====================================== | [ 1734.886589][ T8976] tun: Universal TUN/TAP device driver, 1.6 | [ 1759.494480][ T9063] packetdrill (9063) used greatest stack depth: 23128 bytes left | [ 1794.749385][ C3] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI | [ 1794.749846][ C3] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] [ 1794.750301][ C3] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 1794.750647][ C3] RIP: 0010:__inet_csk_reqsk_queue_drop (./include/linux/list.h:958 ./include/net/sock.h:744 ./include/net/sock.h:749 net/ipv4/inet_connection_sock.c:1042 net/ipv4/inet_connection_sock.c:1058) [ 1794.750857][ C3] Code: 00 00 00 00 00 fc ff df 41 57 4c 8d 7e 70 41 56 41 55 41 89 d5 4c 89 fa 41 54 48 c1 ea 03 55 48 89 f5 53 48 89 fb 48 83 ec 08 <80> 3c 02 00 0f 85 6c 05 00 00 45 31 e4 48 83 7d 70 00 0f 84 0f 01 All code ======== 0: 00 00 add %al,(%rax) 2: 00 00 add %al,(%rax) 4: 00 fc add %bh,%ah 6: ff (bad) 7: df 41 57 filds 0x57(%rcx) a: 4c 8d 7e 70 lea 0x70(%rsi),%r15 e: 41 56 push %r14 10: 41 55 push %r13 12: 41 89 d5 mov %edx,%r13d 15: 4c 89 fa mov %r15,%rdx 18: 41 54 push %r12 1a: 48 c1 ea 03 shr $0x3,%rdx 1e: 55 push %rbp 1f: 48 89 f5 mov %rsi,%rbp 22: 53 push %rbx 23: 48 89 fb mov %rdi,%rbx 26: 48 83 ec 08 sub $0x8,%rsp 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 6c 05 00 00 jne 0x5a0 34: 45 31 e4 xor %r12d,%r12d 37: 48 83 7d 70 00 cmpq $0x0,0x70(%rbp) 3c: 0f .byte 0xf 3d: 84 0f test %cl,(%rdi) 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 6c 05 00 00 jne 0x576 a: 45 31 e4 xor %r12d,%r12d d: 48 83 7d 70 00 cmpq $0x0,0x70(%rbp) 12: 0f .byte 0xf 13: 84 0f test %cl,(%rdi) 15: 01 .byte 0x1 [ 1794.751383][ C3] RSP: 0018:ffffc90000298c28 EFLAGS: 00010296 [ 1794.751578][ C3] RAX: dffffc0000000000 RBX: ffff888007810040 RCX: 1ffff110003765a7 [ 1794.751818][ C3] RDX: 000000000000000e RSI: 0000000000000000 RDI: ffff888007810040 [ 1794.752043][ C3] RBP: 0000000000000000 R08: ffffffffab73fedf R09: fffffbfff5b6e809 [ 1794.752260][ C3] R10: ffffffffadb7404f R11: 0000000000000001 R12: 0000000000000000 [ 1794.752482][ C3] R13: 0000000000000001 R14: ffff88800571c0a0 R15: 0000000000000070 [ 1794.752698][ C3] FS: 0000000000000000(0000) GS:ffff888036180000(0000) knlGS:0000000000000000 [ 1794.752981][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1794.753185][ C3] CR2: 00007fa707882270 CR3: 0000000008df8005 CR4: 0000000000772ef0 [ 1794.753410][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1794.753622][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1794.753841][ C3] PKRU: 55555554 [ 1794.753953][ C3] Call Trace: [ 1794.754069][ C3] <IRQ> [ 1794.754146][ C3] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [ 1794.754264][ C3] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) [ 1794.754419][ C3] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) [ 1794.754578][ C3] ? reuseport_migrate_sock (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/sock_reuseport.c:674) [ 1794.754729][ C3] ? __inet_csk_reqsk_queue_drop (./include/linux/list.h:958 ./include/net/sock.h:744 ./include/net/sock.h:749 net/ipv4/inet_connection_sock.c:1042 net/ipv4/inet_connection_sock.c:1058) [ 1794.754912][ C3] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) [ 1794.755066][ C3] reqsk_timer_handler (./include/net/request_sock.h:148 net/ipv4/inet_connection_sock.c:1194) [ 1794.755218][ C3] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) [ 1794.755367][ C3] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 1794.755514][ C3] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) [ 1794.755667][ C3] ? call_timer_fn (kernel/time/timer.c:1791) [ 1794.755822][ C3] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1794.755966][ C3] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) [ 1794.756111][ C3] call_timer_fn (kernel/time/timer.c:1794) [ 1794.756257][ C3] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1784) [ 1794.756409][ C3] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1784) [ 1794.756561][ C3] ? __pfx_call_timer_fn (kernel/time/timer.c:1771) [ 1794.756705][ C3] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) [ 1794.756818][ C3] __run_timers (kernel/time/timer.c:1846 kernel/time/timer.c:2419) [ 1794.756968][ C3] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) [ 1794.757126][ C3] ? __pfx___run_timers (kernel/time/timer.c:2390) [ 1794.757286][ C3] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) [ 1794.757437][ C3] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) [ 1794.757597][ C3] ? lock_acquire (kernel/locking/lockdep.c:5798) [ 1794.757747][ C3] ? run_timer_softirq (kernel/time/timer.c:2430 kernel/time/timer.c:2423 kernel/time/timer.c:2439 kernel/time/timer.c:2447) [ 1794.757919][ C3] run_timer_softirq (kernel/time/timer.c:2431 kernel/time/timer.c:2423 kernel/time/timer.c:2439 kernel/time/timer.c:2447) [ 1794.758079][ C3] handle_softirqs (kernel/softirq.c:554) [ 1794.758236][ C3] irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649) [ 1794.758352][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1037 arch/x86/kernel/apic/apic.c:1037) [ 1794.758512][ C3] </IRQ> [ 1794.758599][ C3] <TASK> [ 1794.758680][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) [ 1794.758866][ C3] RIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743) [ 1794.759024][ C3] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 ba 3f 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 All code ======== 0: 4c 01 c7 add %r8,%rdi 3: 4c 29 c2 sub %r8,%rdx 6: e9 72 ff ff ff jmp 0xffffffffffffff7d b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: f3 0f 1e fa endbr64 1f: 66 90 xchg %ax,%ax 21: 0f 00 2d 23 ba 3f 00 verw 0x3fba23(%rip) # 0x3fba4b 28: fb sti 29: f4 hlt 2a:* fa cli <-- trapping instruction 2b: c3 ret 2c: cc int3 2d: cc int3 2e: cc int3 2f: cc int3 30: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) 37: 00 00 00 00 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: 90 nop 3f: 90 nop Code starting with the faulting instruction =========================================== 0: fa cli 1: c3 ret 2: cc int3 3: cc int3 4: cc int3 5: cc int3 6: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1) d: 00 00 00 00 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop [ 1794.759554][ C3] RSP: 0018:ffffc9000017fdf8 EFLAGS: 00000246 [ 1794.759754][ C3] RAX: 0000000002e8cda9 RBX: 1ffff9200002ffc1 RCX: ffffffffabe658f5 [ 1794.759977][ C3] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffa96b2564 [ 1794.760187][ C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1006c370e2 [ 1794.760413][ C3] R10: ffff8880361b8713 R11: ffff8880361ad9b0 R12: 0000000000000000 [ 1794.760643][ C3] R13: ffff888001bb2300 R14: dffffc0000000000 R15: 0000000000000000 [ 1794.760871][ C3] ? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:147) [ 1794.761021][ C3] ? cpuidle_idle_call (kernel/sched/idle.c:186) [ 1794.761178][ C3] default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118) [ 1794.761328][ C3] cpuidle_idle_call (kernel/sched/idle.c:186) [ 1794.761485][ C3] ? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168) [ 1794.761636][ C3] ? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59) [ 1794.761797][ C3] do_idle (kernel/sched/idle.c:326) [ 1794.761913][ C3] cpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1)) [ 1794.762064][ C3] start_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282) [ 1794.762220][ C3] ? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232) Finger prints: __inet_csk_reqsk_queue_drop:reqsk_timer_handler:call_timer_fn:__run_timers:run_timer_softirq