======================================
| [  113.476387][  T746] ==================================================================
| [ 113.476717][ T746] BUG: KASAN: slab-use-after-free in ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
| [  113.477011][  T746] Write of size 8 at addr ffff88800504d818 by task ip/746
| [  113.477185][  T746]
[  113.477476][  T746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  113.477787][  T746] Call Trace:
[  113.477898][  T746]  <TASK>
[ 113.477971][ T746] dump_stack_lvl (lib/dump_stack.c:123) 
[ 113.478118][ T746] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 113.478290][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.478442][ T746] print_report (mm/kasan/report.c:489) 
[ 113.478576][ T746] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 113.478715][ T746] kasan_report (mm/kasan/report.c:603) 
[ 113.478821][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.478959][ T746] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.479102][ T746] neigh_add (net/core/neighbour.c:1935) 
[ 113.479210][ T746] ? __pfx_neigh_add (net/core/neighbour.c:1934) 
[ 113.479343][ T746] ? __mutex_lock (./arch/x86/include/asm/preempt.h:94 kernel/locking/mutex.c:618 kernel/locking/mutex.c:752) 
[ 113.479501][ T746] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) 
[ 113.479641][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.479776][ T746] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 113.479913][ T746] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 113.480018][ T746] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 113.480152][ T746] netlink_rcv_skb (net/netlink/af_netlink.c:2551) 
[ 113.480292][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.480441][ T746] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) 
[ 113.480583][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) 
[ 113.480720][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) 
[ 113.480858][ T746] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) 
[ 113.480995][ T746] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) 
[ 113.481160][ T746] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 113.481305][ T746] netlink_sendmsg (net/netlink/af_netlink.c:1901) 
[ 113.481456][ T746] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) 
[ 113.481598][ T746] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 113.481736][ T746] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) 
[ 113.481876][ T746] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) 
[ 113.482016][ T746] ? __pfx_____sys_sendmsg (net/socket.c:2553) 
[ 113.482151][ T746] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) 
[ 113.482321][ T746] ___sys_sendmsg (net/socket.c:2663) 
[ 113.482473][ T746] ? __pfx____sys_sendmsg (net/socket.c:2650) 
[ 113.482644][ T746] ? ___sys_recvmsg (net/socket.c:2858) 
[ 113.482785][ T746] ? __pfx____sys_recvmsg (net/socket.c:2858) 
[ 113.482919][ T746] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 113.483056][ T746] ? do_user_addr_fault (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 ./include/linux/mm.h:727 arch/x86/mm/fault.c:1340) 
[ 113.483193][ T746] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) 
[ 113.483301][ T746] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) 
[ 113.483446][ T746] ? __pfx___sys_sendmsg (net/socket.c:2678) 
[ 113.483584][ T746] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 113.483724][ T746] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.483872][ T746] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  113.484040][  T746] RIP: 0033:0x7faadd3647b7
[ 113.484184][ T746] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
All code
========
   0:	0a 00                	or     (%rax),%al
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b9                	jmp    0xffffffffffffffc9
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 2e 00 00 00       	mov    $0x2e,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  3b:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  11:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
[  113.484685][  T746] RSP: 002b:00007ffcc7cbdf88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.484904][  T746] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faadd3647b7
[  113.485111][  T746] RDX: 0000000000000000 RSI: 00007ffcc7cbdff0 RDI: 0000000000000005
[  113.485313][  T746] RBP: 0000000000000001 R08: 0000000000000014 R09: 0000000000000000
[  113.485526][  T746] R10: 00007faadd21d708 R11: 0000000000000246 R12: 00007ffcc7cbed40
[  113.485740][  T746] R13: 0000000067169a47 R14: 0000000000496600 R15: 00007ffcc7cbe530
| [  113.491127][  T746] ------------[ cut here ]------------
| [  113.491272][  T746] pool index 93034 out of bounds (665) for stack id 6b6b6b6b
| [ 113.491591][ T746] WARNING: CPU: 2 PID: 746 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
| [  113.491872][  T746] Modules linked in: act_gact cls_flower sch_ingress macvlan 8021q vxlan ip6_udp_tunnel udp_tunnel bridge stp llc vrf veth
[  113.492492][  T746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 113.492855][ T746] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 113.493012][ T746] Code: b8 11 ad 8e e8 cb c0 9a 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 28 47 20 8e 44 89 e1 44 89 ea 89 ee e8 7b f2 0d ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad
All code
========
   0:	b8 11 ad 8e e8       	mov    $0xe88ead11,%eax
   5:	cb                   	lret
   6:	c0 9a 01 83 f8 01 75 	rcrb   $0x75,0x1f88301(%rdx)
   d:	b8 90 0f 0b 90       	mov    $0x900b0f90,%eax
  12:	eb b2                	jmp    0xffffffffffffffc6
  14:	90                   	nop
  15:	48 c7 c7 28 47 20 8e 	mov    $0xffffffff8e204728,%rdi
  1c:	44 89 e1             	mov    %r12d,%ecx
  1f:	44 89 ea             	mov    %r13d,%edx
  22:	89 ee                	mov    %ebp,%esi
  24:	e8 7b f2 0d ff       	call   0xffffffffff0df2a4
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	31 c0                	xor    %eax,%eax
  30:	eb bb                	jmp    0xffffffffffffffed
  32:	90                   	nop
  33:	0f 0b                	ud2
  35:	90                   	nop
  36:	eb b5                	jmp    0xffffffffffffffed
  38:	90                   	nop
  39:	0f 0b                	ud2
  3b:	90                   	nop
  3c:	31 c0                	xor    %eax,%eax
  3e:	eb ad                	jmp    0xffffffffffffffed

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	31 c0                	xor    %eax,%eax
   6:	eb bb                	jmp    0xffffffffffffffc3
   8:	90                   	nop
   9:	0f 0b                	ud2
   b:	90                   	nop
   c:	eb b5                	jmp    0xffffffffffffffc3
   e:	90                   	nop
   f:	0f 0b                	ud2
  11:	90                   	nop
  12:	31 c0                	xor    %eax,%eax
  14:	eb ad                	jmp    0xffffffffffffffc3
[  113.493578][  T746] RSP: 0018:ffffc9000057f368 EFLAGS: 00010082
[  113.493769][  T746] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff1cbb43c
[  113.493989][  T746] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  113.494210][  T746] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff1cbb43c
[  113.494438][  T746] R10: 0000000000000003 R11: 205d363437542020 R12: 000000006b6b6b6b
[  113.494661][  T746] R13: 0000000000000299 R14: 0000000000000008 R15: ffff88800893c5c0
[  113.494880][  T746] FS:  00007faadd158800(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[  113.495135][  T746] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.495325][  T746] CR2: 00000000004e3870 CR3: 0000000009dbe002 CR4: 0000000000772ef0
[  113.495554][  T746] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  113.495795][  T746] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  113.496030][  T746] PKRU: 55555554
[  113.496140][  T746] Call Trace:
[  113.496253][  T746]  <TASK>
[ 113.496342][ T746] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 113.496509][ T746] ? __warn (kernel/panic.c:748) 
[ 113.496648][ T746] ? __down_trylock_console_sem (kernel/printk/printk.c:332) 
[ 113.496796][ T746] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 113.496948][ T746] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 113.497098][ T746] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 113.497212][ T746] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 113.497363][ T746] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 113.497518][ T746] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 113.497668][ T746] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) 
[ 113.497821][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.497973][ T746] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 113.498123][ T746] stack_depot_print (lib/stackdepot.c:745) 
[ 113.498268][ T746] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 113.498451][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.498599][ T746] print_report (mm/kasan/report.c:489) 
[ 113.498742][ T746] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 113.498886][ T746] kasan_report (mm/kasan/report.c:603) 
[ 113.498997][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.499146][ T746] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.499297][ T746] neigh_add (net/core/neighbour.c:1935) 
[ 113.499410][ T746] ? __pfx_neigh_add (net/core/neighbour.c:1934) 
[ 113.499558][ T746] ? __mutex_lock (./arch/x86/include/asm/preempt.h:94 kernel/locking/mutex.c:618 kernel/locking/mutex.c:752) 
[ 113.499714][ T746] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) 
[ 113.499863][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.500008][ T746] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 113.500156][ T746] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 113.500269][ T746] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 113.500416][ T746] netlink_rcv_skb (net/netlink/af_netlink.c:2551) 
[ 113.500599][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.500745][ T746] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) 
[ 113.500921][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) 
[ 113.501071][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) 
[ 113.501229][ T746] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) 
[ 113.501377][ T746] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) 
[ 113.501523][ T746] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 113.501677][ T746] netlink_sendmsg (net/netlink/af_netlink.c:1901) 
[ 113.501844][ T746] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) 
[ 113.501989][ T746] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 113.502157][ T746] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) 
[ 113.502303][ T746] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) 
[ 113.502536][ T746] ? __pfx_____sys_sendmsg (net/socket.c:2553) 
[ 113.502691][ T746] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) 
[ 113.502911][ T746] ___sys_sendmsg (net/socket.c:2663) 
[ 113.503060][ T746] ? __pfx____sys_sendmsg (net/socket.c:2650) 
[ 113.503215][ T746] ? ___sys_recvmsg (net/socket.c:2858) 
[ 113.503407][ T746] ? __pfx____sys_recvmsg (net/socket.c:2858) 
[ 113.503559][ T746] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 113.503707][ T746] ? do_user_addr_fault (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 ./include/linux/mm.h:727 arch/x86/mm/fault.c:1340) 
[ 113.503925][ T746] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) 
[ 113.504055][ T746] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) 
[ 113.504214][ T746] ? __pfx___sys_sendmsg (net/socket.c:2678) 
[ 113.504377][ T746] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 113.504617][ T746] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.504922][ T746] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  113.505103][  T746] RIP: 0033:0x7faadd3647b7
[ 113.505254][ T746] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
All code
========
   0:	0a 00                	or     (%rax),%al
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b9                	jmp    0xffffffffffffffc9
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 2e 00 00 00       	mov    $0x2e,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  3b:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  11:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
[  113.505881][  T746] RSP: 002b:00007ffcc7cbdf88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.506126][  T746] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faadd3647b7
[  113.506822][  T746] RDX: 0000000000000000 RSI: 00007ffcc7cbdff0 RDI: 0000000000000005
[  113.507043][  T746] RBP: 0000000000000001 R08: 0000000000000014 R09: 0000000000000000
[  113.507263][  T746] R10: 00007faadd21d708 R11: 0000000000000246 R12: 00007ffcc7cbed40
[  113.507603][  T746] R13: 0000000067169a47 R14: 0000000000496600 R15: 00007ffcc7cbe530
| [  113.509681][  T746] corrupt handle or use after stack_depot_put()
| [ 113.509715][ T746] WARNING: CPU: 2 PID: 746 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
| [  113.510239][  T746] Modules linked in: act_gact cls_flower sch_ingress macvlan 8021q vxlan ip6_udp_tunnel udp_tunnel bridge stp llc vrf veth
| [  113.510957][  T746] Tainted: [W]=WARN
[  113.511069][  T746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 113.511398][ T746] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 113.511547][ T746] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 08 48 20 8e e8 62 ed 0d ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
All code
========
   0:	74 1a                	je     0x1c
   2:	48 8d 50 20          	lea    0x20(%rax),%rdx
   6:	48 89 13             	mov    %rdx,(%rbx)
   9:	5b                   	pop    %rbx
   a:	8b 40 14             	mov    0x14(%rax),%eax
   d:	5d                   	pop    %rbp
   e:	41 5c                	pop    %r12
  10:	c3                   	ret
  11:	cc                   	int3
  12:	cc                   	int3
  13:	cc                   	int3
  14:	cc                   	int3
  15:	31 c0                	xor    %eax,%eax
  17:	c3                   	ret
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	cc                   	int3
  1c:	90                   	nop
  1d:	48 c7 c7 08 48 20 8e 	mov    $0xffffffff8e204808,%rdi
  24:	e8 62 ed 0d ff       	call   0xffffffffff0ded8b
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	eb bb                	jmp    0xffffffffffffffeb
  30:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
  37:	00 00 00 00 
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop
  3f:	90                   	nop

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	eb bb                	jmp    0xffffffffffffffc1
   6:	66 66 2e 0f 1f 84 00 	data16 cs nopw 0x0(%rax,%rax,1)
   d:	00 00 00 00 
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
[  113.512143][  T746] RSP: 0018:ffffc9000057f390 EFLAGS: 00010082
[  113.512426][  T746] RAX: 0000000000000000 RBX: ffffc9000057f3b0 RCX: 1ffffffff1cbb43c
[  113.512688][  T746] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[  113.512908][  T746] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff1cbb43c
[  113.513240][  T746] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000
[  113.513450][  T746] R13: ffffffff8cc801f8 R14: 0000000000000008 R15: ffff88800893c5c0
[  113.513683][  T746] FS:  00007faadd158800(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[  113.514014][  T746] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.514187][  T746] CR2: 00000000004e3870 CR3: 0000000009dbe002 CR4: 0000000000772ef0
[  113.514395][  T746] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  113.514797][  T746] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  113.515011][  T746] PKRU: 55555554
[  113.515144][  T746] Call Trace:
[  113.515252][  T746]  <TASK>
[ 113.515433][ T746] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 113.515589][ T746] ? __warn (kernel/panic.c:748) 
[ 113.515693][ T746] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 113.515835][ T746] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 113.515975][ T746] ? handle_bug (arch/x86/kernel/traps.c:285) 
[ 113.516159][ T746] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) 
[ 113.516304][ T746] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) 
[ 113.516457][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.516606][ T746] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) 
[ 113.516826][ T746] stack_depot_print (lib/stackdepot.c:745) 
[ 113.516967][ T746] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) 
[ 113.517160][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.517292][ T746] print_report (mm/kasan/report.c:489) 
[ 113.517501][ T746] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 113.517635][ T746] kasan_report (mm/kasan/report.c:603) 
[ 113.517737][ T746] ? ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.517871][ T746] ___neigh_create (./include/linux/rculist.h:598 net/core/neighbour.c:688) 
[ 113.518014][ T746] neigh_add (net/core/neighbour.c:1935) 
[ 113.518194][ T746] ? __pfx_neigh_add (net/core/neighbour.c:1934) 
[ 113.518325][ T746] ? __mutex_lock (./arch/x86/include/asm/preempt.h:94 kernel/locking/mutex.c:618 kernel/locking/mutex.c:752) 
[ 113.518486][ T746] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) 
[ 113.518624][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.518857][ T746] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 113.519029][ T746] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 113.519138][ T746] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 113.519273][ T746] netlink_rcv_skb (net/netlink/af_netlink.c:2551) 
[ 113.519418][ T746] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) 
[ 113.519643][ T746] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) 
[ 113.519796][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) 
[ 113.519931][ T746] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) 
[ 113.520066][ T746] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) 
[ 113.520298][ T746] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) 
[ 113.520450][ T746] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 113.520624][ T746] netlink_sendmsg (net/netlink/af_netlink.c:1901) 
[ 113.520760][ T746] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) 
[ 113.520976][ T746] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) 
[ 113.521114][ T746] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) 
[ 113.521269][ T746] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) 
[ 113.521415][ T746] ? __pfx_____sys_sendmsg (net/socket.c:2553) 
[ 113.521628][ T746] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) 
[ 113.521803][ T746] ___sys_sendmsg (net/socket.c:2663) 
[ 113.521935][ T746] ? __pfx____sys_sendmsg (net/socket.c:2650) 
[ 113.522078][ T746] ? ___sys_recvmsg (net/socket.c:2858) 
[ 113.522289][ T746] ? __pfx____sys_recvmsg (net/socket.c:2858) 
[ 113.522429][ T746] ? reacquire_held_locks (kernel/locking/lockdep.c:5350) 
[ 113.522588][ T746] ? do_user_addr_fault (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 ./include/linux/mm.h:727 arch/x86/mm/fault.c:1340) 
[ 113.522734][ T746] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) 
[ 113.522842][ T746] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) 
[ 113.523053][ T746] ? __pfx___sys_sendmsg (net/socket.c:2678) 
[ 113.523211][ T746] ? __pfx___up_read (kernel/locking/rwsem.c:1337) 
[ 113.523368][ T746] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.523536][ T746] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  113.523800][  T746] RIP: 0033:0x7faadd3647b7
[ 113.523948][ T746] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
All code
========
   0:	0a 00                	or     (%rax),%al
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b9                	jmp    0xffffffffffffffc9
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 2e 00 00 00       	mov    $0x2e,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  3b:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  11:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
[  113.524524][  T746] RSP: 002b:00007ffcc7cbdf88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.524743][  T746] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faadd3647b7
[  113.524950][  T746] RDX: 0000000000000000 RSI: 00007ffcc7cbdff0 RDI: 0000000000000005
[  113.525239][  T746] RBP: 0000000000000001 R08: 0000000000000014 R09: 0000000000000000
[  113.525483][  T746] R10: 00007faadd21d708 R11: 0000000000000246 R12: 00007ffcc7cbed40
[  113.525715][  T746] R13: 0000000067169a47 R14: 0000000000496600 R15: 00007ffcc7cbe530
| [  113.854200][  T749] Padding  ffff88800504dfd4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  113.854495][  T749] Padding  ffff88800504dfe4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
| [  113.854857][  T749] Padding  ffff88800504dff4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
| [  113.855485][  T749] Tainted: [B]=BAD_PAGE, [W]=WARN
[  113.855639][  T749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  113.855952][  T749] Call Trace:
[  113.856143][  T749]  <TASK>
[ 113.856223][ T749] dump_stack_lvl (lib/dump_stack.c:123) 
[ 113.856392][ T749] check_object (mm/slub.c:1400) 
[ 113.856552][ T749] alloc_debug_processing (mm/slub.c:1576 mm/slub.c:1586) 
[ 113.856692][ T749] get_partial_node.part.0 (mm/slub.c:2746 mm/slub.c:2832) 
[ 113.856919][ T749] ___slab_alloc (mm/slub.c:2823 mm/slub.c:2940 mm/slub.c:3798) 
[ 113.857067][ T749] ? p9_fcall_init (net/9p/client.c:233) 
[ 113.857210][ T749] ? fs_reclaim_acquire (mm/page_alloc.c:3851 mm/page_alloc.c:3842) 
[ 113.857349][ T749] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 113.857591][ T749] ? p9_fcall_init (net/9p/client.c:233) 
[ 113.857730][ T749] ? __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 113.857877][ T749] __kmalloc_noprof (mm/slub.c:3908 mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276) 
[ 113.858020][ T749] p9_fcall_init (net/9p/client.c:233) 
[ 113.858163][ T749] p9_tag_alloc (net/9p/client.c:300) 
[ 113.858302][ T749] ? __pfx_p9_tag_alloc (net/9p/client.c:280) 
[ 113.858467][ T749] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 113.858619][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.858760][ T749] p9_client_prepare_req (net/9p/client.c:644) 
[ 113.858984][ T749] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
[ 113.859137][ T749] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) 
[ 113.859308][ T749] ? __kernel_text_address (kernel/extable.c:79) 
[ 113.859448][ T749] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 113.859714][ T749] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) 
[ 113.859853][ T749] ? __pfx_p9_client_rpc (net/9p/client.c:675) 
[ 113.859991][ T749] ? stack_depot_save_flags (lib/stackdepot.c:609) 
[ 113.860173][ T749] ? backing_file_read_iter (fs/backing-file.c:183) 
[ 113.860405][ T749] ? ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 113.860549][ T749] ? __pfx_fill_pool (lib/debugobjects.c:129) 
[ 113.860691][ T749] p9_client_read_once (net/9p/client.c:1565) 
[ 113.860849][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.861077][ T749] ? __pfx_p9_client_read_once (net/9p/client.c:1537) 
[ 113.861236][ T749] ? __debug_object_init (lib/debugobjects.c:622) 
[ 113.861399][ T749] ? mempool_alloc_noprof (mm/mempool.c:402) 
[ 113.861594][ T749] p9_client_read (net/9p/client.c:1525) 
[ 113.861854][ T749] v9fs_issue_read (fs/9p/vfs_addr.c:78) 
[ 113.862015][ T749] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 113.862171][ T749] ? __pfx_v9fs_issue_read (fs/9p/vfs_addr.c:68) 
[ 113.862328][ T749] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 113.862487][ T749] ? netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:79) 
[ 113.862760][ T749] netfs_dispatch_unbuffered_reads.isra.0 (fs/netfs/direct_read.c:90) 
[ 113.862965][ T749] netfs_unbuffered_read (fs/netfs/direct_read.c:129) 
[ 113.863109][ T749] netfs_unbuffered_read_iter_locked (fs/netfs/direct_read.c:221) 
[ 113.863374][ T749] netfs_unbuffered_read_iter (fs/netfs/direct_read.c:257) 
[ 113.863538][ T749] do_iter_readv_writev (fs/read_write.c:832) 
[ 113.863706][ T749] ? ovl_verify_lowerdata (fs/overlayfs/namei.c:1026) 
[ 113.863877][ T749] ? __pfx_do_iter_readv_writev (fs/read_write.c:821) 
[ 113.864115][ T749] ? kasan_save_stack (mm/kasan/common.c:49) 
[ 113.864284][ T749] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.864430][ T749] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 113.864643][ T749] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 113.864877][ T749] vfs_iter_read (fs/read_write.c:923) 
[ 113.865016][ T749] ? ovl_real_fdget_meta (fs/overlayfs/file.c:110) 
[ 113.865155][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.865307][ T749] backing_file_read_iter (fs/backing-file.c:183) 
[ 113.865459][ T749] ovl_read_iter (./include/linux/file.h:68 fs/overlayfs/file.c:282) 
[ 113.865693][ T749] ? __pfx_ovl_read_iter (fs/overlayfs/file.c:263) 
[ 113.865852][ T749] ? __pfx_free_object_rcu (mm/kmemleak.c:514) 
[ 113.866000][ T749] ? trace_rcu_segcb_stats (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:570 ./include/linux/cpumask.h:1117 ./include/trace/events/rcu.h:537) 
[ 113.866139][ T749] ? __pfx_ovl_file_accessed (fs/overlayfs/file.c:235) 
[ 113.866291][ T749] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 113.866490][ T749] vfs_read (fs/read_write.c:488 fs/read_write.c:569) 
[ 113.866617][ T749] ? kmem_cache_free (mm/slub.c:4579 mm/slub.c:4681) 
[ 113.866774][ T749] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) 
[ 113.867011][ T749] ? do_sys_openat2 (fs/open.c:1424) 
[ 113.867163][ T749] ? __pfx_vfs_read (fs/read_write.c:550) 
[ 113.867309][ T749] ? __pfx_do_sys_openat2 (fs/open.c:1401) 
[ 113.867487][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.867724][ T749] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) 
[ 113.867892][ T749] ksys_read (fs/read_write.c:712) 
[ 113.867999][ T749] ? __pfx_ksys_read (fs/read_write.c:702) 
[ 113.868142][ T749] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 113.868319][ T749] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.868572][ T749] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  113.868745][  T749] RIP: 0033:0x7fed8fdcc138
[ 113.868898][ T749] Code: c0 48 8d 44 24 d0 48 89 44 24 c8 eb bb 0f 1f 44 00 00 f7 d8 89 05 b8 f0 00 00 b8 ff ff ff ff c3 66 90 f3 0f 1e fa 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 08 c3 0f 1f 80 00 00 00 00 f7 d8 89 05 90 f0
All code
========
   0:	c0 48 8d 44          	rorb   $0x44,-0x73(%rax)
   4:	24 d0                	and    $0xd0,%al
   6:	48 89 44 24 c8       	mov    %rax,-0x38(%rsp)
   b:	eb bb                	jmp    0xffffffffffffffc8
   d:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  12:	f7 d8                	neg    %eax
  14:	89 05 b8 f0 00 00    	mov    %eax,0xf0b8(%rip)        # 0xf0d2
  1a:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  1f:	c3                   	ret
  20:	66 90                	xchg   %ax,%ax
  22:	f3 0f 1e fa          	endbr64
  26:	31 c0                	xor    %eax,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 08                	ja     0x3a
  32:	c3                   	ret
  33:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  3a:	f7 d8                	neg    %eax
  3c:	89                   	.byte 0x89
  3d:	05                   	.byte 0x5
  3e:	90                   	nop
  3f:	f0                   	lock

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 08                	ja     0x10
   8:	c3                   	ret
   9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  10:	f7 d8                	neg    %eax
  12:	89                   	.byte 0x89
  13:	05                   	.byte 0x5
  14:	90                   	nop
  15:	f0                   	lock
[  113.869525][  T749] RSP: 002b:00007fffbf69c4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  113.869745][  T749] RAX: ffffffffffffffda RBX: 00007fffbf69c77f RCX: 00007fed8fdcc138
[  113.870055][  T749] RDX: 0000000000000340 RSI: 00007fffbf69c798 RDI: 0000000000000005
[  113.870269][  T749] RBP: 00007fffbf69c560 R08: 0000000000080000 R09: 00007fffbf69c570
[  113.870549][  T749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340
[  113.870884][  T749] R13: 00007fffbf69c790 R14: 00007fffbf69c570 R15: 0000000000000005
| [  113.871123][  T749]  </TASK>
| [  113.871242][  T749] FIX kmalloc-1k: Marking all objects used
| [  113.880281][  T749] Oops: general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [  113.881155][  T749] Tainted: [B]=BAD_PAGE, [W]=WARN
[  113.881343][  T749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 113.881770][ T749] RIP: 0010:free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 113.882029][ T749] Code: 90 e9 02 ff ff ff 31 db 41 f6 44 24 08 80 0f 84 9e 00 00 00 8b 0d fd 3a df 03 85 c9 75 58 48 8b 45 18 48 8b 55 10 48 8d 7d 10 <48> 3b 38 0f 85 ca 00 00 00 48 3b 7a 08 0f 85 c0 00 00 00 48 89 42
All code
========
   0:	90                   	nop
   1:	e9 02 ff ff ff       	jmp    0xffffffffffffff08
   6:	31 db                	xor    %ebx,%ebx
   8:	41 f6 44 24 08 80    	testb  $0x80,0x8(%r12)
   e:	0f 84 9e 00 00 00    	je     0xb2
  14:	8b 0d fd 3a df 03    	mov    0x3df3afd(%rip),%ecx        # 0x3df3b17
  1a:	85 c9                	test   %ecx,%ecx
  1c:	75 58                	jne    0x76
  1e:	48 8b 45 18          	mov    0x18(%rbp),%rax
  22:	48 8b 55 10          	mov    0x10(%rbp),%rdx
  26:	48 8d 7d 10          	lea    0x10(%rbp),%rdi
  2a:*	48 3b 38             	cmp    (%rax),%rdi		<-- trapping instruction
  2d:	0f 85 ca 00 00 00    	jne    0xfd
  33:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
  37:	0f 85 c0 00 00 00    	jne    0xfd
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89
  3f:	42                   	rex.X

Code starting with the faulting instruction
===========================================
   0:	48 3b 38             	cmp    (%rax),%rdi
   3:	0f 85 ca 00 00 00    	jne    0xd3
   9:	48 3b 7a 08          	cmp    0x8(%rdx),%rdi
   d:	0f 85 c0 00 00 00    	jne    0xd3
  13:	48                   	rex.W
  14:	89                   	.byte 0x89
  15:	42                   	rex.X
[  113.882730][  T749] RSP: 0018:ffffc900006cf410 EFLAGS: 00010046
[  113.882988][  T749] RAX: dead000000000122 RBX: 0000000000000000 RCX: 0000000000000000
[  113.883279][  T749] RDX: dead000000000100 RSI: 0000000007120200 RDI: ffffea0000141210
[  113.883564][  T749] RBP: ffffea0000141200 R08: 0000000000000001 R09: 0000000000000000
[  113.883841][  T749] R10: ffff88800504d000 R11: ffffc900006cf289 R12: ffff8880010430c0
[  113.884123][  T749] R13: ffff88800504cc00 R14: 0000000000000282 R15: ffff888001040e00
[  113.884405][  T749] FS:  0000000000000000(0000) GS:ffff888036180000(0000) knlGS:0000000000000000
[  113.884735][  T749] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  113.884979][  T749] CR2: 000055a15a860dec CR3: 0000000008f2c003 CR4: 0000000000772ef0
[  113.885263][  T749] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  113.885550][  T749] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  113.885833][  T749] PKRU: 55555554
[  113.885974][  T749] Call Trace:
[  113.886116][  T749]  <TASK>
[ 113.886212][ T749] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 113.886377][ T749] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 113.886590][ T749] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 113.886800][ T749] ? free_to_partial_list (./include/linux/list.h:119 ./include/linux/list.h:215 ./include/linux/list.h:229 mm/slub.c:1521 mm/slub.c:4346) 
[ 113.886985][ T749] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) 
[ 113.887176][ T749] qlist_free_all (mm/kasan/quarantine.c:174) 
[ 113.887366][ T749] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) 
[ 113.887564][ T749] __kasan_slab_alloc (mm/kasan/common.c:329) 
[ 113.887758][ T749] kmem_cache_alloc_noprof (./include/linux/kasan.h:247 mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141) 
[ 113.887969][ T749] p9_tag_alloc (net/9p/client.c:288) 
[ 113.888167][ T749] ? __pfx_p9_tag_alloc (net/9p/client.c:280) 
[ 113.888376][ T749] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) 
[ 113.888583][ T749] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) 
[ 113.888768][ T749] ? is_bpf_text_address (kernel/bpf/core.c:772) 
[ 113.888997][ T749] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
[ 113.889184][ T749] p9_client_prepare_req (net/9p/client.c:644) 
[ 113.889374][ T749] ? __pfx_p9_client_prepare_req (net/9p/client.c:628) 
[ 113.889635][ T749] p9_client_rpc (net/9p/client.c:691 (discriminator 4)) 
[ 113.889820][ T749] ? __pfx_p9_client_rpc (net/9p/client.c:675) 
[ 113.890019][ T749] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 113.890203][ T749] ? v9fs_fid_find (fs/9p/fid.c:114) 
[ 113.890388][ T749] ? __pfx_v9fs_fid_find (fs/9p/fid.c:114) 
[ 113.890591][ T749] ? __dentry_kill (fs/dcache.c:634) 
[ 113.890785][ T749] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 113.890973][ T749] ? do_filp_open (fs/namei.c:3960) 
[ 113.891169][ T749] ? do_sys_openat2 (fs/open.c:1415) 
[ 113.891356][ T749] ? v9fs_fid_lookup_with_uid (fs/9p/fid.c:181) 
[ 113.891567][ T749] ? __pfx_v9fs_fid_lookup_with_uid (fs/9p/fid.c:172) 
[ 113.891815][ T749] p9_client_readlink (net/9p/client.c:2289) 
[ 113.892004][ T749] v9fs_vfs_get_link_dotl (fs/9p/vfs_inode_dotl.c:834 fs/9p/vfs_inode_dotl.c:818) 
[ 113.892193][ T749] ? __pfx_v9fs_vfs_get_link_dotl (fs/9p/vfs_inode_dotl.c:821) 
[ 113.892435][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.892626][ T749] ? pick_link (fs/namei.c:1835) 
[ 113.892836][ T749] ovl_get_link (fs/overlayfs/inode.c:337 fs/overlayfs/inode.c:325) 
[ 113.892988][ T749] pick_link (fs/namei.c:1857) 
[ 113.893143][ T749] ? revert_creds (./arch/x86/include/asm/atomic64_64.h:39 ./include/linux/atomic/atomic-arch-fallback.h:4384 ./include/linux/atomic/atomic-long.h:1551 ./include/linux/atomic/atomic-instrumented.h:4522 ./include/linux/cred.h:266 ./include/linux/cred.h:261 ./include/linux/cred.h:280 kernel/cred.c:525) 
[ 113.893344][ T749] step_into (fs/namei.c:1923) 
[ 113.893507][ T749] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 113.893702][ T749] ? __pfx_step_into (fs/namei.c:1888) 
[ 113.893913][ T749] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) 
[ 113.894116][ T749] open_last_lookups (fs/namei.c:3721) 
[ 113.894315][ T749] path_openat (fs/namei.c:3930 (discriminator 1)) 
[ 113.894520][ T749] ? __pfx_path_openat (fs/namei.c:3915) 
[ 113.894721][ T749] do_filp_open (fs/namei.c:3960) 
[ 113.894928][ T749] ? __pfx_do_filp_open (fs/namei.c:3954) 
[ 113.895131][ T749] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 113.895334][ T749] ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141) 
[ 113.895546][ T749] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 113.895755][ T749] ? alloc_fd (fs/file.c:541 (discriminator 10)) 
[ 113.895908][ T749] do_sys_openat2 (fs/open.c:1415) 
[ 113.896113][ T749] ? __pfx_do_sys_openat2 (fs/open.c:1401) 
[ 113.896309][ T749] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 113.896523][ T749] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) 
[ 113.896758][ T749] __x64_sys_openat (fs/open.c:1441) 
[ 113.896958][ T749] ? __pfx___x64_sys_openat (fs/open.c:1441) 
[ 113.897146][ T749] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 113.897380][ T749] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 113.897654][ T749] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 113.897845][ T749] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[  113.898103][  T749] RIP: 0033:0x7fed8fdcc0e8
[ 113.898315][ T749] Code: f9 41 89 f0 41 83 e2 40 75 30 89 f0 25 00 00 41 00 3d 00 00 41 00 74 22 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 30 c3 0f 1f 80 00 00 00 00 48 8d 44 24 08 c7
All code
========
   0:	f9                   	stc
   1:	41 89 f0             	mov    %esi,%r8d
   4:	41 83 e2 40          	and    $0x40,%r10d
   8:	75 30                	jne    0x3a
   a:	89 f0                	mov    %esi,%eax
   c:	25 00 00 41 00       	and    $0x410000,%eax
  11:	3d 00 00 41 00       	cmp    $0x410000,%eax
  16:	74 22                	je     0x3a
  18:	44 89 c2             	mov    %r8d,%edx
  1b:	4c 89 ce             	mov    %r9,%rsi
  1e:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  23:	b8 01 01 00 00       	mov    $0x101,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 30                	ja     0x62
  32:	c3                   	ret
  33:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  3a:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  3f:	c7                   	.byte 0xc7

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 30                	ja     0x38
   8:	c3                   	ret
   9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  10:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  15:	c7                   	.byte 0xc7
[  113.899016][  T749] RSP: 002b:00007fffbf69c4b8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[  113.899296][  T749] RAX: ffffffffffffffda RBX: 00007fffbf69c73f RCX: 00007fed8fdcc0e8
[  113.899585][  T749] RDX: 0000000000080000 RSI: 00007fffbf69c530 RDI: 00000000ffffff9c
[  113.899871][  T749] RBP: 00007fffbf69c520 R08: 0000000000080000 R09: 00007fffbf69c530
[  113.900150][  T749] R10: 0000000000000000 R11: 0000000000000287 R12: 00007fffbf69c537


Finger prints:
check_object:alloc_debug_processing:___slab_alloc:__kmalloc_noprof:p9_fcall_init
print_report:kasan_report:___neigh_create:neigh_add:rtnetlink_rcv_msg
depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report
stack_depot_fetch:stack_depot_print:print_report:kasan_report:___neigh_create
free_to_partial_list:qlist_free_all:kasan_quarantine_reduce:__kasan_slab_alloc:kmem_cache_alloc_noprof