====================================== | [ 242.979968][ T4765] ------------[ cut here ]------------ | [ 242.980251][ T4765] refcount_t: decrement hit 0; leaking memory. | [ 242.980474][ T4765] WARNING: lib/refcount.c:31 at refcount_warn_saturate+0x59/0xc0, CPU#4: python3/4765 | [ 242.980843][ T4765] Modules linked in: netdevsim [ 242.981666][ T4765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 242.982056][ T4765] RIP: 0010:refcount_warn_saturate (lib/refcount.c:31 (discriminator 6)) [ 242.982291][ T4765] Code: 07 83 c0 03 38 d0 7c 04 84 d2 75 75 c7 03 00 00 00 c0 83 fd 02 74 5b 76 19 83 fd 03 74 45 83 fd 04 75 22 48 8d 3d 97 b3 52 03 <67> 48 0f b9 3a 5b 5d c3 85 ed 74 1e 48 8d 3d 94 b3 52 03 67 48 0f All code ======== 0: 07 (bad) 1: 83 c0 03 add $0x3,%eax 4: 38 d0 cmp %dl,%al 6: 7c 04 jl 0xc 8: 84 d2 test %dl,%dl a: 75 75 jne 0x81 c: c7 03 00 00 00 c0 movl $0xc0000000,(%rbx) 12: 83 fd 02 cmp $0x2,%ebp 15: 74 5b je 0x72 17: 76 19 jbe 0x32 19: 83 fd 03 cmp $0x3,%ebp 1c: 74 45 je 0x63 1e: 83 fd 04 cmp $0x4,%ebp 21: 75 22 jne 0x45 23: 48 8d 3d 97 b3 52 03 lea 0x352b397(%rip),%rdi # 0x352b3c1 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 5b pop %rbx 30: 5d pop %rbp 31: c3 ret 32: 85 ed test %ebp,%ebp 34: 74 1e je 0x54 36: 48 8d 3d 94 b3 52 03 lea 0x352b394(%rip),%rdi # 0x352b3d1 3d: 67 addr32 3e: 48 rex.W 3f: 0f .byte 0xf Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: 5b pop %rbx 6: 5d pop %rbp 7: c3 ret 8: 85 ed test %ebp,%ebp a: 74 1e je 0x2a c: 48 8d 3d 94 b3 52 03 lea 0x352b394(%rip),%rdi # 0x352b3a7 13: 67 addr32 14: 48 rex.W 15: 0f .byte 0xf [ 242.982905][ T4765] RSP: 0018:ffa000000a96f508 EFLAGS: 00010246 [ 242.983128][ T4765] RAX: 0000000000000003 RBX: ff1100002f1aa608 RCX: 0000000000000001 [ 242.983395][ T4765] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8830c140 [ 242.983648][ T4765] RBP: 0000000000000004 R08: ffffffff84de0d65 R09: 1fe2200005e354c1 [ 242.983893][ T4765] R10: ffe21c0005e354c2 R11: ffe21c0005e354c2 R12: 1ff400000152dea8 [ 242.984145][ T4765] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000002 [ 242.984395][ T4765] FS: 00007fed5cc82400(0000) GS:ff110000e36dd000(0000) knlGS:0000000000000000 [ 242.984687][ T4765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.984891][ T4765] CR2: 00007fed5c3c9160 CR3: 000000000a5cf006 CR4: 0000000000771ef0 [ 242.985142][ T4765] PKRU: 55555554 [ 242.985264][ T4765] Call Trace: [ 242.985385][ T4765] [ 242.985472][ T4765] ref_tracker_free (./include/linux/refcount.h:461 ./include/linux/refcount.h:476 lib/ref_tracker.c:298) [ 242.985637][ T4765] ? ref_tracker_alloc (lib/ref_tracker.c:288) [ 242.985800][ T4765] ? kfree (mm/slub.c:6165 (discriminator 3) mm/slub.c:6483 (discriminator 3)) [ 242.985924][ T4765] udp_tunnel_nic_unregister (./include/linux/netdevice.h:4431 (discriminator 31) ./include/linux/netdevice.h:4492 (discriminator 31) ./include/linux/netdevice.h:4517 (discriminator 31) net/ipv4/udp_tunnel_nic.c:913 (discriminator 31)) [ 242.986094][ T4765] udp_tunnel_nic_netdevice_event (net/ipv4/udp_tunnel_nic.c:943) [ 242.986291][ T4765] ? vxlan_dellink (drivers/net/vxlan/vxlan_core.c:4746) [ 242.986458][ T4765] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 242.986619][ T4765] notifier_call_chain (kernel/notifier.c:87) [ 242.986782][ T4765] unregister_netdevice_many_notify (net/core/dev.c:12471) [ 242.986981][ T4765] ? __mutex_lock (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:88 kernel/locking/mutex.c:133 kernel/locking/mutex.c:617 kernel/locking/mutex.c:776) [ 242.987145][ T4765] ? __mutex_lock (./arch/x86/include/asm/preempt.h:104 kernel/locking/mutex.c:755 kernel/locking/mutex.c:776) [ 242.987301][ T4765] ? unregister_netdevice_queued (net/core/dev.c:12395) [ 242.987498][ T4765] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 242.987659][ T4765] ? nsim_destroy (drivers/net/netdevsim/netdev.c:1186 (discriminator 1)) netdevsim [ 242.987824][ T4765] ? irqentry_enter (kernel/entry/common.c:169) [ 242.987986][ T4765] unregister_netdevice_queue (net/core/dev.c:12344) [ 242.988155][ T4765] ? unregister_netdevice_many (net/core/dev.c:12333) [ 242.988319][ T4765] nsim_destroy (drivers/net/netdevsim/netdev.c:1191) netdevsim [ 242.988485][ T4765] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 242.988644][ T4765] __nsim_dev_port_del (drivers/net/netdevsim/dev.c:444 drivers/net/netdevsim/dev.c:1548) netdevsim [ 242.988843][ T4765] nsim_dev_reload_destroy (drivers/net/netdevsim/dev.c:1559 (discriminator 4) drivers/net/netdevsim/dev.c:1785 (discriminator 4)) netdevsim [ 242.989043][ T4765] nsim_drv_remove (drivers/net/netdevsim/dev.c:1802) netdevsim [ 242.989213][ T4765] device_release_driver_internal (drivers/base/dd.c:1346 drivers/base/dd.c:1367) [ 242.989411][ T4765] bus_remove_device (./include/linux/kobject.h:193 drivers/base/base.h:73 drivers/base/bus.c:664) [ 242.989573][ T4765] ? bus_probe_device (drivers/base/bus.c:634) [ 242.989732][ T4765] ? device_remove_file (drivers/base/core.c:2962) [ 242.989897][ T4765] device_del (drivers/base/core.c:3881) [ 242.990016][ T4765] ? __device_link_del (drivers/base/core.c:3835) [ 242.990180][ T4765] ? sysfs_file_ops (fs/sysfs/file.c:135) [ 242.990340][ T4765] device_unregister (drivers/base/core.c:3798 drivers/base/core.c:3922) [ 242.990498][ T4765] del_device_store (drivers/net/netdevsim/bus.c:248) netdevsim [ 242.990704][ T4765] ? sysfs_file_kobj (./include/linux/rcupdate.h:322 (discriminator 2) ./include/linux/rcupdate.h:881 (discriminator 2) ./include/linux/rcupdate.h:1193 (discriminator 2) fs/sysfs/file.c:24 (discriminator 2)) [ 242.990861][ T4765] ? nsim_bus_dev_numvfs_show (drivers/net/netdevsim/bus.c:215) netdevsim [ 242.991070][ T4765] ? sysfs_file_kobj (fs/sysfs/file.c:26) [ 242.991233][ T4765] ? sysfs_kf_write (fs/sysfs/file.c:139) [ 242.991395][ T4765] kernfs_fop_write_iter (fs/kernfs/file.c:88 fs/kernfs/file.c:356) [ 242.991556][ T4765] ? kernfs_ops (fs/kernfs/file.c:312) [ 242.991676][ T4765] new_sync_write (fs/read_write.c:596 (discriminator 1)) [ 242.991839][ T4765] ? __lock_acquire (kernel/locking/lockdep.c:5237) [ 242.991997][ T4765] ? new_sync_read (fs/read_write.c:586) [ 242.992167][ T4765] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 242.992327][ T4765] ? ksys_write (fs/read_write.c:741) [ 242.992492][ T4765] vfs_write (fs/read_write.c:688) [ 242.992614][ T4765] ksys_write (fs/read_write.c:741) [ 242.992735][ T4765] ? __ia32_sys_read (fs/read_write.c:730) [ 242.992900][ T4765] ? kernfs_fop_llseek (fs/kernfs/file.c:910) [ 242.993062][ T4765] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 242.993226][ T4765] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 242.993386][ T4765] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 242.993545][ T4765] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 242.993741][ T4765] RIP: 0033:0x7fed5ce0a22e [ 242.993916][ T4765] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 94 bd 00 00 call 0xbd9c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 03 ff ff ff call 0xffffffffffffff3c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 03 ff ff ff call 0xffffffffffffff12 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 242.994488][ T4765] RSP: 002b:00007ffc45b7f160 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 242.994730][ T4765] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fed5ce0a22e [ 242.994969][ T4765] RDX: 0000000000000004 RSI: 00005653d175ffa0 RDI: 0000000000000009 [ 242.995212][ T4765] RBP: 00007ffc45b7f170 R08: 0000000000000000 R09: 0000000000000000 [ 242.995456][ T4765] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fed5cc82390 [ 242.995698][ T4765] R13: 00005653d175ffa0 R14: 0000000000000009 R15: 0000000000000003 | [ 243.019641][ T4765] ------------[ cut here ]------------ | [ 243.019882][ T4765] WARNING: lib/ref_tracker.c:248 at ref_tracker_dir_exit+0x54f/0x7e0, CPU#4: python3/4765 | [ 243.020153][ T4765] Modules linked in: netdevsim | [ 243.020656][ T4765] Tainted: [W]=WARN [ 243.020771][ T4765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 243.021165][ T4765] RIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:248 (discriminator 4)) [ 243.021358][ T4765] Code: 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 74 24 10 48 89 ef e8 50 03 62 01 e9 24 ff ff ff 90 0f 0b 90 e9 60 ff ff ff 90 <0f> 0b 90 eb 97 e8 07 61 84 ff e9 43 fb ff ff 48 89 df e8 9a 60 84 All code ======== 0: 00 00 add %al,(%rax) 2: 00 5b 5d add %bl,0x5d(%rbx) 5: 41 5c pop %r12 7: 41 5d pop %r13 9: 41 5e pop %r14 b: 41 5f pop %r15 d: c3 ret e: 48 8b 74 24 10 mov 0x10(%rsp),%rsi 13: 48 89 ef mov %rbp,%rdi 16: e8 50 03 62 01 call 0x162036b 1b: e9 24 ff ff ff jmp 0xffffffffffffff44 20: 90 nop 21: 0f 0b ud2 23: 90 nop 24: e9 60 ff ff ff jmp 0xffffffffffffff89 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: 90 nop 2d: eb 97 jmp 0xffffffffffffffc6 2f: e8 07 61 84 ff call 0xffffffffff84613b 34: e9 43 fb ff ff jmp 0xfffffffffffffb7c 39: 48 89 df mov %rbx,%rdi 3c: e8 .byte 0xe8 3d: 9a (bad) 3e: 60 (bad) 3f: 84 .byte 0x84 Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 90 nop 3: eb 97 jmp 0xffffffffffffff9c 5: e8 07 61 84 ff call 0xffffffffff846111 a: e9 43 fb ff ff jmp 0xfffffffffffffb52 f: 48 89 df mov %rbx,%rdi 12: e8 .byte 0xe8 13: 9a (bad) 14: 60 (bad) 15: 84 .byte 0x84 [ 243.021892][ T4765] RSP: 0018:ffa000000a96f860 EFLAGS: 00010296 [ 243.022078][ T4765] RAX: 0000000000000003 RBX: ff1100002f1aa608 RCX: 0000000000000001 [ 243.022302][ T4765] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ff1100002f1aa608 [ 243.022526][ T4765] RBP: ff1100002f1aa5c0 R08: ffffffff84efd55f R09: 1fe2200005e354c1 [ 243.022747][ T4765] R10: ffe21c0005e354c2 R11: ffe21c0005e354c2 R12: ff1100002f1aa610 [ 243.022966][ T4765] R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000 [ 243.023191][ T4765] FS: 00007fed5cc82400(0000) GS:ff110000e36dd000(0000) knlGS:0000000000000000 [ 243.023450][ T4765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 243.023639][ T4765] CR2: 00007fed5c3c9160 CR3: 000000000a5cf006 CR4: 0000000000771ef0 [ 243.023860][ T4765] PKRU: 55555554 [ 243.023972][ T4765] Call Trace: [ 243.024089][ T4765] [ 243.024168][ T4765] ? ref_tracker_free (lib/ref_tracker.c:220) [ 243.024316][ T4765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 243.024465][ T4765] ? kasan_quarantine_put (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 mm/kasan/quarantine.c:234) [ 243.024613][ T4765] ? kfree (mm/slub.c:6165 (discriminator 3) mm/slub.c:6483 (discriminator 3)) [ 243.024728][ T4765] free_netdev (net/core/dev.c:12248) [ 243.024876][ T4765] __nsim_dev_port_del (drivers/net/netdevsim/dev.c:444 drivers/net/netdevsim/dev.c:1548) netdevsim [ 243.025062][ T4765] nsim_dev_reload_destroy (drivers/net/netdevsim/dev.c:1559 (discriminator 4) drivers/net/netdevsim/dev.c:1785 (discriminator 4)) netdevsim [ 243.025305][ T4765] nsim_drv_remove (drivers/net/netdevsim/dev.c:1802) netdevsim [ 243.025455][ T4765] device_release_driver_internal (drivers/base/dd.c:1346 drivers/base/dd.c:1367) [ 243.025638][ T4765] bus_remove_device (./include/linux/kobject.h:193 drivers/base/base.h:73 drivers/base/bus.c:664) [ 243.025783][ T4765] ? bus_probe_device (drivers/base/bus.c:634) [ 243.025930][ T4765] ? device_remove_file (drivers/base/core.c:2962) [ 243.026079][ T4765] device_del (drivers/base/core.c:3881) [ 243.026246][ T4765] ? __device_link_del (drivers/base/core.c:3835) [ 243.026393][ T4765] ? sysfs_file_ops (fs/sysfs/file.c:135) [ 243.026541][ T4765] device_unregister (drivers/base/core.c:3798 drivers/base/core.c:3922) [ 243.026685][ T4765] del_device_store (drivers/net/netdevsim/bus.c:248) netdevsim [ 243.026866][ T4765] ? sysfs_file_kobj (./include/linux/rcupdate.h:322 (discriminator 2) ./include/linux/rcupdate.h:881 (discriminator 2) ./include/linux/rcupdate.h:1193 (discriminator 2) fs/sysfs/file.c:24 (discriminator 2)) [ 243.027015][ T4765] ? nsim_bus_dev_numvfs_show (drivers/net/netdevsim/bus.c:215) netdevsim [ 243.027254][ T4765] ? sysfs_file_kobj (fs/sysfs/file.c:26) [ 243.027401][ T4765] ? sysfs_kf_write (fs/sysfs/file.c:139) [ 243.027551][ T4765] kernfs_fop_write_iter (fs/kernfs/file.c:88 fs/kernfs/file.c:356) [ 243.027697][ T4765] ? kernfs_ops (fs/kernfs/file.c:312) [ 243.027807][ T4765] new_sync_write (fs/read_write.c:596 (discriminator 1)) [ 243.027953][ T4765] ? __lock_acquire (kernel/locking/lockdep.c:5237) [ 243.028156][ T4765] ? new_sync_read (fs/read_write.c:586) [ 243.028306][ T4765] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 243.028454][ T4765] ? ksys_write (fs/read_write.c:741) [ 243.028604][ T4765] vfs_write (fs/read_write.c:688) [ 243.028716][ T4765] ksys_write (fs/read_write.c:741) [ 243.028826][ T4765] ? __ia32_sys_read (fs/read_write.c:730) [ 243.028971][ T4765] ? kernfs_fop_llseek (fs/kernfs/file.c:910) [ 243.029174][ T4765] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 243.029321][ T4765] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 243.029473][ T4765] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 243.029618][ T4765] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 243.029798][ T4765] RIP: 0033:0x7fed5ce0a22e [ 243.029953][ T4765] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 94 bd 00 00 call 0xbd9c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 03 ff ff ff call 0xffffffffffffff3c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 03 ff ff ff call 0xffffffffffffff12 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 243.030541][ T4765] RSP: 002b:00007ffc45b7f160 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 243.030760][ T4765] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fed5ce0a22e [ 243.030979][ T4765] RDX: 0000000000000004 RSI: 00005653d175ffa0 RDI: 0000000000000009 [ 243.031257][ T4765] RBP: 00007ffc45b7f170 R08: 0000000000000000 R09: 0000000000000000 [ 243.031479][ T4765] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fed5cc82390 [ 243.031698][ T4765] R13: 00005653d175ffa0 R14: 0000000000000009 R15: 0000000000000003 | [ 249.175747][ T4765] refcount_t: saturated; leaking memory. | [ 249.175909][ T4765] WARNING: lib/refcount.c:22 at refcount_warn_saturate+0x6c/0xc0, CPU#0: python3/4765 | [ 249.176486][ T4765] Modules linked in: netdevsim | [ 249.177009][ T4765] Tainted: [W]=WARN [ 249.177154][ T4765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 249.177501][ T4765] RIP: 0010:refcount_warn_saturate (lib/refcount.c:22 (discriminator 6)) [ 249.177699][ T4765] Code: fd 02 74 5b 76 19 83 fd 03 74 45 83 fd 04 75 22 48 8d 3d 97 b3 52 03 67 48 0f b9 3a 5b 5d c3 85 ed 74 1e 48 8d 3d 94 b3 52 03 <67> 48 0f b9 3a 5b 5d c3 48 8d 3d 95 b3 52 03 67 48 0f b9 3a 5b 5d All code ======== 0: fd std 1: 02 74 5b 76 add 0x76(%rbx,%rbx,2),%dh 5: 19 83 fd 03 74 45 sbb %eax,0x457403fd(%rbx) b: 83 fd 04 cmp $0x4,%ebp e: 75 22 jne 0x32 10: 48 8d 3d 97 b3 52 03 lea 0x352b397(%rip),%rdi # 0x352b3ae 17: 67 48 0f b9 3a ud1 (%edx),%rdi 1c: 5b pop %rbx 1d: 5d pop %rbp 1e: c3 ret 1f: 85 ed test %ebp,%ebp 21: 74 1e je 0x41 23: 48 8d 3d 94 b3 52 03 lea 0x352b394(%rip),%rdi # 0x352b3be 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 5b pop %rbx 30: 5d pop %rbp 31: c3 ret 32: 48 8d 3d 95 b3 52 03 lea 0x352b395(%rip),%rdi # 0x352b3ce 39: 67 48 0f b9 3a ud1 (%edx),%rdi 3e: 5b pop %rbx 3f: 5d pop %rbp Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: 5b pop %rbx 6: 5d pop %rbp 7: c3 ret 8: 48 8d 3d 95 b3 52 03 lea 0x352b395(%rip),%rdi # 0x352b3a4 f: 67 48 0f b9 3a ud1 (%edx),%rdi 14: 5b pop %rbx 15: 5d pop %rbp [ 249.178238][ T4765] RSP: 0018:ffa000000a96f610 EFLAGS: 00010202 [ 249.178424][ T4765] RAX: 0000000000000003 RBX: ff110000111b2608 RCX: 0000000000000001 [ 249.178646][ T4765] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8830c150 [ 249.178864][ T4765] RBP: 0000000000000001 R08: ffffffff84de0d65 R09: 1fe22000022364c1 [ 249.179079][ T4765] R10: ffe21c00022364c2 R11: ffe21c00022364c2 R12: 1ff400000152dec6 [ 249.179299][ T4765] R13: 0000000000000820 R14: 0000000000000000 R15: 0000000000000000 [ 249.179517][ T4765] FS: 00007fed5cc82400(0000) GS:ff110000e34dd000(0000) knlGS:0000000000000000 [ 249.179769][ T4765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 249.179951][ T4765] CR2: 00007fed5c32e140 CR3: 000000000a5cf004 CR4: 0000000000771ef0 [ 249.180170][ T4765] PKRU: 55555554 [ 249.180277][ T4765] Call Trace: [ 249.180382][ T4765] [ 249.180456][ T4765] ref_tracker_alloc (./include/linux/refcount.h:291 ./include/linux/refcount.h:366 ./include/linux/refcount.h:383 lib/ref_tracker.c:265) [ 249.180604][ T4765] ? ref_tracker_dir_print (lib/ref_tracker.c:255) [ 249.180751][ T4765] dev_get_by_index (./include/linux/rcupdate.h:879 net/core/dev.c:1003) [ 249.180896][ T4765] netdev_get_by_index_lock_ops_compat (net/core/dev.c:1118) [ 249.181071][ T4765] netdev_nl_queue_get_doit (net/core/netdev-genl.c:571 (discriminator 1)) [ 249.181221][ T4765] genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116) [ 249.181366][ T4765] ? genl_family_rcv_msg_attrs_parse.isra.0 (net/netlink/genetlink.c:1087) [ 249.181546][ T4765] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 249.181690][ T4765] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 249.181837][ T4765] ? is_bpf_text_address (kernel/bpf/core.c:753) [ 249.181983][ T4765] genl_family_rcv_msg (net/netlink/genetlink.c:1194 (discriminator 1)) [ 249.182133][ T4765] ? genl_family_rcv_msg_dumpit (net/netlink/genetlink.c:1159) [ 249.182306][ T4765] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 4) kernel/rcu/tree.c:4032 (discriminator 4)) [ 249.182486][ T4765] ? netdev_nl_napi_set_doit (net/core/netdev-genl.c:552) [ 249.182627][ T4765] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3)) [ 249.182766][ T4765] ? __lock_acquire (kernel/locking/lockdep.c:5237) [ 249.182908][ T4765] ? srcu_funnel_gp_start (kernel/rcu/srcutree.c:1089 (discriminator 1)) [ 249.183050][ T4765] genl_rcv_msg (net/netlink/genetlink.c:65 net/netlink/genetlink.c:1210) [ 249.183198][ T4765] netlink_rcv_skb (net/netlink/af_netlink.c:2550) [ 249.183338][ T4765] ? genl_family_rcv_msg (net/netlink/genetlink.c:1200) [ 249.183482][ T4765] ? netlink_ack (net/netlink/af_netlink.c:2527) [ 249.183627][ T4765] ? netlink_deliver_tap (./include/linux/rcupdate.h:322 (discriminator 2) ./include/linux/rcupdate.h:881 (discriminator 2) ./include/net/netns/generic.h:48 (discriminator 2) net/netlink/af_netlink.c:333 (discriminator 2)) [ 249.183767][ T4765] ? netlink_deliver_tap (./include/linux/rcupdate.h:322 (discriminator 2) ./include/linux/rcupdate.h:881 (discriminator 2) net/netlink/af_netlink.c:340 (discriminator 2)) [ 249.183911][ T4765] genl_rcv (net/netlink/genetlink.c:1219) [ 249.184021][ T4765] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) [ 249.184169][ T4765] ? netlink_attachskb (net/netlink/af_netlink.c:1329) [ 249.184310][ T4765] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 2) net/core/skbuff.c:695 (discriminator 2)) [ 249.184451][ T4765] ? napi_skb_cache_get (net/core/skbuff.c:674) [ 249.184593][ T4765] ? netlink_autobind.isra.0 (./include/linux/rcupdate.h:322 (discriminator 2) ./include/linux/rcupdate.h:881 (discriminator 2) net/netlink/af_netlink.c:814 (discriminator 2)) [ 249.184734][ T4765] ? netlink_autobind.isra.0 (net/netlink/af_netlink.c:827) [ 249.184877][ T4765] netlink_sendmsg (net/netlink/af_netlink.c:1894) [ 249.185020][ T4765] ? netlink_unicast (net/netlink/af_netlink.c:1813) [ 249.185165][ T4765] ? _copy_from_user (./arch/x86/include/asm/smap.h:47 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:141 ./include/linux/uaccess.h:185 lib/usercopy.c:18) [ 249.185307][ T4765] ? netlink_setsockopt (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 net/netlink/af_netlink.c:1714) [ 249.185449][ T4765] __sys_sendto (net/socket.c:722 (discriminator 4) net/socket.c:737 (discriminator 4) net/socket.c:2200 (discriminator 4)) [ 249.185593][ T4765] ? __ia32_sys_getpeername (net/socket.c:2167) [ 249.185733][ T4765] ? kfree (mm/slub.c:6471 (discriminator 1)) [ 249.185844][ T4765] ? put_user_ifreq (net/socket.c:2285) [ 249.185990][ T4765] ? __sys_setsockopt (net/socket.c:2341 (discriminator 1)) [ 249.186135][ T4765] __x64_sys_sendto (net/socket.c:2207 (discriminator 1) net/socket.c:2203 (discriminator 1) net/socket.c:2203 (discriminator 1)) [ 249.186276][ T4765] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 24)) [ 249.186450][ T4765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 249.186594][ T4765] ? do_syscall_64 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./include/linux/entry-common.h:186 arch/x86/entry/syscall_64.c:90) [ 249.186735][ T4765] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 249.186874][ T4765] ? irq_exit_rcu (kernel/softirq.c:741 (discriminator 32)) [ 249.187015][ T4765] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 249.187197][ T4765] RIP: 0033:0x7fed5ce0a22e [ 249.187348][ T4765] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 94 bd 00 00 call 0xbd9c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 03 ff ff ff call 0xffffffffffffff3c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 03 ff ff ff call 0xffffffffffffff12 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 249.187849][ T4765] RSP: 002b:00007ffc45b7eeb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 249.188066][ T4765] RAX: ffffffffffffffda RBX: 00007ffc45b7efc0 RCX: 00007fed5ce0a22e [ 249.188284][ T4765] RDX: 000000000000002c RSI: 00007fed5bfe0050 RDI: 000000000000000f [ 249.188496][ T4765] RBP: 00007ffc45b7eec0 R08: 0000000000000000 R09: 0000000000000000 [ 249.188706][ T4765] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fed5c0941a0 Finger prints: ref_tracker_dir_exit:free_netdev:__nsim_dev_port_del:nsim_dev_reload_destroy:nsim_drv_remove refcount_warn_saturate:ref_tracker_alloc:dev_get_by_index:netdev_get_by_index_lock_ops_compat:netdev_nl_queue_get_doit refcount_warn_saturate:ref_tracker_free:udp_tunnel_nic_unregister:udp_tunnel_nic_netdevice_event:notifier_call_chain