Re: Possible memory corruption in virtio-pci driver.
From: Michael S. Tsirkin
Date: Thu Jan 14 2016 - 09:38:24 EST
On Thu, Jan 14, 2016 at 02:25:50PM +0100, Jerome Marchand wrote:
> Hi Michael,
>
> KASan detected a use-after-free error in virtio-pci remove code. In
> virtio_pci_remove(), vp_dev is still used after being freed in
> unregister_virtio_device() (in virtio_pci_release_dev() more
> precisely). I don't know the proper way to fix this.
Thanks a lot for the report, I posted a patch - would
appreciate a Tested-by tag.
> Here is the KASan output:
>
> [ 467.987227] ==================================================================
> [ 467.990023] BUG: KASAN: use-after-free in virtio_pci_remove+0x37/0x70 [virtio_pci] at addr ffff880035364540
> [ 467.993397] Read of size 8 by task modprobe/12507
> [ 467.995656] =============================================================================
> [ 467.998737] BUG kmalloc-2048 (Tainted: G B D C ): kasan: bad access detected
> [ 468.001317] -----------------------------------------------------------------------------
> [ 468.001317]
> [ 468.006025] INFO: Allocated in virtio_pci_probe+0x33/0x190 [virtio_pci] age=461605 cpu=1 pid=297
> [ 468.009567] ___slab_alloc+0x511/0x580
> [ 468.012192] __slab_alloc+0x51/0x90
> [ 468.014659] kmem_cache_alloc_trace+0x1c8/0x210
> [ 468.017456] virtio_pci_probe+0x33/0x190 [virtio_pci]
> [ 468.020354] local_pci_probe+0x7a/0xd0
> [ 468.022288] pci_device_probe+0x1a4/0x1f0
> [ 468.024381] driver_probe_device+0x16b/0x640
> [ 468.026629] __driver_attach+0xbd/0xc0
> [ 468.029025] bus_for_each_dev+0xeb/0x150
> [ 468.031773] driver_attach+0x2b/0x30
> [ 468.034422] bus_add_driver+0x30a/0x3d0
> [ 468.037126] driver_register+0xd3/0x190
> [ 468.039878] __pci_register_driver+0xb4/0xc0
> [ 468.042700] locks_end_grace+0x1e/0x50 [grace]
> [ 468.045394] do_one_initcall+0x10c/0x270
> [ 468.048180] do_init_module+0xf4/0x329
> [ 468.051019] INFO: Freed in virtio_pci_release_dev+0x12/0x20 [virtio_pci] age=0 cpu=0 pid=12507
> [ 468.054736] __slab_free+0x175/0x280
> [ 468.057449] kfree+0x1a6/0x1c0
> [ 468.060003] virtio_pci_release_dev+0x12/0x20 [virtio_pci]
> [ 468.062743] device_release+0x4a/0xf0
> [ 468.064653] kobject_release+0xad/0x200
> [ 468.066405] kobject_put+0x30/0x60
> [ 468.068327] device_unregister+0x2c/0x70
> [ 468.071058] unregister_virtio_device+0x20/0x40 [virtio]
> [ 468.074097] virtio_pci_remove+0x2b/0x70 [virtio_pci]
> [ 468.076138] pci_device_remove+0x61/0x100
> [ 468.078689] __device_release_driver+0xec/0x200
> [ 468.080772] driver_detach+0x117/0x120
> [ 468.082520] bus_remove_driver+0x98/0x160
> [ 468.084323] driver_unregister+0x43/0x70
> [ 468.086099] pci_unregister_driver+0x2a/0x90
> [ 468.087912] virtio_pci_driver_exit+0x10/0x289 [virtio_pci]
> [ 468.089980] INFO: Slab 0xffffea0000d4d800 objects=13 used=11 fp=0xffff880035361260 flags=0x3ffc0000004080
> [ 468.092800] INFO: Object 0xffff880035364050 @offset=16464 fp=0x (null)
> [ 468.092800]
> [ 468.096436] Bytes b4 ffff880035364040: 01 00 00 00 2d 01 00 00 17 84 fb ff 00 00 00 00 ....-...........
> [ 468.099330] Object ffff880035364050: 00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
> [ 468.102188] Object ffff880035364060: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.105248] Object ffff880035364070: 00 2f 02 a0 ff ff ff ff 30 01 28 83 ff ff ff ff ./......0.(.....
> [ 468.108942] Object ffff880035364080: 00 00 00 00 00 00 00 00 40 12 02 a0 ff ff ff ff ........@.......
> [ 468.112687] Object ffff880035364090: 58 45 1d 6c 00 88 ff ff f0 aa 39 35 00 88 ff ff XE.l......95....
> [ 468.116582] Object ffff8800353640a0: 00 40 9a 34 00 88 ff ff a8 40 36 35 00 88 ff ff .@.4.....@65....
> [ 468.120388] Object ffff8800353640b0: a8 40 36 35 00 88 ff ff 00 00 00 00 00 00 00 00 .@xxxxxxxxxxxxxx
> [ 468.123544] Object ffff8800353640c0: 10 1d 66 6c 00 88 ff ff a0 12 72 82 ff ff ff ff ..fl......r.....
> [ 468.126375] Object ffff8800353640d0: 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 ................
> [ 468.129040] Object ffff8800353640e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.132341] Object ffff8800353640f0: 01 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
> [ 468.135056] Object ffff880035364100: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.137552] Object ffff880035364110: 80 5a af 82 ff ff ff ff 00 00 00 00 00 00 00 00 .Z..............
> [ 468.140670] Object ffff880035364120: 00 00 00 00 00 00 00 00 00 46 e6 81 ff ff ff ff .........F......
> [ 468.143868] Object ffff880035364130: 30 41 36 35 00 88 ff ff 30 41 36 35 00 88 ff ff 0A65....0A65....
> [ 468.147565] Object ffff880035364140: 00 00 00 00 00 00 00 00 f0 40 36 35 00 88 ff ff .........@xxxxxx
> [ 468.151229] Object ffff880035364150: 40 5b af 82 ff ff ff ff e0 1b 24 83 ff ff ff ff @[........$.....
> [ 468.153883] Object ffff880035364160: 00 00 00 00 00 00 00 00 c0 6c 03 82 ff ff ff ff .........l......
> [ 468.157109] Object ffff880035364170: 00 20 02 a0 ff ff ff ff 00 00 00 00 00 00 00 00 . ..............
> [ 468.160940] Object ffff880035364180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.164250] Object ffff880035364190: 00 00 00 00 80 00 00 00 00 00 00 00 ad 4e ad de .............N..
> [ 468.168223] Object ffff8800353641a0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.172228] Object ffff8800353641b0: 20 c1 8a 83 ff ff ff ff 90 1d 24 83 ff ff ff ff .........$.....
> [ 468.176178] Object ffff8800353641c0: 00 00 00 00 00 00 00 00 40 6d 03 82 ff ff ff ff ........@xxxxxxx
> [ 468.180054] Object ffff8800353641d0: d0 41 36 35 00 88 ff ff d0 41 36 35 00 88 ff ff .A65.....A65....
> [ 468.183932] Object ffff8800353641e0: fe ff ff ff 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
> [ 468.187798] Object ffff8800353641f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.191511] Object ffff880035364200: a0 c9 8a 83 ff ff ff ff 10 10 24 83 ff ff ff ff ..........$.....
> [ 468.194598] Object ffff880035364210: 00 00 00 00 00 00 00 00 40 e2 03 82 ff ff ff ff ........@.......
> [ 468.196912] Object ffff880035364220: 20 42 36 35 00 88 ff ff 20 42 36 35 00 88 ff ff B65.... B65....
> [ 468.199678] Object ffff880035364230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.203724] Object ffff880035364240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.207643] Object ffff880035364250: 00 00 00 00 00 00 00 00 10 f2 7b 81 ff ff ff ff ..........{.....
> [ 468.211475] Object ffff880035364260: 90 40 36 35 00 88 ff ff 01 00 00 00 ff ff ff ff .@xxxxxxxxxxxxxx
> [ 468.214824] Object ffff880035364270: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.218710] Object ffff880035364280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.221866] Object ffff880035364290: 20 c9 8a 83 ff ff ff ff 00 00 00 00 00 00 00 00 ...............
> [ 468.225708] Object ffff8800353642a0: 00 00 00 00 00 00 00 00 e0 d4 03 82 ff ff ff ff ................
> [ 468.229567] Object ffff8800353642b0: 00 00 00 00 00 00 00 00 e0 ff ff ff 0f 00 00 00 ................
> [ 468.233707] Object ffff8800353642c0: c0 42 36 35 00 88 ff ff c0 42 36 35 00 88 ff ff .B65.....B65....
> [ 468.236995] Object ffff8800353642d0: 40 f8 7b 81 ff ff ff ff 60 c9 8a 83 ff ff ff ff @.{.....`.......
> [ 468.239469] Object ffff8800353642e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.242092] Object ffff8800353642f0: a0 d4 03 82 ff ff ff ff 00 00 00 00 ad 4e ad de .............N..
> [ 468.246171] Object ffff880035364300: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.250155] Object ffff880035364310: e0 c8 8a 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
> [ 468.254108] Object ffff880035364320: 00 00 00 00 00 00 00 00 20 d5 03 82 ff ff ff ff ........ .......
> [ 468.257405] Object ffff880035364330: 30 43 36 35 00 88 ff ff 30 43 36 35 00 88 ff ff 0C65....0C65....
> [ 468.261159] Object ffff880035364340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.264029] Object ffff880035364350: 82 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................
> [ 468.266641] Object ffff880035364360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.269249] Object ffff880035364370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.271800] Object ffff880035364380: 32 85 fb ff 00 00 00 00 00 00 00 00 00 00 00 00 2...............
> [ 468.274368] Object ffff880035364390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.276918] Object ffff8800353643a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.279446] Object ffff8800353643b0: 00 00 00 00 00 00 00 00 b8 43 36 35 00 88 ff ff .........C65....
> [ 468.281959] Object ffff8800353643c0: b8 43 36 35 00 88 ff ff ff ff ff ff 00 00 00 00 .C65............
> [ 468.284498] Object ffff8800353643d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.288159] Object ffff8800353643e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.291900] Object ffff8800353643f0: f0 43 36 35 00 88 ff ff f0 43 36 35 00 88 ff ff .C65.....C65....
> [ 468.294442] Object ffff880035364400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.296938] Object ffff880035364410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.299392] Object ffff880035364420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.301821] Object ffff880035364430: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
> [ 468.304262] Object ffff880035364440: ff ff ff ff ff ff ff ff 60 c1 8a 83 ff ff ff ff ........`.......
> [ 468.306697] Object ffff880035364450: 30 28 25 83 ff ff ff ff 00 00 00 00 00 00 00 00 0(%.............
> [ 468.309180] Object ffff880035364460: 00 6d 03 82 ff ff ff ff 68 44 36 35 00 88 ff ff .m......hD65....
> [ 468.311634] Object ffff880035364470: 68 44 36 35 00 88 ff ff 00 00 00 00 00 00 00 00 hD65............
> [ 468.315349] Object ffff880035364480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.319247] Object ffff880035364490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.323239] Object ffff8800353644a0: 00 00 00 00 00 00 00 00 90 9f 04 a0 ff ff ff ff ................
> [ 468.327047] Object ffff8800353644b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.330824] Object ffff8800353644c0: 05 00 00 00 f4 1a 00 00 20 ca 04 a0 ff ff ff ff ........ .......
> [ 468.334530] Object ffff8800353644d0: 00 00 00 00 00 00 00 00 d8 44 36 35 00 88 ff ff .........D65....
> [ 468.338324] Object ffff8800353644e0: d8 44 36 35 00 88 ff ff 02 00 00 30 00 00 00 00 .D65.......0....
> [ 468.342082] Object ffff8800353644f0: 20 37 a2 5f 00 88 ff ff c0 44 1d 6c 00 88 ff ff 7._.....D.l....
> [ 468.345679] Object ffff880035364500: 13 c1 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.349365] Object ffff880035364510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.353272] Object ffff880035364520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.356041] Object ffff880035364530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.359712] Object ffff880035364540: 00 c1 01 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
> [ 468.363386] Object ffff880035364550: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
> [ 468.367082] Object ffff880035364560: 40 dd 04 a0 ff ff ff ff c0 f8 27 83 ff ff ff ff @.........'.....
> [ 468.370743] Object ffff880035364570: 00 00 00 00 00 00 00 00 20 c6 04 a0 ff ff ff ff ........ .......
> [ 468.373920] Object ffff880035364580: 80 45 36 35 00 88 ff ff 80 45 36 35 00 88 ff ff .E65.....E65....
> [ 468.377400] Object ffff880035364590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.380959] Object ffff8800353645a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.384465] Object ffff8800353645b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.387889] Object ffff8800353645c0: 00 00 00 00 00 00 00 00 70 b6 04 a0 ff ff ff ff ........p.......
> [ 468.390421] Object ffff8800353645d0: c0 b4 04 a0 ff ff ff ff e0 b5 04 a0 ff ff ff ff ................
> [ 468.392643] Object ffff8800353645e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.394914] Object ffff8800353645f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.397226] Object ffff880035364600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.400344] Object ffff880035364610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.402957] Object ffff880035364620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.405496] Object ffff880035364630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.408076] Object ffff880035364640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.410591] Object ffff880035364650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.413755] Object ffff880035364660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.416388] Object ffff880035364670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.418917] Object ffff880035364680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.421442] Object ffff880035364690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.423979] Object ffff8800353646a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.427009] Object ffff8800353646b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.430256] Object ffff8800353646c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.433458] Object ffff8800353646d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.436006] Object ffff8800353646e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.438457] Object ffff8800353646f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.440878] Object ffff880035364700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.443925] Object ffff880035364710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.446409] Object ffff880035364720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.449451] Object ffff880035364730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.452441] Object ffff880035364740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.455046] Object ffff880035364750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.458026] Object ffff880035364760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.460966] Object ffff880035364770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.463946] Object ffff880035364780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.466956] Object ffff880035364790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.469865] Object ffff8800353647a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.472684] Object ffff8800353647b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.475187] Object ffff8800353647c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.477277] Object ffff8800353647d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.480034] Object ffff8800353647e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.482730] Object ffff8800353647f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.485410] Object ffff880035364800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.488062] Object ffff880035364810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.490731] Object ffff880035364820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.493298] Object ffff880035364830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.495887] Object ffff880035364840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> [ 468.498467] CPU: 0 PID: 12507 Comm: modprobe Tainted: G B D C 4.4.0kasan+ #275
> [ 468.500762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [ 468.502698] ffffea0000d4d800 ffff880048edfc28 ffffffff815bfaa7 ffff88006cc02d80
> [ 468.505094] ffff880048edfc58 ffffffff8130db19 ffff88006cc02d80 ffffea0000d4d800
> [ 468.507477] ffff880035364050 ffff88006c1d4518 ffff880048edfc80 ffffffff81313a54
> [ 468.509854] Call Trace:
> [ 468.511217] [<ffffffff815bfaa7>] dump_stack+0x44/0x5d
> [ 468.513091] [<ffffffff8130db19>] print_trailer+0xf9/0x150
> [ 468.515016] [<ffffffff81313a54>] object_err+0x34/0x40
> [ 468.516831] [<ffffffff81316142>] kasan_report_error+0x212/0x520
> [ 468.518148] [<ffffffff8115f71e>] ? do_raw_spin_lock+0x10e/0x1a0
> [ 468.519364] [<ffffffff81157866>] ? trace_hardirqs_on_caller+0x16/0x290
> [ 468.520692] [<ffffffff81316849>] kasan_report+0x39/0x40
> [ 468.521876] [<ffffffffa004a3b7>] ? virtio_pci_remove+0x37/0x70 [virtio_pci]
> [ 468.524219] [<ffffffff8131531d>] __asan_load8+0x5d/0x70
> [ 468.526269] [<ffffffffa004a3b7>] virtio_pci_remove+0x37/0x70 [virtio_pci]
> [ 468.528614] [<ffffffff816380a1>] pci_device_remove+0x61/0x100
> [ 468.530842] [<ffffffff817adbac>] __device_release_driver+0xec/0x200
> [ 468.533206] [<ffffffff817aebd7>] driver_detach+0x117/0x120
> [ 468.535566] [<ffffffff817ad2b8>] bus_remove_driver+0x98/0x160
> [ 468.537794] [<ffffffff817af733>] driver_unregister+0x43/0x70
> [ 468.540103] [<ffffffff8163568a>] pci_unregister_driver+0x2a/0x90
> [ 468.542476] [<ffffffffa004bd87>] virtio_pci_driver_exit+0x10/0x289 [virtio_pci]
> [ 468.545189] [<ffffffff811b5230>] SyS_delete_module+0x260/0x2b0
> [ 468.547626] [<ffffffff811b4fd0>] ? free_module+0x450/0x450
> [ 468.550061] [<ffffffff8115314d>] ? trace_hardirqs_off+0xd/0x10
> [ 468.552521] [<ffffffff81157866>] ? trace_hardirqs_on_caller+0x16/0x290
> [ 468.555142] [<ffffffff81c4f972>] entry_SYSCALL_64_fastpath+0x12/0x76
> [ 468.557138] Memory state around the buggy address:
> [ 468.558965] ffff880035364400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [ 468.561771] ffff880035364480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [ 468.564716] >ffff880035364500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [ 468.567593] ^
> [ 468.570169] ffff880035364580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [ 468.573101] ffff880035364600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [ 468.575705] ==================================================================
>
>
> Thanks,
> Jerome
>