[ 13.779711][ T270] ip (270) used greatest stack depth: 23856 bytes left
[ 15.343783][ T287] GACT probability NOT on
[ 18.350641][ C0] ==================================================================
[ 18.350953][ C0] BUG: KASAN: slab-use-after-free in dst_dev_put+0x214/0x280
[ 18.351245][ C0] Read of size 8 at addr ffff88800c796340 by task swapper/0/0
[ 18.351530][ C0]
[ 18.351628][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.18.0-virtme #1 PREEMPT(full)
[ 18.351633][ C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 18.351635][ C0] Call Trace:
[ 18.351637][ C0]
[ 18.351639][ C0] dump_stack_lvl+0x82/0xc0
[ 18.351645][ C0] print_address_description.constprop.0+0x2c/0x3a0
[ 18.351651][ C0] ? dst_dev_put+0x214/0x280
[ 18.351655][ C0] print_report+0xb4/0x270
[ 18.351658][ C0] ? dst_dev_put+0x214/0x280
[ 18.351661][ C0] ? kasan_addr_to_slab+0x1d/0x50
[ 18.351665][ C0] ? dst_dev_put+0x214/0x280
[ 18.351667][ C0] kasan_report+0xca/0x100
[ 18.351672][ C0] ? dst_dev_put+0x214/0x280
[ 18.351677][ C0] dst_dev_put+0x214/0x280
[ 18.351680][ C0] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 18.351686][ C0] fib_nh_common_release+0xe6/0x2d0
[ 18.351690][ C0] free_fib_info_rcu+0x14c/0x380
[ 18.351694][ C0] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 18.351698][ C0] rcu_do_batch+0x27e/0x1120
[ 18.351704][ C0] ? trace_rcu_batch_end+0x270/0x270
[ 18.351707][ C0] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 18.351713][ C0] ? lockdep_hardirqs_on+0x7c/0x100
[ 18.351718][ C0] ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 18.351723][ C0] rcu_core+0x2bb/0x520
[ 18.351727][ C0] handle_softirqs+0x1c0/0x820
[ 18.351734][ C0] __irq_exit_rcu+0x6c/0xe0
[ 18.351737][ C0] irq_exit_rcu+0xe/0x30
[ 18.351740][ C0] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 18.351744][ C0]
[ 18.351745][ C0]
[ 18.351746][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 18.351750][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 18.351754][ C0] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 18.351757][ C0] RSP: 0018:ffffffff9ac07de8 EFLAGS: 00000206
[ 18.351761][ C0] RAX: 000000000005b1f3 RBX: 1ffffffff3580fc1 RCX: ffffffff99a0a255
[ 18.351763][ C0] RDX: 0000000000000000 RSI: ffffffff9a3fa925 RDI: ffffffff99e6a600
[ 18.351765][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da0631a
[ 18.351766][ C0] R10: ffff88806d0318d3 R11: ffffffff9ac32e50 R12: 0000000000000000
[ 18.351768][ C0] R13: ffffffff9ac32400 R14: dffffc0000000000 R15: 0000000000014770
[ 18.351772][ C0] ? ct_kernel_exit.constprop.0+0x105/0x150
[ 18.351777][ C0] default_idle+0x9/0x10
[ 18.351779][ C0] default_idle_call+0x6c/0xa0
[ 18.351781][ C0] cpuidle_idle_call+0x23b/0x380
[ 18.351785][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 18.351789][ C0] ? tsc_verify_tsc_adjust+0x94/0x310
[ 18.351793][ C0] do_idle+0xe1/0x140
[ 18.351797][ C0] cpu_startup_entry+0x54/0x60
[ 18.351799][ C0] rest_init+0x14b/0x260
[ 18.351803][ C0] start_kernel+0x348/0x3f0
[ 18.351809][ C0] x86_64_start_reservations+0x18/0x30
[ 18.351812][ C0] x86_64_start_kernel+0xf8/0x150
[ 18.351816][ C0] common_startup_64+0x13e/0x148
[ 18.351825][ C0]
[ 18.351826][ C0]
[ 18.362550][ C0] Allocated by task 318:
[ 18.362694][ C0] kasan_save_stack+0x24/0x40
[ 18.362894][ C0] kasan_save_track+0x14/0x30
[ 18.363084][ C0] __kasan_slab_alloc+0x55/0x60
[ 18.363277][ C0] kmem_cache_alloc_noprof+0x291/0x6d0
[ 18.363467][ C0] dst_alloc+0x7a/0x140
[ 18.363616][ C0] rt_dst_alloc+0x31/0x3a0
[ 18.363808][ C0] __mkroute_output+0x425/0x11a0
[ 18.363998][ C0] ip_route_output_key_hash+0xfa/0x220
[ 18.364186][ C0] ip_route_output_flow+0x23/0x140
[ 18.364378][ C0] udp_tunnel_dst_lookup+0x227/0x3a0
[ 18.364568][ C0] vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 18.364770][ C0] vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 18.364973][ C0] dev_hard_start_xmit+0x132/0x530
[ 18.365163][ C0] __dev_queue_xmit+0x1406/0x1af0
[ 18.365350][ C0] packet_snd+0xd0f/0x1a70
[ 18.365540][ C0] __sys_sendto+0x24b/0x380
[ 18.365729][ C0] __x64_sys_sendto+0xe0/0x1b0
[ 18.365919][ C0] do_syscall_64+0xc1/0xfc0
[ 18.366108][ C0] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 18.366344][ C0]
[ 18.366443][ C0] Freed by task 12:
[ 18.366585][ C0] kasan_save_stack+0x24/0x40
[ 18.366778][ C0] kasan_save_track+0x14/0x30
[ 18.366968][ C0] __kasan_save_free_info+0x3b/0x60
[ 18.367156][ C0] __kasan_slab_free+0x3f/0x60
[ 18.367347][ C0] kmem_cache_free+0x2e4/0x690
[ 18.367535][ C0] dst_destroy+0x230/0x350
[ 18.367725][ C0] rcu_do_batch+0x27e/0x1120
[ 18.367921][ C0] rcu_core+0x2bb/0x520
[ 18.368063][ C0] handle_softirqs+0x1c0/0x820
[ 18.368252][ C0] do_softirq+0xad/0xe0
[ 18.368395][ C0] __local_bh_enable_ip+0x101/0x120
[ 18.368709][ C0] __fib6_clean_all+0xf5/0x2a0
[ 18.368900][ C0] rt6_disable_ip+0x116/0x130
[ 18.369088][ C0] addrconf_ifdown.isra.0+0x102/0x15b0
[ 18.369277][ C0] addrconf_notify+0xd1/0xd20
[ 18.369591][ C0] notifier_call_chain+0x9a/0x290
[ 18.369779][ C0] netif_close_many+0x2d7/0x650
[ 18.369970][ C0] unregister_netdevice_many_notify+0x4ee/0x2080
[ 18.370203][ C0] ops_undo_list+0x70f/0x890
[ 18.370392][ C0] cleanup_net+0x3b2/0x8e0
[ 18.370580][ C0] process_one_work+0x880/0x1810
[ 18.370772][ C0] worker_thread+0x591/0xcf0
[ 18.370960][ C0] kthread+0x37b/0x5f0
[ 18.371229][ C0] ret_from_fork+0x42f/0x540
[ 18.371418][ C0] ret_from_fork_asm+0x11/0x20
[ 18.371610][ C0]
[ 18.371706][ C0] Last potentially related work creation:
[ 18.371897][ C0] kasan_save_stack+0x24/0x40
[ 18.372090][ C0] kasan_record_aux_stack+0x8c/0xa0
[ 18.372280][ C0] __call_rcu_common.constprop.0+0xa9/0x950
[ 18.372520][ C0] dst_cache_destroy+0xf7/0x200
[ 18.372713][ C0] vxlan_fdb_free+0x10e/0x1b0 [vxlan]
[ 18.373037][ C0] rcu_do_batch+0x27e/0x1120
[ 18.373229][ C0] rcu_core+0x2bb/0x520
[ 18.373374][ C0] handle_softirqs+0x1c0/0x820
[ 18.373565][ C0] __irq_exit_rcu+0x6c/0xe0
[ 18.373760][ C0] irq_exit_rcu+0xe/0x30
[ 18.373903][ C0] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 18.374100][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 18.374337][ C0]
[ 18.374557][ C0] The buggy address belongs to the object at ffff88800c796340
[ 18.374557][ C0] which belongs to the cache rtable of size 184
[ 18.375032][ C0] The buggy address is located 0 bytes inside of
[ 18.375032][ C0] freed 184-byte region [ffff88800c796340, ffff88800c7963f8)
[ 18.375497][ C0]
[ 18.375592][ C0] The buggy address belongs to the physical page:
[ 18.375825][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88800c7964c0 pfn:0xc796
[ 18.376341][ C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 18.376630][ C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 18.376881][ C0] page_type: f5(slab)
[ 18.377158][ C0] raw: 0080000000000240 ffff888004d33e00 ffff8880025ff708 ffff8880025ff708
[ 18.377504][ C0] raw: ffff88800c7964c0 0000000000150003 00000000f5000000 0000000000000000
[ 18.377849][ C0] head: 0080000000000240 ffff888004d33e00 ffff8880025ff708 ffff8880025ff708
[ 18.378324][ C0] head: ffff88800c7964c0 0000000000150003 00000000f5000000 0000000000000000
[ 18.378662][ C0] head: 0080000000000001 ffffea000031e581 00000000ffffffff 00000000ffffffff
[ 18.379132][ C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 18.379469][ C0] page dumped because: kasan: bad access detected
[ 18.379829][ C0]
[ 18.379924][ C0] Memory state around the buggy address:
[ 18.380111][ C0] ffff88800c796200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 18.380391][ C0] ffff88800c796280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 18.380667][ C0] >ffff88800c796300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 18.380947][ C0] ^
[ 18.381177][ C0] ffff88800c796380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 18.381457][ C0] ffff88800c796400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 18.381736][ C0] ==================================================================
[ 18.382157][ C0] Disabling lock debugging due to kernel taint
[ 18.382406][ C0] Oops: general protection fault, probably for non-canonical address 0xe09a3c3820000008: 0000 [#1] SMP KASAN
[ 18.382813][ C0] KASAN: maybe wild-memory-access in range [0x04d201c100000040-0x04d201c100000047]
[ 18.383238][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.18.0-virtme #1 PREEMPT(full)
[ 18.383603][ C0] Tainted: [B]=BAD_PAGE
[ 18.383743][ C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 18.383973][ C0] RIP: 0010:dst_dev_put+0xa0/0x280
[ 18.384161][ C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 18.385054][ C0] RSP: 0018:ffffc90000007d48 EFLAGS: 00010203
[ 18.385287][ C0] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff9908b428
[ 18.385677][ C0] RDX: 009a403820000008 RSI: 0000000000000008 RDI: 04d201c100000044
[ 18.385949][ C0] RBP: 04d201c10000000c R08: 0000000000000001 R09: fffffbfff386a8c4
[ 18.386221][ C0] R10: ffffffff9c354627 R11: ffffc90000007800 R12: ffff88800c796040
[ 18.386609][ C0] R13: ffff88800c796340 R14: 0000000000000000 R15: ffff88800c796340
[ 18.386886][ C0] FS: 0000000000000000(0000) GS:ffff8880d0d18000(0000) knlGS:0000000000000000
[ 18.387200][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 18.387427][ C0] CR2: 00007f7149722000 CR3: 000000005cb45001 CR4: 0000000000772ef0
[ 18.387700][ C0] PKRU: 55555554
[ 18.387842][ C0] Call Trace:
[ 18.388210][ C0]
[ 18.388304][ C0] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 18.388490][ C0] fib_nh_common_release+0xe6/0x2d0
[ 18.388672][ C0] free_fib_info_rcu+0x14c/0x380
[ 18.388856][ C0] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 18.389082][ C0] rcu_do_batch+0x27e/0x1120
[ 18.389269][ C0] ? trace_rcu_batch_end+0x270/0x270
[ 18.389453][ C0] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 18.389680][ C0] ? lockdep_hardirqs_on+0x7c/0x100
[ 18.389862][ C0] ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 18.390089][ C0] rcu_core+0x2bb/0x520
[ 18.390343][ C0] handle_softirqs+0x1c0/0x820
[ 18.390642][ C0] __irq_exit_rcu+0x6c/0xe0
[ 18.390825][ C0] irq_exit_rcu+0xe/0x30
[ 18.390964][ C0] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 18.391146][ C0]
[ 18.391239][ C0]
[ 18.391331][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 18.391671][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 18.391859][ C0] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 18.392502][ C0] RSP: 0018:ffffffff9ac07de8 EFLAGS: 00000206
[ 18.392730][ C0] RAX: 000000000005b1f3 RBX: 1ffffffff3580fc1 RCX: ffffffff99a0a255
[ 18.393237][ C0] RDX: 0000000000000000 RSI: ffffffff9a3fa925 RDI: ffffffff99e6a600
[ 18.393507][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da0631a
[ 18.393783][ C0] R10: ffff88806d0318d3 R11: ffffffff9ac32e50 R12: 0000000000000000
[ 18.394052][ C0] R13: ffffffff9ac32400 R14: dffffc0000000000 R15: 0000000000014770
[ 18.394327][ C0] ? ct_kernel_exit.constprop.0+0x105/0x150
[ 18.394557][ C0] default_idle+0x9/0x10
[ 18.394692][ C0] default_idle_call+0x6c/0xa0
[ 18.394877][ C0] cpuidle_idle_call+0x23b/0x380
[ 18.395065][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 18.395246][ C0] ? tsc_verify_tsc_adjust+0x94/0x310
[ 18.395429][ C0] do_idle+0xe1/0x140
[ 18.395684][ C0] cpu_startup_entry+0x54/0x60
[ 18.395866][ C0] rest_init+0x14b/0x260
[ 18.396003][ C0] start_kernel+0x348/0x3f0
[ 18.396300][ C0] x86_64_start_reservations+0x18/0x30
[ 18.396486][ C0] x86_64_start_kernel+0xf8/0x150
[ 18.396670][ C0] common_startup_64+0x13e/0x148
[ 18.396855][ C0]
[ 18.396990][ C0] Modules linked in: act_gact cls_flower sch_ingress vxlan
[ 18.397506][ C0] ---[ end trace 0000000000000000 ]---
[ 18.397689][ C0] RIP: 0010:dst_dev_put+0xa0/0x280
[ 18.397878][ C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 18.398522][ C0] RSP: 0018:ffffc90000007d48 EFLAGS: 00010203
[ 18.398754][ C0] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff9908b428
[ 18.399024][ C0] RDX: 009a403820000008 RSI: 0000000000000008 RDI: 04d201c100000044
[ 18.399302][ C0] RBP: 04d201c10000000c R08: 0000000000000001 R09: fffffbfff386a8c4
[ 18.399687][ C0] R10: ffffffff9c354627 R11: ffffc90000007800 R12: ffff88800c796040
[ 18.400073][ C0] R13: ffff88800c796340 R14: 0000000000000000 R15: ffff88800c796340
[ 18.400347][ C0] FS: 0000000000000000(0000) GS:ffff8880d0d18000(0000) knlGS:0000000000000000
[ 18.400663][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 18.400891][ C0] CR2: 00007f7149722000 CR3: 000000005cb45001 CR4: 0000000000772ef0
[ 18.401274][ C0] PKRU: 55555554
[ 18.401423][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 18.401777][ C0] Kernel Offset: 0x16000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 18.402321][ C0] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr