====================================== | [ 6319.385960][ C1] ip6_tunnel: tep0 xmit: Local address not yet configured! | [ 6324.377981][ C3] ip6_tunnel: tep0 xmit: Local address not yet configured! | [ 6520.025997][ C3] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI | [ 6520.026569][ C3] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 6520.027332][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 6520.027624][ C3] RIP: 0010:xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3181) [ 6520.027927][ C3] Code: f1 f1 f1 c7 40 04 00 00 f2 f2 c7 40 08 00 00 f3 f3 65 48 8b 05 8a 86 68 03 48 89 84 24 a8 00 00 00 31 c0 48 89 f8 48 c1 e8 03 <80> 3c 10 00 0f 85 cb 08 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b All code ======== 0: f1 int1 1: f1 int1 2: f1 int1 3: c7 40 04 00 00 f2 f2 movl $0xf2f20000,0x4(%rax) a: c7 40 08 00 00 f3 f3 movl $0xf3f30000,0x8(%rax) 11: 65 48 8b 05 8a 86 68 mov %gs:0x368868a(%rip),%rax # 0x36886a3 18: 03 19: 48 89 84 24 a8 00 00 mov %rax,0xa8(%rsp) 20: 00 21: 31 c0 xor %eax,%eax 23: 48 89 f8 mov %rdi,%rax 26: 48 c1 e8 03 shr $0x3,%rax 2a:* 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction 2e: 0f 85 cb 08 00 00 jne 0x8ff 34: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 3b: fc ff df 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 4: 0f 85 cb 08 00 00 jne 0x8d5 a: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 11: fc ff df 14: 48 rex.W 15: 8b .byte 0x8b [ 6520.028739][ C3] RSP: 0018:ffffc90000270210 EFLAGS: 00010202 [ 6520.029037][ C3] RAX: 0000000000000001 RBX: 1ffff9200004e048 RCX: ffff888018996940 [ 6520.029380][ C3] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 6520.029724][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 6520.030069][ C3] R10: ffffc90000270410 R11: ffffffffba98d720 R12: 0000000000000006 [ 6520.030418][ C3] R13: ffff888018996940 R14: ffffc90000270410 R15: ffff8880027f3940 [ 6520.030762][ C3] FS: 0000000000000000(0000) GS:ffff8880b0b14000(0000) knlGS:0000000000000000 [ 6520.031162][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6520.031452][ C3] CR2: 00007f770517e000 CR3: 000000001e74a005 CR4: 0000000000772ef0 [ 6520.031804][ C3] PKRU: 55555554 [ 6520.031979][ C3] Call Trace: [ 6520.032155][ C3] [ 6520.032274][ C3] ? find_held_lock (kernel/locking/lockdep.c:5353) [ 6520.032515][ C3] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3177) [ 6520.032798][ C3] ? dst_release (./arch/x86/include/asm/preempt.h:104 ./include/linux/rcuref.h:174 net/core/dst.c:167) [ 6520.033030][ C3] ? ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1231) [ 6520.033315][ C3] xfrm_lookup_route (net/xfrm/xfrm_policy.c:3351) [ 6520.033548][ C3] ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) [ 6520.033790][ C3] ? __pfx_ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) [ 6520.034023][ C3] ? find_held_lock (kernel/locking/lockdep.c:5353) [ 6520.034248][ C3] ? unwind_next_frame (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 ./include/linux/rcupdate.h:1155 arch/x86/kernel/unwind_orc.c:479) [ 6520.034478][ C3] ? __pfx_ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) [ 6520.034706][ C3] udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:167 net/ipv6/ip6_udp_tunnel.c:135) [ 6520.034937][ C3] ? __pfx_udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:144) [ 6520.035226][ C3] ? __pfx___skb_get_hash_net (net/core/flow_dissector.c:1892) [ 6520.035458][ C3] ? handle_softirqs (kernel/softirq.c:580) [ 6520.035694][ C3] geneve6_xmit_skb (drivers/net/geneve.c:958 (discriminator 4)) geneve [ 6520.035930][ C3] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 kernel/rcu/update.c:380) [ 6520.036164][ C3] ? __pfx_geneve6_xmit_skb (drivers/net/geneve.c:934) geneve [ 6520.036445][ C3] ? lock_acquire.part.0 (kernel/locking/lockdep.c:5828) [ 6520.036677][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) [ 6520.036906][ C3] ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5834) [ 6520.037137][ C3] ? geneve_xmit (drivers/net/geneve.c:1045) geneve [ 6520.037365][ C3] geneve_xmit (drivers/net/geneve.c:1045) geneve [ 6520.037600][ C3] dev_hard_start_xmit (./include/linux/netdevice.h:5219 ./include/linux/netdevice.h:5228 net/core/dev.c:3827 net/core/dev.c:3843) [ 6520.037834][ C3] __dev_queue_xmit (net/core/dev.h:370 net/core/dev.c:4714) [ 6520.038064][ C3] ? __build_skb_around (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 net/core/skbuff.c:382 net/core/skbuff.c:439) [ 6520.038289][ C3] ? __alloc_skb (net/core/skbuff.c:685) [ 6520.038523][ C3] ? __pfx___dev_queue_xmit (net/core/dev.c:4621) [ 6520.038751][ C3] ? lock_acquire.part.0 (kernel/locking/lockdep.c:473 kernel/locking/lockdep.c:5873) [ 6520.038983][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) [ 6520.039210][ C3] arp_xmit (./include/linux/rcupdate.h:869 net/ipv4/arp.c:667) [ 6520.039386][ C3] arp_solicit (net/ipv4/arp.c:392) [ 6520.039616][ C3] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:104 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) [ 6520.039902][ C3] ? __pfx_arp_solicit (net/ipv4/arp.c:334) [ 6520.040135][ C3] ? neigh_probe (net/core/neighbour.c:1063) [ 6520.040363][ C3] ? __lock_release (kernel/locking/lockdep.c:5539) [ 6520.040592][ C3] neigh_probe (net/core/neighbour.c:1064) [ 6520.040767][ C3] neigh_timer_handler (net/core/neighbour.c:1158) [ 6520.040998][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) [ 6520.041218][ C3] ? __pfx_neigh_timer_handler (net/core/neighbour.c:1072) [ 6520.041445][ C3] call_timer_fn (kernel/time/timer.c:1748) [ 6520.041676][ C3] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1737) [ 6520.041906][ C3] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1737) [ 6520.042134][ C3] ? __pfx_call_timer_fn (kernel/time/timer.c:1724) [ 6520.042365][ C3] ? __run_timers (kernel/time/timer.c:1798 kernel/time/timer.c:2372) [ 6520.042589][ C3] ? __lock_release (kernel/locking/lockdep.c:5539) [ 6520.042813][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) [ 6520.043041][ C3] __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372) [ 6520.043268][ C3] ? __pfx_neigh_timer_handler (net/core/neighbour.c:1072) [ 6520.043498][ C3] ? __pfx___run_timers (kernel/time/timer.c:2343) [ 6520.043784][ C3] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 6520.044015][ C3] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 6520.044240][ C3] ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5834) [ 6520.044469][ C3] ? timer_expire_remote (kernel/time/timer.c:2384 kernel/time/timer.c:2376 kernel/time/timer.c:2135) [ 6520.044698][ C3] timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135) [ 6520.044925][ C3] tmigr_handle_remote_cpu (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 kernel/time/timer_migration.c:961) [ 6520.045153][ C3] ? __pfx_tmigr_handle_remote_cpu (kernel/time/timer_migration.c:905) [ 6520.045444][ C3] ? find_held_lock (kernel/locking/lockdep.c:5353) [ 6520.045675][ C3] ? tmigr_handle_remote_up (kernel/time/timer_migration.c:1035) [ 6520.045902][ C3] ? __lock_release (kernel/locking/lockdep.c:5539) [ 6520.046135][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) [ 6520.046361][ C3] tmigr_handle_remote_up (kernel/time/timer_migration.c:1038) [ 6520.046597][ C3] ? __pfx_tmigr_handle_remote_up (kernel/time/timer_migration.c:1005) [ 6520.046882][ C3] __walk_groups.isra.0 (kernel/time/timer_migration.c:533) [ 6520.047115][ C3] tmigr_handle_remote (kernel/time/timer_migration.c:1096) [ 6520.047347][ C3] ? __pfx_tmigr_handle_remote (kernel/time/timer_migration.c:1059) [ 6520.047573][ C3] ? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:95 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) [ 6520.047803][ C3] ? ktime_get (kernel/time/timekeeping.c:251 (discriminator 4) kernel/time/timekeeping.c:360 (discriminator 4) kernel/time/timekeeping.c:778 (discriminator 4)) [ 6520.047975][ C3] ? clockevents_program_event (kernel/time/clockevents.c:334 (discriminator 3)) [ 6520.048262][ C3] handle_softirqs (kernel/softirq.c:580) [ 6520.048496][ C3] __irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680) [ 6520.048720][ C3] irq_exit_rcu (kernel/softirq.c:698) [ 6520.048890][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 arch/x86/kernel/apic/apic.c:1050) [ 6520.049126][ C3] [ 6520.049243][ C3] [ 6520.049356][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) [ 6520.049931][ C3] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 6520.050167][ C3] Code: a4 cf 00 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 8f 20 00 fb f4 3c 59 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 All code ======== 0: a4 movsb %ds:(%rsi),%es:(%rdi) 1: cf iret 2: 00 c3 add %al,%bl 4: cc int3 5: cc int3 6: cc int3 7: cc int3 8: 0f 1f 00 nopl (%rax) b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: f3 0f 1e fa endbr64 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 03 8f 20 00 verw 0x208f03(%rip) # 0x208f2b 28: fb sti 29: f4 hlt 2a:* e9 3c 59 02 00 jmp 0x2596b <-- trapping instruction 2f: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 36: 00 00 00 39: 66 90 xchg %ax,%ax 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: e9 3c 59 02 00 jmp 0x25941 5: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) c: 00 00 00 f: 66 90 xchg %ax,%ax 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 6520.051130][ C3] RSP: 0018:ffffc90000157de8 EFLAGS: 00000242 [ 6520.051415][ C3] RAX: 0000000004d1789d RBX: 1ffff9200002afc1 RCX: ffffffffb928c419 [ 6520.051760][ C3] RDX: 0000000000000000 RSI: ffffffffb9f283fb RDI: ffffffffb9658fc0 [ 6520.052258][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d9f6702 [ 6520.052750][ C3] R10: ffff88806cfb3813 R11: ffffffffba611288 R12: 0000000000000000 [ 6520.053094][ C3] R13: ffff888001b5c5c0 R14: dffffc0000000000 R15: 0000000000000000 [ 6520.053587][ C3] ? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:146) [ 6520.053887][ C3] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:749) [ 6520.054060][ C3] default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118) [ 6520.054280][ C3] cpuidle_idle_call (kernel/sched/idle.c:186) [ 6520.054511][ C3] ? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168) [ 6520.054735][ C3] ? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:60) [ 6520.054966][ C3] do_idle (kernel/sched/idle.c:325) [ 6520.055136][ C3] cpu_startup_entry (kernel/sched/idle.c:422 (discriminator 1)) [ 6520.055363][ C3] start_secondary (arch/x86/kernel/smpboot.c:203 arch/x86/kernel/smpboot.c:283) [ 6520.055592][ C3] ? __pfx_start_secondary (arch/x86/kernel/smpboot.c:233) Finger prints: xfrm_lookup_with_ifid:xfrm_lookup_route:ip6_dst_lookup_flow:udp_tunnel6_dst_lookup:geneve6_xmit_skb