Rechecked today on artful: OVS: 2.8.0-0ubuntu2 Kernel: 4.13.0-16-generic Based on the cloud image of today, which is post release. Still crashing with the simple steps to reproduce I listed above: [ 37.370757] IP: add_grec+0x28/0x440 [ 37.371002] *pdpt = 000000001dacc001 *pde = 0000000000000000 [ 37.371004] [ 37.371499] Oops: 0000 [#1] SMP [ 37.371757] Modules linked in: veth openvswitch nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_defrag_ipv6 nf_nat nf_conntrack libcrc32c 9p fscache kvm_intel ppdev kvm irqbypass 9pnet_virtio joydev input_leds serio_raw 9pnet parport_pc parport mac_hid i2c_piix4 qemu_fw_cfg ip_tables x_tables autofs4 btrfs xor raid6_pq psmouse virtio_blk virtio_net pata_acpi floppy [ 37.375047] CPU: 0 PID: 2148 Comm: iperf Tainted: G W 4.13.0-16-generic #19-Ubuntu [ 37.375872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1~cloud0 04/01/2014 [ 37.376775] task: dd9c3a80 task.stack: ddb1e000 [ 37.377206] EIP: add_grec+0x28/0x440 [ 37.377548] EFLAGS: 00010202 CPU: 0 [ 37.377880] EAX: 00000000 EBX: dd9e8540 ECX: 00000006 EDX: dd9e8540 [ 37.378470] ESI: ddacee00 EDI: ddacee00 EBP: db8c5f30 ESP: db8c5ef0 [ 37.379063] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 37.379572] CR0: 80050033 CR2: 00000000 CR3: 1efb1080 CR4: 000006f0 [ 37.380167] Call Trace: [ 37.380404] [ 37.380632] mld_ifc_timer_expire+0xfe/0x250 [ 37.381037] ? mld_dad_timer_expire+0x50/0x50 [ 37.381451] call_timer_fn+0x30/0x120 [ 37.381800] ? mld_dad_timer_expire+0x50/0x50 [ 37.382214] ? mld_dad_timer_expire+0x50/0x50 [ 37.382627] run_timer_softirq+0x3c5/0x420 [ 37.383015] ? __softirqentry_text_start+0x8/0x8 [ 37.383452] __do_softirq+0xa9/0x245 [ 37.383822] ? __softirqentry_text_start+0x8/0x8 [ 37.384260] do_softirq_own_stack+0x24/0x30 [ 37.384655] [ 37.384892] irq_exit+0xad/0xb0 [ 37.385191] smp_apic_timer_interrupt+0x38/0x50 [ 37.385620] apic_timer_interrupt+0x39/0x40 [ 37.386017] EIP: __copy_user_ll+0x3e/0xf0 [ 37.386395] EFLAGS: 00010246 CPU: 0 [ 37.386726] EAX: b6700b50 EBX: 00000000 ECX: 000013d0 EDX: dd1d0c00 [ 37.387315] ESI: dd1d30c0 EDI: b6703010 EBP: ddb1fd34 ESP: ddb1fd28 [ 37.387908] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 37.388417] ? tcp_rcv_established+0x3b/0x6e0 [ 37.388831] copyout+0x21/0x30 [ 37.389123] copy_page_to_iter+0x1c6/0x3a0 [ 37.389512] skb_copy_datagram_iter+0x133/0x250 [ 37.389940] tcp_recvmsg+0x219/0xb40 [ 37.390277] inet_recvmsg+0x4a/0xc0 [ 37.390606] sock_recvmsg+0x36/0x40 [ 37.390934] SYSC_recvfrom+0xd0/0x150 [ 37.391280] ? set_next_entity+0xb7/0x2c0 [ 37.391654] ? pick_next_task_fair+0x523/0x5d0 [ 37.392075] SyS_socketcall+0x2c6/0x670 [ 37.392436] ? _copy_to_user+0x21/0x30 [ 37.392789] ? put_timespec64+0x34/0x60 [ 37.393147] ? SyS_clock_gettime+0x5b/0xa0 [ 37.393530] do_fast_syscall_32+0x71/0x150 [ 37.393915] entry_SYSENTER_32+0x4e/0x7c [ 37.394280] EIP: 0xb7fb0cf9 [ 37.394543] EFLAGS: 00000293 CPU: 0 [ 37.394870] EAX: ffffffda EBX: 0000000a ECX: b5efe25c EDX: 00000000 [ 37.395448] ESI: b7cf7000 EDI: b6700b30 EBP: b6720b60 ESP: b5efe240 [ 37.396033] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b [ 37.396533] Code: 00 00 00 3e 8d 74 26 00 55 89 e5 57 56 53 89 c6 83 ec 34 89 4d e8 65 a1 14 00 00 00 89 45 f0 31 c0 8b 42 10 f6 42 48 08 89 45 cc <8b> 00 c7 45 ec 00 00 00 00 89 45 c8 89 f0 0f 85 b4 02 00 00 8b [ 37.398275] EIP: add_grec+0x28/0x440 SS:ESP: 0068:db8c5ef0 [ 37.398783] CR2: 0000000000000000 [ 37.399097] ---[ end trace 7e31f16756dddc4e ]--- [ 37.399556] Kernel panic - not syncing: Fatal exception in interrupt [ 37.400269] Kernel Offset: 0x14000000 from 0xc1000000 (relocation range: 0xc0000000-0xdfbfdfff) [ 37.401102] ---[ end Kernel panic - not syncing: Fatal exception in interrupt