====================================== | [ 2020.390324][T30233] ------------[ cut here ]------------ | [ 2020.390637][T30233] rcuref - imbalanced put() | [ 2020.390639][T30233] WARNING: lib/rcuref.c:266 at 0x0, CPU#0: mausezahn/30233 | [ 2020.391022][T30233] Modules linked in: pktgen nft_chain_nat xt_nat cls_bpf act_gact cls_flower sch_ingress bonding xfrm_user macsec ip6_gre ip_gre gre cls_u32 sch_htb vxlan openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh xt_HL nft_compat nf_tables amt [last unloaded: ila] [ 2020.392052][T30233] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2020.392236][T30233] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 (discriminator 4)) [ 2020.392433][T30233] Code: c0 03 38 d0 7c 04 84 d2 75 6a c7 03 00 00 00 a0 31 c0 eb 8f 48 8d 7c 24 20 e8 3b c4 9a ff e9 6e ff ff ff 48 8d 3d 6f fd 40 03 <67> 48 0f b9 3a be 04 00 00 00 48 89 df e8 0d c9 9a ff 48 89 d8 48 All code ======== 0: c0 03 38 rolb $0x38,(%rbx) 3: d0 7c 04 84 sarb $1,-0x7c(%rsp,%rax,1) 7: d2 75 6a shlb %cl,0x6a(%rbp) a: c7 03 00 00 00 a0 movl $0xa0000000,(%rbx) 10: 31 c0 xor %eax,%eax 12: eb 8f jmp 0xffffffffffffffa3 14: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 19: e8 3b c4 9a ff call 0xffffffffff9ac459 1e: e9 6e ff ff ff jmp 0xffffffffffffff91 23: 48 8d 3d 6f fd 40 03 lea 0x340fd6f(%rip),%rdi # 0x340fd99 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: be 04 00 00 00 mov $0x4,%esi 34: 48 89 df mov %rbx,%rdi 37: e8 0d c9 9a ff call 0xffffffffff9ac949 3c: 48 89 d8 mov %rbx,%rax 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: be 04 00 00 00 mov $0x4,%esi a: 48 89 df mov %rbx,%rdi d: e8 0d c9 9a ff call 0xffffffffff9ac91f 12: 48 89 d8 mov %rbx,%rax 15: 48 rex.W [ 2020.392964][T30233] RSP: 0018:ffa0000001fb7320 EFLAGS: 00010206 [ 2020.393152][T30233] RAX: 0000000000000000 RBX: ff110000050bde80 RCX: 0000000000000001 [ 2020.393373][T30233] RDX: 0000000000000001 RSI: 00000000dfffffff RDI: ffffffffa24e0e20 [ 2020.393592][T30233] RBP: dffffc0000000000 R08: ffffffff9fcdc1d9 R09: ffe21c0000a17bd0 [ 2020.393816][T30233] R10: ffe21c0000a17bd1 R11: 0000000000000001 R12: ff110000050bde40 [ 2020.394039][T30233] R13: 1ff40000003f6e64 R14: ff110000050bdb40 R15: ff11000011599080 [ 2020.394273][T30233] FS: 00007fa6fe9c1c40(0000) GS:ff110000c940b000(0000) knlGS:0000000000000000 [ 2020.394531][T30233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2020.395094][T30233] CR2: 00007ffca526e238 CR3: 000000000a6ae005 CR4: 0000000000771ef0 [ 2020.395325][T30233] PKRU: 55555554 [ 2020.395441][T30233] Call Trace: [ 2020.395553][T30233] [ 2020.395631][T30233] ? rcuref_get_slowpath (lib/rcuref.c:238) [ 2020.395779][T30233] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 2020.395932][T30233] dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167) [ 2020.396042][T30233] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 2020.396186][T30233] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 2020.396332][T30233] rt_cache_route (net/ipv4/route.c:1518) [ 2020.396478][T30233] rt_set_nexthop.isra.0 (net/ipv4/route.c:1622 (discriminator 1)) [ 2020.396624][T30233] __mkroute_output (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682) [ 2020.396770][T30233] ip_route_output_key_hash (net/ipv4/route.c:2705) [ 2020.396920][T30233] ? ip_route_output_key_hash_rcu (net/ipv4/route.c:2693) [ 2020.397099][T30233] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 2020.397243][T30233] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 2020.397389][T30233] ip_route_output_flow (net/ipv4/route.c:2934 (discriminator 1)) [ 2020.397532][T30233] ? __asan_memset (mm/kasan/shadow.c:84 (discriminator 2)) [ 2020.397680][T30233] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 (discriminator 1)) [ 2020.397825][T30233] ? udp_tunnel_sock_release (net/ipv4/udp_tunnel_core.c:237) [ 2020.397976][T30233] ? vxlan_xmit_one (./include/linux/rcupdate.h:331 (discriminator 1) ./include/linux/rcupdate.h:867 (discriminator 1) drivers/net/vxlan/vxlan_core.c:2455 (discriminator 1)) vxlan [ 2020.398125][T30233] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 2020.398271][T30233] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472 (discriminator 4)) vxlan [ 2020.398420][T30233] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24 (discriminator 3)) [ 2020.398571][T30233] ? vxlan_fdb_delete (drivers/net/vxlan/vxlan_core.c:2337) vxlan [ 2020.398720][T30233] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1)) [ 2020.398869][T30233] ? vxlan_find_mac_rcu (./include/linux/rhashtable.h:632 (discriminator 4) ./include/linux/rhashtable.h:670 (discriminator 4) drivers/net/vxlan/vxlan_core.c:392 (discriminator 4)) vxlan [ 2020.399052][T30233] ? vxlan_find_sock (drivers/net/vxlan/vxlan_core.c:382) vxlan [ 2020.399197][T30233] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 2020.399347][T30233] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 2020.399493][T30233] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 2020.399642][T30233] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 2020.399787][T30233] __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818) [ 2020.399934][T30233] ? _copy_from_iter (./arch/x86/include/asm/smap.h:47 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272) [ 2020.400076][T30233] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:672 (discriminator 1)) [ 2020.400222][T30233] ? napi_skb_cache_get (net/core/skbuff.c:650) [ 2020.400369][T30233] ? _copy_from_iter_flushcache (lib/iov_iter.c:266) [ 2020.400546][T30233] ? netdev_core_pick_tx (net/core/dev.c:4725) [ 2020.400690][T30233] ? packet_parse_headers (./include/linux/skbuff.h:3180 (discriminator 1) net/packet/af_packet.c:1938 (discriminator 1)) [ 2020.400838][T30233] ? sock_alloc_send_pskb (net/core/sock.c:2998) [ 2020.400990][T30233] packet_snd (net/packet/af_packet.c:3076 (discriminator 1)) [ 2020.401138][T30233] ? tpacket_snd (net/packet/af_packet.c:2940) [ 2020.401281][T30233] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 2020.401429][T30233] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 2020.401575][T30233] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 2020.401717][T30233] __sys_sendto (net/socket.c:721 (discriminator 1) net/socket.c:733 (discriminator 1) net/socket.c:2222 (discriminator 1)) [ 2020.401868][T30233] ? __ia32_sys_getpeername (net/socket.c:2189) [ 2020.402015][T30233] ? sock_ioctl (net/socket.c:1367) [ 2020.402163][T30233] ? __x64_sys_clock_gettime (kernel/time/posix-timers.c:1146 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2)) [ 2020.402310][T30233] __x64_sys_sendto (net/socket.c:2229 (discriminator 1) net/socket.c:2225 (discriminator 1) net/socket.c:2225 (discriminator 1)) [ 2020.402454][T30233] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2020.402597][T30233] ? do_syscall_64 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./include/linux/entry-common.h:108 arch/x86/entry/syscall_64.c:90) [ 2020.402740][T30233] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 2020.402892][T30233] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 2020.403069][T30233] RIP: 0033:0x7fa6feb74c5e [ 2020.403221][T30233] Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 14 bd 00 00 call 0xbd1c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 2020.403735][T30233] RSP: 002b:00007ffca5274140 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 2020.403959][T30233] RAX: ffffffffffffffda RBX: 000055b737fe2830 RCX: 00007fa6feb74c5e [ 2020.404176][T30233] RDX: 0000000000000064 RSI: 000055b737fe2ac2 RDI: 0000000000000005 [ 2020.404393][T30233] RBP: 00007ffca5274150 R08: 00007ffca52741a0 R09: 0000000000000014 [ 2020.404606][T30233] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b737fe2ac2 [ 2020.404823][T30233] R13: 0000000000000064 R14: 0000000000000005 R15: 000055b733d12890 | [ 2021.005160][ C2] BUG: KASAN: slab-use-after-free in dst_dev_put (net/core/dst.c:146) | [ 2021.005306][ C2] Read of size 8 at addr ff110000050bdcc0 by task swapper/2/0 | [ 2021.005444][ C2] | [ 2021.005499][ C2] Tainted: [W]=WARN [ 2021.005500][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2021.005502][ C2] Call Trace: [ 2021.005504][ C2] [ 2021.005505][ C2] dump_stack_lvl (lib/dump_stack.c:122) [ 2021.005512][ C2] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 2021.005516][ C2] print_report (mm/kasan/report.c:483) [ 2021.005517][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2021.005519][ C2] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2197 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 2021.005524][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2021.005525][ C2] kasan_report (mm/kasan/report.c:597) [ 2021.005529][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2021.005531][ C2] dst_dev_put (net/core/dst.c:146) [ 2021.005533][ C2] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 2021.005538][ C2] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 2021.005540][ C2] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 2021.005542][ C2] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 2021.005545][ C2] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 2021.005547][ C2] ? rcu_start_this_gp (kernel/rcu/tree.c:1018) [ 2021.005550][ C2] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 2021.005552][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2021.005555][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 2021.005558][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2021.005561][ C2] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 2021.005564][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 2021.005566][ C2] rcu_core (kernel/rcu/tree.c:2859) [ 2021.005567][ C2] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 2021.005570][ C2] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 2021.005572][ C2] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 2021.005574][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 2021.005576][ C2] [ 2021.005577][ C2] [ 2021.005578][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 2021.005580][ C2] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 2021.005582][ C2] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 2021.005584][ C2] RSP: 0018:ffa0000000147de8 EFLAGS: 00000296 [ 2021.005588][ C2] RAX: 0000000002b978df RBX: ff11000001ada2c0 RCX: ffffffff9e284c3f [ 2021.005589][ C2] RDX: ff11000001ada2c0 RSI: ffffffffa100ff1e RDI: ffffffffa0a69f80 [ 2021.005590][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 2021.005591][ C2] R10: 0000000000000002 R11: 0000000000000001 R12: 1ff4000000028fc0 [ 2021.005591][ C2] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 2021.005593][ C2] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 2021.005596][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2021.005597][ C2] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 2021.005599][ C2] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 2021.005601][ C2] cpuidle_idle_call (kernel/sched/idle.c:192) [ 2021.005602][ C2] ? arch_cpu_idle_exit+0x40/0x40 [ 2021.005603][ C2] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 2021.005606][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2021.005608][ C2] do_idle (kernel/sched/idle.c:332) [ 2021.005609][ C2] cpu_startup_entry (kernel/sched/idle.c:429) [ 2021.005611][ C2] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 2021.005612][ C2] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) [ 2021.005614][ C2] common_startup_64 (arch/x86/kernel/head_64.S:419) | [ 2021.018678][ C2] Disabling lock debugging due to kernel taint | [ 2021.018847][ C2] Oops: general protection fault, probably for non-canonical address 0xe0323c34a0000007: 0000 [#1] SMP KASAN | [ 2021.019061][ C2] KASAN: maybe wild-memory-access in range [0x019201a500000038-0x019201a50000003f] | [ 2021.019398][ C2] Tainted: [B]=BAD_PAGE, [W]=WARN [ 2021.019487][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2021.019597][ C2] RIP: 0010:dst_dev_put (net/core/dst.c:149) [ 2021.019732][ C2] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee All code ======== 0: fc cld 1: ff lcall (bad) 2: df 48 c1 fisttps -0x3f(%rax) 5: ea (bad) 6: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax c: 85 2c 02 test %ebp,(%rdx,%rax,1) f: 00 00 add %al,(%rax) 11: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 18: fc ff df 1b: 48 8b 43 08 mov 0x8(%rbx),%rax 1f: 48 8d 78 38 lea 0x38(%rax),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) <-- trapping instruction 2e: 0f 85 d8 01 00 00 jne 0x20c 34: 48 8b 40 38 mov 0x38(%rax),%rax 38: 48 85 c0 test %rax,%rax 3b: 74 08 je 0x45 3d: 48 89 ee mov %rbp,%rsi Code starting with the faulting instruction =========================================== 0: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) 4: 0f 85 d8 01 00 00 jne 0x1e2 a: 48 8b 40 38 mov 0x38(%rax),%rax e: 48 85 c0 test %rax,%rax 11: 74 08 je 0x1b 13: 48 89 ee mov %rbp,%rsi [ 2021.020087][ C2] RSP: 0018:ffa0000000218d10 EFLAGS: 00010212 [ 2021.020194][ C2] RAX: 019201a500000000 RBX: ff110000050bdcc0 RCX: 00324034a0000007 [ 2021.020408][ C2] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 019201a500000038 [ 2021.020536][ C2] RBP: ff11000009401118 R08: 0000000000000008 R09: fffffbfff45cc2c4 [ 2021.020708][ C2] R10: fffffbfff45cc2c5 R11: 0000000000000000 R12: 1fe22000022b320d [ 2021.020882][ C2] R13: 0000000000000002 R14: 0000000000000001 R15: ff11000011599070 [ 2021.021009][ C2] FS: 0000000000000000(0000) GS:ff110000c950b000(0000) knlGS:0000000000000000 [ 2021.021165][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2021.021278][ C2] CR2: 00007fd4e79a9000 CR3: 000000002ed48002 CR4: 0000000000771ef0 [ 2021.021412][ C2] PKRU: 55555554 [ 2021.021475][ C2] Call Trace: [ 2021.021543][ C2] [ 2021.021591][ C2] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 2021.021683][ C2] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 2021.021771][ C2] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 2021.021900][ C2] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 2021.021988][ C2] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 2021.022077][ C2] ? rcu_start_this_gp (kernel/rcu/tree.c:1018) [ 2021.022164][ C2] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 2021.022291][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2021.022405][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 2021.022516][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2021.022608][ C2] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 2021.022755][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 2021.022865][ C2] rcu_core (kernel/rcu/tree.c:2859) [ 2021.022931][ C2] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 2021.023017][ C2] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 2021.023143][ C2] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 2021.023210][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 2021.023299][ C2] [ 2021.023347][ C2] [ 2021.023392][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 2021.023540][ C2] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 2021.023631][ C2] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 2021.023934][ C2] RSP: 0018:ffa0000000147de8 EFLAGS: 00000296 [ 2021.024045][ C2] RAX: 0000000002b978df RBX: ff11000001ada2c0 RCX: ffffffff9e284c3f [ 2021.024179][ C2] RDX: ff11000001ada2c0 RSI: ffffffffa100ff1e RDI: ffffffffa0a69f80 [ 2021.024352][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 2021.024484][ C2] R10: 0000000000000002 R11: 0000000000000001 R12: 1ff4000000028fc0 [ 2021.024608][ C2] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 2021.024777][ C2] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 2021.024867][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2021.024956][ C2] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 2021.025023][ C2] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 2021.025148][ C2] cpuidle_idle_call (kernel/sched/idle.c:192) [ 2021.025234][ C2] ? arch_cpu_idle_exit+0x40/0x40 [ 2021.025361][ C2] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 2021.025448][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2021.025558][ C2] do_idle (kernel/sched/idle.c:332) [ 2021.025664][ C2] cpu_startup_entry (kernel/sched/idle.c:429) [ 2021.025754][ C2] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 2021.025841][ C2] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) Finger prints: print_report:kasan_report:dst_dev_put:fib_nh_common_release:free_fib_info_rcu rcuref_put_slowpath:dst_release:rt_cache_route:__mkroute_output:ip_route_output_key_hash dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_do_batch:rcu_core