====================================== | [ 5558.547141][T19381] ================================================================== | [5558.547401][T19381] BUG: KASAN: slab-use-after-free in neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) | [ 5558.547635][T19381] Write of size 8 at addr ffff8880026e1018 by task ip/19381 | [ 5558.547861][T19381] [ 5558.548178][T19381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 5558.548520][T19381] Call Trace: [ 5558.548641][T19381] [5558.548722][T19381] dump_stack_lvl (lib/dump_stack.c:123) [5558.548883][T19381] print_address_description.constprop.0 (mm/kasan/report.c:378) [5558.549080][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.549239][T19381] print_report (mm/kasan/report.c:489) [5558.549401][T19381] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [5558.549558][T19381] kasan_report (mm/kasan/report.c:603) [5558.549677][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.549833][T19381] neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.549983][T19381] ? lock_acquire (kernel/locking/lockdep.c:5798) [5558.550142][T19381] __neigh_ifdown.isra.0 (net/core/neighbour.c:826 net/core/neighbour.c:426) [5558.550294][T19381] ? fib_flush (net/ipv4/fib_frontend.c:195 (discriminator 11)) [5558.550411][T19381] neigh_ifdown (net/core/neighbour.c:445) [5558.550526][T19381] fib_netdev_event (net/ipv4/fib_frontend.c:1521) [5558.550680][T19381] notifier_call_chain (kernel/notifier.c:93 (discriminator 2)) [5558.550838][T19381] __netdev_upper_dev_unlink (net/core/dev.c:7704 (discriminator 11) net/core/dev.c:8156 (discriminator 11)) [5558.550990][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.551116][T19381] ? __pfx___netdev_upper_dev_unlink (net/core/dev.c:8135) [5558.551313][T19381] netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.551464][T19381] ? __pfx_netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.551655][T19381] ? mutex_is_locked (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:81 kernel/locking/mutex.c:91) [5558.551806][T19381] vrf_del_slave (drivers/net/vrf.c:1131 drivers/net/vrf.c:1140) [5558.551959][T19381] do_set_master (net/core/rtnetlink.c:2762) [5558.552114][T19381] do_setlink (net/core/rtnetlink.c:2982) [5558.552266][T19381] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [5558.552421][T19381] ? __pfx_do_setlink (net/core/rtnetlink.c:2853) [5558.552571][T19381] ? is_bpf_text_address (kernel/bpf/core.c:772) [5558.552722][T19381] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [5558.552878][T19381] ? __kernel_text_address (kernel/extable.c:79) [5558.553031][T19381] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) [5558.553183][T19381] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [5558.553374][T19381] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [5558.553531][T19381] ? stack_trace_save (kernel/stacktrace.c:123) [5558.553686][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.553839][T19381] ? __pfx_validate_nla (lib/nlattr.c:396) [5558.553994][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.554111][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.554263][T19381] ? __nla_validate_parse (lib/nlattr.c:638) [5558.554418][T19381] __rtnl_newlink (net/core/rtnetlink.c:3771) [5558.554573][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.554727][T19381] ? __pfx___rtnl_newlink (net/core/rtnetlink.c:3632) [5558.554881][T19381] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [5558.555071][T19381] ? __create_object (mm/kmemleak.c:766) [5558.555223][T19381] ? trace_kmalloc (./include/trace/events/kmem.h:54 (discriminator 52)) [5558.555381][T19381] rtnl_newlink (net/core/rtnetlink.c:3819) [5558.555497][T19381] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) [5558.555650][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.555803][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.555958][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.556072][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.556228][T19381] netlink_rcv_skb (net/netlink/af_netlink.c:2551) [5558.556382][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.556536][T19381] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) [5558.556695][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) [5558.556849][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) [5558.557002][T19381] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) [5558.557157][T19381] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) [5558.557311][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.557467][T19381] netlink_sendmsg (net/netlink/af_netlink.c:1901) [5558.557620][T19381] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) [5558.557770][T19381] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [5558.557927][T19381] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) [5558.558085][T19381] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) [5558.558236][T19381] ? __pfx_____sys_sendmsg (net/socket.c:2553) [5558.558390][T19381] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) [5558.558584][T19381] ___sys_sendmsg (net/socket.c:2663) [5558.558739][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.558892][T19381] ? __pfx____sys_sendmsg (net/socket.c:2650) [5558.559044][T19381] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [5558.559196][T19381] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4609) [5558.559385][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.559540][T19381] ? kasan_save_stack (mm/kasan/common.c:48) [5558.559690][T19381] ? __kasan_record_aux_stack (mm/kasan/generic.c:541) [5558.559842][T19381] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087) [5558.560038][T19381] ? __x64_sys_close (fs/open.c:1568 fs/open.c:1550 fs/open.c:1550) [5558.560189][T19381] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.560344][T19381] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [5558.560533][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.560688][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.560843][T19381] ? __lock_release (kernel/locking/lockdep.c:5501) [5558.560993][T19381] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) [5558.561118][T19381] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) [5558.561272][T19381] ? __pfx___sys_sendmsg (net/socket.c:2678) [5558.561423][T19381] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [5558.561580][T19381] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.561754][T19381] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 5558.561946][T19381] RIP: 0033:0x7f5f1c1187b7 [ 5558.562105][T19381] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 All code ======== 0: 0a 00 or (%rax),%al 2: f7 d8 neg %eax 4: 64 89 02 mov %eax,%fs:(%rdx) 7: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax e: eb b9 jmp 0xffffffffffffffc9 10: 0f 1f 00 nopl (%rax) 13: f3 0f 1e fa endbr64 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 10 jne 0x33 23: b8 2e 00 00 00 mov $0x2e,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 51 ja 0x83 32: c3 ret 33: 48 83 ec 28 sub $0x28,%rsp 37: 89 54 24 1c mov %edx,0x1c(%rsp) 3b: 48 89 74 24 10 mov %rsi,0x10(%rsp) Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 51 ja 0x59 8: c3 ret 9: 48 83 ec 28 sub $0x28,%rsp d: 89 54 24 1c mov %edx,0x1c(%rsp) 11: 48 89 74 24 10 mov %rsi,0x10(%rsp) [ 5558.562643][T19381] RSP: 002b:00007fff6c18d378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 5558.562875][T19381] RAX: ffffffffffffffda RBX: 00007fff6c18daa0 RCX: 00007f5f1c1187b7 [ 5558.563101][T19381] RDX: 0000000000000000 RSI: 00007fff6c18d3e0 RDI: 0000000000000005 [ 5558.563336][T19381] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 5558.563564][T19381] R10: 00007f5f1bfd6ef8 R11: 0000000000000246 R12: 0000000000000002 [ 5558.563791][T19381] R13: 000000006716af79 R14: 0000000000496600 R15: 0000000000000000 | [ 5558.570734][T19381] ------------[ cut here ]------------ | [ 5558.570891][T19381] pool index 93034 out of bounds (861) for stack id 6b6b6b6b | [5558.571159][T19381] WARNING: CPU: 1 PID: 19381 at lib/stackdepot.c:451 depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) | [ 5558.571532][T19381] Modules linked in: ip6t_REJECT ipt_REJECT nft_compat nf_tables libcrc32c [ 5558.572050][T19381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [5558.572493][T19381] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [ 5558.572657][T19381] Code: 18 a3 ce 8f e8 9b 58 bd 01 83 f8 01 75 b8 90 0f 0b 90 eb b2 90 48 c7 c7 e0 e2 46 8f 44 89 e1 44 89 ea 89 ee e8 3b ad 0c ff 90 <0f> 0b 90 90 31 c0 eb bb 90 0f 0b 90 eb b5 90 0f 0b 90 31 c0 eb ad All code ======== 0: 18 a3 ce 8f e8 9b sbb %ah,-0x64177032(%rbx) 6: 58 pop %rax 7: bd 01 83 f8 01 mov $0x1f88301,%ebp c: 75 b8 jne 0xffffffffffffffc6 e: 90 nop f: 0f 0b ud2 11: 90 nop 12: eb b2 jmp 0xffffffffffffffc6 14: 90 nop 15: 48 c7 c7 e0 e2 46 8f mov $0xffffffff8f46e2e0,%rdi 1c: 44 89 e1 mov %r12d,%ecx 1f: 44 89 ea mov %r13d,%edx 22: 89 ee mov %ebp,%esi 24: e8 3b ad 0c ff call 0xffffffffff0cad64 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: 31 c0 xor %eax,%eax 30: eb bb jmp 0xffffffffffffffed 32: 90 nop 33: 0f 0b ud2 35: 90 nop 36: eb b5 jmp 0xffffffffffffffed 38: 90 nop 39: 0f 0b ud2 3b: 90 nop 3c: 31 c0 xor %eax,%eax 3e: eb ad jmp 0xffffffffffffffed Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: 31 c0 xor %eax,%eax 6: eb bb jmp 0xffffffffffffffc3 8: 90 nop 9: 0f 0b ud2 b: 90 nop c: eb b5 jmp 0xffffffffffffffc3 e: 90 nop f: 0f 0b ud2 11: 90 nop 12: 31 c0 xor %eax,%eax 14: eb ad jmp 0xffffffffffffffc3 [ 5558.573313][T19381] RSP: 0018:ffffc9000087edd8 EFLAGS: 00010082 [ 5558.573510][T19381] RAX: 0000000000000000 RBX: 0000000000001b50 RCX: 1ffffffff1efdc3c [ 5558.573840][T19381] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 5558.574078][T19381] RBP: 0000000000016b6a R08: 0000000000000000 R09: fffffbfff1efdc3c [ 5558.574314][T19381] R10: 0000000000000003 R11: 205d313833393154 R12: 000000006b6b6b6b [ 5558.574647][T19381] R13: 000000000000035d R14: 0000000000000008 R15: ffff888009a045c0 [ 5558.574884][T19381] FS: 00007f5f1bf0c800(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 5558.575158][T19381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5558.575461][T19381] CR2: 00000000004e3868 CR3: 00000000059e2003 CR4: 0000000000772ef0 [ 5558.575699][T19381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5558.575937][T19381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5558.576171][T19381] PKRU: 55555554 [ 5558.576292][T19381] Call Trace: [ 5558.576412][T19381] [5558.576496][T19381] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [5558.576750][T19381] ? __warn (kernel/panic.c:748) [5558.576873][T19381] ? __down_trylock_console_sem (kernel/printk/printk.c:332) [5558.577034][T19381] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [5558.577193][T19381] ? report_bug (lib/bug.c:201 lib/bug.c:219) [5558.577353][T19381] ? handle_bug (arch/x86/kernel/traps.c:285) [5558.577559][T19381] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [5558.577711][T19381] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [5558.577861][T19381] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [5558.578008][T19381] ? depot_fetch_stack (lib/stackdepot.c:451 (discriminator 1)) [5558.578250][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.578396][T19381] stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [5558.578546][T19381] stack_depot_print (lib/stackdepot.c:745) [5558.578692][T19381] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [5558.578984][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.579145][T19381] print_report (mm/kasan/report.c:489) [5558.579304][T19381] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [5558.579463][T19381] kasan_report (mm/kasan/report.c:603) [5558.579589][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.579842][T19381] neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.580000][T19381] ? lock_acquire (kernel/locking/lockdep.c:5798) [5558.580162][T19381] __neigh_ifdown.isra.0 (net/core/neighbour.c:826 net/core/neighbour.c:426) [5558.580316][T19381] ? fib_flush (net/ipv4/fib_frontend.c:195 (discriminator 11)) [5558.580522][T19381] neigh_ifdown (net/core/neighbour.c:445) [5558.580633][T19381] fib_netdev_event (net/ipv4/fib_frontend.c:1521) [5558.580786][T19381] notifier_call_chain (kernel/notifier.c:93 (discriminator 2)) [5558.580936][T19381] __netdev_upper_dev_unlink (net/core/dev.c:7704 (discriminator 11) net/core/dev.c:8156 (discriminator 11)) [5558.581087][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.581297][T19381] ? __pfx___netdev_upper_dev_unlink (net/core/dev.c:8135) [5558.581485][T19381] netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.581633][T19381] ? __pfx_netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.581819][T19381] ? mutex_is_locked (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:81 kernel/locking/mutex.c:91) [5558.582149][T19381] vrf_del_slave (drivers/net/vrf.c:1131 drivers/net/vrf.c:1140) [5558.582297][T19381] do_set_master (net/core/rtnetlink.c:2762) [5558.582444][T19381] do_setlink (net/core/rtnetlink.c:2982) [5558.582594][T19381] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [5558.582838][T19381] ? __pfx_do_setlink (net/core/rtnetlink.c:2853) [5558.582986][T19381] ? is_bpf_text_address (kernel/bpf/core.c:772) [5558.583133][T19381] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [5558.583283][T19381] ? __kernel_text_address (kernel/extable.c:79) [5558.583520][T19381] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) [5558.583668][T19381] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [5558.583857][T19381] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [5558.584010][T19381] ? stack_trace_save (kernel/stacktrace.c:123) [5558.584250][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.584398][T19381] ? __pfx_validate_nla (lib/nlattr.c:396) [5558.584546][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.584658][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.584807][T19381] ? __nla_validate_parse (lib/nlattr.c:638) [5558.585048][T19381] __rtnl_newlink (net/core/rtnetlink.c:3771) [5558.585196][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.585347][T19381] ? __pfx___rtnl_newlink (net/core/rtnetlink.c:3632) [5558.585495][T19381] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [5558.585774][T19381] ? __create_object (mm/kmemleak.c:766) [5558.585922][T19381] ? trace_kmalloc (./include/trace/events/kmem.h:54 (discriminator 52)) [5558.586071][T19381] rtnl_newlink (net/core/rtnetlink.c:3819) [5558.586182][T19381] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) [5558.586425][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.586573][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.586725][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.586841][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.586989][T19381] netlink_rcv_skb (net/netlink/af_netlink.c:2551) [5558.587230][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.587378][T19381] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) [5558.587529][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) [5558.587678][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) [5558.587921][T19381] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) [5558.588071][T19381] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) [5558.588219][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.588372][T19381] netlink_sendmsg (net/netlink/af_netlink.c:1901) [5558.588614][T19381] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) [5558.588761][T19381] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [5558.588910][T19381] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) [5558.589060][T19381] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) [5558.589209][T19381] ? __pfx_____sys_sendmsg (net/socket.c:2553) [5558.589462][T19381] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) [5558.589654][T19381] ___sys_sendmsg (net/socket.c:2663) [5558.589806][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.589954][T19381] ? __pfx____sys_sendmsg (net/socket.c:2650) [5558.590100][T19381] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [5558.590247][T19381] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4609) [5558.590429][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.590576][T19381] ? kasan_save_stack (mm/kasan/common.c:48) [5558.590819][T19381] ? __kasan_record_aux_stack (mm/kasan/generic.c:541) [5558.590966][T19381] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087) [5558.591155][T19381] ? __x64_sys_close (fs/open.c:1568 fs/open.c:1550 fs/open.c:1550) [5558.591311][T19381] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.591548][T19381] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [5558.591731][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.591881][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.592028][T19381] ? __lock_release (kernel/locking/lockdep.c:5501) [5558.592270][T19381] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) [5558.592386][T19381] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) [5558.592534][T19381] ? __pfx___sys_sendmsg (net/socket.c:2678) [5558.592681][T19381] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [5558.592930][T19381] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.593078][T19381] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 5558.593260][T19381] RIP: 0033:0x7f5f1c1187b7 [ 5558.593411][T19381] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 All code ======== 0: 0a 00 or (%rax),%al 2: f7 d8 neg %eax 4: 64 89 02 mov %eax,%fs:(%rdx) 7: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax e: eb b9 jmp 0xffffffffffffffc9 10: 0f 1f 00 nopl (%rax) 13: f3 0f 1e fa endbr64 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 10 jne 0x33 23: b8 2e 00 00 00 mov $0x2e,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 51 ja 0x83 32: c3 ret 33: 48 83 ec 28 sub $0x28,%rsp 37: 89 54 24 1c mov %edx,0x1c(%rsp) 3b: 48 89 74 24 10 mov %rsi,0x10(%rsp) Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 51 ja 0x59 8: c3 ret 9: 48 83 ec 28 sub $0x28,%rsp d: 89 54 24 1c mov %edx,0x1c(%rsp) 11: 48 89 74 24 10 mov %rsi,0x10(%rsp) [ 5558.594131][T19381] RSP: 002b:00007fff6c18d378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 5558.594449][T19381] RAX: ffffffffffffffda RBX: 00007fff6c18daa0 RCX: 00007f5f1c1187b7 [ 5558.594669][T19381] RDX: 0000000000000000 RSI: 00007fff6c18d3e0 RDI: 0000000000000005 [ 5558.594895][T19381] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 5558.595209][T19381] R10: 00007f5f1bfd6ef8 R11: 0000000000000246 R12: 0000000000000002 [ 5558.595430][T19381] R13: 000000006716af79 R14: 0000000000496600 R15: 0000000000000000 | [ 5558.597626][T19381] corrupt handle or use after stack_depot_put() | [5558.597655][T19381] WARNING: CPU: 1 PID: 19381 at lib/stackdepot.c:711 stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) | [ 5558.598115][T19381] Modules linked in: ip6t_REJECT ipt_REJECT nft_compat nf_tables libcrc32c | [ 5558.598732][T19381] Tainted: [W]=WARN [ 5558.598850][T19381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [5558.599174][T19381] RIP: 0010:stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [ 5558.599325][T19381] Code: 74 1a 48 8d 50 20 48 89 13 5b 8b 40 14 5d 41 5c c3 cc cc cc cc 31 c0 c3 cc cc cc cc 90 48 c7 c7 c0 e3 46 8f e8 22 a8 0c ff 90 <0f> 0b 90 90 eb bb 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 All code ======== 0: 74 1a je 0x1c 2: 48 8d 50 20 lea 0x20(%rax),%rdx 6: 48 89 13 mov %rdx,(%rbx) 9: 5b pop %rbx a: 8b 40 14 mov 0x14(%rax),%eax d: 5d pop %rbp e: 41 5c pop %r12 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: 31 c0 xor %eax,%eax 17: c3 ret 18: cc int3 19: cc int3 1a: cc int3 1b: cc int3 1c: 90 nop 1d: 48 c7 c7 c0 e3 46 8f mov $0xffffffff8f46e3c0,%rdi 24: e8 22 a8 0c ff call 0xffffffffff0ca84b 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: eb bb jmp 0xffffffffffffffeb 30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) 37: 00 00 00 00 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: eb bb jmp 0xffffffffffffffc1 6: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) d: 00 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 5558.599939][T19381] RSP: 0018:ffffc9000087ee00 EFLAGS: 00010086 [ 5558.600213][T19381] RAX: 0000000000000000 RBX: ffffc9000087ee20 RCX: 1ffffffff1efdc3c [ 5558.600429][T19381] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 5558.600645][T19381] RBP: 000000006b6b6b6b R08: 0000000000000000 R09: fffffbfff1efdc3c [ 5558.600957][T19381] R10: 0000000000000003 R11: 6361747320726574 R12: 0000000000000000 [ 5558.601185][T19381] R13: ffffffff8dcc6f07 R14: 0000000000000008 R15: ffff888009a045c0 [ 5558.601401][T19381] FS: 00007f5f1bf0c800(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 5558.601751][T19381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5558.601933][T19381] CR2: 00000000004e3868 CR3: 00000000059e2003 CR4: 0000000000772ef0 [ 5558.602151][T19381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5558.602473][T19381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5558.602689][T19381] PKRU: 55555554 [ 5558.602809][T19381] Call Trace: [ 5558.602926][T19381] [5558.603007][T19381] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [5558.603156][T19381] ? __warn (kernel/panic.c:748) [5558.603267][T19381] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [5558.603412][T19381] ? report_bug (lib/bug.c:201 lib/bug.c:219) [5558.603559][T19381] ? handle_bug (arch/x86/kernel/traps.c:285) [5558.603767][T19381] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1)) [5558.603913][T19381] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) [5558.604057][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.604204][T19381] ? stack_depot_fetch (lib/stackdepot.c:711 lib/stackdepot.c:691) [5558.604445][T19381] stack_depot_print (lib/stackdepot.c:745) [5558.604591][T19381] print_address_description.constprop.0 (mm/kasan/report.c:343 mm/kasan/report.c:352 mm/kasan/report.c:381) [5558.604773][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.604919][T19381] print_report (mm/kasan/report.c:489) [5558.605247][T19381] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [5558.605394][T19381] kasan_report (mm/kasan/report.c:603) [5558.605506][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.605652][T19381] neigh_flush_dev.isra.0 (./include/linux/list.h:990 ./include/linux/rculist.h:516 net/core/neighbour.c:385) [5558.605797][T19381] ? lock_acquire (kernel/locking/lockdep.c:5798) [5558.606033][T19381] __neigh_ifdown.isra.0 (net/core/neighbour.c:826 net/core/neighbour.c:426) [5558.606177][T19381] ? fib_flush (net/ipv4/fib_frontend.c:195 (discriminator 11)) [5558.606289][T19381] neigh_ifdown (net/core/neighbour.c:445) [5558.606400][T19381] fib_netdev_event (net/ipv4/fib_frontend.c:1521) [5558.606637][T19381] notifier_call_chain (kernel/notifier.c:93 (discriminator 2)) [5558.606785][T19381] __netdev_upper_dev_unlink (net/core/dev.c:7704 (discriminator 11) net/core/dev.c:8156 (discriminator 11)) [5558.606930][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.607040][T19381] ? __pfx___netdev_upper_dev_unlink (net/core/dev.c:8135) [5558.607225][T19381] netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.607468][T19381] ? __pfx_netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.607649][T19381] ? mutex_is_locked (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:81 kernel/locking/mutex.c:91) [5558.607796][T19381] vrf_del_slave (drivers/net/vrf.c:1131 drivers/net/vrf.c:1140) [5558.607942][T19381] do_set_master (net/core/rtnetlink.c:2762) [5558.608088][T19381] do_setlink (net/core/rtnetlink.c:2982) [5558.608234][T19381] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [5558.608379][T19381] ? __pfx_do_setlink (net/core/rtnetlink.c:2853) [5558.608524][T19381] ? is_bpf_text_address (kernel/bpf/core.c:772) [5558.608761][T19381] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [5558.608907][T19381] ? __kernel_text_address (kernel/extable.c:79) [5558.609055][T19381] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) [5558.609200][T19381] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [5558.609475][T19381] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [5558.609623][T19381] ? stack_trace_save (kernel/stacktrace.c:123) [5558.609773][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.609919][T19381] ? __pfx_validate_nla (lib/nlattr.c:396) [5558.610064][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.610176][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.610323][T19381] ? __nla_validate_parse (lib/nlattr.c:638) [5558.610473][T19381] __rtnl_newlink (net/core/rtnetlink.c:3771) [5558.610620][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.610857][T19381] ? __pfx___rtnl_newlink (net/core/rtnetlink.c:3632) [5558.611003][T19381] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [5558.611188][T19381] ? __create_object (mm/kmemleak.c:766) [5558.611334][T19381] ? trace_kmalloc (./include/trace/events/kmem.h:54 (discriminator 52)) [5558.611571][T19381] rtnl_newlink (net/core/rtnetlink.c:3819) [5558.611682][T19381] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) [5558.611831][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.611976][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.612211][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.612330][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.612476][T19381] netlink_rcv_skb (net/netlink/af_netlink.c:2551) [5558.612621][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.612768][T19381] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) [5558.613007][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) [5558.613158][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) [5558.613304][T19381] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) [5558.613450][T19381] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) [5558.613686][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.613833][T19381] netlink_sendmsg (net/netlink/af_netlink.c:1901) [5558.613978][T19381] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) [5558.614123][T19381] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [5558.614367][T19381] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) [5558.614519][T19381] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) [5558.614665][T19381] ? __pfx_____sys_sendmsg (net/socket.c:2553) [5558.614810][T19381] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) [5558.614994][T19381] ___sys_sendmsg (net/socket.c:2663) [5558.615139][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.615285][T19381] ? __pfx____sys_sendmsg (net/socket.c:2650) [5558.615430][T19381] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [5558.615666][T19381] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4609) [5558.615849][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.615994][T19381] ? kasan_save_stack (mm/kasan/common.c:48) [5558.616140][T19381] ? __kasan_record_aux_stack (mm/kasan/generic.c:541) [5558.616385][T19381] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087) [5558.616565][T19381] ? __x64_sys_close (fs/open.c:1568 fs/open.c:1550 fs/open.c:1550) [5558.616710][T19381] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.616856][T19381] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [5558.617038][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.617189][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.617335][T19381] ? __lock_release (kernel/locking/lockdep.c:5501) [5558.617480][T19381] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) [5558.617592][T19381] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) [5558.617828][T19381] ? __pfx___sys_sendmsg (net/socket.c:2678) [5558.617973][T19381] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [5558.618124][T19381] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.618270][T19381] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 5558.618542][T19381] RIP: 0033:0x7f5f1c1187b7 [ 5558.618691][T19381] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 All code ======== 0: 0a 00 or (%rax),%al 2: f7 d8 neg %eax 4: 64 89 02 mov %eax,%fs:(%rdx) 7: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax e: eb b9 jmp 0xffffffffffffffc9 10: 0f 1f 00 nopl (%rax) 13: f3 0f 1e fa endbr64 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 10 jne 0x33 23: b8 2e 00 00 00 mov $0x2e,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 51 ja 0x83 32: c3 ret 33: 48 83 ec 28 sub $0x28,%rsp 37: 89 54 24 1c mov %edx,0x1c(%rsp) 3b: 48 89 74 24 10 mov %rsi,0x10(%rsp) Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 51 ja 0x59 8: c3 ret 9: 48 83 ec 28 sub $0x28,%rsp d: 89 54 24 1c mov %edx,0x1c(%rsp) 11: 48 89 74 24 10 mov %rsi,0x10(%rsp) [ 5558.619296][T19381] RSP: 002b:00007fff6c18d378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 5558.619513][T19381] RAX: ffffffffffffffda RBX: 00007fff6c18daa0 RCX: 00007f5f1c1187b7 [ 5558.619733][T19381] RDX: 0000000000000000 RSI: 00007fff6c18d3e0 RDI: 0000000000000005 [ 5558.620040][T19381] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 5558.620254][T19381] R10: 00007f5f1bfd6ef8 R11: 0000000000000246 R12: 0000000000000002 [ 5558.620561][T19381] R13: 000000006716af79 R14: 0000000000496600 R15: 0000000000000000 | [ 5558.630344][T19381] Disabling lock debugging due to kernel taint | [ 5558.630697][T19381] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d6d: 0000 [#1] PREEMPT SMP KASAN NOPTI | [ 5558.631033][T19381] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6b68-0x6b6b6b6b6b6b6b6f] | [ 5558.631595][T19381] Tainted: [B]=BAD_PAGE, [W]=WARN [ 5558.631730][T19381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [5558.632120][T19381] RIP: 0010:neigh_flush_dev.isra.0 (./include/linux/list.h:988 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [ 5558.632294][T19381] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d All code ======== 0: 0f 85 ef 04 00 00 jne 0x4f5 6: 49 8d 7f 08 lea 0x8(%r15),%rdi a: 49 8b 1f mov (%r15),%rbx d: 48 89 f8 mov %rdi,%rax 10: 48 c1 e8 03 shr $0x3,%rax 14: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 19: 0f 85 cc 04 00 00 jne 0x4eb 1f: 49 8b 6f 08 mov 0x8(%r15),%rbp 23: 48 89 e8 mov %rbp,%rax 26: 48 c1 e8 03 shr $0x3,%rax 2a:* 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction 2f: 0f 85 19 05 00 00 jne 0x54e 35: 48 89 5d 00 mov %rbx,0x0(%rbp) 39: 48 85 db test %rbx,%rbx 3c: 74 1a je 0x58 3e: 48 rex.W 3f: 8d .byte 0x8d Code starting with the faulting instruction =========================================== 0: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 5: 0f 85 19 05 00 00 jne 0x524 b: 48 89 5d 00 mov %rbx,0x0(%rbp) f: 48 85 db test %rbx,%rbx 12: 74 1a je 0x2e 14: 48 rex.W 15: 8d .byte 0x8d [ 5558.632857][T19381] RSP: 0018:ffffc9000087ef60 EFLAGS: 00010202 [ 5558.633030][T19381] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff8dcc6ef0 [ 5558.633319][T19381] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880026e1008 [ 5558.633524][T19381] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000 [ 5558.633725][T19381] R10: ffffffff903e8a8f R11: ffffffff8e800130 R12: ffff8880026e113c [ 5558.634013][T19381] R13: dffffc0000000000 R14: ffff88800a50a000 R15: ffff8880026e1000 [ 5558.634214][T19381] FS: 00007f5f1bf0c800(0000) GS:ffff888036080000(0000) knlGS:0000000000000000 [ 5558.634534][T19381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5558.634705][T19381] CR2: 00000000004e3868 CR3: 00000000059e2003 CR4: 0000000000772ef0 [ 5558.634908][T19381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5558.635191][T19381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5558.635396][T19381] PKRU: 55555554 [ 5558.635502][T19381] Call Trace: [ 5558.635609][T19381] [5558.635678][T19381] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [5558.635873][T19381] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) [5558.636011][T19381] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) [5558.636147][T19381] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [5558.636314][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:986 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [5558.636531][T19381] ? neigh_flush_dev.isra.0 (./include/linux/list.h:988 ./include/linux/rculist.h:516 net/core/neighbour.c:384) [5558.636670][T19381] ? lock_acquire (kernel/locking/lockdep.c:5798) [5558.636806][T19381] __neigh_ifdown.isra.0 (net/core/neighbour.c:826 net/core/neighbour.c:426) [5558.636941][T19381] ? fib_flush (net/ipv4/fib_frontend.c:195 (discriminator 11)) [5558.637044][T19381] neigh_ifdown (net/core/neighbour.c:445) [5558.637226][T19381] fib_netdev_event (net/ipv4/fib_frontend.c:1521) [5558.637363][T19381] notifier_call_chain (kernel/notifier.c:93 (discriminator 2)) [5558.637499][T19381] __netdev_upper_dev_unlink (net/core/dev.c:7704 (discriminator 11) net/core/dev.c:8156 (discriminator 11)) [5558.637634][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.637736][T19381] ? __pfx___netdev_upper_dev_unlink (net/core/dev.c:8135) [5558.638069][T19381] netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.638204][T19381] ? __pfx_netdev_upper_dev_unlink (net/core/dev.c:8174) [5558.638371][T19381] ? mutex_is_locked (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:81 kernel/locking/mutex.c:91) [5558.638588][T19381] vrf_del_slave (drivers/net/vrf.c:1131 drivers/net/vrf.c:1140) [5558.638724][T19381] do_set_master (net/core/rtnetlink.c:2762) [5558.638858][T19381] do_setlink (net/core/rtnetlink.c:2982) [5558.638993][T19381] ? is_bpf_text_address (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 kernel/bpf/core.c:769) [5558.639129][T19381] ? __pfx_do_setlink (net/core/rtnetlink.c:2853) [5558.639348][T19381] ? is_bpf_text_address (kernel/bpf/core.c:772) [5558.639482][T19381] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) [5558.639623][T19381] ? __kernel_text_address (kernel/extable.c:79) [5558.639758][T19381] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) [5558.639973][T19381] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) [5558.640140][T19381] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) [5558.640278][T19381] ? stack_trace_save (kernel/stacktrace.c:123) [5558.640415][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.640632][T19381] ? __pfx_validate_nla (lib/nlattr.c:396) [5558.640770][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.640873][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.641009][T19381] ? __nla_validate_parse (lib/nlattr.c:638) [5558.641239][T19381] __rtnl_newlink (net/core/rtnetlink.c:3771) [5558.641374][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.641509][T19381] ? __pfx___rtnl_newlink (net/core/rtnetlink.c:3632) [5558.641644][T19381] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) [5558.641895][T19381] ? __create_object (mm/kmemleak.c:766) [5558.642031][T19381] ? trace_kmalloc (./include/trace/events/kmem.h:54 (discriminator 52)) [5558.642166][T19381] rtnl_newlink (net/core/rtnetlink.c:3819) [5558.642268][T19381] rtnetlink_rcv_msg (net/core/rtnetlink.c:6721) [5558.642403][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.642619][T19381] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [5558.642753][T19381] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [5558.642856][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.642995][T19381] netlink_rcv_skb (net/netlink/af_netlink.c:2551) [5558.643211][T19381] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6615) [5558.643346][T19381] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2528) [5558.643484][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340) [5558.643619][T19381] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333) [5558.643754][T19381] netlink_unicast (net/netlink/af_netlink.c:1331 net/netlink/af_netlink.c:1357) [5558.643972][T19381] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1342) [5558.644106][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.644246][T19381] netlink_sendmsg (net/netlink/af_netlink.c:1901) [5558.644381][T19381] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1820) [5558.644595][T19381] ? __might_fault (mm/memory.c:6700 mm/memory.c:6693) [5558.644731][T19381] ? __import_iovec (lib/iov_iter.c:1433 lib/iov_iter.c:1449) [5558.644868][T19381] ____sys_sendmsg (net/socket.c:729 net/socket.c:744 net/socket.c:2607) [5558.645002][T19381] ? __pfx_____sys_sendmsg (net/socket.c:2553) [5558.645216][T19381] ? __pfx_copy_msghdr_from_user (net/socket.c:2533) [5558.645387][T19381] ___sys_sendmsg (net/socket.c:2663) [5558.645524][T19381] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) [5558.645659][T19381] ? __pfx____sys_sendmsg (net/socket.c:2650) [5558.645876][T19381] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860) [5558.646011][T19381] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4609) [5558.646178][T19381] ? kasan_save_stack (mm/kasan/common.c:49) [5558.646313][T19381] ? kasan_save_stack (mm/kasan/common.c:48) [5558.646529][T19381] ? __kasan_record_aux_stack (mm/kasan/generic.c:541) [5558.646662][T19381] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087) [5558.646833][T19381] ? __x64_sys_close (fs/open.c:1568 fs/open.c:1550 fs/open.c:1550) [5558.646969][T19381] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.647186][T19381] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [5558.647351][T19381] ? __lock_acquire (kernel/locking/lockdep.c:5202) [5558.647488][T19381] ? find_held_lock (kernel/locking/lockdep.c:5315) [5558.647624][T19381] ? __lock_release (kernel/locking/lockdep.c:5501) [5558.647844][T19381] ? fdget (./include/linux/atomic/atomic-arch-fallback.h:479 ./include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1114 fs/file.c:1128) [5558.647948][T19381] __sys_sendmsg (./include/linux/file.h:35 net/socket.c:2692) [5558.648083][T19381] ? __pfx___sys_sendmsg (net/socket.c:2678) [5558.648221][T19381] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2053 arch/x86/mm/physaddr.c:65) [5558.648362][T19381] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [5558.648661][T19381] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 5558.648827][T19381] RIP: 0033:0x7f5f1c1187b7 [ 5558.648971][T19381] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 All code ======== 0: 0a 00 or (%rax),%al 2: f7 d8 neg %eax 4: 64 89 02 mov %eax,%fs:(%rdx) 7: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax e: eb b9 jmp 0xffffffffffffffc9 10: 0f 1f 00 nopl (%rax) 13: f3 0f 1e fa endbr64 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 10 jne 0x33 23: b8 2e 00 00 00 mov $0x2e,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 51 ja 0x83 32: c3 ret 33: 48 83 ec 28 sub $0x28,%rsp 37: 89 54 24 1c mov %edx,0x1c(%rsp) 3b: 48 89 74 24 10 mov %rsi,0x10(%rsp) Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 51 ja 0x59 8: c3 ret 9: 48 83 ec 28 sub $0x28,%rsp d: 89 54 24 1c mov %edx,0x1c(%rsp) 11: 48 89 74 24 10 mov %rsi,0x10(%rsp) [ 5558.649537][T19381] RSP: 002b:00007fff6c18d378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 5558.649742][T19381] RAX: ffffffffffffffda RBX: 00007fff6c18daa0 RCX: 00007f5f1c1187b7 [ 5558.650026][T19381] RDX: 0000000000000000 RSI: 00007fff6c18d3e0 RDI: 0000000000000005 [ 5558.650228][T19381] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 5558.650429][T19381] R10: 00007f5f1bfd6ef8 R11: 0000000000000246 R12: 0000000000000002 Finger prints: neigh_ifdown:fib_netdev_event:notifier_call_chain:__netdev_upper_dev_unlink:netdev_upper_dev_unlink stack_depot_fetch:stack_depot_print:print_report:kasan_report:neigh_ifdown print_report:kasan_report:neigh_ifdown:fib_netdev_event:notifier_call_chain depot_fetch_stack:stack_depot_fetch:stack_depot_print:print_report:kasan_report