[ 2118.447271][ C1] ==================================================================
[ 2118.447463][ C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x298/0x300
[ 2118.447601][ C1] Read of size 8 at addr ff11000013307b40 by task swapper/1/0
[ 2118.447736][ C1]
[ 2118.447784][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.18.0-virtme #1 PREEMPT(full)
[ 2118.447787][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2118.447789][ C1] Call Trace:
[ 2118.447790][ C1]
[ 2118.447792][ C1] dump_stack_lvl+0x6f/0xa0
[ 2118.447798][ C1] print_address_description.constprop.0+0x6e/0x300
[ 2118.447803][ C1] print_report+0xfc/0x1fb
[ 2118.447804][ C1] ? dst_dev_put+0x298/0x300
[ 2118.447806][ C1] ? __virt_addr_valid+0x1da/0x430
[ 2118.447810][ C1] ? dst_dev_put+0x298/0x300
[ 2118.447812][ C1] kasan_report+0xe8/0x120
[ 2118.447815][ C1] ? dst_dev_put+0x298/0x300
[ 2118.447818][ C1] dst_dev_put+0x298/0x300
[ 2118.447820][ C1] rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 2118.447823][ C1] fib_nh_common_release+0xe6/0x2d0
[ 2118.447825][ C1] free_fib_info_rcu+0x159/0x3b0
[ 2118.447827][ C1] ? rcu_do_batch+0x289/0xfe0
[ 2118.447831][ C1] rcu_do_batch+0x28b/0xfe0
[ 2118.447833][ C1] ? rcu_start_this_gp+0x2f9/0x470
[ 2118.447836][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 2118.447838][ C1] ? trace_irq_enable.constprop.0+0xce/0x100
[ 2118.447841][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2118.447843][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 2118.447847][ C1] ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 2118.447849][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 2118.447851][ C1] rcu_core+0x2b4/0x5f0
[ 2118.447853][ C1] handle_softirqs+0x1d7/0x840
[ 2118.447856][ C1] ? tasklet_unlock_wait+0x60/0x60
[ 2118.447858][ C1] ? do_raw_spin_unlock+0x59/0x250
[ 2118.447860][ C1] irq_exit_rcu+0xa2/0xf0
[ 2118.447861][ C1] sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2118.447863][ C1]
[ 2118.447864][ C1]
[ 2118.447865][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2118.447867][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2118.447870][ C1] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2118.447872][ C1] RSP: 0018:ffa0000000137de8 EFLAGS: 00000296
[ 2118.447875][ C1] RAX: 000000000420304b RBX: ff11000001ad8040 RCX: ffffffffac284c3f
[ 2118.447876][ C1] RDX: ff11000001ad8040 RSI: ffffffffaf00ff26 RDI: ffffffffaea69f80
[ 2118.447877][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 2118.447878][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 1ff4000000026fc0
[ 2118.447879][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 2118.447880][ C1] ? cpuidle_idle_call+0x21f/0x340
[ 2118.447883][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 2118.447885][ C1] default_idle+0x9/0x10
[ 2118.447886][ C1] default_idle_call+0x6c/0xa0
[ 2118.447888][ C1] cpuidle_idle_call+0x21f/0x340
[ 2118.447889][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 2118.447891][ C1] ? mark_tsc_async_resets+0x30/0x30
[ 2118.447893][ C1] ? trace_sched_exit_tp+0x2e/0x100
[ 2118.447896][ C1] do_idle+0xd9/0x130
[ 2118.447897][ C1] cpu_startup_entry+0x53/0x70
[ 2118.447899][ C1] start_secondary+0x200/0x2a0
[ 2118.447901][ C1] ? set_cpu_sibling_map+0x1d60/0x1d60
[ 2118.447903][ C1] common_startup_64+0x13e/0x148
[ 2118.447907][ C1]
[ 2118.447908][ C1]
[ 2118.453302][ C1] Allocated by task 5472:
[ 2118.453375][ C1] kasan_save_stack+0x30/0x50
[ 2118.453466][ C1] kasan_save_track+0x14/0x30
[ 2118.453554][ C1] __kasan_slab_alloc+0x5f/0x70
[ 2118.453643][ C1] kmem_cache_alloc_noprof+0x218/0x6e0
[ 2118.453734][ C1] dst_alloc+0x79/0x160
[ 2118.453802][ C1] rt_dst_alloc+0x35/0x3a0
[ 2118.453893][ C1] __mkroute_output+0x456/0x1070
[ 2118.453989][ C1] ip_route_output_key_hash+0xfa/0x220
[ 2118.454077][ C1] ip_route_output_flow+0x21/0x150
[ 2118.454168][ C1] udp_tunnel_dst_lookup+0x22e/0x380
[ 2118.454258][ C1] vxlan_xmit_one+0x16ca/0x4230 [vxlan]
[ 2118.454358][ C1] vxlan_xmit+0x8cb/0x11e0 [vxlan]
[ 2118.454452][ C1] dev_hard_start_xmit+0xfc/0x540
[ 2118.454539][ C1] __dev_queue_xmit+0x155e/0x1a10
[ 2118.454628][ C1] packet_snd+0xf93/0x1980
[ 2118.454717][ C1] __sys_sendto+0x265/0x390
[ 2118.454810][ C1] __x64_sys_sendto+0xe4/0x1f0
[ 2118.454897][ C1] do_syscall_64+0xbd/0xfc0
[ 2118.454988][ C1] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2118.455100][ C1]
[ 2118.455145][ C1] Freed by task 12:
[ 2118.455212][ C1] kasan_save_stack+0x30/0x50
[ 2118.455307][ C1] kasan_save_track+0x14/0x30
[ 2118.455398][ C1] __kasan_save_free_info+0x3b/0x60
[ 2118.455490][ C1] __kasan_slab_free+0x43/0x70
[ 2118.455584][ C1] kmem_cache_free+0xfe/0x5e0
[ 2118.455672][ C1] dst_destroy+0x221/0x340
[ 2118.455766][ C1] rcu_do_batch+0x28b/0xfe0
[ 2118.455854][ C1] rcu_core+0x2b4/0x5f0
[ 2118.455920][ C1] handle_softirqs+0x1d7/0x840
[ 2118.456009][ C1] irq_exit_rcu+0xa2/0xf0
[ 2118.456076][ C1] sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2118.456165][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2118.456275][ C1]
[ 2118.456321][ C1] Last potentially related work creation:
[ 2118.456413][ C1] kasan_save_stack+0x30/0x50
[ 2118.456504][ C1] kasan_record_aux_stack+0x8c/0xa0
[ 2118.456593][ C1] __call_rcu_common.constprop.0+0xa6/0xa00
[ 2118.456705][ C1] dst_cache_destroy+0xea/0x1d0
[ 2118.456794][ C1] vxlan_fdb_free+0x109/0x1c0 [vxlan]
[ 2118.456896][ C1] rcu_do_batch+0x28b/0xfe0
[ 2118.456991][ C1] rcu_core+0x2b4/0x5f0
[ 2118.457059][ C1] handle_softirqs+0x1d7/0x840
[ 2118.457147][ C1] irq_exit_rcu+0xa2/0xf0
[ 2118.457214][ C1] sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2118.457304][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2118.457417][ C1]
[ 2118.457465][ C1] The buggy address belongs to the object at ff11000013307b40
[ 2118.457465][ C1] which belongs to the cache rtable of size 184
[ 2118.457683][ C1] The buggy address is located 0 bytes inside of
[ 2118.457683][ C1] freed 184-byte region [ff11000013307b40, ff11000013307bf8)
[ 2118.457900][ C1]
[ 2118.457945][ C1] The buggy address belongs to the physical page:
[ 2118.458059][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff110000133067c0 pfn:0x13306
[ 2118.458243][ C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2118.458383][ C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 2118.458500][ C1] page_type: f5(slab)
[ 2118.458572][ C1] raw: 0080000000000240 ff1100000283dc40 ffd4000000564910 ff11000002a475c8
[ 2118.458734][ C1] raw: ff110000133067c0 0000000000150002 00000000f5000000 0000000000000000
[ 2118.458890][ C1] head: 0080000000000240 ff1100000283dc40 ffd4000000564910 ff11000002a475c8
[ 2118.459046][ C1] head: ff110000133067c0 0000000000150002 00000000f5000000 0000000000000000
[ 2118.459205][ C1] head: 0080000000000001 ffd40000004cc181 00000000ffffffff 00000000ffffffff
[ 2118.459362][ C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2118.459522][ C1] page dumped because: kasan: bad access detected
[ 2118.459636][ C1]
[ 2118.459681][ C1] Memory state around the buggy address:
[ 2118.459770][ C1] ff11000013307a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2118.459903][ C1] ff11000013307a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2118.460036][ C1] >ff11000013307b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2118.460171][ C1] ^
[ 2118.460283][ C1] ff11000013307b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2118.460419][ C1] ff11000013307c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2118.460552][ C1] ==================================================================
[ 2118.460744][ C1] Disabling lock debugging due to kernel taint
[ 2118.460881][ C1] Oops: general protection fault, probably for non-canonical address 0xe0fc3c3480000008: 0000 [#1] SMP KASAN
[ 2118.461075][ C1] KASAN: maybe wild-memory-access in range [0x07e201a400000040-0x07e201a400000047]
[ 2118.461227][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B 6.18.0-virtme #1 PREEMPT(full)
[ 2118.461407][ C1] Tainted: [B]=BAD_PAGE
[ 2118.461475][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2118.461583][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2118.461674][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2118.461983][ C1] RSP: 0018:ffa00000001c0d10 EFLAGS: 00010213
[ 2118.462095][ C1] RAX: 07e201a40000000c RBX: ff11000013307b40 RCX: 00fc403480000008
[ 2118.462229][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 07e201a400000044
[ 2118.462365][ C1] RBP: ff1100000c55bc10 R08: 0000000000000008 R09: fffffbfff61cc2c4
[ 2118.462495][ C1] R10: fffffbfff61cc2c5 R11: 0000000000000000 R12: 1fe22000017ff56d
[ 2118.462623][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000bffab70
[ 2118.462753][ C1] FS: 0000000000000000(0000) GS:ff110000bb48b000(0000) knlGS:0000000000000000
[ 2118.462907][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2118.463015][ C1] CR2: 00007ff4d09fe000 CR3: 000000005f948004 CR4: 0000000000771ef0
[ 2118.463144][ C1] PKRU: 55555554
[ 2118.463209][ C1] Call Trace:
[ 2118.463275][ C1]
[ 2118.463321][ C1] rt_fibinfo_free_cpus.part.0+0xc6/0x160
[ 2118.463414][ C1] fib_nh_common_release+0xe6/0x2d0
[ 2118.463502][ C1] free_fib_info_rcu+0x159/0x3b0
[ 2118.463587][ C1] ? rcu_do_batch+0x289/0xfe0
[ 2118.463674][ C1] rcu_do_batch+0x28b/0xfe0
[ 2118.463760][ C1] ? rcu_start_this_gp+0x2f9/0x470
[ 2118.463847][ C1] ? trace_rcu_batch_end+0x270/0x270
[ 2118.463933][ C1] ? trace_irq_enable.constprop.0+0xce/0x100
[ 2118.464041][ C1] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2118.464149][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 2118.464236][ C1] ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 2118.464342][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 2118.464456][ C1] rcu_core+0x2b4/0x5f0
[ 2118.464522][ C1] handle_softirqs+0x1d7/0x840
[ 2118.464609][ C1] ? tasklet_unlock_wait+0x60/0x60
[ 2118.464698][ C1] ? do_raw_spin_unlock+0x59/0x250
[ 2118.464787][ C1] irq_exit_rcu+0xa2/0xf0
[ 2118.464852][ C1] sysvec_apic_timer_interrupt+0xb1/0xf0
[ 2118.464938][ C1]
[ 2118.464984][ C1]
[ 2118.465028][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2118.465137][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2118.465228][ C1] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2118.465531][ C1] RSP: 0018:ffa0000000137de8 EFLAGS: 00000296
[ 2118.465641][ C1] RAX: 000000000420304b RBX: ff11000001ad8040 RCX: ffffffffac284c3f
[ 2118.465770][ C1] RDX: ff11000001ad8040 RSI: ffffffffaf00ff26 RDI: ffffffffaea69f80
[ 2118.465901][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 2118.466030][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 1ff4000000026fc0
[ 2118.466159][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 2118.466287][ C1] ? cpuidle_idle_call+0x21f/0x340
[ 2118.466382][ C1] ? lockdep_hardirqs_on+0x84/0x130
[ 2118.466473][ C1] default_idle+0x9/0x10
[ 2118.466539][ C1] default_idle_call+0x6c/0xa0
[ 2118.466625][ C1] cpuidle_idle_call+0x21f/0x340
[ 2118.466715][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 2118.466800][ C1] ? mark_tsc_async_resets+0x30/0x30
[ 2118.466890][ C1] ? trace_sched_exit_tp+0x2e/0x100
[ 2118.466979][ C1] do_idle+0xd9/0x130
[ 2118.467045][ C1] cpu_startup_entry+0x53/0x70
[ 2118.467129][ C1] start_secondary+0x200/0x2a0
[ 2118.467216][ C1] ? set_cpu_sibling_map+0x1d60/0x1d60
[ 2118.467303][ C1] common_startup_64+0x13e/0x148
[ 2118.467395][ C1]
[ 2118.467459][ C1] Modules linked in: cls_bpf sch_fq netdevsim act_gact sch_ingress bonding macsec ip6_gre ip_gre gre cls_u32 sch_htb xfrm_user openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh geneve vxlan act_csum act_pedit cls_flower sch_prio xt_HL nft_compat nf_tables amt [last unloaded: netdevsim]
[ 2118.467926][ C1] ---[ end trace 0000000000000000 ]---
[ 2118.468013][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2118.468102][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2118.468400][ C1] RSP: 0018:ffa00000001c0d10 EFLAGS: 00010213
[ 2118.468509][ C1] RAX: 07e201a40000000c RBX: ff11000013307b40 RCX: 00fc403480000008
[ 2118.468640][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 07e201a400000044
[ 2118.468776][ C1] RBP: ff1100000c55bc10 R08: 0000000000000008 R09: fffffbfff61cc2c4
[ 2118.468903][ C1] R10: fffffbfff61cc2c5 R11: 0000000000000000 R12: 1fe22000017ff56d
[ 2118.469030][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000bffab70
[ 2118.469163][ C1] FS: 0000000000000000(0000) GS:ff110000bb48b000(0000) knlGS:0000000000000000
[ 2118.469316][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2118.469430][ C1] CR2: 00007ff4d09fe000 CR3: 000000005f948004 CR4: 0000000000771ef0
[ 2118.469558][ C1] PKRU: 55555554
[ 2118.469622][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 2118.469890][ C1] Kernel Offset: 0x2aa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2118.470090][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr