======================================
| xx__-> [ 1298.107284] ------------[ cut here ]------------
| [ 1298.107367] rcuref - imbalanced put()
| [ 1298.107369] WARNING: lib/rcuref.c:266 at 0x0, CPU#1: swapper/1/0
| [ 1298.107457] Modules linked in: act_tunnel_key bareudp mpls_gso mpls_iptunnel mpls_router act_gact xt_conntrack xt_HL amt sctp_diag sctp cls_bpf netdevsim ip6_gre ip_gre gre act_mirred cls_u32 sch_ingress ifb unix_diag xfrm_user openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh geneve vxlan act_csum act_pedit cls_flower sch_prio ip6t_REJECT nf_reject_ipv6 nft_compat nf_tables
[ 1298.107797] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1298.107847] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 lib/rcuref.c:237)
[ 1298.107896] Code: b1 17 0f 94 c0 75 0e 5b c3 81 fe ff ff ff bf 77 12 85 f6 78 04 31 c0 5b c3 c7 03 00 00 00 a0 31 c0 5b c3 48 8d 3d 20 32 2f 01 <67> 48 0f b9 3a 31 c0 c7 03 00 00 00 e0 eb de 90 f3 0f 1e fa 48 b8
All code
========
   0:	b1 17                	mov    $0x17,%cl
   2:	0f 94 c0             	sete   %al
   5:	75 0e                	jne    0x15
   7:	5b                   	pop    %rbx
   8:	c3                   	ret
   9:	81 fe ff ff ff bf    	cmp    $0xbfffffff,%esi
   f:	77 12                	ja     0x23
  11:	85 f6                	test   %esi,%esi
  13:	78 04                	js     0x19
  15:	31 c0                	xor    %eax,%eax
  17:	5b                   	pop    %rbx
  18:	c3                   	ret
  19:	c7 03 00 00 00 a0    	movl   $0xa0000000,(%rbx)
  1f:	31 c0                	xor    %eax,%eax
  21:	5b                   	pop    %rbx
  22:	c3                   	ret
  23:	48 8d 3d 20 32 2f 01 	lea    0x12f3220(%rip),%rdi        # 0x12f324a
  2a:*	67 48 0f b9 3a       	ud1    (%edx),%rdi		<-- trapping instruction
  2f:	31 c0                	xor    %eax,%eax
  31:	c7 03 00 00 00 e0    	movl   $0xe0000000,(%rbx)
  37:	eb de                	jmp    0x17
  39:	90                   	nop
  3a:	f3 0f 1e fa          	endbr64
  3e:	48                   	rex.W
  3f:	b8                   	.byte 0xb8

Code starting with the faulting instruction
===========================================
   0:	67 48 0f b9 3a       	ud1    (%edx),%rdi
   5:	31 c0                	xor    %eax,%eax
   7:	c7 03 00 00 00 e0    	movl   $0xe0000000,(%rbx)
   d:	eb de                	jmp    0xffffffffffffffed
   f:	90                   	nop
  10:	f3 0f 1e fa          	endbr64
  14:	48                   	rex.W
  15:	b8                   	.byte 0xb8
[ 1298.108030] RSP: 0018:ffffa3d4c00e4e80 EFLAGS: 00010206
[ 1298.108071] RAX: 00000000dfffffff RBX: ffff8a2088e7b040 RCX: 0000000000000003
[ 1298.108130] RDX: ffffffff82c2f520 RSI: 00000000dfffffff RDI: ffffffff83a7d4c0
[ 1298.108185] RBP: ffff8a2088e7b000 R08: ffff8a20882d9470 R09: ffffffff823ca262
[ 1298.108239] R10: ffff8a20811e7570 R11: 000000000000027a R12: 000039b38507c258
[ 1298.108296] R13: 000039b38507c258 R14: ffff8a20beca9c00 R15: 0000000000000000
[ 1298.108359] FS:  0000000000000000(0000) GS:ffff8a213ac05000(0000) knlGS:0000000000000000
[ 1298.108427] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1298.108477] CR2: 00007fd382b18730 CR3: 000000001b246005 CR4: 0000000000772ef0
[ 1298.108538] PKRU: 55555554
[ 1298.108560] Call Trace:
[ 1298.108580]  <IRQ>
[ 1298.108602]  dst_release_immediate (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:184)
[ 1298.108646]  rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:190)
[ 1298.108694]  fib_nh_common_release (net/ipv4/fib_semantics.c:207)
[ 1298.108736]  free_fib_info_rcu (./include/net/nexthop.h:480 (discriminator 3) net/ipv4/fib_semantics.c:229 (discriminator 3))
[ 1298.108769]  rcu_core (kernel/rcu/tree.c:2612 kernel/rcu/tree.c:2857)
[ 1298.108811]  ? rcu_core (kernel/rcu/tree.c:2531 kernel/rcu/tree.c:2857)
[ 1298.108846]  handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623)
[ 1298.108886]  irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739)
[ 1298.108919]  sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 arch/x86/kernel/apic/apic.c:1056)
[ 1298.108961]  </IRQ>
[ 1298.108984]  <TASK>
[ 1298.109002]  asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697)
[ 1298.109048] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82)
[ 1298.109090] Code: 48 8b 3d 44 8d 2f 01 e8 1f 00 00 00 48 2b 05 f8 83 46 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 35 9b 08 00 fb f4 <c3> 0f 1f 40 d6 8b 17 48 89 fe 89 d7 83 e7 fe 0f 01 f9 66 90 48 c1
All code
========
   0:	48 8b 3d 44 8d 2f 01 	mov    0x12f8d44(%rip),%rdi        # 0x12f8d4b
   7:	e8 1f 00 00 00       	call   0x2b
   c:	48 2b 05 f8 83 46 00 	sub    0x4683f8(%rip),%rax        # 0x46840b
  13:	c3                   	ret
  14:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1b:	f3 0f 1e fa          	endbr64
  1f:	eb 07                	jmp    0x28
  21:	0f 00 2d 35 9b 08 00 	verw   0x89b35(%rip)        # 0x89b5d
  28:	fb                   	sti
  29:	f4                   	hlt
  2a:*	c3                   	ret		<-- trapping instruction
  2b:	0f 1f 40 d6          	nopl   -0x2a(%rax)
  2f:	8b 17                	mov    (%rdi),%edx
  31:	48 89 fe             	mov    %rdi,%rsi
  34:	89 d7                	mov    %edx,%edi
  36:	83 e7 fe             	and    $0xfffffffe,%edi
  39:	0f 01 f9             	rdtscp
  3c:	66 90                	xchg   %ax,%ax
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1

Code starting with the faulting instruction
===========================================
   0:	c3                   	ret
   1:	0f 1f 40 d6          	nopl   -0x2a(%rax)
   5:	8b 17                	mov    (%rdi),%edx
   7:	48 89 fe             	mov    %rdi,%rsi
   a:	89 d7                	mov    %edx,%edi
   c:	83 e7 fe             	and    $0xfffffffe,%edi
   f:	0f 01 f9             	rdtscp
  12:	66 90                	xchg   %ax,%ax
  14:	48                   	rex.W
  15:	c1                   	.byte 0xc1
[ 1298.109222] RSP: 0018:ffffa3d4c009fed0 EFLAGS: 00000216
[ 1298.109258] RAX: ffff8a213ac05000 RBX: ffff8a20812e45c0 RCX: 0000000000000000
[ 1298.109323] RDX: 0000000000000001 RSI: ffffffff831baf63 RDI: 0000000007acbc0c
[ 1298.109382] RBP: 0000000000000001 R08: 0000000007acbc0c R09: 0000000000000209
[ 1298.109442] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[ 1298.109497] R13: 000001f3fffffc18 R14: 0000000000000000 R15: 0000000000000000
[ 1298.109553]  default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767)
[ 1298.109585]  default_idle_call (./include/linux/cpuidle.h:144 kernel/sched/idle.c:123)
[ 1298.109619]  do_idle (kernel/sched/idle.c:192 kernel/sched/idle.c:332)
[ 1298.109654]  cpu_startup_entry (kernel/sched/idle.c:429 (discriminator 1))
[ 1298.109686]  start_secondary (arch/x86/kernel/smpboot.c:312)


Finger prints:
rcuref_put_slowpath:dst_release_immediate:fib_nh_common_release:free_fib_info_rcu:rcu_core