[ 8.728358][ T209] ==================================================================
[ 8.728516][ T209] BUG: KASAN: slab-use-after-free in ip6_pol_route+0x78c/0x9c0
[ 8.728643][ T209] Read of size 4 at addr ff11000004e067d8 by task cmsg_sender/209
[ 8.728758][ T209]
[ 8.728800][ T209] CPU: 0 UID: 0 PID: 209 Comm: cmsg_sender Not tainted 7.0.0-virtme #1 PREEMPT(full)
[ 8.728803][ T209] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 8.728805][ T209] Call Trace:
[ 8.728806][ T209]
[ 8.728808][ T209] dump_stack_lvl+0x6f/0xa0
[ 8.728814][ T209] print_address_description.constprop.0+0x73/0x300
[ 8.728819][ T209] print_report+0xfc/0x1fa
[ 8.728821][ T209] ? __virt_addr_valid+0x102/0x440
[ 8.728824][ T209] ? __virt_addr_valid+0x1da/0x440
[ 8.728826][ T209] kasan_report+0x108/0x130
[ 8.728830][ T209] ? ip6_pol_route+0x78c/0x9c0
[ 8.728832][ T209] ? ip6_pol_route+0x78c/0x9c0
[ 8.728834][ T209] ip6_pol_route+0x78c/0x9c0
[ 8.728835][ T209] ? mark_usage+0x61/0x170
[ 8.728839][ T209] ? ip6_pol_route_lookup+0x660/0x660
[ 8.728841][ T209] ? mark_usage+0x61/0x170
[ 8.728843][ T209] ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[ 8.728846][ T209] ? rcu_read_lock_any_held+0x3c/0x90
[ 8.728848][ T209] ? validate_chain+0x38b/0xc20
[ 8.728850][ T209] ? ip6_pol_route_input+0xa0/0xa0
[ 8.728852][ T209] fib6_rule_lookup+0x40d/0x5b0
[ 8.728855][ T209] ? mark_usage+0x61/0x170
[ 8.728857][ T209] ? fib6_lookup+0x2f0/0x2f0
[ 8.728860][ T209] ? lock_acquire.part.0+0xbc/0x260
[ 8.728861][ T209] ? ip6_route_output_flags+0x36/0x4a0
[ 8.728863][ T209] ? rcu_is_watching+0x15/0xd0
[ 8.728865][ T209] ? lock_acquire+0x134/0x160
[ 8.728867][ T209] ip6_route_output_flags+0x160/0x4a0
[ 8.728869][ T209] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 8.728871][ T209] ? lock_acquire.part.0+0xbc/0x260
[ 8.728874][ T209] ip6_dst_lookup_flow+0xf9/0x260
[ 8.728875][ T209] ? ip6_dst_lookup_tail.constprop.0+0x860/0x860
[ 8.728877][ T209] ? sk_dst_check+0x2af/0x400
[ 8.728881][ T209] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 8.728883][ T209] ping_v6_sendmsg+0x997/0x1330
[ 8.728886][ T209] ? validate_chain+0x38b/0xc20
[ 8.728888][ T209] ? l3mdev_master_ifindex_by_index+0x120/0x120
[ 8.728891][ T209] ? release_sock+0x21/0x240
[ 8.728892][ T209] ? reacquire_held_locks+0xdc/0x210
[ 8.728894][ T209] ? release_sock+0x21/0x240
[ 8.728895][ T209] ? lock_acquire.part.0+0xbc/0x260
[ 8.728898][ T209] ? __lock_release.isra.0+0x6b/0x1a0
[ 8.728901][ T209] ? inet_autobind+0x110/0x170
[ 8.728903][ T209] ? inet_send_prepare+0x1e6/0x440
[ 8.728905][ T209] ____sys_sendmsg+0x419/0x850
[ 8.728907][ T209] ? copy_msghdr_from_user+0x2a0/0x460
[ 8.728909][ T209] ? get_timestamp.constprop.0+0x390/0x390
[ 8.728910][ T209] ? move_addr_to_kernel+0x40/0x40
[ 8.728912][ T209] ? mark_usage+0x61/0x170
[ 8.728915][ T209] ___sys_sendmsg+0x14e/0x1d0
[ 8.728916][ T209] ? copy_msghdr_from_user+0x460/0x460
[ 8.728918][ T209] ? insert_pfn+0x4b0/0x4b0
[ 8.728922][ T209] ? rcu_read_unlock+0x1b/0x70
[ 8.728924][ T209] ? do_pte_missing+0x54c/0xcf0
[ 8.728928][ T209] __sys_sendmsg+0x145/0x1f0
[ 8.728930][ T209] ? __sys_sendmsg_sock+0x20/0x20
[ 8.728931][ T209] ? down_write_nested+0x200/0x200
[ 8.728933][ T209] ? __lock_release.isra.0+0x6b/0x1a0
[ 8.728936][ T209] ? do_user_addr_fault+0x325/0xe30
[ 8.728938][ T209] ? rcu_is_watching+0x15/0xd0
[ 8.728939][ T209] ? rcu_is_watching+0x15/0xd0
[ 8.728940][ T209] do_syscall_64+0x117/0xfc0
[ 8.728943][ T209] ? trace_hardirqs_off+0xd/0x30
[ 8.728946][ T209] ? exc_page_fault+0xee/0x100
[ 8.728949][ T209] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 8.728951][ T209] RIP: 0033:0x7f699fa7322e
[ 8.728953][ T209] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 8.728955][ T209] RSP: 002b:00007ffe19c8b110 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 8.728959][ T209] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f699fa7322e
[ 8.728961][ T209] RDX: 0000000000000000 RSI: 00007ffe19c8b1e0 RDI: 0000000000000005
[ 8.728962][ T209] RBP: 00007ffe19c8b120 R08: 0000000000000000 R09: 0000000000000000
[ 8.728963][ T209] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000005
[ 8.728963][ T209] R13: 00000000245ff010 R14: 00007f699fc45000 R15: 0000000000404e00
[ 8.728966][ T209]
[ 8.728967][ T209]
[ 8.735096][ T209] Allocated by task 207:
[ 8.735156][ T209] kasan_save_stack+0x2f/0x50
[ 8.735235][ T209] kasan_save_track+0x14/0x30
[ 8.735312][ T209] __kasan_slab_alloc+0x60/0x70
[ 8.735389][ T209] kmem_cache_alloc_noprof+0x221/0x5f0
[ 8.735465][ T209] dst_alloc+0x79/0x160
[ 8.735524][ T209] ip6_rt_pcpu_alloc+0x21d/0x670
[ 8.735608][ T209] ip6_pol_route+0x634/0x9c0
[ 8.735684][ T209] fib6_rule_lookup+0x40d/0x5b0
[ 8.735760][ T209] ip6_route_output_flags+0x160/0x4a0
[ 8.735835][ T209] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 8.735930][ T209] ip6_dst_lookup_flow+0xf9/0x260
[ 8.736005][ T209] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 8.736085][ T209] udpv6_sendmsg+0x154e/0x2a00
[ 8.736161][ T209] ____sys_sendmsg+0x419/0x850
[ 8.736241][ T209] ___sys_sendmsg+0x14e/0x1d0
[ 8.736317][ T209] __sys_sendmsg+0x145/0x1f0
[ 8.736393][ T209] do_syscall_64+0x117/0xfc0
[ 8.736469][ T209] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 8.736563][ T209]
[ 8.736604][ T209] Freed by task 0:
[ 8.736662][ T209] kasan_save_stack+0x2f/0x50
[ 8.736739][ T209] kasan_save_track+0x14/0x30
[ 8.736815][ T209] kasan_save_free_info+0x3b/0x60
[ 8.736891][ T209] __kasan_slab_free+0x43/0x70
[ 8.736967][ T209] kmem_cache_free+0xf6/0x560
[ 8.737043][ T209] dst_destroy+0x239/0x360
[ 8.737124][ T209] rcu_do_batch+0x2b6/0x1010
[ 8.737200][ T209] rcu_core+0x2b7/0x630
[ 8.737258][ T209] handle_softirqs+0x1d8/0x930
[ 8.737336][ T209] __irq_exit_rcu+0x103/0x1c0
[ 8.737413][ T209] irq_exit_rcu+0xe/0x30
[ 8.737471][ T209] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 8.737548][ T209] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 8.737644][ T209]
[ 8.737684][ T209] Last potentially related work creation:
[ 8.737761][ T209] kasan_save_stack+0x2f/0x50
[ 8.737840][ T209] kasan_record_aux_stack+0x9b/0xc0
[ 8.737916][ T209] __call_rcu_common.constprop.0+0xb2/0xa10
[ 8.738014][ T209] udpv6_sendmsg+0x2065/0x2a00
[ 8.738093][ T209] ____sys_sendmsg+0x419/0x850
[ 8.738169][ T209] ___sys_sendmsg+0x14e/0x1d0
[ 8.738246][ T209] __sys_sendmsg+0x145/0x1f0
[ 8.738332][ T209] do_syscall_64+0x117/0xfc0
[ 8.738408][ T209] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 8.738503][ T209]
[ 8.738543][ T209] The buggy address belongs to the object at ff11000004e06740
[ 8.738543][ T209] which belongs to the cache ip6_dst_cache of size 232
[ 8.738747][ T209] The buggy address is located 152 bytes inside of
[ 8.738747][ T209] freed 232-byte region [ff11000004e06740, ff11000004e06828)
[ 8.738936][ T209]
[ 8.738981][ T209] The buggy address belongs to the physical page:
[ 8.739077][ T209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000004e06900 pfn:0x4e06
[ 8.739231][ T209] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 8.739348][ T209] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 8.739497][ T209] page_type: f5(slab)
[ 8.739558][ T209] raw: 0080000000000240 ff11000008ee0040 ff11000005f63208 ff11000005f63208
[ 8.739695][ T209] raw: ff11000004e06900 0000000000120005 00000000f5000000 0000000000000000
[ 8.739830][ T209] head: 0080000000000240 ff11000008ee0040 ff11000005f63208 ff11000005f63208
[ 8.739965][ T209] head: ff11000004e06900 0000000000120005 00000000f5000000 0000000000000000
[ 8.740100][ T209] head: 0080000000000001 ffd4000000138181 00000000ffffffff 00000000ffffffff
[ 8.740282][ T209] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 8.740416][ T209] page dumped because: kasan: bad access detected
[ 8.740551][ T209]
[ 8.740590][ T209] Memory state around the buggy address:
[ 8.740666][ T209] ff11000004e06680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 8.740779][ T209] ff11000004e06700: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 8.740928][ T209] >ff11000004e06780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 8.741038][ T209] ^
[ 8.741136][ T209] ff11000004e06800: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 8.741285][ T209] ff11000004e06880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 8.741395][ T209] ==================================================================
[ 8.741553][ T209] Disabling lock debugging due to kernel taint
[ 12.996453][ T453] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d8e: 0000 [#1] SMP KASAN
[ 12.996665][ T453] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6c70-0x6b6b6b6b6b6b6c77]
[ 12.996804][ T453] CPU: 0 UID: 0 PID: 453 Comm: cmsg_sender Tainted: G B 7.0.0-virtme #1 PREEMPT(full)
[ 12.996964][ T453] Tainted: [B]=BAD_PAGE
[ 12.997025][ T453] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 12.997124][ T453] RIP: 0010:ip6_pol_route+0x529/0x9c0
[ 12.997212][ T453] Code: 80 3c 02 00 0f 85 80 04 00 00 4c 8b 3b e8 7f 4e 40 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf 08 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4c 04 00 00 49 8b 97 08 01 00 00 be 04 00 00 00
[ 12.997491][ T453] RSP: 0018:ffa00000013c7388 EFLAGS: 00010216
[ 12.997593][ T453] RAX: dffffc0000000000 RBX: ff11000004e06740 RCX: ffffffff9034dee1
[ 12.997719][ T453] RDX: 0d6d6d6d6d6d6d8e RSI: 0000000000000008 RDI: 6b6b6b6b6b6b6c73
[ 12.997837][ T453] RBP: 1ff4000000278e74 R08: 0000000000000000 R09: 0000000000000000
[ 12.997950][ T453] R10: 0000000000000000 R11: ff1100000a3e94c0 R12: ff1100000fb50040
[ 12.998065][ T453] R13: 000000006b6b6b6b R14: 0000000000000080 R15: 6b6b6b6b6b6b6b6b
[ 12.998181][ T453] FS: 00007f39e6fc1740(0000) GS:ff110000d92cc000(0000) knlGS:0000000000000000
[ 12.998316][ T453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 12.998418][ T453] CR2: 00007f39e71c9000 CR3: 000000000f163006 CR4: 0000000000771ef0
[ 12.998533][ T453] PKRU: 55555554
[ 12.998592][ T453] Call Trace:
[ 12.998651][ T453]
[ 12.998692][ T453] ? ip6_pol_route_lookup+0x660/0x660
[ 12.998777][ T453] ? unwind_next_frame+0x69b/0x1ea0
[ 12.998860][ T453] ? lock_acquire+0x134/0x160
[ 12.998942][ T453] ? rcu_is_watching+0x15/0xd0
[ 12.999019][ T453] ? lock_release+0x17c/0x1f0
[ 12.999098][ T453] ? ip6_pol_route_input+0xa0/0xa0
[ 12.999174][ T453] __fib6_rule_action+0x2c2/0x710
[ 12.999260][ T453] fib_rules_lookup+0x869/0xc80
[ 12.999341][ T453] ? fib_nl_dumprule+0x810/0x810
[ 12.999418][ T453] ? rcu_is_watching+0x15/0xd0
[ 12.999498][ T453] ? lock_release+0x17c/0x1f0
[ 12.999573][ T453] ? ip6_pol_route_input+0xa0/0xa0
[ 12.999653][ T453] fib6_rule_lookup+0x35a/0x5b0
[ 12.999728][ T453] ? rcu_is_watching+0x15/0xd0
[ 12.999804][ T453] ? fib6_lookup+0x2f0/0x2f0
[ 12.999885][ T453] ? rcu_is_watching+0x15/0xd0
[ 12.999965][ T453] ? lock_acquire+0x134/0x160
[ 13.000046][ T453] ? rcu_is_watching+0x15/0xd0
[ 13.000124][ T453] ? ip6_pol_route_input+0xa0/0xa0
[ 13.000201][ T453] ? rcu_is_watching+0x15/0xd0
[ 13.000284][ T453] ? lock_acquire+0x134/0x160
[ 13.000360][ T453] ? lock_release+0x17c/0x1f0
[ 13.000440][ T453] ip6_route_output_flags+0x160/0x4a0
[ 13.000516][ T453] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 13.000616][ T453] ? rcu_is_watching+0x15/0xd0
[ 13.000691][ T453] ? lock_release+0x17c/0x1f0
[ 13.000769][ T453] ip6_dst_lookup_flow+0xf9/0x260
[ 13.000845][ T453] ? ip6_dst_lookup_tail.constprop.0+0x860/0x860
[ 13.000942][ T453] ? lock_release+0x17c/0x1f0
[ 13.001023][ T453] ? sk_dst_check+0x4e/0x400
[ 13.001108][ T453] ? sk_dst_check+0x2af/0x400
[ 13.001189][ T453] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 13.001266][ T453] udpv6_sendmsg+0x154e/0x2a00
[ 13.001346][ T453] ? lock_acquire+0x134/0x160
[ 13.001422][ T453] ? udpv6_splice_eof+0x1a0/0x1a0
[ 13.001500][ T453] ? trace_hardirqs_on+0x36/0x40
[ 13.001581][ T453] ? __local_bh_enable_ip+0xa5/0x140
[ 13.001665][ T453] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 13.001765][ T453] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 13.001860][ T453] ? trace_hardirqs_on+0x36/0x40
[ 13.001940][ T453] ? __local_bh_enable_ip+0xa5/0x140
[ 13.002021][ T453] ? inet_autobind+0x110/0x170
[ 13.002100][ T453] ? ____sys_sendmsg+0x419/0x850
[ 13.002179][ T453] ____sys_sendmsg+0x419/0x850
[ 13.002258][ T453] ? copy_msghdr_from_user+0x2a0/0x460
[ 13.002339][ T453] ? get_timestamp.constprop.0+0x390/0x390
[ 13.002439][ T453] ? move_addr_to_kernel+0x40/0x40
[ 13.002520][ T453] ___sys_sendmsg+0x14e/0x1d0
[ 13.002596][ T453] ? copy_msghdr_from_user+0x460/0x460
[ 13.002671][ T453] ? insert_pfn+0x4b0/0x4b0
[ 13.002748][ T453] ? lock_release+0x17c/0x1f0
[ 13.002824][ T453] ? do_pte_missing+0x54c/0xcf0
[ 13.002903][ T453] ? lock_release+0x17c/0x1f0
[ 13.002985][ T453] __sys_sendmsg+0x145/0x1f0
[ 13.003065][ T453] ? __sys_sendmsg_sock+0x20/0x20
[ 13.003144][ T453] ? down_write_nested+0x200/0x200
[ 13.003225][ T453] ? do_user_addr_fault+0x325/0xe30
[ 13.003306][ T453] ? rcu_is_watching+0x15/0xd0
[ 13.003385][ T453] ? rcu_is_watching+0x15/0xd0
[ 13.003464][ T453] do_syscall_64+0x117/0xfc0
[ 13.003545][ T453] ? trace_hardirqs_off+0xd/0x30
[ 13.003624][ T453] ? exc_page_fault+0xee/0x100
[ 13.003707][ T453] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 13.003802][ T453] RIP: 0033:0x7f39e703422e
[ 13.003883][ T453] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 13.004160][ T453] RSP: 002b:00007ffddc182740 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 13.004275][ T453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f39e703422e
[ 13.004394][ T453] RDX: 0000000000000000 RSI: 00007ffddc182810 RDI: 0000000000000005
[ 13.004513][ T453] RBP: 00007ffddc182750 R08: 0000000000000000 R09: 0000000000000000
[ 13.004633][ T453] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000005
[ 13.004754][ T453] R13: 000000002fed8010 R14: 00007f39e7206000 R15: 0000000000404e00
[ 13.004869][ T453]
[ 13.004930][ T453] Modules linked in:
[ 13.004997][ T453] ---[ end trace 0000000000000000 ]---
[ 13.005076][ T453] RIP: 0010:ip6_pol_route+0x529/0x9c0
[ 13.005160][ T453] Code: 80 3c 02 00 0f 85 80 04 00 00 4c 8b 3b e8 7f 4e 40 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf 08 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4c 04 00 00 49 8b 97 08 01 00 00 be 04 00 00 00
[ 13.005423][ T453] RSP: 0018:ffa00000013c7388 EFLAGS: 00010216
[ 13.005526][ T453] RAX: dffffc0000000000 RBX: ff11000004e06740 RCX: ffffffff9034dee1
[ 13.005638][ T453] RDX: 0d6d6d6d6d6d6d8e RSI: 0000000000000008 RDI: 6b6b6b6b6b6b6c73
[ 13.005762][ T453] RBP: 1ff4000000278e74 R08: 0000000000000000 R09: 0000000000000000
[ 13.005875][ T453] R10: 0000000000000000 R11: ff1100000a3e94c0 R12: ff1100000fb50040
[ 13.005991][ T453] R13: 000000006b6b6b6b R14: 0000000000000080 R15: 6b6b6b6b6b6b6b6b
[ 13.006107][ T453] FS: 00007f39e6fc1740(0000) GS:ff110000d92cc000(0000) knlGS:0000000000000000
[ 13.006242][ T453] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 13.006336][ T453] CR2: 00007f39e71c9000 CR3: 000000000f163006 CR4: 0000000000771ef0
[ 13.006450][ T453] PKRU: 55555554
[ 13.006510][ T453] Kernel panic - not syncing: Fatal exception in interrupt
[ 13.006690][ T453] Kernel Offset: 0xc800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 13.006867][ T453] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr