[ 9.315205][ T261] GACT probability NOT on
[ 10.385241][ C1] ==================================================================
[ 10.385408][ C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x298/0x300
[ 10.385545][ C1] Read of size 8 at addr ff1100000bf10040 by task ksoftirqd/1/22
[ 10.385673][ C1]
[ 10.385718][ C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted 6.18.0-virtme #1 PREEMPT(full)
[ 10.385722][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 10.385723][ C1] Call Trace:
[ 10.385725][ C1]
[ 10.385726][ C1] dump_stack_lvl+0x6f/0xa0
[ 10.385733][ C1] print_address_description.constprop.0+0x6e/0x300
[ 10.385737][ C1] print_report+0xfc/0x1fb
[ 10.385738][ C1] ? dst_dev_put+0x298/0x300
[ 10.385740][ C1] ? __virt_addr_valid+0x1da/0x430
[ 10.385745][ C1] ? dst_dev_put+0x298/0x300
[ 10.385747][ C1] kasan_report+0xe8/0x120
[ 10.385751][ C1] ? dst_dev_put+0x298/0x300
[ 10.385753][ C1] dst_dev_put+0x298/0x300
[ 10.385755][ C1] rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 10.385759][ C1] fib_nh_common_release+0xe6/0x2d0
[ 10.385761][ C1] free_fib_info_rcu+0x159/0x3b0
[ 10.385763][ C1] ? rcu_do_batch+0x289/0xfe0
[ 10.385767][ C1] rcu_do_batch+0x28b/0xfe0
[ 10.385769][ C1] ? __lock_release.isra.0+0x59/0x170
[ 10.385771][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.385774][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 10.385775][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 10.385777][ C1] ? trace_x86_fpu_regs_deactivated+0xeb/0x130
[ 10.385780][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.385782][ C1] ? trace_irq_enable.constprop.0+0xce/0x100
[ 10.385785][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 10.385786][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 10.385790][ C1] rcu_core+0x2b4/0x5f0
[ 10.385792][ C1] handle_softirqs+0x1d7/0x840
[ 10.385796][ C1] ? tasklet_unlock_wait+0x60/0x60
[ 10.385798][ C1] run_ksoftirqd+0x39/0x60
[ 10.385799][ C1] smpboot_thread_fn+0x2fb/0x9b0
[ 10.385803][ C1] ? sort_range+0x20/0x20
[ 10.385804][ C1] kthread+0x355/0x5b0
[ 10.385807][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.385808][ C1] ? __lock_release.isra.0+0x59/0x170
[ 10.385810][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.385811][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.385813][ C1] ret_from_fork+0x3fb/0x510
[ 10.385815][ C1] ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[ 10.385817][ C1] ? __switch_to+0x602/0xd00
[ 10.385819][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.385820][ C1] ret_from_fork_asm+0x11/0x20
[ 10.385825][ C1]
[ 10.385826][ C1]
[ 10.389545][ C1] Allocated by task 270:
[ 10.389611][ C1] kasan_save_stack+0x30/0x50
[ 10.389698][ C1] kasan_save_track+0x14/0x30
[ 10.389784][ C1] __kasan_slab_alloc+0x5f/0x70
[ 10.389867][ C1] kmem_cache_alloc_noprof+0x218/0x6e0
[ 10.389955][ C1] dst_alloc+0x79/0x160
[ 10.390017][ C1] rt_dst_alloc+0x35/0x3a0
[ 10.390105][ C1] __mkroute_output+0x456/0x1070
[ 10.390191][ C1] ip_route_output_key_hash+0xfa/0x220
[ 10.390276][ C1] ip_route_output_flow+0x21/0x150
[ 10.390363][ C1] udp_tunnel_dst_lookup+0x22e/0x380
[ 10.390447][ C1] vxlan_xmit_one+0x16ca/0x4230 [vxlan]
[ 10.390538][ C1] vxlan_xmit+0x8cb/0x11e0 [vxlan]
[ 10.390627][ C1] dev_hard_start_xmit+0xfc/0x540
[ 10.390711][ C1] __dev_queue_xmit+0x155e/0x1a10
[ 10.390796][ C1] packet_snd+0xf93/0x1980
[ 10.390880][ C1] __sys_sendto+0x265/0x390
[ 10.390976][ C1] __x64_sys_sendto+0xe4/0x1f0
[ 10.391062][ C1] do_syscall_64+0xbd/0xfc0
[ 10.391147][ C1] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 10.391253][ C1]
[ 10.391296][ C1] Freed by task 12:
[ 10.391362][ C1] kasan_save_stack+0x30/0x50
[ 10.391449][ C1] kasan_save_track+0x14/0x30
[ 10.391539][ C1] __kasan_save_free_info+0x3b/0x60
[ 10.391632][ C1] __kasan_slab_free+0x43/0x70
[ 10.391722][ C1] kmem_cache_free+0xfe/0x5e0
[ 10.391806][ C1] dst_destroy+0x221/0x340
[ 10.391890][ C1] rcu_do_batch+0x28b/0xfe0
[ 10.391975][ C1] rcu_core+0x2b4/0x5f0
[ 10.392039][ C1] handle_softirqs+0x1d7/0x840
[ 10.392124][ C1] do_softirq+0xa9/0xe0
[ 10.392187][ C1] __local_bh_enable_ip+0x111/0x140
[ 10.392283][ C1] __fib6_clean_all+0xff/0x290
[ 10.392367][ C1] rt6_disable_ip+0x118/0x130
[ 10.392451][ C1] addrconf_ifdown.isra.0+0x106/0x1610
[ 10.392536][ C1] addrconf_notify+0x2c8/0xf20
[ 10.392620][ C1] notifier_call_chain+0x9a/0x290
[ 10.392711][ C1] netif_close_many+0x2c9/0x640
[ 10.392796][ C1] unregister_netdevice_many_notify+0x705/0x20a0
[ 10.392899][ C1] ops_undo_list+0x620/0x8f0
[ 10.392993][ C1] cleanup_net+0x3bc/0x890
[ 10.393078][ C1] process_one_work+0xd57/0x1390
[ 10.393162][ C1] worker_thread+0x4d6/0xd40
[ 10.393246][ C1] kthread+0x355/0x5b0
[ 10.393311][ C1] ret_from_fork+0x3fb/0x510
[ 10.393394][ C1] ret_from_fork_asm+0x11/0x20
[ 10.393476][ C1]
[ 10.393519][ C1] Last potentially related work creation:
[ 10.393609][ C1] kasan_save_stack+0x30/0x50
[ 10.393695][ C1] kasan_record_aux_stack+0x8c/0xa0
[ 10.393781][ C1] __call_rcu_common.constprop.0+0xa6/0xa00
[ 10.393885][ C1] dst_cache_destroy+0xea/0x1d0
[ 10.393976][ C1] vxlan_fdb_free+0x109/0x1c0 [vxlan]
[ 10.394065][ C1] rcu_do_batch+0x28b/0xfe0
[ 10.394163][ C1] rcu_core+0x2b4/0x5f0
[ 10.394226][ C1] handle_softirqs+0x1d7/0x840
[ 10.394315][ C1] irq_exit_rcu+0xa2/0xf0
[ 10.394379][ C1] sysvec_apic_timer_interrupt+0xb1/0xf0
[ 10.394464][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 10.394568][ C1]
[ 10.394612][ C1] The buggy address belongs to the object at ff1100000bf10040
[ 10.394612][ C1] which belongs to the cache rtable of size 184
[ 10.394823][ C1] The buggy address is located 0 bytes inside of
[ 10.394823][ C1] freed 184-byte region [ff1100000bf10040, ff1100000bf100f8)
[ 10.395031][ C1]
[ 10.395074][ C1] The buggy address belongs to the physical page:
[ 10.395180][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000bf104c0 pfn:0xbf10
[ 10.395352][ C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 10.395484][ C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 10.395594][ C1] page_type: f5(slab)
[ 10.395662][ C1] raw: 0080000000000240 ff11000002619c40 ff110000052715c8 ff110000052715c8
[ 10.395818][ C1] raw: ff1100000bf104c0 0000000000150003 00000000f5000000 0000000000000000
[ 10.395971][ C1] head: 0080000000000240 ff11000002619c40 ff110000052715c8 ff110000052715c8
[ 10.396125][ C1] head: ff1100000bf104c0 0000000000150003 00000000f5000000 0000000000000000
[ 10.396278][ C1] head: 0080000000000001 ffd40000002fc401 00000000ffffffff 00000000ffffffff
[ 10.396428][ C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 10.396580][ C1] page dumped because: kasan: bad access detected
[ 10.396691][ C1]
[ 10.396735][ C1] Memory state around the buggy address:
[ 10.396819][ C1] ff1100000bf0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 10.396945][ C1] ff1100000bf0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 10.397073][ C1] >ff1100000bf10000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 10.397198][ C1] ^
[ 10.397299][ C1] ff1100000bf10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 10.397424][ C1] ff1100000bf10100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 10.397553][ C1] ==================================================================
[ 10.397723][ C1] Disabling lock debugging due to kernel taint
[ 10.397862][ C1] Oops: general protection fault, probably for non-canonical address 0xe0e1bc3460000008: 0000 [#1] SMP KASAN
[ 10.398061][ C1] KASAN: maybe wild-memory-access in range [0x070e01a300000040-0x070e01a300000047]
[ 10.398205][ C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G B 6.18.0-virtme #1 PREEMPT(full)
[ 10.398373][ C1] Tainted: [B]=BAD_PAGE
[ 10.398436][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 10.398574][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 10.398661][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 10.398989][ C1] RSP: 0018:ffa0000000197ad8 EFLAGS: 00010213
[ 10.399092][ C1] RAX: 070e01a30000000c RBX: ff1100000bf10040 RCX: 00e1c03460000008
[ 10.399212][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 070e01a300000044
[ 10.399372][ C1] RBP: ff11000010d8fae4 R08: 0000000000000008 R09: fffffbfff470c2c4
[ 10.399494][ C1] R10: fffffbfff470c2c5 R11: 0000000000000000 R12: 1fe2200001660b2d
[ 10.399655][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000b305970
[ 10.399782][ C1] FS: 0000000000000000(0000) GS:ff110000c8a8b000(0000) knlGS:0000000000000000
[ 10.399927][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.400072][ C1] CR2: 00007ffe0b056db8 CR3: 000000001327c001 CR4: 0000000000771ef0
[ 10.400198][ C1] PKRU: 55555554
[ 10.400260][ C1] Call Trace:
[ 10.400322][ C1]
[ 10.400401][ C1] rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 10.400488][ C1] fib_nh_common_release+0xe6/0x2d0
[ 10.400568][ C1] free_fib_info_rcu+0x159/0x3b0
[ 10.400649][ C1] ? rcu_do_batch+0x289/0xfe0
[ 10.400766][ C1] rcu_do_batch+0x28b/0xfe0
[ 10.400851][ C1] ? __lock_release.isra.0+0x59/0x170
[ 10.400936][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.401018][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 10.401098][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 10.401202][ C1] ? trace_x86_fpu_regs_deactivated+0xeb/0x130
[ 10.401302][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.401383][ C1] ? trace_irq_enable.constprop.0+0xce/0x100
[ 10.401525][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 10.401624][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 10.401714][ C1] rcu_core+0x2b4/0x5f0
[ 10.401779][ C1] handle_softirqs+0x1d7/0x840
[ 10.401896][ C1] ? tasklet_unlock_wait+0x60/0x60
[ 10.401979][ C1] run_ksoftirqd+0x39/0x60
[ 10.402058][ C1] smpboot_thread_fn+0x2fb/0x9b0
[ 10.402146][ C1] ? sort_range+0x20/0x20
[ 10.402242][ C1] kthread+0x355/0x5b0
[ 10.402303][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.402384][ C1] ? __lock_release.isra.0+0x59/0x170
[ 10.402465][ C1] ? rcu_is_watching+0x15/0xd0
[ 10.402579][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.402659][ C1] ret_from_fork+0x3fb/0x510
[ 10.402743][ C1] ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[ 10.402849][ C1] ? __switch_to+0x602/0xd00
[ 10.402972][ C1] ? kthread_is_per_cpu+0xe0/0xe0
[ 10.403057][ C1] ret_from_fork_asm+0x11/0x20
[ 10.403142][ C1]
[ 10.403208][ C1] Modules linked in: act_gact cls_flower sch_ingress vxlan
[ 10.403393][ C1] ---[ end trace 0000000000000000 ]---
[ 10.403475][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 10.403563][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 10.403891][ C1] RSP: 0018:ffa0000000197ad8 EFLAGS: 00010213
[ 10.404004][ C1] RAX: 070e01a30000000c RBX: ff1100000bf10040 RCX: 00e1c03460000008
[ 10.404132][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 070e01a300000044
[ 10.404255][ C1] RBP: ff11000010d8fae4 R08: 0000000000000008 R09: fffffbfff470c2c4
[ 10.404411][ C1] R10: fffffbfff470c2c5 R11: 0000000000000000 R12: 1fe2200001660b2d
[ 10.404534][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000b305970
[ 10.404657][ C1] FS: 0000000000000000(0000) GS:ff110000c8a8b000(0000) knlGS:0000000000000000
[ 10.404833][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.404938][ C1] CR2: 00007ffe0b056db8 CR3: 000000001327c001 CR4: 0000000000771ef0
[ 10.405064][ C1] PKRU: 55555554
[ 10.405159][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 10.405365][ C1] Kernel Offset: 0x1d400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 10.405590][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr