[ 4140.233521][ T8474] GACT probability NOT on
[ 4143.488657][ C1] ==================================================================
[ 4143.488941][ C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x214/0x280
[ 4143.489192][ C1] Read of size 8 at addr ffff888011740c40 by task ksoftirqd/1/22
[ 4143.489436][ C1]
[ 4143.489521][ C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted 6.18.0-virtme #1 PREEMPT(full)
[ 4143.489526][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4143.489529][ C1] Call Trace:
[ 4143.489532][ C1]
[ 4143.489534][ C1] dump_stack_lvl+0x82/0xc0
[ 4143.489542][ C1] print_address_description.constprop.0+0x2c/0x3a0
[ 4143.489550][ C1] ? dst_dev_put+0x214/0x280
[ 4143.489554][ C1] print_report+0xb4/0x270
[ 4143.489557][ C1] ? dst_dev_put+0x214/0x280
[ 4143.489560][ C1] ? kasan_addr_to_slab+0x1d/0x50
[ 4143.489564][ C1] ? dst_dev_put+0x214/0x280
[ 4143.489567][ C1] kasan_report+0xca/0x100
[ 4143.489571][ C1] ? dst_dev_put+0x214/0x280
[ 4143.489576][ C1] dst_dev_put+0x214/0x280
[ 4143.489580][ C1] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4143.489587][ C1] fib_nh_common_release+0xe6/0x2d0
[ 4143.489591][ C1] free_fib_info_rcu+0x14c/0x380
[ 4143.489595][ C1] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4143.489599][ C1] rcu_do_batch+0x27e/0x1120
[ 4143.489605][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 4143.489609][ C1] ? __lock_release+0x5d/0x160
[ 4143.489614][ C1] ? rcu_is_watching+0x12/0xb0
[ 4143.489619][ C1] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4143.489627][ C1] rcu_core+0x2bb/0x520
[ 4143.489632][ C1] handle_softirqs+0x1c0/0x820
[ 4143.489639][ C1] ? __irq_exit_rcu+0xe0/0xe0
[ 4143.489643][ C1] run_ksoftirqd+0x3b/0x60
[ 4143.489646][ C1] smpboot_thread_fn+0x304/0x950
[ 4143.489652][ C1] ? sort_range+0x20/0x20
[ 4143.489656][ C1] kthread+0x37b/0x5f0
[ 4143.489662][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.489665][ C1] ? ret_from_fork+0x71/0x540
[ 4143.489677][ C1] ? __lock_release+0x5d/0x160
[ 4143.489680][ C1] ? lock_acquire+0x104/0x140
[ 4143.489683][ C1] ? rcu_is_watching+0x12/0xb0
[ 4143.489686][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.489691][ C1] ret_from_fork+0x42f/0x540
[ 4143.489694][ C1] ? arch_exit_to_user_mode_prepare.constprop.0+0x140/0x140
[ 4143.489698][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.489701][ C1] ? __switch_to+0x5c8/0xd50
[ 4143.489707][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.489711][ C1] ret_from_fork_asm+0x11/0x20
[ 4143.489722][ C1]
[ 4143.489724][ C1]
[ 4143.496533][ C1] Allocated by task 8484:
[ 4143.496653][ C1] kasan_save_stack+0x24/0x40
[ 4143.496814][ C1] kasan_save_track+0x14/0x30
[ 4143.496978][ C1] __kasan_slab_alloc+0x55/0x60
[ 4143.497136][ C1] kmem_cache_alloc_noprof+0x291/0x6d0
[ 4143.497297][ C1] dst_alloc+0x7a/0x140
[ 4143.497430][ C1] rt_dst_alloc+0x31/0x3a0
[ 4143.497592][ C1] __mkroute_output+0x425/0x11a0
[ 4143.497752][ C1] ip_route_output_key_hash+0xfa/0x220
[ 4143.497910][ C1] ip_route_output_flow+0x23/0x140
[ 4143.498069][ C1] udp_tunnel_dst_lookup+0x227/0x3a0
[ 4143.498228][ C1] vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 4143.498400][ C1] vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 4143.498572][ C1] dev_hard_start_xmit+0x132/0x530
[ 4143.498732][ C1] __dev_queue_xmit+0x1406/0x1af0
[ 4143.498888][ C1] packet_snd+0xd0f/0x1a70
[ 4143.499048][ C1] __sys_sendto+0x24b/0x380
[ 4143.499209][ C1] __x64_sys_sendto+0xe0/0x1b0
[ 4143.499366][ C1] do_syscall_64+0xc1/0xfc0
[ 4143.499525][ C1] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 4143.499729][ C1]
[ 4143.499816][ C1] Freed by task 22:
[ 4143.499937][ C1] kasan_save_stack+0x24/0x40
[ 4143.500099][ C1] kasan_save_track+0x14/0x30
[ 4143.500260][ C1] __kasan_save_free_info+0x3b/0x60
[ 4143.500417][ C1] __kasan_slab_free+0x3f/0x60
[ 4143.500577][ C1] kmem_cache_free+0x2e4/0x690
[ 4143.500737][ C1] dst_destroy+0x230/0x350
[ 4143.500899][ C1] rcu_do_batch+0x27e/0x1120
[ 4143.501061][ C1] rcu_core+0x2bb/0x520
[ 4143.501183][ C1] handle_softirqs+0x1c0/0x820
[ 4143.501341][ C1] run_ksoftirqd+0x3b/0x60
[ 4143.501500][ C1] smpboot_thread_fn+0x304/0x950
[ 4143.501659][ C1] kthread+0x37b/0x5f0
[ 4143.501780][ C1] ret_from_fork+0x42f/0x540
[ 4143.501938][ C1] ret_from_fork_asm+0x11/0x20
[ 4143.502100][ C1]
[ 4143.502183][ C1] Last potentially related work creation:
[ 4143.502350][ C1] kasan_save_stack+0x24/0x40
[ 4143.502514][ C1] kasan_record_aux_stack+0x8c/0xa0
[ 4143.502672][ C1] __call_rcu_common.constprop.0+0xa9/0x950
[ 4143.502874][ C1] dst_cache_destroy+0xf7/0x200
[ 4143.503034][ C1] vxlan_fdb_free+0x10e/0x1b0 [vxlan]
[ 4143.503203][ C1] rcu_do_batch+0x27e/0x1120
[ 4143.503360][ C1] rcu_core+0x2bb/0x520
[ 4143.503487][ C1] handle_softirqs+0x1c0/0x820
[ 4143.503647][ C1] __irq_exit_rcu+0x6c/0xe0
[ 4143.503807][ C1] irq_exit_rcu+0xe/0x30
[ 4143.503928][ C1] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4143.504092][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4143.504290][ C1]
[ 4143.504374][ C1] The buggy address belongs to the object at ffff888011740c40
[ 4143.504374][ C1] which belongs to the cache rtable of size 184
[ 4143.504765][ C1] The buggy address is located 0 bytes inside of
[ 4143.504765][ C1] freed 184-byte region [ffff888011740c40, ffff888011740cf8)
[ 4143.505151][ C1]
[ 4143.505232][ C1] The buggy address belongs to the physical page:
[ 4143.505430][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011740f40 pfn:0x11740
[ 4143.505767][ C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 4143.506009][ C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 4143.506214][ C1] page_type: f5(slab)
[ 4143.506341][ C1] raw: 0080000000000240 ffff8880048dde00 ffffea0000383010 ffff888002627708
[ 4143.506632][ C1] raw: ffff888011740f40 0000000000150003 00000000f5000000 0000000000000000
[ 4143.506920][ C1] head: 0080000000000240 ffff8880048dde00 ffffea0000383010 ffff888002627708
[ 4143.507207][ C1] head: ffff888011740f40 0000000000150003 00000000f5000000 0000000000000000
[ 4143.507489][ C1] head: 0080000000000001 ffffea000045d001 00000000ffffffff 00000000ffffffff
[ 4143.507771][ C1] head: ffff888000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 4143.508057][ C1] page dumped because: kasan: bad access detected
[ 4143.508259][ C1]
[ 4143.508338][ C1] Memory state around the buggy address:
[ 4143.508494][ C1] ffff888011740b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4143.508727][ C1] ffff888011740b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4143.508962][ C1] >ffff888011740c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 4143.509194][ C1] ^
[ 4143.509385][ C1] ffff888011740c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4143.509616][ C1] ffff888011740d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4143.509854][ C1] ==================================================================
[ 4143.510138][ C1] Disabling lock debugging due to kernel taint
[ 4143.510347][ C1] Oops: general protection fault, probably for non-canonical address 0xe0ca3c3800000009: 0000 [#1] SMP KASAN
[ 4143.510681][ C1] KASAN: maybe wild-memory-access in range [0x065201c000000048-0x065201c00000004f]
[ 4143.510935][ C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G B 6.18.0-virtme #1 PREEMPT(full)
[ 4143.511254][ C1] Tainted: [B]=BAD_PAGE
[ 4143.511371][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4143.511563][ C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4143.511726][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4143.512269][ C1] RSP: 0000:ffffc90000197b18 EFLAGS: 00010207
[ 4143.512464][ C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffb7e8b428
[ 4143.512690][ C1] RDX: 00ca403800000009 RSI: 0000000000000008 RDI: 065201c00000004e
[ 4143.512919][ C1] RBP: 065201c000000016 R08: 0000000000000001 R09: fffffbfff762a8c4
[ 4143.513151][ C1] R10: ffffffffbb154627 R11: ffffc90000197600 R12: ffff8880117401c0
[ 4143.513380][ C1] R13: ffff888011740c40 R14: 0000000000000000 R15: ffff888011740c40
[ 4143.513608][ C1] FS: 0000000000000000(0000) GS:ffff8880b1f98000(0000) knlGS:0000000000000000
[ 4143.513870][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4143.514067][ C1] CR2: 00007fdf33a0b5f4 CR3: 0000000027145006 CR4: 0000000000772ef0
[ 4143.514293][ C1] PKRU: 55555554
[ 4143.514410][ C1] Call Trace:
[ 4143.514524][ C1]
[ 4143.514604][ C1] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4143.514762][ C1] fib_nh_common_release+0xe6/0x2d0
[ 4143.514913][ C1] free_fib_info_rcu+0x14c/0x380
[ 4143.515066][ C1] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4143.515258][ C1] rcu_do_batch+0x27e/0x1120
[ 4143.515410][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 4143.515559][ C1] ? __lock_release+0x5d/0x160
[ 4143.515710][ C1] ? rcu_is_watching+0x12/0xb0
[ 4143.515863][ C1] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4143.516052][ C1] rcu_core+0x2bb/0x520
[ 4143.516172][ C1] handle_softirqs+0x1c0/0x820
[ 4143.516323][ C1] ? __irq_exit_rcu+0xe0/0xe0
[ 4143.516475][ C1] run_ksoftirqd+0x3b/0x60
[ 4143.516623][ C1] smpboot_thread_fn+0x304/0x950
[ 4143.516775][ C1] ? sort_range+0x20/0x20
[ 4143.516890][ C1] kthread+0x37b/0x5f0
[ 4143.517005][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.517154][ C1] ? ret_from_fork+0x71/0x540
[ 4143.517304][ C1] ? __lock_release+0x5d/0x160
[ 4143.517458][ C1] ? lock_acquire+0x104/0x140
[ 4143.517607][ C1] ? rcu_is_watching+0x12/0xb0
[ 4143.517760][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.517908][ C1] ret_from_fork+0x42f/0x540
[ 4143.518059][ C1] ? arch_exit_to_user_mode_prepare.constprop.0+0x140/0x140
[ 4143.518280][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.518430][ C1] ? __switch_to+0x5c8/0xd50
[ 4143.518593][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4143.518744][ C1] ret_from_fork_asm+0x11/0x20
[ 4143.518901][ C1]
[ 4143.519015][ C1] Modules linked in: act_gact ip6t_rpfilter nft_compat nf_tables pktgen bonding macsec cls_u32 sch_htb ip6_gre ip_gre gre cls_bpf sch_ingress netdevsim xfrm_user openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh geneve vxlan act_csum act_pedit cls_flower sch_prio
[ 4143.519804][ C1] ---[ end trace 0000000000000000 ]---
[ 4143.519959][ C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4143.520116][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4143.520649][ C1] RSP: 0000:ffffc90000197b18 EFLAGS: 00010207
[ 4143.520847][ C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffb7e8b428
[ 4143.521071][ C1] RDX: 00ca403800000009 RSI: 0000000000000008 RDI: 065201c00000004e
[ 4143.521294][ C1] RBP: 065201c000000016 R08: 0000000000000001 R09: fffffbfff762a8c4
[ 4143.521525][ C1] R10: ffffffffbb154627 R11: ffffc90000197600 R12: ffff8880117401c0
[ 4143.521752][ C1] R13: ffff888011740c40 R14: 0000000000000000 R15: ffff888011740c40
[ 4143.521973][ C1] FS: 0000000000000000(0000) GS:ffff8880b1f98000(0000) knlGS:0000000000000000
[ 4143.522235][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4143.522432][ C1] CR2: 00007fdf33a0b5f4 CR3: 0000000027145006 CR4: 0000000000772ef0
[ 4143.522664][ C1] PKRU: 55555554
[ 4143.522779][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 4143.523168][ C1] Kernel Offset: 0x34e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4143.523527][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr