====================================== | [ 1.942369] #PF: supervisor write access in kernel mode | [ 1.942407] #PF: error_code(0x0002) - not-present page | [ 1.942441] PGD 3063067 P4D 3063067 PUD 5c14067 PMD 0 | [ 1.942505] Oops: Oops: 0002 [#1] SMP [ 1.942657] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1.942717] RIP: 0010:work_grab_pending (./arch/x86/include/asm/bitops.h:136 ./include/asm-generic/bitops/instrumented-atomic.h:72 kernel/workqueue.c:2072 kernel/workqueue.c:2160) [ 1.942760] Code: 83 e6 01 41 57 41 56 4c 8d 77 20 41 55 41 54 41 89 f4 55 48 89 d5 53 48 89 fb 9c 58 fa 48 89 45 00 45 85 e4 0f 85 8a 00 00 00 48 0f ba 2b 00 41 0f 92 c5 72 0e 5b 44 89 e8 5d 41 5c 41 5d 41 All code ======== 0: 83 e6 01 and $0x1,%esi 3: 41 57 push %r15 5: 41 56 push %r14 7: 4c 8d 77 20 lea 0x20(%rdi),%r14 b: 41 55 push %r13 d: 41 54 push %r12 f: 41 89 f4 mov %esi,%r12d 12: 55 push %rbp 13: 48 89 d5 mov %rdx,%rbp 16: 53 push %rbx 17: 48 89 fb mov %rdi,%rbx 1a: 9c pushf 1b: 58 pop %rax 1c: fa cli 1d: 48 89 45 00 mov %rax,0x0(%rbp) 21: 45 85 e4 test %r12d,%r12d 24: 0f 85 8a 00 00 00 jne 0xb4 2a:* f0 48 0f ba 2b 00 lock btsq $0x0,(%rbx) <-- trapping instruction 30: 41 0f 92 c5 setb %r13b 34: 72 0e jb 0x44 36: 5b pop %rbx 37: 44 89 e8 mov %r13d,%eax 3a: 5d pop %rbp 3b: 41 5c pop %r12 3d: 41 5d pop %r13 3f: 41 rex.B Code starting with the faulting instruction =========================================== 0: f0 48 0f ba 2b 00 lock btsq $0x0,(%rbx) 6: 41 0f 92 c5 setb %r13b a: 72 0e jb 0x1a c: 5b pop %rbx d: 44 89 e8 mov %r13d,%eax 10: 5d pop %rbp 11: 41 5c pop %r12 13: 41 5d pop %r13 15: 41 rex.B [ 1.942895] RSP: 0018:ffffa4c9c062fb70 EFLAGS: 00010046 [ 1.942944] RAX: 0000000000000246 RBX: 0000000000000000 RCX: 00000000ffffffff [ 1.943009] RDX: ffffa4c9c062fba8 RSI: 0000000000000000 RDI: 0000000000000000 [ 1.943060] RBP: ffffa4c9c062fba8 R08: ffffffffba493e00 R09: 0000000000000101 [ 1.943110] R10: ffffffffbb0080d8 R11: ffffa4c9c013cff8 R12: 0000000000000000 [ 1.943167] R13: 0000000000000000 R14: 0000000000000020 R15: 0000000000000001 [ 1.943220] FS: 00007f6052730b80(0000) GS:ffff91eb03511000(0000) knlGS:0000000000000000 [ 1.943280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.943349] CR2: 0000000000000000 CR3: 00000000046c3004 CR4: 0000000000772ef0 [ 1.943403] PKRU: 55555554 [ 1.943425] Call Trace: [ 1.943443] [ 1.943466] __cancel_work (kernel/workqueue.c:4366) [ 1.943495] ? dev_deactivate_many (net/sched/sch_generic.c:1324 net/sched/sch_generic.c:1382) [ 1.943542] __cancel_work_sync (kernel/workqueue.c:4381) [ 1.943579] __dev_close_many (net/core/dev.c:1879 (discriminator 2) net/core/dev.c:1932 (discriminator 2)) [ 1.943608] __dev_change_flags (./include/linux/list.h:226 ./include/linux/list.h:237 net/core/dev.c:1945 net/core/dev.c:9924) [ 1.943644] netif_change_flags (net/core/dev.c:9989) [ 1.943691] dev_change_flags (./include/net/netdev_lock.h:30 ./include/net/netdev_lock.h:47 net/core/dev_api.c:69) [ 1.943722] devinet_ioctl (net/ipv4/devinet.c:1199 (discriminator 11)) [ 1.943754] inet_ioctl (net/ipv4/af_inet.c:1025) [ 1.943794] ? netdev_name_node_lookup_rcu (net/core/dev.c:327) [ 1.943837] ? dev_get_by_name_rcu (net/core/dev.c:886) [ 1.943870] ? netdev_name_node_lookup_rcu (net/core/dev.c:327) [ 1.943903] ? dev_get_by_name_rcu (net/core/dev.c:886) [ 1.943935] ? dev_ioctl (net/core/dev_ioctl.c:770) [ 1.943966] sock_do_ioctl (net/socket.c:1260) [ 1.944019] sock_ioctl (net/socket.c:1378) [ 1.944051] __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:597 fs/ioctl.c:583 fs/ioctl.c:583) [ 1.944082] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) [ 1.944113] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1.944152] RIP: 0033:0x7f6052836d6b [ 1.944183] Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 5d 50 0f 00 f7 d8 64 89 01 48 All code ======== 0: ff (bad) 1: ff (bad) 2: ff 85 c0 79 9b 49 incl 0x499b79c0(%rbp) 8: c7 c4 ff ff ff ff mov $0xffffffff,%esp e: 5b pop %rbx f: 5d pop %rbp 10: 4c 89 e0 mov %r12,%rax 13: 41 5c pop %r12 15: c3 ret 16: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) 1d: 00 00 1f: f3 0f 1e fa endbr64 23: b8 10 00 00 00 mov $0x10,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 5d 50 0f 00 mov 0xf505d(%rip),%rcx # 0xf5097 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 5d 50 0f 00 mov 0xf505d(%rip),%rcx # 0xf506d 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W [ 1.944322] RSP: 002b:00007ffe8df2fc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1.944385] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6052836d6b [ 1.944442] RDX: 00007ffe8df2fc90 RSI: 0000000000008914 RDI: 0000000000000006 [ 1.944508] RBP: 0000000000000006 R08: 0000000000000004 R09: 00007f6052950060 [ 1.944572] R10: 00007f6052743e18 R11: 0000000000000246 R12: 0000000000000006 Finger prints: work_grab_pending:__cancel_work:__cancel_work_sync:__dev_close_many:__dev_change_flags