====================================== | [ 846.887106][T21828] ================================================================== | [ 846.887269][T21828] BUG: KASAN: slab-use-after-free in ip6_pol_route (net/ipv6/route.c:1446 (discriminator 1) net/ipv6/route.c:2316 (discriminator 1)) | [ 846.887401][T21828] Read of size 4 at addr ff11000019e11b18 by task cmsg_sender/21828 | [ 846.887529][T21828] [ 846.887577][T21828] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 846.887579][T21828] Call Trace: [ 846.887580][T21828] [ 846.887581][T21828] dump_stack_lvl (lib/dump_stack.c:122) [ 846.887588][T21828] print_address_description.constprop.0 (mm/kasan/report.c:379 (discriminator 1)) [ 846.887593][T21828] print_report (mm/kasan/report.c:483) [ 846.887595][T21828] ? __virt_addr_valid (./include/linux/rcupdate.h:937 (discriminator 1) ./include/linux/mmzone.h:2197 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1)) [ 846.887598][T21828] ? __virt_addr_valid (./include/linux/rcupdate.h:963 (discriminator 4) ./include/linux/mmzone.h:2207 (discriminator 4) arch/x86/mm/physaddr.c:54 (discriminator 4)) [ 846.887601][T21828] kasan_report (mm/kasan/report.c:597) [ 846.887604][T21828] ? ip6_pol_route (net/ipv6/route.c:1446 (discriminator 1) net/ipv6/route.c:2316 (discriminator 1)) [ 846.887606][T21828] ? ip6_pol_route (net/ipv6/route.c:1446 (discriminator 1) net/ipv6/route.c:2316 (discriminator 1)) [ 846.887609][T21828] ip6_pol_route (net/ipv6/route.c:1446 (discriminator 1) net/ipv6/route.c:2316 (discriminator 1)) [ 846.887610][T21828] ? mark_usage (kernel/locking/lockdep.c:4674 (discriminator 1)) [ 846.887614][T21828] ? ip6_pol_route_lookup (net/ipv6/route.c:2268) [ 846.887616][T21828] ? mark_usage (kernel/locking/lockdep.c:4674 (discriminator 1)) [ 846.887618][T21828] ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 4) kernel/rcu/tree.c:4032 (discriminator 4)) [ 846.887621][T21828] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1)) [ 846.887624][T21828] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3)) [ 846.887626][T21828] ? ip6_pol_route_input (net/ipv6/route.c:2665) [ 846.887627][T21828] fib6_rule_lookup (net/ipv6/fib6_rules.c:130) [ 846.887631][T21828] ? mark_usage (kernel/locking/lockdep.c:4674 (discriminator 1)) [ 846.887633][T21828] ? fib6_lookup (net/ipv6/fib6_rules.c:102) [ 846.887635][T21828] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 846.887637][T21828] ? ip6_route_output_flags (./include/linux/rcupdate.h:300 (discriminator 2) ./include/linux/rcupdate.h:838 (discriminator 2) net/ipv6/route.c:2710 (discriminator 2)) [ 846.887639][T21828] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 846.887641][T21828] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 846.887643][T21828] ip6_route_output_flags (net/ipv6/route.c:2699 net/ipv6/route.c:2711) [ 846.887645][T21828] ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1155 (discriminator 1)) [ 846.887648][T21828] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 846.887650][T21828] ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1289) [ 846.887652][T21828] ? ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1282) [ 846.887654][T21828] ? sk_dst_check (net/core/sock.c:622) [ 846.887657][T21828] ip6_sk_dst_lookup_flow (net/ipv6/ip6_output.c:1326 (discriminator 1)) [ 846.887659][T21828] ping_v6_sendmsg (net/ipv6/ping.c:151) [ 846.887662][T21828] ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3)) [ 846.887665][T21828] ? l3mdev_master_ifindex_by_index (./include/linux/rcupdate.h:867 (discriminator 7) ./include/net/l3mdev.h:102 (discriminator 7)) [ 846.887668][T21828] ? release_sock (net/core/sock.c:3814) [ 846.887669][T21828] ? reacquire_held_locks (kernel/locking/lockdep.c:5385 (discriminator 2)) [ 846.887671][T21828] ? release_sock (net/core/sock.c:3814) [ 846.887673][T21828] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2)) [ 846.887675][T21828] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 846.887678][T21828] ? inet_autobind (net/ipv4/af_inet.c:195) [ 846.887680][T21828] ? inet_send_prepare (net/ipv4/af_inet.c:853) [ 846.887683][T21828] ____sys_sendmsg (net/socket.c:787 (discriminator 4) net/socket.c:802 (discriminator 4) net/socket.c:2698 (discriminator 4)) [ 846.887685][T21828] ? copy_msghdr_from_user (net/socket.c:2638) [ 846.887686][T21828] ? get_timestamp.constprop.0 (net/socket.c:2644) [ 846.887688][T21828] ? move_addr_to_kernel (net/socket.c:2624) [ 846.887690][T21828] ? mark_usage (kernel/locking/lockdep.c:4674 (discriminator 1)) [ 846.887693][T21828] ___sys_sendmsg (net/socket.c:2754) [ 846.887694][T21828] ? copy_msghdr_from_user (net/socket.c:2741) [ 846.887696][T21828] ? insert_pfn (mm/memory.c:2712) [ 846.887700][T21828] ? rcu_read_unlock (./include/linux/rcupdate.h:867 (discriminator 5)) [ 846.887702][T21828] ? do_pte_missing (mm/memory.c:5799 mm/memory.c:5933 mm/memory.c:4477) [ 846.887706][T21828] __sys_sendmsg (net/socket.c:2784 (discriminator 1)) [ 846.887708][T21828] ? __sys_sendmsg_sock (net/socket.c:2769) [ 846.887710][T21828] ? down_write_nested (kernel/locking/rwsem.c:1380) [ 846.887712][T21828] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 846.887715][T21828] ? do_user_addr_fault (./include/linux/mmap_lock.h:619 arch/x86/mm/fault.c:1413) [ 846.887717][T21828] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 846.887718][T21828] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 846.887720][T21828] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 846.887723][T21828] ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:106 (discriminator 9)) [ 846.887726][T21828] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 846.887728][T21828] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 846.887731][T21828] RIP: 0033:0x7fc10ff6622e [ 846.887734][T21828] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 94 bd 00 00 call 0xbd9c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 03 ff ff ff call 0xffffffffffffff3c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 03 ff ff ff call 0xffffffffffffff12 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 846.887736][T21828] RSP: 002b:00007ffe32ccc720 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 846.887740][T21828] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc10ff6622e [ 846.887741][T21828] RDX: 0000000000000000 RSI: 00007ffe32ccc7f0 RDI: 0000000000000005 [ 846.887742][T21828] RBP: 00007ffe32ccc730 R08: 0000000000000000 R09: 0000000000000000 [ 846.887743][T21828] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000005 [ 846.887744][T21828] R13: 00000000124ee010 R14: 00007fc110138000 R15: 0000000000404e00 | [ 846.901395][T21828] Disabling lock debugging due to kernel taint | [ 851.703370][T22070] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d8e: 0000 [#1] SMP KASAN | [ 851.703595][T22070] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6c70-0x6b6b6b6b6b6b6c77] | [ 851.703893][T22070] Tainted: [B]=BAD_PAGE [ 851.703953][T22070] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 851.704068][T22070] RIP: 0010:ip6_pol_route (./include/net/net_namespace.h:419 (discriminator 7) ./include/linux/netdevice.h:2764 (discriminator 7) net/ipv6/route.c:1436 (discriminator 7) net/ipv6/route.c:1446 (discriminator 7) net/ipv6/route.c:2316 (discriminator 7)) [ 851.704155][T22070] Code: 80 3c 02 00 0f 85 80 04 00 00 4c 8b 3b e8 7f 5e 40 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf 08 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4c 04 00 00 49 8b 97 08 01 00 00 be 04 00 00 00 All code ======== 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 80 04 00 00 jne 0x48a a: 4c 8b 3b mov (%rbx),%r15 d: e8 7f 5e 40 00 call 0x405e91 12: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 19: fc ff df 1c: 49 8d bf 08 01 00 00 lea 0x108(%r15),%rdi 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx 2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 4c 04 00 00 jne 0x480 34: 49 8b 97 08 01 00 00 mov 0x108(%r15),%rdx 3b: be 04 00 00 00 mov $0x4,%esi Code starting with the faulting instruction =========================================== 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 4c 04 00 00 jne 0x456 a: 49 8b 97 08 01 00 00 mov 0x108(%r15),%rdx 11: be 04 00 00 00 mov $0x4,%esi [ 851.704423][T22070] RSP: 0018:ffa0000009d67388 EFLAGS: 00010216 [ 851.704526][T22070] RAX: dffffc0000000000 RBX: ff11000019e11a80 RCX: ffffffff9174dee1 [ 851.704639][T22070] RDX: 0d6d6d6d6d6d6d8e RSI: 0000000000000008 RDI: 6b6b6b6b6b6b6c73 [ 851.704751][T22070] RBP: 1ff40000013ace74 R08: 0000000000000000 R09: 0000000000000000 [ 851.704865][T22070] R10: 0000000000000000 R11: ff1100001bec02c0 R12: ff1100000fc83e40 [ 851.704983][T22070] R13: 000000006b6b6b6b R14: 0000000000000080 R15: 6b6b6b6b6b6b6b6b [ 851.705102][T22070] FS: 00007fa1385b9740(0000) GS:ff110000d0e4c000(0000) knlGS:0000000000000000 [ 851.705235][T22070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 851.705333][T22070] CR2: 00007fa13862c240 CR3: 00000000100b7006 CR4: 0000000000771ef0 [ 851.705449][T22070] PKRU: 55555554 [ 851.705508][T22070] Call Trace: [ 851.705566][T22070] [ 851.705606][T22070] ? ip6_pol_route_lookup (net/ipv6/route.c:2268) [ 851.705683][T22070] ? unwind_next_frame (./include/linux/rcupdate.h:871 ./include/linux/rcupdate.h:1181 arch/x86/kernel/unwind_orc.c:495) [ 851.705762][T22070] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 851.705840][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.705916][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.705996][T22070] ? ip6_pol_route_input (net/ipv6/route.c:2665) [ 851.706073][T22070] __fib6_rule_action (net/ipv6/fib6_rules.c:242) [ 851.706150][T22070] fib_rules_lookup (net/core/fib_rules.c:339) [ 851.706226][T22070] ? fib_nl_dumprule (net/core/fib_rules.c:315) [ 851.706303][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.706378][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.706455][T22070] ? ip6_pol_route_input (net/ipv6/route.c:2665) [ 851.706530][T22070] fib6_rule_lookup (net/ipv6/fib6_rules.c:118) [ 851.706605][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.706679][T22070] ? fib6_lookup (net/ipv6/fib6_rules.c:102) [ 851.706752][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.706825][T22070] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 851.706904][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.706989][T22070] ? ip6_pol_route_input (net/ipv6/route.c:2665) [ 851.707070][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.707145][T22070] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 851.707223][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.707298][T22070] ip6_route_output_flags (net/ipv6/route.c:2699 net/ipv6/route.c:2711) [ 851.707373][T22070] ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1155 (discriminator 1)) [ 851.707467][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.707542][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.707618][T22070] ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1289) [ 851.707695][T22070] ? ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1282) [ 851.707788][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.707864][T22070] ? sk_dst_check (./include/linux/rcupdate.h:839 (discriminator 1) ./include/net/sock.h:2197 (discriminator 1) net/core/sock.c:620 (discriminator 1)) [ 851.707940][T22070] ? sk_dst_check (net/core/sock.c:622) [ 851.708021][T22070] ip6_sk_dst_lookup_flow (net/ipv6/ip6_output.c:1326 (discriminator 1)) [ 851.708106][T22070] udpv6_sendmsg (net/ipv6/udp.c:1686) [ 851.708182][T22070] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 851.708262][T22070] ? udpv6_splice_eof (net/ipv6/udp.c:1457) [ 851.708338][T22070] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:79 (discriminator 1)) [ 851.708415][T22070] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 851.708494][T22070] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 24)) [ 851.708587][T22070] ? trace_irq_disable.constprop.0 (./include/trace/events/preemptirq.h:36 (discriminator 24)) [ 851.708682][T22070] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:79 (discriminator 1)) [ 851.708758][T22070] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 851.708835][T22070] ? inet_autobind (net/ipv4/af_inet.c:195) [ 851.708911][T22070] ? ____sys_sendmsg (net/socket.c:787 (discriminator 4) net/socket.c:802 (discriminator 4) net/socket.c:2698 (discriminator 4)) [ 851.708990][T22070] ____sys_sendmsg (net/socket.c:787 (discriminator 4) net/socket.c:802 (discriminator 4) net/socket.c:2698 (discriminator 4)) [ 851.709070][T22070] ? copy_msghdr_from_user (net/socket.c:2638) [ 851.709145][T22070] ? get_timestamp.constprop.0 (net/socket.c:2644) [ 851.709238][T22070] ? move_addr_to_kernel (net/socket.c:2624) [ 851.709315][T22070] ___sys_sendmsg (net/socket.c:2754) [ 851.709391][T22070] ? copy_msghdr_from_user (net/socket.c:2741) [ 851.709467][T22070] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 24) kernel/locking/lockdep.c:5831 (discriminator 24)) [ 851.709541][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.709618][T22070] ? do_pte_missing (mm/memory.c:5790 mm/memory.c:5933 mm/memory.c:4477) [ 851.709694][T22070] ? lock_release (./include/trace/events/lock.h:69 (discriminator 24) kernel/locking/lockdep.c:5879 (discriminator 24)) [ 851.709770][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.709845][T22070] __sys_sendmsg (net/socket.c:2784 (discriminator 1)) [ 851.709922][T22070] ? __sys_sendmsg_sock (net/socket.c:2769) [ 851.710006][T22070] ? do_user_addr_fault (./arch/x86/include/asm/atomic.h:93 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:949 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:401 (discriminator 4) ./include/linux/refcount.h:389 (discriminator 4) ./include/linux/refcount.h:432 (discriminator 4) ./include/linux/mmap_lock.h:196 (discriminator 4) ./include/linux/mmap_lock.h:217 (discriminator 4) ./include/linux/mmap_lock.h:264 (discriminator 4) arch/x86/mm/fault.c:1336 (discriminator 4)) [ 851.710088][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.710164][T22070] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3)) [ 851.710239][T22070] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 851.710315][T22070] ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:106 (discriminator 9)) [ 851.710390][T22070] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 851.710467][T22070] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 851.710562][T22070] RIP: 0033:0x7fa13862c22e [ 851.710643][T22070] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 94 bd 00 00 call 0xbd9c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 03 ff ff ff call 0xffffffffffffff3c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 03 ff ff ff call 0xffffffffffffff12 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 851.710910][T22070] RSP: 002b:00007ffeccf8bff0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 851.711034][T22070] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa13862c22e [ 851.711153][T22070] RDX: 0000000000000000 RSI: 00007ffeccf8c0c0 RDI: 0000000000000005 [ 851.711267][T22070] RBP: 00007ffeccf8c000 R08: 0000000000000000 R09: 0000000000000000 [ 851.711378][T22070] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000005 Finger prints: ip6_pol_route:__fib6_rule_action:fib_rules_lookup:fib6_rule_lookup:ip6_route_output_flags print_report:kasan_report:ip6_pol_route:fib6_rule_lookup:ip6_route_output_flags