[ 1131.881474][ T67] ==================================================================
[ 1131.881656][ T67] BUG: KASAN: slab-use-after-free in __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 1131.881820][ T67] Read of size 8 at addr ff1100000a0920d0 by task kworker/u16:1/67
[ 1131.881960][ T67]
[ 1131.882007][ T67] CPU: 0 UID: 0 PID: 67 Comm: kworker/u16:1 Not tainted 7.0.0-virtme #1 PREEMPT(full)
[ 1131.882010][ T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1131.882012][ T67] Workqueue: netns cleanup_net
[ 1131.882018][ T67] Call Trace:
[ 1131.882020][ T67]
[ 1131.882022][ T67] dump_stack_lvl+0x6f/0xa0
[ 1131.882028][ T67] print_address_description.constprop.0+0x73/0x300
[ 1131.882033][ T67] print_report+0xfc/0x1fa
[ 1131.882035][ T67] ? __virt_addr_valid+0x102/0x440
[ 1131.882039][ T67] ? __virt_addr_valid+0x1da/0x440
[ 1131.882041][ T67] kasan_report+0x108/0x130
[ 1131.882045][ T67] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 1131.882047][ T67] ? __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 1131.882050][ T67] __fib6_drop_pcpu_from.part.0+0x429/0x4a0
[ 1131.882052][ T67] fib6_purge_rt+0x649/0x9a0
[ 1131.882054][ T67] fib6_del_route+0x603/0x1190
[ 1131.882057][ T67] ? fib6_purge_rt+0x9a0/0x9a0
[ 1131.882060][ T67] ? ret_from_fork_asm+0x11/0x20
[ 1131.882062][ T67] fib6_del+0x219/0x310
[ 1131.882064][ T67] ? validate_chain+0x38b/0xc20
[ 1131.882068][ T67] fib6_clean_node+0x33b/0x580
[ 1131.882070][ T67] ? fib6_del+0x310/0x310
[ 1131.882072][ T67] ? lock_acquire.part.0+0xbc/0x260
[ 1131.882074][ T67] ? find_held_lock+0x2b/0x80
[ 1131.882077][ T67] fib6_walk_continue+0x2fe/0x630
[ 1131.882078][ T67] ? mark_held_locks+0x40/0x70
[ 1131.882080][ T67] ? fib6_ifup+0x220/0x220
[ 1131.882082][ T67] ? fib6_ifup+0x220/0x220
[ 1131.882084][ T67] fib6_walk+0x154/0x3d0
[ 1131.882085][ T67] ? __lock_acquire+0x508/0xc10
[ 1131.882087][ T67] fib6_clean_tree+0xf2/0x130
[ 1131.882089][ T67] ? fib6_walk+0x3d0/0x3d0
[ 1131.882092][ T67] ? fib6_del+0x310/0x310
[ 1131.882093][ T67] ? fib6_ifup+0x220/0x220
[ 1131.882095][ T67] ? fib6_ifup+0x220/0x220
[ 1131.882097][ T67] __fib6_clean_all+0xf5/0x290
[ 1131.882099][ T67] rt6_disable_ip+0x120/0x140
[ 1131.882101][ T67] ? rt6_sync_down_dev+0x120/0x120
[ 1131.882103][ T67] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1131.882105][ T67] ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 1131.882109][ T67] addrconf_ifdown.isra.0+0x103/0x15f0
[ 1131.882112][ T67] ? __timer_delete_sync+0xdb/0x130
[ 1131.882115][ T67] ? __timer_delete_sync+0xa2/0x130
[ 1131.882116][ T67] ? __neigh_ifdown.isra.0+0x648/0xa40
[ 1131.882119][ T67] ? addrconf_dad_run+0x1b0/0x1b0
[ 1131.882121][ T67] ? netkit_xmit+0x14c0/0x14c0
[ 1131.882125][ T67] addrconf_notify+0x2c8/0xf30
[ 1131.882127][ T67] ? team_port_get_rtnl+0x65/0xc0
[ 1131.882130][ T67] notifier_call_chain+0xb0/0x320
[ 1131.882134][ T67] netif_close_many+0x2c9/0x640
[ 1131.882137][ T67] ? rcu_is_watching+0x15/0xd0
[ 1131.882139][ T67] ? lock_acquire+0x134/0x160
[ 1131.882141][ T67] ? __dev_close_many+0x670/0x670
[ 1131.882143][ T67] ? netif_close_many_and_unlock+0x22/0x2c0
[ 1131.882144][ T67] ? __mutex_lock+0x9a6/0x2000
[ 1131.882147][ T67] unregister_netdevice_many_notify+0x716/0x1f20
[ 1131.882149][ T67] ? mutex_is_locked+0x1c/0x50
[ 1131.882151][ T67] ? rtnl_is_locked+0x15/0x20
[ 1131.882153][ T67] ? default_device_exit_net+0x78/0x7f0
[ 1131.882154][ T67] ? unregister_netdevice_queued+0x80/0x80
[ 1131.882157][ T67] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 1131.882160][ T67] default_device_exit_batch+0x38b/0x600
[ 1131.882162][ T67] ? unregister_netdev+0x60/0x60
[ 1131.882164][ T67] ? perf_trace_sched_switch+0x7d0/0x7d0
[ 1131.882166][ T67] ? fou_exit_net+0x30/0x110
[ 1131.882169][ T67] ops_undo_list+0x2ce/0x8f0
[ 1131.882171][ T67] ? netns_install+0x2a0/0x2a0
[ 1131.882172][ T67] ? __lock_release.isra.0+0x6b/0x1a0
[ 1131.882175][ T67] cleanup_net+0x431/0x940
[ 1131.882177][ T67] ? net_passive_dec+0x1c0/0x1c0
[ 1131.882178][ T67] ? process_one_work+0xdb4/0x1410
[ 1131.882181][ T67] ? lock_acquire+0x134/0x160
[ 1131.882183][ T67] ? rcu_is_watching+0x15/0xd0
[ 1131.882185][ T67] process_one_work+0xdf5/0x1410
[ 1131.882187][ T67] ? pwq_dec_nr_in_flight+0x710/0x710
[ 1131.882189][ T67] ? lock_acquire.part.0+0xbc/0x260
[ 1131.882192][ T67] worker_thread+0x4f1/0xd60
[ 1131.882194][ T67] ? rescuer_thread+0x1320/0x1320
[ 1131.882195][ T67] ? __kthread_parkme+0xbd/0x210
[ 1131.882197][ T67] ? rescuer_thread+0x1320/0x1320
[ 1131.882199][ T67] kthread+0x364/0x460
[ 1131.882200][ T67] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1131.882203][ T67] ? kthread_affine_node+0x330/0x330
[ 1131.882205][ T67] ret_from_fork+0x474/0x6b0
[ 1131.882208][ T67] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 1131.882211][ T67] ? __switch_to+0x5a3/0xe00
[ 1131.882213][ T67] ? kthread_affine_node+0x330/0x330
[ 1131.882215][ T67] ret_from_fork_asm+0x11/0x20
[ 1131.882218][ T67]
[ 1131.882219][ T67]
[ 1131.890007][ T67] Allocated by task 23912:
[ 1131.890140][ T67] kasan_save_stack+0x2f/0x50
[ 1131.890230][ T67] kasan_save_track+0x14/0x30
[ 1131.890314][ T67] __kasan_slab_alloc+0x60/0x70
[ 1131.890400][ T67] kmem_cache_alloc_noprof+0x221/0x5f0
[ 1131.890530][ T67] dst_alloc+0x79/0x160
[ 1131.890594][ T67] ip6_rt_pcpu_alloc+0x21d/0x670
[ 1131.890679][ T67] ip6_pol_route+0x634/0x9c0
[ 1131.890765][ T67] fib6_rule_lookup+0x11a/0x5b0
[ 1131.890898][ T67] ip6_route_output_flags+0x160/0x4a0
[ 1131.890985][ T67] ip6_dst_lookup_tail.constprop.0+0xb0/0x860
[ 1131.891091][ T67] ip6_dst_lookup_flow+0xf9/0x260
[ 1131.891175][ T67] ip6_sk_dst_lookup_flow+0x391/0x7b0
[ 1131.891304][ T67] udpv6_sendmsg+0x154e/0x2a00
[ 1131.891388][ T67] ____sys_sendmsg+0x419/0x850
[ 1131.891473][ T67] ___sys_sendmsg+0x14e/0x1d0
[ 1131.891559][ T67] __sys_sendmsg+0x145/0x1f0
[ 1131.891689][ T67] do_syscall_64+0x117/0xfc0
[ 1131.891773][ T67] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1131.891879][ T67]
[ 1131.891925][ T67] Freed by task 0:
[ 1131.891991][ T67] kasan_save_stack+0x2f/0x50
[ 1131.892123][ T67] kasan_save_track+0x14/0x30
[ 1131.892208][ T67] kasan_save_free_info+0x3b/0x60
[ 1131.892292][ T67] __kasan_slab_free+0x43/0x70
[ 1131.892378][ T67] kmem_cache_free+0xf6/0x560
[ 1131.892509][ T67] dst_destroy+0x239/0x360
[ 1131.892593][ T67] rcu_do_batch+0x2b6/0x1010
[ 1131.892679][ T67] rcu_core+0x2b7/0x630
[ 1131.892742][ T67] handle_softirqs+0x1d8/0x930
[ 1131.892874][ T67] __irq_exit_rcu+0x103/0x1c0
[ 1131.892961][ T67] irq_exit_rcu+0xe/0x30
[ 1131.893027][ T67] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 1131.893111][ T67] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1131.893261][ T67]
[ 1131.893305][ T67] Last potentially related work creation:
[ 1131.893391][ T67] kasan_save_stack+0x2f/0x50
[ 1131.893482][ T67] kasan_record_aux_stack+0x9b/0xc0
[ 1131.893614][ T67] __call_rcu_common.constprop.0+0xb2/0xa10
[ 1131.893725][ T67] udpv6_sendmsg+0x2065/0x2a00
[ 1131.893809][ T67] ____sys_sendmsg+0x419/0x850
[ 1131.893894][ T67] ___sys_sendmsg+0x14e/0x1d0
[ 1131.893983][ T67] __sys_sendmsg+0x145/0x1f0
[ 1131.894067][ T67] do_syscall_64+0x117/0xfc0
[ 1131.894152][ T67] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1131.894259][ T67]
[ 1131.894304][ T67] The buggy address belongs to the object at ff1100000a092040
[ 1131.894304][ T67] which belongs to the cache ip6_dst_cache of size 232
[ 1131.894532][ T67] The buggy address is located 144 bytes inside of
[ 1131.894532][ T67] freed 232-byte region [ff1100000a092040, ff1100000a092128)
[ 1131.894743][ T67]
[ 1131.894787][ T67] The buggy address belongs to the physical page:
[ 1131.894891][ T67] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000a092200 pfn:0xa092
[ 1131.895071][ T67] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1131.895200][ T67] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1131.895311][ T67] page_type: f5(slab)
[ 1131.895379][ T67] raw: 0080000000000240 ff110000090e6040 ffd400000032cb90 ff11000005f71208
[ 1131.895531][ T67] raw: ff1100000a092200 0000000000120001 00000000f5000000 0000000000000000
[ 1131.895685][ T67] head: 0080000000000240 ff110000090e6040 ffd400000032cb90 ff11000005f71208
[ 1131.895838][ T67] head: ff1100000a092200 0000000000120001 00000000f5000000 0000000000000000
[ 1131.895994][ T67] head: 0080000000000001 ffd4000000282481 00000000ffffffff 00000000ffffffff
[ 1131.896144][ T67] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1131.896297][ T67] page dumped because: kasan: bad access detected
[ 1131.896402][ T67]
[ 1131.896449][ T67] Memory state around the buggy address:
[ 1131.896532][ T67] ff1100000a091f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1131.896658][ T67] ff1100000a092000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1131.896784][ T67] >ff1100000a092080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1131.896908][ T67] ^
[ 1131.897017][ T67] ff1100000a092100: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 1131.897144][ T67] ff1100000a092180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1131.897273][ T67] ==================================================================
[ 1131.897407][ T67] Disabling lock debugging due to kernel taint
[ 1131.904485][ C1] Oops: general protection fault, probably for non-canonical address 0xe03bbc36e0000007: 0000 [#1] SMP KASAN
[ 1131.904696][ C1] KASAN: maybe wild-memory-access in range [0x01de01b700000038-0x01de01b70000003f]
[ 1131.904844][ C1] CPU: 1 UID: 0 PID: 23850 Comm: make Tainted: G B 7.0.0-virtme #1 PREEMPT(full)
[ 1131.905018][ C1] Tainted: [B]=BAD_PAGE
[ 1131.905081][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1131.905191][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 1131.905280][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 1131.905569][ C1] RSP: 0018:ffa00000001d0d48 EFLAGS: 00010212
[ 1131.905671][ C1] RAX: 01de01b700000000 RBX: ff1100000a092040 RCX: 003bc036e0000007
[ 1131.905792][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 01de01b700000038
[ 1131.905925][ C1] RBP: ff1100000ee4efe0 R08: ffffffffadf2c4fc R09: 1ffa3ffffffb09ea
[ 1131.906051][ C1] R10: fffa3bfffffb09eb R11: fffa3bfffffb09eb R12: ff110000051b8e00
[ 1131.906172][ C1] R13: fffffbfff5da684c R14: ff110000051b8ec8 R15: 0000000000000004
[ 1131.906297][ C1] FS: 00007f70d74cf740(0000) GS:ff110000bb74c000(0000) knlGS:0000000000000000
[ 1131.906443][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1131.906545][ C1] CR2: 00007f167892ff98 CR3: 000000000bcd2002 CR4: 0000000000771ef0
[ 1131.906666][ C1] PKRU: 55555554
[ 1131.906728][ C1] Call Trace:
[ 1131.906790][ C1]
[ 1131.906833][ C1] fib6_nh_release_dsts.part.0+0xdf/0x170
[ 1131.906923][ C1] fib6_nh_release+0xe5/0x200
[ 1131.907008][ C1] ? rcu_is_watching+0x15/0xd0
[ 1131.907089][ C1] fib6_info_destroy_rcu+0x134/0x190
[ 1131.907170][ C1] ? rcu_do_batch+0x2b4/0x1010
[ 1131.907252][ C1] ? rcu_do_batch+0x397/0x1010
[ 1131.907333][ C1] rcu_do_batch+0x2b6/0x1010
[ 1131.907414][ C1] ? trace_rcu_batch_end+0x330/0x330
[ 1131.907497][ C1] ? rcu_is_watching+0x15/0xd0
[ 1131.907577][ C1] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1131.907682][ C1] ? trace_irq_disable.constprop.0+0x9b/0x180
[ 1131.907781][ C1] rcu_core+0x2b7/0x630
[ 1131.907847][ C1] handle_softirqs+0x1d8/0x930
[ 1131.907934][ C1] ? clockevents_tick_resume+0x60/0x60
[ 1131.908016][ C1] ? _local_bh_enable+0xd0/0xd0
[ 1131.908098][ C1] ? rcu_is_watching+0x15/0xd0
[ 1131.908182][ C1] ? lock_release+0x17c/0x1f0
[ 1131.908269][ C1] __irq_exit_rcu+0x103/0x1c0
[ 1131.908354][ C1] irq_exit_rcu+0xe/0x30
[ 1131.908415][ C1] sysvec_apic_timer_interrupt+0x9d/0xe0
[ 1131.908497][ C1]
[ 1131.908538][ C1]
[ 1131.908577][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1131.908678][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x36/0x80
[ 1131.908783][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 31 0d 9c fd 48 89 df e8 a9 63 9c fd f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 30 16 8f fd 65 8b 05 79 7e 5d 02 85 c0 74 12 5b
[ 1131.909068][ C1] RSP: 0018:ffa0000008957d60 EFLAGS: 00000246
[ 1131.909175][ C1] RAX: 0000000000000046 RBX: ff110000010327c0 RCX: 0000000000000000
[ 1131.909297][ C1] RDX: 0000000000000003 RSI: ffffffffae6719c0 RDI: ffffffffae37c1c3
[ 1131.909426][ C1] RBP: 0000000000000292 R08: ffffffffabfb99a0 R09: 1ffffffff6018a5a
[ 1131.909553][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ff1100000e13c3c0
[ 1131.909675][ C1] R13: 0000000000000000 R14: ffa0000008957da8 R15: 0000000000000000
[ 1131.909798][ C1] ? trace_irq_enable.constprop.0+0x30/0x180
[ 1131.909905][ C1] ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 1131.910011][ C1] qlist_free_all+0x5c/0x100
[ 1131.910093][ C1] kasan_quarantine_reduce+0x196/0x240
[ 1131.910178][ C1] __kasan_slab_alloc+0x4b/0x70
[ 1131.910263][ C1] kmem_cache_alloc_noprof+0x221/0x5f0
[ 1131.910344][ C1] ? do_raw_spin_trylock+0x140/0x180
[ 1131.910429][ C1] do_getname.isra.0+0x32/0x240
[ 1131.910516][ C1] ? set_compat_user_sigmask+0x240/0x240
[ 1131.910600][ C1] __x64_sys_chdir+0x9b/0x220
[ 1131.910681][ C1] ? __ia32_sys_access+0x90/0x90
[ 1131.910766][ C1] ? restore_fpregs_from_fpstate+0x44/0x130
[ 1131.910866][ C1] ? rcu_is_watching+0x15/0xd0
[ 1131.910950][ C1] do_syscall_64+0x117/0xfc0
[ 1131.911032][ C1] ? trace_hardirqs_off+0xd/0x30
[ 1131.911113][ C1] ? exc_page_fault+0xee/0x100
[ 1131.911196][ C1] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1131.911296][ C1] RIP: 0033:0x7f70d75b7abb
[ 1131.911381][ C1] Code: 77 05 c3 0f 1f 40 00 48 8b 15 39 b3 10 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 50 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 0d b3 10 00 f7 d8 64 89 01 48
[ 1131.911665][ C1] RSP: 002b:00007fff13fbf038 EFLAGS: 00000206 ORIG_RAX: 0000000000000050
[ 1131.911790][ C1] RAX: ffffffffffffffda RBX: 000056071bdfe2e0 RCX: 00007f70d75b7abb
[ 1131.911918][ C1] RDX: 0000000000000000 RSI: 5c9c901620874df9 RDI: 000056071bde4590
[ 1131.912038][ C1] RBP: 00007fff13fbf050 R08: 000056071bde3150 R09: 0000000000000000
[ 1131.912158][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1131.912280][ C1] R13: 00007fff13fc0c38 R14: 0000000000000000 R15: 0000000000000001
[ 1131.912403][ C1]
[ 1131.912465][ C1] Modules linked in: act_gact cls_flower sch_ingress vxlan
[ 1131.912600][ C1] ---[ end trace 0000000000000000 ]---
[ 1131.912685][ C1] RIP: 0010:dst_dev_put+0x9f/0x300
[ 1131.912768][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee
[ 1131.913055][ C1] RSP: 0018:ffa00000001d0d48 EFLAGS: 00010212
[ 1131.913156][ C1] RAX: 01de01b700000000 RBX: ff1100000a092040 RCX: 003bc036e0000007
[ 1131.913279][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 01de01b700000038
[ 1131.913401][ C1] RBP: ff1100000ee4efe0 R08: ffffffffadf2c4fc R09: 1ffa3ffffffb09ea
[ 1131.913523][ C1] R10: fffa3bfffffb09eb R11: fffa3bfffffb09eb R12: ff110000051b8e00
[ 1131.913642][ C1] R13: fffffbfff5da684c R14: ff110000051b8ec8 R15: 0000000000000004
[ 1131.913769][ C1] FS: 00007f70d74cf740(0000) GS:ff110000bb74c000(0000) knlGS:0000000000000000
[ 1131.913921][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1131.914023][ C1] CR2: 00007f167892ff98 CR3: 000000000bcd2002 CR4: 0000000000771ef0
[ 1131.914143][ C1] PKRU: 55555554
[ 1131.914205][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 1131.914408][ C1] Kernel Offset: 0x2a400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1131.914597][ C1] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr