OK. I succeeded to reproduce this problem without BPF program. Just dropping TCP packets is sufficient. That is, this bug should be fixed in RDS code. ------------------------------------------------------------ root@fuzz:~# unshare -n sh -c ' ip link set lo up iptables -A OUTPUT -p tcp --sport 16385 --tcp-flags SYN NONE -m state --state ESTABLISHED,RELATED -j DROP ip6tables -A OUTPUT -p tcp --sport 16385 --tcp-flags SYN NONE -m state --state ESTABLISHED,RELATED -j DROP telnet 127.0.0.1 16385 dmesg -c netstat -tanpe' < /dev/null Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Connection closed by foreign host. [ 54.922280] accepted family 10 tcp ::ffff:127.0.0.1:16385 -> ::ffff:127.0.0.1:58780 refcnt=0 sock_net=ffff888035c98000 init_net=ffffffff860d89c0 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 1 127.0.0.1:58780 127.0.0.1:16385 FIN_WAIT1 0 0 - tcp6 0 0 :::16385 :::* LISTEN 0 18301 - tcp6 1 1 127.0.0.1:16385 127.0.0.1:58780 LAST_ACK 0 0 - ------------------------------------------------------------ ------------------------------------------------------------ fuzz login: [ 54.849128][ T2718] ip (2718) used greatest stack depth: 11192 bytes left [ 54.922280][ T764] accepted family 10 tcp ::ffff:127.0.0.1:16385 -> ::ffff:127.0.0.1:58780 refcnt=0 sock_net=ffff888035c98000 init_net=ffffffff860d89c0 [ 224.330990][ C0] general protection fault, probably for non-canonical address 0x6b6af3ebe92b6bc3: 0000 [#1] PREEMPT SMP [ 224.344491][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc3-00016-gb253435746d9-dirty #767 [ 224.355974][ C0] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 224.361184][ C0] RIP: 0010:__tcp_transmit_skb+0x5e5/0xbf0 [ 224.364559][ C0] Code: 0f 84 33 05 00 00 4c 89 2c 24 49 89 c5 48 c7 40 10 00 00 00 00 e9 c0 fa ff ff 49 8b 46 30 41 0f b7 55 30 48 8b 80 b8 02 00 00 <65> 48 01 50 58 e9 8e fe ff ff 41 8b 86 fc 08 00 00 48 69 c0 e8 03 [ 224.375318][ C0] RSP: 0018:ffffc90000003d38 EFLAGS: 00010297 [ 224.378682][ C0] RAX: 6b6b6b6b6b6b6b6b RBX: 000000009e2a2659 RCX: ffff888104a39000 [ 224.383253][ C0] RDX: 0000000000000001 RSI: ffff8881008054e0 RDI: ffff888035340000 [ 224.387171][ C0] RBP: ffff888100805508 R08: 0000000000000000 R09: 0000000000000000 [ 224.389612][ C0] R10: ffff888104a39140 R11: 0000000000000000 R12: 0000000000000001 [ 224.392646][ C0] R13: ffff8881008054e0 R14: ffff888035340000 R15: 0000000000000020 [ 224.395626][ C0] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 224.398662][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.400880][ C0] CR2: 000056264812f99c CR3: 000000000a58e000 CR4: 00000000000506f0 [ 224.403964][ C0] Call Trace: [ 224.405212][ C0] <IRQ> [ 224.406355][ C0] ? tcp_write_timer_handler+0x280/0x280 [ 224.408259][ C0] tcp_write_wakeup+0x112/0x160 [ 224.409932][ C0] ? ktime_get+0x1cb/0x260 [ 224.411636][ C0] tcp_send_probe0+0x13/0x150 [ 224.413393][ C0] tcp_write_timer_handler+0x248/0x280 [ 224.415433][ C0] tcp_write_timer+0xa5/0x110 [ 224.417040][ C0] ? tcp_write_timer_handler+0x280/0x280 [ 224.419142][ C0] call_timer_fn+0xa6/0x300 [ 224.420949][ C0] __run_timers.part.0+0x209/0x320 [ 224.422915][ C0] run_timer_softirq+0x2c/0x60 [ 224.424791][ C0] __do_softirq+0x174/0x53f [ 224.426462][ C0] __irq_exit_rcu+0xcb/0x120 [ 224.428188][ C0] irq_exit_rcu+0x5/0x20 [ 224.430176][ C0] sysvec_apic_timer_interrupt+0x8e/0xc0 [ 224.432301][ C0] </IRQ> [ 224.433394][ C0] <TASK> [ 224.434514][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 224.436500][ C0] RIP: 0010:default_idle+0xb/0x10 [ 224.438220][ C0] Code: 8b 04 25 40 af 01 00 f0 80 60 02 df c3 0f ae f0 0f ae 38 0f ae f0 eb b9 0f 1f 80 00 00 00 00 eb 07 0f 00 2d e3 b6 56 00 fb f4 <c3> cc cc cc cc 53 48 89 fb e8 67 fb fe ff 48 8b 15 a0 91 4e 02 89 [ 224.444865][ C0] RSP: 0018:ffffffff83e03ea8 EFLAGS: 00000202 [ 224.447077][ C0] RAX: 00000000000223b5 RBX: ffffffff83e61a00 RCX: 0000000000000001 [ 224.449957][ C0] RDX: 0000000000000000 RSI: ffffffff832e9bf1 RDI: ffffffff83246666 [ 224.452916][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 224.455677][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 224.458458][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 224.461642][ C0] default_idle_call+0x54/0x90 [ 224.463888][ C0] do_idle+0x1f3/0x240 [ 224.465531][ C0] cpu_startup_entry+0x14/0x20 [ 224.467193][ C0] start_kernel+0x69c/0x6c1 [ 224.469040][ C0] secondary_startup_64_no_verify+0xc3/0xcb [ 224.471179][ C0] </TASK> [ 224.472438][ C0] Modules linked in: [ 224.474387][ C0] ---[ end trace 0000000000000000 ]--- [ 224.476521][ C0] RIP: 0010:__tcp_transmit_skb+0x5e5/0xbf0 [ 224.478893][ C0] Code: 0f 84 33 05 00 00 4c 89 2c 24 49 89 c5 48 c7 40 10 00 00 00 00 e9 c0 fa ff ff 49 8b 46 30 41 0f b7 55 30 48 8b 80 b8 02 00 00 <65> 48 01 50 58 e9 8e fe ff ff 41 8b 86 fc 08 00 00 48 69 c0 e8 03 [ 224.485948][ C0] RSP: 0018:ffffc90000003d38 EFLAGS: 00010297 [ 224.488110][ C0] RAX: 6b6b6b6b6b6b6b6b RBX: 000000009e2a2659 RCX: ffff888104a39000 [ 224.491186][ C0] RDX: 0000000000000001 RSI: ffff8881008054e0 RDI: ffff888035340000 [ 224.494378][ C0] RBP: ffff888100805508 R08: 0000000000000000 R09: 0000000000000000 [ 224.497576][ C0] R10: ffff888104a39140 R11: 0000000000000000 R12: 0000000000000001 [ 224.500600][ C0] R13: ffff8881008054e0 R14: ffff888035340000 R15: 0000000000000020 [ 224.503814][ C0] FS: 0000000000000000(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000 [ 224.507136][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.509421][ C0] CR2: 000056264812f99c CR3: 000000000a58e000 CR4: 00000000000506f0 [ 224.512699][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 224.515847][ C0] Kernel Offset: disabled [ 224.517636][ C0] Rebooting in 10 seconds.. ------------------------------------------------------------
