[ 4077.895153][    C1] ==================================================================
[ 4077.895459][    C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x214/0x280
[ 4077.895734][    C1] Read of size 8 at addr ffff88800b7f6640 by task swapper/1/0
[ 4077.895989][    C1] 
[ 4077.896080][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.18.0-virtme #1 PREEMPT(full) 
[ 4077.896086][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4077.896088][    C1] Call Trace:
[ 4077.896090][    C1]  <IRQ>
[ 4077.896092][    C1]  dump_stack_lvl+0x82/0xc0
[ 4077.896101][    C1]  print_address_description.constprop.0+0x2c/0x3a0
[ 4077.896109][    C1]  ? dst_dev_put+0x214/0x280
[ 4077.896113][    C1]  print_report+0xb4/0x270
[ 4077.896117][    C1]  ? dst_dev_put+0x214/0x280
[ 4077.896120][    C1]  ? kasan_addr_to_slab+0x1d/0x50
[ 4077.896124][    C1]  ? dst_dev_put+0x214/0x280
[ 4077.896126][    C1]  kasan_report+0xca/0x100
[ 4077.896131][    C1]  ? dst_dev_put+0x214/0x280
[ 4077.896136][    C1]  dst_dev_put+0x214/0x280
[ 4077.896139][    C1]  rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4077.896147][    C1]  fib_nh_common_release+0xe6/0x2d0
[ 4077.896151][    C1]  free_fib_info_rcu+0x14c/0x380
[ 4077.896155][    C1]  ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4077.896158][    C1]  rcu_do_batch+0x27e/0x1120
[ 4077.896165][    C1]  ? trace_rcu_batch_end+0x270/0x270
[ 4077.896169][    C1]  ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4077.896176][    C1]  ? lockdep_hardirqs_on+0x7c/0x100
[ 4077.896182][    C1]  ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 4077.896187][    C1]  rcu_core+0x2bb/0x520
[ 4077.896191][    C1]  handle_softirqs+0x1c0/0x820
[ 4077.896200][    C1]  __irq_exit_rcu+0x6c/0xe0
[ 4077.896202][    C1]  irq_exit_rcu+0xe/0x30
[ 4077.896205][    C1]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4077.896209][    C1]  </IRQ>
[ 4077.896210][    C1]  <TASK>
[ 4077.896212][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4077.896216][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 4077.896220][    C1] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 <c3> 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 4077.896224][    C1] RSP: 0018:ffffc90000137dd8 EFLAGS: 00000206
[ 4077.896228][    C1] RAX: 0000000008fc058d RBX: 1ffff92000026fbf RCX: ffffffffb640a255
[ 4077.896231][    C1] RDX: 0000000000000000 RSI: ffffffffb6dfa925 RDI: ffffffffb686a600
[ 4077.896232][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da1631a
[ 4077.896234][    C1] R10: ffff88806d0b18d3 R11: ffff888001ae0a90 R12: 0000000000000000
[ 4077.896236][    C1] R13: ffff888001ae0040 R14: dffffc0000000000 R15: 0000000000000000
[ 4077.896240][    C1]  ? ct_kernel_exit.constprop.0+0x105/0x150
[ 4077.896244][    C1]  default_idle+0x9/0x10
[ 4077.896246][    C1]  default_idle_call+0x6c/0xa0
[ 4077.896249][    C1]  cpuidle_idle_call+0x23b/0x380
[ 4077.896253][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[ 4077.896257][    C1]  ? tsc_verify_tsc_adjust+0x94/0x310
[ 4077.896263][    C1]  do_idle+0xe1/0x140
[ 4077.896267][    C1]  cpu_startup_entry+0x54/0x60
[ 4077.896270][    C1]  start_secondary+0x1fd/0x290
[ 4077.896273][    C1]  ? set_cpu_sibling_map+0x1e10/0x1e10
[ 4077.896278][    C1]  common_startup_64+0x13e/0x148
[ 4077.896288][    C1]  </TASK>
[ 4077.896290][    C1] 
[ 4077.905763][    C1] Allocated by task 30495:
[ 4077.905939][    C1]  kasan_save_stack+0x24/0x40
[ 4077.906120][    C1]  kasan_save_track+0x14/0x30
[ 4077.906292][    C1]  __kasan_slab_alloc+0x55/0x60
[ 4077.906465][    C1]  kmem_cache_alloc_noprof+0x291/0x6d0
[ 4077.906639][    C1]  dst_alloc+0x7a/0x140
[ 4077.906770][    C1]  rt_dst_alloc+0x31/0x3a0
[ 4077.906945][    C1]  __mkroute_output+0x425/0x11a0
[ 4077.907125][    C1]  ip_route_output_key_hash+0xfa/0x220
[ 4077.907298][    C1]  ip_route_output_flow+0x23/0x140
[ 4077.907473][    C1]  udp_tunnel_dst_lookup+0x227/0x3a0
[ 4077.907646][    C1]  vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 4077.907832][    C1]  vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 4077.908020][    C1]  dev_hard_start_xmit+0x132/0x530
[ 4077.908197][    C1]  __dev_queue_xmit+0x1406/0x1af0
[ 4077.908367][    C1]  packet_snd+0xd0f/0x1a70
[ 4077.908540][    C1]  __sys_sendto+0x24b/0x380
[ 4077.908712][    C1]  __x64_sys_sendto+0xe0/0x1b0
[ 4077.908886][    C1]  do_syscall_64+0xc1/0xfc0
[ 4077.909059][    C1]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 4077.909272][    C1] 
[ 4077.909362][    C1] Freed by task 12:
[ 4077.909495][    C1]  kasan_save_stack+0x24/0x40
[ 4077.909671][    C1]  kasan_save_track+0x14/0x30
[ 4077.909844][    C1]  __kasan_save_free_info+0x3b/0x60
[ 4077.910016][    C1]  __kasan_slab_free+0x3f/0x60
[ 4077.910189][    C1]  kmem_cache_free+0x2e4/0x690
[ 4077.910362][    C1]  dst_destroy+0x230/0x350
[ 4077.910532][    C1]  rcu_do_batch+0x27e/0x1120
[ 4077.910709][    C1]  rcu_core+0x2bb/0x520
[ 4077.910844][    C1]  handle_softirqs+0x1c0/0x820
[ 4077.911018][    C1]  __irq_exit_rcu+0x6c/0xe0
[ 4077.911190][    C1]  irq_exit_rcu+0xe/0x30
[ 4077.911319][    C1]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4077.911492][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4077.911705][    C1] 
[ 4077.911794][    C1] Last potentially related work creation:
[ 4077.911969][    C1]  kasan_save_stack+0x24/0x40
[ 4077.912153][    C1]  kasan_record_aux_stack+0x8c/0xa0
[ 4077.912330][    C1]  __call_rcu_common.constprop.0+0xa9/0x950
[ 4077.912549][    C1]  dst_cache_destroy+0xf7/0x200
[ 4077.912726][    C1]  vxlan_fdb_free+0x10e/0x1b0 [vxlan]
[ 4077.912910][    C1]  rcu_do_batch+0x27e/0x1120
[ 4077.913091][    C1]  rcu_core+0x2bb/0x520
[ 4077.913223][    C1]  handle_softirqs+0x1c0/0x820
[ 4077.913405][    C1]  __irq_exit_rcu+0x6c/0xe0
[ 4077.913582][    C1]  irq_exit_rcu+0xe/0x30
[ 4077.913715][    C1]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4077.913892][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4077.914108][    C1] 
[ 4077.914199][    C1] The buggy address belongs to the object at ffff88800b7f6640
[ 4077.914199][    C1]  which belongs to the cache rtable of size 184
[ 4077.914627][    C1] The buggy address is located 0 bytes inside of
[ 4077.914627][    C1]  freed 184-byte region [ffff88800b7f6640, ffff88800b7f66f8)
[ 4077.915049][    C1] 
[ 4077.915140][    C1] The buggy address belongs to the physical page:
[ 4077.915354][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88800b7f6940 pfn:0xb7f6
[ 4077.915707][    C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 4077.915977][    C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 4077.916201][    C1] page_type: f5(slab)
[ 4077.916338][    C1] raw: 0080000000000240 ffff8880050b9e00 ffffea0000317e90 ffff8880025e9708
[ 4077.916653][    C1] raw: ffff88800b7f6940 0000000000150001 00000000f5000000 0000000000000000
[ 4077.916970][    C1] head: 0080000000000240 ffff8880050b9e00 ffffea0000317e90 ffff8880025e9708
[ 4077.917284][    C1] head: ffff88800b7f6940 0000000000150001 00000000f5000000 0000000000000000
[ 4077.917599][    C1] head: 0080000000000001 ffffea00002dfd81 00000000ffffffff 00000000ffffffff
[ 4077.917908][    C1] head: ffff88800b7f7c68 0000000000000000 00000000ffffffff 0000000000000000
[ 4077.918232][    C1] page dumped because: kasan: bad access detected
[ 4077.918452][    C1] 
[ 4077.918539][    C1] Memory state around the buggy address:
[ 4077.918709][    C1]  ffff88800b7f6500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4077.918963][    C1]  ffff88800b7f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4077.919218][    C1] >ffff88800b7f6600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 4077.919477][    C1]                                            ^
[ 4077.919690][    C1]  ffff88800b7f6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4077.919941][    C1]  ffff88800b7f6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4077.920191][    C1] ==================================================================
[ 4077.920494][    C1] Disabling lock debugging due to kernel taint
[ 4077.920736][    C1] Oops: general protection fault, probably for non-canonical address 0xe0e73c38c0000008: 0000 [#1] SMP KASAN
[ 4077.921107][    C1] KASAN: maybe wild-memory-access in range [0x073a01c600000040-0x073a01c600000047]
[ 4077.921392][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G    B               6.18.0-virtme #1 PREEMPT(full) 
[ 4077.921729][    C1] Tainted: [B]=BAD_PAGE
[ 4077.921860][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4077.922068][    C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4077.922245][    C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4077.922835][    C1] RSP: 0018:ffffc900001c0d48 EFLAGS: 00010203
[ 4077.923045][    C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffb5a8b428
[ 4077.923292][    C1] RDX: 00e74038c0000008 RSI: 0000000000000008 RDI: 073a01c600000044
[ 4077.923539][    C1] RBP: 073a01c60000000c R08: 0000000000000001 R09: fffffbfff71aa8c4
[ 4077.923786][    C1] R10: ffffffffb8d54627 R11: ffffc900001c0800 R12: ffff88800910afe0
[ 4077.924038][    C1] R13: ffff88800b7f6640 R14: 0000000000000003 R15: ffff88800b7f6640
[ 4077.924286][    C1] FS:  0000000000000000(0000) GS:ffff8880b4398000(0000) knlGS:0000000000000000
[ 4077.924571][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4077.924779][    C1] CR2: 000055e67ffdf9a8 CR3: 000000003a145006 CR4: 0000000000772ef0
[ 4077.925032][    C1] PKRU: 55555554
[ 4077.925157][    C1] Call Trace:
[ 4077.925281][    C1]  <IRQ>
[ 4077.925367][    C1]  rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4077.925536][    C1]  fib_nh_common_release+0xe6/0x2d0
[ 4077.925702][    C1]  free_fib_info_rcu+0x14c/0x380
[ 4077.925865][    C1]  ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4077.926078][    C1]  rcu_do_batch+0x27e/0x1120
[ 4077.926246][    C1]  ? trace_rcu_batch_end+0x270/0x270
[ 4077.926411][    C1]  ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4077.926619][    C1]  ? lockdep_hardirqs_on+0x7c/0x100
[ 4077.926785][    C1]  ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 4077.926989][    C1]  rcu_core+0x2bb/0x520
[ 4077.927115][    C1]  handle_softirqs+0x1c0/0x820
[ 4077.927287][    C1]  __irq_exit_rcu+0x6c/0xe0
[ 4077.927451][    C1]  irq_exit_rcu+0xe/0x30
[ 4077.927573][    C1]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4077.927739][    C1]  </IRQ>
[ 4077.927824][    C1]  <TASK>
[ 4077.927906][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4077.928119][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 4077.928291][    C1] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 <c3> 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 4077.928876][    C1] RSP: 0018:ffffc90000137dd8 EFLAGS: 00000206
[ 4077.929086][    C1] RAX: 0000000008fc058d RBX: 1ffff92000026fbf RCX: ffffffffb640a255
[ 4077.929332][    C1] RDX: 0000000000000000 RSI: ffffffffb6dfa925 RDI: ffffffffb686a600
[ 4077.929583][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da1631a
[ 4077.929831][    C1] R10: ffff88806d0b18d3 R11: ffff888001ae0a90 R12: 0000000000000000
[ 4077.930079][    C1] R13: ffff888001ae0040 R14: dffffc0000000000 R15: 0000000000000000
[ 4077.930329][    C1]  ? ct_kernel_exit.constprop.0+0x105/0x150
[ 4077.930534][    C1]  default_idle+0x9/0x10
[ 4077.930769][    C1]  default_idle_call+0x6c/0xa0
[ 4077.930938][    C1]  cpuidle_idle_call+0x23b/0x380
[ 4077.931105][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[ 4077.931268][    C1]  ? tsc_verify_tsc_adjust+0x94/0x310
[ 4077.931536][    C1]  do_idle+0xe1/0x140
[ 4077.931660][    C1]  cpu_startup_entry+0x54/0x60
[ 4077.931822][    C1]  start_secondary+0x1fd/0x290
[ 4077.931983][    C1]  ? set_cpu_sibling_map+0x1e10/0x1e10
[ 4077.932152][    C1]  common_startup_64+0x13e/0x148
[ 4077.932419][    C1]  </TASK>
[ 4077.932541][    C1] Modules linked in: xt_conntrack nf_conntrack nf_defrag_ipv4 nft_compat nf_tables nf_defrag_ipv6 cls_bpf sctp_diag sctp ip6_gre ip_gre gre cls_matchall chacha libchacha chacha20poly1305 libpoly1305 tls act_gact cls_flower sch_ingress vxlan
[ 4077.933349][    C1] ---[ end trace 0000000000000000 ]---
[ 4077.933526][    C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4077.933809][    C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4077.934390][    C1] RSP: 0018:ffffc900001c0d48 EFLAGS: 00010203
[ 4077.934703][    C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffb5a8b428
[ 4077.934947][    C1] RDX: 00e74038c0000008 RSI: 0000000000000008 RDI: 073a01c600000044
[ 4077.935191][    C1] RBP: 073a01c60000000c R08: 0000000000000001 R09: fffffbfff71aa8c4
[ 4077.935539][    C1] R10: ffffffffb8d54627 R11: ffffc900001c0800 R12: ffff88800910afe0
[ 4077.935786][    C1] R13: ffff88800b7f6640 R14: 0000000000000003 R15: ffff88800b7f6640
[ 4077.936135][    C1] FS:  0000000000000000(0000) GS:ffff8880b4398000(0000) knlGS:0000000000000000
[ 4077.936418][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4077.936621][    C1] CR2: 000055e67ffdf9a8 CR3: 000000003a145006 CR4: 0000000000772ef0
[ 4077.936970][    C1] PKRU: 55555554
[ 4077.937094][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 4077.937538][    C1] Kernel Offset: 0x32a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4077.938037][    C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr