====================================== | [ 822.929736][ T563] ------------[ cut here ]------------ | [ 822.930023][ T563] rcuref - imbalanced put() | [ 822.930025][ T563] WARNING: lib/rcuref.c:266 at 0x0, CPU#3: mausezahn/563 | [ 822.930383][ T563] Modules linked in: act_gact cls_flower sch_ingress vxlan xt_HL nft_compat nf_tables amt [ 822.931196][ T563] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 822.931396][ T563] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 (discriminator 4)) [ 822.931616][ T563] Code: c0 03 38 d0 7c 04 84 d2 75 6a c7 03 00 00 00 a0 31 c0 eb 8f 48 8d 7c 24 20 e8 3b c4 9a ff e9 6e ff ff ff 48 8d 3d 6f fd 40 03 <67> 48 0f b9 3a be 04 00 00 00 48 89 df e8 0d c9 9a ff 48 89 d8 48 All code ======== 0: c0 03 38 rolb $0x38,(%rbx) 3: d0 7c 04 84 sarb $1,-0x7c(%rsp,%rax,1) 7: d2 75 6a shlb %cl,0x6a(%rbp) a: c7 03 00 00 00 a0 movl $0xa0000000,(%rbx) 10: 31 c0 xor %eax,%eax 12: eb 8f jmp 0xffffffffffffffa3 14: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 19: e8 3b c4 9a ff call 0xffffffffff9ac459 1e: e9 6e ff ff ff jmp 0xffffffffffffff91 23: 48 8d 3d 6f fd 40 03 lea 0x340fd6f(%rip),%rdi # 0x340fd99 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: be 04 00 00 00 mov $0x4,%esi 34: 48 89 df mov %rbx,%rdi 37: e8 0d c9 9a ff call 0xffffffffff9ac949 3c: 48 89 d8 mov %rbx,%rax 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: be 04 00 00 00 mov $0x4,%esi a: 48 89 df mov %rbx,%rdi d: e8 0d c9 9a ff call 0xffffffffff9ac91f 12: 48 89 d8 mov %rbx,%rax 15: 48 rex.W [ 822.932170][ T563] RSP: 0018:ffa00000005b7320 EFLAGS: 00010206 [ 822.932373][ T563] RAX: 0000000000000000 RBX: ff11000012af1a00 RCX: 0000000000000001 [ 822.932601][ T563] RDX: 0000000000000001 RSI: 00000000dfffffff RDI: ffffffffb54e0e20 [ 822.932835][ T563] RBP: dffffc0000000000 R08: ffffffffb2cdc159 R09: ffe21c000255e340 [ 822.933066][ T563] R10: ffe21c000255e341 R11: 0000000000000001 R12: ff11000012af19c0 [ 822.933292][ T563] R13: 1ff40000000b6e64 R14: ff11000012af1240 R15: ff11000002857180 [ 822.933524][ T563] FS: 00007ff706be8c40(0000) GS:ff110000b658b000(0000) knlGS:0000000000000000 [ 822.933796][ T563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 822.933990][ T563] CR2: 00007fff22d415a8 CR3: 000000000e93c006 CR4: 0000000000771ef0 [ 822.934218][ T563] PKRU: 55555554 [ 822.934341][ T563] Call Trace: [ 822.934455][ T563] [ 822.934534][ T563] ? rcuref_get_slowpath (lib/rcuref.c:238) [ 822.934688][ T563] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 822.934847][ T563] dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167) [ 822.934962][ T563] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 822.935115][ T563] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 822.935265][ T563] rt_cache_route (net/ipv4/route.c:1518) [ 822.935423][ T563] rt_set_nexthop.isra.0 (net/ipv4/route.c:1622 (discriminator 1)) [ 822.935577][ T563] __mkroute_output (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682) [ 822.935729][ T563] ip_route_output_key_hash (net/ipv4/route.c:2705) [ 822.935884][ T563] ? ip_route_output_key_hash_rcu (net/ipv4/route.c:2693) [ 822.936071][ T563] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 822.936223][ T563] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 822.936381][ T563] ip_route_output_flow (net/ipv4/route.c:2934 (discriminator 1)) [ 822.936531][ T563] ? __asan_memset (mm/kasan/shadow.c:84 (discriminator 2)) [ 822.936683][ T563] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 (discriminator 1)) [ 822.936841][ T563] ? udp_tunnel_sock_release (net/ipv4/udp_tunnel_core.c:237) [ 822.936993][ T563] ? vxlan_xmit_one (./include/linux/rcupdate.h:331 (discriminator 1) ./include/linux/rcupdate.h:867 (discriminator 1) drivers/net/vxlan/vxlan_core.c:2455 (discriminator 1)) vxlan [ 822.937150][ T563] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 822.937301][ T563] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472 (discriminator 4)) vxlan [ 822.937460][ T563] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24 (discriminator 3)) [ 822.937616][ T563] ? vxlan_fdb_delete (drivers/net/vxlan/vxlan_core.c:2337) vxlan [ 822.937771][ T563] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1)) [ 822.937923][ T563] ? vxlan_find_mac_rcu (./include/linux/rhashtable.h:632 (discriminator 4) ./include/linux/rhashtable.h:670 (discriminator 4) drivers/net/vxlan/vxlan_core.c:392 (discriminator 4)) vxlan [ 822.938115][ T563] ? vxlan_find_sock (drivers/net/vxlan/vxlan_core.c:382) vxlan [ 822.938268][ T563] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 822.938427][ T563] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 822.938578][ T563] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 822.938732][ T563] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 822.938885][ T563] __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818) [ 822.939036][ T563] ? _copy_from_iter (./arch/x86/include/asm/smap.h:47 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272) [ 822.939185][ T563] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:672 (discriminator 1)) [ 822.939340][ T563] ? napi_skb_cache_get (net/core/skbuff.c:650) [ 822.939492][ T563] ? _copy_from_iter_flushcache (lib/iov_iter.c:266) [ 822.939679][ T563] ? netdev_core_pick_tx (net/core/dev.c:4725) [ 822.939834][ T563] ? packet_parse_headers (./include/linux/skbuff.h:3180 (discriminator 1) net/packet/af_packet.c:1938 (discriminator 1)) [ 822.939987][ T563] ? sock_alloc_send_pskb (net/core/sock.c:2998) [ 822.940140][ T563] packet_snd (net/packet/af_packet.c:3076 (discriminator 1)) [ 822.940293][ T563] ? tpacket_snd (net/packet/af_packet.c:2940) [ 822.940450][ T563] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 822.940602][ T563] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 822.940753][ T563] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 822.940908][ T563] __sys_sendto (net/socket.c:721 (discriminator 1) net/socket.c:733 (discriminator 1) net/socket.c:2222 (discriminator 1)) [ 822.941061][ T563] ? __ia32_sys_getpeername (net/socket.c:2189) [ 822.941217][ T563] ? sock_ioctl (net/socket.c:1367) [ 822.941380][ T563] ? __x64_sys_clock_gettime (kernel/time/posix-timers.c:1146 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2)) [ 822.941534][ T563] __x64_sys_sendto (net/socket.c:2229 (discriminator 1) net/socket.c:2225 (discriminator 1) net/socket.c:2225 (discriminator 1)) [ 822.941688][ T563] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 822.941845][ T563] ? do_syscall_64 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./include/linux/entry-common.h:108 arch/x86/entry/syscall_64.c:90) [ 822.941995][ T563] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 822.942146][ T563] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 822.942339][ T563] RIP: 0033:0x7ff706d9bc5e [ 822.942497][ T563] Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 14 bd 00 00 call 0xbd1c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 822.943040][ T563] RSP: 002b:00007fff22d474b0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 822.943273][ T563] RAX: ffffffffffffffda RBX: 00005628277e3830 RCX: 00007ff706d9bc5e [ 822.943507][ T563] RDX: 0000000000000064 RSI: 00005628277e3ac2 RDI: 0000000000000005 [ 822.943739][ T563] RBP: 00007fff22d474c0 R08: 00007fff22d47510 R09: 0000000000000014 [ 822.943971][ T563] R10: 0000000000000000 R11: 0000000000000202 R12: 00005628277e3ac2 [ 822.944201][ T563] R13: 0000000000000064 R14: 0000000000000005 R15: 0000562819c46890 | [ 823.242651][ C3] BUG: KASAN: slab-use-after-free in dst_dev_put (net/core/dst.c:146) | [ 823.242805][ C3] Read of size 8 at addr ff11000012af1240 by task swapper/3/0 | [ 823.242946][ C3] | [ 823.243002][ C3] Tainted: [W]=WARN [ 823.243003][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 823.243005][ C3] Call Trace: [ 823.243007][ C3] [ 823.243009][ C3] dump_stack_lvl (lib/dump_stack.c:122) [ 823.243015][ C3] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 823.243020][ C3] print_report (mm/kasan/report.c:483) [ 823.243021][ C3] ? dst_dev_put (net/core/dst.c:146) [ 823.243023][ C3] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2197 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 823.243028][ C3] ? dst_dev_put (net/core/dst.c:146) [ 823.243030][ C3] kasan_report (mm/kasan/report.c:597) [ 823.243033][ C3] ? dst_dev_put (net/core/dst.c:146) [ 823.243036][ C3] dst_dev_put (net/core/dst.c:146) [ 823.243038][ C3] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 823.243041][ C3] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 823.243043][ C3] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 823.243045][ C3] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 823.243049][ C3] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 823.243051][ C3] ? rcu_start_this_gp (kernel/rcu/tree.c:1053) [ 823.243054][ C3] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 823.243056][ C3] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 823.243059][ C3] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 823.243062][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 823.243066][ C3] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 823.243068][ C3] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 823.243070][ C3] rcu_core (kernel/rcu/tree.c:2859) [ 823.243072][ C3] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 823.243075][ C3] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 823.243076][ C3] ? __flush_smp_call_function_queue (kernel/smp.c:137 kernel/smp.c:593) [ 823.243080][ C3] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 823.243082][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 823.243084][ C3] [ 823.243084][ C3] [ 823.243085][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 823.243088][ C3] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 823.243090][ C3] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 823.243092][ C3] RSP: 0018:ffa0000000157de8 EFLAGS: 00000296 [ 823.243096][ C3] RAX: 000000000081e947 RBX: ff11000001adc540 RCX: ffffffffb1284c3f [ 823.243097][ C3] RDX: ff11000001adc540 RSI: ffffffffb400ff26 RDI: ffffffffb3a69f80 [ 823.243098][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 823.243099][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002afc0 [ 823.243099][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 823.243101][ C3] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 823.243104][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 823.243106][ C3] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 823.243107][ C3] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 823.243109][ C3] cpuidle_idle_call (kernel/sched/idle.c:192) [ 823.243111][ C3] ? arch_cpu_idle_exit+0x40/0x40 [ 823.243112][ C3] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 823.243115][ C3] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 823.243116][ C3] do_idle (kernel/sched/idle.c:332) [ 823.243118][ C3] cpu_startup_entry (kernel/sched/idle.c:429) [ 823.243120][ C3] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 823.243121][ C3] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) [ 823.243123][ C3] common_startup_64 (arch/x86/kernel/head_64.S:419) | [ 823.257086][ C3] Disabling lock debugging due to kernel taint | [ 823.257217][ C3] Oops: general protection fault, probably for non-canonical address 0xe047fc3520000009: 0000 [#1] SMP KASAN | [ 823.257427][ C3] KASAN: maybe wild-memory-access in range [0x024001a900000048-0x024001a90000004f] | [ 823.257783][ C3] Tainted: [B]=BAD_PAGE, [W]=WARN [ 823.257881][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 823.258001][ C3] RIP: 0010:dst_dev_put (net/core/dst.c:149) [ 823.258100][ C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee All code ======== 0: fc cld 1: ff lcall (bad) 2: df 48 c1 fisttps -0x3f(%rax) 5: ea (bad) 6: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax c: 85 2c 02 test %ebp,(%rdx,%rax,1) f: 00 00 add %al,(%rax) 11: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 18: fc ff df 1b: 48 8b 43 08 mov 0x8(%rbx),%rax 1f: 48 8d 78 38 lea 0x38(%rax),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) <-- trapping instruction 2e: 0f 85 d8 01 00 00 jne 0x20c 34: 48 8b 40 38 mov 0x38(%rax),%rax 38: 48 85 c0 test %rax,%rax 3b: 74 08 je 0x45 3d: 48 89 ee mov %rbp,%rsi Code starting with the faulting instruction =========================================== 0: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) 4: 0f 85 d8 01 00 00 jne 0x1e2 a: 48 8b 40 38 mov 0x38(%rax),%rax e: 48 85 c0 test %rax,%rax 11: 74 08 je 0x1b 13: 48 89 ee mov %rbp,%rsi [ 823.258446][ C3] RSP: 0018:ffa0000000270d10 EFLAGS: 00010217 [ 823.258570][ C3] RAX: 024001a900000016 RBX: ff11000012af1240 RCX: 0048003520000009 [ 823.258715][ C3] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 024001a90000004e [ 823.258860][ C3] RBP: ff1100000a0c0008 R08: 0000000000000008 R09: fffffbfff6bcc2c4 [ 823.258999][ C3] R10: fffffbfff6bcc2c5 R11: 0000000000000000 R12: 1fe220000050ae2d [ 823.259162][ C3] R13: 0000000000000003 R14: 0000000000000001 R15: ff11000002857170 [ 823.259314][ C3] FS: 0000000000000000(0000) GS:ff110000b658b000(0000) knlGS:0000000000000000 [ 823.259522][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 823.259649][ C3] CR2: 00007fc8e106d000 CR3: 0000000047748004 CR4: 0000000000771ef0 [ 823.259801][ C3] PKRU: 55555554 [ 823.259882][ C3] Call Trace: [ 823.259972][ C3] [ 823.260028][ C3] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 823.260153][ C3] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 823.260255][ C3] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 823.260349][ C3] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 823.260460][ C3] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 823.260564][ C3] ? rcu_start_this_gp (kernel/rcu/tree.c:1053) [ 823.260673][ C3] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 823.260785][ C3] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 823.260901][ C3] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 823.261016][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 823.261109][ C3] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 823.261235][ C3] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 823.261353][ C3] rcu_core (kernel/rcu/tree.c:2859) [ 823.261424][ C3] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 823.261519][ C3] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 823.261636][ C3] ? __flush_smp_call_function_queue (kernel/smp.c:137 kernel/smp.c:593) [ 823.261754][ C3] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 823.261827][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 823.261938][ C3] [ 823.261988][ C3] [ 823.262049][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 823.262173][ C3] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 823.262270][ C3] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 823.262617][ C3] RSP: 0018:ffa0000000157de8 EFLAGS: 00000296 [ 823.262792][ C3] RAX: 000000000081e947 RBX: ff11000001adc540 RCX: ffffffffb1284c3f [ 823.262932][ C3] RDX: ff11000001adc540 RSI: ffffffffb400ff26 RDI: ffffffffb3a69f80 [ 823.263118][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 823.263258][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002afc0 [ 823.263399][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 823.263580][ C3] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 823.263675][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 823.263772][ C3] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 823.263847][ C3] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 823.263981][ C3] cpuidle_idle_call (kernel/sched/idle.c:192) [ 823.264073][ C3] ? arch_cpu_idle_exit+0x40/0x40 [ 823.264168][ C3] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 823.264263][ C3] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 823.264379][ C3] do_idle (kernel/sched/idle.c:332) [ 823.264449][ C3] cpu_startup_entry (kernel/sched/idle.c:429) [ 823.264541][ C3] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 823.264634][ C3] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) Finger prints: print_report:kasan_report:dst_dev_put:fib_nh_common_release:free_fib_info_rcu rcuref_put_slowpath:dst_release:rt_cache_route:__mkroute_output:ip_route_output_key_hash dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_do_batch:rcu_core