[ 8.217170][ T188] ip (188) used greatest stack depth: 23880 bytes left
[ 8.935470][ T12] ==================================================================
[ 8.935624][ T12] BUG: KASAN: slab-use-after-free in __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 8.935783][ T12] Read of size 8 at addr ff1100000d70e0d0 by task kworker/u16:0/12
[ 8.935916][ T12]
[ 8.935966][ T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 7.0.0-virtme #1 PREEMPT(full)
[ 8.935969][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 8.935971][ T12] Workqueue: netns cleanup_net
[ 8.935977][ T12] Call Trace:
[ 8.935979][ T12]
[ 8.935980][ T12] dump_stack_lvl+0x6f/0xa0
[ 8.935986][ T12] print_address_description.constprop.0+0x73/0x300
[ 8.935991][ T12] print_report+0xfc/0x1fa
[ 8.935993][ T12] ? __virt_addr_valid+0x102/0x440
[ 8.935997][ T12] ? __virt_addr_valid+0x1da/0x440
[ 8.935999][ T12] kasan_report+0x108/0x130
[ 8.936002][ T12] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 8.936004][ T12] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 8.936007][ T12] __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 8.936009][ T12] fib6_purge_rt+0x649/0x9a0
[ 8.936011][ T12] fib6_del_route+0x603/0x1190
[ 8.936014][ T12] ? fib6_purge_rt+0x9a0/0x9a0
[ 8.936017][ T12] ? ret_from_fork_asm+0x11/0x20
[ 8.936019][ T12] fib6_del+0x219/0x310
[ 8.936021][ T12] ? validate_chain+0x38b/0xc20
[ 8.936025][ T12] fib6_clean_node+0x33b/0x580
[ 8.936027][ T12] ? fib6_del+0x310/0x310
[ 8.936029][ T12] ? lock_acquire.part.0+0xbc/0x260
[ 8.936031][ T12] ? find_held_lock+0x2b/0x80
[ 8.936033][ T12] fib6_walk_continue+0x2fe/0x630
[ 8.936035][ T12] ? mark_held_locks+0x40/0x70
[ 8.936037][ T12] ? fib6_ifup+0x220/0x220
[ 8.936038][ T12] ? fib6_ifup+0x220/0x220
[ 8.936040][ T12] fib6_walk+0x154/0x3d0
[ 8.936042][ T12] ? __lock_acquire+0x508/0xc10
[ 8.936044][ T12] fib6_clean_tree+0xf2/0x130
[ 8.936045][ T12] ? fib6_walk+0x3d0/0x3d0
[ 8.936048][ T12] ? fib6_del+0x310/0x310
[ 8.936049][ T12] ? fib6_ifup+0x220/0x220
[ 8.936051][ T12] ? fib6_ifup+0x220/0x220
[ 8.936053][ T12] __fib6_clean_all+0xf5/0x290
[ 8.936055][ T12] rt6_disable_ip+0x120/0x140
[ 8.936057][ T12] ? rt6_sync_down_dev+0x120/0x120
[ 8.936058][ T12] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 8.936060][ T12] ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 8.936064][ T12] addrconf_ifdown.isra.0+0x103/0x15f0
[ 8.936068][ T12] ? __timer_delete_sync+0xdb/0x130
[ 8.936070][ T12] ? __timer_delete_sync+0xa2/0x130
[ 8.936071][ T12] ? __neigh_ifdown.isra.0+0x648/0xa40
[ 8.936074][ T12] ? addrconf_dad_run+0x1b0/0x1b0
[ 8.936076][ T12] ? netkit_xmit+0x14c0/0x14c0
[ 8.936080][ T12] addrconf_notify+0x2c8/0xf30
[ 8.936082][ T12] ? team_port_get_rtnl+0x65/0xc0
[ 8.936085][ T12] notifier_call_chain+0xb0/0x320
[ 8.936088][ T12] netif_close_many+0x2c9/0x640
[ 8.936091][ T12] ? rcu_is_watching+0x15/0xd0
[ 8.936093][ T12] ? lock_acquire+0x134/0x160
[ 8.936095][ T12] ? __dev_close_many+0x670/0x670
[ 8.936097][ T12] ? netif_close_many_and_unlock+0x22/0x2c0
[ 8.936098][ T12] ? __mutex_lock+0x9a6/0x2000
[ 8.936101][ T12] unregister_netdevice_many_notify+0x716/0x1f20
[ 8.936104][ T12] ? mutex_is_locked+0x1c/0x50
[ 8.936105][ T12] ? rtnl_is_locked+0x15/0x20
[ 8.936107][ T12] ? default_device_exit_net+0x78/0x7f0
[ 8.936108][ T12] ? unregister_netdevice_queued+0x80/0x80
[ 8.936111][ T12] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 8.936114][ T12] default_device_exit_batch+0x38b/0x600
[ 8.936116][ T12] ? unregister_netdev+0x60/0x60
[ 8.936118][ T12] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 8.936119][ T12] ? fou_exit_net+0x30/0x110
[ 8.936122][ T12] ops_undo_list+0x2ce/0x8f0
[ 8.936124][ T12] ? netns_install+0x2a0/0x2a0
[ 8.936126][ T12] ? __lock_release.isra.0+0x6b/0x1a0
[ 8.936128][ T12] cleanup_net+0x431/0x940
[ 8.936130][ T12] ? net_passive_dec+0x1c0/0x1c0
[ 8.936131][ T12] ? process_one_work+0xdb4/0x1410
[ 8.936134][ T12] ? lock_acquire+0x134/0x160
[ 8.936136][ T12] ? rcu_is_watching+0x15/0xd0
[ 8.936138][ T12] process_one_work+0xdf5/0x1410
[ 8.936140][ T12] ? pwq_dec_nr_in_flight+0x710/0x710
[ 8.936142][ T12] ? lock_acquire.part.0+0xbc/0x260
[ 8.936145][ T12] worker_thread+0x4f1/0xd60
[ 8.936148][ T12] ? rescuer_thread+0x1320/0x1320
[ 8.936149][ T12] kthread+0x364/0x460
[ 8.936151][ T12] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 8.936154][ T12] ? kthread_affine_node+0x330/0x330
[ 8.936155][ T12] ret_from_fork+0x474/0x6b0
[ 8.936159][ T12] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 8.936161][ T12] ? __switch_to+0x5a3/0xe00
[ 8.936164][ T12] ? kthread_affine_node+0x330/0x330
[ 8.936165][ T12] ret_from_fork_asm+0x11/0x20
[ 8.936168][ T12]
[ 8.936169][ T12]
[ 8.943535][ T12] Allocated by task 207:
[ 8.943600][ T12] kasan_save_stack+0x2f/0x50
[ 8.943687][ T12] kasan_save_track+0x14/0x30
[ 8.943771][ T12] __kasan_slab_alloc+0x60/0x70
[ 8.943854][ T12] kmem_cache_alloc_noprof+0x221/0x5f0
[ 8.943938][ T12] dst_alloc+0x79/0x160
[ 8.944000][ T12] ip6_rt_pcpu_alloc+0x21d/0x670
[ 8.944083][ T12] ip6_pol_route+0x634/0x9c0
[ 8.944166][ T12] fib6_rule_lookup+0x11a/0x5b0
[ 8.944251][ T12] ip6_route_output_flags+0x160/0x4a0
[ 8.944335][ T12] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 8.944442][ T12] ip6_dst_lookup_flow+0xf9/0x260
[ 8.944525][ T12] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 8.944608][ T12] udpv6_sendmsg+0x154e/0x2a00
[ 8.944691][ T12] ____sys_sendmsg+0x419/0x850
[ 8.944775][ T12] ___sys_sendmsg+0x14e/0x1d0
[ 8.944857][ T12] __sys_sendmsg+0x145/0x1f0
[ 8.944941][ T12] do_syscall_64+0x117/0xfc0
[ 8.945024][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 8.945127][ T12]
[ 8.945169][ T12] Freed by task 0:
[ 8.945232][ T12] kasan_save_stack+0x2f/0x50
[ 8.945316][ T12] kasan_save_track+0x14/0x30
[ 8.945403][ T12] kasan_save_free_info+0x3b/0x60
[ 8.945489][ T12] __kasan_slab_free+0x43/0x70
[ 8.945573][ T12] kmem_cache_free+0xf6/0x560
[ 8.945657][ T12] dst_destroy+0x239/0x360
[ 8.945739][ T12] rcu_do_batch+0x2b6/0x1010
[ 8.945823][ T12] rcu_core+0x2b7/0x630
[ 8.945885][ T12] handle_softirqs+0x1d8/0x930
[ 8.945970][ T12] __irq_exit_rcu+0x103/0x1c0
[ 8.946052][ T12] irq_exit_rcu+0xe/0x30
[ 8.946116][ T12] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 8.946200][ T12] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 8.946303][ T12]
[ 8.946345][ T12] Last potentially related work creation:
[ 8.946431][ T12] kasan_save_stack+0x2f/0x50
[ 8.946517][ T12] kasan_record_aux_stack+0x9b/0xc0
[ 8.946600][ T12] __call_rcu_common.constprop.0+0xb2/0xa10
[ 8.946703][ T12] udpv6_sendmsg+0x2065/0x2a00
[ 8.946787][ T12] ____sys_sendmsg+0x419/0x850
[ 8.946871][ T12] ___sys_sendmsg+0x14e/0x1d0
[ 8.946954][ T12] __sys_sendmsg+0x145/0x1f0
[ 8.947037][ T12] do_syscall_64+0x117/0xfc0
[ 8.947120][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 8.947223][ T12]
[ 8.947265][ T12] The buggy address belongs to the object at ff1100000d70e040
[ 8.947265][ T12] which belongs to the cache ip6_dst_cache of size 232
[ 8.947495][ T12] The buggy address is located 144 bytes inside of
[ 8.947495][ T12] freed 232-byte region [ff1100000d70e040, ff1100000d70e128)
[ 8.947709][ T12]
[ 8.947752][ T12] The buggy address belongs to the physical page:
[ 8.947860][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000d70e200 pfn:0xd70e
[ 8.948033][ T12] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 8.948158][ T12] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 8.948264][ T12] page_type: f5(slab)
[ 8.948331][ T12] raw: 0080000000000240 ff1100000908a040 ff11000005feb208 ff11000005feb208
[ 8.948485][ T12] raw: ff1100000d70e200 0000000000120001 00000000f5000000 0000000000000000
[ 8.948633][ T12] head: 0080000000000240 ff1100000908a040 ff11000005feb208 ff11000005feb208
[ 8.948782][ T12] head: ff1100000d70e200 0000000000120001 00000000f5000000 0000000000000000
[ 8.948928][ T12] head: 0080000000000001 ffd400000035c381 00000000ffffffff 00000000ffffffff
[ 8.949080][ T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 8.949228][ T12] page dumped because: kasan: bad access detected
[ 8.949332][ T12]
[ 8.949374][ T12] Memory state around the buggy address:
[ 8.949461][ T12] ff1100000d70df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 8.949585][ T12] ff1100000d70e000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 8.949712][ T12] >ff1100000d70e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 8.949835][ T12] ^
[ 8.949941][ T12] ff1100000d70e100: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 8.950067][ T12] ff1100000d70e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 8.950193][ T12] ==================================================================
[ 8.950325][ T12] Disabling lock debugging due to kernel taint
[ 8.958560][ C1] Oops: general protection fault, probably for non-canonical address 0xe0cffc3440000007: 0000 [#1] SMP KASAN
[ 8.958756][ C1] KASAN: maybe wild-memory-access in range [0x068001a200000038-0x068001a20000003f]
[ 8.958890][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B 7.0.0-virtme #1 PREEMPT(full)
[ 8.959054][ C1] Tainted: [B]=BAD_PAGE
[ 8.959112][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 8.959214][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 8.959299][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 8.959587][ C1] RSP: 0018:ffa00000001d0d48 EFLAGS: 00010212
[ 8.959686][ C1] RAX: 068001a200000000 RBX: ff1100000d70e040 RCX: 00d0003440000007
[ 8.959800][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 068001a200000038
[ 8.959913][ C1] RBP: ff1100000264b5f8 R08: ffffffff84b2c4fc R09: 1ffa3ffffffb0bd0
[ 8.960027][ C1] R10: fffa3bfffffb0bd1 R11: fffa3bfffffb0bd1 R12: ff11000009a04400
[ 8.960140][ C1] R13: fffffbfff0b2684c R14: ff11000009a044c8 R15: 0000000000000007
[ 8.960255][ C1] FS: 0000000000000000(0000) GS:ff110000e4b4c000(0000) knlGS:0000000000000000
[ 8.960391][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.960489][ C1] CR2: 00007fef95060f98 CR3: 000000005854e004 CR4: 0000000000771ef0
[ 8.960607][ C1] PKRU: 55555554
[ 8.960666][ C1] Call Trace:
[ 8.960725][ C1]
[ 8.960765][ C1] fib6_nh_release_dsts.part.0+0xdf/0x170
[ 8.960844][ C1] fib6_nh_release+0xe5/0x200
[ 8.960924][ C1] ? rcu_is_watching+0x15/0xd0
[ 8.961005][ C1] fib6_info_destroy_rcu+0x134/0x190
[ 8.961082][ C1] ? rcu_do_batch+0x2b4/0x1010
[ 8.961158][ C1] ? rcu_do_batch+0x397/0x1010
[ 8.961234][ C1] rcu_do_batch+0x2b6/0x1010
[ 8.961311][ C1] ? trace_rcu_batch_end+0x330/0x330
[ 8.961393][ C1] ? rcu_is_watching+0x15/0xd0
[ 8.961484][ C1] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 8.961581][ C1] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 8.961675][ C1] rcu_core+0x2b7/0x630
[ 8.961734][ C1] handle_softirqs+0x1d8/0x930
[ 8.961815][ C1] ? clockevents_tick_resume+0x60/0x60
[ 8.961893][ C1] ? _local_bh_enable+0xd0/0xd0
[ 8.961974][ C1] ? rcu_is_watching+0x15/0xd0
[ 8.962049][ C1] ? lock_release+0x17c/0x1f0
[ 8.962128][ C1] __irq_exit_rcu+0x103/0x1c0
[ 8.962209][ C1] irq_exit_rcu+0xe/0x30
[ 8.962267][ C1] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 8.962345][ C1]
[ 8.962385][ C1]
[ 8.962423][ C1] ? rcu_is_watching+0x15/0xd0
[ 8.962502][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 8.962598][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 8.962683][ C1] Code: 48 8b 3d 54 63 60 02 e8 1f 00 00 00 48 2b 05 d8 21 9e 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 13 54 14 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 8.962963][ C1] RSP: 0018:ffa0000000147de8 EFLAGS: 00000246
[ 8.963061][ C1] RAX: 0000000000000001 RBX: ff11000001b9a340 RCX: 0000000000000001
[ 8.963176][ C1] RDX: 0000000000000001 RSI: ffffffff852719c0 RDI: ffffffff828df5db
[ 8.963291][ C1] RBP: 0000000000000000 R08: ffffffff84f534f1 R09: 1fe220000d81639a
[ 8.963413][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 1ff4000000028fc0
[ 8.963545][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 8.963661][ C1] ? ct_kernel_exit.constprop.0+0x101/0x160
[ 8.963755][ C1] ? cpuidle_idle_call.constprop.0+0x22b/0x400
[ 8.963857][ C1] default_idle+0x9/0x10
[ 8.963916][ C1] default_idle_call+0x6a/0xa0
[ 8.963991][ C1] cpuidle_idle_call.constprop.0+0x22b/0x400
[ 8.964087][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 8.964163][ C1] ? mark_tsc_async_resets+0x30/0x30
[ 8.964245][ C1] ? rcu_is_watching+0x15/0xd0
[ 8.964322][ C1] do_idle+0xed/0x150
[ 8.964380][ C1] cpu_startup_entry+0x53/0x70
[ 8.964461][ C1] start_secondary+0x204/0x2b0
[ 8.964539][ C1] ? set_cpu_sibling_map+0x1fa0/0x1fa0
[ 8.964617][ C1] common_startup_64+0x13e/0x148
[ 8.964694][ C1]
[ 8.964751][ C1] Modules linked in:
[ 8.964818][ C1] ---[ end trace 0000000000000000 ]---
[ 8.964898][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 8.964976][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 8.965243][ C1] RSP: 0018:ffa00000001d0d48 EFLAGS: 00010212
[ 8.965338][ C1] RAX: 068001a200000000 RBX: ff1100000d70e040 RCX: 00d0003440000007
[ 8.965458][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 068001a200000038
[ 8.965578][ C1] RBP: ff1100000264b5f8 R08: ffffffff84b2c4fc R09: 1ffa3ffffffb0bd0
[ 8.965690][ C1] R10: fffa3bfffffb0bd1 R11: fffa3bfffffb0bd1 R12: ff11000009a04400
[ 8.965803][ C1] R13: fffffbfff0b2684c R14: ff11000009a044c8 R15: 0000000000000007
[ 8.965922][ C1] FS: 0000000000000000(0000) GS:ff110000e4b4c000(0000) knlGS:0000000000000000
[ 8.966055][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.966149][ C1] CR2: 00007fef95060f98 CR3: 000000005854e004 CR4: 0000000000771ef0
[ 8.966267][ C1] PKRU: 55555554
[ 8.966326][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 8.966540][ C1] Kernel Offset: 0x1000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 8.966720][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr