[ 22.217496][ T308] GACT probability NOT on
[ 41.705041][ T671] 8021q: 802.1Q VLAN Support v1.8
[ 43.563917][ T694] ==================================================================
[ 43.564281][ T694] BUG: KASAN: slab-use-after-free in fib_table_flush+0x7e4/0xb70
[ 43.564558][ T694] Read of size 1 at addr ffff888001932745 by task ip/694
[ 43.564782][ T694]
[ 43.564875][ T694] CPU: 0 UID: 0 PID: 694 Comm: ip Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full)
[ 43.564880][ T694] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 43.564882][ T694] Call Trace:
[ 43.564884][ T694]
[ 43.564885][ T694] dump_stack_lvl+0x82/0xd0
[ 43.564892][ T694] print_address_description.constprop.0+0x2c/0x400
[ 43.564900][ T694] ? fib_table_flush+0x7e4/0xb70
[ 43.564904][ T694] print_report+0xb4/0x270
[ 43.564908][ T694] ? fib_table_flush+0x7e4/0xb70
[ 43.564911][ T694] ? kasan_addr_to_slab+0x25/0x80
[ 43.564915][ T694] ? fib_table_flush+0x7e4/0xb70
[ 43.564918][ T694] kasan_report+0xca/0x100
[ 43.564922][ T694] ? fib_table_flush+0x7e4/0xb70
[ 43.564928][ T694] fib_table_flush+0x7e4/0xb70
[ 43.564934][ T694] ? __pfx_fib_table_flush+0x10/0x10
[ 43.564938][ T694] ? __pfx_fib_sync_down_dev+0x10/0x10
[ 43.564944][ T694] fib_flush+0x86/0x110
[ 43.564950][ T694] fib_netdev_event+0x17d/0x5a0
[ 43.564953][ T694] notifier_call_chain+0xd0/0x150
[ 43.564961][ T694] dev_close_many+0x2d7/0x650
[ 43.564966][ T694] ? rtnetlink_rcv_msg+0x713/0xc00
[ 43.564969][ T694] ? netlink_rcv_skb+0x124/0x350
[ 43.564973][ T694] ? netlink_unicast+0x44c/0x710
[ 43.564976][ T694] ? netlink_sendmsg+0x721/0xbe0
[ 43.564979][ T694] ? __pfx_dev_close_many+0x10/0x10
[ 43.564981][ T694] ? do_syscall_64+0xc1/0x380
[ 43.564985][ T694] ? find_held_lock+0x2b/0x80
[ 43.564992][ T694] unregister_netdevice_many_notify+0x9c4/0x1c00
[ 43.564999][ T694] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 43.565003][ T694] ? __virt_addr_valid+0x22e/0x450
[ 43.565007][ T694] ? __lock_release+0x5d/0x170
[ 43.565014][ T694] ? __call_rcu_common.constprop.0+0x2b1/0x610
[ 43.565019][ T694] ? lockdep_hardirqs_on+0x7c/0x110
[ 43.565024][ T694] rtnl_dellink+0x340/0xa30
[ 43.565030][ T694] ? __pfx_rtnl_dellink+0x10/0x10
[ 43.565048][ T694] ? find_held_lock+0x2b/0x80
[ 43.565053][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.565059][ T694] ? find_held_lock+0x2b/0x80
[ 43.565062][ T694] ? rtnetlink_rcv_msg+0x6ed/0xc00
[ 43.565065][ T694] ? __lock_release+0x5d/0x170
[ 43.565069][ T694] ? __pfx_rtnl_dellink+0x10/0x10
[ 43.565072][ T694] rtnetlink_rcv_msg+0x713/0xc00
[ 43.565076][ T694] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 43.565080][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.565085][ T694] netlink_rcv_skb+0x124/0x350
[ 43.565088][ T694] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 43.565092][ T694] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 43.565099][ T694] ? netlink_deliver_tap+0x13e/0x340
[ 43.565101][ T694] ? netlink_deliver_tap+0xc3/0x340
[ 43.565105][ T694] netlink_unicast+0x44c/0x710
[ 43.565110][ T694] ? __pfx_netlink_unicast+0x10/0x10
[ 43.565113][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.565117][ T694] netlink_sendmsg+0x721/0xbe0
[ 43.565122][ T694] ? __pfx_netlink_sendmsg+0x10/0x10
[ 43.565126][ T694] ? __import_iovec+0x238/0x3c0
[ 43.565132][ T694] ____sys_sendmsg+0x7ad/0xa10
[ 43.565138][ T694] ? __pfx_____sys_sendmsg+0x10/0x10
[ 43.565141][ T694] ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 43.565148][ T694] ___sys_sendmsg+0xed/0x170
[ 43.565151][ T694] ? kasan_record_aux_stack+0x8c/0xa0
[ 43.565154][ T694] ? __call_rcu_common.constprop.0+0xa1/0x610
[ 43.565157][ T694] ? __pfx____sys_sendmsg+0x10/0x10
[ 43.565162][ T694] ? find_held_lock+0x2b/0x80
[ 43.565166][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.565171][ T694] ? find_held_lock+0x2b/0x80
[ 43.565175][ T694] ? __virt_addr_valid+0x22e/0x450
[ 43.565178][ T694] ? __lock_release+0x5d/0x170
[ 43.565183][ T694] __sys_sendmsg+0x10b/0x1a0
[ 43.565186][ T694] ? __call_rcu_common.constprop.0+0x2b1/0x610
[ 43.565189][ T694] ? __pfx___sys_sendmsg+0x10/0x10
[ 43.565196][ T694] ? rcu_is_watching+0x12/0xc0
[ 43.565201][ T694] do_syscall_64+0xc1/0x380
[ 43.565204][ T694] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.565208][ T694] RIP: 0033:0x7f88709dc9a7
[ 43.565212][ T694] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 43.565214][ T694] RSP: 002b:00007ffd153efb68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 43.565218][ T694] RAX: ffffffffffffffda RBX: 00007ffd153f0290 RCX: 00007f88709dc9a7
[ 43.565221][ T694] RDX: 0000000000000000 RSI: 00007ffd153efbd0 RDI: 0000000000000005
[ 43.565222][ T694] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 43.565224][ T694] R10: 00007f887089aef8 R11: 0000000000000246 R12: 0000000000000002
[ 43.565226][ T694] R13: 000000006854984d R14: 0000000000499600 R15: 0000000000000000
[ 43.565232][ T694]
[ 43.565233][ T694]
[ 43.580720][ T694] Allocated by task 690:
[ 43.580855][ T694] kasan_save_stack+0x24/0x50
[ 43.581039][ T694] kasan_save_track+0x14/0x30
[ 43.581219][ T694] __kasan_kmalloc+0x7f/0x90
[ 43.581398][ T694] __kmalloc_noprof+0x1d4/0x470
[ 43.581580][ T694] virtqueue_add_split+0x6a3/0x1920
[ 43.581760][ T694] virtqueue_add_sgs+0x143/0x270
[ 43.581941][ T694] virtio_fs_enqueue_req+0x58c/0xfe0
[ 43.582123][ T694] virtio_fs_send_req+0x13a/0x710
[ 43.582303][ T694] __fuse_simple_request+0x22a/0xb50
[ 43.582483][ T694] fuse_readlink_folio+0x20b/0x400
[ 43.582663][ T694] fuse_get_link+0x12d/0x350
[ 43.582841][ T694] pick_link+0x7a2/0x1160
[ 43.582979][ T694] step_into+0x85a/0xfc0
[ 43.583114][ T694] link_path_walk+0x3c2/0xa10
[ 43.583297][ T694] path_openat+0x14d/0x380
[ 43.583476][ T694] do_filp_open+0x1d7/0x420
[ 43.583655][ T694] do_sys_openat2+0xd4/0x160
[ 43.583836][ T694] __x64_sys_openat+0x122/0x1e0
[ 43.584014][ T694] do_syscall_64+0xc1/0x380
[ 43.584192][ T694] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.584424][ T694]
[ 43.584513][ T694] Freed by task 70:
[ 43.584648][ T694] kasan_save_stack+0x24/0x50
[ 43.584830][ T694] kasan_save_track+0x14/0x30
[ 43.585009][ T694] kasan_save_free_info+0x3b/0x60
[ 43.585189][ T694] __kasan_slab_free+0x38/0x50
[ 43.585367][ T694] kfree+0x144/0x320
[ 43.585503][ T694] detach_buf_split+0x48d/0x6f0
[ 43.585684][ T694] virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 43.585909][ T694] virtio_fs_requests_done_work+0x231/0x890
[ 43.586135][ T694] process_one_work+0xe43/0x1660
[ 43.586319][ T694] worker_thread+0x591/0xcf0
[ 43.586499][ T694] kthread+0x37b/0x600
[ 43.586635][ T694] ret_from_fork+0x243/0x320
[ 43.586817][ T694] ret_from_fork_asm+0x1a/0x30
[ 43.586997][ T694]
[ 43.587086][ T694] The buggy address belongs to the object at ffff888001932720
[ 43.587086][ T694] which belongs to the cache kmalloc-96 of size 96
[ 43.587535][ T694] The buggy address is located 37 bytes inside of
[ 43.587535][ T694] freed 96-byte region [ffff888001932720, ffff888001932780)
[ 43.587968][ T694]
[ 43.588058][ T694] The buggy address belongs to the physical page:
[ 43.588286][ T694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888001932b20 pfn:0x1932
[ 43.588673][ T694] flags: 0x80000000000200(workingset|node=0|zone=1)
[ 43.588904][ T694] page_type: f5(slab)
[ 43.589050][ T694] raw: 0080000000000200 ffff888001042340 ffffea00000ab050 ffffea0000165ad0
[ 43.589378][ T694] raw: ffff888001932b20 000000000010000f 00000000f5000000 0000000000000000
[ 43.589702][ T694] page dumped because: kasan: bad access detected
[ 43.589931][ T694]
[ 43.590020][ T694] Memory state around the buggy address:
[ 43.590193][ T694] ffff888001932600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[ 43.590459][ T694] ffff888001932680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.590845][ T694] >ffff888001932700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 43.591110][ T694] ^
[ 43.591327][ T694] ffff888001932780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 43.591699][ T694] ffff888001932800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[ 43.591957][ T694] ==================================================================
[ 43.592992][ T694] Disabling lock debugging due to kernel taint
[ 43.593229][ T694] Oops: general protection fault, probably for non-canonical address 0xe0005c00400001ff: 0000 [#1] SMP KASAN NOPTI
[ 43.593610][ T694] KASAN: maybe wild-memory-access in range [0x0003000200000ff8-0x0003000200000fff]
[ 43.593908][ T694] CPU: 0 UID: 0 PID: 694 Comm: ip Tainted: G B 6.16.0-rc2-virtme #1 PREEMPT(full)
[ 43.594259][ T694] Tainted: [B]=BAD_PAGE
[ 43.594389][ T694] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 43.594602][ T694] RIP: 0010:fib_table_flush+0x267/0xb70
[ 43.594793][ T694] Code: 0f 85 ac 06 00 00 49 8b 6e 08 48 85 ed 0f 84 38 03 00 00 4c 89 64 24 40 49 89 ec 44 89 dd 4c 89 e0 4c 89 6c 24 48 48 c1 e8 03 <80> 3c 18 00 0f 85 a5 02 00 00 4d 8d 5c 24 10 4d 8b 2c 24 4c 89 da
[ 43.595402][ T694] RSP: 0018:ffffc900005c6ef0 EFLAGS: 00010207
[ 43.595621][ T694] RAX: 00006000400001ff RBX: dffffc0000000000 RCX: ffffffff8aa846de
[ 43.595883][ T694] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888001932748
[ 43.596142][ T694] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff1b364c0
[ 43.596400][ T694] R10: ffffffff8d9b2607 R11: 0000000000000000 R12: 0003000200000fff
[ 43.596768][ T694] R13: 0000000000000000 R14: ffff888001932740 R15: ffff88800a6e2f40
[ 43.597025][ T694] FS: 00007f88707d0800(0000) GS:ffff8880a16bc000(0000) knlGS:0000000000000000
[ 43.597432][ T694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.597649][ T694] CR2: 00000000004e5a80 CR3: 000000000ed6f001 CR4: 0000000000772ef0
[ 43.597911][ T694] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.598278][ T694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.598541][ T694] PKRU: 55555554
[ 43.598669][ T694] Call Trace:
[ 43.598797][ T694]
[ 43.598886][ T694] ? __pfx_fib_table_flush+0x10/0x10
[ 43.599172][ T694] ? __pfx_fib_sync_down_dev+0x10/0x10
[ 43.599371][ T694] fib_flush+0x86/0x110
[ 43.599504][ T694] fib_netdev_event+0x17d/0x5a0
[ 43.599688][ T694] notifier_call_chain+0xd0/0x150
[ 43.599967][ T694] dev_close_many+0x2d7/0x650
[ 43.600139][ T694] ? rtnetlink_rcv_msg+0x713/0xc00
[ 43.600309][ T694] ? netlink_rcv_skb+0x124/0x350
[ 43.600479][ T694] ? netlink_unicast+0x44c/0x710
[ 43.600757][ T694] ? netlink_sendmsg+0x721/0xbe0
[ 43.600929][ T694] ? __pfx_dev_close_many+0x10/0x10
[ 43.601099][ T694] ? do_syscall_64+0xc1/0x380
[ 43.601269][ T694] ? find_held_lock+0x2b/0x80
[ 43.601548][ T694] unregister_netdevice_many_notify+0x9c4/0x1c00
[ 43.601763][ T694] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 43.601979][ T694] ? __virt_addr_valid+0x22e/0x450
[ 43.602257][ T694] ? __lock_release+0x5d/0x170
[ 43.602430][ T694] ? __call_rcu_common.constprop.0+0x2b1/0x610
[ 43.602642][ T694] ? lockdep_hardirqs_on+0x7c/0x110
[ 43.602815][ T694] rtnl_dellink+0x340/0xa30
[ 43.603091][ T694] ? __pfx_rtnl_dellink+0x10/0x10
[ 43.603281][ T694] ? find_held_lock+0x2b/0x80
[ 43.603455][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.603627][ T694] ? find_held_lock+0x2b/0x80
[ 43.603907][ T694] ? rtnetlink_rcv_msg+0x6ed/0xc00
[ 43.604075][ T694] ? __lock_release+0x5d/0x170
[ 43.604244][ T694] ? __pfx_rtnl_dellink+0x10/0x10
[ 43.604415][ T694] rtnetlink_rcv_msg+0x713/0xc00
[ 43.604698][ T694] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 43.604871][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.605043][ T694] netlink_rcv_skb+0x124/0x350
[ 43.605216][ T694] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 43.605492][ T694] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 43.605666][ T694] ? netlink_deliver_tap+0x13e/0x340
[ 43.605837][ T694] ? netlink_deliver_tap+0xc3/0x340
[ 43.606006][ T694] netlink_unicast+0x44c/0x710
[ 43.606282][ T694] ? __pfx_netlink_unicast+0x10/0x10
[ 43.606453][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.606634][ T694] netlink_sendmsg+0x721/0xbe0
[ 43.606805][ T694] ? __pfx_netlink_sendmsg+0x10/0x10
[ 43.607080][ T694] ? __import_iovec+0x238/0x3c0
[ 43.607253][ T694] ____sys_sendmsg+0x7ad/0xa10
[ 43.607426][ T694] ? __pfx_____sys_sendmsg+0x10/0x10
[ 43.607596][ T694] ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 43.607921][ T694] ___sys_sendmsg+0xed/0x170
[ 43.608096][ T694] ? kasan_record_aux_stack+0x8c/0xa0
[ 43.608268][ T694] ? __call_rcu_common.constprop.0+0xa1/0x610
[ 43.608485][ T694] ? __pfx____sys_sendmsg+0x10/0x10
[ 43.608762][ T694] ? find_held_lock+0x2b/0x80
[ 43.608935][ T694] ? __lock_acquire+0x44d/0x7e0
[ 43.609106][ T694] ? find_held_lock+0x2b/0x80
[ 43.609277][ T694] ? __virt_addr_valid+0x22e/0x450
[ 43.609555][ T694] ? __lock_release+0x5d/0x170
[ 43.609730][ T694] __sys_sendmsg+0x10b/0x1a0
[ 43.609899][ T694] ? __call_rcu_common.constprop.0+0x2b1/0x610
[ 43.610215][ T694] ? __pfx___sys_sendmsg+0x10/0x10
[ 43.610390][ T694] ? rcu_is_watching+0x12/0xc0
[ 43.610561][ T694] do_syscall_64+0xc1/0x380
[ 43.610731][ T694] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 43.611048][ T694] RIP: 0033:0x7f88709dc9a7
[ 43.611228][ T694] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 43.611949][ T694] RSP: 002b:00007ffd153efb68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 43.612210][ T694] RAX: ffffffffffffffda RBX: 00007ffd153f0290 RCX: 00007f88709dc9a7
[ 43.612471][ T694] RDX: 0000000000000000 RSI: 00007ffd153efbd0 RDI: 0000000000000005
[ 43.612837][ T694] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 43.613094][ T694] R10: 00007f887089aef8 R11: 0000000000000246 R12: 0000000000000002
[ 43.613466][ T694] R13: 000000006854984d R14: 0000000000499600 R15: 0000000000000000
[ 43.613730][ T694]
[ 43.613859][ T694] Modules linked in: 8021q act_gact cls_flower sch_ingress vrf veth
[ 43.614245][ T694] ---[ end trace 0000000000000000 ]---
[ 43.614418][ T694] RIP: 0010:fib_table_flush+0x267/0xb70
[ 43.614593][ T694] Code: 0f 85 ac 06 00 00 49 8b 6e 08 48 85 ed 0f 84 38 03 00 00 4c 89 64 24 40 49 89 ec 44 89 dd 4c 89 e0 4c 89 6c 24 48 48 c1 e8 03 <80> 3c 18 00 0f 85 a5 02 00 00 4d 8d 5c 24 10 4d 8b 2c 24 4c 89 da
[ 43.615313][ T694] RSP: 0018:ffffc900005c6ef0 EFLAGS: 00010207
[ 43.615528][ T694] RAX: 00006000400001ff RBX: dffffc0000000000 RCX: ffffffff8aa846de
[ 43.615894][ T694] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888001932748
[ 43.616145][ T694] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff1b364c0
[ 43.616407][ T694] R10: ffffffff8d9b2607 R11: 0000000000000000 R12: 0003000200000fff
[ 43.616767][ T694] R13: 0000000000000000 R14: ffff888001932740 R15: ffff88800a6e2f40
[ 43.617020][ T694] FS: 00007f88707d0800(0000) GS:ffff8880a16bc000(0000) knlGS:0000000000000000
[ 43.617430][ T694] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.617649][ T694] CR2: 00000000004e5a80 CR3: 000000000ed6f001 CR4: 0000000000772ef0
[ 43.617904][ T694] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.618271][ T694] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.618528][ T694] PKRU: 55555554
[ 43.618656][ T694] Kernel panic - not syncing: Fatal exception
[ 43.618997][ T694] Kernel Offset: 0x6e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 43.619509][ T694] ---[ end Kernel panic - not syncing: Fatal exception ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr