====================================== | [ 1.642741] ------------[ cut here ]------------ | [ 1.642809] rcuref - imbalanced put() | [ 1.642810] WARNING: lib/rcuref.c:266 at 0x0, CPU#2: mausezahn/264 | [ 1.642942] Modules linked in: act_gact cls_flower sch_ingress vxlan [ 1.643099] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1.643169] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 (discriminator 4)) [ 1.643245] Code: c0 75 0d c3 81 fe ff ff ff bf 77 0f 85 f6 78 03 31 c0 c3 c7 07 00 00 00 a0 eb f5 48 83 ec 08 48 89 3c 24 48 8d 3d 30 04 4a 01 <67> 48 0f b9 3a 48 8b 14 24 31 c0 c7 02 00 00 00 e0 48 83 c4 08 c3 All code ======== 0: c0 75 0d c3 shlb $0xc3,0xd(%rbp) 4: 81 fe ff ff ff bf cmp $0xbfffffff,%esi a: 77 0f ja 0x1b c: 85 f6 test %esi,%esi e: 78 03 js 0x13 10: 31 c0 xor %eax,%eax 12: c3 ret 13: c7 07 00 00 00 a0 movl $0xa0000000,(%rdi) 19: eb f5 jmp 0x10 1b: 48 83 ec 08 sub $0x8,%rsp 1f: 48 89 3c 24 mov %rdi,(%rsp) 23: 48 8d 3d 30 04 4a 01 lea 0x14a0430(%rip),%rdi # 0x14a045a 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 48 8b 14 24 mov (%rsp),%rdx 33: 31 c0 xor %eax,%eax 35: c7 02 00 00 00 e0 movl $0xe0000000,(%rdx) 3b: 48 83 c4 08 add $0x8,%rsp 3f: c3 ret Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: 48 8b 14 24 mov (%rsp),%rdx 9: 31 c0 xor %eax,%eax b: c7 02 00 00 00 e0 movl $0xe0000000,(%rdx) 11: 48 83 c4 08 add $0x8,%rsp 15: c3 ret [ 1.643363] RSP: 0018:ff7b7c8300527768 EFLAGS: 00010292 [ 1.643429] RAX: 00000000dfffffff RBX: ff4e80ba8601a000 RCX: ff4e80ba8601a000 [ 1.643503] RDX: ff4e80ba8601a068 RSI: 00000000dfffffff RDI: ffffffffb9c7e6f0 [ 1.643578] RBP: ff7b7c83005277d8 R08: ff4e80ba84fa7d00 R09: 0000000000000001 [ 1.643653] R10: ff4e80ba8601a3c0 R11: 0000000000000000 R12: ff7b7c8300527858 [ 1.643735] R13: ff4e80ba818fc000 R14: 00000000010200c0 R15: 0000000080000000 [ 1.643815] FS: 00007fced3040c40(0000) GS:ff4e80bb04acc000(0000) knlGS:0000000000000000 [ 1.643887] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.643952] CR2: 000055ece2d7ee70 CR3: 00000000068f4003 CR4: 0000000000771ef0 [ 1.644029] PKRU: 55555554 [ 1.644082] Call Trace: [ 1.644137] [ 1.644192] dst_release (./arch/x86/include/asm/preempt.h:95 (discriminator 1) ./include/linux/rcuref.h:174 (discriminator 1) net/core/dst.c:167 (discriminator 1)) [ 1.644267] rt_cache_route (net/ipv4/route.c:1518) [ 1.644330] ? dst_alloc (./include/net/dst_ops.h:59 net/core/dst.c:75 net/core/dst.c:93) [ 1.644391] rt_set_nexthop.isra.0 (net/ipv4/route.c:1622 (discriminator 1)) [ 1.644457] ? rt_dst_alloc (net/ipv4/route.c:1654) [ 1.644517] ip_route_output_key_hash_rcu (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682 net/ipv4/route.c:2875) [ 1.644580] ip_route_output_flow (net/ipv4/route.c:2705 ./include/net/route.h:169 net/ipv4/route.c:2932) [ 1.644640] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 (discriminator 1)) [ 1.644719] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472 (discriminator 4)) vxlan [ 1.644787] ? __fuse_simple_request (fs/fuse/dev.c:702) [ 1.644856] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 1.644922] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 1.644989] ? filemap_get_read_batch (mm/filemap.c:2477) [ 1.645056] ? get_page_from_freelist (mm/page_alloc.c:1226 (discriminator 1) mm/page_alloc.c:1843 (discriminator 1) mm/page_alloc.c:1853 (discriminator 1) mm/page_alloc.c:3879 (discriminator 1)) [ 1.645122] ? dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 1.645187] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 1.645253] __dev_queue_xmit (net/core/dev.c:4817) [ 1.645313] ? __alloc_skb (net/core/skbuff.c:706) [ 1.645374] ? alloc_skb_with_frags (./include/linux/skbuff.h:1383 net/core/skbuff.c:6715) [ 1.645440] packet_sendmsg (net/packet/af_packet.c:3076 (discriminator 1) net/packet/af_packet.c:3108 (discriminator 1)) [ 1.645504] ? account_locked_vm (./include/linux/mmap_lock.h:355 mm/util.c:559 mm/util.c:549) [ 1.645567] __sys_sendto (net/socket.c:721 (discriminator 1) net/socket.c:733 (discriminator 1) net/socket.c:2222 (discriminator 1)) [ 1.645629] __x64_sys_sendto (net/socket.c:2229 (discriminator 1) net/socket.c:2225 (discriminator 1) net/socket.c:2225 (discriminator 1)) [ 1.645690] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 1.645758] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 1.645825] RIP: 0033:0x7fced31f3c5e [ 1.645885] Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 14 bd 00 00 call 0xbd1c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 1.646002] RSP: 002b:00007ffe08260010 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 1.646077] RAX: ffffffffffffffda RBX: 000055ed20871830 RCX: 00007fced31f3c5e [ 1.646153] RDX: 0000000000000064 RSI: 000055ed20871ac2 RDI: 0000000000000005 [ 1.646232] RBP: 00007ffe08260020 R08: 00007ffe08260070 R09: 0000000000000014 [ 1.646307] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ed20871ac2 [ 1.646382] R13: 0000000000000064 R14: 0000000000000005 R15: 000055ece2db4890 | [ 1.646511] ---[ end trace 0000000000000000 ]--- | [ 1.651832] mausezahn (264) used greatest stack depth: 11616 bytes left | [ 1.938711] Oops: general protection fault, probably for non-canonical address 0x50000010000004a: 0000 [#1] SMP | [ 1.938848] Tainted: [W]=WARN [ 1.938869] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1.938902] RIP: 0010:dst_dev_put (net/core/dst.c:149) [ 1.938931] Code: e8 57 56 29 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 0f 1f 44 00 00 b8 02 00 00 00 55 48 8b 2f 53 48 89 fb 66 89 47 3a 48 8b 47 08 <48> 8b 40 38 48 85 c0 74 05 48 89 ee ff d0 48 c7 43 28 40 33 b7 b8 All code ======== 0: e8 57 56 29 00 call 0x29565c 5: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) c: f3 0f 1e fa endbr64 10: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 15: b8 02 00 00 00 mov $0x2,%eax 1a: 55 push %rbp 1b: 48 8b 2f mov (%rdi),%rbp 1e: 53 push %rbx 1f: 48 89 fb mov %rdi,%rbx 22: 66 89 47 3a mov %ax,0x3a(%rdi) 26: 48 8b 47 08 mov 0x8(%rdi),%rax 2a:* 48 8b 40 38 mov 0x38(%rax),%rax <-- trapping instruction 2e: 48 85 c0 test %rax,%rax 31: 74 05 je 0x38 33: 48 89 ee mov %rbp,%rsi 36: ff d0 call *%rax 38: 48 c7 43 28 40 33 b7 movq $0xffffffffb8b73340,0x28(%rbx) 3f: b8 Code starting with the faulting instruction =========================================== 0: 48 8b 40 38 mov 0x38(%rax),%rax 4: 48 85 c0 test %rax,%rax 7: 74 05 je 0xe 9: 48 89 ee mov %rbp,%rsi c: ff d0 call *%rax e: 48 c7 43 28 40 33 b7 movq $0xffffffffb8b73340,0x28(%rbx) 15: b8 [ 1.939032] RSP: 0018:ff7b7c8300003e80 EFLAGS: 00010286 [ 1.939059] RAX: 0500000100000012 RBX: ff4e80ba8601a300 RCX: 0000000000000002 [ 1.939097] RDX: 005efbc7fb236e78 RSI: ffffffffffffffff RDI: ff4e80ba8601a300 [ 1.939137] RBP: 000000000000002f R08: ff4e80ba83643780 R09: 00000000002a001c [ 1.939172] R10: ff4e80ba81034200 R11: ff4e80ba83643780 R12: ff4e80ba84fa7de8 [ 1.939210] R13: ff7b7c8300003f40 R14: 0000000000000019 R15: 0000000000000000 [ 1.939260] FS: 0000000000000000(0000) GS:ff4e80bb049cc000(0000) knlGS:0000000000000000 [ 1.939306] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.939337] CR2: 00007ff5dedaea48 CR3: 000000003d846003 CR4: 0000000000771ef0 [ 1.939376] PKRU: 55555554 [ 1.939390] Call Trace: [ 1.939403] [ 1.939418] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 1.939451] fib_nh_common_release (net/ipv4/fib_semantics.c:207) [ 1.939481] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 1.939502] rcu_core (kernel/rcu/tree.c:2612 (discriminator 1) kernel/rcu/tree.c:2857 (discriminator 1)) [ 1.939528] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 1.939554] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 1.939574] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 1.939607] [ 1.939625] [ 1.939641] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 1.939668] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 1.939701] Code: 48 8b 3d 74 3a 44 01 e8 1f 00 00 00 48 2b 05 28 a1 60 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d a5 b8 21 00 fb f4 0f 1f 40 d6 8b 17 89 d6 83 e6 fe 0f 01 f9 66 90 48 c1 e2 20 48 All code ======== 0: 48 8b 3d 74 3a 44 01 mov 0x1443a74(%rip),%rdi # 0x1443a7b 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 28 a1 60 00 sub 0x60a128(%rip),%rax # 0x60a13b 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d a5 b8 21 00 verw 0x21b8a5(%rip) # 0x21b8cd 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 8b 17 mov (%rdi),%edx 31: 89 d6 mov %edx,%esi 33: 83 e6 fe and $0xfffffffe,%esi 36: 0f 01 f9 rdtscp 39: 66 90 xchg %ax,%ax 3b: 48 c1 e2 20 shl $0x20,%rdx 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 8b 17 mov (%rdi),%edx 7: 89 d6 mov %edx,%esi 9: 83 e6 fe and $0xfffffffe,%esi c: 0f 01 f9 rdtscp f: 66 90 xchg %ax,%ax 11: 48 c1 e2 20 shl $0x20,%rdx 15: 48 rex.W [ 1.939794] RSP: 0018:ffffffffb9a03e80 EFLAGS: 00000216 [ 1.939824] RAX: ff4e80bb049cc000 RBX: ffffffffb9a11980 RCX: 0000000000000000 [ 1.939862] RDX: 4000000000000000 RSI: 0000000000000000 RDI: 000000000002d91c [ 1.939901] RBP: 0000000000000000 R08: 000000000002d91c R09: ff4e80babec24990 [ 1.939946] R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000000 [ 1.939983] R13: 0000000000000000 R14: ffffffffb9a11098 R15: 0000000000014770 [ 1.940021] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 1.940049] default_idle_call (./include/linux/cpuidle.h:144 kernel/sched/idle.c:123) [ 1.940070] do_idle (kernel/sched/idle.c:192 kernel/sched/idle.c:332) [ 1.940096] cpu_startup_entry (kernel/sched/idle.c:429) [ 1.940115] rest_init (init/main.c:757) [ 1.940137] start_kernel (init/main.c:1111) [ 1.940165] x86_64_start_reservations (arch/x86/kernel/head64.c:310) [ 1.940195] x86_64_start_kernel (??:?) Finger prints: rcuref_put_slowpath:dst_release:rt_cache_route:ip_route_output_key_hash_rcu:ip_route_output_flow dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_core:handle_softirqs