[ 2327.170612][ C3] ==================================================================
[ 2327.170786][ C3] BUG: KASAN: slab-use-after-free in dst_dev_put+0x298/0x300
[ 2327.170921][ C3] Read of size 8 at addr ff1100000fa51540 by task swapper/3/0
[ 2327.171044][ C3]
[ 2327.171094][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 7.0.0-virtme #1 PREEMPT(full)
[ 2327.171097][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2327.171099][ C3] Call Trace:
[ 2327.171101][ C3]
[ 2327.171102][ C3] dump_stack_lvl+0x6f/0xa0
[ 2327.171109][ C3] print_address_description.constprop.0+0x73/0x300
[ 2327.171114][ C3] print_report+0xfc/0x1fa
[ 2327.171116][ C3] ? __virt_addr_valid+0x102/0x440
[ 2327.171119][ C3] ? __virt_addr_valid+0x1da/0x440
[ 2327.171121][ C3] kasan_report+0x108/0x130
[ 2327.171125][ C3] ? dst_dev_put+0x298/0x300
[ 2327.171127][ C3] ? dst_dev_put+0x298/0x300
[ 2327.171129][ C3] dst_dev_put+0x298/0x300
[ 2327.171130][ C3] fib6_nh_release_dsts.part.0+0xdf/0x170
[ 2327.171134][ C3] fib6_nh_release+0xe5/0x200
[ 2327.171136][ C3] fib6_info_destroy_rcu+0x134/0x190
[ 2327.171139][ C3] ? rcu_do_batch+0x2b4/0x1010
[ 2327.171142][ C3] ? rcu_do_batch+0x397/0x1010
[ 2327.171144][ C3] rcu_do_batch+0x2b6/0x1010
[ 2327.171146][ C3] ? trace_rcu_batch_end+0x330/0x330
[ 2327.171148][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.171150][ C3] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2327.171153][ C3] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 2327.171154][ C3] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2327.171157][ C3] ? lockdep_hardirqs_on+0x8c/0x130
[ 2327.171161][ C3] rcu_core+0x2b7/0x630
[ 2327.171163][ C3] handle_softirqs+0x1d8/0x930
[ 2327.171166][ C3] ? find_held_lock+0x2b/0x80
[ 2327.171169][ C3] ? __lock_release.isra.0+0x6b/0x1a0
[ 2327.171171][ C3] ? _local_bh_enable+0xd0/0xd0
[ 2327.171173][ C3] __irq_exit_rcu+0x103/0x1c0
[ 2327.171175][ C3] irq_exit_rcu+0xe/0x30
[ 2327.171178][ C3] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 2327.171180][ C3]
[ 2327.171180][ C3]
[ 2327.171181][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.171182][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2327.171185][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2327.171188][ C3] Code: 48 8b 3d 54 53 60 02 e8 1f 00 00 00 48 2b 05 d8 11 9e 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 13 44 14 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2327.171190][ C3] RSP: 0018:ffa0000000167de8 EFLAGS: 00000296
[ 2327.171193][ C3] RAX: 0000000003ff03cd RBX: ff11000001c78040 RCX: ffffffff972df5db
[ 2327.171195][ C3] RDX: ff11000001c78040 RSI: ffffffff9a29008a RDI: ffffffff99c71a40
[ 2327.171196][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2327.171196][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002cfc0
[ 2327.171197][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 2327.171199][ C3] ? cpuidle_idle_call.constprop.0+0x22b/0x400
[ 2327.171203][ C3] ? lockdep_hardirqs_on+0x8c/0x130
[ 2327.171204][ C3] default_idle+0x9/0x10
[ 2327.171206][ C3] default_idle_call+0x6a/0xa0
[ 2327.171207][ C3] cpuidle_idle_call.constprop.0+0x22b/0x400
[ 2327.171209][ C3] ? arch_cpu_idle_exit+0x40/0x40
[ 2327.171211][ C3] ? mark_tsc_async_resets+0x30/0x30
[ 2327.171214][ C3] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2327.171216][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.171217][ C3] do_idle+0xed/0x150
[ 2327.171219][ C3] cpu_startup_entry+0x53/0x70
[ 2327.171221][ C3] start_secondary+0x204/0x2b0
[ 2327.171224][ C3] ? set_cpu_sibling_map+0x1fa0/0x1fa0
[ 2327.171226][ C3] common_startup_64+0x13e/0x148
[ 2327.171231][ C3]
[ 2327.171231][ C3]
[ 2327.176686][ C3] Allocated by task 25241:
[ 2327.176773][ C3] kasan_save_stack+0x2f/0x50
[ 2327.176859][ C3] kasan_save_track+0x14/0x30
[ 2327.176941][ C3] __kasan_slab_alloc+0x60/0x70
[ 2327.177027][ C3] kmem_cache_alloc_noprof+0x221/0x5f0
[ 2327.177115][ C3] dst_alloc+0x79/0x160
[ 2327.177179][ C3] ip6_rt_pcpu_alloc+0x21d/0x670
[ 2327.177262][ C3] ip6_pol_route+0x634/0x9c0
[ 2327.177348][ C3] fib6_rule_lookup+0x40d/0x5b0
[ 2327.177433][ C3] ip6_route_output_flags+0x160/0x4a0
[ 2327.177517][ C3] ip6_dst_lookup_tail.constprop.0+0x79/0x860
[ 2327.177629][ C3] ip6_dst_lookup_flow+0xf9/0x260
[ 2327.177712][ C3] ip6_datagram_dst_update+0x6a8/0xdd0
[ 2327.177797][ C3] __ip6_datagram_connect+0x8c7/0x1630
[ 2327.177879][ C3] udpv6_connect+0x2d/0x2a0
[ 2327.177964][ C3] __sys_connect+0x1ce/0x2e0
[ 2327.178055][ C3] __x64_sys_connect+0x72/0xd0
[ 2327.178139][ C3] do_syscall_64+0x117/0xfc0
[ 2327.178223][ C3] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2327.178333][ C3]
[ 2327.178380][ C3] Freed by task 0:
[ 2327.178443][ C3] kasan_save_stack+0x2f/0x50
[ 2327.178525][ C3] kasan_save_track+0x14/0x30
[ 2327.178607][ C3] kasan_save_free_info+0x3b/0x60
[ 2327.178692][ C3] __kasan_slab_free+0x43/0x70
[ 2327.178778][ C3] kmem_cache_free+0xf6/0x560
[ 2327.178861][ C3] dst_destroy+0x239/0x360
[ 2327.178944][ C3] rcu_do_batch+0x2b6/0x1010
[ 2327.179026][ C3] rcu_core+0x2b7/0x630
[ 2327.179091][ C3] handle_softirqs+0x1d8/0x930
[ 2327.179174][ C3] __irq_exit_rcu+0x103/0x1c0
[ 2327.179257][ C3] irq_exit_rcu+0xe/0x30
[ 2327.179320][ C3] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 2327.179403][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2327.179511][ C3]
[ 2327.179557][ C3] Last potentially related work creation:
[ 2327.179643][ C3] kasan_save_stack+0x2f/0x50
[ 2327.179730][ C3] kasan_record_aux_stack+0x9b/0xc0
[ 2327.179818][ C3] __call_rcu_common.constprop.0+0xb2/0xa10
[ 2327.179925][ C3] inet_sock_destruct+0x512/0x760
[ 2327.180012][ C3] __sk_destruct+0x6ab/0x810
[ 2327.180096][ C3] rcu_do_batch+0x2b6/0x1010
[ 2327.180181][ C3] rcu_core+0x2b7/0x630
[ 2327.180245][ C3] handle_softirqs+0x1d8/0x930
[ 2327.180332][ C3] __irq_exit_rcu+0x103/0x1c0
[ 2327.180417][ C3] irq_exit_rcu+0xe/0x30
[ 2327.180483][ C3] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 2327.180567][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2327.180671][ C3]
[ 2327.180714][ C3] The buggy address belongs to the object at ff1100000fa51540
[ 2327.180714][ C3] which belongs to the cache ip6_dst_cache of size 232
[ 2327.180941][ C3] The buggy address is located 0 bytes inside of
[ 2327.180941][ C3] freed 232-byte region [ff1100000fa51540, ff1100000fa51628)
[ 2327.181150][ C3]
[ 2327.181192][ C3] The buggy address belongs to the physical page:
[ 2327.181299][ C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfa50
[ 2327.181448][ C3] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2327.181577][ C3] flags: 0x80000000000040(head|node=0|zone=1)
[ 2327.181685][ C3] page_type: f5(slab)
[ 2327.181758][ C3] raw: 0080000000000040 ff1100000910c040 ff11000005fb9228 ff11000005fb9228
[ 2327.181903][ C3] raw: 0000000000000000 0000000000120012 00000000f5000000 0000000000000000
[ 2327.182048][ C3] head: 0080000000000040 ff1100000910c040 ff11000005fb9228 ff11000005fb9228
[ 2327.182203][ C3] head: 0000000000000000 0000000000120012 00000000f5000000 0000000000000000
[ 2327.182351][ C3] head: 0080000000000001 ffd40000003e9401 00000000ffffffff 00000000ffffffff
[ 2327.182497][ C3] head: ff11000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2327.182645][ C3] page dumped because: kasan: bad access detected
[ 2327.182754][ C3]
[ 2327.182796][ C3] Memory state around the buggy address:
[ 2327.182878][ C3] ff1100000fa51400: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 2327.183004][ C3] ff1100000fa51480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2327.183130][ C3] >ff1100000fa51500: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2327.183260][ C3] ^
[ 2327.183410][ C3] ff1100000fa51580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2327.183580][ C3] ff1100000fa51600: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 2327.183709][ C3] ==================================================================
[ 2327.183887][ C3] Disabling lock debugging due to kernel taint
[ 2327.184000][ C3] Oops: general protection fault, probably for non-canonical address 0xe05a7c3540000007: 0000 [#1] SMP KASAN
[ 2327.184217][ C3] KASAN: maybe wild-memory-access in range [0x02d401aa00000038-0x02d401aa0000003f]
[ 2327.184358][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G B 7.0.0-virtme #1 PREEMPT(full)
[ 2327.184568][ C3] Tainted: [B]=BAD_PAGE
[ 2327.184631][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2327.184743][ C3] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2327.184829][ C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2327.185200][ C3] RSP: 0018:ffa0000000280d48 EFLAGS: 00010212
[ 2327.185346][ C3] RAX: 02d401aa00000000 RBX: ff1100000fa51540 RCX: 005a803540000007
[ 2327.185464][ C3] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 02d401aa00000038
[ 2327.185588][ C3] RBP: ff1100000c360d70 R08: ffffffff971a8e0a R09: 1ffffffff37f42e8
[ 2327.185710][ C3] R10: fffffbfff37f42e9 R11: fffffbfff37f42e9 R12: ff11000016e81400
[ 2327.185838][ C3] R13: fffffbfff346684c R14: ff11000016e814c8 R15: 000000000000000f
[ 2327.185962][ C3] FS: 0000000000000000(0000) GS:ff110000d024c000(0000) knlGS:0000000000000000
[ 2327.186105][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2327.186208][ C3] CR2: 00007fb06e35e388 CR3: 000000001244a004 CR4: 0000000000771ef0
[ 2327.186333][ C3] PKRU: 55555554
[ 2327.186392][ C3] Call Trace:
[ 2327.186452][ C3]
[ 2327.186495][ C3] fib6_nh_release_dsts.part.0+0xdf/0x170
[ 2327.186588][ C3] fib6_nh_release+0xe5/0x200
[ 2327.186671][ C3] fib6_info_destroy_rcu+0x134/0x190
[ 2327.186757][ C3] ? rcu_do_batch+0x2b4/0x1010
[ 2327.186835][ C3] ? rcu_do_batch+0x397/0x1010
[ 2327.186917][ C3] rcu_do_batch+0x2b6/0x1010
[ 2327.186997][ C3] ? trace_rcu_batch_end+0x330/0x330
[ 2327.187076][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.187159][ C3] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2327.187263][ C3] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 2327.187363][ C3] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2327.187466][ C3] ? lockdep_hardirqs_on+0x8c/0x130
[ 2327.187554][ C3] rcu_core+0x2b7/0x630
[ 2327.187619][ C3] handle_softirqs+0x1d8/0x930
[ 2327.187699][ C3] ? find_held_lock+0x2b/0x80
[ 2327.187782][ C3] ? __lock_release.isra.0+0x6b/0x1a0
[ 2327.187862][ C3] ? _local_bh_enable+0xd0/0xd0
[ 2327.187948][ C3] __irq_exit_rcu+0x103/0x1c0
[ 2327.188026][ C3] irq_exit_rcu+0xe/0x30
[ 2327.188086][ C3] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 2327.188165][ C3]
[ 2327.188207][ C3]
[ 2327.188247][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.188324][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2327.188425][ C3] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 2327.188508][ C3] Code: 48 8b 3d 54 53 60 02 e8 1f 00 00 00 48 2b 05 d8 11 9e 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 13 44 14 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[ 2327.188794][ C3] RSP: 0018:ffa0000000167de8 EFLAGS: 00000296
[ 2327.188897][ C3] RAX: 0000000003ff03cd RBX: ff11000001c78040 RCX: ffffffff972df5db
[ 2327.189019][ C3] RDX: ff11000001c78040 RSI: ffffffff9a29008a RDI: ffffffff99c71a40
[ 2327.189143][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2327.189270][ C3] R10: 0000000000000003 R11: 0000000000000001 R12: 1ff400000002cfc0
[ 2327.189399][ C3] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[ 2327.189520][ C3] ? cpuidle_idle_call.constprop.0+0x22b/0x400
[ 2327.189625][ C3] ? lockdep_hardirqs_on+0x8c/0x130
[ 2327.189707][ C3] default_idle+0x9/0x10
[ 2327.189772][ C3] default_idle_call+0x6a/0xa0
[ 2327.189852][ C3] cpuidle_idle_call.constprop.0+0x22b/0x400
[ 2327.189958][ C3] ? arch_cpu_idle_exit+0x40/0x40
[ 2327.190047][ C3] ? mark_tsc_async_resets+0x30/0x30
[ 2327.190125][ C3] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2327.190227][ C3] ? rcu_is_watching+0x15/0xd0
[ 2327.190370][ C3] do_idle+0xed/0x150
[ 2327.190432][ C3] cpu_startup_entry+0x53/0x70
[ 2327.190515][ C3] start_secondary+0x204/0x2b0
[ 2327.190594][ C3] ? set_cpu_sibling_map+0x1fa0/0x1fa0
[ 2327.190678][ C3] common_startup_64+0x13e/0x148
[ 2327.190766][ C3]
[ 2327.190828][ C3] Modules linked in: geneve bonding sch_etf sch_fq act_mirred act_tunnel_key cls_flower bareudp mpls_gso mpls_iptunnel mpls_router nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 vxlan cls_bpf xfrm_user act_gact cls_matchall sch_ingress ipt_REJECT nf_reject_ipv4 xt_HL nft_compat nf_tables amt [last unloaded: psample]
[ 2327.191312][ C3] ---[ end trace 0000000000000000 ]---
[ 2327.191393][ C3] RIP: 0010:dst_dev_put+0x9f/0x300
[ 2327.191475][ C3] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 2327.191772][ C3] RSP: 0018:ffa0000000280d48 EFLAGS: 00010212
[ 2327.191871][ C3] RAX: 02d401aa00000000 RBX: ff1100000fa51540 RCX: 005a803540000007
[ 2327.191990][ C3] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 02d401aa00000038
[ 2327.192117][ C3] RBP: ff1100000c360d70 R08: ffffffff971a8e0a R09: 1ffffffff37f42e8
[ 2327.192243][ C3] R10: fffffbfff37f42e9 R11: fffffbfff37f42e9 R12: ff11000016e81400
[ 2327.192434][ C3] R13: fffffbfff346684c R14: ff11000016e814c8 R15: 000000000000000f
[ 2327.192556][ C3] FS: 0000000000000000(0000) GS:ff110000d024c000(0000) knlGS:0000000000000000
[ 2327.192698][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2327.192799][ C3] CR2: 00007fb06e35e388 CR3: 000000001244a004 CR4: 0000000000771ef0
[ 2327.192919][ C3] PKRU: 55555554
[ 2327.192981][ C3] Kernel panic - not syncing: Fatal exception in interrupt
[ 2327.193183][ C3] Kernel Offset: 0x15a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2327.193369][ C3] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr