====================================== | [ 1131.881474][ T67] ================================================================== | [ 1131.881656][ T67] BUG: KASAN: slab-use-after-free in __fib6_drop_pcpu_from.part.0 (net/ipv6/ip6_fib.c:1004 (discriminator 5)) | [ 1131.881820][ T67] Read of size 8 at addr ff1100000a0920d0 by task kworker/u16:1/67 | [ 1131.881960][ T67] [ 1131.882010][ T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1131.882012][ T67] Workqueue: netns cleanup_net [ 1131.882018][ T67] Call Trace: [ 1131.882020][ T67] [ 1131.882022][ T67] dump_stack_lvl (lib/dump_stack.c:122) [ 1131.882028][ T67] print_address_description.constprop.0 (mm/kasan/report.c:379 (discriminator 1)) [ 1131.882033][ T67] print_report (mm/kasan/report.c:483) [ 1131.882035][ T67] ? __virt_addr_valid (./include/linux/rcupdate.h:937 (discriminator 1) ./include/linux/mmzone.h:2197 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1)) [ 1131.882039][ T67] ? __virt_addr_valid (./include/linux/rcupdate.h:963 (discriminator 4) ./include/linux/mmzone.h:2207 (discriminator 4) arch/x86/mm/physaddr.c:54 (discriminator 4)) [ 1131.882041][ T67] kasan_report (mm/kasan/report.c:597) [ 1131.882045][ T67] ? __fib6_drop_pcpu_from.part.0 (net/ipv6/ip6_fib.c:1004 (discriminator 5)) [ 1131.882047][ T67] ? __fib6_drop_pcpu_from.part.0 (net/ipv6/ip6_fib.c:1004 (discriminator 5)) [ 1131.882050][ T67] __fib6_drop_pcpu_from.part.0 (net/ipv6/ip6_fib.c:1004 (discriminator 5)) [ 1131.882052][ T67] fib6_purge_rt (net/ipv6/ip6_fib.c:1037 net/ipv6/ip6_fib.c:1038 net/ipv6/ip6_fib.c:1049) [ 1131.882054][ T67] fib6_del_route (net/ipv6/ip6_fib.c:2052) [ 1131.882057][ T67] ? fib6_purge_rt (net/ipv6/ip6_fib.c:1972) [ 1131.882060][ T67] ? ret_from_fork_asm (arch/x86/entry/entry_64.S:255) [ 1131.882062][ T67] fib6_del (net/ipv6/ip6_fib.c:2096) [ 1131.882064][ T67] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3)) [ 1131.882068][ T67] fib6_clean_node (net/ipv6/ip6_fib.c:2258) [ 1131.882070][ T67] ? fib6_del (net/ipv6/ip6_fib.c:2234) [ 1131.882072][ T67] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 1131.882074][ T67] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 1131.882077][ T67] fib6_walk_continue (net/ipv6/ip6_fib.c:2180) [ 1131.882078][ T67] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 1131.882080][ T67] ? fib6_ifup (net/ipv6/route.c:4963) [ 1131.882082][ T67] ? fib6_ifup (net/ipv6/route.c:4963) [ 1131.882084][ T67] fib6_walk (net/ipv6/ip6_fib.c:2227) [ 1131.882085][ T67] ? __lock_acquire (kernel/locking/lockdep.c:5237) [ 1131.882087][ T67] fib6_clean_tree (net/ipv6/ip6_fib.c:2293) [ 1131.882089][ T67] ? fib6_walk (net/ipv6/ip6_fib.c:2293) [ 1131.882092][ T67] ? fib6_del (net/ipv6/ip6_fib.c:2234) [ 1131.882093][ T67] ? fib6_ifup (net/ipv6/route.c:4963) [ 1131.882095][ T67] ? fib6_ifup (net/ipv6/route.c:4963) [ 1131.882097][ T67] __fib6_clean_all (./include/linux/spinlock.h:396 net/ipv6/ip6_fib.c:2325) [ 1131.882099][ T67] rt6_disable_ip (net/ipv6/route.c:5018 net/ipv6/route.c:5023) [ 1131.882101][ T67] ? rt6_sync_down_dev (net/ipv6/route.c:5022) [ 1131.882103][ T67] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 11) kernel/locking/lockdep.c:4411 (discriminator 11)) [ 1131.882105][ T67] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:179 (discriminator 4) kernel/locking/spinlock.c:198 (discriminator 4)) [ 1131.882109][ T67] addrconf_ifdown.isra.0 (./include/net/addrconf.h:348 (discriminator 4) net/ipv6/addrconf.c:3873 (discriminator 4)) [ 1131.882112][ T67] ? __timer_delete_sync (kernel/time/timer.c:1603 (discriminator 2)) [ 1131.882115][ T67] ? __timer_delete_sync (kernel/time/timer.c:1623 (discriminator 1)) [ 1131.882116][ T67] ? __neigh_ifdown.isra.0 (net/core/neighbour.c:479 (discriminator 1)) [ 1131.882119][ T67] ? addrconf_dad_run (net/ipv6/addrconf.c:3858) [ 1131.882121][ T67] ? netkit_xmit (drivers/net/netkit.c:1186) [ 1131.882125][ T67] addrconf_notify (net/ipv6/addrconf.c:3828) [ 1131.882127][ T67] ? team_port_get_rtnl (drivers/net/team/team_core.c:42 (discriminator 4)) [ 1131.882130][ T67] notifier_call_chain (kernel/notifier.c:87) [ 1131.882134][ T67] netif_close_many (net/core/dev.c:1806) [ 1131.882137][ T67] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.882139][ T67] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 1131.882141][ T67] ? __dev_close_many (net/core/dev.c:1793) [ 1131.882143][ T67] ? netif_close_many_and_unlock (net/core/dev.c:12322 (discriminator 1)) [ 1131.882144][ T67] ? __mutex_lock (./arch/x86/include/asm/preempt.h:104 kernel/locking/mutex.c:784 kernel/locking/mutex.c:806) [ 1131.882147][ T67] unregister_netdevice_many_notify (net/core/dev.c:12397 (discriminator 1)) [ 1131.882149][ T67] ? mutex_is_locked (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-long.h:38 ./include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.h:48 kernel/locking/mutex.c:65) [ 1131.882151][ T67] ? rtnl_is_locked (net/core/rtnetlink.c:169 (discriminator 1)) [ 1131.882153][ T67] ? default_device_exit_net (net/core/dev.c:13024 (discriminator 3)) [ 1131.882154][ T67] ? unregister_netdevice_queued (net/core/dev.c:12351) [ 1131.882157][ T67] ? perf_trace_sched_switch (kernel/sched/core.c:9112) [ 1131.882160][ T67] default_device_exit_batch (net/core/dev.c:13081) [ 1131.882162][ T67] ? unregister_netdev (net/core/dev.c:13056) [ 1131.882164][ T67] ? perf_trace_sched_switch (kernel/sched/core.c:9112) [ 1131.882166][ T67] ? fou_exit_net (net/ipv4/fou_core.c:1232 (discriminator 1)) [ 1131.882169][ T67] ops_undo_list (net/core/net_namespace.c:251 (discriminator 3)) [ 1131.882171][ T67] ? netns_install (net/core/net_namespace.c:223) [ 1131.882172][ T67] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 1131.882175][ T67] cleanup_net (net/core/net_namespace.c:704) [ 1131.882177][ T67] ? net_passive_dec (net/core/net_namespace.c:663) [ 1131.882178][ T67] ? process_one_work (kernel/workqueue.c:3264 (discriminator 2)) [ 1131.882181][ T67] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 1131.882183][ T67] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.882185][ T67] process_one_work (kernel/workqueue.c:3293) [ 1131.882187][ T67] ? pwq_dec_nr_in_flight (kernel/workqueue.c:3189) [ 1131.882189][ T67] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 1131.882192][ T67] worker_thread (kernel/workqueue.c:3365 (discriminator 5) kernel/workqueue.c:3452 (discriminator 5)) [ 1131.882194][ T67] ? rescuer_thread (kernel/workqueue.c:3398) [ 1131.882195][ T67] ? __kthread_parkme (./arch/x86/include/asm/bitops.h:202 (discriminator 1) ./arch/x86/include/asm/bitops.h:232 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) kernel/kthread.c:272 (discriminator 1)) [ 1131.882197][ T67] ? rescuer_thread (kernel/workqueue.c:3398) [ 1131.882199][ T67] kthread (kernel/kthread.c:436) [ 1131.882200][ T67] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 24)) [ 1131.882203][ T67] ? kthread_affine_node (kernel/kthread.c:381) [ 1131.882205][ T67] ret_from_fork (arch/x86/kernel/process.c:164) [ 1131.882208][ T67] ? arch_exit_to_user_mode_prepare.isra.0 (arch/x86/entry/syscall_64.c:37) [ 1131.882211][ T67] ? __switch_to (./arch/x86/include/asm/cpufeature.h:101 (discriminator 1) arch/x86/kernel/process_64.c:377 (discriminator 1) arch/x86/kernel/process_64.c:665 (discriminator 1)) [ 1131.882213][ T67] ? kthread_affine_node (kernel/kthread.c:381) [ 1131.882215][ T67] ret_from_fork_asm (arch/x86/entry/entry_64.S:255) | [ 1131.897407][ T67] Disabling lock debugging due to kernel taint | [ 1131.904485][ C1] Oops: general protection fault, probably for non-canonical address 0xe03bbc36e0000007: 0000 [#1] SMP KASAN | [ 1131.904696][ C1] KASAN: maybe wild-memory-access in range [0x01de01b700000038-0x01de01b70000003f] | [ 1131.905018][ C1] Tainted: [B]=BAD_PAGE [ 1131.905081][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1131.905191][ C1] RIP: 0010:dst_dev_put (net/core/dst.c:150) [ 1131.905280][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee All code ======== 0: fc cld 1: ff lcall (bad) 2: df 48 c1 fisttps -0x3f(%rax) 5: ea (bad) 6: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax c: 85 2c 02 test %ebp,(%rdx,%rax,1) f: 00 00 add %al,(%rax) 11: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 18: fc ff df 1b: 48 8b 43 08 mov 0x8(%rbx),%rax 1f: 48 8d 78 38 lea 0x38(%rax),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) <-- trapping instruction 2e: 0f 85 d8 01 00 00 jne 0x20c 34: 48 8b 40 38 mov 0x38(%rax),%rax 38: 48 85 c0 test %rax,%rax 3b: 74 08 je 0x45 3d: 48 89 ee mov %rbp,%rsi Code starting with the faulting instruction =========================================== 0: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) 4: 0f 85 d8 01 00 00 jne 0x1e2 a: 48 8b 40 38 mov 0x38(%rax),%rax e: 48 85 c0 test %rax,%rax 11: 74 08 je 0x1b 13: 48 89 ee mov %rbp,%rsi [ 1131.905569][ C1] RSP: 0018:ffa00000001d0d48 EFLAGS: 00010212 [ 1131.905671][ C1] RAX: 01de01b700000000 RBX: ff1100000a092040 RCX: 003bc036e0000007 [ 1131.905792][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 01de01b700000038 [ 1131.905925][ C1] RBP: ff1100000ee4efe0 R08: ffffffffadf2c4fc R09: 1ffa3ffffffb09ea [ 1131.906051][ C1] R10: fffa3bfffffb09eb R11: fffa3bfffffb09eb R12: ff110000051b8e00 [ 1131.906172][ C1] R13: fffffbfff5da684c R14: ff110000051b8ec8 R15: 0000000000000004 [ 1131.906297][ C1] FS: 00007f70d74cf740(0000) GS:ff110000bb74c000(0000) knlGS:0000000000000000 [ 1131.906443][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1131.906545][ C1] CR2: 00007f167892ff98 CR3: 000000000bcd2002 CR4: 0000000000771ef0 [ 1131.906666][ C1] PKRU: 55555554 [ 1131.906728][ C1] Call Trace: [ 1131.906790][ C1] [ 1131.906833][ C1] fib6_nh_release_dsts.part.0 (net/ipv6/route.c:3748) [ 1131.906923][ C1] fib6_nh_release (net/ipv6/route.c:3729) [ 1131.907008][ C1] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.907089][ C1] fib6_info_destroy_rcu (net/ipv6/ip6_fib.c:177) [ 1131.907170][ C1] ? rcu_do_batch (kernel/rcu/tree.c:2617) [ 1131.907252][ C1] ? rcu_do_batch (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/rcu.h:597 kernel/rcu/tree.c:2612) [ 1131.907333][ C1] rcu_do_batch (./include/linux/rcupdate.h:310 (discriminator 2) kernel/rcu/tree.c:2619 (discriminator 2)) [ 1131.907414][ C1] ? trace_rcu_batch_end (kernel/rcu/tree.c:2541) [ 1131.907497][ C1] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.907577][ C1] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 24)) [ 1131.907682][ C1] ? trace_irq_disable.constprop.0 (./include/trace/events/preemptirq.h:36 (discriminator 24)) [ 1131.907781][ C1] rcu_core (kernel/rcu/tree.c:2871) [ 1131.907847][ C1] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 1131.907934][ C1] ? clockevents_tick_resume (kernel/time/clockevents.c:337) [ 1131.908016][ C1] ? _local_bh_enable (kernel/softirq.c:580) [ 1131.908098][ C1] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.908182][ C1] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 1131.908269][ C1] __irq_exit_rcu (kernel/softirq.c:496 (discriminator 1) kernel/softirq.c:735 (discriminator 1)) [ 1131.908354][ C1] irq_exit_rcu (kernel/softirq.c:754) [ 1131.908415][ C1] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1061 (discriminator 37) arch/x86/kernel/apic/apic.c:1061 (discriminator 37)) [ 1131.908497][ C1] [ 1131.908538][ C1] [ 1131.908577][ C1] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 1131.908678][ C1] RIP: 0010:_raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:179 (discriminator 1) kernel/locking/spinlock.c:198 (discriminator 1)) [ 1131.908783][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 31 0d 9c fd 48 89 df e8 a9 63 9c fd f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 30 16 8f fd 65 8b 05 79 7e 5d 02 85 c0 74 12 5b All code ======== 0: f5 cmc 1: 53 push %rbx 2: 48 8b 74 24 10 mov 0x10(%rsp),%rsi 7: 48 89 fb mov %rdi,%rbx a: 48 83 c7 18 add $0x18,%rdi e: e8 31 0d 9c fd call 0xfffffffffd9c0d44 13: 48 89 df mov %rbx,%rdi 16: e8 a9 63 9c fd call 0xfffffffffd9c63c4 1b: f7 c5 00 02 00 00 test $0x200,%ebp 21: 75 1f jne 0x42 23: 9c pushf 24: 58 pop %rax 25: f6 c4 02 test $0x2,%ah 28: 75 2f jne 0x59 2a:* bf 01 00 00 00 mov $0x1,%edi <-- trapping instruction 2f: e8 30 16 8f fd call 0xfffffffffd8f1664 34: 65 8b 05 79 7e 5d 02 mov %gs:0x25d7e79(%rip),%eax # 0x25d7eb4 3b: 85 c0 test %eax,%eax 3d: 74 12 je 0x51 3f: 5b pop %rbx Code starting with the faulting instruction =========================================== 0: bf 01 00 00 00 mov $0x1,%edi 5: e8 30 16 8f fd call 0xfffffffffd8f163a a: 65 8b 05 79 7e 5d 02 mov %gs:0x25d7e79(%rip),%eax # 0x25d7e8a 11: 85 c0 test %eax,%eax 13: 74 12 je 0x27 15: 5b pop %rbx [ 1131.909068][ C1] RSP: 0018:ffa0000008957d60 EFLAGS: 00000246 [ 1131.909175][ C1] RAX: 0000000000000046 RBX: ff110000010327c0 RCX: 0000000000000000 [ 1131.909297][ C1] RDX: 0000000000000003 RSI: ffffffffae6719c0 RDI: ffffffffae37c1c3 [ 1131.909426][ C1] RBP: 0000000000000292 R08: ffffffffabfb99a0 R09: 1ffffffff6018a5a [ 1131.909553][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ff1100000e13c3c0 [ 1131.909675][ C1] R13: 0000000000000000 R14: ffa0000008957da8 R15: 0000000000000000 [ 1131.909798][ C1] ? trace_irq_enable.constprop.0 (./arch/x86/include/asm/bitops.h:222 ./arch/x86/include/asm/bitops.h:233 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:649 ./include/linux/cpumask.h:1231 ./include/trace/events/preemptirq.h:40) [ 1131.909905][ C1] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:178 kernel/locking/spinlock.c:198) [ 1131.910011][ C1] qlist_free_all (mm/kasan/quarantine.c:174 (discriminator 1)) [ 1131.910093][ C1] kasan_quarantine_reduce (./include/linux/srcu.h:484 (discriminator 2) mm/kasan/quarantine.c:287 (discriminator 2)) [ 1131.910178][ C1] __kasan_slab_alloc (mm/kasan/common.c:350) [ 1131.910263][ C1] kmem_cache_alloc_noprof (./include/linux/kasan.h:253 mm/slub.c:4538 mm/slub.c:4866 mm/slub.c:4873) [ 1131.910344][ C1] ? do_raw_spin_trylock (kernel/locking/spinlock_debug.c:136) [ 1131.910429][ C1] do_getname.isra.0 (fs/namei.c:183 (discriminator 1)) [ 1131.910516][ C1] ? set_compat_user_sigmask (kernel/signal.c:3321) [ 1131.910600][ C1] __x64_sys_chdir (fs/open.c:554 fs/open.c:550 fs/open.c:550) [ 1131.910681][ C1] ? __ia32_sys_access (fs/open.c:550) [ 1131.910766][ C1] ? restore_fpregs_from_fpstate (arch/x86/kernel/fpu/xstate.h:240 arch/x86/kernel/fpu/core.c:207) [ 1131.910866][ C1] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 1131.910950][ C1] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 1131.911032][ C1] ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:106 (discriminator 9)) [ 1131.911113][ C1] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 1131.911196][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 1131.911296][ C1] RIP: 0033:0x7f70d75b7abb [ 1131.911381][ C1] Code: 77 05 c3 0f 1f 40 00 48 8b 15 39 b3 10 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 50 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0d b3 10 00 f7 d8 64 89 01 48 All code ======== 0: 77 05 ja 0x7 2: c3 ret 3: 0f 1f 40 00 nopl 0x0(%rax) 7: 48 8b 15 39 b3 10 00 mov 0x10b339(%rip),%rdx # 0x10b347 e: f7 d8 neg %eax 10: 64 89 02 mov %eax,%fs:(%rdx) 13: b8 ff ff ff ff mov $0xffffffff,%eax 18: c3 ret 19: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 1f: f3 0f 1e fa endbr64 23: b8 50 00 00 00 mov $0x50,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 0d b3 10 00 mov 0x10b30d(%rip),%rcx # 0x10b347 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 0d b3 10 00 mov 0x10b30d(%rip),%rcx # 0x10b31d 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W [ 1131.911665][ C1] RSP: 002b:00007fff13fbf038 EFLAGS: 00000206 ORIG_RAX: 0000000000000050 [ 1131.911790][ C1] RAX: ffffffffffffffda RBX: 000056071bdfe2e0 RCX: 00007f70d75b7abb [ 1131.911918][ C1] RDX: 0000000000000000 RSI: 5c9c901620874df9 RDI: 000056071bde4590 [ 1131.912038][ C1] RBP: 00007fff13fbf050 R08: 000056071bde3150 R09: 0000000000000000 [ 1131.912158][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 Finger prints: dst_dev_put:fib6_nh_release:fib6_info_destroy_rcu:rcu_do_batch:rcu_core print_report:kasan_report:fib6_purge_rt:fib6_del_route:fib6_del