-
-
Save bobrik/40e2559add2f0b26ae39da30dc451f1e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [160675.248713][ C4] ================================================================== | |
| [160675.273152][ C4] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x186c/0x2650 | |
| [160675.297421][ C4] Read of size 8 at addr ffff8893dfd4f6f8 by task nginx-ssl/120131 | |
| [160675.321405][ C4] | |
| [160675.339446][ C4] CPU: 4 PID: 120131 Comm: nginx-ssl Not tainted 5.10.11-cloudflare-kasan-2021.1.19 #1 | |
| [160675.364895][ C4] Hardware name: Quanta Computer Inc. QuantaPlex T41S-2U/S2S-MB, BIOS S2S_3B10.03 06/21/2018 | |
| [160675.390795][ C4] Call Trace: | |
| [160675.409616][ C4] <IRQ> | |
| [160675.427663][ C4] dump_stack+0x7d/0xa3 | |
| [160675.446712][ C4] print_address_description.constprop.0+0x1c/0x210 | |
| [160675.468061][ C4] ? _raw_spin_lock_irqsave+0x87/0xe0 | |
| [160675.487975][ C4] ? _raw_write_unlock_bh+0x60/0x60 | |
| [160675.507426][ C4] ? unwind_next_frame+0x186c/0x2650 | |
| [160675.526735][ C4] ? unwind_next_frame+0x186c/0x2650 | |
| [160675.545743][ C4] kasan_report.cold+0x1f/0x37 | |
| [160675.563965][ C4] ? unwind_next_frame+0x186c/0x2650 | |
| [160675.582752][ C4] unwind_next_frame+0x186c/0x2650 | |
| [160675.600888][ C4] ? asm_common_interrupt+0x1e/0x40 | |
| [160675.618986][ C4] ? get_stack_info_noinstr+0x14/0x110 | |
| [160675.637067][ C4] ? 0xffffffffc17d814c | |
| [160675.653520][ C4] ? deref_stack_reg+0x160/0x160 | |
| [160675.670507][ C4] ? 0xffffffffc17d814c | |
| [160675.686579][ C4] ? kernel_text_address.part.0+0x39/0xc0 | |
| [160675.704062][ C4] ? 0xffffffffc17d814c | |
| [160675.719712][ C4] ? stack_trace_save+0xd0/0xd0 | |
| [160675.735816][ C4] arch_stack_walk+0x8d/0xf0 | |
| [160675.751384][ C4] ? kfree+0xbf/0x4d0 | |
| [160675.766088][ C4] stack_trace_save+0x96/0xd0 | |
| [160675.781345][ C4] ? create_prof_cpu_mask+0x20/0x20 | |
| [160675.796785][ C4] kasan_save_stack+0x20/0x50 | |
| [160675.811416][ C4] ? kasan_save_stack+0x20/0x50 | |
| [160675.825971][ C4] ? kasan_set_track+0x1c/0x30 | |
| [160675.840165][ C4] ? kasan_set_free_info+0x1b/0x30 | |
| [160675.854480][ C4] ? __kasan_slab_free+0x110/0x150 | |
| [160675.868541][ C4] ? slab_free_freelist_hook+0x66/0x120 | |
| [160675.882829][ C4] ? kfree+0xbf/0x4d0 | |
| [160675.895303][ C4] ? consume_skb+0xa2/0x1b0 | |
| [160675.908056][ C4] ? efx_dequeue_buffer+0x3ed/0x6a0 [sfc] | |
| [160675.921897][ C4] ? efx_xmit_done+0x419/0xb60 [sfc] | |
| [160675.935043][ C4] ? efx_ef10_ev_process+0xd05/0x2f90 [sfc] | |
| [160675.948488][ C4] ? efx_poll+0x30f/0x1250 [sfc] | |
| [160675.960709][ C4] ? net_rx_action+0x66a/0x1740 | |
| [160675.972601][ C4] ? __do_softirq+0x1a0/0x667 | |
| [160675.984141][ C4] ? asm_call_irq_on_stack+0x12/0x20 | |
| [160675.996026][ C4] ? do_softirq_own_stack+0x37/0x40 | |
| [160676.007571][ C4] ? irq_exit_rcu+0x110/0x1b0 | |
| [160676.018374][ C4] ? common_interrupt+0x74/0x120 | |
| [160676.029233][ C4] ? asm_common_interrupt+0x1e/0x40 | |
| [160676.039978][ C4] ? 0xffffffffc17d814c | |
| [160676.049610][ C4] ? asm_common_interrupt+0x1e/0x40 | |
| [160676.060177][ C4] ? copy_user_generic_unrolled+0xa0/0xc0 | |
| [160676.071275][ C4] ? copyout+0x83/0xa0 | |
| [160676.080553][ C4] ? _copy_to_iter+0x1da/0xf10 | |
| [160676.090296][ C4] ? __skb_datagram_iter+0x439/0x910 | |
| [160676.100440][ C4] ? skb_copy_datagram_iter+0x3b/0xf0 | |
| [160676.110723][ C4] ? tcp_recvmsg+0xc77/0x2460 | |
| [160676.120381][ C4] ? inet_recvmsg+0x109/0x460 | |
| [160676.130063][ C4] ? sock_read_iter+0x250/0x380 | |
| [160676.139725][ C4] ? new_sync_read+0x4c6/0x620 | |
| [160676.149315][ C4] ? vfs_read+0x263/0x460 | |
| [160676.158391][ C4] ? ksys_read+0x167/0x1c0 | |
| [160676.167700][ C4] ? do_syscall_64+0x33/0x40 | |
| [160676.177060][ C4] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 | |
| [160676.188079][ C4] ? ip_sublist_rcv_finish+0x11f/0x1b0 | |
| [160676.198500][ C4] ? ip_sublist_rcv+0x407/0x680 | |
| [160676.208180][ C4] ? pskb_trim_rcsum_slow+0x1ca/0x490 | |
| [160676.218422][ C4] ? ip_rcv_core+0xb50/0xb50 | |
| [160676.227819][ C4] ? skb_zerocopy_iter_stream+0x880/0x880 | |
| [160676.238389][ C4] kasan_set_track+0x1c/0x30 | |
| [160676.247793][ C4] kasan_set_free_info+0x1b/0x30 | |
| [160676.257501][ C4] __kasan_slab_free+0x110/0x150 | |
| [160676.267213][ C4] slab_free_freelist_hook+0x66/0x120 | |
| [160676.277456][ C4] kfree+0xbf/0x4d0 | |
| [160676.286108][ C4] ? skb_release_data+0xda/0x680 | |
| [160676.295939][ C4] ? consume_skb+0xa2/0x1b0 | |
| [160676.305260][ C4] ? tcp_wfree+0xb0/0x320 | |
| [160676.314365][ C4] consume_skb+0xa2/0x1b0 | |
| [160676.323417][ C4] efx_dequeue_buffer+0x3ed/0x6a0 [sfc] | |
| [160676.333894][ C4] ? efx_remove_tx_queue+0x3c0/0x3c0 [sfc] | |
| [160676.344587][ C4] ? __netif_receive_skb_list_core+0x65c/0x910 | |
| [160676.355675][ C4] efx_xmit_done+0x419/0xb60 [sfc] | |
| [160676.365693][ C4] ? efx_xmit_done_check_empty+0x150/0x150 [sfc] | |
| [160676.376986][ C4] ? update_load_avg+0x1be/0x1960 | |
| [160676.387076][ C4] ? recalibrate_cpu_khz+0x10/0x10 | |
| [160676.397208][ C4] efx_ef10_ev_process+0xd05/0x2f90 [sfc] | |
| [160676.407959][ C4] ? enqueue_task_fair+0x41e/0x1d30 | |
| [160676.418183][ C4] ? update_blocked_averages+0x1660/0x1660 | |
| [160676.429184][ C4] ? resched_curr+0x116/0x1e0 | |
| [160676.438934][ C4] ? efx_ef10_tx_init+0xbf0/0xbf0 [sfc] | |
| [160676.449606][ C4] ? sched_clock_cpu+0x18/0x1d0 | |
| [160676.459475][ C4] ? napi_complete_done+0x276/0x5b0 | |
| [160676.469921][ C4] efx_poll+0x30f/0x1250 [sfc] | |
| [160676.479831][ C4] ? efx_get_channel_name+0x1e0/0x1e0 [sfc] | |
| [160676.490767][ C4] ? add_interrupt_randomness+0x8b/0x9c0 | |
| [160676.501485][ C4] net_rx_action+0x66a/0x1740 | |
| [160676.511315][ C4] ? napi_complete_done+0x5b0/0x5b0 | |
| [160676.521649][ C4] ? _raw_spin_lock_bh+0xe0/0xe0 | |
| [160676.531711][ C4] ? _raw_spin_lock_bh+0xe0/0xe0 | |
| [160676.541623][ C4] __do_softirq+0x1a0/0x667 | |
| [160676.551123][ C4] asm_call_irq_on_stack+0x12/0x20 | |
| [160676.561254][ C4] </IRQ> | |
| [160676.569179][ C4] do_softirq_own_stack+0x37/0x40 | |
| [160676.579435][ C4] irq_exit_rcu+0x110/0x1b0 | |
| [160676.589069][ C4] common_interrupt+0x74/0x120 | |
| [160676.598929][ C4] asm_common_interrupt+0x1e/0x40 | |
| [160676.608966][ C4] RIP: 0010:0xffffffffc17d814c | |
| [160676.618812][ C4] Code: 8b 4c 24 40 4c 8b 44 24 48 48 8b 7c 24 70 48 8b 74 24 68 48 8b 54 24 60 48 8b 4c 24 58 48 8b 44 24 50 48 81 c4 a8 00 00 00 9d <c3> 20 27 af 8f ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| [160676.649371][ C4] RSP: 0018:ffff8893dfd4f620 EFLAGS: 00000282 | |
| [160676.661073][ C4] RAX: 0000000000000000 RBX: ffff8881be9c9c80 RCX: 0000000000000000 | |
| [160676.674788][ C4] RDX: dffffc0000000000 RSI: 000000000000000b RDI: ffff8881be9c9c80 | |
| [160676.688508][ C4] RBP: ffff8881be9c9ce0 R08: 0000000000000000 R09: ffff8881908c4c97 | |
| [160676.702249][ C4] R10: ffffed1032118992 R11: ffff88818a4ce68c R12: ffff8881be9c9eea | |
| [160676.716000][ C4] R13: ffff8881be9c9c92 R14: ffff8880063ba5ac R15: ffff8880063ba5a8 | |
| [160676.729895][ C4] ? tcp_set_state+0x5/0x620 | |
| [160676.740426][ C4] ? tcp_fin+0xeb/0x5a0 | |
| [160676.750287][ C4] ? tcp_data_queue+0x1e78/0x4ce0 | |
| [160676.761089][ C4] ? tcp_urg+0x76/0xc50 | |
| [160676.770989][ C4] asm_common_interrupt+0x1e/0x40 | |
| [160676.781744][ C4] RIP: 63ba640:0x1ffff1127bfa9efa | |
| [160676.792488][ C4] Code: Unable to access opcode bytes at RIP 0x1ffff1127bfa9ed0. | |
| [160676.806098][ C4] RSP: 63ba580:00000000a0012df2 EFLAGS: ffff8881120e0066 ORIG_RAX: 9dcdcc9067cf1200 | |
| [160676.821647][ C4] RAX: 0000000000000015 RBX: ffffffff8eb5354a RCX: 0000000000000005 | |
| [160676.835783][ C4] RDX: 0000000000000005 RSI: ffffffff8be5c990 RDI: ffffffff8c0e3f05 | |
| [160676.850059][ C4] RBP: 0000000041b58ab3 R08: 0000000000000000 R09: ffff88969cd5510c | |
| [160676.864296][ C4] R10: ffffed12d39aaa21 R11: ffffffff8d8d4600 R12: 0000000000000000 | |
| [160676.878561][ C4] R13: ffffffff8d8f26c0 R14: ffffffff8eb53708 R15: 0000000041b58ab3 | |
| [160676.878572][ C4] ? tcp_data_ready+0x2d0/0x2d0 | |
| [160676.878575][ C4] ? tcp_collapse+0x15e0/0x1680 | |
| [160676.878580][ C4] ? recalibrate_cpu_khz+0x10/0x10 | |
| [160676.878584][ C4] ? ktime_get+0x55/0x100 | |
| [160676.878595][ C4] ? tcp_rcv_state_process+0xb0f/0x4930 | |
| [160676.947900][ C4] ? tcp_finish_connect+0x4c0/0x4c0 | |
| [160676.947912][ C4] ? iov_iter_zero+0x1170/0x1170 | |
| [160676.970179][ C4] ? queued_spin_lock_slowpath+0x249/0x920 | |
| [160676.970190][ C4] ? __check_object_size+0x13b/0x300 | |
| [160676.970195][ C4] ? __tcp_select_window+0x12d/0x960 | |
| [160676.970200][ C4] ? tcp_v4_do_rcv+0x291/0x750 | |
| [160676.970213][ C4] ? ktime_get+0x55/0x100 | |
| [160677.025734][ C4] ? __release_sock+0x156/0x2f0 | |
| [160677.025744][ C4] ? release_sock+0x4f/0x170 | |
| [160677.046974][ C4] ? tcp_recvmsg+0x6ef/0x2460 | |
| [160677.046988][ C4] ? tcp_splice_read+0x7c0/0x7c0 | |
| [160677.068242][ C4] ? selinux_socket_recvmsg+0x7c/0x2a0 | |
| [160677.079542][ C4] ? selinux_socket_getsockopt+0x2a0/0x2a0 | |
| [160677.091279][ C4] ? inet_recvmsg+0x109/0x460 | |
| [160677.101919][ C4] ? inet_sk_set_state+0x150/0x150 | |
| [160677.112913][ C4] ? security_socket_recvmsg+0x57/0x90 | |
| [160677.124417][ C4] ? sock_read_iter+0x250/0x380 | |
| [160677.135203][ C4] ? avc_has_perm+0x11a/0x250 | |
| [160677.145766][ C4] ? sock_recvmsg+0x130/0x130 | |
| [160677.156319][ C4] ? new_sync_read+0x4c6/0x620 | |
| [160677.166972][ C4] ? __x64_sys_lseek+0x1d0/0x1d0 | |
| [160677.177752][ C4] ? _cond_resched+0x17/0x80 | |
| [160677.188015][ C4] ? inode_security+0x58/0x100 | |
| [160677.198227][ C4] ? security_file_permission+0x244/0x450 | |
| [160677.209345][ C4] ? vfs_read+0x263/0x460 | |
| [160677.218965][ C4] ? ksys_read+0x167/0x1c0 | |
| [160677.228615][ C4] ? __x64_sys_pwrite64+0x1f0/0x1f0 | |
| [160677.239093][ C4] ? do_syscall_64+0x33/0x40 | |
| [160677.248833][ C4] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 | |
| [160677.260210][ C4] | |
| [160677.267598][ C4] The buggy address belongs to the page: | |
| [160677.278427][ C4] page:00000000c1ce10af refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13dfd4f | |
| [160677.294267][ C4] flags: 0x6ffff800000000() | |
| [160677.304269][ C4] raw: 006ffff800000000 0000000000000000 ffffea004f7f53c8 0000000000000000 | |
| [160677.318563][ C4] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 | |
| [160677.332882][ C4] page dumped because: kasan: bad access detected | |
| [160677.344961][ C4] | |
| [160677.352747][ C4] addr ffff8893dfd4f6f8 is located in stack of task nginx-ssl/120131 at offset 32 in frame: | |
| [160677.368543][ C4] tcp_data_queue+0x0/0x4ce0 | |
| [160677.378930][ C4] | |
| [160677.386802][ C4] this frame has 2 objects: | |
| [160677.396817][ C4] [48, 49) 'fragstolen' | |
| [160677.396822][ C4] [64, 65) 'fragstolen' | |
| [160677.406549][ C4] | |
| [160677.423964][ C4] Memory state around the buggy address: | |
| [160677.435192][ C4] ffff8893dfd4f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| [160677.448874][ C4] ffff8893dfd4f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
| [160677.462443][ C4] >ffff8893dfd4f680: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 | |
| [160677.476010][ C4] ^ | |
| [160677.489595][ C4] ffff8893dfd4f700: f1 01 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00 00 | |
| [160677.503280][ C4] ffff8893dfd4f780: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 | |
| [160677.516989][ C4] ================================================================== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment