[ 2032.615644][    C0] ==================================================================
[ 2032.615839][    C0] BUG: KASAN: slab-use-after-free in dst_dev_put+0x298/0x300
[ 2032.615992][    C0] Read of size 8 at addr ff110000059e61c0 by task swapper/0/0
[ 2032.616138][    C0] 
[ 2032.616192][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.18.0-virtme #1 PREEMPT(full) 
[ 2032.616196][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2032.616197][    C0] Call Trace:
[ 2032.616199][    C0]  <IRQ>
[ 2032.616200][    C0]  dump_stack_lvl+0x6f/0xa0
[ 2032.616206][    C0]  print_address_description.constprop.0+0x6e/0x300
[ 2032.616211][    C0]  print_report+0xfc/0x1fb
[ 2032.616212][    C0]  ? dst_dev_put+0x298/0x300
[ 2032.616214][    C0]  ? __virt_addr_valid+0x1da/0x430
[ 2032.616218][    C0]  ? dst_dev_put+0x298/0x300
[ 2032.616220][    C0]  kasan_report+0xe8/0x120
[ 2032.616223][    C0]  ? dst_dev_put+0x298/0x300
[ 2032.616226][    C0]  dst_dev_put+0x298/0x300
[ 2032.616228][    C0]  rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 2032.616231][    C0]  fib_nh_common_release+0xe6/0x2d0
[ 2032.616233][    C0]  free_fib_info_rcu+0x159/0x3b0
[ 2032.616235][    C0]  ? rcu_do_batch+0x289/0xfe0
[ 2032.616239][    C0]  rcu_do_batch+0x28b/0xfe0
[ 2032.616241][    C0]  ? trace_rcu_batch_end+0x270/0x270
[ 2032.616244][    C0]  ? trace_irq_enable.constprop.0+0xce/0x100
[ 2032.616247][    C0]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2032.616249][    C0]  ? lockdep_hardirqs_on+0x84/0x130
[ 2032.616253][    C0]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 2032.616255][    C0]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 2032.616257][    C0]  rcu_core+0x2b4/0x5f0
[ 2032.616259][    C0]  handle_softirqs+0x1d7/0x840
[ 2032.616262][    C0]  ? tasklet_unlock_wait+0x60/0x60
[ 2032.616264][    C0]  irq_exit_rcu+0xa2/0xf0
[ 2032.616266][    C0]  sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2032.616267][    C0]  </IRQ>
[ 2032.616268][    C0]  <TASK>
[ 2032.616269][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2032.616271][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2032.616274][    C0] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 <c3> 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2032.616276][    C0] RSP: 0018:ffffffff86007e00 EFLAGS: 00000282
[ 2032.616279][    C0] RAX: 00000000051609d3 RBX: ffffffff86032580 RCX: ffffffff82a84c3f
[ 2032.616281][    C0] RDX: ffffffff86032580 RSI: ffffffff8580ff1e RDI: ffffffff85269f80
[ 2032.616281][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 2032.616282][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffffffff0c00fc3
[ 2032.616283][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000014770
[ 2032.616285][    C0]  ? cpuidle_idle_call+0x21f/0x340
[ 2032.616288][    C0]  default_idle+0x9/0x10
[ 2032.616290][    C0]  default_idle_call+0x6c/0xa0
[ 2032.616291][    C0]  cpuidle_idle_call+0x21f/0x340
[ 2032.616293][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[ 2032.616294][    C0]  ? mark_tsc_async_resets+0x30/0x30
[ 2032.616296][    C0]  ? trace_sched_exit_tp+0x2e/0x100
[ 2032.616299][    C0]  do_idle+0xd9/0x130
[ 2032.616301][    C0]  cpu_startup_entry+0x53/0x70
[ 2032.616302][    C0]  rest_init+0x1f7/0x200
[ 2032.616304][    C0]  start_kernel+0x3aa/0x3b0
[ 2032.616308][    C0]  x86_64_start_reservations+0x24/0x30
[ 2032.616310][    C0]  x86_64_start_kernel+0x122/0x130
[ 2032.616312][    C0]  common_startup_64+0x13e/0x148
[ 2032.616318][    C0]  </TASK>
[ 2032.616319][    C0] 
[ 2032.622021][    C0] Allocated by task 9168:
[ 2032.622095][    C0]  kasan_save_stack+0x30/0x50
[ 2032.622195][    C0]  kasan_save_track+0x14/0x30
[ 2032.622290][    C0]  __kasan_slab_alloc+0x5f/0x70
[ 2032.622388][    C0]  kmem_cache_alloc_noprof+0x218/0x6e0
[ 2032.622483][    C0]  dst_alloc+0x79/0x160
[ 2032.622557][    C0]  rt_dst_alloc+0x35/0x3a0
[ 2032.622653][    C0]  __mkroute_output+0x456/0x1070
[ 2032.622750][    C0]  ip_route_output_key_hash+0xfa/0x220
[ 2032.622845][    C0]  ip_route_output_flow+0x21/0x150
[ 2032.622946][    C0]  udp_tunnel_dst_lookup+0x22e/0x380
[ 2032.623043][    C0]  vxlan_xmit_one+0x16ca/0x4230 [vxlan]
[ 2032.623144][    C0]  vxlan_xmit+0x8cb/0x11e0 [vxlan]
[ 2032.623243][    C0]  dev_hard_start_xmit+0xfc/0x540
[ 2032.623343][    C0]  __dev_queue_xmit+0x155e/0x1a10
[ 2032.623439][    C0]  packet_snd+0xf93/0x1980
[ 2032.623544][    C0]  __sys_sendto+0x265/0x390
[ 2032.623641][    C0]  __x64_sys_sendto+0xe4/0x1f0
[ 2032.623736][    C0]  do_syscall_64+0xbd/0xfc0
[ 2032.623834][    C0]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2032.623953][    C0] 
[ 2032.624003][    C0] Freed by task 12:
[ 2032.624076][    C0]  kasan_save_stack+0x30/0x50
[ 2032.624173][    C0]  kasan_save_track+0x14/0x30
[ 2032.624269][    C0]  __kasan_save_free_info+0x3b/0x60
[ 2032.624366][    C0]  __kasan_slab_free+0x43/0x70
[ 2032.624462][    C0]  kmem_cache_free+0xfe/0x5e0
[ 2032.624563][    C0]  dst_destroy+0x221/0x340
[ 2032.624663][    C0]  rcu_do_batch+0x28b/0xfe0
[ 2032.624759][    C0]  rcu_core+0x2b4/0x5f0
[ 2032.624831][    C0]  handle_softirqs+0x1d7/0x840
[ 2032.624928][    C0]  irq_exit_rcu+0xa2/0xf0
[ 2032.625004][    C0]  sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2032.625105][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2032.625222][    C0] 
[ 2032.625273][    C0] Last potentially related work creation:
[ 2032.625370][    C0]  kasan_save_stack+0x30/0x50
[ 2032.625467][    C0]  kasan_record_aux_stack+0x8c/0xa0
[ 2032.625565][    C0]  __call_rcu_common.constprop.0+0xa6/0xa00
[ 2032.625686][    C0]  dst_cache_destroy+0xea/0x1d0
[ 2032.625786][    C0]  vxlan_fdb_free+0x109/0x1c0 [vxlan]
[ 2032.625884][    C0]  rcu_do_batch+0x28b/0xfe0
[ 2032.625983][    C0]  rcu_core+0x2b4/0x5f0
[ 2032.626054][    C0]  handle_softirqs+0x1d7/0x840
[ 2032.626150][    C0]  irq_exit_rcu+0xa2/0xf0
[ 2032.626222][    C0]  sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2032.626323][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2032.626442][    C0] 
[ 2032.626491][    C0] The buggy address belongs to the object at ff110000059e61c0
[ 2032.626491][    C0]  which belongs to the cache rtable of size 184
[ 2032.626740][    C0] The buggy address is located 0 bytes inside of
[ 2032.626740][    C0]  freed 184-byte region [ff110000059e61c0, ff110000059e6278)
[ 2032.626975][    C0] 
[ 2032.627026][    C0] The buggy address belongs to the physical page:
[ 2032.627150][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff110000059e67c0 pfn:0x59e6
[ 2032.627351][    C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2032.627499][    C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 2032.627627][    C0] page_type: f5(slab)
[ 2032.627702][    C0] raw: 0080000000000240 ff11000005317c40 ffd4000000268390 ff110000052355c8
[ 2032.627877][    C0] raw: ff110000059e67c0 0000000000150001 00000000f5000000 0000000000000000
[ 2032.628054][    C0] head: 0080000000000240 ff11000005317c40 ffd4000000268390 ff110000052355c8
[ 2032.628230][    C0] head: ff110000059e67c0 0000000000150001 00000000f5000000 0000000000000000
[ 2032.628400][    C0] head: 0080000000000001 ffd4000000167981 00000000ffffffff 00000000ffffffff
[ 2032.628578][    C0] head: ff11000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2032.628753][    C0] page dumped because: kasan: bad access detected
[ 2032.628878][    C0] 
[ 2032.628931][    C0] Memory state around the buggy address:
[ 2032.629025][    C0]  ff110000059e6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2032.629167][    C0]  ff110000059e6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2032.629310][    C0] >ff110000059e6180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2032.629451][    C0]                                            ^
[ 2032.629572][    C0]  ff110000059e6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2032.629717][    C0]  ff110000059e6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2032.629855][    C0] ==================================================================
[ 2032.630005][    C0] Disabling lock debugging due to kernel taint
[ 2032.630139][    C0] Oops: general protection fault, probably for non-canonical address 0xe0b87c3580000008: 0000 [#1] SMP KASAN
[ 2032.630348][    C0] KASAN: maybe wild-memory-access in range [0x05c401ac00000040-0x05c401ac00000047]
[ 2032.630506][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B               6.18.0-virtme #1 PREEMPT(full) 
[ 2032.630701][    C0] Tainted: [B]=BAD_PAGE
[ 2032.630773][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2032.630893][    C0] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2032.630996][    C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2032.631323][    C0] RSP: 0018:ffa0000000007d10 EFLAGS: 00010213
[ 2032.631440][    C0] RAX: 05c401ac0000000c RBX: ff110000059e61c0 RCX: 00b8803580000008
[ 2032.631580][    C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05c401ac00000044
[ 2032.631719][    C0] RBP: ff11000012cd1c10 R08: 0000000000000008 R09: fffffbfff0ecc2c4
[ 2032.631863][    C0] R10: fffffbfff0ecc2c5 R11: 0000000000000000 R12: 1fe22000022a22cd
[ 2032.632010][    C0] R13: 0000000000000002 R14: 0000000000000001 R15: ff11000011511670
[ 2032.632150][    C0] FS:  0000000000000000(0000) GS:ff110000e4c0b000(0000) knlGS:0000000000000000
[ 2032.632315][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2032.632435][    C0] CR2: 00007f38f2f7aff0 CR3: 0000000057348003 CR4: 0000000000771ef0
[ 2032.632577][    C0] PKRU: 55555554
[ 2032.632648][    C0] Call Trace:
[ 2032.632719][    C0]  <IRQ>
[ 2032.632768][    C0]  rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 2032.632862][    C0]  fib_nh_common_release+0xe6/0x2d0
[ 2032.632953][    C0]  free_fib_info_rcu+0x159/0x3b0
[ 2032.633045][    C0]  ? rcu_do_batch+0x289/0xfe0
[ 2032.633139][    C0]  rcu_do_batch+0x28b/0xfe0
[ 2032.633232][    C0]  ? trace_rcu_batch_end+0x270/0x270
[ 2032.633325][    C0]  ? trace_irq_enable.constprop.0+0xce/0x100
[ 2032.633440][    C0]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2032.633561][    C0]  ? lockdep_hardirqs_on+0x84/0x130
[ 2032.633653][    C0]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 2032.633769][    C0]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 2032.633885][    C0]  rcu_core+0x2b4/0x5f0
[ 2032.633958][    C0]  handle_softirqs+0x1d7/0x840
[ 2032.634050][    C0]  ? tasklet_unlock_wait+0x60/0x60
[ 2032.634144][    C0]  irq_exit_rcu+0xa2/0xf0
[ 2032.634213][    C0]  sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2032.634310][    C0]  </IRQ>
[ 2032.634358][    C0]  <TASK>
[ 2032.634405][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2032.634518][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2032.634618][    C0] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 <c3> 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2032.634946][    C0] RSP: 0018:ffffffff86007e00 EFLAGS: 00000282
[ 2032.635064][    C0] RAX: 00000000051609d3 RBX: ffffffff86032580 RCX: ffffffff82a84c3f
[ 2032.635204][    C0] RDX: ffffffff86032580 RSI: ffffffff8580ff1e RDI: ffffffff85269f80
[ 2032.635346][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 2032.635486][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffffffff0c00fc3
[ 2032.635633][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000014770
[ 2032.635771][    C0]  ? cpuidle_idle_call+0x21f/0x340
[ 2032.635865][    C0]  default_idle+0x9/0x10
[ 2032.635935][    C0]  default_idle_call+0x6c/0xa0
[ 2032.636027][    C0]  cpuidle_idle_call+0x21f/0x340
[ 2032.636118][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[ 2032.636210][    C0]  ? mark_tsc_async_resets+0x30/0x30
[ 2032.636306][    C0]  ? trace_sched_exit_tp+0x2e/0x100
[ 2032.636398][    C0]  do_idle+0xd9/0x130
[ 2032.636468][    C0]  cpu_startup_entry+0x53/0x70
[ 2032.636564][    C0]  rest_init+0x1f7/0x200
[ 2032.636633][    C0]  start_kernel+0x3aa/0x3b0
[ 2032.636726][    C0]  x86_64_start_reservations+0x24/0x30
[ 2032.636819][    C0]  x86_64_start_kernel+0x122/0x130
[ 2032.636913][    C0]  common_startup_64+0x13e/0x148
[ 2032.637006][    C0]  </TASK>
[ 2032.637075][    C0] Modules linked in: act_mirred ip6_gre gre xt_length act_ct nf_flow_table nft_chain_nat xt_nat cls_matchall act_gact sch_ingress xfrm_user openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh geneve vxlan act_csum act_pedit cls_flower sch_prio ipt_REJECT nf_reject_ipv4 nft_compat nf_tables
[ 2032.637582][    C0] ---[ end trace 0000000000000000 ]---
[ 2032.637678][    C0] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2032.637773][    C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2032.638094][    C0] RSP: 0018:ffa0000000007d10 EFLAGS: 00010213
[ 2032.638215][    C0] RAX: 05c401ac0000000c RBX: ff110000059e61c0 RCX: 00b8803580000008
[ 2032.638364][    C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05c401ac00000044
[ 2032.638504][    C0] RBP: ff11000012cd1c10 R08: 0000000000000008 R09: fffffbfff0ecc2c4
[ 2032.638647][    C0] R10: fffffbfff0ecc2c5 R11: 0000000000000000 R12: 1fe22000022a22cd
[ 2032.638787][    C0] R13: 0000000000000002 R14: 0000000000000001 R15: ff11000011511670
[ 2032.638927][    C0] FS:  0000000000000000(0000) GS:ff110000e4c0b000(0000) knlGS:0000000000000000
[ 2032.639092][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2032.639209][    C0] CR2: 00007f38f2f7aff0 CR3: 0000000057348003 CR4: 0000000000771ef0
[ 2032.639353][    C0] PKRU: 55555554
[ 2032.639424][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 2032.639718][    C0] Kernel Offset: 0x1200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2032.639932][    C0] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr