[  860.620510][T11688] GACT probability NOT on
[  861.736810][    C1] ==================================================================
[  861.736984][    C1] BUG: KASAN: slab-use-after-free in dst_dev_put+0x298/0x300
[  861.737120][    C1] Read of size 8 at addr ff1100000d607cc0 by task ksoftirqd/1/22
[  861.737249][    C1] 
[  861.737297][    C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted 6.18.0-virtme #1 PREEMPT(full) 
[  861.737301][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  861.737302][    C1] Call Trace:
[  861.737304][    C1]  <TASK>
[  861.737306][    C1]  dump_stack_lvl+0x6f/0xa0
[  861.737312][    C1]  print_address_description.constprop.0+0x6e/0x300
[  861.737317][    C1]  print_report+0xfc/0x1fb
[  861.737318][    C1]  ? dst_dev_put+0x298/0x300
[  861.737320][    C1]  ? __virt_addr_valid+0x1da/0x430
[  861.737324][    C1]  ? dst_dev_put+0x298/0x300
[  861.737326][    C1]  kasan_report+0xe8/0x120
[  861.737329][    C1]  ? dst_dev_put+0x298/0x300
[  861.737332][    C1]  dst_dev_put+0x298/0x300
[  861.737334][    C1]  rt_fibinfo_free_cpus.part.0+0xc6/0x160
[  861.737337][    C1]  fib_nh_common_release+0xe6/0x2d0
[  861.737339][    C1]  free_fib_info_rcu+0x159/0x3b0
[  861.737341][    C1]  ? rcu_do_batch+0x289/0xfe0
[  861.737345][    C1]  rcu_do_batch+0x28b/0xfe0
[  861.737347][    C1]  ? rcu_start_this_gp+0x2f9/0x470
[  861.737350][    C1]  ? trace_rcu_batch_end+0x270/0x270
[  861.737352][    C1]  ? __lock_release.isra.0+0x59/0x170
[  861.737354][    C1]  ? rcu_is_watching+0x15/0xd0
[  861.737356][    C1]  ? trace_irq_enable.constprop.0+0xce/0x100
[  861.737359][    C1]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  861.737360][    C1]  ? lockdep_hardirqs_on+0x84/0x130
[  861.737365][    C1]  rcu_core+0x2b4/0x5f0
[  861.737366][    C1]  handle_softirqs+0x1d7/0x840
[  861.737370][    C1]  ? tasklet_unlock_wait+0x60/0x60
[  861.737372][    C1]  run_ksoftirqd+0x39/0x60
[  861.737373][    C1]  smpboot_thread_fn+0x2fb/0x9b0
[  861.737376][    C1]  ? sort_range+0x20/0x20
[  861.737378][    C1]  kthread+0x355/0x5b0
[  861.737380][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.737382][    C1]  ? __lock_release.isra.0+0x59/0x170
[  861.737383][    C1]  ? rcu_is_watching+0x15/0xd0
[  861.737385][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.737387][    C1]  ret_from_fork+0x3fb/0x510
[  861.737389][    C1]  ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[  861.737391][    C1]  ? __switch_to+0x602/0xd00
[  861.737394][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.737395][    C1]  ret_from_fork_asm+0x11/0x20
[  861.737400][    C1]  </TASK>
[  861.737401][    C1] 
[  861.740951][    C1] Allocated by task 11723:
[  861.741038][    C1]  kasan_save_stack+0x30/0x50
[  861.741126][    C1]  kasan_save_track+0x14/0x30
[  861.741209][    C1]  __kasan_slab_alloc+0x5f/0x70
[  861.741295][    C1]  kmem_cache_alloc_noprof+0x218/0x6e0
[  861.741384][    C1]  dst_alloc+0x79/0x160
[  861.741448][    C1]  rt_dst_alloc+0x35/0x3a0
[  861.741534][    C1]  __mkroute_output+0x456/0x1070
[  861.741633][    C1]  ip_route_output_key_hash+0xfa/0x220
[  861.741719][    C1]  ip_route_output_flow+0x21/0x150
[  861.741802][    C1]  udp_tunnel_dst_lookup+0x22e/0x380
[  861.741889][    C1]  vxlan_xmit_one+0x16ca/0x4230 [vxlan]
[  861.741981][    C1]  vxlan_xmit+0x8cb/0x11e0 [vxlan]
[  861.742074][    C1]  dev_hard_start_xmit+0xfc/0x540
[  861.742159][    C1]  __dev_queue_xmit+0x155e/0x1a10
[  861.742244][    C1]  packet_snd+0xf93/0x1980
[  861.742331][    C1]  __sys_sendto+0x265/0x390
[  861.742416][    C1]  __x64_sys_sendto+0xe4/0x1f0
[  861.742500][    C1]  do_syscall_64+0xbd/0xfc0
[  861.742593][    C1]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  861.742699][    C1] 
[  861.742743][    C1] Freed by task 12:
[  861.742807][    C1]  kasan_save_stack+0x30/0x50
[  861.742898][    C1]  kasan_save_track+0x14/0x30
[  861.742981][    C1]  __kasan_save_free_info+0x3b/0x60
[  861.743068][    C1]  __kasan_slab_free+0x43/0x70
[  861.743154][    C1]  kmem_cache_free+0xfe/0x5e0
[  861.743239][    C1]  dst_destroy+0x221/0x340
[  861.743326][    C1]  rcu_do_batch+0x28b/0xfe0
[  861.743412][    C1]  rcu_core+0x2b4/0x5f0
[  861.743479][    C1]  handle_softirqs+0x1d7/0x840
[  861.743570][    C1]  irq_exit_rcu+0xa2/0xf0
[  861.743634][    C1]  sysvec_apic_timer_interrupt+0xb1/0xf0
[  861.743722][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  861.743830][    C1] 
[  861.743875][    C1] Last potentially related work creation:
[  861.743962][    C1]  kasan_save_stack+0x30/0x50
[  861.744051][    C1]  kasan_record_aux_stack+0x8c/0xa0
[  861.744136][    C1]  __call_rcu_common.constprop.0+0xa6/0xa00
[  861.744247][    C1]  dst_cache_destroy+0xea/0x1d0
[  861.744332][    C1]  vxlan_fdb_free+0x109/0x1c0 [vxlan]
[  861.744419][    C1]  rcu_do_batch+0x28b/0xfe0
[  861.744511][    C1]  rcu_core+0x2b4/0x5f0
[  861.744587][    C1]  handle_softirqs+0x1d7/0x840
[  861.744672][    C1]  irq_exit_rcu+0xa2/0xf0
[  861.744736][    C1]  sysvec_apic_timer_interrupt+0xb1/0xf0
[  861.744820][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  861.744924][    C1] 
[  861.744969][    C1] The buggy address belongs to the object at ff1100000d607cc0
[  861.744969][    C1]  which belongs to the cache rtable of size 184
[  861.745177][    C1] The buggy address is located 0 bytes inside of
[  861.745177][    C1]  freed 184-byte region [ff1100000d607cc0, ff1100000d607d78)
[  861.745380][    C1] 
[  861.745424][    C1] The buggy address belongs to the physical page:
[  861.745529][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000d607240 pfn:0xd606
[  861.745717][    C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  861.745847][    C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  861.745972][    C1] page_type: f5(slab)
[  861.746048][    C1] raw: 0080000000000240 ff11000002a21c40 ffd4000000387510 ff11000002a8d5c8
[  861.746206][    C1] raw: ff1100000d607240 0000000000150003 00000000f5000000 0000000000000000
[  861.746362][    C1] head: 0080000000000240 ff11000002a21c40 ffd4000000387510 ff11000002a8d5c8
[  861.746517][    C1] head: ff1100000d607240 0000000000150003 00000000f5000000 0000000000000000
[  861.746676][    C1] head: 0080000000000001 ffd4000000358181 00000000ffffffff 00000000ffffffff
[  861.746828][    C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  861.746978][    C1] page dumped because: kasan: bad access detected
[  861.747083][    C1] 
[  861.747126][    C1] Memory state around the buggy address:
[  861.747209][    C1]  ff1100000d607b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[  861.747341][    C1]  ff1100000d607c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  861.747463][    C1] >ff1100000d607c80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  861.747593][    C1]                                            ^
[  861.747696][    C1]  ff1100000d607d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[  861.747818][    C1]  ff1100000d607d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  861.747941][    C1] ==================================================================
[  861.748075][    C1] Disabling lock debugging due to kernel taint
[  861.748195][    C1] Oops: general protection fault, probably for non-canonical address 0xe0b53c3580000008: 0000 [#1] SMP KASAN
[  861.748381][    C1] KASAN: maybe wild-memory-access in range [0x05aa01ac00000040-0x05aa01ac00000047]
[  861.748529][    C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Tainted: G    B               6.18.0-virtme #1 PREEMPT(full) 
[  861.748710][    C1] Tainted: [B]=BAD_PAGE
[  861.748779][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  861.748886][    C1] RIP: 0010:dst_dev_put+0x9f/0x300
[  861.748973][    C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[  861.749267][    C1] RSP: 0018:ffa0000000197ad8 EFLAGS: 00010213
[  861.749383][    C1] RAX: 05aa01ac0000000c RBX: ff1100000d607cc0 RCX: 00b5403580000008
[  861.749508][    C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05aa01ac00000044
[  861.749642][    C1] RBP: ff1100000d6073c0 R08: 0000000000000008 R09: fffffbfff64cc2c4
[  861.749775][    C1] R10: fffffbfff64cc2c5 R11: 0000000000000000 R12: 1fe2200001955dcd
[  861.749906][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000caaee70
[  861.750032][    C1] FS:  0000000000000000(0000) GS:ff110000b368b000(0000) knlGS:0000000000000000
[  861.750181][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  861.750286][    C1] CR2: 00007ffd33b24598 CR3: 000000007b548004 CR4: 0000000000771ef0
[  861.750412][    C1] PKRU: 55555554
[  861.750476][    C1] Call Trace:
[  861.750539][    C1]  <TASK>
[  861.750591][    C1]  rt_fibinfo_free_cpus.part.0+0xc6/0x160
[  861.750677][    C1]  fib_nh_common_release+0xe6/0x2d0
[  861.750760][    C1]  free_fib_info_rcu+0x159/0x3b0
[  861.750848][    C1]  ? rcu_do_batch+0x289/0xfe0
[  861.750932][    C1]  rcu_do_batch+0x28b/0xfe0
[  861.751015][    C1]  ? rcu_start_this_gp+0x2f9/0x470
[  861.751098][    C1]  ? trace_rcu_batch_end+0x270/0x270
[  861.751180][    C1]  ? __lock_release.isra.0+0x59/0x170
[  861.751263][    C1]  ? rcu_is_watching+0x15/0xd0
[  861.751344][    C1]  ? trace_irq_enable.constprop.0+0xce/0x100
[  861.751454][    C1]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  861.751554][    C1]  ? lockdep_hardirqs_on+0x84/0x130
[  861.751648][    C1]  rcu_core+0x2b4/0x5f0
[  861.751711][    C1]  handle_softirqs+0x1d7/0x840
[  861.751794][    C1]  ? tasklet_unlock_wait+0x60/0x60
[  861.751877][    C1]  run_ksoftirqd+0x39/0x60
[  861.751960][    C1]  smpboot_thread_fn+0x2fb/0x9b0
[  861.752044][    C1]  ? sort_range+0x20/0x20
[  861.752106][    C1]  kthread+0x355/0x5b0
[  861.752172][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.752254][    C1]  ? __lock_release.isra.0+0x59/0x170
[  861.752336][    C1]  ? rcu_is_watching+0x15/0xd0
[  861.752418][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.752504][    C1]  ret_from_fork+0x3fb/0x510
[  861.752598][    C1]  ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[  861.752709][    C1]  ? __switch_to+0x602/0xd00
[  861.752797][    C1]  ? kthread_is_per_cpu+0xe0/0xe0
[  861.752883][    C1]  ret_from_fork_asm+0x11/0x20
[  861.752969][    C1]  </TASK>
[  861.753034][    C1] Modules linked in: act_gact cls_flower sch_ingress vxlan ipt_REJECT nf_reject_ipv4 nft_compat nf_tables
[  861.753212][    C1] ---[ end trace 0000000000000000 ]---
[  861.753300][    C1] RIP: 0010:dst_dev_put+0x9f/0x300
[  861.753386][    C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[  861.753689][    C1] RSP: 0018:ffa0000000197ad8 EFLAGS: 00010213
[  861.753794][    C1] RAX: 05aa01ac0000000c RBX: ff1100000d607cc0 RCX: 00b5403580000008
[  861.753922][    C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05aa01ac00000044
[  861.754100][    C1] RBP: ff1100000d6073c0 R08: 0000000000000008 R09: fffffbfff64cc2c4
[  861.754234][    C1] R10: fffffbfff64cc2c5 R11: 0000000000000000 R12: 1fe2200001955dcd
[  861.754368][    C1] R13: 0000000000000000 R14: 0000000000000001 R15: ff1100000caaee70
[  861.754532][    C1] FS:  0000000000000000(0000) GS:ff110000b368b000(0000) knlGS:0000000000000000
[  861.754689][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  861.754792][    C1] CR2: 00007ffd33b24598 CR3: 000000007b548004 CR4: 0000000000771ef0
[  861.754962][    C1] PKRU: 55555554
[  861.755027][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  861.755245][    C1] Kernel Offset: 0x2c200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  861.755479][    C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr