Hi,

I got the following warning on the v4.15.9 kernel.

:[ 4483.052174] 
==================================================================
:[ 4483.052659] BUG: KASAN: slab-out-of-bounds in __dev_queue_xmit+0x2e5/0x14c0
:[ 4483.052937] Read of size 1 at addr ffff880067ef7bc0 by task objtool/26177
:
:[ 4483.053361] CPU: 0 PID: 26177 Comm: objtool Not tainted 4.15.9 #1
:[ 4483.053603] Hardware name: Parallels Software International Inc. Parallels 
Virtual Platform/Parallels Virtual Platform, BIOS 6.12.26068.1232434 02/27/2017
:[ 4483.054116] Call Trace:
:[ 4483.054272]  <IRQ>
:[ 4483.054419]  dump_stack+0xda/0x16f
:[ 4483.054589]  ? _atomic_dec_and_lock+0x101/0x101
:[ 4483.054810]  ? rcu_lockdep_current_cpu_online+0xba/0x120
:[ 4483.055077]  print_address_description+0x6a/0x270
:[ 4483.055312]  kasan_report+0x277/0x360
:[ 4483.055491]  ? __dev_queue_xmit+0x2e5/0x14c0
:[ 4483.055688]  __dev_queue_xmit+0x2e5/0x14c0
:[ 4483.055892]  ? do_raw_spin_unlock+0x147/0x220
:[ 4483.056122]  ? netdev_pick_tx+0x150/0x150
:[ 4483.056369]  ? mark_held_locks+0x52/0x90
:[ 4483.056560]  ? __lock_acquire+0x61b/0x2060
:[ 4483.056771]  ? match_held_lock+0x8d/0x420
:[ 4483.056969]  ? mark_lock+0x1c9/0xa30
:[ 4483.057173]  ? save_trace+0x1e0/0x1e0
:[ 4483.057367]  ? print_irqtrace_events+0x110/0x110
:[ 4483.057602]  ? nf_conntrack_alter_reply+0x2a0/0x2a0 [nf_conntrack]
:[ 4483.057867]  ? tcp_new+0x510/0x510 [nf_conntrack]
:[ 4483.058101]  ? debug_check_no_locks_freed+0x1b0/0x1b0
:[ 4483.058360]  ? kernel_text_address+0xec/0x100
:[ 4483.058562]  ? find_held_lock+0x6d/0xd0
:[ 4483.058754]  ? lock_downgrade+0x320/0x320
:[ 4483.058959]  ? lock_release+0x4d0/0x4d0
:[ 4483.059184]  ? nf_ct_get_tuple+0x98/0xd0 [nf_conntrack]
:[ 4483.059422]  ? rcu_lockdep_current_cpu_online+0xba/0x120
:[ 4483.059655]  ? mark_held_locks+0x52/0x90
:[ 4483.059845]  ? ip_finish_output2+0x83d/0xb10
:[ 4483.060068]  ip_finish_output2+0x93f/0xb10
:[ 4483.060292]  ? ip_copy_metadata+0x320/0x320
:[ 4483.060485]  ? save_trace+0x1e0/0x1e0
:[ 4483.060659]  ? rcu_is_watching+0x81/0xc0
:[ 4483.060872]  ? ipv4_nlattr_to_tuple+0x80/0x80 [nf_conntrack_ipv4]
:[ 4483.061166]  ? nf_ct_deliver_cached_events+0x1a3/0x450 [nf_conntrack]
:[ 4483.061461]  ? __local_bh_enable_ip+0x9a/0x110
:[ 4483.061662]  ? ipt_do_table+0x65c/0x7e0
:[ 4483.061845]  ? ipv4_mtu+0x1ac/0x220
:[ 4483.062025]  ? find_held_lock+0x6d/0xd0
:[ 4483.062267]  ? ip_finish_output+0x435/0x590
:[ 4483.062462]  ip_finish_output+0x435/0x590
:[ 4483.062649]  ? ip_fragment.constprop.45+0xf0/0xf0
:[ 4483.062860]  ? ipv4_nlattr_to_tuple+0x80/0x80 [nf_conntrack_ipv4]
:[ 4483.063142]  ? iptable_nat_ipv4_fn+0x20/0x20 [iptable_nat]
:[ 4483.063393]  ? iptable_nat_ipv4_local_fn+0x20/0x20 [iptable_nat]
:[ 4483.063634]  ? rcu_is_watching+0x81/0xc0
:[ 4483.063829]  ? nf_hook_slow+0xa4/0xe0
:[ 4483.064031]  ip_output+0x12a/0x450
:[ 4483.064237]  ? ip_mc_output+0xc30/0xc30
:[ 4483.064435]  ? ip_fragment.constprop.45+0xf0/0xf0
:[ 4483.064644]  ? tcp_make_synack+0x7b9/0x950
:[ 4483.064849]  ip_build_and_send_pkt+0x2f7/0x480
:[ 4483.065086]  ? ip_local_out+0x90/0x90
:[ 4483.065283]  ? __lockdep_init_map+0x98/0x2a0
:[ 4483.065485]  ? inet_bind_hash+0x130/0x130
:[ 4483.065681]  tcp_v4_send_synack+0x1b7/0x280
:[ 4483.065878]  ? tcp_v4_send_check+0x40/0x40
:[ 4483.066094]  ? ip_mc_output+0x4b0/0xc30
:[ 4483.066344]  ? inet_csk_reqsk_queue_hash_add+0x11b/0x170
:[ 4483.066569]  ? inet_csk_route_child_sock+0x430/0x430
:[ 4483.066798]  tcp_conn_request+0x152e/0x1a70
:[ 4483.067017]  ? tcp_event_data_recv+0x6a0/0x6a0
:[ 4483.067259]  ? __lock_acquire+0x61b/0x2060
:[ 4483.067483]  ? debug_check_no_locks_freed+0x1b0/0x1b0
:[ 4483.067696]  ? print_irqtrace_events+0x110/0x110
:[ 4483.067902]  ? __lock_acquire+0x61b/0x2060
:[ 4483.068126]  ? match_held_lock+0x8d/0x420
:[ 4483.068376]  ? match_held_lock+0x8d/0x420
:[ 4483.068617]  ? match_held_lock+0x8d/0x420
:[ 4483.068868]  ? save_trace+0x1e0/0x1e0
:[ 4483.069132]  ? save_trace+0x1e0/0x1e0
:[ 4483.069383]  ? save_trace+0x1e0/0x1e0
:[ 4483.069615]  ? find_held_lock+0x6d/0xd0
:[ 4483.069888]  ? __lock_is_held+0x71/0xc0
:[ 4483.070181]  ? tcp_rcv_state_process+0x507/0x1fb0
:[ 4483.070557]  tcp_rcv_state_process+0x507/0x1fb0
:[ 4483.070824]  ? rcu_is_watching+0x81/0xc0
:[ 4483.071103]  ? tcp_finish_connect+0x180/0x180
:[ 4483.071394]  ? sk_filter_trim_cap+0x30b/0x510
:[ 4483.071658]  ? sk_skb_is_valid_access+0xd0/0xd0
:[ 4483.071933]  ? tcp_parse_md5sig_option+0x6d/0x90
:[ 4483.072231]  ? tcp_v4_inbound_md5_hash+0xca/0x2a0
:[ 4483.072530]  ? tcp_v4_do_rcv+0x266/0x340
:[ 4483.072763]  tcp_v4_do_rcv+0x266/0x340
:[ 4483.073018]  tcp_v4_rcv+0x1255/0x1290
:[ 4483.073324]  ? tcp_v4_early_demux+0x3b0/0x3b0
:[ 4483.073583]  ? find_held_lock+0xb0/0xd0
:[ 4483.073840]  ip_local_deliver_finish+0x1c9/0x5f0
:[ 4483.074137]  ? ipv4_nlattr_to_tuple+0x80/0x80 [nf_conntrack_ipv4]
:[ 4483.074425]  ? inet_del_offload+0x40/0x40
:[ 4483.074618]  ? nf_hook_slow+0xa4/0xe0
:[ 4483.074799]  ip_local_deliver+0x324/0x410
:[ 4483.075005]  ? ip_call_ra_chain+0x390/0x390
:[ 4483.075239]  ? inet_del_offload+0x40/0x40
:[ 4483.075460]  ip_rcv_finish+0x587/0xbb0
:[ 4483.075646]  ? ip_local_deliver_finish+0x5f0/0x5f0
:[ 4483.075860]  ? find_held_lock+0x6d/0xd0
:[ 4483.076067]  ? ip_rcv+0x70b/0x940
:[ 4483.076252]  ? lock_downgrade+0x320/0x320
:[ 4483.076556]  ? tcp_v4_send_synack+0x280/0x280
:[ 4483.076757]  ? do_add_counters+0x2b0/0x2b0
:[ 4483.076958]  ? rcu_is_watching+0x81/0xc0
:[ 4483.077179]  ? iptable_nat_ipv4_out+0x20/0x20 [iptable_nat]
:[ 4483.077424]  ? nf_hook_slow+0xa4/0xe0
:[ 4483.077606]  ip_rcv+0x54d/0x940
:[ 4483.077776]  ? ip_local_deliver+0x410/0x410
:[ 4483.077985]  ? ip_local_deliver_finish+0x5f0/0x5f0
:[ 4483.078229]  ? match_held_lock+0x8d/0x420
:[ 4483.078455]  ? ip_local_deliver+0x410/0x410
:[ 4483.078653]  __netif_receive_skb_core+0x13d7/0x1a20
:[ 4483.078884]  ? enqueue_to_backlog+0x730/0x730
:[ 4483.079110]  ? __is_insn_slot_addr+0x17b/0x240
:[ 4483.079332]  ? lock_downgrade+0x320/0x320
:[ 4483.079535]  ? find_held_lock+0x6d/0xd0
:[ 4483.079727]  ? is_bpf_text_address+0x60/0xe0
:[ 4483.079931]  ? match_held_lock+0x8d/0x420
:[ 4483.080138]  ? lock_downgrade+0x320/0x320
:[ 4483.080344]  ? save_trace+0x1e0/0x1e0
:[ 4483.080518]  ? lock_release+0x4d0/0x4d0
:[ 4483.080699]  ? __free_insn_slot+0x3e0/0x3e0
:[ 4483.080892]  ? rcu_is_watching+0x81/0xc0
:[ 4483.081104]  ? rcutorture_record_progress+0x10/0x10
:[ 4483.081339]  ? page_fault+0x7b/0x80
:[ 4483.081514]  ? match_held_lock+0x8d/0x420
:[ 4483.081705]  ? save_trace+0x1e0/0x1e0
:[ 4483.081882]  ? find_held_lock+0x6d/0xd0
:[ 4483.082093]  ? inet_gro_receive+0x21e/0x7c0
:[ 4483.082309]  ? lock_downgrade+0x320/0x320
:[ 4483.082504]  ? lock_release+0x4d0/0x4d0
:[ 4483.082695]  ? find_held_lock+0x6d/0xd0
:[ 4483.082887]  ? lock_acquire+0x129/0x320
:[ 4483.083090]  ? lock_acquire+0x129/0x320
:[ 4483.083293]  ? netif_receive_skb_internal+0xb2/0x4b0
:[ 4483.083519]  ? lock_release+0x4d0/0x4d0
:[ 4483.083703]  ? rcu_is_watching+0x81/0xc0
:[ 4483.083889]  ? rcu_is_watching+0x81/0xc0
:[ 4483.084097]  ? rcutorture_record_progress+0x10/0x10
:[ 4483.084335]  ? save_trace+0x1e0/0x1e0
:[ 4483.084518]  ? netif_receive_skb_internal+0xfa/0x4b0
:[ 4483.084729]  netif_receive_skb_internal+0xfa/0x4b0
:[ 4483.084962]  ? dev_cpu_dead+0x500/0x500
:[ 4483.085176]  ? net_rx_action+0xbf0/0xbf0
:[ 4483.085386]  ? __lock_is_held+0x51/0xc0
:[ 4483.085588]  napi_gro_receive+0x262/0x2e0
:[ 4483.085773]  ? dev_gro_receive+0xfe0/0xfe0
:[ 4483.085966]  ? eth_type_trans+0x133/0x280
:[ 4483.086180]  ? eth_gro_receive+0x3d0/0x3d0
:[ 4483.086411]  e1000_clean_rx_irq+0x2fa/0x940 [e1000]
:[ 4483.086654]  ? e1000_clean_jumbo_rx_irq+0x1110/0x1110 [e1000]
:[ 4483.086904]  ? update_max_interval+0x40/0x40
:[ 4483.087145]  ? __lock_is_held+0x71/0xc0
:[ 4483.087348]  ? __calc_delta+0xf6/0x140
:[ 4483.087529]  ? update_min_vruntime+0x7d/0xb0
:[ 4483.087731]  ? e1000_clean_jumbo_rx_irq+0x1110/0x1110 [e1000]
:[ 4483.087989]  e1000_clean+0x65e/0x1190 [e1000]
:[ 4483.088252]  ? e1000_unmap_and_free_tx_resource.isra.45+0x120/0x120 [e1000]
:[ 4483.088545]  ? do_raw_spin_trylock+0x100/0x100
:[ 4483.088744]  ? find_held_lock+0xb0/0xd0
:[ 4483.088940]  ? calc_global_load_tick+0x90/0x170
:[ 4483.089178]  ? match_held_lock+0xa5/0x420
:[ 4483.089446]  ? match_held_lock+0x8d/0x420
:[ 4483.089637]  ? save_trace+0x1e0/0x1e0
:[ 4483.089824]  ? enqueue_hrtimer+0xe2/0x290
:[ 4483.090023]  ? mark_held_locks+0x6e/0x90
:[ 4483.090241]  ? net_rx_action+0x2e3/0xbf0
:[ 4483.090441]  net_rx_action+0x477/0xbf0
:[ 4483.090647]  ? napi_complete_done+0x350/0x350
:[ 4483.090848]  ? lock_downgrade+0x320/0x320
:[ 4483.091078]  ? find_held_lock+0x6d/0xd0
:[ 4483.091293]  ? match_held_lock+0xa5/0x420
:[ 4483.091481]  ? ktime_get+0x18f/0x250
:[ 4483.091655]  ? mark_lock+0x1c9/0xa30
:[ 4483.091828]  ? do_raw_spin_unlock+0x147/0x220
:[ 4483.092053]  ? print_irqtrace_events+0x110/0x110
:[ 4483.092304]  ? pvclock_clocksource_read+0x12c/0x230
:[ 4483.092525]  ? pvclock_read_flags+0x50/0x50
:[ 4483.092725]  ? native_apic_msr_write+0x27/0x30
:[ 4483.092928]  ? lapic_next_event+0x36/0x40
:[ 4483.093139]  ? idle_cpu+0x96/0x110
:[ 4483.093325]  ? task_prio+0x20/0x20
:[ 4483.093495]  ? sched_clock_cpu+0x14/0xe0
:[ 4483.093683]  ? irqtime_account_irq+0xa1/0xd0
:[ 4483.093893]  ? rcu_irq_exit+0x62/0xb0
:[ 4483.094095]  ? irq_exit+0x7a/0x150
:[ 4483.094322]  ? smp_apic_timer_interrupt+0x13e/0x490
:[ 4483.094534]  ? smp_call_function_single_interrupt+0x430/0x430
:[ 4483.094773]  ? trace_hardirqs_off_caller+0x70/0x100
:[ 4483.095001]  ? match_held_lock+0xa5/0x420
:[ 4483.095227]  ? save_trace+0x1e0/0x1e0
:[ 4483.095417]  ? mark_held_locks+0x6e/0x90
:[ 4483.095599]  ? retint_kernel+0x10/0x10
:[ 4483.095779]  ? trace_hardirqs_on_caller+0x17f/0x260
:[ 4483.096018]  ? trace_hardirqs_on_thunk+0x1a/0x1c
:[ 4483.096263]  ? irq_exit+0x7a/0x150
:[ 4483.096448]  ? __lock_is_held+0x51/0xc0
:[ 4483.096646]  __do_softirq+0x1de/0x765
:[ 4483.096840]  ? __irqentry_text_end+0x1fa1d7/0x1fa1d7
:[ 4483.097081]  ? handle_irq+0x109/0x1c0
:[ 4483.097280]  ? lock_downgrade+0x320/0x320
:[ 4483.097473]  ? pvclock_clocksource_read+0x12c/0x230
:[ 4483.097690]  ? pvclock_read_flags+0x50/0x50
:[ 4483.097884]  ? __irq_complete_move+0x15/0x50
:[ 4483.098100]  ? kzalloc.constprop.11+0x15/0x15
:[ 4483.098314]  ? ioapic_ack_level+0xbb/0x1e0
:[ 4483.098526]  ? sched_clock+0x5/0x10
:[ 4483.098693]  ? sched_clock_cpu+0x14/0xe0
:[ 4483.098899]  irq_exit+0x146/0x150
:[ 4483.099093]  do_IRQ+0xb0/0x130
:[ 4483.099290]  common_interrupt+0x91/0x91
:[ 4483.099474]  </IRQ>
:[ 4483.099601] RIP: 0010:lock_release+0x280/0x4d0
:[ 4483.099794] RSP: 0000:ffff880011667918 EFLAGS: 00000246 ORIG_RAX: 
ffffffffffffffda
:[ 4483.100123] RAX: 0000000000000000 RBX: 1ffff100022ccf26 RCX: 
ffffffff911cc36f
:[ 4483.100417] RDX: 0000000000000007 RSI: dffffc0000000000 RDI: 
0000000000000246
:[ 4483.100689] RBP: ffff880062aea7c0 R08: 0000000000000000 R09: 
0000000000000000
:[ 4483.100975] R10: 0000000000000000 R11: 0000000000000000 R12: 
ffff880062aea7c0
:[ 4483.101289] R13: 0000000000000001 R14: 0000000000000001 R15: 
e9e54f45c56e85aa
:[ 4483.101598]  ? lock_release+0x26f/0x4d0
:[ 4483.101798]  ? __handle_mm_fault+0xc29/0x2040
:[ 4483.102046]  ? lock_downgrade+0x320/0x320
:[ 4483.102257]  ? lock_release+0x4d0/0x4d0
:[ 4483.102448]  ? do_raw_spin_trylock+0x100/0x100
:[ 4483.102670]  _raw_spin_unlock+0x1c/0x30
:[ 4483.102850]  __handle_mm_fault+0xc29/0x2040
:[ 4483.103077]  ? __pmd_alloc+0x320/0x320
:[ 4483.103302]  ? handle_mm_fault+0x17a/0x4d0
:[ 4483.103499]  ? lock_downgrade+0x320/0x320
:[ 4483.103706]  ? mem_cgroup_from_task+0xb4/0x170
:[ 4483.103910]  ? rcu_is_watching+0x81/0xc0
:[ 4483.104137]  handle_mm_fault+0x204/0x4d0
:[ 4483.104345]  ? __handle_mm_fault+0x2040/0x2040
:[ 4483.104546]  ? vmacache_find+0xe6/0x110
:[ 4483.104739]  __do_page_fault+0x3b1/0x6e0
:[ 4483.104935]  ? spurious_fault+0x320/0x320
:[ 4483.105151]  ? __do_page_fault+0x5dd/0x6e0
:[ 4483.105369]  do_page_fault+0xb6/0x440
:[ 4483.105545]  ? __do_page_fault+0x6e0/0x6e0
:[ 4483.105736]  ? exit_to_usermode_loop+0xb7/0x170
:[ 4483.105946]  ? trace_raw_output_sys_exit+0x80/0x80
:[ 4483.106183]  ? __do_page_fault+0x5dd/0x6e0
:[ 4483.106388]  ? lockdep_sys_exit+0x16/0x8e
:[ 4483.106572]  ? syscall_return_slowpath+0x1bc/0x2c0
:[ 4483.106783]  ? mark_held_locks+0x1c/0x90
:[ 4483.107093]  ? retint_user+0x18/0x18
:[ 4483.107281]  ? page_fault+0x65/0x80
:[ 4483.107462]  ? trace_hardirqs_off_caller+0xbe/0x100
:[ 4483.107674]  ? trace_hardirqs_off_thunk+0x1a/0x1c
:[ 4483.107890]  ? page_fault+0x65/0x80
:[ 4483.108079]  page_fault+0x7b/0x80
:[ 4483.108267] RIP: 0033:0x408de0
:[ 4483.108434] RSP: 002b:00007ffc27610e80 EFLAGS: 00010202
:[ 4483.108656] RAX: 00007fb1b53da000 RBX: 00007fb1b7152068 RCX: 
00007fb1b540a880
:[ 4483.108939] RDX: 00007fb1b538a870 RSI: 0000000000081000 RDI: 
0000000000000000
:[ 4483.109248] RBP: 00007fb1b7152010 R08: 00007fb1b538a010 R09: 
0000000000000000
:[ 4483.109532] R10: 0000000000000022 R11: 0000000000000246 R12: 
0000000000000029
:[ 4483.109804] R13: 00007fb1b538a010 R14: 000000000115b3b8 R15: 
0000000000000000
:
:[ 4483.110264] Allocated by task 0:
:[ 4483.110429] (stack is not available)
:
:[ 4483.110702] Freed by task 0:
:[ 4483.110853] (stack is not available)
:
:[ 4483.111159] The buggy address belongs to the object at ffff880067ef7b00
:                which belongs to the cache request_sock_TCP of size 328
:[ 4483.111629] The buggy address is located 192 bytes inside of
:                328-byte region [ffff880067ef7b00, ffff880067ef7c48)
:[ 4483.112063] The buggy address belongs to the page:
:[ 4483.112289] page:ffffea00019fbd00 count:1 mapcount:0 
mapping:0000000000000000 index:0xffff880067ef7e30 compound_mapcount: 0
:[ 4483.112699] flags: 0xfffe000008100(slab|head)
:[ 4483.112900] raw: 000fffe000008100 0000000000000000 ffff880067ef7e30 
0000000100280002
:[ 4483.113232] raw: ffff880069909780 ffff880069909780 ffff88006a186f80 
0000000000000000
:[ 4483.113539] page dumped because: kasan: bad access detected
:
:[ 4483.113872] Memory state around the buggy address:
:[ 4483.114108]  ffff880067ef7a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc 
fc
:[ 4483.114415]  ffff880067ef7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 
fc
:[ 4483.114695] >ffff880067ef7b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 
fc
:[ 4483.114990]                                            ^
:[ 4483.115246]  ffff880067ef7c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 
fc
:[ 4483.115537]  ffff880067ef7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 
fc
:[ 4483.115816] 
==================================================================
:[ 4483.116132] Disabling lock debugging due to kernel taint

/root/linux/./include/linux/cgroup-defs.h:761
   169c2:       49 8d bc 24 f0 03 00    lea    0x3f0(%r12),%rdi
   169c9:       00
   169ca:       41 bd 01 00 00 00       mov    $0x1,%r13d
   169d0:       e8 00 00 00 00          callq  169d5 <__dev_queue_xmit+0x2e5>
   169d5:       41 f6 84 24 f0 03 00    testb  $0x1,0x3f0(%r12)
   169dc:       00 01 
   169de:       74 16                   je     169f6 <__dev_queue_xmit+0x306>
   169e0:       49 8d bc 24 f2 03 00    lea    0x3f2(%r12),%rdi
   169e7:       00 
   169e8:       e8 00 00 00 00          callq  169ed <__dev_queue_xmit+0x2fd>
   169ed:       45 0f b7 ac 24 f2 03    movzwl 0x3f2(%r12),%r13d
   169f4:       00 00

static inline u16 sock_cgroup_prioidx(struct sock_cgroup_data *skcd)
{  
            /* fallback to 1 which is always the ID of the root cgroup */
761:        return (skcd->is_data & 1) ? skcd->prioidx : 1;
} 

Reply via email to