====================================== | [ 30.632804][ C2] #0: ffffffffa67905f8 (remove_cache_srcu){.+.+}-{0:0}, at: kasan_quarantine_reduce (./include/linux/srcu.h:187 (discriminator 2) ./include/linux/srcu.h:294 (discriminator 2) mm/kasan/quarantine.c:259 (discriminator 2)) | [ 30.633094][ C2] #1: ffffffffa6577c00 (rcu_callback){....}-{0:0}, at: rcu_do_batch (./include/linux/rcupdate.h:300 (discriminator 2) kernel/rcu/tree.c:2611 (discriminator 2)) | [ 30.633345][ C2] | [ 30.633345][ C2] stack backtrace: [ 30.633525][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 30.633528][ C2] Call Trace: [ 30.633530][ C2] [ 30.633531][ C2] dump_stack_lvl (lib/dump_stack.c:94 lib/dump_stack.c:120) [ 30.633538][ C2] print_usage_bug.part.0.cold (kernel/locking/lockdep.c:4042) [ 30.633541][ C2] ? filter_irq_stacks (kernel/stacktrace.c:402) [ 30.633546][ C2] mark_lock_irq (kernel/locking/lockdep.c:4013 kernel/locking/lockdep.c:4056 kernel/locking/lockdep.c:4267) [ 30.633549][ C2] ? trace_pelt_se_tp (./include/trace/events/sched.h:853 (discriminator 22)) [ 30.633553][ C2] ? save_trace (kernel/locking/lockdep.c:589) [ 30.633557][ C2] mark_lock (kernel/locking/lockdep.c:4753) [ 30.633560][ C2] mark_usage (kernel/locking/lockdep.c:4642) [ 30.633562][ C2] __lock_acquire (kernel/locking/lockdep.c:5191) [ 30.633565][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4325) [ 30.633568][ C2] lock_acquire.part.0 (kernel/locking/lockdep.c:5868 (discriminator 1)) [ 30.633571][ C2] ? tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 30.633574][ C2] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 30.633577][ C2] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 22) kernel/locking/lockdep.c:5831 (discriminator 22)) [ 30.633580][ C2] _raw_spin_lock (./include/linux/spinlock_api_smp.h:158 (discriminator 1) kernel/locking/spinlock.c:158 (discriminator 1)) [ 30.633583][ C2] ? tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 30.633586][ C2] tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 30.633589][ C2] tcf_action_rcu_free (net/sched/act_api.c:367 net/sched/act_api.c:378) [ 30.633592][ C2] ? rcu_do_batch (./include/linux/rcupdate.h:310 (discriminator 2) kernel/rcu/tree.c:2619 (discriminator 2)) [ 30.633595][ C2] rcu_do_batch (kernel/rcu/tree.c:2617) [ 30.633599][ C2] ? trace_rcu_batch_end (./include/trace/events/rcu.h:714 (discriminator 19)) [ 30.633603][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:4411 (discriminator 2)) [ 30.633605][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4472) [ 30.633608][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:178 (discriminator 6) kernel/locking/spinlock.c:198 (discriminator 6)) [ 30.633611][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:179 (discriminator 1) kernel/locking/spinlock.c:198 (discriminator 1)) [ 30.633614][ C2] rcu_core (kernel/rcu/tree.c:2869) [ 30.633617][ C2] handle_softirqs (kernel/softirq.c:622) [ 30.633620][ C2] ? find_held_lock (kernel/locking/lockdep.c:5350) [ 30.633625][ C2] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5535) [ 30.633628][ C2] ? _local_bh_enable (kernel/softirq.c:405 (discriminator 1)) [ 30.633632][ C2] __irq_exit_rcu (kernel/softirq.c:656 kernel/softirq.c:496 kernel/softirq.c:735) [ 30.633635][ C2] irq_exit_rcu (kernel/softirq.c:752) [ 30.633637][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1061 (discriminator 37) arch/x86/kernel/apic/apic.c:1061 (discriminator 37)) [ 30.633640][ C2] [ 30.633641][ C2] [ 30.633643][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 30.633645][ C2] RIP: 0010:lock_release (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./arch/x86/include/asm/irqflags.h:159 kernel/locking/lockdep.c:5892 kernel/locking/lockdep.c:5875) [ 30.633649][ C2] Code: d1 33 04 83 f8 01 0f 85 fd 00 00 00 9c 58 f6 c4 02 0f 85 12 01 00 00 41 f7 c7 00 02 00 00 0f 84 bf 00 00 00 fb 4c 8b 7c 24 18 <48> 8b 5c 24 08 4c 8b 74 24 10 48 83 c4 20 c3 65 8b 05 42 8b 33 04 All code ======== 0: d1 33 shll $1,(%rbx) 2: 04 83 add $0x83,%al 4: f8 clc 5: 01 0f add %ecx,(%rdi) 7: 85 fd test %edi,%ebp 9: 00 00 add %al,(%rax) b: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2) 12: 85 12 test %edx,(%rdx) 14: 01 00 add %eax,(%rax) 16: 00 41 f7 add %al,-0x9(%rcx) 19: c7 00 02 00 00 0f movl $0xf000002,(%rax) 1f: 84 bf 00 00 00 fb test %bh,-0x5000000(%rdi) 25: 4c 8b 7c 24 18 mov 0x18(%rsp),%r15 2a:* 48 8b 5c 24 08 mov 0x8(%rsp),%rbx <-- trapping instruction 2f: 4c 8b 74 24 10 mov 0x10(%rsp),%r14 34: 48 83 c4 20 add $0x20,%rsp 38: c3 ret 39: 65 8b 05 42 8b 33 04 mov %gs:0x4338b42(%rip),%eax # 0x4338b82 Code starting with the faulting instruction =========================================== 0: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx 5: 4c 8b 74 24 10 mov 0x10(%rsp),%r14 a: 48 83 c4 20 add $0x20,%rsp e: c3 ret f: 65 8b 05 42 8b 33 04 mov %gs:0x4338b42(%rip),%eax # 0x4338b58 [ 30.633652][ C2] RSP: 0018:ffa00000008676a0 EFLAGS: 00000206 [ 30.633655][ C2] RAX: 0000000000000046 RBX: ffffffffa6577d20 RCX: 0000000000000001 [ 30.633657][ C2] RDX: 0000000000000001 RSI: ffffffffa5febde8 RDI: ffffffffa5a6f6c0 [ 30.633658][ C2] RBP: ffa00000008678c0 R08: 0000000000000001 R09: ffffffffa6ecee44 [ 30.633660][ C2] R10: 0000000000000002 R11: 0000000000000000 R12: ffa0000000867801 [ 30.633661][ C2] R13: ffa0000000867818 R14: ffffffffa314a6e1 R15: ffa0000000867818 [ 30.633663][ C2] ? unwind_next_frame (./include/linux/rcupdate.h:310 (discriminator 2) ./include/linux/rcupdate.h:869 (discriminator 2) ./include/linux/rcupdate.h:1181 (discriminator 2) arch/x86/kernel/unwind_orc.c:495 (discriminator 2)) [ 30.633670][ C2] unwind_next_frame (./include/linux/rcupdate.h:310 (discriminator 2) ./include/linux/rcupdate.h:869 (discriminator 2) ./include/linux/rcupdate.h:1181 (discriminator 2) arch/x86/kernel/unwind_orc.c:495 (discriminator 2)) [ 30.633672][ C2] ? arch_stack_walk (./arch/x86/include/asm/unwind.h:64 arch/x86/kernel/stacktrace.c:24) [ 30.633677][ C2] ? stack_access_ok (./arch/x86/include/asm/stacktrace.h:55) [ 30.633681][ C2] ? get_stack_info_noinstr (arch/x86/kernel/dumpstack_64.c:173) [ 30.633689][ C2] __unwind_start (arch/x86/kernel/unwind_orc.c:787) [ 30.633692][ C2] ? write_profile (profile.c:?) [ 30.633695][ C2] arch_stack_walk (./arch/x86/include/asm/unwind.h:64 arch/x86/kernel/stacktrace.c:24) [ 30.633700][ C2] ? stack_trace_save (kernel/stacktrace.c:122 (discriminator 1)) [ 30.633703][ C2] stack_trace_save (kernel/stacktrace.c:122 (discriminator 1)) [ 30.633706][ C2] ? filter_irq_stacks (kernel/stacktrace.c:402) [ 30.633711][ C2] set_track_prepare (mm/slub.c:1037) [ 30.633717][ C2] free_to_partial_list (mm/slub.c:5453) [ 30.633720][ C2] ? qlist_free_all (mm/kasan/quarantine.c:163 (discriminator 2) mm/kasan/quarantine.c:179 (discriminator 2)) [ 30.633724][ C2] qlist_free_all (mm/kasan/quarantine.c:163 (discriminator 2) mm/kasan/quarantine.c:179 (discriminator 2)) [ 30.633727][ C2] kasan_quarantine_reduce (mm/kasan/quarantine.c:286) [ 30.633730][ C2] __kasan_slab_alloc (mm/kasan/common.c:350) [ 30.633733][ C2] kmem_cache_alloc_node_noprof (./include/linux/kasan.h:253 mm/slub.c:4570 mm/slub.c:4899 mm/slub.c:4951) [ 30.633737][ C2] dup_task_struct (kernel/fork.c:187 (discriminator 7) kernel/fork.c:918 (discriminator 7)) [ 30.633740][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4472) [ 30.633743][ C2] copy_process (kernel/fork.c:2090 (discriminator 1)) [ 30.633746][ C2] ? restore_fpregs_from_user (arch/x86/kernel/fpu/signal.c:300) [ 30.633750][ C2] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 3) kernel/rcu/tree.c:4032 (discriminator 3)) [ 30.633753][ C2] ? rcu_read_lock_any_held (./include/linux/lockdep.h:249 kernel/rcu/update.c:386 kernel/rcu/update.c:380) [ 30.633756][ C2] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 2) kernel/locking/lockdep.c:3821 (discriminator 2) kernel/locking/lockdep.c:3876 (discriminator 2)) [ 30.633759][ C2] ? pidfd_prepare (./include/linux/list.h:1021 (discriminator 3)) [ 30.633762][ C2] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 3) kernel/rcu/tree.c:4032 (discriminator 3)) [ 30.633765][ C2] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 3) kernel/rcu/tree.c:4032 (discriminator 3)) [ 30.633768][ C2] ? rcu_read_lock_any_held (./include/linux/lockdep.h:249 kernel/rcu/update.c:386 kernel/rcu/update.c:380) [ 30.633771][ C2] kernel_clone (kernel/fork.c:2722) [ 30.633773][ C2] ? create_io_thread (kernel/fork.c:2660) [ 30.633777][ C2] ? __might_fault (mm/memory.c:7340 (discriminator 5)) [ 30.633780][ C2] ? find_held_lock (kernel/locking/lockdep.c:5350) [ 30.633784][ C2] __do_sys_clone (kernel/fork.c:2863) [ 30.633787][ C2] ? kernel_clone (./include/trace/events/sched.h:396 (discriminator 19)) [ 30.633792][ C2] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 30.633795][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 22)) [ 30.633799][ C2] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) [ 30.633801][ C2] ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:104 (discriminator 1)) [ 30.633803][ C2] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 30.633806][ C2] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121) [ 30.633809][ C2] RIP: 0033:0x7fe09f1ac226 [ 30.633812][ C2] Code: 7d e0 e8 7d a4 f5 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a 89 c3 85 c0 75 2f 64 48 8b 04 25 10 00 00 All code ======== 0: 7d e0 jge 0xffffffffffffffe2 2: e8 7d a4 f5 ff call 0xfffffffffff5a484 7: 45 31 c0 xor %r8d,%r8d a: 31 d2 xor %edx,%edx c: 31 f6 xor %esi,%esi e: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax 15: 00 00 17: bf 11 00 20 01 mov $0x1200011,%edi 1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10 23: b8 38 00 00 00 mov $0x38,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 5a ja 0x8c 32: 89 c3 mov %eax,%ebx 34: 85 c0 test %eax,%eax 36: 75 2f jne 0x67 38: 64 fs 39: 48 rex.W 3a: 8b .byte 0x8b 3b: 04 25 add $0x25,%al 3d: 10 00 adc %al,(%rax) ... Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 5a ja 0x62 8: 89 c3 mov %eax,%ebx a: 85 c0 test %eax,%eax c: 75 2f jne 0x3d e: 64 fs f: 48 rex.W 10: 8b .byte 0x8b 11: 04 25 add $0x25,%al 13: 10 00 adc %al,(%rax) ... [ 30.633814][ C2] RSP: 002b:00007fffa11f6520 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 30.633817][ C2] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe09f1ac226 [ 30.633818][ C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 30.633819][ C2] RBP: 00007fffa11f6540 R08: 0000000000000000 R09: 0000000000000030 [ 30.633821][ C2] R10: 00007fe09f0e9e50 R11: 0000000000000246 R12: 000055c9ebbd0ca0 Finger prints: mark_lock_irq:mark_lock:mark_usage:__lock_acquire:_raw_spin_lock