====================================== | [ 11.549668] ------------[ cut here ]------------ | [ 11.550288] DEBUG_LOCKS_WARN_ON(lock->magic != lock) | [ 11.550301] WARNING: CPU: 1 PID: 11 at kernel/locking/mutex.c:587 __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:752) | [ 11.551885] Modules linked in: act_csum libcrc32c act_pedit cls_flower sch_prio [ 11.553527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 11.554642] Workqueue: netns cleanup_net [ 11.555078] RIP: 0010:__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:752) [ 11.555570] Code: ff 90 e8 a2 e7 70 ff 85 c0 74 23 8b 35 9c 8e db 00 85 f6 75 19 90 48 c7 c6 97 37 4a b1 48 c7 c7 3a ac 49 b1 e8 00 04 26 ff 90 <0f> 0b 90 90 90 e9 03 fd ff ff 4c 8d 6d a0 4c 89 e7 4c 89 ee e8 d6 All code ======== 0: ff 90 e8 a2 e7 70 call *0x70e7a2e8(%rax) 6: ff 85 c0 74 23 8b incl -0x74dc8b40(%rbp) c: 35 9c 8e db 00 xor $0xdb8e9c,%eax 11: 85 f6 test %esi,%esi 13: 75 19 jne 0x2e 15: 90 nop 16: 48 c7 c6 97 37 4a b1 mov $0xffffffffb14a3797,%rsi 1d: 48 c7 c7 3a ac 49 b1 mov $0xffffffffb149ac3a,%rdi 24: e8 00 04 26 ff call 0xffffffffff260429 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: 90 nop 2e: 90 nop 2f: e9 03 fd ff ff jmp 0xfffffffffffffd37 34: 4c 8d 6d a0 lea -0x60(%rbp),%r13 38: 4c 89 e7 mov %r12,%rdi 3b: 4c 89 ee mov %r13,%rsi 3e: e8 .byte 0xe8 3f: d6 (bad) Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: 90 nop 4: 90 nop 5: e9 03 fd ff ff jmp 0xfffffffffffffd0d a: 4c 8d 6d a0 lea -0x60(%rbp),%r13 e: 4c 89 e7 mov %r12,%rdi 11: 4c 89 ee mov %r13,%rsi 14: e8 .byte 0xe8 15: d6 (bad) [ 11.557417] RSP: 0018:ffffb48e00063a10 EFLAGS: 00010286 [ 11.557723] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffdfff [ 11.558122] RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000001 [ 11.558496] RBP: ffffb48e00063a90 R08: ffffffffb1978508 R09: 00000000ffffdfff [ 11.558872] R10: ffffffffb1898520 R11: ffffffffb194ab18 R12: ffffa0abc1c41800 [ 11.559253] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa0abc4e51000 [ 11.559622] FS: 0000000000000000(0000) GS:ffffa0abfec80000(0000) knlGS:0000000000000000 [ 11.560045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.560346] CR2: 00007f476a034000 CR3: 000000000be60006 CR4: 0000000000770ef0 [ 11.560717] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.561092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.561460] PKRU: 55555554 [ 11.561607] Call Trace: [ 11.561748] [ 11.561868] ? __warn (kernel/panic.c:677) [ 11.562046] ? __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:752) [ 11.562251] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 11.562449] ? handle_bug (arch/x86/kernel/traps.c:238) [ 11.562638] ? exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1)) [ 11.562847] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568) [ 11.563073] ? __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:752) [ 11.563280] ? refcount_dec_and_mutex_lock (./arch/x86/include/asm/atomic.h:103 ./include/linux/atomic/atomic-arch-fallback.h:949 ./include/linux/atomic/atomic-instrumented.h:401 ./include/linux/refcount.h:261 ./include/linux/refcount.h:304 ./include/linux/refcount.h:322 lib/refcount.c:119 lib/refcount.c:113) [ 11.563544] ? up_read (kernel/locking/rwsem.c:1622) [ 11.563719] ? tc_setup_cb_destroy (net/sched/cls_api.c:3715) [ 11.563968] ? refcount_dec_and_mutex_lock (./arch/x86/include/asm/atomic.h:103 ./include/linux/atomic/atomic-arch-fallback.h:949 ./include/linux/atomic/atomic-instrumented.h:401 ./include/linux/refcount.h:261 ./include/linux/refcount.h:304 ./include/linux/refcount.h:322 lib/refcount.c:119 lib/refcount.c:113) [ 11.564231] refcount_dec_and_mutex_lock (./arch/x86/include/asm/atomic.h:103 ./include/linux/atomic/atomic-arch-fallback.h:949 ./include/linux/atomic/atomic-instrumented.h:401 ./include/linux/refcount.h:261 ./include/linux/refcount.h:304 ./include/linux/refcount.h:322 lib/refcount.c:119 lib/refcount.c:113) [ 11.564487] __tcf_action_put (net/sched/act_api.c:377) [ 11.564700] tcf_action_destroy (net/sched/act_api.c:413 net/sched/act_api.c:393 net/sched/act_api.c:1175) [ 11.564923] tcf_exts_destroy (net/sched/cls_api.c:3312) [ 11.565139] __fl_destroy_filter (./include/net/pkt_cls.h:261 net/sched/cls_flower.c:425) cls_flower [ 11.565418] __fl_delete (net/sched/cls_flower.c:574) cls_flower [ 11.565669] fl_destroy (net/sched/cls_flower.c:599) cls_flower [ 11.565918] tcf_proto_destroy (net/sched/cls_api.c:418) [ 11.566127] tcf_chain_flush (net/sched/cls_api.c:737) [ 11.566331] __tcf_block_put (net/sched/cls_api.c:1070 net/sched/cls_api.c:1141 net/sched/cls_api.c:1305) [ 11.566537] tcf_block_put (net/sched/cls_api.c:1543) [ 11.566730] prio_destroy (net/sched/sch_prio.c:171) sch_prio [ 11.566974] __qdisc_destroy (net/sched/sch_generic.c:1067) [ 11.567180] dev_shutdown (net/sched/sch_generic.c:1483 (discriminator 9)) [ 11.567381] unregister_netdevice_many_notify (./include/net/tcx.h:168 net/core/dev.c:11084) [ 11.567661] default_device_exit_batch (net/core/dev.c:11629) [ 11.567919] cleanup_net (net/core/net_namespace.c:636 (discriminator 3)) [ 11.568112] ? process_one_work (kernel/workqueue.c:2606) [ 11.568334] process_one_work (kernel/workqueue.c:2633) [ 11.568547] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787) [ 11.568750] ? __pfx_worker_thread (kernel/workqueue.c:2733) [ 11.568979] kthread (kernel/kthread.c:388) [ 11.569148] ? __pfx_kthread (kernel/kthread.c:341) [ 11.569348] ret_from_fork (arch/x86/kernel/process.c:147) [ 11.569541] ? __pfx_kthread (kernel/kthread.c:341) [ 11.569744] ret_from_fork_asm (arch/x86/entry/entry_64.S:250) | [ 11.572058] ---[ end trace 0000000000000000 ]--- | [ 11.591298] ------------[ cut here ]------------ | [ 11.591564] WARNING: CPU: 0 PID: 1077 at mm/mmap.c:2327 __split_vma (mm/mmap.c:2327 (discriminator 1)) | [ 11.591953] Modules linked in: act_csum libcrc32c act_pedit cls_flower sch_prio [ 11.592747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 11.593329] RIP: 0010:__split_vma (mm/mmap.c:2327 (discriminator 1)) [ 11.593561] Code: 08 49 c1 ec 0c 4c 01 a3 80 00 00 00 48 8b 53 10 e8 c9 f8 ff ff 48 c7 c6 ff ff ff ff 4c 89 ef e8 0a 5c ae 00 e9 87 fe ff ff 90 <0f> 0b 90 e9 be fd ff ff 90 0f 0b 90 e9 ab fd ff ff 48 8b bd a0 00 All code ======== 0: 08 49 c1 or %cl,-0x3f(%rcx) 3: ec in (%dx),%al 4: 0c 4c or $0x4c,%al 6: 01 a3 80 00 00 00 add %esp,0x80(%rbx) c: 48 8b 53 10 mov 0x10(%rbx),%rdx 10: e8 c9 f8 ff ff call 0xfffffffffffff8de 15: 48 c7 c6 ff ff ff ff mov $0xffffffffffffffff,%rsi 1c: 4c 89 ef mov %r13,%rdi 1f: e8 0a 5c ae 00 call 0xae5c2e 24: e9 87 fe ff ff jmp 0xfffffffffffffeb0 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: e9 be fd ff ff jmp 0xfffffffffffffdf0 32: 90 nop 33: 0f 0b ud2 35: 90 nop 36: e9 ab fd ff ff jmp 0xfffffffffffffde6 3b: 48 rex.W 3c: 8b .byte 0x8b 3d: bd .byte 0xbd 3e: a0 .byte 0xa0 ... Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: e9 be fd ff ff jmp 0xfffffffffffffdc6 8: 90 nop 9: 0f 0b ud2 b: 90 nop c: e9 ab fd ff ff jmp 0xfffffffffffffdbc 11: 48 rex.W 12: 8b .byte 0x8b 13: bd .byte 0xbd 14: a0 .byte 0xa0 ... [ 11.594515] RSP: 0018:ffffb48e00717cc8 EFLAGS: 00010287 [ 11.594795] RAX: 0000000000000000 RBX: ffffa0abc26a2f18 RCX: 0000000000000001 [ 11.595160] RDX: 00007ff2ba5ab000 RSI: ffffa0abc26a2f18 RDI: ffffb48e00717e28 [ 11.595531] RBP: ffffb48e00717e28 R08: 0000000000000001 R09: 0000000000000000 [ 11.595902] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ff2ba5ab000 [ 11.596268] R13: ffffb48e00717e28 R14: 0000000000000075 R15: 0000000000000001 [ 11.596636] FS: 00007ff2ba2d8c40(0000) GS:ffffa0abfec00000(0000) knlGS:0000000000000000 [ 11.597053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.597352] CR2: 00007ff2ba4ed0d0 CR3: 00000000038f4005 CR4: 0000000000770ef0 [ 11.597719] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.598091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.598456] PKRU: 55555554 [ 11.598602] Call Trace: [ 11.598739] [ 11.598858] ? __warn (kernel/panic.c:677) [ 11.599034] ? __split_vma (mm/mmap.c:2327 (discriminator 1)) [ 11.599234] ? report_bug (lib/bug.c:201 lib/bug.c:219) [ 11.599430] ? handle_bug (arch/x86/kernel/traps.c:238) [ 11.599619] ? exc_invalid_op (arch/x86/kernel/traps.c:259 (discriminator 1)) [ 11.599826] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568) [ 11.600050] ? __split_vma (mm/mmap.c:2327 (discriminator 1)) [ 11.600252] vma_modify (mm/mmap.c:2444) [ 11.600429] mprotect_fixup (mm/mprotect.c:636) [ 11.600631] ? mas_prev_slot (lib/maple_tree.c:788 lib/maple_tree.c:821 lib/maple_tree.c:4456) [ 11.600844] do_mprotect_pkey (mm/mprotect.c:810) [ 11.601058] __x64_sys_mprotect (mm/mprotect.c:830 mm/mprotect.c:827 mm/mprotect.c:827) [ 11.601272] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 11.601467] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) [ 11.601732] RIP: 0033:0x7ff2ba5feefb [ 11.601929] Code: 73 01 c3 48 8d 0d 05 33 03 00 f7 d8 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d d5 32 03 00 f7 d8 89 01 48 83 All code ======== 0: 73 01 jae 0x3 2: c3 ret 3: 48 8d 0d 05 33 03 00 lea 0x33305(%rip),%rcx # 0x3330f a: f7 d8 neg %eax c: 89 01 mov %eax,(%rcx) e: 48 83 c8 ff or $0xffffffffffffffff,%rax 12: c3 ret 13: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1a: 00 00 00 1d: 66 90 xchg %ax,%ax 1f: f3 0f 1e fa endbr64 23: b8 0a 00 00 00 mov $0xa,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8d 0d d5 32 03 00 lea 0x332d5(%rip),%rcx # 0x3330f 3a: f7 d8 neg %eax 3c: 89 01 mov %eax,(%rcx) 3e: 48 rex.W 3f: 83 .byte 0x83 Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8d 0d d5 32 03 00 lea 0x332d5(%rip),%rcx # 0x332e5 10: f7 d8 neg %eax 12: 89 01 mov %eax,(%rcx) 14: 48 rex.W 15: 83 .byte 0x83 [ 11.602878] RSP: 002b:00007ffcaebca8a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 11.603267] RAX: ffffffffffffffda RBX: 00007ff2ba5fb340 RCX: 00007ff2ba5feefb [ 11.603633] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007ff2ba5ab000 [ 11.604012] RBP: 00007ffcaebca9c0 R08: 0000000000000000 R09: 00007ff2ba3d1c10 [ 11.604380] R10: 00007ff2ba5a6000 R11: 0000000000000206 R12: 0000000000000000 [ 11.604752] R13: 00007ff2ba5a6848 R14: 00007ff2ba5fb340 R15: 00007ff2ba5fb340 | [ 11.607769] kernel BUG at mm/mprotect.c:494! | [ 11.608034] #PF: error_code(0x0000) - not-present page | [ 11.608531] PGD 0 P4D 0 | [ 11.608673] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 11.609346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 11.609932] Workqueue: netns cleanup_net [ 11.610142] RIP: 0010:__mutex_unlock_slowpath (kernel/locking/mutex.c:945) [ 11.610422] Code: ff ff 4c 8d 65 08 4c 89 e7 e8 f0 78 00 00 48 89 ef e8 e8 bd 2d ff 48 8b 55 50 48 8d 45 50 48 39 c2 74 71 48 8b 75 50 48 89 ef <4c> 8b 6e 10 e8 9b ba 2d ff 48 89 e7 4c 89 ee 4d 89 ee e8 5d d9 2a All code ======== 0: ff (bad) 1: ff 4c 8d 65 decl 0x65(%rbp,%rcx,4) 5: 08 4c 89 e7 or %cl,-0x19(%rcx,%rcx,4) 9: e8 f0 78 00 00 call 0x78fe e: 48 89 ef mov %rbp,%rdi 11: e8 e8 bd 2d ff call 0xffffffffff2dbdfe 16: 48 8b 55 50 mov 0x50(%rbp),%rdx 1a: 48 8d 45 50 lea 0x50(%rbp),%rax 1e: 48 39 c2 cmp %rax,%rdx 21: 74 71 je 0x94 23: 48 8b 75 50 mov 0x50(%rbp),%rsi 27: 48 89 ef mov %rbp,%rdi 2a:* 4c 8b 6e 10 mov 0x10(%rsi),%r13 <-- trapping instruction 2e: e8 9b ba 2d ff call 0xffffffffff2dbace 33: 48 89 e7 mov %rsp,%rdi 36: 4c 89 ee mov %r13,%rsi 39: 4d 89 ee mov %r13,%r14 3c: e8 .byte 0xe8 3d: 5d pop %rbp 3e: d9 2a fldcw (%rdx) Code starting with the faulting instruction =========================================== 0: 4c 8b 6e 10 mov 0x10(%rsi),%r13 4: e8 9b ba 2d ff call 0xffffffffff2dbaa4 9: 48 89 e7 mov %rsp,%rdi c: 4c 89 ee mov %r13,%rsi f: 4d 89 ee mov %r13,%r14 12: e8 .byte 0xe8 13: 5d pop %rbp 14: d9 2a fldcw (%rdx) [ 11.611369] RSP: 0018:ffffb48e00063a80 EFLAGS: 00010207 [ 11.611639] RAX: ffffa0abc1c41850 RBX: ffffa0abc2afeb0e RCX: 0000000000000000 [ 11.612009] RDX: 00007ff2ba5c7fff RSI: 00007ff2ba5c7fff RDI: ffffa0abc1c41800 [ 11.612372] RBP: ffffa0abc1c41800 R08: 0000000000000000 R09: 0000000000000000 [ 11.612742] R10: 0000000000000000 R11: ffffb48e00063aa0 R12: ffffa0abc1c41808 [ 11.613110] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa0abc4e51000 [ 11.613475] FS: 0000000000000000(0000) GS:ffffa0abfed80000(0000) knlGS:0000000000000000 [ 11.613896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.614212] CR2: 00007ff2ba5c800f CR3: 000000000be60005 CR4: 0000000000770ef0 [ 11.614578] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.614948] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.615314] PKRU: 55555554 [ 11.615459] Call Trace: [ 11.615593] [ 11.615709] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 11.615883] ? page_fault_oops (arch/x86/mm/fault.c:707) [ 11.616099] ? trace_hardirqs_off_finish (./include/trace/events/preemptirq.h:36 kernel/trace/trace_preemptirq.c:78 kernel/trace/trace_preemptirq.c:73) [ 11.616351] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:127 arch/x86/mm/fault.c:1515 arch/x86/mm/fault.c:1563) [ 11.616559] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570) [ 11.616784] ? __mutex_unlock_slowpath (kernel/locking/mutex.c:945) [ 11.617036] __tcf_action_put (net/sched/act_api.c:383) [ 11.617240] tcf_action_destroy (net/sched/act_api.c:413 net/sched/act_api.c:393 net/sched/act_api.c:1175) [ 11.617450] tcf_exts_destroy (net/sched/cls_api.c:3312) [ 11.617654] __fl_destroy_filter (./include/net/pkt_cls.h:261 net/sched/cls_flower.c:425) cls_flower [ 11.617935] __fl_delete (net/sched/cls_flower.c:574) cls_flower [ 11.618184] fl_destroy (net/sched/cls_flower.c:599) cls_flower [ 11.618424] tcf_proto_destroy (net/sched/cls_api.c:418) [ 11.618632] tcf_chain_flush (net/sched/cls_api.c:737) [ 11.618842] __tcf_block_put (net/sched/cls_api.c:1070 net/sched/cls_api.c:1141 net/sched/cls_api.c:1305) [ 11.619045] tcf_block_put (net/sched/cls_api.c:1543) [ 11.619235] prio_destroy (net/sched/sch_prio.c:171) sch_prio [ 11.619472] __qdisc_destroy (net/sched/sch_generic.c:1067) [ 11.619675] dev_shutdown (net/sched/sch_generic.c:1483 (discriminator 9)) [ 11.619872] unregister_netdevice_many_notify (./include/net/tcx.h:168 net/core/dev.c:11084) [ 11.620152] default_device_exit_batch (net/core/dev.c:11629) [ 11.620402] cleanup_net (net/core/net_namespace.c:636 (discriminator 3)) [ 11.620592] ? process_one_work (kernel/workqueue.c:2606) [ 11.620819] process_one_work (kernel/workqueue.c:2633) [ 11.621029] worker_thread (kernel/workqueue.c:2700 kernel/workqueue.c:2787) [ 11.621227] ? __pfx_worker_thread (kernel/workqueue.c:2733) [ 11.621453] kthread (kernel/kthread.c:388) [ 11.621622] ? __pfx_kthread (kernel/kthread.c:341) [ 11.621826] ret_from_fork (arch/x86/kernel/process.c:147) [ 11.622018] ? __pfx_kthread (kernel/kthread.c:341) [ 11.622215] ret_from_fork_asm (arch/x86/entry/entry_64.S:250) | [ 11.623102] ---[ end trace 0000000000000000 ]--- | [ 11.623103] invalid opcode: 0000 [#2] PREEMPT SMP NOPTI | [ 11.623341] RIP: 0010:__mutex_unlock_slowpath (kernel/locking/mutex.c:945) | [ 11.623896] Code: ff ff 4c 8d 65 08 4c 89 e7 e8 f0 78 00 00 48 89 ef e8 e8 bd 2d ff 48 8b 55 50 48 8d 45 50 48 39 c2 74 71 48 8b 75 50 48 89 ef <4c> 8b 6e 10 e8 9b ba 2d ff 48 89 e7 4c 89 ee 4d 89 ee e8 5d d9 2a All code ======== 0: ff (bad) 1: ff 4c 8d 65 decl 0x65(%rbp,%rcx,4) 5: 08 4c 89 e7 or %cl,-0x19(%rcx,%rcx,4) 9: e8 f0 78 00 00 call 0x78fe e: 48 89 ef mov %rbp,%rdi 11: e8 e8 bd 2d ff call 0xffffffffff2dbdfe 16: 48 8b 55 50 mov 0x50(%rbp),%rdx 1a: 48 8d 45 50 lea 0x50(%rbp),%rax 1e: 48 39 c2 cmp %rax,%rdx 21: 74 71 je 0x94 23: 48 8b 75 50 mov 0x50(%rbp),%rsi 27: 48 89 ef mov %rbp,%rdi 2a:* 4c 8b 6e 10 mov 0x10(%rsi),%r13 <-- trapping instruction 2e: e8 9b ba 2d ff call 0xffffffffff2dbace 33: 48 89 e7 mov %rsp,%rdi 36: 4c 89 ee mov %r13,%rsi 39: 4d 89 ee mov %r13,%r14 3c: e8 .byte 0xe8 3d: 5d pop %rbp 3e: d9 2a fldcw (%rdx) Code starting with the faulting instruction =========================================== 0: 4c 8b 6e 10 mov 0x10(%rsi),%r13 4: e8 9b ba 2d ff call 0xffffffffff2dbaa4 9: 48 89 e7 mov %rsp,%rdi c: 4c 89 ee mov %r13,%rsi f: 4d 89 ee mov %r13,%r14 12: e8 .byte 0xe8 13: 5d pop %rbp 14: d9 2a fldcw (%rdx) [ 11.624304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 11.625249] RSP: 0018:ffffb48e00063a80 EFLAGS: 00010207 [ 11.625829] RIP: 0010:change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.626101] [ 11.626355] Code: d0 d5 ff 41 f6 46 20 01 74 22 49 c7 46 18 ff ff ff ff 49 c7 46 10 ff ff ff ff 41 80 66 20 0b e9 2c ff ff ff e8 f0 34 b0 00 90 <0f> 0b 65 48 8b 04 25 00 f1 02 00 48 8b 10 f7 c2 00 00 00 20 74 23 All code ======== 0: d0 d5 rcl %ch 2: ff 41 f6 incl -0xa(%rcx) 5: 46 20 01 rex.RX and %r8b,(%rcx) 8: 74 22 je 0x2c a: 49 c7 46 18 ff ff ff movq $0xffffffffffffffff,0x18(%r14) 11: ff 12: 49 c7 46 10 ff ff ff movq $0xffffffffffffffff,0x10(%r14) 19: ff 1a: 41 80 66 20 0b andb $0xb,0x20(%r14) 1f: e9 2c ff ff ff jmp 0xffffffffffffff50 24: e8 f0 34 b0 00 call 0xb03519 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 65 48 8b 04 25 00 f1 mov %gs:0x2f100,%rax 33: 02 00 35: 48 8b 10 mov (%rax),%rdx 38: f7 c2 00 00 00 20 test $0x20000000,%edx 3e: 74 23 je 0x63 Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 65 48 8b 04 25 00 f1 mov %gs:0x2f100,%rax 9: 02 00 b: 48 8b 10 mov (%rax),%rdx e: f7 c2 00 00 00 20 test $0x20000000,%edx 14: 74 23 je 0x39 [ 11.626440] RAX: ffffa0abc1c41850 RBX: ffffa0abc2afeb0e RCX: 0000000000000000 [ 11.627380] RSP: 0018:ffffb48e00717c40 EFLAGS: 00010206 [ 11.627752] RDX: 00007ff2ba5c7fff RSI: 00007ff2ba5c7fff RDI: ffffa0abc1c41800 [ 11.628034] [ 11.628399] RBP: ffffa0abc1c41800 R08: 0000000000000000 R09: 0000000000000000 [ 11.628485] RAX: 0000000000000000 RBX: ffffa0abc26a2f18 RCX: 00007ff2ba5aa000 [ 11.628858] R10: 0000000000000000 R11: ffffb48e00063aa0 R12: ffffa0abc1c41808 [ 11.629225] RDX: ffffa0abc1056600 RSI: ffffa0abc26a2f18 RDI: ffffb48e00717e68 [ 11.629589] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa0abc4e51000 [ 11.629955] RBP: 0000000000000071 R08: 0000000000000000 R09: ffffa0abc27f4008 [ 11.630322] FS: 0000000000000000(0000) GS:ffffa0abfed80000(0000) knlGS:0000000000000000 [ 11.630686] R10: 0000000000000018 R11: 0000000000000000 R12: 00007ff2ba5ab000 [ 11.631106] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.631471] R13: 00007ff2ba5ab000 R14: ffffb48e00717e68 R15: ffffa0abc26a2f18 [ 11.631772] CR2: 00007ff2ba5c800f CR3: 000000000be60005 CR4: 0000000000770ef0 [ 11.632141] FS: 00007ff2ba2d8c40(0000) GS:ffffa0abfec00000(0000) knlGS:0000000000000000 [ 11.632506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.632916] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.633282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.633580] CR2: 00007ff2ba4ed0d0 CR3: 00000000038f4005 CR4: 0000000000770ef0 [ 11.633961] PKRU: 55555554 [ 11.634328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.634473] note: kworker/u8:0[11] exited with irqs disabled [ 11.634841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.635141] note: kworker/u8:0[11] exited with preempt_count 1 [ 11.635501] PKRU: 55555554 [ 11.635970] Call Trace: [ 11.636103] [ 11.636219] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 11.636377] ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) [ 11.636556] ? change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.636784] ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) [ 11.636987] ? change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.637211] ? change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.637438] ? exc_invalid_op (arch/x86/kernel/traps.c:265) [ 11.637640] ? change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.637868] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:568) [ 11.638089] ? change_protection (mm/mprotect.c:494 mm/mprotect.c:540) [ 11.638316] ? lock_release (./include/trace/events/lock.h:69 kernel/locking/lockdep.c:5765) [ 11.638521] ? mas_next_slot (lib/maple_tree.c:788 lib/maple_tree.c:4641) [ 11.638728] ? mas_find (lib/maple_tree.c:6022) [ 11.638911] ? __split_vma (./include/linux/mm.h:961 mm/mmap.c:2385) [ 11.639113] mprotect_fixup (./include/linux/mman.h:84 mm/mprotect.c:656) [ 11.639316] ? mas_prev_slot (lib/maple_tree.c:788 lib/maple_tree.c:821 lib/maple_tree.c:4456) [ 11.639528] do_mprotect_pkey (mm/mprotect.c:810) [ 11.639744] __x64_sys_mprotect (mm/mprotect.c:830 mm/mprotect.c:827 mm/mprotect.c:827) [ 11.639955] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 11.640149] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) [ 11.640412] RIP: 0033:0x7ff2ba5feefb [ 11.640600] Code: 73 01 c3 48 8d 0d 05 33 03 00 f7 d8 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d d5 32 03 00 f7 d8 89 01 48 83 All code ======== 0: 73 01 jae 0x3 2: c3 ret 3: 48 8d 0d 05 33 03 00 lea 0x33305(%rip),%rcx # 0x3330f a: f7 d8 neg %eax c: 89 01 mov %eax,(%rcx) e: 48 83 c8 ff or $0xffffffffffffffff,%rax 12: c3 ret 13: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1a: 00 00 00 1d: 66 90 xchg %ax,%ax 1f: f3 0f 1e fa endbr64 23: b8 0a 00 00 00 mov $0xa,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8d 0d d5 32 03 00 lea 0x332d5(%rip),%rcx # 0x3330f 3a: f7 d8 neg %eax 3c: 89 01 mov %eax,(%rcx) 3e: 48 rex.W 3f: 83 .byte 0x83 Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8d 0d d5 32 03 00 lea 0x332d5(%rip),%rcx # 0x332e5 10: f7 d8 neg %eax 12: 89 01 mov %eax,(%rcx) 14: 48 rex.W 15: 83 .byte 0x83 [ 11.641544] RSP: 002b:00007ffcaebca8a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 11.641933] RAX: ffffffffffffffda RBX: 00007ff2ba5fb340 RCX: 00007ff2ba5feefb [ 11.642299] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007ff2ba5ab000 [ 11.642664] RBP: 00007ffcaebca9c0 R08: 0000000000000000 R09: 00007ff2ba3d1c10 [ 11.643030] R10: 00007ff2ba5a6000 R11: 0000000000000206 R12: 0000000000000000 [ 11.643396] R13: 00007ff2ba5a6848 R14: 00007ff2ba5fb340 R15: 00007ff2ba5fb340 | [ 11.657246] #PF: supervisor instruction fetch in kernel mode | [ 11.657537] #PF: error_code(0x0010) - not-present page | [ 11.657804] PGD be63067 P4D be63067 PUD 0 | [ 11.658020] Oops: 0010 [#3] PREEMPT SMP NOPTI [ 11.658666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 11.659243] RIP: 0010:0xffffffff00000003 [ 11.659450] Code: Unable to access opcode bytes at 0xfffffffeffffffd9. Code starting with the faulting instruction =========================================== [ 11.659786] RSP: 0018:ffffb48e00003f20 EFLAGS: 00010286 [ 11.660056] RAX: 0000000000000004 RBX: 00000000000002db RCX: 0000000000000000 [ 11.660420] RDX: ffffffff00000003 RSI: ffffffffb19801c8 RDI: ffffa0abc1c41808 [ 11.660784] RBP: ffffa0abfec308c0 R08: 0000000000000000 R09: 0000000000000000 [ 11.661148] R10: 0000000000000000 R11: 0000000000100008 R12: ffffffffb1826a00 [ 11.661513] R13: 00000000000002da R14: ffffa0abfec30960 R15: ffffffffb0003fcd [ 11.661880] FS: 0000000000000000(0000) GS:ffffa0abfec00000(0000) knlGS:0000000000000000 [ 11.662291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.662588] CR2: fffffffeffffffd9 CR3: 00000000038f4005 CR4: 0000000000770ef0 [ 11.662956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.663322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.663687] PKRU: 55555554 [ 11.663832] Call Trace: [ 11.663972] [ 11.664083] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 11.664249] ? page_fault_oops (arch/x86/mm/fault.c:707) [ 11.664467] ? exc_page_fault (arch/x86/mm/fault.c:1505 arch/x86/mm/fault.c:1563) [ 11.664673] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570) [ 11.664893] ? rcu_core (kernel/rcu/tree.c:2190 kernel/rcu/tree.c:2465) [ 11.665083] ? rcu_core (kernel/rcu/tree.c:2190 kernel/rcu/tree.c:2465) [ 11.665269] ? __do_softirq (kernel/softirq.c:553) [ 11.665468] ? irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644) [ 11.665662] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) [ 11.665922] [ 11.666037] [ 11.666152] ? asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:649) [ 11.666426] ? do_idle (kernel/sched/idle.c:171 kernel/sched/idle.c:312) [ 11.666611] ? default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:72 arch/x86/kernel/process.c:743) [ 11.666801] ? default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:98) [ 11.667020] ? do_idle (kernel/sched/idle.c:171 kernel/sched/idle.c:312) [ 11.667200] ? finish_task_switch.isra.0 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:77 kernel/sched/sched.h:1397 kernel/sched/core.c:5154 kernel/sched/core.c:5272) [ 11.667455] ? cpu_startup_entry (kernel/sched/idle.c:409 (discriminator 1)) [ 11.667670] ? rest_init (./include/linux/rcupdate.h:751 init/main.c:701) [ 11.667856] ? arch_call_rest_init+0xe/0x30 [ 11.668086] ? start_kernel (init/main.c:1045) [ 11.668288] ? x86_64_start_reservations (arch/x86/kernel/head64.c:543) [ 11.668540] ? x86_64_start_kernel (arch/x86/kernel/head64.c:485 (discriminator 5)) Finger prints: __mutex_lock:refcount_dec_and_mutex_lock:__tcf_action_put:tcf_action_destroy __split_vma:vma_modify:mprotect_fixup:do_mprotect_pkey __mutex_unlock_slowpath:__tcf_action_put:tcf_action_destroy:tcf_exts_destroy __mutex_unlock_slowpath:change_protection:mprotect_fixup:do_mprotect_pkey