[ 2110.397204][ T12] ==================================================================
[ 2110.397386][ T12] BUG: KASAN: slab-use-after-free in __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 2110.397552][ T12] Read of size 8 at addr ff1100001ddb0290 by task kworker/u16:0/12
[ 2110.397689][ T12]
[ 2110.397737][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 7.0.0-virtme #1 PREEMPT(full)
[ 2110.397740][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2110.397743][ T12] Workqueue: netns cleanup_net
[ 2110.397748][ T12] Call Trace:
[ 2110.397750][ T12]
[ 2110.397752][ T12] dump_stack_lvl+0x6f/0xa0
[ 2110.397758][ T12] print_address_description.constprop.0+0x73/0x300
[ 2110.397763][ T12] print_report+0xfc/0x1fa
[ 2110.397765][ T12] ? __virt_addr_valid+0x102/0x440
[ 2110.397769][ T12] ? __virt_addr_valid+0x1da/0x440
[ 2110.397771][ T12] kasan_report+0x108/0x130
[ 2110.397774][ T12] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 2110.397777][ T12] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 2110.397779][ T12] __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 2110.397781][ T12] fib6_purge_rt+0x649/0x9a0
[ 2110.397784][ T12] fib6_del_route+0x603/0x1190
[ 2110.397787][ T12] ? fib6_purge_rt+0x9a0/0x9a0
[ 2110.397789][ T12] ? ret_from_fork_asm+0x11/0x20
[ 2110.397792][ T12] fib6_del+0x219/0x310
[ 2110.397793][ T12] ? validate_chain+0x38b/0xc20
[ 2110.397797][ T12] fib6_clean_node+0x33b/0x580
[ 2110.397799][ T12] ? fib6_del+0x310/0x310
[ 2110.397801][ T12] ? lock_acquire.part.0+0xbc/0x260
[ 2110.397803][ T12] ? find_held_lock+0x2b/0x80
[ 2110.397806][ T12] fib6_walk_continue+0x2fe/0x630
[ 2110.397807][ T12] ? mark_held_locks+0x40/0x70
[ 2110.397809][ T12] ? fib6_ifup+0x220/0x220
[ 2110.397811][ T12] ? fib6_ifup+0x220/0x220
[ 2110.397812][ T12] fib6_walk+0x154/0x3d0
[ 2110.397814][ T12] ? __lock_acquire+0x508/0xc10
[ 2110.397816][ T12] fib6_clean_tree+0xf2/0x130
[ 2110.397818][ T12] ? fib6_walk+0x3d0/0x3d0
[ 2110.397820][ T12] ? fib6_del+0x310/0x310
[ 2110.397822][ T12] ? fib6_ifup+0x220/0x220
[ 2110.397824][ T12] ? fib6_ifup+0x220/0x220
[ 2110.397825][ T12] __fib6_clean_all+0xf5/0x290
[ 2110.397828][ T12] rt6_disable_ip+0x120/0x140
[ 2110.397829][ T12] ? rt6_sync_down_dev+0x120/0x120
[ 2110.397831][ T12] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2110.397833][ T12] ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 2110.397837][ T12] addrconf_ifdown.isra.0+0x103/0x15f0
[ 2110.397840][ T12] ? __timer_delete_sync+0xdb/0x130
[ 2110.397842][ T12] ? __timer_delete_sync+0xa2/0x130
[ 2110.397844][ T12] ? __neigh_ifdown.isra.0+0x648/0xa40
[ 2110.397847][ T12] ? addrconf_dad_run+0x1b0/0x1b0
[ 2110.397848][ T12] ? netkit_xmit+0x14c0/0x14c0
[ 2110.397852][ T12] addrconf_notify+0x2c8/0xf30
[ 2110.397854][ T12] ? team_port_get_rtnl+0x65/0xc0
[ 2110.397857][ T12] notifier_call_chain+0xb0/0x320
[ 2110.397861][ T12] netif_close_many+0x2c9/0x640
[ 2110.397863][ T12] ? rcu_is_watching+0x15/0xd0
[ 2110.397866][ T12] ? lock_acquire+0x134/0x160
[ 2110.397867][ T12] ? __dev_close_many+0x670/0x670
[ 2110.397869][ T12] ? netif_close_many_and_unlock+0x22/0x2c0
[ 2110.397870][ T12] ? __mutex_lock+0x9a6/0x2000
[ 2110.397873][ T12] unregister_netdevice_many_notify+0x716/0x1f20
[ 2110.397876][ T12] ? mutex_is_locked+0x1c/0x50
[ 2110.397877][ T12] ? rtnl_is_locked+0x15/0x20
[ 2110.397879][ T12] ? default_device_exit_net+0x78/0x7f0
[ 2110.397880][ T12] ? unregister_netdevice_queued+0x80/0x80
[ 2110.397883][ T12] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 2110.397886][ T12] default_device_exit_batch+0x38b/0x600
[ 2110.397888][ T12] ? unregister_netdev+0x60/0x60
[ 2110.397890][ T12] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 2110.397892][ T12] ? fou_exit_net+0x30/0x110
[ 2110.397895][ T12] ops_undo_list+0x2ce/0x8f0
[ 2110.397897][ T12] ? netns_install+0x2a0/0x2a0
[ 2110.397898][ T12] ? __lock_release.isra.0+0x6b/0x1a0
[ 2110.397901][ T12] cleanup_net+0x431/0x940
[ 2110.397903][ T12] ? net_passive_dec+0x1c0/0x1c0
[ 2110.397904][ T12] ? process_one_work+0xdb4/0x1410
[ 2110.397907][ T12] ? lock_acquire+0x134/0x160
[ 2110.397908][ T12] ? rcu_is_watching+0x15/0xd0
[ 2110.397910][ T12] process_one_work+0xdf5/0x1410
[ 2110.397913][ T12] ? pwq_dec_nr_in_flight+0x710/0x710
[ 2110.397914][ T12] ? lock_acquire.part.0+0xbc/0x260
[ 2110.397917][ T12] worker_thread+0x4f1/0xd60
[ 2110.397920][ T12] ? rescuer_thread+0x1320/0x1320
[ 2110.397922][ T12] kthread+0x364/0x460
[ 2110.397923][ T12] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2110.397926][ T12] ? kthread_affine_node+0x330/0x330
[ 2110.397928][ T12] ret_from_fork+0x474/0x6b0
[ 2110.397931][ T12] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 2110.397934][ T12] ? __switch_to+0x5a3/0xe00
[ 2110.397936][ T12] ? kthread_affine_node+0x330/0x330
[ 2110.397937][ T12] ret_from_fork_asm+0x11/0x20
[ 2110.397940][ T12]
[ 2110.397941][ T12]
[ 2110.406051][ T12] Allocated by task 26861:
[ 2110.406139][ T12] kasan_save_stack+0x2f/0x50
[ 2110.406231][ T12] kasan_save_track+0x14/0x30
[ 2110.406316][ T12] __kasan_slab_alloc+0x60/0x70
[ 2110.406400][ T12] kmem_cache_alloc_noprof+0x221/0x5f0
[ 2110.406487][ T12] dst_alloc+0x79/0x160
[ 2110.406552][ T12] ip6_rt_pcpu_alloc+0x21d/0x670
[ 2110.406638][ T12] ip6_pol_route+0x634/0x9c0
[ 2110.406724][ T12] fib6_rule_lookup+0x11a/0x5b0
[ 2110.406810][ T12] ip6_route_output_flags+0x160/0x4a0
[ 2110.406893][ T12] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 2110.407001][ T12] ip6_dst_lookup_flow+0xf9/0x260
[ 2110.407094][ T12] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 2110.407182][ T12] udpv6_sendmsg+0x154e/0x2a00
[ 2110.407267][ T12] ____sys_sendmsg+0x419/0x850
[ 2110.407352][ T12] ___sys_sendmsg+0x14e/0x1d0
[ 2110.407435][ T12] __sys_sendmsg+0x145/0x1f0
[ 2110.407519][ T12] do_syscall_64+0x117/0xfc0
[ 2110.407607][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2110.407714][ T12]
[ 2110.407758][ T12] Freed by task 0:
[ 2110.407824][ T12] kasan_save_stack+0x2f/0x50
[ 2110.407914][ T12] kasan_save_track+0x14/0x30
[ 2110.408001][ T12] kasan_save_free_info+0x3b/0x60
[ 2110.408092][ T12] __kasan_slab_free+0x43/0x70
[ 2110.408177][ T12] kmem_cache_free+0xf6/0x560
[ 2110.408261][ T12] dst_destroy+0x239/0x360
[ 2110.408350][ T12] rcu_do_batch+0x2b6/0x1010
[ 2110.408800][ T12] rcu_core+0x2b7/0x630
[ 2110.408863][ T12] handle_softirqs+0x1d8/0x930
[ 2110.408948][ T12] __irq_exit_rcu+0x103/0x1c0
[ 2110.409036][ T12] irq_exit_rcu+0xe/0x30
[ 2110.409105][ T12] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 2110.409190][ T12] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2110.409298][ T12]
[ 2110.409341][ T12] Last potentially related work creation:
[ 2110.409475][ T12] kasan_save_stack+0x2f/0x50
[ 2110.409567][ T12] kasan_record_aux_stack+0x9b/0xc0
[ 2110.409651][ T12] __call_rcu_common.constprop.0+0xb2/0xa10
[ 2110.409757][ T12] udpv6_sendmsg+0x2065/0x2a00
[ 2110.409890][ T12] ____sys_sendmsg+0x419/0x850
[ 2110.409980][ T12] ___sys_sendmsg+0x14e/0x1d0
[ 2110.410075][ T12] __sys_sendmsg+0x145/0x1f0
[ 2110.410162][ T12] do_syscall_64+0x117/0xfc0
[ 2110.410295][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2110.410400][ T12]
[ 2110.410444][ T12] The buggy address belongs to the object at ff1100001ddb0200
[ 2110.410444][ T12] which belongs to the cache ip6_dst_cache of size 232
[ 2110.410718][ T12] The buggy address is located 144 bytes inside of
[ 2110.410718][ T12] freed 232-byte region [ff1100001ddb0200, ff1100001ddb02e8)
[ 2110.410932][ T12]
[ 2110.410977][ T12] The buggy address belongs to the physical page:
[ 2110.411135][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100001ddb1700 pfn:0x1ddb0
[ 2110.411309][ T12] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2110.411489][ T12] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 2110.411601][ T12] page_type: f5(slab)
[ 2110.411670][ T12] raw: 0080000000000240 ff11000009028040 ffd40000006b5710 ff11000005f29208
[ 2110.411870][ T12] raw: ff1100001ddb1700 0000000000120001 00000000f5000000 0000000000000000
[ 2110.412025][ T12] head: 0080000000000240 ff11000009028040 ffd40000006b5710 ff11000005f29208
[ 2110.412177][ T12] head: ff1100001ddb1700 0000000000120001 00000000f5000000 0000000000000000
[ 2110.412379][ T12] head: 0080000000000001 ffd4000000776c01 00000000ffffffff 00000000ffffffff
[ 2110.412529][ T12] head: ff11000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2110.412681][ T12] page dumped because: kasan: bad access detected
[ 2110.412785][ T12]
[ 2110.412830][ T12] Memory state around the buggy address:
[ 2110.412915][ T12] ff1100001ddb0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2110.413046][ T12] ff1100001ddb0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2110.413169][ T12] >ff1100001ddb0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 2110.413292][ T12] ^
[ 2110.413377][ T12] ff1100001ddb0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2110.413502][ T12] ff1100001ddb0380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2110.413625][ T12] ==================================================================
[ 2110.413800][ T12] Disabling lock debugging due to kernel taint
[ 2110.417259][ C0] Oops: general protection fault, probably for non-canonical address 0xe0b3fc3540000007: 0000 [#1] SMP KASAN
[ 2110.417456][ C0] KASAN: maybe wild-memory-access in range [0x05a001aa00000038-0x05a001aa0000003f]
[ 2110.417587][ C0] CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B 7.0.0-virtme #1 PREEMPT(full)
[ 2110.417735][ C0] Tainted: [B]=BAD_PAGE
[ 2110.417794][ C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2110.417887][ C0] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2110.417972][ C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2110.418230][ C0] RSP: 0018:ffa00000000e7b70 EFLAGS: 00010212
[ 2110.418326][ C0] RAX: 05a001aa00000000 RBX: ff1100001ddb0200 RCX: 00b4003540000007
[ 2110.418444][ C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05a001aa00000038
[ 2110.418558][ C0] RBP: ff1100000c0e9730 R08: ffffffffb0d2c4fc R09: 1ffa3ffffff600a2
[ 2110.418666][ C0] R10: fffa3bfffff600a3 R11: fffa3bfffff600a3 R12: ff1100000fe08200
[ 2110.418778][ C0] R13: fffffbfff636684c R14: ff1100000fe082c8 R15: 0000000000000008
[ 2110.418891][ C0] FS: 0000000000000000(0000) GS:ff110000b88cc000(0000) knlGS:0000000000000000
[ 2110.419024][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2110.419117][ C0] CR2: 000055d25a498060 CR3: 000000005f54e002 CR4: 0000000000771ef0
[ 2110.419229][ C0] PKRU: 55555554
[ 2110.419296][ C0] Call Trace:
[ 2110.419354][ C0]
[ 2110.419395][ C0] fib6_nh_release_dsts.part.0+0xdf/0x170
[ 2110.419480][ C0] fib6_nh_release+0xe5/0x200
[ 2110.419559][ C0] ? rcu_is_watching+0x15/0xd0
[ 2110.419635][ C0] fib6_info_destroy_rcu+0x134/0x190
[ 2110.419710][ C0] ? rcu_do_batch+0x2b4/0x1010
[ 2110.419784][ C0] ? rcu_do_batch+0x397/0x1010
[ 2110.419859][ C0] rcu_do_batch+0x2b6/0x1010
[ 2110.419932][ C0] ? rcu_start_this_gp+0x261/0x480
[ 2110.420016][ C0] ? trace_rcu_batch_end+0x330/0x330
[ 2110.420092][ C0] ? trace_rcu_grace_period+0xcf/0x2c0
[ 2110.420166][ C0] ? rcu_is_watching+0x15/0xd0
[ 2110.420245][ C0] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2110.420343][ C0] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 2110.420437][ C0] rcu_core+0x2b7/0x630
[ 2110.420495][ C0] handle_softirqs+0x1d8/0x930
[ 2110.420575][ C0] ? find_held_lock+0x2b/0x80
[ 2110.420650][ C0] ? _local_bh_enable+0xd0/0xd0
[ 2110.420722][ C0] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 2110.420797][ C0] ? rcu_is_watching+0x15/0xd0
[ 2110.420872][ C0] ? rcu_is_watching+0x15/0xd0
[ 2110.420944][ C0] run_ksoftirqd+0x39/0x60
[ 2110.421022][ C0] smpboot_thread_fn+0x2fb/0x9b0
[ 2110.421096][ C0] ? sort_range+0x20/0x20
[ 2110.421151][ C0] kthread+0x364/0x460
[ 2110.421214][ C0] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2110.421310][ C0] ? kthread_affine_node+0x330/0x330
[ 2110.421383][ C0] ret_from_fork+0x474/0x6b0
[ 2110.421464][ C0] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 2110.421567][ C0] ? __switch_to+0x5a3/0xe00
[ 2110.421640][ C0] ? kthread_affine_node+0x330/0x330
[ 2110.421717][ C0] ret_from_fork_asm+0x11/0x20
[ 2110.421793][ C0]
[ 2110.421855][ C0] Modules linked in: cls_bpf netdevsim geneve xt_bpf xt_length cls_matchall act_gact cls_flower sch_ingress openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh ip6t_rpfilter nft_compat nf_tables vxlan mpls_gso mpls_iptunnel mpls_router
[ 2110.422232][ C0] ---[ end trace 0000000000000000 ]---
[ 2110.422308][ C0] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2110.422389][ C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2110.422646][ C0] RSP: 0018:ffa00000000e7b70 EFLAGS: 00010212
[ 2110.422738][ C0] RAX: 05a001aa00000000 RBX: ff1100001ddb0200 RCX: 00b4003540000007
[ 2110.422844][ C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 05a001aa00000038
[ 2110.422959][ C0] RBP: ff1100000c0e9730 R08: ffffffffb0d2c4fc R09: 1ffa3ffffff600a2
[ 2110.423079][ C0] R10: fffa3bfffff600a3 R11: fffa3bfffff600a3 R12: ff1100000fe08200
[ 2110.423186][ C0] R13: fffffbfff636684c R14: ff1100000fe082c8 R15: 0000000000000008
[ 2110.423297][ C0] FS: 0000000000000000(0000) GS:ff110000b88cc000(0000) knlGS:0000000000000000
[ 2110.423429][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2110.423523][ C0] CR2: 000055d25a498060 CR3: 000000005f54e002 CR4: 0000000000771ef0
[ 2110.423634][ C0] PKRU: 55555554
[ 2110.423690][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 2110.423875][ C0] Kernel Offset: 0x2d200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2110.424048][ C0] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr