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.291876][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.292094][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6114) [ 1098.292275][ C1] __napi_poll.constprop.0 (net/core/dev.c:6884) [ 1098.292488][ C1] net_rx_action (net/core/dev.c:6953 net/core/dev.c:7075) [ 1098.292813][ C1] ? __pfx_net_rx_action (net/core/dev.c:7037) [ 1098.293004][ C1] ? clockevents_program_event (kernel/time/clockevents.c:326) [ 1098.293210][ C1] ? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:94 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) [ 1098.293412][ C1] ? ktime_get (kernel/time/timekeeping.c:195 (discriminator 4) kernel/time/timekeeping.c:395 (discriminator 4) kernel/time/timekeeping.c:403 (discriminator 4) kernel/time/timekeeping.c:850 (discriminator 4)) [ 1098.293684][ C1] ? clockevents_program_event (kernel/time/clockevents.c:334 (discriminator 3)) [ 1098.293918][ C1] ? hrtimer_interrupt (kernel/time/hrtimer.c:1830) [ 1098.294131][ C1] handle_softirqs (kernel/softirq.c:554) [ 1098.294321][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.294662][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) [ 1098.294797][ C1] [ 1098.294909][ C1] [ 1098.295019][ C1] __local_bh_enable_ip (kernel/softirq.c:382) [ 1098.295205][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.295400][ C1] __dev_queue_xmit (net/core/dev.c:4458) [ 1098.295694][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.295868][ C1] ? packet_parse_headers (./include/linux/skbuff.h:3070 net/packet/af_packet.c:2006) [ 1098.296045][ C1] ? __pfx_sock_alloc_send_pskb (net/core/sock.c:2845) [ 1098.296241][ C1] ? __pfx_packet_parse_headers (net/packet/af_packet.c:1991) [ 1098.296545][ C1] ? skb_copy_datagram_from_iter (net/core/datagram.c:564) [ 1098.296766][ C1] ? dev_get_by_index (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/dev.c:892) [ 1098.296941][ C1] packet_snd (net/packet/af_packet.c:3146) [ 1098.297149][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.297326][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.297523][ C1] ? __pfx_packet_snd (net/packet/af_packet.c:3009) [ 1098.297712][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.297922][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.298239][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.298426][ C1] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 1098.298613][ C1] ? __pfx___sys_sendto (net/socket.c:2184) [ 1098.298813][ C1] ? sock_ioctl (net/socket.c:1349) [ 1098.298987][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.299321][ C1] ? trace_rseq_update (./include/trace/events/rseq.h:11 (discriminator 52)) [ 1098.299521][ C1] ? __rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.299752][ C1] ? do_user_addr_fault (./include/linux/mmap_lock.h:172 arch/x86/mm/fault.c:1417) [ 1098.299952][ C1] ? __pfx___rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.300286][ C1] __x64_sys_sendto (net/socket.c:2222) [ 1098.300461][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 1098.300696][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 1098.300995][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1098.301211][ C1] RIP: 0033:0x7f67e29cb85a [ 1098.301421][ C1] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 1098.302202][ C1] RSP: 002b:00007ffcb38f8d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1098.302470][ C1] RAX: ffffffffffffffda RBX: 0000000019d929d0 RCX: 00007f67e29cb85a [ 1098.302855][ C1] RDX: 000000000000002a RSI: 0000000019d92c92 RDI: 0000000000000005 [ 1098.303122][ C1] RBP: 0000000019d92c92 R08: 00007ffcb38f8d40 R09: 0000000000000014 [ 1098.303388][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.303770][ C1] R13: 000000000000002a R14: 00007ffcb38f8d40 R15: 0000000000000000 | [ 1098.306341][ C1] corrupt handle or use after stack_depot_put() | [ 1098.306382][ C1] WARNING: CPU: 1 PID: 5929 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) | [ 1098.306965][ C1] Modules linked in: act_mirred 8021q ip_gre gre act_gact cls_flower vxlan ip6_udp_tunnel udp_tunnel bridge stp llc sch_ingress vrf veth | [ 1098.308034][ C1] Tainted: [W]=WARN [ 1098.308297][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1098.308769][ C1] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.308953][ C1] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 08 48 40 9a e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 All code ======== 0: 74 1a je 0x1c 2: 48 8d 50 20 lea 0x20(%rax),%rdx 6: 48 89 13 mov %rdx,(%rbx) 9: 5b pop %rbx a: 8b 40 14 mov 0x14(%rax),%eax d: 5d pop %rbp e: 41 5c pop %r12 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: 31 c0 xor %eax,%eax 17: c3 ret 18: cc int3 19: cc int3 1a: cc int3 1b: cc int3 1c: 90 nop 1d: 48 c7 c7 08 48 40 9a mov $0xffffffff9a404808,%rdi 24: e8 62 ed 0d ff call 0xffffffffff0ded8b 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: eb bb jmp 0xffffffffffffffeb 30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) 37: 00 00 00 00 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: eb bb jmp 0xffffffffffffffc1 6: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) d: 00 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 1098.309794][ C1] RSP: 0018:ffffc900001e78f8 EFLAGS: 00010082 [ 1098.310012][ C1] RAX: 0000000000000000 RBX: ffffc900001e7918 RCX: 1ffffffff34fb43c [ 1098.310414][ C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 1098.310683][ C1] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff34fb43c [ 1098.310961][ C1] R10: 0000000000000003 R11: 65737520726f2065 R12: 0000000000000000 [ 1098.311395][ C1] R13: ffffffff98e801f8 R14: 0000000000000008 R15: ffff888006e945c0 [ 1098.311686][ C1] FS: 00007f67e2771740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 1098.312155][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.312405][ C1] CR2: 000000000043bbda CR3: 0000000006de0005 CR4: 0000000000772ef0 [ 1098.312683][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1098.313122][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1098.313395][ C1] PKRU: 55555554 [ 1098.313565][ C1] Call Trace: [ 1098.313698][ C1] [ 1098.313789][ C1] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.314103][ C1] ? __warn (kernel/panic.c:748) [ 1098.314245][ C1] ? nbcon_get_cpu_emergency_nesting (kernel/printk/nbcon.c:1356) [ 1098.314481][ C1] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.314684][ C1] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 1098.314995][ C1] ? handle_bug (arch/x86/kernel/traps.c:285) [ 1098.315142][ C1] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [ 1098.315313][ C1] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [ 1098.315516][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.315694][ C1] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.316016][ C1] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 1098.316220][ C1] stack_depot_print (lib/stackdepot.c:745) [ 1098.316400][ C1] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [ 1098.316673][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.317024][ C1] print_report (mm/kasan/report.c:489) [ 1098.317223][ C1] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 1098.317405][ C1] kasan_report (mm/kasan/report.c:603) [ 1098.317539][ C1] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.317863][ C1] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) [ 1098.318044][ C1] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 1098.318219][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.318377][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 1098.318561][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) [ 1098.318884][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) [ 1098.319014][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) [ 1098.319218][ C1] ? ip_local_out (net/ipv4/ip_output.c:128) [ 1098.319390][ C1] iptunnel_xmit (net/ipv4/ip_tunnel_core.c:84 (discriminator 4)) [ 1098.319710][ C1] ? dst_cache_per_cpu_dst_set (./arch/x86/include/asm/atomic.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2401 ./include/linux/atomic/atomic-instrumented.h:1476 ./include/linux/rcuref.h:67 ./include/net/dst.h:238 net/core/dst_cache.c:33) [ 1098.319924][ C1] ip_tunnel_xmit (net/ipv4/ip_tunnel.c:860) [ 1098.320104][ C1] ? __pfx_ip_tunnel_xmit (net/ipv4/ip_tunnel.c:684) [ 1098.320315][ C1] ? kasan_set_track (mm/kasan/common.c:62) [ 1098.320750][ C1] ? __kasan_kmalloc (mm/kasan/common.c:398) [ 1098.320961][ C1] ? skb_release_data (./include/linux/atomic/atomic-arch-fallback.h:787 ./include/linux/atomic/atomic-instrumented.h:290 ./include/linux/skbuff.h:1253 net/core/skbuff.c:1107) [ 1098.321146][ C1] __gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.321328][ C1] ? __pfx___gre_xmit (net/ipv4/ip_gre.c:472) ip_gre [ 1098.321531][ C1] ? __pfx_pskb_expand_head (net/core/skbuff.c:2259) [ 1098.321822][ C1] ? __pfx_packet_rcv (net/packet/af_packet.c:2184) [ 1098.322023][ C1] gre_tap_xmit (net/ipv4/ip_gre.c:773) ip_gre [ 1098.322204][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4997 ./include/linux/netdevice.h:5006 net/core/dev.c:3590 net/core/dev.c:3606) [ 1098.322388][ C1] sch_direct_xmit (net/sched/sch_generic.c:343) [ 1098.322712][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.322887][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.323091][ C1] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) [ 1098.323264][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.323581][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.323770][ C1] ? __dev_xmit_skb (./include/net/sch_generic.h:197 ./include/net/sch_generic.h:194 net/core/dev.c:3810) [ 1098.323949][ C1] __dev_xmit_skb (net/core/dev.c:3823) [ 1098.324157][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.324331][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.324538][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3798) [ 1098.324711][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.324916][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.325103][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4355) [ 1098.325403][ C1] __dev_queue_xmit (net/core/dev.c:4396) [ 1098.325603][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.325777][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 1098.325958][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.326264][ C1] ? __create_object (mm/kmemleak.c:766) [ 1098.326453][ C1] ? trace_kmem_cache_alloc (./include/trace/events/kmem.h:12 (discriminator 52)) [ 1098.326642][ C1] ? kmem_cache_alloc_noprof (mm/slub.c:4147) [ 1098.326840][ C1] ? __copy_skb_header (./include/net/dst.h:290 net/core/skbuff.c:1534) [ 1098.327157][ C1] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) [ 1098.327369][ C1] tcf_mirred_to_dev (net/sched/act_mirred.c:319) act_mirred [ 1098.327617][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.327802][ C1] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [ 1098.328130][ C1] tcf_mirred_act (net/sched/act_mirred.c:453 (discriminator 2)) act_mirred [ 1098.328390][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.328578][ C1] tcf_action_exec.part.0 (./include/net/tc_wrapper.h:130 net/sched/act_api.c:1143) [ 1098.328793][ C1] fl_classify (net/sched/cls_flower.c:356) cls_flower [ 1098.329206][ C1] ? __pfx_fl_classify (net/sched/cls_flower.c:327) cls_flower [ 1098.329446][ C1] ? get_stack_info_noinstr (arch/x86/kernel/dumpstack_64.c:173) [ 1098.329652][ C1] ? get_stack_info (arch/x86/kernel/dumpstack_64.c:199) [ 1098.329841][ C1] ? stack_access_ok (arch/x86/kernel/unwind_orc.c:396) [ 1098.330174][ C1] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) [ 1098.330363][ C1] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:643) [ 1098.330549][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.330762][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.331064][ C1] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) [ 1098.331238][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.331412][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.331587][ C1] ? validate_chain (./include/linux/hash.h:78 kernel/locking/lockdep.c:3794 kernel/locking/lockdep.c:3817 kernel/locking/lockdep.c:3872) [ 1098.331760][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.332048][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [ 1098.332219][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.332392][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.332524][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.332822][ C1] __tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1770) [ 1098.333000][ C1] tcf_classify (net/sched/cls_api.c:1866) [ 1098.333173][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1098.333343][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1098.333659][ C1] ? __pfx_tcf_classify (net/sched/cls_api.c:1815) [ 1098.333843][ C1] tc_run (net/core/dev.c:4009) [ 1098.333975][ C1] ? sock_def_readable (net/core/sock.c:3465) [ 1098.334149][ C1] ? __pfx_tc_run (net/core/dev.c:3988) [ 1098.334325][ C1] ? packet_rcv (net/packet/af_packet.c:2277) [ 1098.334624][ C1] __netif_receive_skb_core.constprop.0 (net/core/dev.c:4084 net/core/dev.c:5528) [ 1098.334842][ C1] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) [ 1098.335046][ C1] ? __pfx___netif_receive_skb_core.constprop.0 (net/core/dev.c:5455) [ 1098.335277][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 1098.335598][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1098.335752][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) [ 1098.335947][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.336169][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) [ 1098.336356][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.336579][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.336771][ C1] __netif_receive_skb_one_core (net/core/dev.c:5667) [ 1098.337007][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5661) [ 1098.337371][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.337544][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.337743][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.337936][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6114) [ 1098.338235][ C1] __napi_poll.constprop.0 (net/core/dev.c:6884) [ 1098.338437][ C1] net_rx_action (net/core/dev.c:6953 net/core/dev.c:7075) [ 1098.338614][ C1] ? __pfx_net_rx_action (net/core/dev.c:7037) [ 1098.338829][ C1] ? clockevents_program_event (kernel/time/clockevents.c:326) [ 1098.339158][ C1] ? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:94 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) [ 1098.339335][ C1] ? ktime_get (kernel/time/timekeeping.c:195 (discriminator 4) kernel/time/timekeeping.c:395 (discriminator 4) kernel/time/timekeeping.c:403 (discriminator 4) kernel/time/timekeeping.c:850 (discriminator 4)) [ 1098.339495][ C1] ? clockevents_program_event (kernel/time/clockevents.c:334 (discriminator 3)) [ 1098.339722][ C1] ? hrtimer_interrupt (kernel/time/hrtimer.c:1830) [ 1098.339947][ C1] handle_softirqs (kernel/softirq.c:554) [ 1098.340276][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.340448][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) [ 1098.340580][ C1] [ 1098.340732][ C1] [ 1098.340824][ C1] __local_bh_enable_ip (kernel/softirq.c:382) [ 1098.341168][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.341341][ C1] __dev_queue_xmit (net/core/dev.c:4458) [ 1098.341525][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.341723][ C1] ? packet_parse_headers (./include/linux/skbuff.h:3070 net/packet/af_packet.c:2006) [ 1098.342015][ C1] ? __pfx_sock_alloc_send_pskb (net/core/sock.c:2845) [ 1098.342221][ C1] ? __pfx_packet_parse_headers (net/packet/af_packet.c:1991) [ 1098.342405][ C1] ? skb_copy_datagram_from_iter (net/core/datagram.c:564) [ 1098.342620][ C1] ? dev_get_by_index (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/dev.c:892) [ 1098.342916][ C1] packet_snd (net/packet/af_packet.c:3146) [ 1098.343100][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.343276][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.343450][ C1] ? __pfx_packet_snd (net/packet/af_packet.c:3009) [ 1098.343622][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.343917][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.344089][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.344265][ C1] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 1098.344444][ C1] ? __pfx___sys_sendto (net/socket.c:2184) [ 1098.344744][ C1] ? sock_ioctl (net/socket.c:1349) [ 1098.344923][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.345101][ C1] ? trace_rseq_update (./include/trace/events/rseq.h:11 (discriminator 52)) [ 1098.345276][ C1] ? __rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.345640][ C1] ? do_user_addr_fault (./include/linux/mmap_lock.h:172 arch/x86/mm/fault.c:1417) [ 1098.345814][ C1] ? __pfx___rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.346040][ C1] __x64_sys_sendto (net/socket.c:2222) [ 1098.346219][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 1098.346438][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 1098.346645][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1098.346869][ C1] RIP: 0033:0x7f67e29cb85a [ 1098.347077][ C1] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 1098.347848][ C1] RSP: 002b:00007ffcb38f8d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1098.348265][ C1] RAX: ffffffffffffffda RBX: 0000000019d929d0 RCX: 00007f67e29cb85a [ 1098.348564][ C1] RDX: 000000000000002a RSI: 0000000019d92c92 RDI: 0000000000000005 [ 1098.348850][ C1] RBP: 0000000019d92c92 R08: 00007ffcb38f8d40 R09: 0000000000000014 [ 1098.349261][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.349568][ C1] R13: 000000000000002a R14: 00007ffcb38f8d40 R15: 0000000000000000 | [ 1098.430022][ C1] Padding ffff8880020817d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 1098.430295][ C1] Padding ffff8880020817e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ | [ 1098.430571][ C1] Padding ffff8880020817f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ | [ 1098.431234][ C1] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1098.431376][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1098.431776][ C1] Call Trace: [ 1098.431884][ C1] [ 1098.431956][ C1] dump_stack_lvl (lib/dump_stack.c:123) [ 1098.432191][ C1] check_object (mm/slub.c:1400) [ 1098.432341][ C1] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) [ 1098.432482][ C1] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) [ 1098.432625][ C1] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) [ 1098.432766][ C1] ? neigh_alloc (./include/linux/slab.h:882 ./include/linux/slab.h:1014 net/core/neighbour.c:473) [ 1098.432994][ C1] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) [ 1098.433135][ C1] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [ 1098.433313][ C1] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:27 (discriminator 1)) [ 1098.433456][ C1] ? neigh_alloc (./include/linux/slab.h:882 ./include/linux/slab.h:1014 net/core/neighbour.c:473) [ 1098.433686][ C1] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 1098.433826][ C1] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) [ 1098.433966][ C1] neigh_alloc (./include/linux/slab.h:882 ./include/linux/slab.h:1014 net/core/neighbour.c:473) [ 1098.434108][ C1] ___neigh_create (net/core/neighbour.c:623) [ 1098.434340][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.434481][ C1] ? ip_finish_output2 (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 net/ipv4/ip_output.c:228) [ 1098.434626][ C1] ip_finish_output2 (./include/net/route.h:381 ./include/net/route.h:399 net/ipv4/ip_output.c:229) [ 1098.434767][ C1] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) [ 1098.435034][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) [ 1098.435179][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1672 ./include/linux/skbuff.h:5019 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) [ 1098.435320][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) [ 1098.435429][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) [ 1098.435655][ C1] ? pskb_expand_head (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 net/core/skbuff.c:2324) [ 1098.435811][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.435953][ C1] NF_HOOK.constprop.0 (./include/linux/netfilter.h:314) [ 1098.436093][ C1] ? __pfx_NF_HOOK.constprop.0 (./include/linux/netfilter.h:308) [ 1098.436236][ C1] ? sock_def_write_space (net/core/sock.c:3487) [ 1098.436469][ C1] ? ip_forward (net/ipv4/ip_forward.c:144) [ 1098.436610][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.436751][ C1] ip_rcv (./include/net/dst.h:460 ./include/net/dst.h:458 net/ipv4/ip_input.c:449 ./include/linux/netfilter.h:314 ./include/linux/netfilter.h:308 net/ipv4/ip_input.c:569) [ 1098.436861][ C1] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) [ 1098.437087][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.437227][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) [ 1098.437366][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.437507][ C1] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) [ 1098.437739][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.437880][ C1] __netif_receive_skb_one_core (net/core/dev.c:5668 (discriminator 4)) [ 1098.438054][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5661) [ 1098.438228][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.438455][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1098.438594][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6111) [ 1098.438735][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6114) [ 1098.438877][ C1] __napi_poll.constprop.0 (net/core/dev.c:6884) [ 1098.439019][ C1] net_rx_action (net/core/dev.c:6953 net/core/dev.c:7075) [ 1098.439170][ C1] ? __pfx_net_rx_action (net/core/dev.c:7037) [ 1098.439314][ C1] ? clockevents_program_event (kernel/time/clockevents.c:326) [ 1098.439460][ C1] ? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:94 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) [ 1098.439603][ C1] ? ktime_get (kernel/time/timekeeping.c:195 (discriminator 4) kernel/time/timekeeping.c:395 (discriminator 4) kernel/time/timekeeping.c:403 (discriminator 4) kernel/time/timekeeping.c:850 (discriminator 4)) [ 1098.439797][ C1] ? clockevents_program_event (kernel/time/clockevents.c:334 (discriminator 3)) [ 1098.439972][ C1] ? hrtimer_interrupt (kernel/time/hrtimer.c:1830) [ 1098.440122][ C1] handle_softirqs (kernel/softirq.c:554) [ 1098.440296][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.440528][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) [ 1098.440633][ C1] [ 1098.440728][ C1] [ 1098.440840][ C1] __local_bh_enable_ip (kernel/softirq.c:382) [ 1098.440990][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4457) [ 1098.441130][ C1] __dev_queue_xmit (net/core/dev.c:4458) [ 1098.441273][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4339) [ 1098.441412][ C1] ? packet_parse_headers (./include/linux/skbuff.h:3070 net/packet/af_packet.c:2006) [ 1098.441563][ C1] ? __pfx_sock_alloc_send_pskb (net/core/sock.c:2845) [ 1098.441723][ C1] ? __pfx_packet_parse_headers (net/packet/af_packet.c:1991) [ 1098.441949][ C1] ? skb_copy_datagram_from_iter (net/core/datagram.c:564) [ 1098.442142][ C1] ? dev_get_by_index (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/dev.c:892) [ 1098.442287][ C1] packet_snd (net/packet/af_packet.c:3146) [ 1098.442449][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) [ 1098.442673][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.442836][ C1] ? __pfx_packet_snd (net/packet/af_packet.c:3009) [ 1098.442983][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1098.443165][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.443486][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.443652][ C1] __sys_sendto (net/socket.c:729 net/socket.c:744 net/socket.c:2214) [ 1098.443801][ C1] ? __pfx___sys_sendto (net/socket.c:2184) [ 1098.443956][ C1] ? sock_ioctl (net/socket.c:1349) [ 1098.444097][ C1] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [ 1098.444265][ C1] ? trace_rseq_update (./include/trace/events/rseq.h:11 (discriminator 52)) [ 1098.444408][ C1] ? __rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.444623][ C1] ? do_user_addr_fault (./include/linux/mmap_lock.h:172 arch/x86/mm/fault.c:1417) [ 1098.444867][ C1] ? __pfx___rseq_handle_notify_resume (kernel/rseq.c:316) [ 1098.445067][ C1] __x64_sys_sendto (net/socket.c:2222) [ 1098.445208][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [ 1098.445417][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 1098.445656][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1098.445833][ C1] RIP: 0033:0x7f67e29cb85a [ 1098.445982][ C1] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 1098.446588][ C1] RSP: 002b:00007ffcb38f8d38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1098.446802][ C1] RAX: ffffffffffffffda RBX: 0000000019d929d0 RCX: 00007f67e29cb85a [ 1098.447100][ C1] RDX: 000000000000002a RSI: 0000000019d92c92 RDI: 0000000000000005 [ 1098.447317][ C1] RBP: 0000000019d92c92 R08: 00007ffcb38f8d40 R09: 0000000000000014 [ 1098.447532][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.447829][ C1] R13: 000000000000002a R14: 00007ffcb38f8d40 R15: 0000000000000000 | [ 1100.404414][ T38] br1: port 1(lag) entered disabled state | [ 1101.433693][ T38] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d6d: 0000 [#1] PREEMPT SMP KASAN NOPTI | [ 1101.434282][ T38] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6b68-0x6b6b6b6b6b6b6b6f] | [ 1101.435054][ T38] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1101.435261][ T38] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1101.435706][ T38] Workqueue: events_unbound linkwatch_event [ 1101.435970][ T38] RIP: 0010:neigh_flush_dev.isra.0 (./include/linux/list.h:988 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [ 1101.436229][ T38] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d All code ======== 0: 0f 85 ef 04 00 00 jne 0x4f5 6: 49 8d 7f 08 lea 0x8(%r15),%rdi a: 49 8b 1f mov (%r15),%rbx d: 48 89 f8 mov %rdi,%rax 10: 48 c1 e8 03 shr $0x3,%rax 14: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 19: 0f 85 cc 04 00 00 jne 0x4eb 1f: 49 8b 6f 08 mov 0x8(%r15),%rbp 23: 48 89 e8 mov %rbp,%rax 26: 48 c1 e8 03 shr $0x3,%rax 2a:* 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction 2f: 0f 85 19 05 00 00 jne 0x54e 35: 48 89 5d 00 mov %rbx,0x0(%rbp) 39: 48 85 db test %rbx,%rbx 3c: 74 1a je 0x58 3e: 48 rex.W 3f: 8d .byte 0x8d Code starting with the faulting instruction =========================================== 0: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 5: 0f 85 19 05 00 00 jne 0x524 b: 48 89 5d 00 mov %rbx,0x0(%rbp) f: 48 85 db test %rbx,%rbx 12: 74 1a je 0x2e 14: 48 rex.W 15: 8d .byte 0x8d [ 1101.436974][ T38] RSP: 0018:ffffc900002b7a08 EFLAGS: 00010202 [ 1101.437235][ T38] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff98e796f0 [ 1101.437545][ T38] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888002081008 [ 1101.437878][ T38] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000 [ 1101.438170][ T38] R10: ffffffff9b371f0f R11: ffffc900002b7619 R12: ffff88800208113c [ 1101.438483][ T38] R13: dffffc0000000000 R14: ffff888005e02000 R15: ffff888002081000 [ 1101.438773][ T38] FS: 0000000000000000(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 1101.439114][ T38] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1101.439372][ T38] CR2: 0000555ccd0f7990 CR3: 0000000025b26005 CR4: 0000000000772ef0 [ 1101.439669][ T38] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1101.439989][ T38] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1101.440282][ T38] PKRU: 55555554 [ 1101.440440][ T38] Call Trace: [ 1101.440597][ T38] [ 1101.440723][ T38] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [ 1101.440892][ T38] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) [ 1101.441096][ T38] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) [ 1101.441295][ T38] ? neigh_flush_dev.isra.0 (./include/linux/list.h:986 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [ 1101.441492][ T38] ? neigh_flush_dev.isra.0 (./include/linux/list.h:988 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [ 1101.441687][ T38] ? neigh_flush_dev.isra.0 (./include/linux/list.h:986 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [ 1101.441883][ T38] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1101.442083][ T38] __neigh_ifdown.isra.0 (net/core/neighbour.c:826 net/core/neighbour.c:426) [ 1101.442281][ T38] neigh_carrier_down (net/core/neighbour.c:438) [ 1101.442486][ T38] arp_netdev_event (net/ipv4/arp.c:1343) [ 1101.442685][ T38] ? trace_notifier_run (./include/trace/events/notifier.h:59 (discriminator 52)) [ 1101.442882][ T38] notifier_call_chain (kernel/notifier.c:93 (discriminator 2)) [ 1101.443080][ T38] netdev_state_change (net/core/dev.c:1380 net/core/dev.c:1371) [ 1101.443284][ T38] ? __pfx_netdev_state_change (net/core/dev.c:1372) [ 1101.443484][ T38] ? dev_deactivate (./include/linux/list.h:111 ./include/linux/list.h:215 ./include/linux/list.h:229 net/sched/sch_generic.c:1404) [ 1101.443680][ T38] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) [ 1101.443880][ T38] linkwatch_do_dev (net/core/link_watch.c:177) [ 1101.444079][ T38] __linkwatch_run_queue (./include/linux/spinlock.h:376 net/core/link_watch.c:236) [ 1101.444273][ T38] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1101.444473][ T38] ? __pfx___linkwatch_run_queue (net/core/link_watch.c:186) [ 1101.444715][ T38] ? process_one_work (kernel/workqueue.c:3205) [ 1101.444910][ T38] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1101.445107][ T38] linkwatch_event (net/core/link_watch.c:278) [ 1101.445302][ T38] process_one_work (kernel/workqueue.c:3229) [ 1101.445503][ T38] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) [ 1101.445708][ T38] ? __pfx_process_one_work (kernel/workqueue.c:3131) [ 1101.445909][ T38] ? assign_work (kernel/workqueue.c:1200) [ 1101.446113][ T38] worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391) [ 1101.446314][ T38] ? __pfx_worker_thread (kernel/workqueue.c:3337) [ 1101.446507][ T38] kthread (kernel/kthread.c:389) [ 1101.446655][ T38] ? __pfx_kthread (kernel/kthread.c:342) [ 1101.446851][ T38] ret_from_fork (arch/x86/kernel/process.c:147) [ 1101.447047][ T38] ? __pfx_kthread (kernel/kthread.c:342) Finger prints: depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report print_report:kasan_report:___neigh_create:ip_finish_output2:ip_output check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:neigh_alloc neigh_carrier_down:arp_netdev_event:notifier_call_chain:netdev_state_change:linkwatch_do_dev stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create