[ 4495.523579][T31101] ------------[ cut here ]------------
[ 4495.524127][T31101] rcuref - imbalanced put()
[ 4495.524130][T31101] WARNING: lib/rcuref.c:266 at 0x0, CPU#2: mausezahn/31101
[ 4495.524945][T31101] Modules linked in: sctp sch_fq cls_matchall xt_conntrack nf_conntrack nf_defrag_ipv4 nft_compat nf_tables nf_defrag_ipv6 cls_bpf act_mirred cls_u32 ifb unix_diag geneve ip6_gre ip_gre gre chacha libchacha chacha20poly1305 libpoly1305 tls act_gact cls_flower sch_ingress vxlan [last unloaded: psample]
[ 4495.526725][T31101] CPU: 2 UID: 0 PID: 31101 Comm: mausezahn Not tainted 6.18.0-virtme #1 PREEMPT(full)
[ 4495.527297][T31101] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4495.527706][T31101] RIP: 0010:rcuref_put_slowpath+0x135/0x190
[ 4495.528123][T31101] Code: 07 83 c0 03 38 d0 7c 04 84 d2 75 69 c7 03 00 00 00 a0 31 c0 eb 8b 4c 89 ef e8 47 03 a0 ff e9 6c ff ff ff 48 8d 3d 0b 05 3d 03 <67> 48 0f b9 3a be 04 00 00 00 48 89 df e8 49 0a a0 ff 48 89 d8 48
[ 4495.529756][T31101] RSP: 0018:ffffc90001e8f240 EFLAGS: 00010206
[ 4495.530221][T31101] RAX: 0000000000000000 RBX: ffff88800ea41a00 RCX: ffffffff83a8bb71
[ 4495.530707][T31101] RDX: ffffed1001d48341 RSI: 00000000dfffffff RDI: ffffffff862bbf20
[ 4495.531201][T31101] RBP: 1ffff920003d1e48 R08: 0000000000000001 R09: ffffed1001d48340
[ 4495.531680][T31101] R10: ffff88800ea41a03 R11: ffff88800affd090 R12: dffffc0000000000
[ 4495.532159][T31101] R13: ffff88800ea41100 R14: ffff88800c4c0a80 R15: 0000000000000000
[ 4495.532647][T31101] FS: 00007f7fad872740(0000) GS:ffff8880e6418000(0000) knlGS:0000000000000000
[ 4495.533217][T31101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4495.533622][T31101] CR2: 00007f7fad9c90b0 CR3: 0000000012f57006 CR4: 0000000000772ef0
[ 4495.534101][T31101] PKRU: 55555554
[ 4495.534361][T31101] Call Trace:
[ 4495.534612][T31101]
[ 4495.534793][T31101] ? rcuref_get_slowpath+0x110/0x110
[ 4495.535130][T31101] dst_release+0x1bd/0x230
[ 4495.535476][T31101] rt_cache_route+0x101/0x150
[ 4495.535806][T31101] rt_set_nexthop.constprop.0+0x283/0xe90
[ 4495.536138][T31101] __mkroute_output+0x4cd/0x11a0
[ 4495.536481][T31101] ip_route_output_key_hash+0xfa/0x220
[ 4495.536806][T31101] ? ip_route_output_key_hash_rcu+0xe80/0xe80
[ 4495.537214][T31101] ? mark_held_locks+0x49/0x70
[ 4495.537542][T31101] ? dst_cache_get_ip4+0x2e3/0x700
[ 4495.537873][T31101] ? __lock_release+0x5d/0x160
[ 4495.538214][T31101] ip_route_output_flow+0x23/0x140
[ 4495.538542][T31101] udp_tunnel_dst_lookup+0x227/0x3a0
[ 4495.538872][T31101] ? udp_tunnel_drop_rx_port+0x200/0x200
[ 4495.539213][T31101] ? rcu_is_watching+0x12/0xb0
[ 4495.539542][T31101] vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 4495.539877][T31101] ? __skb_flow_dissect+0x35c/0x6100
[ 4495.540250][T31101] ? __skb_flow_dissect+0x311/0x6100
[ 4495.540594][T31101] ? vxlan_fdb_delete+0x220/0x220 [vxlan]
[ 4495.540931][T31101] ? vxlan_find_mac_rcu+0x37f/0x6b0 [vxlan]
[ 4495.541355][T31101] ? vxlan_remcsum+0x870/0x870 [vxlan]
[ 4495.541698][T31101] ? vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 4495.542035][T31101] vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 4495.542390][T31101] ? vxlan_xmit_nhid+0x8d0/0x8d0 [vxlan]
[ 4495.542724][T31101] ? dev_queue_xmit_nit+0x6a0/0xa70
[ 4495.543051][T31101] ? __lock_release+0x5d/0x160
[ 4495.543388][T31101] ? dev_queue_xmit_nit+0x6a0/0xa70
[ 4495.543715][T31101] ? dev_queue_xmit_nit+0x6a5/0xa70
[ 4495.544049][T31101] dev_hard_start_xmit+0x132/0x530
[ 4495.544391][T31101] __dev_queue_xmit+0x1406/0x1af0
[ 4495.544724][T31101] ? _copy_from_iter+0x1c5/0x1260
[ 4495.545059][T31101] ? netdev_core_pick_tx+0x2f0/0x2f0
[ 4495.545393][T31101] ? packet_parse_headers+0x140/0x9c0
[ 4495.545724][T31101] ? sock_wmalloc+0xf0/0xf0
[ 4495.546051][T31101] ? packet_cached_dev_get+0x210/0x210
[ 4495.546387][T31101] ? skb_copy_datagram_from_iter+0xe6/0x6e0
[ 4495.546796][T31101] packet_snd+0xd0f/0x1a70
[ 4495.547136][T31101] ? tpacket_snd+0x1b30/0x1b30
[ 4495.547471][T31101] ? find_held_lock+0x2b/0x80
[ 4495.547806][T31101] ? __might_fault+0x117/0x170
[ 4495.548138][T31101] __sys_sendto+0x24b/0x380
[ 4495.548477][T31101] ? __ia32_sys_getpeername+0xb0/0xb0
[ 4495.548811][T31101] ? sock_ioctl+0x3ad/0x580
[ 4495.549136][T31101] ? _copy_to_user+0x5c/0x70
[ 4495.549474][T31101] ? ns_to_timespec64+0x80/0x80
[ 4495.549804][T31101] ? posix_cpu_clock_get+0xb3/0x240
[ 4495.550188][T31101] ? posix_cpu_clock_get+0xe1/0x240
[ 4495.550528][T31101] ? __x64_sys_clock_gettime+0x16a/0x1f0
[ 4495.550862][T31101] __x64_sys_sendto+0xe0/0x1b0
[ 4495.551201][T31101] ? do_syscall_64+0x85/0xfc0
[ 4495.551531][T31101] ? lockdep_hardirqs_on+0x7c/0x100
[ 4495.551856][T31101] do_syscall_64+0xc1/0xfc0
[ 4495.552199][T31101] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 4495.552600][T31101] RIP: 0033:0x7f7fada8e27a
[ 4495.552943][T31101] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 4495.554062][T31101] RSP: 002b:00007ffda87c3ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 4495.554555][T31101] RAX: ffffffffffffffda RBX: 000000002fb429d0 RCX: 00007f7fada8e27a
[ 4495.555036][T31101] RDX: 0000000000000064 RSI: 000000002fb425c2 RDI: 0000000000000005
[ 4495.555521][T31101] RBP: 000000002fb425c2 R08: 00007ffda87c3bb0 R09: 0000000000000014
[ 4495.555998][T31101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 4495.556490][T31101] R13: 0000000000000064 R14: 00007ffda87c3bb0 R15: 0000000000000000
[ 4495.556980][T31101]
[ 4495.557241][T31101] irq event stamp: 100168
[ 4495.557493][T31101] hardirqs last enabled at (100178): [] __up_console_sem+0x67/0x70
[ 4495.558043][T31101] hardirqs last disabled at (100187): [] __up_console_sem+0x4c/0x70
[ 4495.558606][T31101] softirqs last enabled at (99070): [] __alloc_skb+0x2b2/0x350
[ 4495.559153][T31101] softirqs last disabled at (99084): [] __dev_queue_xmit+0x1f4/0x1af0
[ 4495.559711][T31101] ---[ end trace 0000000000000000 ]---
[ 4496.266636][ C1] ==================================================================
[ 4496.266965][ C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x214/0x280
[ 4496.267262][ C1] Read of size 8 at addr ffff88800ea410c0 by task kworker/1:0/19389
[ 4496.267550][ C1]
[ 4496.267650][ C1] CPU: 1 UID: 0 PID: 19389 Comm: kworker/1:0 Tainted: G W 6.18.0-virtme #1 PREEMPT(full)
[ 4496.267656][ C1] Tainted: [W]=WARN
[ 4496.267657][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4496.267660][ C1] Workqueue: events virtio_fs_requests_done_work
[ 4496.267669][ C1] Call Trace:
[ 4496.267671][ C1]
[ 4496.267673][ C1] dump_stack_lvl+0x82/0xc0
[ 4496.267681][ C1] print_address_description.constprop.0+0x2c/0x3a0
[ 4496.267689][ C1] ? dst_dev_put+0x214/0x280
[ 4496.267693][ C1] print_report+0xb4/0x270
[ 4496.267696][ C1] ? dst_dev_put+0x214/0x280
[ 4496.267699][ C1] ? kasan_addr_to_slab+0x1d/0x50
[ 4496.267703][ C1] ? dst_dev_put+0x214/0x280
[ 4496.267706][ C1] kasan_report+0xca/0x100
[ 4496.267710][ C1] ? dst_dev_put+0x214/0x280
[ 4496.267715][ C1] dst_dev_put+0x214/0x280
[ 4496.267719][ C1] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4496.267727][ C1] fib_nh_common_release+0xe6/0x2d0
[ 4496.267731][ C1] free_fib_info_rcu+0x14c/0x380
[ 4496.267735][ C1] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4496.267739][ C1] rcu_do_batch+0x27e/0x1120
[ 4496.267746][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 4496.267749][ C1] ? mark_held_locks+0x49/0x70
[ 4496.267754][ C1] ? note_gp_changes+0x17a/0x1d0
[ 4496.267757][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.267765][ C1] rcu_core+0x2bb/0x520
[ 4496.267769][ C1] handle_softirqs+0x1c0/0x820
[ 4496.267777][ C1] __irq_exit_rcu+0x6c/0xe0
[ 4496.267780][ C1] irq_exit_rcu+0xe/0x30
[ 4496.267783][ C1] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4496.267787][ C1]
[ 4496.267788][ C1]
[ 4496.267789][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4496.267794][ C1] RIP: 0010:lock_acquire.part.0+0x6f/0x240
[ 4496.267797][ C1] Code: 00 00 00 65 8b 05 11 cb b5 04 85 c0 0f 85 b8 00 00 00 65 48 8b 05 11 86 b5 04 8b 90 4c 0a 00 00 85 d2 0f 85 a2 00 00 00 9c 5b 48 c7 c7 69 d9 e2 84 e8 94 ad 25 02 41 89 e8 44 89 e1 44 89 ea
[ 4496.267800][ C1] RSP: 0018:ffffc90000a374c8 EFLAGS: 00000246
[ 4496.267804][ C1] RAX: ffff888005c62340 RBX: 0000000000000246 RCX: 0000000000000001
[ 4496.267806][ C1] RDX: 0000000000000000 RSI: ffffffff81ff20a7 RDI: fffffbfff0b2ffc4
[ 4496.267808][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 4496.267809][ C1] R10: ffffffff81ff2093 R11: ffffc90000a37680 R12: 0000000000000002
[ 4496.267811][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff8597fe20
[ 4496.267814][ C1] ? unwind_next_frame+0x143/0x1e00
[ 4496.267821][ C1] ? unwind_next_frame+0x157/0x1e00
[ 4496.267826][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.267831][ C1] ? lock_acquire+0x104/0x140
[ 4496.267835][ C1] unwind_next_frame+0x157/0x1e00
[ 4496.267837][ C1] ? unwind_next_frame+0x143/0x1e00
[ 4496.267840][ C1] ? kfree+0x2bb/0x5f0
[ 4496.267846][ C1] ? stack_access_ok+0x1e0/0x1e0
[ 4496.267849][ C1] ? stack_access_ok+0x1e0/0x1e0
[ 4496.267853][ C1] ? kfree+0x2bb/0x5f0
[ 4496.267855][ C1] ? kernel_text_address+0x17/0xd0
[ 4496.267860][ C1] ? write_profile+0xf0/0xf0
[ 4496.267864][ C1] arch_stack_walk+0x85/0xf0
[ 4496.267869][ C1] ? kfree+0x2bb/0x5f0
[ 4496.267873][ C1] stack_trace_save+0x93/0xc0
[ 4496.267876][ C1] ? stack_trace_snprint+0xe0/0xe0
[ 4496.267879][ C1] ? validate_chain+0x180/0x690
[ 4496.267883][ C1] kasan_save_stack+0x24/0x40
[ 4496.267886][ C1] ? kasan_save_stack+0x24/0x40
[ 4496.267889][ C1] ? kasan_save_track+0x14/0x30
[ 4496.267892][ C1] ? __kasan_save_free_info+0x3b/0x60
[ 4496.267894][ C1] ? __kasan_slab_free+0x3f/0x60
[ 4496.267897][ C1] ? kfree+0x2bb/0x5f0
[ 4496.267902][ C1] ? find_held_lock+0x2b/0x80
[ 4496.267910][ C1] ? mark_held_locks+0x49/0x70
[ 4496.267913][ C1] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4496.267919][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.267923][ C1] ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 4496.267927][ C1] ? __debug_check_no_obj_freed+0x252/0x520
[ 4496.267934][ C1] ? debug_objects_fill_pool+0x3e0/0x3e0
[ 4496.267936][ C1] ? __virt_addr_valid+0x1b0/0x3a0
[ 4496.267941][ C1] ? mark_held_locks+0x49/0x70
[ 4496.267944][ C1] ? __call_rcu_common.constprop.0+0x3cb/0x950
[ 4496.267947][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.267951][ C1] kasan_save_track+0x14/0x30
[ 4496.267954][ C1] __kasan_save_free_info+0x3b/0x60
[ 4496.267956][ C1] __kasan_slab_free+0x3f/0x60
[ 4496.267960][ C1] kfree+0x2bb/0x5f0
[ 4496.267963][ C1] ? detach_buf_split+0x48d/0x6f0
[ 4496.267969][ C1] ? detach_buf_split+0x48d/0x6f0
[ 4496.267971][ C1] detach_buf_split+0x48d/0x6f0
[ 4496.267976][ C1] virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 4496.267981][ C1] virtio_fs_requests_done_work+0x231/0x890
[ 4496.267985][ C1] ? virtio_fs_complete_req_work+0x80/0x80
[ 4496.267990][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.267993][ C1] ? lock_acquire+0x104/0x140
[ 4496.267997][ C1] process_one_work+0x880/0x1810
[ 4496.268005][ C1] ? pwq_dec_nr_in_flight+0x550/0x550
[ 4496.268011][ C1] ? assign_work+0x168/0x240
[ 4496.268015][ C1] worker_thread+0x591/0xcf0
[ 4496.268021][ C1] ? bh_worker+0x6f0/0x6f0
[ 4496.268025][ C1] kthread+0x37b/0x5f0
[ 4496.268029][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.268032][ C1] ? ret_from_fork+0x71/0x540
[ 4496.268035][ C1] ? __lock_release+0x5d/0x160
[ 4496.268038][ C1] ? lock_acquire+0x104/0x140
[ 4496.268041][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.268044][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.268048][ C1] ret_from_fork+0x42f/0x540
[ 4496.268051][ C1] ? arch_exit_to_user_mode_prepare.constprop.0+0x140/0x140
[ 4496.268054][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.268057][ C1] ? __switch_to+0x5c8/0xd50
[ 4496.268062][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.268065][ C1] ret_from_fork_asm+0x11/0x20
[ 4496.268075][ C1]
[ 4496.268077][ C1]
[ 4496.289695][ C1] Allocated by task 31101:
[ 4496.289887][ C1] kasan_save_stack+0x24/0x40
[ 4496.290091][ C1] kasan_save_track+0x14/0x30
[ 4496.290409][ C1] __kasan_slab_alloc+0x55/0x60
[ 4496.290599][ C1] kmem_cache_alloc_noprof+0x291/0x6d0
[ 4496.290789][ C1] dst_alloc+0x7a/0x140
[ 4496.290933][ C1] rt_dst_alloc+0x31/0x3a0
[ 4496.291126][ C1] __mkroute_output+0x425/0x11a0
[ 4496.291441][ C1] ip_route_output_key_hash+0xfa/0x220
[ 4496.291635][ C1] ip_route_output_flow+0x23/0x140
[ 4496.291824][ C1] udp_tunnel_dst_lookup+0x227/0x3a0
[ 4496.292014][ C1] vxlan_xmit_one+0x151a/0x4490 [vxlan]
[ 4496.292335][ C1] vxlan_xmit+0xf6a/0x1870 [vxlan]
[ 4496.292532][ C1] dev_hard_start_xmit+0x132/0x530
[ 4496.292721][ C1] __dev_queue_xmit+0x1406/0x1af0
[ 4496.292911][ C1] packet_snd+0xd0f/0x1a70
[ 4496.293224][ C1] __sys_sendto+0x24b/0x380
[ 4496.293414][ C1] __x64_sys_sendto+0xe0/0x1b0
[ 4496.293605][ C1] do_syscall_64+0xc1/0xfc0
[ 4496.293795][ C1] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 4496.294149][ C1]
[ 4496.294244][ C1] Freed by task 12:
[ 4496.294385][ C1] kasan_save_stack+0x24/0x40
[ 4496.294578][ C1] kasan_save_track+0x14/0x30
[ 4496.294896][ C1] __kasan_save_free_info+0x3b/0x60
[ 4496.295086][ C1] __kasan_slab_free+0x3f/0x60
[ 4496.295278][ C1] kmem_cache_free+0x2e4/0x690
[ 4496.295473][ C1] dst_destroy+0x230/0x350
[ 4496.295783][ C1] rcu_do_batch+0x27e/0x1120
[ 4496.295971][ C1] rcu_core+0x2bb/0x520
[ 4496.296113][ C1] handle_softirqs+0x1c0/0x820
[ 4496.296304][ C1] do_softirq+0xad/0xe0
[ 4496.296453][ C1] __local_bh_enable_ip+0x101/0x120
[ 4496.296762][ C1] __neigh_ifdown.isra.0+0xdb/0x870
[ 4496.296950][ C1] neigh_ifdown+0x10/0x20
[ 4496.297090][ C1] rt6_disable_ip+0xe7/0x130
[ 4496.297278][ C1] addrconf_ifdown.isra.0+0x102/0x15b0
[ 4496.297590][ C1] addrconf_notify+0xd1/0xd20
[ 4496.297780][ C1] notifier_call_chain+0x9a/0x290
[ 4496.297972][ C1] netif_close_many+0x2d7/0x650
[ 4496.298164][ C1] unregister_netdevice_many_notify+0x4ee/0x2080
[ 4496.298520][ C1] ops_undo_list+0x70f/0x890
[ 4496.298711][ C1] cleanup_net+0x3b2/0x8e0
[ 4496.298905][ C1] process_one_work+0x880/0x1810
[ 4496.299094][ C1] worker_thread+0x591/0xcf0
[ 4496.299404][ C1] kthread+0x37b/0x5f0
[ 4496.299547][ C1] ret_from_fork+0x42f/0x540
[ 4496.299739][ C1] ret_from_fork_asm+0x11/0x20
[ 4496.299929][ C1]
[ 4496.300149][ C1] Last potentially related work creation:
[ 4496.300341][ C1] kasan_save_stack+0x24/0x40
[ 4496.300534][ C1] kasan_record_aux_stack+0x8c/0xa0
[ 4496.300723][ C1] __call_rcu_common.constprop.0+0xa9/0x950
[ 4496.301084][ C1] dst_cache_destroy+0xf7/0x200
[ 4496.301280][ C1] vxlan_fdb_free+0x10e/0x1b0 [vxlan]
[ 4496.301483][ C1] rcu_do_batch+0x27e/0x1120
[ 4496.301673][ C1] rcu_core+0x2bb/0x520
[ 4496.301940][ C1] handle_softirqs+0x1c0/0x820
[ 4496.302134][ C1] __irq_exit_rcu+0x6c/0xe0
[ 4496.302322][ C1] irq_exit_rcu+0xe/0x30
[ 4496.302465][ C1] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4496.302655][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4496.303018][ C1]
[ 4496.303114][ C1] The buggy address belongs to the object at ffff88800ea410c0
[ 4496.303114][ C1] which belongs to the cache rtable of size 184
[ 4496.303690][ C1] The buggy address is located 0 bytes inside of
[ 4496.303690][ C1] freed 184-byte region [ffff88800ea410c0, ffff88800ea41178)
[ 4496.304145][ C1]
[ 4496.304244][ C1] The buggy address belongs to the physical page:
[ 4496.304596][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88800ea40f40 pfn:0xea40
[ 4496.304982][ C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 4496.305270][ C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 4496.305640][ C1] page_type: f5(slab)
[ 4496.305792][ C1] raw: 0080000000000240 ffff8880029dbe00 ffffea000046d790 ffff888002663708
[ 4496.306136][ C1] raw: ffff88800ea40f40 0000000000150006 00000000f5000000 0000000000000000
[ 4496.306604][ C1] head: 0080000000000240 ffff8880029dbe00 ffffea000046d790 ffff888002663708
[ 4496.306949][ C1] head: ffff88800ea40f40 0000000000150006 00000000f5000000 0000000000000000
[ 4496.307415][ C1] head: 0080000000000001 ffffea00003a9001 00000000ffffffff 00000000ffffffff
[ 4496.307753][ C1] head: ffff88800da43c40 0000000000000000 00000000ffffffff 0000000000000000
[ 4496.308212][ C1] page dumped because: kasan: bad access detected
[ 4496.308444][ C1]
[ 4496.308538][ C1] Memory state around the buggy address:
[ 4496.308722][ C1] ffff88800ea40f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4496.309124][ C1] ffff88800ea41000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4496.309397][ C1] >ffff88800ea41080: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 4496.309674][ C1] ^
[ 4496.310021][ C1] ffff88800ea41100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 4496.310300][ C1] ffff88800ea41180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 4496.310577][ C1] ==================================================================
[ 4496.310979][ C1] Disabling lock debugging due to kernel taint
[ 4496.311230][ C1] Oops: general protection fault, probably for non-canonical address 0xe0b73c4ba0000008: 0000 [#1] SMP KASAN
[ 4496.311748][ C1] KASAN: maybe wild-memory-access in range [0x05ba025d00000040-0x05ba025d00000047]
[ 4496.312061][ C1] CPU: 1 UID: 0 PID: 19389 Comm: kworker/1:0 Tainted: G B W 6.18.0-virtme #1 PREEMPT(full)
[ 4496.312588][ C1] Tainted: [B]=BAD_PAGE, [W]=WARN
[ 4496.312770][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4496.312994][ C1] Workqueue: events virtio_fs_requests_done_work
[ 4496.313235][ C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4496.313424][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4496.314183][ C1] RSP: 0018:ffffc900001c0d48 EFLAGS: 00010203
[ 4496.314411][ C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff83a8b398
[ 4496.314684][ C1] RDX: 00b7404ba0000008 RSI: 0000000000000008 RDI: 05ba025d00000044
[ 4496.315072][ C1] RBP: 05ba025d0000000c R08: 0000000000000001 R09: fffffbfff0daa8c4
[ 4496.315343][ C1] R10: ffffffff86d54627 R11: ffffc900001c0800 R12: ffff8880154a7868
[ 4496.315733][ C1] R13: ffff88800ea410c0 R14: 0000000000000002 R15: ffff88800ea410c0
[ 4496.316009][ C1] FS: 0000000000000000(0000) GS:ffff8880e6398000(0000) knlGS:0000000000000000
[ 4496.316321][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4496.316666][ C1] CR2: 000055ae0f40e1b0 CR3: 0000000063745005 CR4: 0000000000772ef0
[ 4496.316937][ C1] PKRU: 55555554
[ 4496.317075][ C1] Call Trace:
[ 4496.317214][ C1]
[ 4496.317428][ C1] rt_fibinfo_free_cpus.part.0+0xd2/0x170
[ 4496.317618][ C1] fib_nh_common_release+0xe6/0x2d0
[ 4496.317797][ C1] free_fib_info_rcu+0x14c/0x380
[ 4496.317979][ C1] ? nexthop_mpath_fill_node.constprop.0+0x2b0/0x2b0
[ 4496.318324][ C1] rcu_do_batch+0x27e/0x1120
[ 4496.318507][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 4496.318688][ C1] ? mark_held_locks+0x49/0x70
[ 4496.318873][ C1] ? note_gp_changes+0x17a/0x1d0
[ 4496.319164][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.319347][ C1] rcu_core+0x2bb/0x520
[ 4496.319483][ C1] handle_softirqs+0x1c0/0x820
[ 4496.319667][ C1] __irq_exit_rcu+0x6c/0xe0
[ 4496.319961][ C1] irq_exit_rcu+0xe/0x30
[ 4496.320105][ C1] sysvec_apic_timer_interrupt+0xa8/0xc0
[ 4496.320284][ C1]
[ 4496.320382][ C1]
[ 4496.320473][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4496.320814][ C1] RIP: 0010:lock_acquire.part.0+0x6f/0x240
[ 4496.321047][ C1] Code: 00 00 00 65 8b 05 11 cb b5 04 85 c0 0f 85 b8 00 00 00 65 48 8b 05 11 86 b5 04 8b 90 4c 0a 00 00 85 d2 0f 85 a2 00 00 00 9c 5b 48 c7 c7 69 d9 e2 84 e8 94 ad 25 02 41 89 e8 44 89 e1 44 89 ea
[ 4496.321809][ C1] RSP: 0018:ffffc90000a374c8 EFLAGS: 00000246
[ 4496.322036][ C1] RAX: ffff888005c62340 RBX: 0000000000000246 RCX: 0000000000000001
[ 4496.322306][ C1] RDX: 0000000000000000 RSI: ffffffff81ff20a7 RDI: fffffbfff0b2ffc4
[ 4496.322701][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 4496.322970][ C1] R10: ffffffff81ff2093 R11: ffffc90000a37680 R12: 0000000000000002
[ 4496.323361][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff8597fe20
[ 4496.323634][ C1] ? unwind_next_frame+0x143/0x1e00
[ 4496.323818][ C1] ? unwind_next_frame+0x157/0x1e00
[ 4496.323998][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.324296][ C1] ? lock_acquire+0x104/0x140
[ 4496.324475][ C1] unwind_next_frame+0x157/0x1e00
[ 4496.324660][ C1] ? unwind_next_frame+0x143/0x1e00
[ 4496.324839][ C1] ? kfree+0x2bb/0x5f0
[ 4496.325092][ C1] ? stack_access_ok+0x1e0/0x1e0
[ 4496.325274][ C1] ? stack_access_ok+0x1e0/0x1e0
[ 4496.325453][ C1] ? kfree+0x2bb/0x5f0
[ 4496.325592][ C1] ? kernel_text_address+0x17/0xd0
[ 4496.325888][ C1] ? write_profile+0xf0/0xf0
[ 4496.326071][ C1] arch_stack_walk+0x85/0xf0
[ 4496.326261][ C1] ? kfree+0x2bb/0x5f0
[ 4496.326401][ C1] stack_trace_save+0x93/0xc0
[ 4496.326582][ C1] ? stack_trace_snprint+0xe0/0xe0
[ 4496.326879][ C1] ? validate_chain+0x180/0x690
[ 4496.327060][ C1] kasan_save_stack+0x24/0x40
[ 4496.327243][ C1] ? kasan_save_stack+0x24/0x40
[ 4496.327421][ C1] ? kasan_save_track+0x14/0x30
[ 4496.327715][ C1] ? __kasan_save_free_info+0x3b/0x60
[ 4496.327898][ C1] ? __kasan_slab_free+0x3f/0x60
[ 4496.328081][ C1] ? kfree+0x2bb/0x5f0
[ 4496.328219][ C1] ? find_held_lock+0x2b/0x80
[ 4496.328517][ C1] ? mark_held_locks+0x49/0x70
[ 4496.328696][ C1] ? _raw_spin_unlock_irqrestore+0x59/0x70
[ 4496.328923][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.329103][ C1] ? _raw_spin_unlock_irqrestore+0x46/0x70
[ 4496.329447][ C1] ? __debug_check_no_obj_freed+0x252/0x520
[ 4496.329675][ C1] ? debug_objects_fill_pool+0x3e0/0x3e0
[ 4496.329853][ C1] ? __virt_addr_valid+0x1b0/0x3a0
[ 4496.330154][ C1] ? mark_held_locks+0x49/0x70
[ 4496.330332][ C1] ? __call_rcu_common.constprop.0+0x3cb/0x950
[ 4496.330555][ C1] ? lockdep_hardirqs_on+0x7c/0x100
[ 4496.330739][ C1] kasan_save_track+0x14/0x30
[ 4496.331039][ C1] __kasan_save_free_info+0x3b/0x60
[ 4496.331221][ C1] __kasan_slab_free+0x3f/0x60
[ 4496.331401][ C1] kfree+0x2bb/0x5f0
[ 4496.331536][ C1] ? detach_buf_split+0x48d/0x6f0
[ 4496.331834][ C1] ? detach_buf_split+0x48d/0x6f0
[ 4496.332016][ C1] detach_buf_split+0x48d/0x6f0
[ 4496.332198][ C1] virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 4496.332425][ C1] virtio_fs_requests_done_work+0x231/0x890
[ 4496.332762][ C1] ? virtio_fs_complete_req_work+0x80/0x80
[ 4496.332985][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.333164][ C1] ? lock_acquire+0x104/0x140
[ 4496.333459][ C1] process_one_work+0x880/0x1810
[ 4496.333648][ C1] ? pwq_dec_nr_in_flight+0x550/0x550
[ 4496.333829][ C1] ? assign_work+0x168/0x240
[ 4496.334017][ C1] worker_thread+0x591/0xcf0
[ 4496.334200][ C1] ? bh_worker+0x6f0/0x6f0
[ 4496.334382][ C1] kthread+0x37b/0x5f0
[ 4496.334519][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.334699][ C1] ? ret_from_fork+0x71/0x540
[ 4496.334878][ C1] ? __lock_release+0x5d/0x160
[ 4496.335173][ C1] ? lock_acquire+0x104/0x140
[ 4496.335352][ C1] ? rcu_is_watching+0x12/0xb0
[ 4496.335533][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.335719][ C1] ret_from_fork+0x42f/0x540
[ 4496.336016][ C1] ? arch_exit_to_user_mode_prepare.constprop.0+0x140/0x140
[ 4496.336286][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.336472][ C1] ? __switch_to+0x5c8/0xd50
[ 4496.336767][ C1] ? kthread_is_per_cpu+0xc0/0xc0
[ 4496.336948][ C1] ret_from_fork_asm+0x11/0x20
[ 4496.337132][ C1]
[ 4496.337269][ C1] Modules linked in: sctp sch_fq cls_matchall xt_conntrack nf_conntrack nf_defrag_ipv4 nft_compat nf_tables nf_defrag_ipv6 cls_bpf act_mirred cls_u32 ifb unix_diag geneve ip6_gre ip_gre gre chacha libchacha chacha20poly1305 libpoly1305 tls act_gact cls_flower sch_ingress vxlan [last unloaded: psample]
[ 4496.338478][ C1] ---[ end trace 0000000000000000 ]---
[ 4496.338659][ C1] RIP: 0010:dst_dev_put+0xa0/0x280
[ 4496.338849][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 9c 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6d 08 48 8d 7d 38 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 6f 01 00 00 48 8b 45 38 48 85 c0 74 08 4c 89 e6
[ 4496.339606][ C1] RSP: 0018:ffffc900001c0d48 EFLAGS: 00010203
[ 4496.339831][ C1] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff83a8b398
[ 4496.340229][ C1] RDX: 00b7404ba0000008 RSI: 0000000000000008 RDI: 05ba025d00000044
[ 4496.340503][ C1] RBP: 05ba025d0000000c R08: 0000000000000001 R09: fffffbfff0daa8c4
[ 4496.340772][ C1] R10: ffffffff86d54627 R11: ffffc900001c0800 R12: ffff8880154a7868
[ 4496.341155][ C1] R13: ffff88800ea410c0 R14: 0000000000000002 R15: ffff88800ea410c0
[ 4496.341434][ C1] FS: 0000000000000000(0000) GS:ffff8880e6398000(0000) knlGS:0000000000000000
[ 4496.341864][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4496.342086][ C1] CR2: 000055ae0f40e1b0 CR3: 0000000063745005 CR4: 0000000000772ef0
[ 4496.342365][ C1] PKRU: 55555554
[ 4496.342502][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 4496.342965][ C1] Kernel Offset: 0xa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4496.343396][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr