[ 2840.045935][T23686] GACT probability NOT on
[ 2843.093302][    C3] ==================================================================
[ 2843.093709][    C3] BUG: KASAN: slab-use-after-free in dst_dev_put+0x214/0x280
[ 2843.094000][    C3] Read of size 8 at addr ffff888015cc2640 by task swapper/3/0
[ 2843.094279][    C3] 
[ 2843.094389][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.18.0-virtme #1 PREEMPT(full) 
[ 2843.094394][    C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2843.094396][    C3] Call Trace:
[ 2843.094398][    C3]  <IRQ>
[ 2843.094401][    C3]  dump_stack_lvl+0x82/0xc0
[ 2843.094410][    C3]  print_address_description.constprop.0+0x2c/0x3a0
[ 2843.094419][    C3]  ? dst_dev_put+0x214/0x280
[ 2843.094422][    C3]  print_report+0xb4/0x270
[ 2843.094426][    C3]  ? dst_dev_put+0x214/0x280
[ 2843.094429][    C3]  ? kasan_addr_to_slab+0x1d/0x50
[ 2843.094433][    C3]  ? dst_dev_put+0x214/0x280
[ 2843.094436][    C3]  kasan_report+0xca/0x100
[ 2843.094440][    C3]  ? dst_dev_put+0x214/0x280
[ 2843.094445][    C3]  dst_dev_put+0x214/0x280
[ 2843.094449][    C3]  rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 2843.094456][    C3]  fib_nh_common_release+0xe6/0x2d0
[ 2843.094460][    C3]  free_fib_info_rcu+0x14c/0x380
[ 2843.094464][    C3]  ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 2843.094468][    C3]  rcu_do_batch+0x27e/0x1120
[ 2843.094475][    C3]  ? trace_rcu_batch_end+0x270/0x270
[ 2843.094478][    C3]  ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 2843.094485][    C3]  ? lockdep_hardirqs_on+0x7c/0x100
[ 2843.094492][    C3]  ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 2843.094497][    C3]  rcu_core+0x2bb/0x520
[ 2843.094501][    C3]  handle_softirqs+0x1c0/0x820
[ 2843.094510][    C3]  __irq_exit_rcu+0x6c/0xe0
[ 2843.094512][    C3]  irq_exit_rcu+0xe/0x30
[ 2843.094515][    C3]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 2843.094519][    C3]  </IRQ>
[ 2843.094520][    C3]  <TASK>
[ 2843.094522][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2843.094526][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2843.094531][    C3] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 <c3> 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 2843.094534][    C3] RSP: 0018:ffffc90000157dd8 EFLAGS: 00000206
[ 2843.094538][    C3] RAX: 0000000003d79cbd RBX: 1ffff9200002afbf RCX: ffffffffa900a255
[ 2843.094540][    C3] RDX: 0000000000000000 RSI: ffffffffa99fa925 RDI: ffffffffa946a600
[ 2843.094542][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da3631a
[ 2843.094544][    C3] R10: ffff88806d1b18d3 R11: ffff888001ae5090 R12: 0000000000000000
[ 2843.094545][    C3] R13: ffff888001ae4640 R14: dffffc0000000000 R15: 0000000000000000
[ 2843.094549][    C3]  ? ct_kernel_exit.constprop.0+0x105/0x150
[ 2843.094554][    C3]  default_idle+0x9/0x10
[ 2843.094557][    C3]  default_idle_call+0x6c/0xa0
[ 2843.094559][    C3]  cpuidle_idle_call+0x23b/0x380
[ 2843.094564][    C3]  ? arch_cpu_idle_exit+0x40/0x40
[ 2843.094567][    C3]  ? trace_irq_enable.constprop.0+0x2f/0x110
[ 2843.094573][    C3]  ? tsc_verify_tsc_adjust+0x94/0x310
[ 2843.094580][    C3]  do_idle+0xe1/0x140
[ 2843.094583][    C3]  cpu_startup_entry+0x54/0x60
[ 2843.094586][    C3]  start_secondary+0x1fd/0x290
[ 2843.094589][    C3]  ? set_cpu_sibling_map+0x1e10/0x1e10
[ 2843.094594][    C3]  common_startup_64+0x13e/0x148
[ 2843.094605][    C3]  </TASK>
[ 2843.094606][    C3] 
[ 2843.105196][    C3] Allocated by task 23718:
[ 2843.105387][    C3]  kasan_save_stack+0x24/0x40
[ 2843.105584][    C3]  kasan_save_track+0x14/0x30
[ 2843.105773][    C3]  __kasan_slab_alloc+0x55/0x60
[ 2843.105963][    C3]  kmem_cache_alloc_noprof+0x291/0x6d0
[ 2843.106164][    C3]  dst_alloc+0x7a/0x140
[ 2843.106310][    C3]  rt_dst_alloc+0x31/0x3a0
[ 2843.106505][    C3]  __mkroute_output+0x425/0x11a0
[ 2843.106703][    C3]  ip_route_output_key_hash+0xfa/0x220
[ 2843.106898][    C3]  ip_route_output_flow+0x23/0x140
[ 2843.107090][    C3]  udp_tunnel_dst_lookup+0x227/0x3a0
[ 2843.107279][    C3]  vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 2843.107484][    C3]  vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 2843.107684][    C3]  dev_hard_start_xmit+0x132/0x530
[ 2843.107873][    C3]  __dev_queue_xmit+0x1406/0x1af0
[ 2843.108060][    C3]  packet_snd+0xd0f/0x1a70
[ 2843.108247][    C3]  __sys_sendto+0x24b/0x380
[ 2843.108435][    C3]  __x64_sys_sendto+0xe0/0x1b0
[ 2843.108623][    C3]  do_syscall_64+0xc1/0xfc0
[ 2843.108814][    C3]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2843.109051][    C3] 
[ 2843.109151][    C3] Freed by task 0:
[ 2843.109296][    C3]  kasan_save_stack+0x24/0x40
[ 2843.109488][    C3]  kasan_save_track+0x14/0x30
[ 2843.109678][    C3]  __kasan_save_free_info+0x3b/0x60
[ 2843.109868][    C3]  __kasan_slab_free+0x3f/0x60
[ 2843.110059][    C3]  kmem_cache_free+0x2e4/0x690
[ 2843.110242][    C3]  dst_destroy+0x230/0x350
[ 2843.110430][    C3]  rcu_do_batch+0x27e/0x1120
[ 2843.110627][    C3]  rcu_core+0x2bb/0x520
[ 2843.110771][    C3]  handle_softirqs+0x1c0/0x820
[ 2843.110963][    C3]  __irq_exit_rcu+0x6c/0xe0
[ 2843.111158][    C3]  irq_exit_rcu+0xe/0x30
[ 2843.111301][    C3]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 2843.111495][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2843.111734][    C3] 
[ 2843.111831][    C3] Last potentially related work creation:
[ 2843.112029][    C3]  kasan_save_stack+0x24/0x40
[ 2843.112226][    C3]  kasan_record_aux_stack+0x8c/0xa0
[ 2843.112420][    C3]  __call_rcu_common.constprop.0+0xa9/0x950
[ 2843.112659][    C3]  dst_cache_destroy+0xf7/0x200
[ 2843.112853][    C3]  vxlan_fdb_free+0x10e/0x1b0 [vxlan]
[ 2843.113055][    C3]  rcu_do_batch+0x27e/0x1120
[ 2843.113246][    C3]  rcu_core+0x2bb/0x520
[ 2843.113396][    C3]  handle_softirqs+0x1c0/0x820
[ 2843.113588][    C3]  __irq_exit_rcu+0x6c/0xe0
[ 2843.113778][    C3]  irq_exit_rcu+0xe/0x30
[ 2843.113924][    C3]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 2843.114115][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2843.114350][    C3] 
[ 2843.114448][    C3] The buggy address belongs to the object at ffff888015cc2640
[ 2843.114448][    C3]  which belongs to the cache rtable of size 184
[ 2843.114913][    C3] The buggy address is located 0 bytes inside of
[ 2843.114913][    C3]  freed 184-byte region [ffff888015cc2640, ffff888015cc26f8)
[ 2843.115373][    C3] 
[ 2843.115467][    C3] The buggy address belongs to the physical page:
[ 2843.115699][    C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888015cc2040 pfn:0x15cc2
[ 2843.116081][    C3] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2843.116484][    C3] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 2843.116729][    C3] page_type: f5(slab)
[ 2843.116880][    C3] raw: 0080000000000240 ffff888002a59e00 ffffea00004e9c90 ffff88800266d708
[ 2843.117332][    C3] raw: ffff888015cc2040 0000000000150003 00000000f5000000 0000000000000000
[ 2843.117665][    C3] head: 0080000000000240 ffff888002a59e00 ffffea00004e9c90 ffff88800266d708
[ 2843.118001][    C3] head: ffff888015cc2040 0000000000150003 00000000f5000000 0000000000000000
[ 2843.118340][    C3] head: 0080000000000001 ffffea0000573081 00000000ffffffff 00000000ffffffff
[ 2843.118671][    C3] head: ffff888009df3040 0000000000000000 00000000ffffffff 0000000000000000
[ 2843.119117][    C3] page dumped because: kasan: bad access detected
[ 2843.119352][    C3] 
[ 2843.119450][    C3] Memory state around the buggy address:
[ 2843.119740][    C3]  ffff888015cc2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2843.120014][    C3]  ffff888015cc2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2843.120291][    C3] >ffff888015cc2600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2843.120675][    C3]                                            ^
[ 2843.120906][    C3]  ffff888015cc2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2843.121182][    C3]  ffff888015cc2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2843.121563][    C3] ==================================================================
[ 2843.121848][    C3] Disabling lock debugging due to kernel taint
[ 2843.122095][    C3] Oops: general protection fault, probably for non-canonical address 0xe0273c3740000007: 0000 [#1] SMP KASAN
[ 2843.122606][    C3] KASAN: maybe wild-memory-access in range [0x013a01ba00000038-0x013a01ba0000003f]
[ 2843.122917][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G    B               6.18.0-virtme #1 PREEMPT(full) 
[ 2843.123286][    C3] Tainted: [B]=BAD_PAGE
[ 2843.123426][    C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2843.123660][    C3] RIP: 0010:dst_dev_put+0xa0/0x280
[ 2843.123956][    C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 2843.124703][    C3] RSP: 0018:ffffc90000270d48 EFLAGS: 00010202
[ 2843.124940][    C3] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffa868b398
[ 2843.125214][    C3] RDX: 0027403740000007 RSI: 0000000000000008 RDI: 013a01ba00000038
[ 2843.125591][    C3] RBP: 013a01ba00000000 R08: 0000000000000001 R09: fffffbfff572a8c4
[ 2843.125861][    C3] R10: ffffffffab954627 R11: ffffc90000270800 R12: ffff888015cc3e40
[ 2843.126137][    C3] R13: ffff888015cc2640 R14: 0000000000000000 R15: ffff888015cc2640
[ 2843.126520][    C3] FS:  0000000000000000(0000) GS:ffff8880c1898000(0000) knlGS:0000000000000000
[ 2843.126845][    C3] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2843.127074][    C3] CR2: 00007fd4c8053600 CR3: 0000000066545002 CR4: 0000000000772ef0
[ 2843.127457][    C3] PKRU: 55555554
[ 2843.127601][    C3] Call Trace:
[ 2843.127844][    C3]  <IRQ>
[ 2843.127940][    C3]  rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 2843.128238][    C3]  fib_nh_common_release+0xe6/0x2d0
[ 2843.128422][    C3]  free_fib_info_rcu+0x14c/0x380
[ 2843.128605][    C3]  ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 2843.128836][    C3]  rcu_do_batch+0x27e/0x1120
[ 2843.129226][    C3]  ? trace_rcu_batch_end+0x270/0x270
[ 2843.129416][    C3]  ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 2843.129647][    C3]  ? lockdep_hardirqs_on+0x7c/0x100
[ 2843.129832][    C3]  ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 2843.130166][    C3]  rcu_core+0x2bb/0x520
[ 2843.130405][    C3]  handle_softirqs+0x1c0/0x820
[ 2843.130590][    C3]  __irq_exit_rcu+0x6c/0xe0
[ 2843.130775][    C3]  irq_exit_rcu+0xe/0x30
[ 2843.131019][    C3]  sysvec_apic_timer_interrupt+0xa8/0xc0
[ 2843.131203][    C3]  </IRQ>
[ 2843.131300][    C3]  <TASK>
[ 2843.131394][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2843.131720][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2843.131911][    C3] Code: 48 8b 3d 34 31 90 02 e8 1f 00 00 00 48 2b 05 28 07 a9 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d d3 d6 28 00 fb f4 <c3> 0f 1f 40 d6 41 54 55 53 48 89 fb 48 83 ec 10 8b 17 83 e2 fe 41
[ 2843.132675][    C3] RSP: 0018:ffffc90000157dd8 EFLAGS: 00000206
[ 2843.132911][    C3] RAX: 0000000003d79cbd RBX: 1ffff9200002afbf RCX: ffffffffa900a255
[ 2843.133186][    C3] RDX: 0000000000000000 RSI: ffffffffa99fa925 RDI: ffffffffa946a600
[ 2843.133568][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100da3631a
[ 2843.133848][    C3] R10: ffff88806d1b18d3 R11: ffff888001ae5090 R12: 0000000000000000
[ 2843.134121][    C3] R13: ffff888001ae4640 R14: dffffc0000000000 R15: 0000000000000000
[ 2843.134404][    C3]  ? ct_kernel_exit.constprop.0+0x105/0x150
[ 2843.134638][    C3]  default_idle+0x9/0x10
[ 2843.134776][    C3]  default_idle_call+0x6c/0xa0
[ 2843.134966][    C3]  cpuidle_idle_call+0x23b/0x380
[ 2843.135149][    C3]  ? arch_cpu_idle_exit+0x40/0x40
[ 2843.135433][    C3]  ? trace_irq_enable.constprop.0+0x2f/0x110
[ 2843.135661][    C3]  ? tsc_verify_tsc_adjust+0x94/0x310
[ 2843.135947][    C3]  do_idle+0xe1/0x140
[ 2843.136088][    C3]  cpu_startup_entry+0x54/0x60
[ 2843.136281][    C3]  start_secondary+0x1fd/0x290
[ 2843.136465][    C3]  ? set_cpu_sibling_map+0x1e10/0x1e10
[ 2843.136758][    C3]  common_startup_64+0x13e/0x148
[ 2843.136948][    C3]  </TASK>
[ 2843.137081][    C3] Modules linked in: act_gact cls_bpf sch_ingress netdevsim xfrm_user openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh geneve vxlan act_csum act_pedit cls_flower sch_prio
[ 2843.137868][    C3] ---[ end trace 0000000000000000 ]---
[ 2843.138071][    C3] RIP: 0010:dst_dev_put+0xa0/0x280
[ 2843.138261][    C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 2843.139019][    C3] RSP: 0018:ffffc90000270d48 EFLAGS: 00010202
[ 2843.139453][    C3] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffffa868b398
[ 2843.139730][    C3] RDX: 0027403740000007 RSI: 0000000000000008 RDI: 013a01ba00000038
[ 2843.140003][    C3] RBP: 013a01ba00000000 R08: 0000000000000001 R09: fffffbfff572a8c4
[ 2843.140273][    C3] R10: ffffffffab954627 R11: ffffc90000270800 R12: ffff888015cc3e40
[ 2843.140549][    C3] R13: ffff888015cc2640 R14: 0000000000000000 R15: ffff888015cc2640
[ 2843.140824][    C3] FS:  0000000000000000(0000) GS:ffff8880c1898000(0000) knlGS:0000000000000000
[ 2843.141356][    C3] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2843.141593][    C3] CR2: 00007fd4c8053600 CR3: 0000000066545002 CR4: 0000000000772ef0
[ 2843.141868][    C3] PKRU: 55555554
[ 2843.142014][    C3] Kernel panic - not syncing: Fatal exception in interrupt
[ 2843.142366][    C3] Kernel Offset: 0x25600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2843.142895][    C3] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr