====================================== | [ 1564.163847] ------------[ cut here ]------------ | [ 1564.163901] rcuref - imbalanced put() | [ 1564.163902] WARNING: lib/rcuref.c:266 at 0x0, CPU#3: mausezahn/17083 | [ 1564.163992] Modules linked in: ipt_rpfilter sch_etf sch_fq xfrm_interface act_mirred cls_matchall nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 act_gact cls_flower cls_bpf sch_ingress bonding psample xfrm_user macsec ip6_gre ip_gre gre cls_u32 sch_htb ip6t_rpfilter nft_compat nf_tables vxlan mpls_gso mpls_iptunnel mpls_router [last unloaded: netdevsim] [ 1564.164312] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1564.164357] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 lib/rcuref.c:237) [ 1564.164402] Code: b1 17 0f 94 c0 75 0e 5b c3 81 fe ff ff ff bf 77 12 85 f6 78 04 31 c0 5b c3 c7 03 00 00 00 a0 31 c0 5b c3 48 8d 3d 20 32 2f 01 <67> 48 0f b9 3a 31 c0 c7 03 00 00 00 e0 eb de 90 f3 0f 1e fa 48 b8 All code ======== 0: b1 17 mov $0x17,%cl 2: 0f 94 c0 sete %al 5: 75 0e jne 0x15 7: 5b pop %rbx 8: c3 ret 9: 81 fe ff ff ff bf cmp $0xbfffffff,%esi f: 77 12 ja 0x23 11: 85 f6 test %esi,%esi 13: 78 04 js 0x19 15: 31 c0 xor %eax,%eax 17: 5b pop %rbx 18: c3 ret 19: c7 03 00 00 00 a0 movl $0xa0000000,(%rbx) 1f: 31 c0 xor %eax,%eax 21: 5b pop %rbx 22: c3 ret 23: 48 8d 3d 20 32 2f 01 lea 0x12f3220(%rip),%rdi # 0x12f324a 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 31 c0 xor %eax,%eax 31: c7 03 00 00 00 e0 movl $0xe0000000,(%rbx) 37: eb de jmp 0x17 39: 90 nop 3a: f3 0f 1e fa endbr64 3e: 48 rex.W 3f: b8 .byte 0xb8 Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: 31 c0 xor %eax,%eax 7: c7 03 00 00 00 e0 movl $0xe0000000,(%rbx) d: eb de jmp 0xffffffffffffffed f: 90 nop 10: f3 0f 1e fa endbr64 14: 48 rex.W 15: b8 .byte 0xb8 [ 1564.164524] RSP: 0018:ffffae7a014d7770 EFLAGS: 00010206 [ 1564.164567] RAX: 00000000dfffffff RBX: ffff938108846d00 RCX: ffff938108846d28 [ 1564.164624] RDX: ffff93813edaa408 RSI: 00000000dfffffff RDI: ffffffff8ca7d4c0 [ 1564.164678] RBP: ffff93813edaa400 R08: ffff9381092c0200 R09: 0000000000000001 [ 1564.164731] R10: 0000000000000000 R11: 0000000000000002 R12: ffff938108846cc0 [ 1564.164783] R13: 0000000000000000 R14: ffff9381092c0280 R15: 0000000000000001 [ 1564.164839] FS: 00007f2774d15740(0000) GS:ffff9381b1d05000(0000) knlGS:0000000000000000 [ 1564.164900] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1564.164948] CR2: 00007f2774e6c0b0 CR3: 000000000b0d8006 CR4: 0000000000772ef0 [ 1564.165003] PKRU: 55555554 [ 1564.165025] Call Trace: [ 1564.165045] [ 1564.165073] dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167) [ 1564.165111] rt_cache_route (net/ipv4/route.c:1510) [ 1564.165151] rt_set_nexthop.constprop.0 (net/ipv4/route.c:1622) [ 1564.165191] ip_route_output_key_hash_rcu (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682 net/ipv4/route.c:2875) [ 1564.165233] ip_route_output_flow (net/ipv4/route.c:2705 ./include/net/route.h:169 net/ipv4/route.c:2932) [ 1564.165258] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 net/ipv4/udp_tunnel_core.c:230) [ 1564.165303] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472) vxlan [ 1564.165351] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 1564.165396] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 1564.165438] ? update_load_avg (kernel/sched/fair.c:4367 kernel/sched/fair.c:4704) [ 1564.165468] ? update_curr (kernel/sched/fair.c:1227) [ 1564.165494] ? update_entity_lag (kernel/sched/fair.c:699 (discriminator 3)) [ 1564.165521] ? dequeue_entities (kernel/sched/fair.c:5407 kernel/sched/fair.c:7023) [ 1564.165558] ? dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 1564.165601] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 1564.165634] __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818) [ 1564.165658] ? __alloc_skb (net/core/skbuff.c:706) [ 1564.165698] ? _copy_from_iter (./arch/x86/include/asm/smap.h:42 ./arch/x86/include/asm/uaccess_64.h:134 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272) [ 1564.165730] ? alloc_skb_with_frags (./include/linux/skbuff.h:1383 net/core/skbuff.c:6715) [ 1564.165770] ? packet_parse_headers (./include/linux/skbuff.h:3180 net/packet/af_packet.c:1938) [ 1564.165807] packet_sendmsg (net/packet/af_packet.c:3076 net/packet/af_packet.c:3108) [ 1564.165832] ? netdev_name_node_lookup_rcu (net/core/dev.c:327) [ 1564.165873] __sys_sendto (net/socket.c:718 net/socket.c:733 net/socket.c:2222) [ 1564.165908] ? cpu_clock_sample_group (kernel/time/posix-cpu-timers.c:331 kernel/time/posix-cpu-timers.c:350) [ 1564.165952] __x64_sys_sendto (net/socket.c:2229 net/socket.c:2225 net/socket.c:2225) [ 1564.165984] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) [ 1564.166018] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 1564.166058] RIP: 0033:0x7f2774f3127a [ 1564.166092] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 All code ======== 0: d8 64 89 02 fsubs 0x2(%rcx,%rcx,4) 4: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax b: eb b8 jmp 0xffffffffffffffc5 d: 0f 1f 00 nopl (%rax) 10: f3 0f 1e fa endbr64 14: 41 89 ca mov %ecx,%r10d 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax 1e: 00 1f: 85 c0 test %eax,%eax 21: 75 15 jne 0x38 23: b8 2c 00 00 00 mov $0x2c,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 7e ja 0xb0 32: c3 ret 33: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 38: 41 54 push %r12 3a: 48 83 ec 30 sub $0x30,%rsp 3e: 44 rex.R 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 7e ja 0x86 8: c3 ret 9: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) e: 41 54 push %r12 10: 48 83 ec 30 sub $0x30,%rsp 14: 44 rex.R 15: 89 .byte 0x89 [ 1564.166225] RSP: 002b:00007ffeefc7efa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1564.166280] RAX: ffffffffffffffda RBX: 000000000dab89d0 RCX: 00007f2774f3127a [ 1564.166331] RDX: 0000000000000064 RSI: 000000000dab85c2 RDI: 0000000000000005 [ 1564.166384] RBP: 000000000dab85c2 R08: 00007ffeefc7efb0 R09: 0000000000000014 [ 1564.166435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1564.166488] R13: 0000000000000064 R14: 00007ffeefc7efb0 R15: 0000000000000000 | [ 1564.166569] ---[ end trace 0000000000000000 ]--- | [ 1564.177120] mausezahn (17083) used greatest stack depth: 11712 bytes left | [ 1564.345580] Oops: general protection fault, maybe for address 0xffff938101afa930: 0000 [#1] SMP | [ 1564.345756] Tainted: [W]=WARN [ 1564.345787] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1564.345842] RIP: 0010:dst_dev_put (./include/linux/netdevice.h:4376 ./include/linux/netdevice.h:4476 net/core/dst.c:154) [ 1564.345879] Code: 30 c0 15 b2 8b 48 89 03 48 8b 05 e3 e8 62 01 48 85 c0 74 0a 48 8b 80 18 05 00 00 65 ff 00 48 85 ed 74 0a 48 8b 85 18 05 00 00 <65> ff 08 5b 5d c3 66 90 f3 0f 1e fa 0f 1f 44 00 00 31 c0 c3 0f 1f All code ======== 0: 30 c0 xor %al,%al 2: 15 b2 8b 48 89 adc $0x89488bb2,%eax 7: 03 48 8b add -0x75(%rax),%ecx a: 05 e3 e8 62 01 add $0x162e8e3,%eax f: 48 85 c0 test %rax,%rax 12: 74 0a je 0x1e 14: 48 8b 80 18 05 00 00 mov 0x518(%rax),%rax 1b: 65 ff 00 incl %gs:(%rax) 1e: 48 85 ed test %rbp,%rbp 21: 74 0a je 0x2d 23: 48 8b 85 18 05 00 00 mov 0x518(%rbp),%rax 2a:* 65 ff 08 decl %gs:(%rax) <-- trapping instruction 2d: 5b pop %rbx 2e: 5d pop %rbp 2f: c3 ret 30: 66 90 xchg %ax,%ax 32: f3 0f 1e fa endbr64 36: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 3b: 31 c0 xor %eax,%eax 3d: c3 ret 3e: 0f .byte 0xf 3f: 1f (bad) Code starting with the faulting instruction =========================================== 0: 65 ff 08 decl %gs:(%rax) 3: 5b pop %rbx 4: 5d pop %rbp 5: c3 ret 6: 66 90 xchg %ax,%ax 8: f3 0f 1e fa endbr64 c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 11: 31 c0 xor %eax,%eax 13: c3 ret 14: 0f .byte 0xf 15: 1f (bad) [ 1564.346012] RSP: 0018:ffffae7a00110e88 EFLAGS: 00010286 [ 1564.346054] RAX: ffff938101afa930 RBX: ffff938109974300 RCX: 0000000000000003 [ 1564.346110] RDX: 00000000eb7c0542 RSI: ffffffff8d0a74f0 RDI: ffff938109974300 [ 1564.346175] RBP: ffff938102f5f2c0 R08: ffffffff00000000 R09: ffffffff8b3ca262 [ 1564.346231] R10: ffff9381011e7a80 R11: 00000000000000aa R12: 00003af84e083098 [ 1564.346287] R13: 00003af84e083098 R14: ffff93813ed29c00 R15: 0000000000000000 [ 1564.346345] FS: 0000000000000000(0000) GS:ffff9381b1c85000(0000) knlGS:0000000000000000 [ 1564.346405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1564.346452] CR2: 00005575e3a27548 CR3: 0000000009766002 CR4: 0000000000772ef0 [ 1564.346509] PKRU: 55555554 [ 1564.346531] Call Trace: [ 1564.346550] [ 1564.346572] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 1564.346616] fib_nh_common_release (net/ipv4/fib_semantics.c:207) [ 1564.346655] free_fib_info_rcu (./include/net/nexthop.h:480 (discriminator 3) net/ipv4/fib_semantics.c:229 (discriminator 3)) [ 1564.346686] rcu_core (kernel/rcu/tree.c:2612 kernel/rcu/tree.c:2857) [ 1564.346724] ? rcu_core (kernel/rcu/tree.c:2531 kernel/rcu/tree.c:2857) [ 1564.346754] ? sched_balance_softirq (kernel/sched/fair.c:12340 kernel/sched/fair.c:13027) [ 1564.346800] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 1564.346839] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 1564.346869] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 arch/x86/kernel/apic/apic.c:1056) [ 1564.346910] [ 1564.346931] [ 1564.346954] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 1564.346995] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 1564.347033] Code: 48 8b 3d 44 8d 2f 01 e8 1f 00 00 00 48 2b 05 f8 83 46 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 35 9b 08 00 fb f4 0f 1f 40 d6 8b 17 48 89 fe 89 d7 83 e7 fe 0f 01 f9 66 90 48 c1 All code ======== 0: 48 8b 3d 44 8d 2f 01 mov 0x12f8d44(%rip),%rdi # 0x12f8d4b 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 f8 83 46 00 sub 0x4683f8(%rip),%rax # 0x46840b 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 35 9b 08 00 verw 0x89b35(%rip) # 0x89b5d 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 8b 17 mov (%rdi),%edx 31: 48 89 fe mov %rdi,%rsi 34: 89 d7 mov %edx,%edi 36: 83 e7 fe and $0xfffffffe,%edi 39: 0f 01 f9 rdtscp 3c: 66 90 xchg %ax,%ax 3e: 48 rex.W 3f: c1 .byte 0xc1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 8b 17 mov (%rdi),%edx 7: 48 89 fe mov %rdi,%rsi a: 89 d7 mov %edx,%edi c: 83 e7 fe and $0xfffffffe,%edi f: 0f 01 f9 rdtscp 12: 66 90 xchg %ax,%ax 14: 48 rex.W 15: c1 .byte 0xc1 [ 1564.347159] RSP: 0018:ffffae7a000a7ed0 EFLAGS: 00000216 [ 1564.347197] RAX: ffff9381b1c85000 RBX: ffff9381012e5d00 RCX: 0000000000000000 [ 1564.347252] RDX: 0000000000000002 RSI: ffffffff8c1baf63 RDI: 0000000002ab9a7c [ 1564.347308] RBP: 0000000000000002 R08: 0000000002ab9a7c R09: 00000000000000e6 [ 1564.347364] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 1564.347414] R13: 000001f3fffffc18 R14: 0000000000000000 R15: 0000000000000000 [ 1564.347471] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 1564.347502] default_idle_call (./include/linux/cpuidle.h:144 kernel/sched/idle.c:123) [ 1564.347533] do_idle (kernel/sched/idle.c:192 kernel/sched/idle.c:332) [ 1564.347565] cpu_startup_entry (kernel/sched/idle.c:429 (discriminator 1)) [ 1564.347595] start_secondary (arch/x86/kernel/smpboot.c:312) [ 1564.347627] common_startup_64 (arch/x86/kernel/head_64.S:419) | [ 1564.348013] #PF: error_code(0x0003) - permissions violation | [ 1564.348062] PGD 13848067 P4D 13848067 PUD 13849063 PMD 12a001a1 | [ 1564.348110] Oops: Oops: 0003 [#2] SMP | [ 1564.348230] Tainted: [D]=DIE, [W]=WARN [ 1564.348260] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1564.348306] RIP: 0010:fuse_prepare_release (./include/linux/list.h:203 ./include/linux/list.h:226 ./include/linux/list.h:237 fs/fuse/file.c:304) [ 1564.348352] Code: 00 48 89 df e8 d9 e6 00 00 48 85 ed 74 3e 48 8d bd 10 03 00 00 48 89 3c 24 e8 64 43 6f 00 48 8b 43 38 48 8b 53 30 48 8b 3c 24 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 43 30 48 All code ======== 0: 00 48 89 add %cl,-0x77(%rax) 3: df e8 fucomip %st(0),%st 5: d9 e6 (bad) 7: 00 00 add %al,(%rax) 9: 48 85 ed test %rbp,%rbp c: 74 3e je 0x4c e: 48 8d bd 10 03 00 00 lea 0x310(%rbp),%rdi 15: 48 89 3c 24 mov %rdi,(%rsp) 19: e8 64 43 6f 00 call 0x6f4382 1e: 48 8b 43 38 mov 0x38(%rbx),%rax 22: 48 8b 53 30 mov 0x30(%rbx),%rdx 26: 48 8b 3c 24 mov (%rsp),%rdi 2a:* 48 89 42 08 mov %rax,0x8(%rdx) <-- trapping instruction 2e: 48 89 10 mov %rdx,(%rax) 31: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax 38: 00 ad de 3b: 48 89 43 30 mov %rax,0x30(%rbx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 89 42 08 mov %rax,0x8(%rdx) 4: 48 89 10 mov %rdx,(%rax) 7: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax e: 00 ad de 11: 48 89 43 30 mov %rax,0x30(%rbx) 15: 48 rex.W | [ 1564.350272] Modules linked in: ipt_rpfilter sch_etf sch_fq | [ 1564.350593] RAX: ffff938101afa930 RBX: ffff938109974300 RCX: 0000000000000003 | [ 1564.350634] xfrm_interface act_mirred cls_matchall nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 act_gact cls_flower cls_bpf sch_ingress bonding psample xfrm_user macsec ip6_gre ip_gre gre cls_u32 sch_htb ip6t_rpfilter nft_compat nf_tables vxlan mpls_gso mpls_iptunnel mpls_router [last unloaded: netdevsim] | [ 1564.350647] Tainted: [D]=DIE, [W]=WARN [ 1564.350647] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1564.350648] Call Trace: [ 1564.350649] [ 1564.350650] dump_stack_lvl (lib/dump_stack.c:123) [ 1564.350653] __schedule_bug (kernel/sched/core.c:5806) [ 1564.350656] __schedule (./arch/x86/include/asm/preempt.h:34 kernel/sched/core.c:5833 kernel/sched/core.c:6740) [ 1564.350659] ? _printk (kernel/printk/printk.c:2455) [ 1564.350662] do_task_dead (kernel/sched/core.c:6885 (discriminator 12)) [ 1564.350665] make_task_dead (./include/linux/refcount.h:291 ./include/linux/refcount.h:366 ./include/linux/refcount.h:383 kernel/exit.c:1072) [ 1564.350667] rewind_stack_and_make_dead (??:?) [ 1564.350669] RIP: 0033:0x7fa69603491d [ 1564.350670] Code: Unable to access opcode bytes at 0x7fa6960348f3. Code starting with the faulting instruction =========================================== [ 1564.350670] RSP: 002b:00007ffece390df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1564.350672] RAX: ffffffffffffffda RBX: 00007fa6961509c0 RCX: 00007fa69603491d [ 1564.350672] RDX: 00000000000000e7 RSI: fffffffffffffeb0 RDI: 0000000000000001 [ 1564.350673] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000060 [ 1564.350674] R10: 00007fa695f60010 R11: 0000000000000246 R12: 00007fa6961509c0 Finger prints: dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_core:handle_softirqs __schedule_bug:__schedule:do_task_dead:make_task_dead:rewind_stack_and_make_dead rcuref_put_slowpath:dst_release:rt_cache_route:ip_route_output_key_hash_rcu:ip_route_output_flow fuse_prepare_release