====================================== | [ 1151.466929] #10: ffffffff9bb678c0 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb (./include/linux/rcupdate.h:298 ./include/linux/rcupdate.h:750 net/core/dev.c:5729 net/core/dev.c:5801) | [ 1151.467371] #11: ffffffff9bb678c0 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish (./include/linux/rcupdate.h:298 ./include/linux/rcupdate.h:750 net/ipv4/ip_input.c:232) | [ 1151.467836] | [ 1151.467836] stack backtrace: [ 1151.468404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1151.468981] Call Trace: [ 1151.469117] [ 1151.469232] dump_stack_lvl (lib/dump_stack.c:108) [ 1151.469431] __lock_acquire (kernel/locking/lockdep.c:5138) [ 1151.469646] ? sk_filter_trim_cap (./include/linux/rcupdate.h:298 ./include/linux/rcupdate.h:750 net/core/filter.c:151) [ 1151.469870] lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756 kernel/locking/lockdep.c:5719) [ 1151.470059] ? tcp_v4_rcv (./include/linux/skbuff.h:1624 ./include/net/tcp.h:2512 net/ipv4/tcp_ipv4.c:2327) [ 1151.470253] ? sk_filter_trim_cap (net/core/filter.c:165) [ 1151.470482] _raw_spin_lock_nested (kernel/locking/spinlock.c:379) [ 1151.470708] ? tcp_v4_rcv (./include/linux/skbuff.h:1624 ./include/net/tcp.h:2512 net/ipv4/tcp_ipv4.c:2327) [ 1151.470901] tcp_v4_rcv (./include/linux/skbuff.h:1624 ./include/net/tcp.h:2512 net/ipv4/tcp_ipv4.c:2327) [ 1151.471088] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1)) [ 1151.471322] ip_local_deliver_finish (./include/linux/rcupdate.h:779 net/ipv4/ip_input.c:234) [ 1151.471559] __netif_receive_skb_one_core (net/core/dev.c:5542 (discriminator 4)) [ 1151.471814] netif_receive_skb (net/core/dev.c:5742 net/core/dev.c:5801) [ 1151.472027] tcf_mirred_to_dev (net/sched/act_mirred.c:327) act_mirred [ 1151.472302] tcf_mirred_act (net/sched/act_mirred.c:459 (discriminator 2)) act_mirred [ 1151.472558] ? tcf_skbedit_act (net/sched/act_skbedit.c:51 (discriminator 3)) act_skbedit [ 1151.472832] tcf_action_exec (./include/net/tc_wrapper.h:130 net/sched/act_api.c:1100 net/sched/act_api.c:1074) [ 1151.473037] fl_classify (net/sched/cls_flower.c:345) cls_flower [ 1151.473287] ? fl_mask_lookup (net/sched/cls_flower.c:296) cls_flower [ 1151.473562] ? __bfs (kernel/locking/lockdep.c:1787) [ 1151.473731] ? check_irq_usage (kernel/locking/lockdep.c:2823) [ 1151.473944] ? tcf_action_exec (./include/net/tc_wrapper.h:130 net/sched/act_api.c:1100 net/sched/act_api.c:1074) [ 1151.474155] ? check_path.constprop.0 (kernel/locking/lockdep.c:2145) [ 1151.474388] ? check_noncircular (kernel/locking/lockdep.c:2172) [ 1151.474609] ? __lock_acquire (kernel/locking/lockdep.c:5133 (discriminator 1)) [ 1151.474823] tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1734 net/sched/cls_api.c:1830) [ 1151.475018] tc_run (net/core/dev.c:3945) [ 1151.475186] __dev_queue_xmit (net/core/dev.c:4069 net/core/dev.c:4301) [ 1151.475399] ? mark_held_locks (kernel/locking/lockdep.c:4274) [ 1151.475606] ip_finish_output2 (./include/linux/netdevice.h:3171 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv4/ip_output.c:235) [ 1151.475820] ? __ip_queue_xmit (net/ipv4/ip_output.c:535) [ 1151.476032] __ip_queue_xmit (net/ipv4/ip_output.c:535) [ 1151.476250] __tcp_transmit_skb (net/ipv4/tcp_output.c:1462 (discriminator 4)) [ 1151.476487] tcp_write_xmit (net/ipv4/tcp_output.c:2792) [ 1151.476692] __tcp_push_pending_frames (net/ipv4/tcp_output.c:2977) [ 1151.476931] tcp_rcv_state_process (net/ipv4/tcp_input.c:5654 net/ipv4/tcp_input.c:6881) [ 1151.477167] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756 kernel/locking/lockdep.c:5719) [ 1151.477362] ? tcp_v4_rcv (./include/linux/skbuff.h:1624 ./include/net/tcp.h:2512 net/ipv4/tcp_ipv4.c:2327) [ 1151.477554] ? tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1930) [ 1151.477753] ? lock_is_held_type (kernel/locking/lockdep.c:5495 kernel/locking/lockdep.c:5825) [ 1151.477971] tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1930) [ 1151.478162] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2330) [ 1151.478345] ? process_backlog (net/core/dev.c:5978 (discriminator 2)) [ 1151.478552] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1)) [ 1151.478786] ip_local_deliver_finish (./include/linux/rcupdate.h:779 net/ipv4/ip_input.c:234) [ 1151.479017] __netif_receive_skb_one_core (net/core/dev.c:5542 (discriminator 4)) [ 1151.479268] process_backlog (./include/linux/rcupdate.h:779 net/core/dev.c:5985) [ 1151.479469] __napi_poll.constprop.0 (net/core/dev.c:6584) [ 1151.479701] net_rx_action (net/core/dev.c:6655 net/core/dev.c:6786) [ 1151.479897] __do_softirq (kernel/softirq.c:553) [ 1151.480085] irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644) [ 1151.480269] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) [ 1151.480517] [ 1151.480631] [ 1151.480746] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:649) [ 1151.481011] RIP: 0010:_raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) [ 1151.481297] Code: c7 18 53 48 89 f3 48 8b 74 24 10 e8 81 3c 39 ff 48 89 ef e8 39 6d 39 ff 80 e7 02 74 06 e8 cf 95 46 ff fb 65 ff 0d cf e8 1f 65 <74> 07 5b 5d c3 cc cc cc cc 0f 1f 44 00 00 5b 5d c3 cc cc cc cc 66 All code ======== 0: c7 (bad) 1: 18 53 48 sbb %dl,0x48(%rbx) 4: 89 f3 mov %esi,%ebx 6: 48 8b 74 24 10 mov 0x10(%rsp),%rsi b: e8 81 3c 39 ff call 0xffffffffff393c91 10: 48 89 ef mov %rbp,%rdi 13: e8 39 6d 39 ff call 0xffffffffff396d51 18: 80 e7 02 and $0x2,%bh 1b: 74 06 je 0x23 1d: e8 cf 95 46 ff call 0xffffffffff4695f1 22: fb sti 23: 65 ff 0d cf e8 1f 65 decl %gs:0x651fe8cf(%rip) # 0x651fe8f9 2a:* 74 07 je 0x33 <-- trapping instruction 2c: 5b pop %rbx 2d: 5d pop %rbp 2e: c3 ret 2f: cc int3 30: cc int3 31: cc int3 32: cc int3 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 5b pop %rbx 39: 5d pop %rbp 3a: c3 ret 3b: cc int3 3c: cc int3 3d: cc int3 3e: cc int3 3f: 66 data16 Code starting with the faulting instruction =========================================== 0: 74 07 je 0x9 2: 5b pop %rbx 3: 5d pop %rbp 4: c3 ret 5: cc int3 6: cc int3 7: cc int3 8: cc int3 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 5b pop %rbx f: 5d pop %rbp 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: 66 data16 [ 1151.482216] RSP: 0018:ffffb02ac26c7d18 EFLAGS: 00000286 [ 1151.482488] RAX: 00000000003ad185 RBX: 0000000000000282 RCX: 0000000000000040 [ 1151.482847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9ae30671 [ 1151.483206] RBP: ffffffff9cffff40 R08: 0000000000000001 R09: 0000000000000001 [ 1151.483574] R10: 0000000000000005 R11: 0000000000000001 R12: 0000000000000001 [ 1151.483933] R13: 0000000000000000 R14: ffff9a2b81d14001 R15: ffff9a2b823f0000 [ 1151.484293] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:77 ./arch/x86/include/asm/irqflags.h:135 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 1151.484550] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:77 ./arch/x86/include/asm/irqflags.h:135 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 1151.484804] uart_write (drivers/tty/serial/serial_core.c:74 drivers/tty/serial/serial_core.c:616) [ 1151.484989] n_tty_write (drivers/tty/n_tty.c:574 drivers/tty/n_tty.c:2379) [ 1151.485178] ? __pfx_woken_wake_function (kernel/sched/wait.c:439) [ 1151.485428] file_tty_write.constprop.0 (drivers/tty/tty_io.c:1021 drivers/tty/tty_io.c:1096) [ 1151.485681] vfs_write (./include/linux/fs.h:2085 fs/read_write.c:497 fs/read_write.c:590) [ 1151.485863] ksys_write (fs/read_write.c:643) [ 1151.486039] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 1151.486234] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) [ 1151.486493] RIP: 0033:0x7f41d9350957 [ 1151.486682] Code: 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 All code ======== 0: 0b 00 or (%rax),%eax 2: f7 d8 neg %eax 4: 64 89 02 mov %eax,%fs:(%rdx) 7: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax e: eb b7 jmp 0xffffffffffffffc7 10: 0f 1f 00 nopl (%rax) 13: f3 0f 1e fa endbr64 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 10 jne 0x33 23: b8 01 00 00 00 mov $0x1,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 51 ja 0x83 32: c3 ret 33: 48 83 ec 28 sub $0x28,%rsp 37: 48 89 54 24 18 mov %rdx,0x18(%rsp) 3c: 48 rex.W 3d: 89 .byte 0x89 3e: 74 24 je 0x64 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 51 ja 0x59 8: c3 ret 9: 48 83 ec 28 sub $0x28,%rsp d: 48 89 54 24 18 mov %rdx,0x18(%rsp) 12: 48 rex.W 13: 89 .byte 0x89 14: 74 24 je 0x3a [ 1151.487613] RSP: 002b:00007ffec062b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1151.488000] RAX: ffffffffffffffda RBX: 0000560ee8ea1ef0 RCX: 00007f41d9350957 [ 1151.488360] RDX: 0000000000000001 RSI: 0000560ee8ea1ef0 RDI: 0000000000000001 [ 1151.488731] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000002000 [ 1151.489089] R10: 0000000000000001 R11: 0000000000000246 R12: 0000560ee8e8e4e0 Finger prints: dump_stack_lvl:__lock_acquire:lock_acquire:_raw_spin_lock_nested