====================================== | [ 9.834151][ T282] ------------[ cut here ]------------ | [ 9.834396][ T282] rcuref - imbalanced put() | [ 9.834398][ T282] WARNING: lib/rcuref.c:266 at 0x0, CPU#0: mausezahn/282 | [ 9.834740][ T282] Modules linked in: act_gact cls_flower sch_ingress vxlan [ 9.835259][ T282] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 9.835440][ T282] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 (discriminator 4)) [ 9.835633][ T282] Code: c0 03 38 d0 7c 04 84 d2 75 6a c7 03 00 00 00 a0 31 c0 eb 8f 48 8d 7c 24 20 e8 3b c4 9a ff e9 6e ff ff ff 48 8d 3d 6f fd 40 03 <67> 48 0f b9 3a be 04 00 00 00 48 89 df e8 0d c9 9a ff 48 89 d8 48 All code ======== 0: c0 03 38 rolb $0x38,(%rbx) 3: d0 7c 04 84 sarb $1,-0x7c(%rsp,%rax,1) 7: d2 75 6a shlb %cl,0x6a(%rbp) a: c7 03 00 00 00 a0 movl $0xa0000000,(%rbx) 10: 31 c0 xor %eax,%eax 12: eb 8f jmp 0xffffffffffffffa3 14: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 19: e8 3b c4 9a ff call 0xffffffffff9ac459 1e: e9 6e ff ff ff jmp 0xffffffffffffff91 23: 48 8d 3d 6f fd 40 03 lea 0x340fd6f(%rip),%rdi # 0x340fd99 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: be 04 00 00 00 mov $0x4,%esi 34: 48 89 df mov %rbx,%rdi 37: e8 0d c9 9a ff call 0xffffffffff9ac949 3c: 48 89 d8 mov %rbx,%rax 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: be 04 00 00 00 mov $0x4,%esi a: 48 89 df mov %rbx,%rdi d: e8 0d c9 9a ff call 0xffffffffff9ac91f 12: 48 89 d8 mov %rbx,%rax 15: 48 rex.W [ 9.836158][ T282] RSP: 0018:ffa0000000547320 EFLAGS: 00010206 [ 9.836343][ T282] RAX: 0000000000000000 RBX: ff11000012d86080 RCX: 0000000000000001 [ 9.836560][ T282] RDX: 0000000000000001 RSI: 00000000dfffffff RDI: ffffffffa60e0e20 [ 9.836786][ T282] RBP: dffffc0000000000 R08: ffffffffa38dc159 R09: ffe21c00025b0c10 [ 9.837008][ T282] R10: ffe21c00025b0c11 R11: 0000000000000001 R12: ff11000012d86040 [ 9.837229][ T282] R13: 1ff40000000a8e64 R14: ff11000012d86340 R15: ff1100000dd47a80 [ 9.837450][ T282] FS: 00007fc9019ccc40(0000) GS:ff110000bf20b000(0000) knlGS:0000000000000000 [ 9.837714][ T282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9.837901][ T282] CR2: 00007ffd1334aa58 CR3: 00000000124b3003 CR4: 0000000000771ef0 [ 9.838205][ T282] PKRU: 55555554 [ 9.838315][ T282] Call Trace: [ 9.838423][ T282] [ 9.838500][ T282] ? rcuref_get_slowpath (lib/rcuref.c:238) [ 9.838651][ T282] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 9.838802][ T282] dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167) [ 9.838912][ T282] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 9.839054][ T282] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 9.839198][ T282] rt_cache_route (net/ipv4/route.c:1518) [ 9.839341][ T282] rt_set_nexthop.isra.0 (net/ipv4/route.c:1622 (discriminator 1)) [ 9.839486][ T282] __mkroute_output (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682) [ 9.839631][ T282] ip_route_output_key_hash (net/ipv4/route.c:2705) [ 9.839784][ T282] ? ip_route_output_key_hash_rcu (net/ipv4/route.c:2693) [ 9.839961][ T282] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 9.840104][ T282] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 9.840248][ T282] ip_route_output_flow (net/ipv4/route.c:2934 (discriminator 1)) [ 9.840389][ T282] ? __asan_memset (mm/kasan/shadow.c:84 (discriminator 2)) [ 9.840533][ T282] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 (discriminator 1)) [ 9.840683][ T282] ? udp_tunnel_sock_release (net/ipv4/udp_tunnel_core.c:237) [ 9.840831][ T282] ? vxlan_xmit_one (./include/linux/rcupdate.h:331 (discriminator 1) ./include/linux/rcupdate.h:867 (discriminator 1) drivers/net/vxlan/vxlan_core.c:2455 (discriminator 1)) vxlan [ 9.840978][ T282] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 9.841122][ T282] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472 (discriminator 4)) vxlan [ 9.841267][ T282] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24 (discriminator 3)) [ 9.841417][ T282] ? vxlan_fdb_delete (drivers/net/vxlan/vxlan_core.c:2337) vxlan [ 9.841562][ T282] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1)) [ 9.841711][ T282] ? vxlan_find_mac_rcu (./include/linux/rhashtable.h:632 (discriminator 4) ./include/linux/rhashtable.h:670 (discriminator 4) drivers/net/vxlan/vxlan_core.c:392 (discriminator 4)) vxlan [ 9.841896][ T282] ? vxlan_find_sock (drivers/net/vxlan/vxlan_core.c:382) vxlan [ 9.842039][ T282] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 9.842181][ T282] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 9.842325][ T282] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 9.842472][ T282] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 9.842616][ T282] __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818) [ 9.842762][ T282] ? _copy_from_iter (./arch/x86/include/asm/smap.h:47 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272) [ 9.842908][ T282] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:672 (discriminator 1)) [ 9.843050][ T282] ? napi_skb_cache_get (net/core/skbuff.c:650) [ 9.843191][ T282] ? _copy_from_iter_flushcache (lib/iov_iter.c:266) [ 9.843368][ T282] ? netdev_core_pick_tx (net/core/dev.c:4725) [ 9.843511][ T282] ? packet_parse_headers (./include/linux/skbuff.h:3180 (discriminator 1) net/packet/af_packet.c:1938 (discriminator 1)) [ 9.843662][ T282] ? sock_alloc_send_pskb (net/core/sock.c:2998) [ 9.843813][ T282] packet_snd (net/packet/af_packet.c:3076 (discriminator 1)) [ 9.843958][ T282] ? tpacket_snd (net/packet/af_packet.c:2940) [ 9.844098][ T282] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 9.844240][ T282] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 9.844386][ T282] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 9.844530][ T282] __sys_sendto (net/socket.c:721 (discriminator 1) net/socket.c:733 (discriminator 1) net/socket.c:2222 (discriminator 1)) [ 9.844774][ T282] ? __ia32_sys_getpeername (net/socket.c:2189) [ 9.844922][ T282] ? sock_ioctl (net/socket.c:1367) [ 9.845071][ T282] ? __x64_sys_clock_gettime (kernel/time/posix-timers.c:1146 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2)) [ 9.845215][ T282] __x64_sys_sendto (net/socket.c:2229 (discriminator 1) net/socket.c:2225 (discriminator 1) net/socket.c:2225 (discriminator 1)) [ 9.845447][ T282] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 9.845591][ T282] ? do_syscall_64 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./include/linux/entry-common.h:108 arch/x86/entry/syscall_64.c:90) [ 9.845740][ T282] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 9.845885][ T282] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 9.846148][ T282] RIP: 0033:0x7fc901b7fc5e [ 9.846296][ T282] Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 14 bd 00 00 call 0xbd1c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 9.846910][ T282] RSP: 002b:00007ffd13350960 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 9.847128][ T282] RAX: ffffffffffffffda RBX: 00005559bf626830 RCX: 00007fc901b7fc5e [ 9.847432][ T282] RDX: 0000000000000064 RSI: 00005559bf626ac2 RDI: 0000000000000005 [ 9.847653][ T282] RBP: 00007ffd13350970 R08: 00007ffd133509c0 R09: 0000000000000014 [ 9.847871][ T282] R10: 0000000000000000 R11: 0000000000000202 R12: 00005559bf626ac2 [ 9.848174][ T282] R13: 0000000000000064 R14: 0000000000000005 R15: 0000555997d16890 | [ 10.132968][ C3] BUG: KASAN: slab-use-after-free in dst_dev_put (net/core/dst.c:146) | [ 10.133110][ C3] Read of size 8 at addr ff11000012d86340 by task swapper/3/0 | [ 10.133246][ C3] | [ 10.133299][ C3] Tainted: [W]=WARN [ 10.133300][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 10.133302][ C3] Call Trace: [ 10.133303][ C3] [ 10.133305][ C3] dump_stack_lvl (lib/dump_stack.c:122) [ 10.133312][ C3] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 10.133316][ C3] print_report (mm/kasan/report.c:483) [ 10.133317][ C3] ? dst_dev_put (net/core/dst.c:146) [ 10.133319][ C3] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2197 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 10.133323][ C3] ? dst_dev_put (net/core/dst.c:146) [ 10.133325][ C3] kasan_report (mm/kasan/report.c:597) [ 10.133329][ C3] ? dst_dev_put (net/core/dst.c:146) [ 10.133331][ C3] dst_dev_put (net/core/dst.c:146) [ 10.133333][ C3] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 10.133336][ C3] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 10.133338][ C3] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 10.133340][ C3] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 10.133344][ C3] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 10.133347][ C3] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 10.133349][ C3] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 10.133351][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 10.133354][ C3] rcu_core (kernel/rcu/tree.c:2859) [ 10.133355][ C3] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 10.133358][ C3] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 10.133360][ C3] ? __flush_smp_call_function_queue (kernel/smp.c:137 kernel/smp.c:593) [ 10.133364][ C3] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 10.133365][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 10.133369][ C3] [ 10.133370][ C3] [ 10.133371][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 10.133373][ C3] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 10.133376][ C3] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 10.133377][ C3] RSP: 0018:ffa0000000157de8 EFLAGS: 00000296 [ 10.133380][ C3] RAX: 000000000006ce61 RBX: ff11000001adc540 RCX: ffffffffa1e84c3f [ 10.133382][ C3] RDX: ff11000001adc540 RSI: ffffffffa4c0ff26 RDI: ffffffffa4669f80 [ 10.133383][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 10.133383][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002afc0 [ 10.133384][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 10.133386][ C3] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 10.133389][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 10.133390][ C3] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 10.133392][ C3] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 10.133393][ C3] cpuidle_idle_call (kernel/sched/idle.c:192) [ 10.133395][ C3] ? arch_cpu_idle_exit+0x40/0x40 [ 10.133396][ C3] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 10.133399][ C3] do_idle (kernel/sched/idle.c:332) [ 10.133400][ C3] cpu_startup_entry (kernel/sched/idle.c:429) [ 10.133402][ C3] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 10.133404][ C3] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) [ 10.133406][ C3] common_startup_64 (arch/x86/kernel/head_64.S:419) | [ 10.144385][ C3] Disabling lock debugging due to kernel taint | [ 10.144491][ C3] Oops: general protection fault, probably for non-canonical address 0xe0e27c33a0000008: 0000 [#1] SMP KASAN | [ 10.144698][ C3] KASAN: maybe wild-memory-access in range [0x0714019d00000040-0x0714019d00000047] | [ 10.145054][ C3] Tainted: [B]=BAD_PAGE, [W]=WARN [ 10.145133][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 10.145231][ C3] RIP: 0010:dst_dev_put (net/core/dst.c:149) [ 10.145310][ C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee All code ======== 0: fc cld 1: ff lcall (bad) 2: df 48 c1 fisttps -0x3f(%rax) 5: ea (bad) 6: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax c: 85 2c 02 test %ebp,(%rdx,%rax,1) f: 00 00 add %al,(%rax) 11: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 18: fc ff df 1b: 48 8b 43 08 mov 0x8(%rbx),%rax 1f: 48 8d 78 38 lea 0x38(%rax),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) <-- trapping instruction 2e: 0f 85 d8 01 00 00 jne 0x20c 34: 48 8b 40 38 mov 0x38(%rax),%rax 38: 48 85 c0 test %rax,%rax 3b: 74 08 je 0x45 3d: 48 89 ee mov %rbp,%rsi Code starting with the faulting instruction =========================================== 0: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) 4: 0f 85 d8 01 00 00 jne 0x1e2 a: 48 8b 40 38 mov 0x38(%rax),%rax e: 48 85 c0 test %rax,%rax 11: 74 08 je 0x1b 13: 48 89 ee mov %rbp,%rsi [ 10.145627][ C3] RSP: 0018:ffa0000000270d10 EFLAGS: 00010213 [ 10.145725][ C3] RAX: 0714019d0000000c RBX: ff11000012d86340 RCX: 00e28033a0000008 [ 10.145840][ C3] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0714019d00000044 [ 10.145992][ C3] RBP: ff1100000fbe9730 R08: 0000000000000008 R09: fffffbfff4d4c2c4 [ 10.146103][ C3] R10: fffffbfff4d4c2c5 R11: 0000000000000000 R12: 1fe2200001ba8f4d [ 10.146219][ C3] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000dd47a70 [ 10.146374][ C3] FS: 0000000000000000(0000) GS:ff110000bf38b000(0000) knlGS:0000000000000000 [ 10.146509][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 10.146608][ C3] CR2: 00007f0d50031950 CR3: 0000000072748002 CR4: 0000000000771ef0 [ 10.146760][ C3] PKRU: 55555554 [ 10.146820][ C3] Call Trace: [ 10.146877][ C3] [ 10.146919][ C3] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 10.147038][ C3] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 10.147114][ C3] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 10.147190][ C3] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 10.147267][ C3] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 10.147381][ C3] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 10.147459][ C3] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 10.147535][ C3] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 10.147651][ C3] rcu_core (kernel/rcu/tree.c:2859) [ 10.147709][ C3] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 10.147823][ C3] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 10.147940][ C3] ? __flush_smp_call_function_queue (kernel/smp.c:137 kernel/smp.c:593) [ 10.148036][ C3] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 10.148094][ C3] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 10.148169][ C3] [ 10.148209][ C3] [ 10.148247][ C3] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 10.148339][ C3] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 10.148421][ C3] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 10.148689][ C3] RSP: 0018:ffa0000000157de8 EFLAGS: 00000296 [ 10.148788][ C3] RAX: 000000000006ce61 RBX: ff11000001adc540 RCX: ffffffffa1e84c3f [ 10.148905][ C3] RDX: ff11000001adc540 RSI: ffffffffa4c0ff26 RDI: ffffffffa4669f80 [ 10.149019][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 10.149136][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002afc0 [ 10.149256][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 10.149372][ C3] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 10.149451][ C3] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 10.149531][ C3] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 10.149591][ C3] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 10.149670][ C3] cpuidle_idle_call (kernel/sched/idle.c:192) [ 10.149748][ C3] ? arch_cpu_idle_exit+0x40/0x40 [ 10.149830][ C3] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 10.149907][ C3] do_idle (kernel/sched/idle.c:332) [ 10.149967][ C3] cpu_startup_entry (kernel/sched/idle.c:429) [ 10.150084][ C3] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 10.150159][ C3] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) Finger prints: print_report:kasan_report:dst_dev_put:fib_nh_common_release:free_fib_info_rcu rcuref_put_slowpath:dst_release:rt_cache_route:__mkroute_output:ip_route_output_key_hash dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_do_batch:rcu_core