mcgrof/gist:9dc92b42030d0688fb088341dc0e8d25

## gistfile1.txt
[72731.672589] run fstests generic/470 at 2024-05-12 15:43:53
[72733.033526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123cb1
[72733.035902] flags: 0x17fffe000000000(node=0|zone=2|lastcpupid=0x3ffff)
[72733.037778] page_type: 0xffffffff()
[72733.039773] raw: 017fffe000000000 ffffcb6e84a68c08 ffffcb6e844fee48 0000000000000000
[72733.043368] ------------[ cut here ]------------
[72733.044868] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[72733.047003] refcount_t: addition on 0; use-after-free.
[72733.047057] WARNING: CPU: 0 PID: 1060882 at lib/refcount.c:25 refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
[72733.051760] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[72733.053346] Modules linked in: dm_log_writes
[72733.055825] ------------[ cut here ]------------
[72733.057477]  dm_thin_pool
[72733.062153] kernel BUG at include/linux/mm.h:1134!
[72733.063417]  dm_persistent_data
[72733.064124] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[72733.066243]  dm_bio_prison
[72733.067077] CPU: 4 PID: 38 Comm: ksoftirqd/4 Not tainted 6.9.0-rc6+ #7
[72733.068407]  scsi_mod
[72733.069891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[72733.072627]  scsi_common
[72733.073861] RIP: 0010:__free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.076821]  dm_snapshot
[72733.078366] Code: ff 5b 4c 89 e7 5d 41 5c e9 63 fb ff ff 48 c7 c6 80 3a e3 b7 e8 87 ff fb ff 0f 0b 48 c7 c6 a8 24 e3 b7 4c 89 e7 e8 76 ff fb ff <0f> 0b 90 0f 1f 00 90 90 90 90 90 90 90 90
All code
========
   0:	ff 5b 4c             	lcall  *0x4c(%rbx)
   3:	89 e7                	mov    %esp,%edi
   5:	5d                   	pop    %rbp
   6:	41 5c                	pop    %r12
   8:	e9 63 fb ff ff       	jmp    0xfffffffffffffb70
   d:	48 c7 c6 80 3a e3 b7 	mov    $0xffffffffb7e33a80,%rsi
  14:	e8 87 ff fb ff       	call   0xfffffffffffbffa0
  19:	0f 0b                	ud2
  1b:	48 c7 c6 a8 24 e3 b7 	mov    $0xffffffffb7e324a8,%rsi
  22:	4c 89 e7             	mov    %r12,%rdi
  25:	e8 76 ff fb ff       	call   0xfffffffffffbffa0
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	0f 1f 00             	nopl   (%rax)
  30:	90                   	nop
  31:	90                   	nop
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	0f 1f 00             	nopl   (%rax)
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
90 90 90 90 90 90 90 90
[72733.079596]  dm_bufio dm_flakey
[72733.080272] RSP: 0018:ffffa89fc017fd78 EFLAGS: 00010246
[72733.084850]  xfs
[72733.085671]
[72733.086992]  sunrpc
[72733.087495] RAX: 000000000000003e RBX: ffffcb6e848f2c40 RCX: 0000000000000000
[72733.087923]  nvme_fabrics
[72733.088484] RDX: 0000000000000000 RSI: ffffffffb7e08562 RDI: 00000000ffffffff
[72733.090260]  kvm_intel
[72733.090965] RBP: ffff99cf1e5e1cc0 R08: 4449502030203a55 R09: 5043203a474e494e
[72733.092590]  9p
[72733.093142] R10: 2030203a55504320 R11: 3a474e494e524157 R12: ffffcb6e848f2c40
[72733.094732]  kvm
[72733.095236] R13: 0000000000001000 R14: 0000000000002000 R15: 0000000000008000
[72733.095245] FS:  0000000000000000(0000) GS:ffff99cf7bd00000(0000) knlGS:0000000000000000
[72733.096686]  netfs
[72733.097104] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[72733.098534]  crct10dif_pclmul
[72733.100141] CR2: 00007f2b410d33e8 CR3: 000000014361a004 CR4: 0000000000770ef0
[72733.100540]  ghash_clmulni_intel
[72733.101636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[72733.102201]  sha512_ssse3
[72733.103576] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[72733.104145]  sha512_generic
[72733.105386] PKRU: 55555554
[72733.105851]  sha256_ssse3
[72733.107105] Call Trace:
[72733.107584]  sha1_ssse3
[72733.108027]  <TASK>
[72733.108476]  aesni_intel
[72733.108878] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
[72733.109290]  crypto_simd
[72733.109645] ? do_trap (arch/x86/kernel/traps.c:114 arch/x86/kernel/traps.c:155)
[72733.110079]  pcspkr
[72733.110549] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.110979]  cryptd
[72733.111549] ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:176)
[72733.111875]  virtio_balloon
[72733.112467] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.112796]  virtio_console
[72733.113375] ? exc_invalid_op (arch/x86/kernel/traps.c:267)
[72733.113797]  9pnet_virtio
[72733.114387] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.114807]  button
[72733.115380] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
[72733.115756]  evdev
[72733.116315] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.116623]  joydev
[72733.117224] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
[72733.117519]  serio_raw
[72733.118078] bio_free_pages (./include/linux/bio.h:84 block/bio.c:1440)
[72733.118385]  loop
[72733.118945] log_end_io (drivers/md/dm-log-writes.c:182) dm_log_writes
[72733.119281]  drm
[72733.119756] blk_update_request (block/blk-mq.c:936)
[72733.120008]  dm_mod
[72733.120584] ? _raw_spin_unlock (./include/linux/spinlock_api_smp.h:143 (discriminator 3) kernel/locking/spinlock.c:186 (discriminator 3))
[72733.120836]  nfnetlink
[72733.121345] blk_mq_end_request (block/blk-mq.c:1054 (discriminator 2))
[72733.121627]  autofs4
[72733.122121] blk_complete_reqs (block/blk-mq.c:1129)
[72733.122434]  ext4
[72733.122952] __do_softirq (kernel/softirq.c:554)
[72733.123242]  crc16
[72733.123707] ? __pfx_smpboot_thread_fn (kernel/smpboot.c:107)
[72733.123956]  mbcache
[72733.124373] run_ksoftirqd (./arch/x86/include/asm/paravirt.h:698 kernel/softirq.c:411 kernel/softirq.c:925 kernel/softirq.c:916)
[72733.124628]  jbd2
[72733.125173] smpboot_thread_fn (kernel/smpboot.c:164)
[72733.125447]  btrfs
[72733.125869] kthread (kernel/kthread.c:388)
[72733.126119]  blake2b_generic
[72733.126594] ? __pfx_kthread (kernel/kthread.c:341)
[72733.126856]  raid10
[72733.127214] ret_from_fork (arch/x86/kernel/process.c:147)
[72733.127566]  raid456
[72733.127982] ? __pfx_kthread (kernel/kthread.c:341)
[72733.128235]  async_raid6_recov
[72733.128633] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[72733.128893]  async_memcpy
[72733.129310]  </TASK>
[72733.129664]  async_pq
[72733.130095] Modules linked in:
[72733.130414]  async_xor
[72733.130666]  dm_log_writes
[72733.130944]  async_tx
[72733.131293]  dm_thin_pool
[72733.131562]  xor
[72733.131854]  dm_persistent_data
[72733.132115]  raid6_pq
[72733.132398]  dm_bio_prison
[72733.132616]  libcrc32c
[72733.132955]  scsi_mod
[72733.133216]  crc32c_generic
[72733.133508]  scsi_common
[72733.133777]  raid1
[72733.134025]  dm_snapshot
[72733.134337]  raid0
[72733.134609]  dm_bufio
[72733.134852]  md_mod
[72733.135130]  dm_flakey
[72733.135371]  virtio_net
[72733.135619]  xfs
[72733.135864]  net_failover
[72733.136122]  sunrpc
[72733.136388]  failover
[72733.136599]  nvme_fabrics
[72733.136882]  virtio_blk
[72733.137125]  kvm_intel
[72733.137373]  nvme
[72733.137678]  9p
[72733.137956]  crc32_pclmul
[72733.138224]  kvm
[72733.138442]  nvme_core
[72733.138644]  netfs
[72733.138942]  crc32c_intel
[72733.139150]  crct10dif_pclmul
[72733.139418]  t10_pi
[72733.139640]  ghash_clmulni_intel
[72733.139933]  psmouse
[72733.140252]  sha512_ssse3
[72733.140497]  virtio_pci
[72733.140842]  sha512_generic
[72733.141096]  crc64_rocksoft
[72733.141379]  sha256_ssse3
[72733.141658]  crc64
[72733.141959]  sha1_ssse3
[72733.142270]  virtio_pci_legacy_dev
[72733.142554]  aesni_intel
[72733.142789]  virtio_pci_modern_dev
[72733.143061]  crypto_simd
[72733.143440]  virtio
[72733.143714]  pcspkr
[72733.144097]  virtio_ring
[72733.144372]  cryptd
[72733.144635]
[72733.144868]  virtio_balloon
[72733.145143] CPU: 0 PID: 1060882 Comm: 470 Not tainted 6.9.0-rc6+ #7
[72733.145380]  virtio_console
[72733.145557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[72733.145868]  9pnet_virtio
[72733.146511] RIP: 0010:refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
[72733.146823]  button
[72733.147777] Code: 57 ad ff 0f 0b c3 cc cc cc cc 80 3d 7a 14 fd 00 00 0f 85 5e ff ff ff 48 c7 c7 98 4b e8 b7 c6 05 66 14 fd 00 01 e8 1f 57 ad ff <0f> 0b c3 cc cc cc cc 48 c7 c7 f0 4b e8 b7 c6 05 4a 14 fd 00 01 e8
All code
========
   0:	57                   	push   %rdi
   1:	ad                   	lods   %ds:(%rsi),%eax
   2:	ff 0f                	decl   (%rdi)
   4:	0b c3                	or     %ebx,%eax
   6:	cc                   	int3
   7:	cc                   	int3
   8:	cc                   	int3
   9:	cc                   	int3
   a:	80 3d 7a 14 fd 00 00 	cmpb   $0x0,0xfd147a(%rip)        # 0xfd148b
  11:	0f 85 5e ff ff ff    	jne    0xffffffffffffff75
  17:	48 c7 c7 98 4b e8 b7 	mov    $0xffffffffb7e84b98,%rdi
  1e:	c6 05 66 14 fd 00 01 	movb   $0x1,0xfd1466(%rip)        # 0xfd148b
  25:	e8 1f 57 ad ff       	call   0xffffffffffad5749
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	c3                   	ret
  2d:	cc                   	int3
  2e:	cc                   	int3
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	48 c7 c7 f0 4b e8 b7 	mov    $0xffffffffb7e84bf0,%rdi
  38:	c6 05 4a 14 fd 00 01 	movb   $0x1,0xfd144a(%rip)        # 0xfd1489
  3f:	e8                   	.byte 0xe8

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	c3                   	ret
   3:	cc                   	int3
   4:	cc                   	int3
   5:	cc                   	int3
   6:	cc                   	int3
   7:	48 c7 c7 f0 4b e8 b7 	mov    $0xffffffffb7e84bf0,%rdi
   e:	c6 05 4a 14 fd 00 01 	movb   $0x1,0xfd144a(%rip)        # 0xfd145f
  15:	e8                   	.byte 0xe8
[72733.148070]  evdev
[72733.148611] RSP: 0018:ffffa89fc3d6fcf0 EFLAGS: 00010082
[72733.148855]  joydev
[72733.150740]
[72733.150984]  serio_raw
[72733.151529] RAX: 0000000000000000 RBX: ffff99cf25a55f60 RCX: 0000000000000000
[72733.151761]  loop
[72733.151941] RDX: 0000000000000003 RSI: 0000000000000027 RDI: 00000000ffffffff
[72733.152197]  drm
[72733.152967] RBP: ffff99cf2e7ed580 R08: 0000000000000000 R09: 0000000000000003
[72733.153181]  dm_mod
[72733.153956] R10: ffffa89fc3d6fac8 R11: ffffffffb80b9310 R12: ffff99cf6dc3e000
[72733.154165]  nfnetlink
[72733.154941] R13: 0000000001200000 R14: ffffa89fc3d6feb0 R15: ffff99cf6dc3e000
[72733.155174]  autofs4
[72733.155944] FS:  00007f2b40ef8740(0000) GS:ffff99cf7bc00000(0000) knlGS:0000000000000000
[72733.156199]  ext4
[72733.156931] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[72733.157180]  crc16
[72733.158011] CR2: 000055ff8ace2018 CR3: 0000000123d3c004 CR4: 0000000000770ef0
[72733.158235]  mbcache jbd2 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq
[72733.158843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[72733.159081]  async_xor
[72733.159820] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[72733.160759]  async_tx xor
[72733.161525] PKRU: 55555554
[72733.161786]  raid6_pq
[72733.162558] Call Trace:
[72733.162861]  libcrc32c
[72733.163170]  <TASK>
[72733.163418]  crc32c_generic
[72733.163687] ? __warn (kernel/panic.c:694)
[72733.163955]  raid1
[72733.164195] ? refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
[72733.164493]  raid0
[72733.164859] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[72733.165082]  md_mod
[72733.165563] ? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:115 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:2170 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:1302 (discriminator 4) ./include/asm-generic/qspinlock.h:111 (discriminator 4) ./include/linux/spinlock.h:187 (discriminator 4) ./include/linux/spinlock_api_smp.h:111 (discriminator 4) kernel/locking/spinlock.c:162 (discriminator 4))
[72733.165811]  virtio_net
[72733.166199] ? handle_bug (arch/x86/kernel/traps.c:218)
[72733.166430]  net_failover
[72733.166947] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[72733.167215]  failover
[72733.167608] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
[72733.167894]  virtio_blk
[72733.168300] ? refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
[72733.168563]  nvme
[72733.169001] sched_autogroup_fork (./include/linux/refcount.h:190 ./include/linux/refcount.h:241 ./include/linux/refcount.h:258 ./include/linux/kref.h:45 kernel/sched/autogroup.c:67 kernel/sched/autogroup.c:79 kernel/sched/autogroup.c:213)
[72733.169265]  crc32_pclmul
[72733.169779] copy_process (kernel/fork.c:1894 (discriminator 1) kernel/fork.c:2387 (discriminator 1))
[72733.169995]  nvme_core
[72733.170467] ? do_wp_page (mm/memory.c:3647)
[72733.170750]  crc32c_intel
[72733.171198] ? __handle_mm_fault (mm/memory.c:5316 mm/memory.c:5441)
[72733.171456]  t10_pi
[72733.171843] kernel_clone (./include/linux/random.h:26 kernel/fork.c:2798)
[72733.172124]  psmouse
[72733.172637] __do_sys_clone (kernel/fork.c:2941)
[72733.172875]  virtio_pci
[72733.173253] do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))
[72733.173511]  crc64_rocksoft
[72733.173902] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[72733.174169]  crc64
[72733.174576] RIP: 0033:0x7f2b40fd06b3
[72733.174886]  virtio_pci_legacy_dev
[72733.175437] Code: 5d c3 0f 1f 44 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
   0:	5d                   	pop    %rbp
   1:	c3                   	ret
   2:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   7:	64 48 8b 04 25 10 00 	mov    %fs:0x10,%rax
   e:	00 00
  10:	45 31 c0             	xor    %r8d,%r8d
  13:	31 d2                	xor    %edx,%edx
  15:	31 f6                	xor    %esi,%esi
  17:	bf 11 00 20 01       	mov    $0x1200011,%edi
  1c:	4c 8d 90 d0 02 00 00 	lea    0x2d0(%rax),%r10
  23:	b8 38 00 00 00       	mov    $0x38,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 35                	ja     0x67
  32:	89 c2                	mov    %eax,%edx
  34:	85 c0                	test   %eax,%eax
  36:	75 2c                	jne    0x64
  38:	64                   	fs
  39:	48                   	rex.W
  3a:	8b                   	.byte 0x8b
  3b:	04 25                	add    $0x25,%al
  3d:	10 00                	adc    %al,(%rax)
	...

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 35                	ja     0x3d
   8:	89 c2                	mov    %eax,%edx
   a:	85 c0                	test   %eax,%eax
   c:	75 2c                	jne    0x3a
   e:	64                   	fs
   f:	48                   	rex.W
  10:	8b                   	.byte 0x8b
  11:	04 25                	add    $0x25,%al
  13:	10 00                	adc    %al,(%rax)
	...
	[72731.672589] run fstests generic/470 at 2024-05-12 15:43:53
	[72733.033526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123cb1
	[72733.035902] flags: 0x17fffe000000000(node=0\|zone=2\|lastcpupid=0x3ffff)
	[72733.037778] page_type: 0xffffffff()
	[72733.039773] raw: 017fffe000000000 ffffcb6e84a68c08 ffffcb6e844fee48 0000000000000000
	[72733.043368] ------------[ cut here ]------------
	[72733.044868] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
	[72733.047003] refcount_t: addition on 0; use-after-free.
	[72733.047057] WARNING: CPU: 0 PID: 1060882 at lib/refcount.c:25 refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
	[72733.051760] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
	[72733.053346] Modules linked in: dm_log_writes
	[72733.055825] ------------[ cut here ]------------
	[72733.057477] dm_thin_pool
	[72733.062153] kernel BUG at include/linux/mm.h:1134!
	[72733.063417] dm_persistent_data
	[72733.064124] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
	[72733.066243] dm_bio_prison
	[72733.067077] CPU: 4 PID: 38 Comm: ksoftirqd/4 Not tainted 6.9.0-rc6+ #7
	[72733.068407] scsi_mod
	[72733.069891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
	[72733.072627] scsi_common
	[72733.073861] RIP: 0010:__free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.076821] dm_snapshot
	[72733.078366] Code: ff 5b 4c 89 e7 5d 41 5c e9 63 fb ff ff 48 c7 c6 80 3a e3 b7 e8 87 ff fb ff 0f 0b 48 c7 c6 a8 24 e3 b7 4c 89 e7 e8 76 ff fb ff <0f> 0b 90 0f 1f 00 90 90 90 90 90 90 90 90
	All code
	========
	0: ff 5b 4c lcall *0x4c(%rbx)
	3: 89 e7 mov %esp,%edi
	5: 5d pop %rbp
	6: 41 5c pop %r12
	8: e9 63 fb ff ff jmp 0xfffffffffffffb70
	d: 48 c7 c6 80 3a e3 b7 mov $0xffffffffb7e33a80,%rsi
	14: e8 87 ff fb ff call 0xfffffffffffbffa0
	19: 0f 0b ud2
	1b: 48 c7 c6 a8 24 e3 b7 mov $0xffffffffb7e324a8,%rsi
	22: 4c 89 e7 mov %r12,%rdi
	25: e8 76 ff fb ff call 0xfffffffffffbffa0
	2a:* 0f 0b ud2 <-- trapping instruction
	2c: 90 nop
	2d: 0f 1f 00 nopl (%rax)
	30: 90 nop
	31: 90 nop
	32: 90 nop
	33: 90 nop
	34: 90 nop
	35: 90 nop
	36: 90 nop
	37: 90 nop

	Code starting with the faulting instruction
	===========================================
	0: 0f 0b ud2
	2: 90 nop
	3: 0f 1f 00 nopl (%rax)
	6: 90 nop
	7: 90 nop
	8: 90 nop
	9: 90 nop
	a: 90 nop
	b: 90 nop
	c: 90 nop
	d: 90 nop
	90 90 90 90 90 90 90 90
	[72733.079596] dm_bufio dm_flakey
	[72733.080272] RSP: 0018:ffffa89fc017fd78 EFLAGS: 00010246
	[72733.084850] xfs
	[72733.085671]
	[72733.086992] sunrpc
	[72733.087495] RAX: 000000000000003e RBX: ffffcb6e848f2c40 RCX: 0000000000000000
	[72733.087923] nvme_fabrics
	[72733.088484] RDX: 0000000000000000 RSI: ffffffffb7e08562 RDI: 00000000ffffffff
	[72733.090260] kvm_intel
	[72733.090965] RBP: ffff99cf1e5e1cc0 R08: 4449502030203a55 R09: 5043203a474e494e
	[72733.092590] 9p
	[72733.093142] R10: 2030203a55504320 R11: 3a474e494e524157 R12: ffffcb6e848f2c40
	[72733.094732] kvm
	[72733.095236] R13: 0000000000001000 R14: 0000000000002000 R15: 0000000000008000
	[72733.095245] FS: 0000000000000000(0000) GS:ffff99cf7bd00000(0000) knlGS:0000000000000000
	[72733.096686] netfs
	[72733.097104] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	[72733.098534] crct10dif_pclmul
	[72733.100141] CR2: 00007f2b410d33e8 CR3: 000000014361a004 CR4: 0000000000770ef0
	[72733.100540] ghash_clmulni_intel
	[72733.101636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	[72733.102201] sha512_ssse3
	[72733.103576] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
	[72733.104145] sha512_generic
	[72733.105386] PKRU: 55555554
	[72733.105851] sha256_ssse3
	[72733.107105] Call Trace:
	[72733.107584] sha1_ssse3
	[72733.108027] <TASK>
	[72733.108476] aesni_intel
	[72733.108878] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
	[72733.109290] crypto_simd
	[72733.109645] ? do_trap (arch/x86/kernel/traps.c:114 arch/x86/kernel/traps.c:155)
	[72733.110079] pcspkr
	[72733.110549] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.110979] cryptd
	[72733.111549] ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:176)
	[72733.111875] virtio_balloon
	[72733.112467] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.112796] virtio_console
	[72733.113375] ? exc_invalid_op (arch/x86/kernel/traps.c:267)
	[72733.113797] 9pnet_virtio
	[72733.114387] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.114807] button
	[72733.115380] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
	[72733.115756] evdev
	[72733.116315] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.116623] joydev
	[72733.117224] ? __free_pages (./include/linux/mm.h:1134 (discriminator 1) ./include/linux/mm.h:1132 (discriminator 1) mm/page_alloc.c:4660 (discriminator 1))
	[72733.117519] serio_raw
	[72733.118078] bio_free_pages (./include/linux/bio.h:84 block/bio.c:1440)
	[72733.118385] loop
	[72733.118945] log_end_io (drivers/md/dm-log-writes.c:182) dm_log_writes
	[72733.119281] drm
	[72733.119756] blk_update_request (block/blk-mq.c:936)
	[72733.120008] dm_mod
	[72733.120584] ? _raw_spin_unlock (./include/linux/spinlock_api_smp.h:143 (discriminator 3) kernel/locking/spinlock.c:186 (discriminator 3))
	[72733.120836] nfnetlink
	[72733.121345] blk_mq_end_request (block/blk-mq.c:1054 (discriminator 2))
	[72733.121627] autofs4
	[72733.122121] blk_complete_reqs (block/blk-mq.c:1129)
	[72733.122434] ext4
	[72733.122952] __do_softirq (kernel/softirq.c:554)
	[72733.123242] crc16
	[72733.123707] ? __pfx_smpboot_thread_fn (kernel/smpboot.c:107)
	[72733.123956] mbcache
	[72733.124373] run_ksoftirqd (./arch/x86/include/asm/paravirt.h:698 kernel/softirq.c:411 kernel/softirq.c:925 kernel/softirq.c:916)
	[72733.124628] jbd2
	[72733.125173] smpboot_thread_fn (kernel/smpboot.c:164)
	[72733.125447] btrfs
	[72733.125869] kthread (kernel/kthread.c:388)
	[72733.126119] blake2b_generic
	[72733.126594] ? __pfx_kthread (kernel/kthread.c:341)
	[72733.126856] raid10
	[72733.127214] ret_from_fork (arch/x86/kernel/process.c:147)
	[72733.127566] raid456
	[72733.127982] ? __pfx_kthread (kernel/kthread.c:341)
	[72733.128235] async_raid6_recov
	[72733.128633] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
	[72733.128893] async_memcpy
	[72733.129310] </TASK>
	[72733.129664] async_pq
	[72733.130095] Modules linked in:
	[72733.130414] async_xor
	[72733.130666] dm_log_writes
	[72733.130944] async_tx
	[72733.131293] dm_thin_pool
	[72733.131562] xor
	[72733.131854] dm_persistent_data
	[72733.132115] raid6_pq
	[72733.132398] dm_bio_prison
	[72733.132616] libcrc32c
	[72733.132955] scsi_mod
	[72733.133216] crc32c_generic
	[72733.133508] scsi_common
	[72733.133777] raid1
	[72733.134025] dm_snapshot
	[72733.134337] raid0
	[72733.134609] dm_bufio
	[72733.134852] md_mod
	[72733.135130] dm_flakey
	[72733.135371] virtio_net
	[72733.135619] xfs
	[72733.135864] net_failover
	[72733.136122] sunrpc
	[72733.136388] failover
	[72733.136599] nvme_fabrics
	[72733.136882] virtio_blk
	[72733.137125] kvm_intel
	[72733.137373] nvme
	[72733.137678] 9p
	[72733.137956] crc32_pclmul
	[72733.138224] kvm
	[72733.138442] nvme_core
	[72733.138644] netfs
	[72733.138942] crc32c_intel
	[72733.139150] crct10dif_pclmul
	[72733.139418] t10_pi
	[72733.139640] ghash_clmulni_intel
	[72733.139933] psmouse
	[72733.140252] sha512_ssse3
	[72733.140497] virtio_pci
	[72733.140842] sha512_generic
	[72733.141096] crc64_rocksoft
	[72733.141379] sha256_ssse3
	[72733.141658] crc64
	[72733.141959] sha1_ssse3
	[72733.142270] virtio_pci_legacy_dev
	[72733.142554] aesni_intel
	[72733.142789] virtio_pci_modern_dev
	[72733.143061] crypto_simd
	[72733.143440] virtio
	[72733.143714] pcspkr
	[72733.144097] virtio_ring
	[72733.144372] cryptd
	[72733.144635]
	[72733.144868] virtio_balloon
	[72733.145143] CPU: 0 PID: 1060882 Comm: 470 Not tainted 6.9.0-rc6+ #7
	[72733.145380] virtio_console
	[72733.145557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
	[72733.145868] 9pnet_virtio
	[72733.146511] RIP: 0010:refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
	[72733.146823] button
	[72733.147777] Code: 57 ad ff 0f 0b c3 cc cc cc cc 80 3d 7a 14 fd 00 00 0f 85 5e ff ff ff 48 c7 c7 98 4b e8 b7 c6 05 66 14 fd 00 01 e8 1f 57 ad ff <0f> 0b c3 cc cc cc cc 48 c7 c7 f0 4b e8 b7 c6 05 4a 14 fd 00 01 e8
	All code
	========
	0: 57 push %rdi
	1: ad lods %ds:(%rsi),%eax
	2: ff 0f decl (%rdi)
	4: 0b c3 or %ebx,%eax
	6: cc int3
	7: cc int3
	8: cc int3
	9: cc int3
	a: 80 3d 7a 14 fd 00 00 cmpb $0x0,0xfd147a(%rip) # 0xfd148b
	11: 0f 85 5e ff ff ff jne 0xffffffffffffff75
	17: 48 c7 c7 98 4b e8 b7 mov $0xffffffffb7e84b98,%rdi
	1e: c6 05 66 14 fd 00 01 movb $0x1,0xfd1466(%rip) # 0xfd148b
	25: e8 1f 57 ad ff call 0xffffffffffad5749
	2a:* 0f 0b ud2 <-- trapping instruction
	2c: c3 ret
	2d: cc int3
	2e: cc int3
	2f: cc int3
	30: cc int3
	31: 48 c7 c7 f0 4b e8 b7 mov $0xffffffffb7e84bf0,%rdi
	38: c6 05 4a 14 fd 00 01 movb $0x1,0xfd144a(%rip) # 0xfd1489
	3f: e8 .byte 0xe8

	Code starting with the faulting instruction
	===========================================
	0: 0f 0b ud2
	2: c3 ret
	3: cc int3
	4: cc int3
	5: cc int3
	6: cc int3
	7: 48 c7 c7 f0 4b e8 b7 mov $0xffffffffb7e84bf0,%rdi
	e: c6 05 4a 14 fd 00 01 movb $0x1,0xfd144a(%rip) # 0xfd145f
	15: e8 .byte 0xe8
	[72733.148070] evdev
	[72733.148611] RSP: 0018:ffffa89fc3d6fcf0 EFLAGS: 00010082
	[72733.148855] joydev
	[72733.150740]
	[72733.150984] serio_raw
	[72733.151529] RAX: 0000000000000000 RBX: ffff99cf25a55f60 RCX: 0000000000000000
	[72733.151761] loop
	[72733.151941] RDX: 0000000000000003 RSI: 0000000000000027 RDI: 00000000ffffffff
	[72733.152197] drm
	[72733.152967] RBP: ffff99cf2e7ed580 R08: 0000000000000000 R09: 0000000000000003
	[72733.153181] dm_mod
	[72733.153956] R10: ffffa89fc3d6fac8 R11: ffffffffb80b9310 R12: ffff99cf6dc3e000
	[72733.154165] nfnetlink
	[72733.154941] R13: 0000000001200000 R14: ffffa89fc3d6feb0 R15: ffff99cf6dc3e000
	[72733.155174] autofs4
	[72733.155944] FS: 00007f2b40ef8740(0000) GS:ffff99cf7bc00000(0000) knlGS:0000000000000000
	[72733.156199] ext4
	[72733.156931] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	[72733.157180] crc16
	[72733.158011] CR2: 000055ff8ace2018 CR3: 0000000123d3c004 CR4: 0000000000770ef0
	[72733.158235] mbcache jbd2 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq
	[72733.158843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	[72733.159081] async_xor
	[72733.159820] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
	[72733.160759] async_tx xor
	[72733.161525] PKRU: 55555554
	[72733.161786] raid6_pq
	[72733.162558] Call Trace:
	[72733.162861] libcrc32c
	[72733.163170] <TASK>
	[72733.163418] crc32c_generic
	[72733.163687] ? __warn (kernel/panic.c:694)
	[72733.163955] raid1
	[72733.164195] ? refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
	[72733.164493] raid0
	[72733.164859] ? report_bug (lib/bug.c:180 lib/bug.c:219)
	[72733.165082] md_mod
	[72733.165563] ? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:115 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:2170 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:1302 (discriminator 4) ./include/asm-generic/qspinlock.h:111 (discriminator 4) ./include/linux/spinlock.h:187 (discriminator 4) ./include/linux/spinlock_api_smp.h:111 (discriminator 4) kernel/locking/spinlock.c:162 (discriminator 4))
	[72733.165811] virtio_net
	[72733.166199] ? handle_bug (arch/x86/kernel/traps.c:218)
	[72733.166430] net_failover
	[72733.166947] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
	[72733.167215] failover
	[72733.167608] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
	[72733.167894] virtio_blk
	[72733.168300] ? refcount_warn_saturate (lib/refcount.c:25 (discriminator 1))
	[72733.168563] nvme
	[72733.169001] sched_autogroup_fork (./include/linux/refcount.h:190 ./include/linux/refcount.h:241 ./include/linux/refcount.h:258 ./include/linux/kref.h:45 kernel/sched/autogroup.c:67 kernel/sched/autogroup.c:79 kernel/sched/autogroup.c:213)
	[72733.169265] crc32_pclmul
	[72733.169779] copy_process (kernel/fork.c:1894 (discriminator 1) kernel/fork.c:2387 (discriminator 1))
	[72733.169995] nvme_core
	[72733.170467] ? do_wp_page (mm/memory.c:3647)
	[72733.170750] crc32c_intel
	[72733.171198] ? __handle_mm_fault (mm/memory.c:5316 mm/memory.c:5441)
	[72733.171456] t10_pi
	[72733.171843] kernel_clone (./include/linux/random.h:26 kernel/fork.c:2798)
	[72733.172124] psmouse
	[72733.172637] __do_sys_clone (kernel/fork.c:2941)
	[72733.172875] virtio_pci
	[72733.173253] do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))
	[72733.173511] crc64_rocksoft
	[72733.173902] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
	[72733.174169] crc64
	[72733.174576] RIP: 0033:0x7f2b40fd06b3
	[72733.174886] virtio_pci_legacy_dev
	[72733.175437] Code: 5d c3 0f 1f 44 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
	All code
	========
	0: 5d pop %rbp
	1: c3 ret
	2: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
	7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
	e: 00 00
	10: 45 31 c0 xor %r8d,%r8d
	13: 31 d2 xor %edx,%edx
	15: 31 f6 xor %esi,%esi
	17: bf 11 00 20 01 mov $0x1200011,%edi
	1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
	23: b8 38 00 00 00 mov $0x38,%eax
	28: 0f 05 syscall
	2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
	30: 77 35 ja 0x67
	32: 89 c2 mov %eax,%edx
	34: 85 c0 test %eax,%eax
	36: 75 2c jne 0x64
	38: 64 fs
	39: 48 rex.W
	3a: 8b .byte 0x8b
	3b: 04 25 add $0x25,%al
	3d: 10 00 adc %al,(%rax)
	...

	Code starting with the faulting instruction
	===========================================
	0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
	6: 77 35 ja 0x3d
	8: 89 c2 mov %eax,%edx
	a: 85 c0 test %eax,%eax
	c: 75 2c jne 0x3a
	e: 64 fs
	f: 48 rex.W
	10: 8b .byte 0x8b
	11: 04 25 add $0x25,%al
	13: 10 00 adc %al,(%rax)
	...