======================================
| xx__-> [ 1216.593218] ------------[ cut here ]------------
| [ 1216.593280] rcuref - imbalanced put()
| [ 1216.593281] WARNING: lib/rcuref.c:266 at 0x0, CPU#3: mausezahn/30682
| [ 1216.593379] Modules linked in: ipt_rpfilter ip6t_rpfilter ip6_gre gre nft_chain_nat xt_nat nf_nat vxlan xt_conntrack nf_conntrack nf_defrag_ipv4 nf_defrag_ipv6 drop_monitor netdevsim psample chacha libchacha chacha20poly1305 libpoly1305 tls cls_flower sch_prio xt_mark act_mirred cls_basic sch_fq_codel act_gact cls_matchall sch_ingress xfrm_user xt_policy ipt_REJECT nf_reject_ipv4 nft_compat nf_tables
[ 1216.593754] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1216.593803] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 lib/rcuref.c:237)
[ 1216.593857] Code: b1 17 0f 94 c0 75 0e 5b c3 81 fe ff ff ff bf 77 12 85 f6 78 04 31 c0 5b c3 c7 03 00 00 00 a0 31 c0 5b c3 48 8d 3d 20 32 2f 01 <67> 48 0f b9 3a 31 c0 c7 03 00 00 00 e0 eb de 90 f3 0f 1e fa 48 b8
All code
========
   0:	b1 17                	mov    $0x17,%cl
   2:	0f 94 c0             	sete   %al
   5:	75 0e                	jne    0x15
   7:	5b                   	pop    %rbx
   8:	c3                   	ret
   9:	81 fe ff ff ff bf    	cmp    $0xbfffffff,%esi
   f:	77 12                	ja     0x23
  11:	85 f6                	test   %esi,%esi
  13:	78 04                	js     0x19
  15:	31 c0                	xor    %eax,%eax
  17:	5b                   	pop    %rbx
  18:	c3                   	ret
  19:	c7 03 00 00 00 a0    	movl   $0xa0000000,(%rbx)
  1f:	31 c0                	xor    %eax,%eax
  21:	5b                   	pop    %rbx
  22:	c3                   	ret
  23:	48 8d 3d 20 32 2f 01 	lea    0x12f3220(%rip),%rdi        # 0x12f324a
  2a:*	67 48 0f b9 3a       	ud1    (%edx),%rdi		<-- trapping instruction
  2f:	31 c0                	xor    %eax,%eax
  31:	c7 03 00 00 00 e0    	movl   $0xe0000000,(%rbx)
  37:	eb de                	jmp    0x17
  39:	90                   	nop
  3a:	f3 0f 1e fa          	endbr64
  3e:	48                   	rex.W
  3f:	b8                   	.byte 0xb8

Code starting with the faulting instruction
===========================================
   0:	67 48 0f b9 3a       	ud1    (%edx),%rdi
   5:	31 c0                	xor    %eax,%eax
   7:	c7 03 00 00 00 e0    	movl   $0xe0000000,(%rbx)
   d:	eb de                	jmp    0xffffffffffffffed
   f:	90                   	nop
  10:	f3 0f 1e fa          	endbr64
  14:	48                   	rex.W
  15:	b8                   	.byte 0xb8
[ 1216.593996] RSP: 0018:ffffbc694183b770 EFLAGS: 00010206
[ 1216.594039] RAX: 00000000dfffffff RBX: ffff91f1097d3c40 RCX: ffff91f1097d3c68
[ 1216.594096] RDX: ffff91f13edaa408 RSI: 00000000dfffffff RDI: ffffffffaec7d4c0
[ 1216.594155] RBP: ffff91f13edaa400 R08: ffff91f104f11300 R09: 0000000000000001
[ 1216.594213] R10: 0000000000000000 R11: 0000000000000002 R12: ffff91f1097d3c00
[ 1216.594278] R13: 0000000000000000 R14: ffff91f104f11380 R15: 0000000000000001
[ 1216.594342] FS:  00007f4181c13740(0000) GS:ffff91f18fb05000(0000) knlGS:0000000000000000
[ 1216.594404] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1216.594459] CR2: 00007f4181d6a0b0 CR3: 0000000006c95003 CR4: 0000000000772ef0
[ 1216.594525] PKRU: 55555554
[ 1216.594551] Call Trace:
[ 1216.594573]  <TASK>
[ 1216.594597]  dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167)
[ 1216.594632]  rt_cache_route (net/ipv4/route.c:1510)
[ 1216.594670]  rt_set_nexthop.constprop.0 (net/ipv4/route.c:1622)
[ 1216.594714]  ip_route_output_key_hash_rcu (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682 net/ipv4/route.c:2875)
[ 1216.594759]  ip_route_output_flow (net/ipv4/route.c:2705 ./include/net/route.h:169 net/ipv4/route.c:2932)
[ 1216.594790]  udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 net/ipv4/udp_tunnel_core.c:230)
[ 1216.594844] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472) vxlan
[ 1216.594897]  ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan
[ 1216.594946] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan
[ 1216.595000]  ? update_load_avg (kernel/sched/fair.c:4367 kernel/sched/fair.c:4704)
[ 1216.595039]  ? update_curr (kernel/sched/fair.c:1227)
[ 1216.595070]  ? update_entity_lag (kernel/sched/fair.c:699 (discriminator 3))
[ 1216.595104]  ? dequeue_entities (kernel/sched/fair.c:5407 kernel/sched/fair.c:7023)
[ 1216.595132]  ? dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869)
[ 1216.595179]  dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869)
[ 1216.595214]  __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818)
[ 1216.595249]  ? __alloc_skb (net/core/skbuff.c:706)
[ 1216.595284]  ? _copy_from_iter (./arch/x86/include/asm/smap.h:42 ./arch/x86/include/asm/uaccess_64.h:134 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272)
[ 1216.595320]  ? alloc_skb_with_frags (./include/linux/skbuff.h:1383 net/core/skbuff.c:6715)
[ 1216.595368]  ? packet_parse_headers (./include/linux/skbuff.h:3180 net/packet/af_packet.c:1938)
[ 1216.595413]  packet_sendmsg (net/packet/af_packet.c:3076 net/packet/af_packet.c:3108)
[ 1216.595448]  ? netdev_name_node_lookup_rcu (net/core/dev.c:327)
[ 1216.595493]  __sys_sendto (net/socket.c:718 net/socket.c:733 net/socket.c:2222)
[ 1216.595528]  ? cpu_clock_sample_group (kernel/time/posix-cpu-timers.c:331 kernel/time/posix-cpu-timers.c:350)
[ 1216.595574]  __x64_sys_sendto (net/socket.c:2229 net/socket.c:2225 net/socket.c:2225)
[ 1216.595608]  do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)
[ 1216.595644]  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
[ 1216.595684] RIP: 0033:0x7f4181e2f27a
[ 1216.595716] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
All code
========
   0:	d8 64 89 02          	fsubs  0x2(%rcx,%rcx,4)
   4:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   b:	eb b8                	jmp    0xffffffffffffffc5
   d:	0f 1f 00             	nopl   (%rax)
  10:	f3 0f 1e fa          	endbr64
  14:	41 89 ca             	mov    %ecx,%r10d
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 15                	jne    0x38
  23:	b8 2c 00 00 00       	mov    $0x2c,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 7e                	ja     0xb0
  32:	c3                   	ret
  33:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  38:	41 54                	push   %r12
  3a:	48 83 ec 30          	sub    $0x30,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 7e                	ja     0x86
   8:	c3                   	ret
   9:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   e:	41 54                	push   %r12
  10:	48 83 ec 30          	sub    $0x30,%rsp
  14:	44                   	rex.R
  15:	89                   	.byte 0x89
[ 1216.595850] RSP: 002b:00007ffd821cc3c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1216.595912] RAX: ffffffffffffffda RBX: 00000000395769d0 RCX: 00007f4181e2f27a
[ 1216.595978] RDX: 0000000000000064 RSI: 00000000395765c2 RDI: 0000000000000005
[ 1216.596040] RBP: 00000000395765c2 R08: 00007ffd821cc3d0 R09: 0000000000000014
[ 1216.596099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000


Finger prints:
rcuref_put_slowpath:dst_release:rt_cache_route:ip_route_output_key_hash_rcu:ip_route_output_flow