====================================== | [ 618.532953][ C2] #3: ffffffff91f905f8 (remove_cache_srcu){.+.+}-{0:0}, at: kasan_quarantine_reduce (./include/linux/srcu.h:187 (discriminator 2) ./include/linux/srcu.h:294 (discriminator 2) mm/kasan/quarantine.c:259 (discriminator 2)) | [ 618.533213][ C2] #4: ffffffff91d77c00 (rcu_callback){....}-{0:0}, at: rcu_do_batch (./include/linux/rcupdate.h:300 (discriminator 2) kernel/rcu/tree.c:2611 (discriminator 2)) | [ 618.533444][ C2] | [ 618.533444][ C2] stack backtrace: [ 618.533609][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 618.533611][ C2] Call Trace: [ 618.533613][ C2] [ 618.533615][ C2] dump_stack_lvl (lib/dump_stack.c:94 lib/dump_stack.c:120) [ 618.533621][ C2] print_usage_bug.part.0.cold (kernel/locking/lockdep.c:4042) [ 618.533625][ C2] ? filter_irq_stacks (kernel/stacktrace.c:402) [ 618.533629][ C2] mark_lock_irq (kernel/locking/lockdep.c:4013 kernel/locking/lockdep.c:4056 kernel/locking/lockdep.c:4267) [ 618.533632][ C2] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1061 (discriminator 37) arch/x86/kernel/apic/apic.c:1061 (discriminator 37)) [ 618.533635][ C2] ? asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 618.533639][ C2] ? save_trace (kernel/locking/lockdep.c:589) [ 618.533641][ C2] ? copy_process (./include/linux/ptrace.h:208 (discriminator 3) kernel/fork.c:2466 (discriminator 3)) [ 618.533644][ C2] mark_lock (kernel/locking/lockdep.c:4753) [ 618.533647][ C2] mark_usage (kernel/locking/lockdep.c:4642) [ 618.533649][ C2] __lock_acquire (kernel/locking/lockdep.c:5191) [ 618.533652][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4325) [ 618.533654][ C2] ? rcu_do_batch (./include/linux/rcupdate.h:310 (discriminator 2) kernel/rcu/tree.c:2619 (discriminator 2)) [ 618.533658][ C2] lock_acquire.part.0 (kernel/locking/lockdep.c:5868 (discriminator 1)) [ 618.533660][ C2] ? tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 618.533663][ C2] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 618.533666][ C2] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 22) kernel/locking/lockdep.c:5831 (discriminator 22)) [ 618.533669][ C2] _raw_spin_lock (./include/linux/spinlock_api_smp.h:158 (discriminator 1) kernel/locking/spinlock.c:158 (discriminator 1)) [ 618.533672][ C2] ? tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 618.533674][ C2] tcf_mirred_release (./include/linux/spinlock.h:342 net/sched/act_mirred.c:78) act_mirred [ 618.533678][ C2] tcf_action_rcu_free (net/sched/act_api.c:367 net/sched/act_api.c:378) [ 618.533680][ C2] ? rcu_do_batch (./include/linux/rcupdate.h:310 (discriminator 2) kernel/rcu/tree.c:2619 (discriminator 2)) [ 618.533683][ C2] rcu_do_batch (kernel/rcu/tree.c:2617) [ 618.533687][ C2] ? trace_rcu_batch_end (./include/trace/events/rcu.h:714 (discriminator 19)) [ 618.533690][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:4411 (discriminator 2)) [ 618.533693][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4472) [ 618.533695][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:178 (discriminator 6) kernel/locking/spinlock.c:198 (discriminator 6)) [ 618.533697][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:179 (discriminator 1) kernel/locking/spinlock.c:198 (discriminator 1)) [ 618.533700][ C2] rcu_core (kernel/rcu/tree.c:2869) [ 618.533704][ C2] handle_softirqs (kernel/softirq.c:622) [ 618.533706][ C2] ? find_held_lock (kernel/locking/lockdep.c:5350) [ 618.533710][ C2] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5535) [ 618.533712][ C2] ? _local_bh_enable (kernel/softirq.c:405 (discriminator 1)) [ 618.533716][ C2] __irq_exit_rcu (kernel/softirq.c:656 kernel/softirq.c:496 kernel/softirq.c:735) [ 618.533718][ C2] irq_exit_rcu (kernel/softirq.c:752) [ 618.533720][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1061 (discriminator 37) arch/x86/kernel/apic/apic.c:1061 (discriminator 37)) [ 618.533723][ C2] [ 618.533724][ C2] [ 618.533726][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 618.533728][ C2] RIP: 0010:_raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:178 (discriminator 12) kernel/locking/spinlock.c:198 (discriminator 12)) [ 618.533732][ C2] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 21 7e ca fd 48 89 df e8 a9 d4 ca fd f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 30 62 bd fd 65 8b 05 29 0a fe 01 85 c0 74 12 5b All code ======== 0: f5 cmc 1: 53 push %rbx 2: 48 8b 74 24 10 mov 0x10(%rsp),%rsi 7: 48 89 fb mov %rdi,%rbx a: 48 83 c7 18 add $0x18,%rdi e: e8 21 7e ca fd call 0xfffffffffdca7e34 13: 48 89 df mov %rbx,%rdi 16: e8 a9 d4 ca fd call 0xfffffffffdcad4c4 1b: f7 c5 00 02 00 00 test $0x200,%ebp 21: 75 1f jne 0x42 23: 9c pushf 24: 58 pop %rax 25: f6 c4 02 test $0x2,%ah 28: 75 2f jne 0x59 2a:* bf 01 00 00 00 mov $0x1,%edi <-- trapping instruction 2f: e8 30 62 bd fd call 0xfffffffffdbd6264 34: 65 8b 05 29 0a fe 01 mov %gs:0x1fe0a29(%rip),%eax # 0x1fe0a64 3b: 85 c0 test %eax,%eax 3d: 74 12 je 0x51 3f: 5b pop %rbx Code starting with the faulting instruction =========================================== 0: bf 01 00 00 00 mov $0x1,%edi 5: e8 30 62 bd fd call 0xfffffffffdbd623a a: 65 8b 05 29 0a fe 01 mov %gs:0x1fe0a29(%rip),%eax # 0x1fe0a3a 11: 85 c0 test %eax,%eax 13: 74 12 je 0x27 15: 5b pop %rbx [ 618.533734][ C2] RSP: 0018:ffa0000007f377d0 EFLAGS: 00000246 [ 618.533737][ C2] RAX: 0000000000000082 RBX: ff11000001041440 RCX: ffffffff90e90613 [ 618.533739][ C2] RDX: ff1100001a7c8040 RSI: ffffffff91801bcb RDI: ffffffff9126f6c0 [ 618.533741][ C2] RBP: 0000000000000246 R08: 0000000000000000 R09: 0000000000000000 [ 618.533743][ C2] R10: 0000000000000002 R11: 0000000000000001 R12: ff11000008fba9c8 [ 618.533744][ C2] R13: 0000000000000000 R14: ffa0000007f37818 R15: 0000000000000000 [ 618.533747][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:178 (discriminator 6) kernel/locking/spinlock.c:198 (discriminator 6)) [ 618.533751][ C2] qlist_free_all (mm/kasan/quarantine.c:163 (discriminator 2) mm/kasan/quarantine.c:179 (discriminator 2)) [ 618.533754][ C2] kasan_quarantine_reduce (mm/kasan/quarantine.c:286) [ 618.533757][ C2] __kasan_slab_alloc (mm/kasan/common.c:350) [ 618.533760][ C2] kmem_cache_alloc_noprof (./include/linux/kasan.h:253 mm/slub.c:4570 mm/slub.c:4899 mm/slub.c:4906) [ 618.533764][ C2] ? __vma_start_exclude_readers (./arch/x86/include/asm/bitops.h:202 (discriminator 1) ./arch/x86/include/asm/bitops.h:232 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) ./include/linux/thread_info.h:133 (discriminator 1) ./include/linux/sched.h:2069 (discriminator 1) ./include/linux/sched/signal.h:394 (discriminator 1) ./include/linux/sched/signal.h:413 (discriminator 1) mm/mmap_lock.c:126 (discriminator 1)) [ 618.533769][ C2] vm_area_dup (mm/vma_init.c:123 (discriminator 7)) [ 618.533772][ C2] dup_mmap (mm/mmap.c:1786) [ 618.533776][ C2] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 2) kernel/locking/lockdep.c:3821 (discriminator 2) kernel/locking/lockdep.c:3876 (discriminator 2)) [ 618.533779][ C2] ? mmap_read_lock_maybe_expand (./include/linux/rwsem.h:221 (discriminator 1)) [ 618.533782][ C2] ? __lock_acquire (kernel/locking/lockdep.c:5237) [ 618.533784][ C2] ? rcu_read_lock_any_held (./include/linux/lockdep.h:249 kernel/rcu/update.c:386 kernel/rcu/update.c:380) [ 618.533787][ C2] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 2) kernel/locking/lockdep.c:3821 (discriminator 2) kernel/locking/lockdep.c:3876 (discriminator 2)) [ 618.533789][ C2] ? lock_acquire.part.0 (kernel/locking/lockdep.c:5868 (discriminator 1)) [ 618.533791][ C2] ? find_held_lock (kernel/locking/lockdep.c:5350) [ 618.533796][ C2] ? lock_acquire.part.0 (kernel/locking/lockdep.c:5868 (discriminator 1)) [ 618.533798][ C2] ? copy_process (kernel/fork.c:1533 kernel/fork.c:1586 kernel/fork.c:2264) [ 618.533801][ C2] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 618.533805][ C2] copy_process (kernel/fork.c:1534 kernel/fork.c:1586 kernel/fork.c:2264) [ 618.533807][ C2] ? restore_fpregs_from_user (arch/x86/kernel/fpu/signal.c:300) [ 618.533814][ C2] ? pidfd_prepare (./include/linux/list.h:1021 (discriminator 3)) [ 618.533817][ C2] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 3) kernel/rcu/tree.c:4032 (discriminator 3)) [ 618.533820][ C2] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 3) kernel/rcu/tree.c:4032 (discriminator 3)) [ 618.533822][ C2] ? rcu_read_lock_any_held (./include/linux/lockdep.h:249 kernel/rcu/update.c:386 kernel/rcu/update.c:380) [ 618.533825][ C2] kernel_clone (kernel/fork.c:2722) [ 618.533828][ C2] ? create_io_thread (kernel/fork.c:2660) [ 618.533832][ C2] ? __might_fault (mm/memory.c:7340 (discriminator 5)) [ 618.533834][ C2] ? find_held_lock (kernel/locking/lockdep.c:5350) [ 618.533838][ C2] __do_sys_clone (kernel/fork.c:2863) [ 618.533841][ C2] ? kernel_clone (./include/trace/events/sched.h:396 (discriminator 19)) [ 618.533846][ C2] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 618.533848][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 22)) [ 618.533853][ C2] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) [ 618.533855][ C2] ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:104 (discriminator 1)) [ 618.533857][ C2] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 618.533860][ C2] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121) [ 618.533862][ C2] RIP: 0033:0x7f82a530a226 [ 618.533865][ C2] Code: 7d e0 e8 7d a4 f5 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a 89 c3 85 c0 75 2f 64 48 8b 04 25 10 00 00 All code ======== 0: 7d e0 jge 0xffffffffffffffe2 2: e8 7d a4 f5 ff call 0xfffffffffff5a484 7: 45 31 c0 xor %r8d,%r8d a: 31 d2 xor %edx,%edx c: 31 f6 xor %esi,%esi e: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax 15: 00 00 17: bf 11 00 20 01 mov $0x1200011,%edi 1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10 23: b8 38 00 00 00 mov $0x38,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 5a ja 0x8c 32: 89 c3 mov %eax,%ebx 34: 85 c0 test %eax,%eax 36: 75 2f jne 0x67 38: 64 fs 39: 48 rex.W 3a: 8b .byte 0x8b 3b: 04 25 add $0x25,%al 3d: 10 00 adc %al,(%rax) ... Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 5a ja 0x62 8: 89 c3 mov %eax,%ebx a: 85 c0 test %eax,%eax c: 75 2f jne 0x3d e: 64 fs f: 48 rex.W 10: 8b .byte 0x8b 11: 04 25 add $0x25,%al 13: 10 00 adc %al,(%rax) ... [ 618.533867][ C2] RSP: 002b:00007ffcf10360a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 618.533869][ C2] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f82a530a226 [ 618.533871][ C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 618.533872][ C2] RBP: 00007ffcf10360c0 R08: 0000000000000000 R09: 0000000000000030 [ 618.533874][ C2] R10: 00007f82a5247e50 R11: 0000000000000246 R12: 000055764731e160 Finger prints: mark_lock_irq:mark_lock:mark_usage:__lock_acquire:_raw_spin_lock