XPost: linux.debian.bugs.dist 
 From: csmate@nop.hu 
  
 hi, 
  
 On 10/20/25 08:41, Jason Xing wrote: 
 > Hi, 
 > 
 >> this happens 10/10 on host or in qemu-system-x86_64-kvm running 6.16.12 or 
 6.17.2... 
 > 
 > Thanks for the report. 
 > 
 > I'm wondering if you have time to bisect which recent commit has 
 > brought this problem. It looks like it never happens before 6.16? 
 > 
  
 and now confirming that 6.16.7 survives the reproducer code and 6.16.8 
 crashes... 
  
 below is the decoded and raw 6.17 trace... regarding the exact commit hash, 
 i 
  
 would leave the chance for someone with much more resources than i have at 
 hand.... 
  
 have a nice day, 
  
 csaba 
  
  
  
  
 mc36@noti:~/Downloads/linux-6.17.2/scripts$ ./decode_stacktrace.sh 
 ../../usr/lib/debug/boot/ 
 System.map-6.17.2-cloud-amd64  vmlinux-6.17.2-cloud-amd64 
 mc36@noti:~/Downloads/linux-6.17.2/scripts$ ./decode_stacktrace.sh 
 ../../usr/lib/debug/boot/vmlinux-6.17.2-cloud-amd64 <  ../../6172.txt 
 p4emu login: [  171.272491] BUG: kernel NULL pointer dereference, address: 
 0000000000000000 
 [  171.274678] #PF: supervisor read access in kernel mode 
 [  171.276216] #PF: error_code(0x0000) - not-present page 
 [  171.277732] PGD 0 P4D 0 
 [  171.278531] Oops: Oops: 0000 [#1] SMP NOPTI 
 [  171.279806] CPU: 3 UID: 1 PID: 798 Comm: a.out Not tainted 6. 
 7.2-cloud-amd64 #1 PREEMPT(lazy)  Debian 6.17.2-1~exp1 
 [  171.282885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
 1.17.0-debian-1.17.0-1 04/01/2014 
 [  171.285663] RIP: 0010:xsk_destruct_skb (net/xdp/xsk.c:577 net/xdp/xsk. 
 c:617) 
 [ 171.288015] Code: 48 89 df 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 1f 
 a5 d9 ff 48 8b 43 30 4c 8d 4b 30 48 89 c7 49 39 c1 74 bf 4c 8d 60 f8 <48> 8b 
 00 4c 89 3c 24 4d 89 cf 48 
 89 5c 24 08 89 d3 48 89 74 24 10 
 All code 
 ======== 
     0: 48 89 df              mov    %rbx,%rdi 
     3: 48 83 c4 18           add    $0x18,%rsp 
     7: 5b                    pop    %rbx 
     8: 5d                    pop    %rbp 
     9: 41 5c                 pop    %r12 
     b: 41 5d                 pop    %r13 
     d: 41 5e                 pop    %r14 
     f: 41 5f                 pop    %r15 
    11: e9 1f a5 d9 ff        jmp    0xffffffffffd9a535 
    16: 48 8b 43 30           mov    0x30(%rbx),%rax 
    1a: 4c 8d 4b 30           lea    0x30(%rbx),%r9 
    1e: 48 89 c7              mov    %rax,%rdi 
    21: 49 39 c1              cmp    %rax,%r9 
    24: 74 bf                 je     0xffffffffffffffe5 
    26: 4c 8d 60 f8           lea    -0x8(%rax),%r12 
    2a:* 48 8b 00              mov    (%rax),%rax  <-- trapping instruction 
    2d: 4c 89 3c 24           mov    %r15,(%rsp) 
    31: 4d 89 cf              mov    %r9,%r15 
    34: 48 89 5c 24 08        mov    %rbx,0x8(%rsp) 
    39: 89 d3                 mov    %edx,%ebx 
    3b: 48 89 74 24 10        mov    %rsi,0x10(%rsp) 
  
 Code starting with the faulting instruction 
 =========================================== 
     0: 48 8b 00              mov    (%rax),%rax 
     3: 4c 89 3c 24           mov    %r15,(%rsp) 
     7: 4d 89 cf              mov    %r9,%r15 
     a: 48 89 5c 24 08        mov    %rbx,0x8(%rsp) 
     f: 89 d3                 mov    %edx,%ebx 
    11: 48 89 74 24 10        mov    %rsi,0x10(%rsp) 
 [  171.293459] RSP: 0018:ffffcb43c0160d48 EFLAGS: 00010086 
 [  171.295023] RAX: 0000000000000000 RBX: ffff8a660484e500 RCX: 
 000000000000000 
 [  171.297112] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 
 000000000000000 
 [  171.299266] RBP: 0000000000000001 R08: ffff8a66023b4780 R09: 
 fff8a660484e530 
 [  171.301348] R10: 0000000000000000 R11: fffff1384008ed00 R12: 
 ffffffffffffff8 
 [  171.303453] R13: ffff8a667ddb2c50 R14: ffff8a6603c59400 R15: 
 fff8a6603c594e8 
 [  171.305609] FS:  00007fd4cdcad740(0000) GS:ffff8a66c87ee000(0000) 
 knlGS:0000000000000000 
 [  171.307969] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
 [  171.309663] CR2: 0000000000000000 CR3: 000000000593e003 CR4: 
 000000000372ef0 
 [  171.311756] Call Trace: 
 [  171.313372]   
 [  171.314083] ? napi_complete_done (include/linux/list.h:37 (discriminator 
 2) 
 include/net/gro.h:533 (discriminator 2) include/net/gro.h:528 (discriminator 
 2) include/net/gro.h:540 
 (discriminator 2) net/core/dev.c:6593 (discriminator 2)) 
 [  171.315355] ip_rcv_core (include/linux/skbuff.h:3329 net/ipv4 
 ip_input.c:545) 
 [  171.316400] ip_rcv (net/ipv4/ip_input.c:571) 
 [  171.317303] __netif_receive_skb_one_core (net/core/dev.c:5991 
 (discriminator 6)) 
 [  171.318720] process_backlog (include/linux/rcupdate.h:873 net 
 core/dev.c:6457) 
 [  171.319804] __napi_poll (net/core/dev.c:7506) 
 [  171.320776] net_rx_action (net/core/dev.c:7569 net/core/dev.c:7696) 
 [  171.321816] handle_softirqs (kernel/softirq.c:579) 
 [  171.322885] do_softirq.part.0 (kernel/softirq.c:480 (discriminator 25)) 
 [  171.323949]   
 [  171.324510]   
 [  171.325070] __local_bh_enable_ip (kernel/softirq.c:482 kernel/softirq. 
 c:407) 
 [  171.326122] __dev_direct_xmit (net/core/dev.c:4786) 
 [  171.327208] __xsk_generic_xmit (net/xdp/xsk.c:912) 
 [  171.328253] ? obj_cgroup_charge_account (mm/memcontrol.c:2939 
 (discriminator 2) mm/memcontrol.c:3071 (discriminator 2)) 
 [  171.329506] xsk_sendmsg (net/xdp/xsk.c:953 net/xdp/xsk.c:1007 
 net/xdp/xsk.c:1017) 
 [  171.330424] __sys_sendto (net/socket.c:714 (discriminator 20) 
 net/socket.c:729 (discriminator 20) net/socket.c:2228 (discriminator 20)) 
 [  171.331380] __x64_sys_sendto (net/socket.c:2235 (discriminator 1) 
 net/socket.c:2231 (discriminator 1) net/socket.c:2231 (discriminator 1)) 
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)