[  950.513253][   T12] ==================================================================
[  950.513436][   T12] BUG: KASAN: slab-use-after-free in __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[  950.513600][   T12] Read of size 8 at addr ff11000004ab8450 by task kworker/u16:0/12
[  950.513746][   T12] 
[  950.513798][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 7.0.0-virtme #1 PREEMPT(full) 
[  950.513801][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  950.513803][   T12] Workqueue: netns cleanup_net
[  950.513809][   T12] Call Trace:
[  950.513810][   T12]  <TASK>
[  950.513812][   T12]  dump_stack_lvl+0x6f/0xa0
[  950.513818][   T12]  print_address_description.constprop.0+0x73/0x300
[  950.513822][   T12]  print_report+0xfc/0x1fa
[  950.513824][   T12]  ? __virt_addr_valid+0x102/0x440
[  950.513828][   T12]  ? __virt_addr_valid+0x1da/0x440
[  950.513830][   T12]  kasan_report+0x108/0x130
[  950.513834][   T12]  ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[  950.513836][   T12]  ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[  950.513839][   T12]  __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[  950.513841][   T12]  fib6_purge_rt+0x649/0x9a0
[  950.513843][   T12]  fib6_del_route+0x603/0x1190
[  950.513846][   T12]  ? fib6_purge_rt+0x9a0/0x9a0
[  950.513848][   T12]  ? ret_from_fork_asm+0x11/0x20
[  950.513851][   T12]  fib6_del+0x219/0x310
[  950.513853][   T12]  ? validate_chain+0x38b/0xc20
[  950.513857][   T12]  fib6_clean_node+0x33b/0x580
[  950.513859][   T12]  ? fib6_del+0x310/0x310
[  950.513861][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  950.513863][   T12]  ? find_held_lock+0x2b/0x80
[  950.513865][   T12]  fib6_walk_continue+0x2fe/0x630
[  950.513867][   T12]  ? mark_held_locks+0x40/0x70
[  950.513869][   T12]  ? fib6_ifup+0x220/0x220
[  950.513870][   T12]  ? fib6_ifup+0x220/0x220
[  950.513872][   T12]  fib6_walk+0x154/0x3d0
[  950.513874][   T12]  ? __lock_acquire+0x508/0xc10
[  950.513876][   T12]  fib6_clean_tree+0xf2/0x130
[  950.513878][   T12]  ? fib6_walk+0x3d0/0x3d0
[  950.513880][   T12]  ? fib6_del+0x310/0x310
[  950.513881][   T12]  ? fib6_ifup+0x220/0x220
[  950.513883][   T12]  ? fib6_ifup+0x220/0x220
[  950.513885][   T12]  __fib6_clean_all+0xf5/0x290
[  950.513887][   T12]  rt6_disable_ip+0x120/0x140
[  950.513889][   T12]  ? rt6_sync_down_dev+0x120/0x120
[  950.513891][   T12]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  950.513893][   T12]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  950.513896][   T12]  addrconf_ifdown.isra.0+0x103/0x15f0
[  950.513899][   T12]  ? __timer_delete_sync+0xdb/0x130
[  950.513902][   T12]  ? __timer_delete_sync+0xa2/0x130
[  950.513903][   T12]  ? __neigh_ifdown.isra.0+0x648/0xa40
[  950.513906][   T12]  ? addrconf_dad_run+0x1b0/0x1b0
[  950.513908][   T12]  ? netkit_xmit+0x14c0/0x14c0
[  950.513912][   T12]  addrconf_notify+0x2c8/0xf30
[  950.513914][   T12]  ? team_port_get_rtnl+0x65/0xc0
[  950.513917][   T12]  notifier_call_chain+0xb0/0x320
[  950.513921][   T12]  netif_close_many+0x2c9/0x640
[  950.513923][   T12]  ? rcu_is_watching+0x15/0xd0
[  950.513925][   T12]  ? lock_acquire+0x134/0x160
[  950.513927][   T12]  ? __dev_close_many+0x670/0x670
[  950.513929][   T12]  ? netif_close_many_and_unlock+0x22/0x2c0
[  950.513930][   T12]  ? __mutex_lock+0x9a6/0x2000
[  950.513933][   T12]  unregister_netdevice_many_notify+0x716/0x1f20
[  950.513936][   T12]  ? mutex_is_locked+0x1c/0x50
[  950.513937][   T12]  ? rtnl_is_locked+0x15/0x20
[  950.513939][   T12]  ? default_device_exit_net+0x78/0x7f0
[  950.513941][   T12]  ? unregister_netdevice_queued+0x80/0x80
[  950.513943][   T12]  ? perf_trace_sched_switch+0x7d0/0x7d0
[  950.513946][   T12]  default_device_exit_batch+0x38b/0x600
[  950.513949][   T12]  ? unregister_netdev+0x60/0x60
[  950.513950][   T12]  ? perf_trace_sched_switch+0x7d0/0x7d0
[  950.513952][   T12]  ? fou_exit_net+0x30/0x110
[  950.513955][   T12]  ops_undo_list+0x2ce/0x8f0
[  950.513957][   T12]  ? netns_install+0x2a0/0x2a0
[  950.513958][   T12]  ? __lock_release.isra.0+0x6b/0x1a0
[  950.513961][   T12]  cleanup_net+0x431/0x940
[  950.513963][   T12]  ? net_passive_dec+0x1c0/0x1c0
[  950.513964][   T12]  ? process_one_work+0xdb4/0x1410
[  950.513967][   T12]  ? lock_acquire+0x134/0x160
[  950.513969][   T12]  ? rcu_is_watching+0x15/0xd0
[  950.513970][   T12]  process_one_work+0xdf5/0x1410
[  950.513973][   T12]  ? pwq_dec_nr_in_flight+0x710/0x710
[  950.513975][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  950.513978][   T12]  worker_thread+0x4f1/0xd60
[  950.513980][   T12]  ? rescuer_thread+0x1320/0x1320
[  950.513982][   T12]  kthread+0x364/0x460
[  950.513983][   T12]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  950.513987][   T12]  ? kthread_affine_node+0x330/0x330
[  950.513988][   T12]  ret_from_fork+0x474/0x6b0
[  950.513992][   T12]  ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[  950.513994][   T12]  ? __switch_to+0x5a3/0xe00
[  950.513996][   T12]  ? kthread_affine_node+0x330/0x330
[  950.513998][   T12]  ret_from_fork_asm+0x11/0x20
[  950.514001][   T12]  </TASK>
[  950.514002][   T12] 
[  950.521376][   T12] Allocated by task 17381:
[  950.521462][   T12]  kasan_save_stack+0x2f/0x50
[  950.521550][   T12]  kasan_save_track+0x14/0x30
[  950.521633][   T12]  __kasan_slab_alloc+0x60/0x70
[  950.521716][   T12]  kmem_cache_alloc_noprof+0x221/0x5f0
[  950.521803][   T12]  dst_alloc+0x79/0x160
[  950.521867][   T12]  ip6_rt_pcpu_alloc+0x21d/0x670
[  950.521951][   T12]  ip6_pol_route+0x634/0x9c0
[  950.522034][   T12]  fib6_rule_lookup+0x11a/0x5b0
[  950.522118][   T12]  ip6_route_output_flags+0x160/0x4a0
[  950.522203][   T12]  ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[  950.522306][   T12]  ip6_dst_lookup_flow+0xf9/0x260
[  950.522390][   T12]  ip6_sk_dst_lookup_flow+0x391/0x7b0
[  950.522473][   T12]  udpv6_sendmsg+0x154e/0x2a00
[  950.522557][   T12]  ____sys_sendmsg+0x419/0x850
[  950.522641][   T12]  ___sys_sendmsg+0x14e/0x1d0
[  950.522728][   T12]  __sys_sendmsg+0x145/0x1f0
[  950.522814][   T12]  do_syscall_64+0x117/0xfc0
[  950.522899][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  950.523002][   T12] 
[  950.523046][   T12] Freed by task 0:
[  950.523110][   T12]  kasan_save_stack+0x2f/0x50
[  950.523196][   T12]  kasan_save_track+0x14/0x30
[  950.523279][   T12]  kasan_save_free_info+0x3b/0x60
[  950.523362][   T12]  __kasan_slab_free+0x43/0x70
[  950.523446][   T12]  kmem_cache_free+0xf6/0x560
[  950.523530][   T12]  dst_destroy+0x239/0x360
[  950.523612][   T12]  rcu_do_batch+0x2b6/0x1010
[  950.523696][   T12]  rcu_core+0x2b7/0x630
[  950.523763][   T12]  handle_softirqs+0x1d8/0x930
[  950.523849][   T12]  __irq_exit_rcu+0x103/0x1c0
[  950.523932][   T12]  irq_exit_rcu+0xe/0x30
[  950.523995][   T12]  sysvec_apic_timer_interrupt+0x9d/0xe0
[  950.524080][   T12]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  950.524182][   T12] 
[  950.524225][   T12] Last potentially related work creation:
[  950.524309][   T12]  kasan_save_stack+0x2f/0x50
[  950.524394][   T12]  kasan_record_aux_stack+0x9b/0xc0
[  950.524477][   T12]  __call_rcu_common.constprop.0+0xb2/0xa10
[  950.524581][   T12]  udpv6_sendmsg+0x2065/0x2a00
[  950.524666][   T12]  ____sys_sendmsg+0x419/0x850
[  950.524755][   T12]  ___sys_sendmsg+0x14e/0x1d0
[  950.524839][   T12]  __sys_sendmsg+0x145/0x1f0
[  950.524923][   T12]  do_syscall_64+0x117/0xfc0
[  950.525007][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  950.525111][   T12] 
[  950.525154][   T12] The buggy address belongs to the object at ff11000004ab83c0
[  950.525154][   T12]  which belongs to the cache ip6_dst_cache of size 232
[  950.525381][   T12] The buggy address is located 144 bytes inside of
[  950.525381][   T12]  freed 232-byte region [ff11000004ab83c0, ff11000004ab84a8)
[  950.525586][   T12] 
[  950.525630][   T12] The buggy address belongs to the physical page:
[  950.525736][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000004ab9700 pfn:0x4ab8
[  950.525910][   T12] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  950.526038][   T12] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  950.526146][   T12] page_type: f5(slab)
[  950.526213][   T12] raw: 0080000000000240 ff1100001086a040 ffd4000000710590 ff11000005fa1208
[  950.526365][   T12] raw: ff11000004ab9700 0000000000120002 00000000f5000000 0000000000000000
[  950.526514][   T12] head: 0080000000000240 ff1100001086a040 ffd4000000710590 ff11000005fa1208
[  950.526664][   T12] head: ff11000004ab9700 0000000000120002 00000000f5000000 0000000000000000
[  950.526814][   T12] head: 0080000000000001 ffd400000012ae01 00000000ffffffff 00000000ffffffff
[  950.526962][   T12] head: ff11000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  950.527111][   T12] page dumped because: kasan: bad access detected
[  950.527214][   T12] 
[  950.527258][   T12] Memory state around the buggy address:
[  950.527341][   T12]  ff11000004ab8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  950.527465][   T12]  ff11000004ab8380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  950.527589][   T12] >ff11000004ab8400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  950.527713][   T12]                                                  ^
[  950.527820][   T12]  ff11000004ab8480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  950.527942][   T12]  ff11000004ab8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  950.528064][   T12] ==================================================================
[  950.528197][   T12] Disabling lock debugging due to kernel taint
[  950.537521][    C0] Oops: general protection fault, probably for non-canonical address 0xe050bc3500000007: 0000 [#1] SMP KASAN
[  950.537737][    C0] KASAN: maybe wild-memory-access in range [0x028601a800000038-0x028601a80000003f]
[  950.537882][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G    B               7.0.0-virtme #1 PREEMPT(full) 
[  950.538056][    C0] Tainted: [B]=BAD_PAGE
[  950.538124][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  950.538231][    C0] RIP: 0010:dst_dev_put+0x9f/0x300
[  950.538327][    C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[  950.538637][    C0] RSP: 0018:ffa0000000007d48 EFLAGS: 00010212
[  950.538747][    C0] RAX: 028601a800000000 RBX: ff11000004ab83c0 RCX: 0050c03500000007
[  950.538871][    C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 028601a800000038
[  950.539003][    C0] RBP: ff11000005717ad8 R08: ffffffffb112c4fc R09: 1ffa3ffffffa0c37
[  950.539128][    C0] R10: fffa3bfffffa0c38 R11: fffa3bfffffa0c38 R12: ff11000015f94400
[  950.539251][    C0] R13: fffffbfff63e684c R14: ff11000015f944c8 R15: 0000000000000036
[  950.539378][    C0] FS:  0000000000000000(0000) GS:ff110000b84cc000(0000) knlGS:0000000000000000
[  950.539530][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  950.539639][    C0] CR2: 00007f4e6771d4a0 CR3: 000000000c74e004 CR4: 0000000000771ef0
[  950.539770][    C0] PKRU: 55555554
[  950.539833][    C0] Call Trace:
[  950.539895][    C0]  <IRQ>
[  950.539938][    C0]  fib6_nh_release_dsts.part.0+0xdf/0x170
[  950.540023][    C0]  fib6_nh_release+0xe5/0x200
[  950.540106][    C0]  ? rcu_is_watching+0x15/0xd0
[  950.540189][    C0]  fib6_info_destroy_rcu+0x134/0x190
[  950.540272][    C0]  ? rcu_do_batch+0x2b4/0x1010
[  950.540354][    C0]  ? rcu_do_batch+0x397/0x1010
[  950.540435][    C0]  rcu_do_batch+0x2b6/0x1010
[  950.540519][    C0]  ? trace_rcu_batch_end+0x330/0x330
[  950.540601][    C0]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  950.540705][    C0]  ? do_raw_spin_unlock+0x59/0x250
[  950.540793][    C0]  ? trace_hardirqs_on+0x36/0x40
[  950.540875][    C0]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  950.540981][    C0]  rcu_core+0x2b7/0x630
[  950.541045][    C0]  handle_softirqs+0x1d8/0x930
[  950.541129][    C0]  ? clockevents_tick_resume+0x60/0x60
[  950.541214][    C0]  ? _local_bh_enable+0xd0/0xd0
[  950.541297][    C0]  ? rcu_is_watching+0x15/0xd0
[  950.541379][    C0]  ? lock_release+0x17c/0x1f0
[  950.541461][    C0]  __irq_exit_rcu+0x103/0x1c0
[  950.541544][    C0]  irq_exit_rcu+0xe/0x30
[  950.541607][    C0]  sysvec_apic_timer_interrupt+0x9d/0xe0
[  950.541691][    C0]  </IRQ>
[  950.541741][    C0]  <TASK>
[  950.541783][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  950.541889][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x10
[  950.541975][    C0] Code: 48 8b 3d 54 53 60 02 e8 1f 00 00 00 48 2b 05 d8 11 9e 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 13 44 14 00 fb f4 <c3> 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01
[  950.542265][    C0] RSP: 0018:ffffffffb2607e00 EFLAGS: 00000246
[  950.542370][    C0] RAX: 0000000000000000 RBX: ffffffffb2630740 RCX: 0000000000000001
[  950.542493][    C0] RDX: 0000000000000000 RSI: ffffffffb18719c0 RDI: ffffffffaeedf5db
[  950.542616][    C0] RBP: 0000000000000000 R08: ffffffffb15544f1 R09: 1fe220000d80639a
[  950.542752][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffffffff64c0fc3
[  950.542876][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000014770
[  950.543000][    C0]  ? ct_kernel_exit.constprop.0+0x101/0x160
[  950.543106][    C0]  ? cpuidle_idle_call.constprop.0+0x22b/0x400
[  950.543214][    C0]  default_idle+0x9/0x10
[  950.543277][    C0]  default_idle_call+0x6a/0xa0
[  950.543358][    C0]  cpuidle_idle_call.constprop.0+0x22b/0x400
[  950.543458][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[  950.543540][    C0]  ? mark_tsc_async_resets+0x30/0x30
[  950.543623][    C0]  ? rcu_is_watching+0x15/0xd0
[  950.543705][    C0]  do_idle+0xed/0x150
[  950.543771][    C0]  cpu_startup_entry+0x53/0x70
[  950.543856][    C0]  rest_init+0x1f7/0x200
[  950.543922][    C0]  start_kernel+0x3ad/0x3b0
[  950.544007][    C0]  x86_64_start_reservations+0x24/0x30
[  950.544089][    C0]  x86_64_start_kernel+0x12b/0x130
[  950.544172][    C0]  common_startup_64+0x13e/0x148
[  950.544257][    C0]  </TASK>
[  950.544318][    C0] Modules linked in: act_mirred cls_flower sch_ingress vxcan can_dev xfrm_interface ip6_gre ip_gre gre macsec ipvlan vxlan xt_conntrack nf_conntrack nf_defrag_ipv4 nf_defrag_ipv6 sctp_diag sctp unix_diag xfrm_user xt_policy nft_compat nf_tables [last unloaded: test_bpf]
[  950.544739][    C0] ---[ end trace 0000000000000000 ]---
[  950.544825][    C0] RIP: 0010:dst_dev_put+0x9f/0x300
[  950.544911][    C0] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[  950.545202][    C0] RSP: 0018:ffa0000000007d48 EFLAGS: 00010212
[  950.545311][    C0] RAX: 028601a800000000 RBX: ff11000004ab83c0 RCX: 0050c03500000007
[  950.545438][    C0] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 028601a800000038
[  950.545563][    C0] RBP: ff11000005717ad8 R08: ffffffffb112c4fc R09: 1ffa3ffffffa0c37
[  950.545691][    C0] R10: fffa3bfffffa0c38 R11: fffa3bfffffa0c38 R12: ff11000015f94400
[  950.545816][    C0] R13: fffffbfff63e684c R14: ff11000015f944c8 R15: 0000000000000036
[  950.545941][    C0] FS:  0000000000000000(0000) GS:ff110000b84cc000(0000) knlGS:0000000000000000
[  950.546088][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  950.546193][    C0] CR2: 00007f4e6771d4a0 CR3: 000000000c74e004 CR4: 0000000000771ef0
[  950.546325][    C0] PKRU: 55555554
[  950.546390][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  950.546588][    C0] Kernel Offset: 0x2d600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  950.546786][    C0] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr