[   14.292745][  T250] ip (250) used greatest stack depth: 24592 bytes left
[   14.922981][  T263] ip (263) used greatest stack depth: 24256 bytes left
[   24.775618][  T328] veth2: entered promiscuous mode
[   44.261451][  T355] 8021q: 802.1Q VLAN Support v1.8
[  415.179463][  T328] veth2: left promiscuous mode
[  441.726510][ T1517] br0: port 1(veth1) entered blocking state
[  441.727070][ T1517] br0: port 1(veth1) entered disabled state
[  441.727551][ T1517] veth1: entered allmulticast mode
[  441.731155][ T1517] veth1: entered promiscuous mode
[  441.733515][ T1517] br0: port 1(veth1) entered blocking state
[  441.734099][ T1517] br0: port 1(veth1) entered forwarding state
[  441.853670][ T1518] br1: port 1(veth3) entered blocking state
[  441.854186][ T1518] br1: port 1(veth3) entered disabled state
[  441.855107][ T1518] veth3: entered allmulticast mode
[  441.859330][ T1518] veth3: entered promiscuous mode
[  441.861257][ T1518] br1: port 1(veth3) entered blocking state
[  441.861722][ T1518] br1: port 1(veth3) entered forwarding state
[  442.685800][ T1531] veth2: entered promiscuous mode
[  833.320144][ T1531] veth2: left promiscuous mode
[  858.283248][ T2705] veth3: left allmulticast mode
[  858.283654][ T2705] veth3: left promiscuous mode
[  858.284540][ T2705] br1: port 1(veth3) entered disabled state
[  858.426513][ T2706] veth1: left allmulticast mode
[  858.426893][ T2706] veth1: left promiscuous mode
[  858.427380][ T2706] br0: port 1(veth1) entered disabled state
[  858.958912][ T2720] br0: port 1(veth1) entered blocking state
[  858.959344][ T2720] br0: port 1(veth1) entered disabled state
[  858.959759][ T2720] veth1: entered allmulticast mode
[  858.963350][ T2720] veth1: entered promiscuous mode
[  858.964577][ T2720] br0: port 1(veth1) entered blocking state
[  858.964984][ T2720] br0: port 1(veth1) entered forwarding state
[  859.083801][ T2721] br0: port 2(veth3) entered blocking state
[  859.084914][ T2721] br0: port 2(veth3) entered disabled state
[  859.095357][ T2721] veth3: entered allmulticast mode
[  859.098883][ T2721] veth3: entered promiscuous mode
[  859.099651][ T2721] br0: port 2(veth3) entered blocking state
[  859.100060][ T2721] br0: port 2(veth3) entered forwarding state
[  860.073810][ T2736] veth2: entered promiscuous mode
[ 1251.749289][ T2736] veth2: left promiscuous mode
[ 1275.631528][ T3905] veth3: left allmulticast mode
[ 1275.632094][ T3905] veth3: left promiscuous mode
[ 1275.632913][ T3905] br0: port 2(veth3) entered disabled state
[ 1275.637827][ T3905] veth1: left allmulticast mode
[ 1275.638367][ T3905] veth1: left promiscuous mode
[ 1275.639172][ T3905] br0: port 1(veth1) entered disabled state
[ 1278.050181][  T228] ==================================================================
[ 1278.050455][  T228] BUG: KASAN: slab-use-after-free in account_kernel_stack.isra.0+0xf9/0x140
[ 1278.050748][  T228] Read of size 8 at addr ffff888001932740 by task sh/228
[ 1278.050957][  T228] 
[ 1278.051043][  T228] CPU: 0 UID: 0 PID: 228 Comm: sh Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full) 
[ 1278.051048][  T228] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1278.051050][  T228] Call Trace:
[ 1278.051052][  T228]  <TASK>
[ 1278.051054][  T228]  dump_stack_lvl+0x82/0xd0
[ 1278.051061][  T228]  print_address_description.constprop.0+0x2c/0x400
[ 1278.051068][  T228]  ? account_kernel_stack.isra.0+0xf9/0x140
[ 1278.051071][  T228]  print_report+0xb4/0x270
[ 1278.051075][  T228]  ? account_kernel_stack.isra.0+0xf9/0x140
[ 1278.051078][  T228]  ? kasan_addr_to_slab+0x25/0x80
[ 1278.051081][  T228]  ? account_kernel_stack.isra.0+0xf9/0x140
[ 1278.051084][  T228]  kasan_report+0xca/0x100
[ 1278.051088][  T228]  ? account_kernel_stack.isra.0+0xf9/0x140
[ 1278.051095][  T228]  account_kernel_stack.isra.0+0xf9/0x140
[ 1278.051099][  T228]  do_exit+0x767/0xe90
[ 1278.051103][  T228]  ? __pfx_do_exit+0x10/0x10
[ 1278.051106][  T228]  ? do_group_exit+0x183/0x260
[ 1278.051109][  T228]  ? __lock_release+0x5d/0x170
[ 1278.051114][  T228]  ? rcu_is_watching+0x12/0xc0
[ 1278.051121][  T228]  do_group_exit+0xb8/0x260
[ 1278.051125][  T228]  __x64_sys_exit_group+0x3e/0x50
[ 1278.051128][  T228]  x64_sys_call+0xf76/0x18a0
[ 1278.051134][  T228]  do_syscall_64+0xc1/0x380
[ 1278.051137][  T228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.051141][  T228] RIP: 0033:0x7f1411607abd
[ 1278.051145][  T228] Code: Unable to access opcode bytes at 0x7f1411607a93.
[ 1278.051147][  T228] RSP: 002b:00007ffc4eda10d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1278.051151][  T228] RAX: ffffffffffffffda RBX: 00007f14116e49c0 RCX: 00007f1411607abd
[ 1278.051153][  T228] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1278.051155][  T228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000030
[ 1278.051157][  T228] R10: 00007ffc4eda0f60 R11: 0000000000000246 R12: 00007f14116e49c0
[ 1278.051159][  T228] R13: 00007f14116e9ee0 R14: 0000000000000001 R15: 00007f14116e9ec8
[ 1278.051165][  T228]  </TASK>
[ 1278.051166][  T228] 
[ 1278.057182][  T228] Allocated by task 3931:
[ 1278.057307][  T228]  kasan_save_stack+0x24/0x50
[ 1278.057481][  T228]  kasan_save_track+0x14/0x30
[ 1278.057655][  T228]  __kasan_kmalloc+0x7f/0x90
[ 1278.057819][  T228]  __kmalloc_noprof+0x1d4/0x470
[ 1278.057986][  T228]  virtqueue_add_split+0x6a3/0x1920
[ 1278.058158][  T228]  virtqueue_add_sgs+0x143/0x270
[ 1278.058322][  T228]  virtio_fs_enqueue_req+0x58c/0xfe0
[ 1278.058489][  T228]  virtio_fs_send_req+0x13a/0x710
[ 1278.058664][  T228]  __fuse_simple_request+0x22a/0xb50
[ 1278.058861][  T228]  fuse_readlink_folio+0x20b/0x400
[ 1278.059031][  T228]  fuse_get_link+0x12d/0x350
[ 1278.059195][  T228]  pick_link+0x7a2/0x1160
[ 1278.059322][  T228]  step_into+0x85a/0xfc0
[ 1278.059446][  T228]  link_path_walk+0x3c2/0xa10
[ 1278.059614][  T228]  path_openat+0x14d/0x380
[ 1278.059780][  T228]  do_filp_open+0x1d7/0x420
[ 1278.059946][  T228]  do_sys_openat2+0xd4/0x160
[ 1278.060113][  T228]  __x64_sys_openat+0x122/0x1e0
[ 1278.060280][  T228]  do_syscall_64+0xc1/0x380
[ 1278.060446][  T228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.060675][  T228] 
[ 1278.060758][  T228] Freed by task 61:
[ 1278.060881][  T228]  kasan_save_stack+0x24/0x50
[ 1278.061049][  T228]  kasan_save_track+0x14/0x30
[ 1278.061216][  T228]  kasan_save_free_info+0x3b/0x60
[ 1278.061381][  T228]  __kasan_slab_free+0x38/0x50
[ 1278.061549][  T228]  kfree+0x144/0x320
[ 1278.061674][  T228]  detach_buf_split+0x48d/0x6f0
[ 1278.061841][  T228]  virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 1278.062049][  T228]  virtio_fs_requests_done_work+0x231/0x890
[ 1278.062256][  T228]  process_one_work+0xe43/0x1660
[ 1278.062423][  T228]  worker_thread+0x591/0xcf0
[ 1278.062588][  T228]  kthread+0x37b/0x600
[ 1278.062714][  T228]  ret_from_fork+0x243/0x320
[ 1278.062881][  T228]  ret_from_fork_asm+0x1a/0x30
[ 1278.063046][  T228] 
[ 1278.063130][  T228] The buggy address belongs to the object at ffff888001932720
[ 1278.063130][  T228]  which belongs to the cache kmalloc-96 of size 96
[ 1278.063530][  T228] The buggy address is located 32 bytes inside of
[ 1278.063530][  T228]  freed 96-byte region [ffff888001932720, ffff888001932780)
[ 1278.063925][  T228] 
[ 1278.064010][  T228] The buggy address belongs to the physical page:
[ 1278.064210][  T228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1932
[ 1278.064512][  T228] flags: 0x80000000000000(node=0|zone=1)
[ 1278.064686][  T228] page_type: f5(slab)
[ 1278.064818][  T228] raw: 0080000000000000 ffff888001042340 ffffea0000280550 ffffea0000042fd0
[ 1278.065116][  T228] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1278.065413][  T228] page dumped because: kasan: bad access detected
[ 1278.065619][  T228] 
[ 1278.065701][  T228] Memory state around the buggy address:
[ 1278.065861][  T228]  ffff888001932600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[ 1278.066101][  T228]  ffff888001932680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1278.066338][  T228] >ffff888001932700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 1278.066583][  T228]                                            ^
[ 1278.066781][  T228]  ffff888001932780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1278.067018][  T228]  ffff888001932800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[ 1278.067256][  T228] ==================================================================
[ 1278.068153][  T228] Disabling lock debugging due to kernel taint
[ 1278.068372][  T228] Oops: general protection fault, probably for non-canonical address 0xdffffc0002067e00: 0000 [#1] SMP KASAN NOPTI
[ 1278.068727][  T228] KASAN: probably user-memory-access in range [0x000000001033f000-0x000000001033f007]
[ 1278.069000][  T228] CPU: 0 UID: 0 PID: 228 Comm: sh Tainted: G    B               6.16.0-rc2-virtme #1 PREEMPT(full) 
[ 1278.069426][  T228] Tainted: [B]=BAD_PAGE
[ 1278.069547][  T228] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1278.069745][  T228] RIP: 0010:account_kernel_stack.isra.0+0xa9/0x140
[ 1278.069955][  T228] Code: be 25 00 00 00 49 83 c6 08 e8 b3 c4 72 00 49 83 fe 40 74 4a 41 80 7d 00 00 75 56 49 8b 5c 24 20 4c 01 f3 48 89 da 48 c1 ea 03 <42> 80 3c 3a 00 75 5c 48 8b 3b 48 89 fa 48 c1 ea 03 42 80 3c 3a 00
[ 1278.070538][  T228] RSP: 0018:ffffc90000a67e00 EFLAGS: 00010206
[ 1278.070743][  T228] RAX: 0000000000000001 RBX: 000000001033f000 RCX: ffffffff84a7398a
[ 1278.070983][  T228] RDX: 0000000002067e00 RSI: 0000000000000008 RDI: ffffffff89fb2600
[ 1278.071223][  T228] RBP: fffffffffffffffc R08: 0000000000000001 R09: fffffbfff13f64c0
[ 1278.071465][  T228] R10: ffffffff89fb2607 R11: ffffc90000a67900 R12: ffff888001932720
[ 1278.071702][  T228] R13: ffffed10003264e8 R14: 0000000000000000 R15: dffffc0000000000
[ 1278.071940][  T228] FS:  0000000000000000(0000) GS:ffff8880a52bc000(0000) knlGS:0000000000000000
[ 1278.072308][  T228] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1278.072511][  T228] CR2: 00007f1411588f00 CR3: 0000000034736002 CR4: 0000000000772ef0
[ 1278.072757][  T228] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1278.073090][  T228] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1278.073328][  T228] PKRU: 55555554
[ 1278.073448][  T228] Call Trace:
[ 1278.073566][  T228]  <TASK>
[ 1278.073650][  T228]  do_exit+0x767/0xe90
[ 1278.073863][  T228]  ? __pfx_do_exit+0x10/0x10
[ 1278.074028][  T228]  ? do_group_exit+0x183/0x260
[ 1278.074186][  T228]  ? __lock_release+0x5d/0x170
[ 1278.074346][  T228]  ? rcu_is_watching+0x12/0xc0
[ 1278.074594][  T228]  do_group_exit+0xb8/0x260
[ 1278.074753][  T228]  __x64_sys_exit_group+0x3e/0x50
[ 1278.074912][  T228]  x64_sys_call+0xf76/0x18a0
[ 1278.075071][  T228]  do_syscall_64+0xc1/0x380
[ 1278.075316][  T228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.075513][  T228] RIP: 0033:0x7f1411607abd
[ 1278.075680][  T228] Code: Unable to access opcode bytes at 0x7f1411607a93.
[ 1278.075886][  T228] RSP: 002b:00007ffc4eda10d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1278.076124][  T228] RAX: ffffffffffffffda RBX: 00007f14116e49c0 RCX: 00007f1411607abd
[ 1278.076358][  T228] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1278.076689][  T228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000030
[ 1278.076923][  T228] R10: 00007ffc4eda0f60 R11: 0000000000000246 R12: 00007f14116e49c0
[ 1278.077159][  T228] R13: 00007f14116e9ee0 R14: 0000000000000001 R15: 00007f14116e9ec8
[ 1278.077489][  T228]  </TASK>
[ 1278.077609][  T228] Modules linked in: bridge stp llc 8021q vrf veth
[ 1278.077826][  T228] ---[ end trace 0000000000000000 ]---
[ 1278.078083][  T228] RIP: 0010:account_kernel_stack.isra.0+0xa9/0x140
[ 1278.078289][  T228] Code: be 25 00 00 00 49 83 c6 08 e8 b3 c4 72 00 49 83 fe 40 74 4a 41 80 7d 00 00 75 56 49 8b 5c 24 20 4c 01 f3 48 89 da 48 c1 ea 03 <42> 80 3c 3a 00 75 5c 48 8b 3b 48 89 fa 48 c1 ea 03 42 80 3c 3a 00
[ 1278.079041][  T228] RSP: 0018:ffffc90000a67e00 EFLAGS: 00010206
[ 1278.079326][  T228] RAX: 0000000000000001 RBX: 000000001033f000 RCX: ffffffff84a7398a
[ 1278.079561][  T228] RDX: 0000000002067e00 RSI: 0000000000000008 RDI: ffffffff89fb2600
[ 1278.079794][  T228] RBP: fffffffffffffffc R08: 0000000000000001 R09: fffffbfff13f64c0
[ 1278.080031][  T228] R10: ffffffff89fb2607 R11: ffffc90000a67900 R12: ffff888001932720
[ 1278.080265][  T228] R13: ffffed10003264e8 R14: 0000000000000000 R15: dffffc0000000000
[ 1278.080603][  T228] FS:  0000000000000000(0000) GS:ffff8880a52bc000(0000) knlGS:0000000000000000
[ 1278.080887][  T228] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1278.081082][  T228] CR2: 00007f1411588f00 CR3: 0000000034736002 CR4: 0000000000772ef0
[ 1278.081404][  T228] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1278.081638][  T228] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1278.081971][  T228] PKRU: 55555554
[ 1278.082091][  T228] Kernel panic - not syncing: Fatal exception
[ 1278.082467][  T228] Kernel Offset: 0x3400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1278.082925][  T228] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr