================================================================== BUG: KASAN: out-of-bounds in __module_address+0x81/0x192 Read of size 8 at addr 000000007226a140 by task modprobe/520 CPU: 0 PID: 520 Comm: modprobe Tainted: G O 5.5.0-rc6-00009-g09462ab4014b #11 Stack: 6dbb3570 600d54b8 60b74088 600d7e5e 7226a140 00000000 00000000 7226a160 6dbb3550 6065d480 6dbb35b0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d54b8>] ? console_unlock+0x494/0x79d [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<60103709>] ? __module_address+0x81/0x192 [<601c26fe>] __kasan_report+0x161/0x19c [<60103709>] ? __module_address+0x81/0x192 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2ebb>] __asan_load8+0x76/0x78 [<60103709>] __module_address+0x81/0x192 [<714f8000>] ? cfg80211_dev_check_name+0x0/0x1b7 [cfg80211] [<601c2e45>] ? __asan_load8+0x0/0x78 [<60103837>] __module_text_address+0x1d/0xb9 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010a167>] is_module_text_address+0x10/0x18 [<600997fc>] kernel_text_address+0x35/0x3a [<60099819>] __kernel_text_address+0x18/0x3f [<60047cab>] dump_trace+0x106/0x15a [<600c1301>] ? __bfs+0x1cb/0x3a8 [<601c2dca>] ? __asan_store4+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047d45>] save_stack_trace+0x46/0x4d [<600e2a1a>] stack_trace_save+0x34/0x39 [<600bffab>] save_trace+0x5f/0x3c5 [<600c0ee3>] ? hlock_class+0x0/0xd9 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<600c0ee3>] ? hlock_class+0x0/0xd9 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600c6e0a>] __lock_acquire+0x176a/0x1a16 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600c4e16>] lock_acquire+0x1d4/0x232 [<601a121f>] ? __purge_vmap_area_lazy+0x14d/0xb09 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6067e097>] _raw_spin_lock+0x31/0x85 [<601a121f>] ? __purge_vmap_area_lazy+0x14d/0xb09 [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<601a121f>] __purge_vmap_area_lazy+0x14d/0xb09 [<600bb57a>] ? __mutex_trylock+0x126/0x155 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601a1d06>] free_vmap_area_noflush+0x12b/0x1ae [<601c2e45>] ? __asan_load8+0x0/0x78 [<601a253b>] remove_vm_area+0xb7/0xd5 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601a28ab>] __vunmap+0x11e/0x36c [<601c2d52>] ? __asan_load4+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<601a2bb6>] __vfree+0x5a/0x61 [<601c470a>] ? delete_object_full+0x26/0x28 [<601a2c84>] vfree+0xc7/0xd2 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60108a02>] load_module+0x3440/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601d9011>] ? do_execve+0x24/0x26 [<6008ca5b>] ? call_usermodehelper_exec_async+0x33d/0x383 [<600a91d1>] ? schedule_tail+0xf8/0x103 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600412ee>] new_thread_handler+0x131/0x13c The buggy address belongs to the variable: __this_module+0x200/0xfffffffffffbf4f4 [iwlwifi] Memory state around the buggy address: 000000007226a000: 38 df 02 00 00 00 00 00 ac 9c 11 00 00 00 00 00 000000007226a080: 01 00 00 00 03 00 00 00 4a df 02 00 00 00 00 00 >000000007226a100: b9 9c 11 00 00 00 00 00 01 00 00 00 03 00 00 00 ^ 000000007226a180: 55 df 02 00 00 00 00 00 c6 9c 11 00 00 00 00 00 000000007226a200: 01 00 00 00 03 00 00 00 e2 e0 02 00 00 00 00 00 ================================================================== Disabling lock debugging due to kernel taint Modules linked in: mac80211(O+) iwlwifi(O) cfg80211(O) compat(O) Pid: 11, comm: kworker/u2:1 Tainted: G B O 5.5.0-rc6-00009-g09462ab4014b RIP: 0033:[<00000000601c2e92>] RSP: 000000006f10fc60 EFLAGS: 00010207 RAX: 000000000e031648 RBX: 00000000601c2e45 RCX: 0000000000000007 RDX: 000000006f801480 RSI: 000000007018b230 RDI: 000000007018b240 RBP: 000000006f10fc60 R08: 00000000603cd21f R09: 0000000000000001 R10: 0000000000000000 R11: 0000000060d1a18b R12: 000000007018b238 R13: 000000006f802b40 R14: 000000006f801480 R15: 000000006e00aaa8 Kernel panic - not syncing: Segfault with no mm CPU: 0 PID: 11 Comm: kworker/u2:1 Tainted: G B O 5.5.0-rc6-00009-g09462ab4014b #11 Workqueue: 0x0 (events_unbound) Stack: 6f10fc90 603cd21f 7018b238 7018b230 6f802b40 6f801480 6f10fcb0 601bb0c7 6f801480 6f801480 6f10fcd0 601bbb4d Call Trace: [<603cd21f>] __list_del_entry_valid+0x1e/0x160 [<601bb0c7>] __list_del_entry+0x15/0x2b [<601bbb4d>] remove_partial+0x67/0x82 [<601bd97a>] ___slab_alloc.constprop.0+0x12a/0x39f [<6008f6d2>] ? alloc_worker.isra.0+0x43/0xc5 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601bdc4e>] __slab_alloc.constprop.0+0x5f/0x92 [<6008f6d2>] ? alloc_worker.isra.0+0x43/0xc5 [<601bdeda>] kmem_cache_alloc_trace+0x66/0x1a5 [<6008f6d2>] ? alloc_worker.isra.0+0x43/0xc5 [<6008f6d2>] alloc_worker.isra.0+0x43/0xc5 [<600c7bcc>] ? lock_release+0x4d0/0x4df [<6008fd7b>] create_worker+0x4f/0x2af [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6009388d>] worker_thread+0x1eb/0x52b [<6008d4f5>] ? set_pf_worker+0x0/0x98 [<60070512>] ? do_exit+0x0/0x109d [<6009d04b>] kthread+0x289/0x2a0 [<600936a2>] ? worker_thread+0x0/0x52b [<600a91d1>] ? schedule_tail+0xf8/0x103 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6009cdc2>] ? kthread+0x0/0x2a0 [<600412b6>] new_thread_handler+0xf9/0x13c