[ 18.108916][ T261] ip (261) used greatest stack depth: 23648 bytes left
[ 24.133732][ T314] gre: GRE over IPv4 demultiplexer driver
[ 24.157812][ T314] ip_gre: GRE over IPv4 tunneling driver
[ 25.347968][ T324] GACT probability NOT on
[ 25.739113][ T327] ip6_gre: GRE over IPv6 tunneling driver
[ 26.014032][ T187] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.266859][ T187] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.554936][ T187] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.906752][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.716109][ T341] br1: port 1(veth1) entered blocking state
[ 27.717265][ T341] br1: port 1(veth1) entered disabled state
[ 27.717877][ T341] veth1: entered allmulticast mode
[ 27.721500][ T341] veth1: entered promiscuous mode
[ 27.869248][ T45] br1: port 1(veth1) entered blocking state
[ 27.870026][ T45] br1: port 1(veth1) entered forwarding state
[ 27.931469][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.932614][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.999510][ T343] br1: port 2(veth2) entered blocking state
[ 28.000013][ T343] br1: port 2(veth2) entered disabled state
[ 28.000828][ T343] veth2: entered allmulticast mode
[ 28.004334][ T343] veth2: entered promiscuous mode
[ 28.137811][ T38] br1: port 2(veth2) entered blocking state
[ 28.138532][ T38] br1: port 2(veth2) entered forwarding state
[ 28.507411][ T187] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 28.964860][ T187] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 29.218899][ T70] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 29.323823][ T187] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 32.219005][ C0] ip6_tnl_xmit_ctl: 3 callbacks suppressed
[ 32.219017][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 36.578009][ T378] Mirror/redirect action on
[ 40.923196][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 58.330617][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 91.610786][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 128.580499][ T797] ==================================================================
[ 128.580859][ T797] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 128.581167][ T797] Read of size 1 at addr ffff88800bddc6ac by task ip/797
[ 128.581418][ T797]
[ 128.581548][ T797] CPU: 3 UID: 0 PID: 797 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 128.581553][ T797] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 128.581555][ T797] Call Trace:
[ 128.581558][ T797]
[ 128.581560][ T797] dump_stack_lvl+0x82/0xc0
[ 128.581566][ T797] print_address_description.constprop.0+0x2c/0x3a0
[ 128.581573][ T797] ? kobject_put+0xbb/0xd0
[ 128.581576][ T797] print_report+0xb4/0x270
[ 128.581580][ T797] ? kobject_put+0xbb/0xd0
[ 128.581583][ T797] ? kasan_addr_to_slab+0x21/0x70
[ 128.581586][ T797] ? kobject_put+0xbb/0xd0
[ 128.581589][ T797] kasan_report+0xca/0x100
[ 128.581592][ T797] ? kobject_put+0xbb/0xd0
[ 128.581598][ T797] kobject_put+0xbb/0xd0
[ 128.581601][ T797] netdev_run_todo+0x5f0/0xc60
[ 128.581606][ T797] ? dev_ingress_queue_create+0x190/0x190
[ 128.581609][ T797] ? generic_xdp_install+0x410/0x410
[ 128.581612][ T797] ? unregister_netdevice_many+0x20/0x20
[ 128.581616][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.581627][ T797] rtnl_dellink+0x350/0xa30
[ 128.581631][ T797] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 128.581650][ T797] ? find_held_lock+0x2b/0x80
[ 128.581655][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.581661][ T797] ? find_held_lock+0x2b/0x80
[ 128.581665][ T797] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 128.581667][ T797] ? __lock_release+0x5d/0x170
[ 128.581672][ T797] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 128.581675][ T797] rtnetlink_rcv_msg+0x709/0xc00
[ 128.581679][ T797] ? rtnl_port_fill+0x850/0x850
[ 128.581682][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.581689][ T797] netlink_rcv_skb+0x121/0x340
[ 128.581694][ T797] ? rtnl_port_fill+0x850/0x850
[ 128.581697][ T797] ? netlink_ack+0xdd0/0xdd0
[ 128.581703][ T797] ? netlink_deliver_tap+0x13e/0x340
[ 128.581706][ T797] ? netlink_deliver_tap+0xc3/0x340
[ 128.581712][ T797] netlink_unicast+0x4aa/0x780
[ 128.581718][ T797] ? netlink_attachskb+0x810/0x810
[ 128.581722][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.581730][ T797] netlink_sendmsg+0x714/0xbd0
[ 128.581737][ T797] ? netlink_unicast+0x780/0x780
[ 128.581742][ T797] ? __import_iovec+0x230/0x3b0
[ 128.581750][ T797] ? netlink_unicast+0x780/0x780
[ 128.581754][ T797] ____sys_sendmsg+0x3dd/0x890
[ 128.581762][ T797] ? get_timestamp.constprop.0+0x380/0x380
[ 128.581766][ T797] ? __copy_msghdr+0x3c0/0x3c0
[ 128.581780][ T797] ___sys_sendmsg+0xed/0x170
[ 128.581784][ T797] ? kasan_record_aux_stack+0x8c/0xa0
[ 128.581787][ T797] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 128.581794][ T797] ? copy_msghdr_from_user+0x110/0x110
[ 128.581799][ T797] ? find_held_lock+0x2b/0x80
[ 128.581804][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.581809][ T797] ? find_held_lock+0x2b/0x80
[ 128.581813][ T797] ? __virt_addr_valid+0x22a/0x450
[ 128.581819][ T797] ? __lock_release+0x5d/0x170
[ 128.581825][ T797] __sys_sendmsg+0x10b/0x1a0
[ 128.581828][ T797] ? __call_rcu_common.constprop.0+0x318/0x630
[ 128.581832][ T797] ? __sys_sendmsg_sock+0x20/0x20
[ 128.581840][ T797] ? rcu_is_watching+0x12/0xb0
[ 128.581844][ T797] do_syscall_64+0xc1/0xfd0
[ 128.581850][ T797] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 128.581854][ T797] RIP: 0033:0x7ff3c23c51d7
[ 128.581860][ T797] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 128.581863][ T797] RSP: 002b:00007ffc256be198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 128.581867][ T797] RAX: ffffffffffffffda RBX: 00007ffc256be8c0 RCX: 00007ff3c23c51d7
[ 128.581870][ T797] RDX: 0000000000000000 RSI: 00007ffc256be200 RDI: 0000000000000005
[ 128.581871][ T797] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 128.581873][ T797] R10: 00007ff3c22c1f60 R11: 0000000000000246 R12: 0000000000000002
[ 128.581875][ T797] R13: 00000000690deafa R14: 0000000000499600 R15: 0000000000000000
[ 128.581881][ T797]
[ 128.581883][ T797]
[ 128.596324][ T797] Allocated by task 349:
[ 128.596474][ T797] kasan_save_stack+0x24/0x40
[ 128.596672][ T797] kasan_save_track+0x14/0x30
[ 128.596872][ T797] __kasan_kmalloc+0x7b/0x90
[ 128.597057][ T797] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 128.597272][ T797] alloc_netdev_mqs+0x7d/0x1370
[ 128.597511][ T797] rtnl_create_link+0xa9e/0xe20
[ 128.597702][ T797] rtnl_newlink_create+0x203/0x770
[ 128.597911][ T797] __rtnl_newlink+0x231/0xa30
[ 128.598087][ T797] rtnl_newlink+0x693/0xa60
[ 128.598293][ T797] rtnetlink_rcv_msg+0x709/0xc00
[ 128.598493][ T797] netlink_rcv_skb+0x121/0x340
[ 128.598690][ T797] netlink_unicast+0x4aa/0x780
[ 128.598885][ T797] netlink_sendmsg+0x714/0xbd0
[ 128.599099][ T797] ____sys_sendmsg+0x3dd/0x890
[ 128.599306][ T797] ___sys_sendmsg+0xed/0x170
[ 128.599537][ T797] __sys_sendmsg+0x10b/0x1a0
[ 128.599713][ T797] do_syscall_64+0xc1/0xfd0
[ 128.599925][ T797] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 128.600202][ T797]
[ 128.600310][ T797] Freed by task 797:
[ 128.600450][ T797] kasan_save_stack+0x24/0x40
[ 128.600649][ T797] kasan_save_track+0x14/0x30
[ 128.600831][ T797] __kasan_save_free_info+0x3b/0x60
[ 128.601009][ T797] __kasan_slab_free+0x3f/0x60
[ 128.601183][ T797] kfree+0x21d/0x540
[ 128.601325][ T797] device_release+0x9c/0x210
[ 128.601582][ T797] kobject_cleanup+0xfe/0x360
[ 128.601873][ T797] netdev_run_todo+0x81f/0xc60
[ 128.602136][ T797] rtnl_dellink+0x350/0xa30
[ 128.602367][ T797] rtnetlink_rcv_msg+0x709/0xc00
[ 128.602600][ T797] netlink_rcv_skb+0x121/0x340
[ 128.602826][ T797] netlink_unicast+0x4aa/0x780
[ 128.603115][ T797] netlink_sendmsg+0x714/0xbd0
[ 128.603364][ T797] ____sys_sendmsg+0x3dd/0x890
[ 128.603612][ T797] ___sys_sendmsg+0xed/0x170
[ 128.603837][ T797] __sys_sendmsg+0x10b/0x1a0
[ 128.604073][ T797] do_syscall_64+0xc1/0xfd0
[ 128.604419][ T797] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 128.604691][ T797]
[ 128.604889][ T797] The buggy address belongs to the object at ffff88800bddc000
[ 128.604889][ T797] which belongs to the cache kmalloc-4k of size 4096
[ 128.605422][ T797] The buggy address is located 1708 bytes inside of
[ 128.605422][ T797] freed 4096-byte region [ffff88800bddc000, ffff88800bddd000)
[ 128.605988][ T797]
[ 128.606186][ T797] The buggy address belongs to the physical page:
[ 128.606431][ T797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbdd8
[ 128.606777][ T797] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 128.607282][ T797] flags: 0x80000000000040(head|node=0|zone=1)
[ 128.607636][ T797] page_type: f5(slab)
[ 128.607793][ T797] raw: 0080000000000040 ffff888001043700 ffffea0000303610 ffffea00001f3010
[ 128.608137][ T797] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 128.608474][ T797] head: 0080000000000040 ffff888001043700 ffffea0000303610 ffffea00001f3010
[ 128.608824][ T797] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 128.609148][ T797] head: 0080000000000003 ffffea00002f7601 00000000ffffffff 00000000ffffffff
[ 128.609510][ T797] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 128.609850][ T797] page dumped because: kasan: bad access detected
[ 128.610080][ T797]
[ 128.610179][ T797] Memory state around the buggy address:
[ 128.610363][ T797] ffff88800bddc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.610703][ T797] ffff88800bddc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.611091][ T797] >ffff88800bddc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.611502][ T797] ^
[ 128.611749][ T797] ffff88800bddc700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.612114][ T797] ffff88800bddc780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 128.612396][ T797] ==================================================================
[ 128.612957][ T797] Disabling lock debugging due to kernel taint
[ 128.613466][ T797] ------------[ cut here ]------------
[ 128.613787][ T797] refcount_t: underflow; use-after-free.
[ 128.614155][ T797] WARNING: CPU: 2 PID: 797 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 128.614734][ T797] Modules linked in: cls_flower act_mirred bridge stp llc ip6_gre ip6_tunnel tunnel6 act_gact cls_matchall ip_gre gre sch_ingress vrf veth
[ 128.615621][ T797] CPU: 2 UID: 0 PID: 797 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 128.616256][ T797] Tainted: [B]=BAD_PAGE
[ 128.616546][ T797] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 128.616946][ T797] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 128.617330][ T797] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 85 96 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 128.618393][ T797] RSP: 0018:ffffc900011cf1f0 EFLAGS: 00010286
[ 128.618821][ T797] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 128.619295][ T797] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 128.619763][ T797] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff2e3e134
[ 128.620228][ T797] R10: 0000000000000003 R11: ffffc900011ced80 R12: 0000000000000001
[ 128.620705][ T797] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 128.621157][ T797] FS: 00007ff3c21f7800(0000) GS:ffff88809dcf2000(0000) knlGS:0000000000000000
[ 128.621704][ T797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 128.622111][ T797] CR2: 00007ff3c25c5050 CR3: 000000000c09b004 CR4: 0000000000772ef0
[ 128.622761][ T797] PKRU: 55555554
[ 128.623002][ T797] Call Trace:
[ 128.623229][ T797]
[ 128.623430][ T797] netdev_run_todo+0x5f0/0xc60
[ 128.623934][ T797] ? dev_ingress_queue_create+0x190/0x190
[ 128.624263][ T797] ? generic_xdp_install+0x410/0x410
[ 128.624604][ T797] ? unregister_netdevice_many+0x20/0x20
[ 128.624924][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.625444][ T797] rtnl_dellink+0x350/0xa30
[ 128.625740][ T797] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 128.626126][ T797] ? find_held_lock+0x2b/0x80
[ 128.626462][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.626951][ T797] ? find_held_lock+0x2b/0x80
[ 128.627277][ T797] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 128.627604][ T797] ? __lock_release+0x5d/0x170
[ 128.627936][ T797] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 128.628510][ T797] rtnetlink_rcv_msg+0x709/0xc00
[ 128.628788][ T797] ? rtnl_port_fill+0x850/0x850
[ 128.629118][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.629639][ T797] netlink_rcv_skb+0x121/0x340
[ 128.629973][ T797] ? rtnl_port_fill+0x850/0x850
[ 128.630482][ T797] ? netlink_ack+0xdd0/0xdd0
[ 128.630810][ T797] ? netlink_deliver_tap+0x13e/0x340
[ 128.631112][ T797] ? netlink_deliver_tap+0xc3/0x340
[ 128.631441][ T797] netlink_unicast+0x4aa/0x780
[ 128.631769][ T797] ? netlink_attachskb+0x810/0x810
[ 128.632086][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.632470][ T797] netlink_sendmsg+0x714/0xbd0
[ 128.632770][ T797] ? netlink_unicast+0x780/0x780
[ 128.633064][ T797] ? __import_iovec+0x230/0x3b0
[ 128.633410][ T797] ? netlink_unicast+0x780/0x780
[ 128.633703][ T797] ____sys_sendmsg+0x3dd/0x890
[ 128.634168][ T797] ? get_timestamp.constprop.0+0x380/0x380
[ 128.634543][ T797] ? __copy_msghdr+0x3c0/0x3c0
[ 128.634893][ T797] ___sys_sendmsg+0xed/0x170
[ 128.635364][ T797] ? kasan_record_aux_stack+0x8c/0xa0
[ 128.635695][ T797] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 128.636037][ T797] ? copy_msghdr_from_user+0x110/0x110
[ 128.636362][ T797] ? find_held_lock+0x2b/0x80
[ 128.636867][ T797] ? __lock_acquire+0x449/0x7e0
[ 128.637125][ T797] ? find_held_lock+0x2b/0x80
[ 128.637423][ T797] ? __virt_addr_valid+0x22a/0x450
[ 128.637617][ T797] ? __lock_release+0x5d/0x170
[ 128.637930][ T797] __sys_sendmsg+0x10b/0x1a0
[ 128.638125][ T797] ? __call_rcu_common.constprop.0+0x318/0x630
[ 128.638393][ T797] ? __sys_sendmsg_sock+0x20/0x20
[ 128.638632][ T797] ? rcu_is_watching+0x12/0xb0
[ 128.638964][ T797] do_syscall_64+0xc1/0xfd0
[ 128.639161][ T797] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 128.639416][ T797] RIP: 0033:0x7ff3c23c51d7
[ 128.639625][ T797] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 128.640453][ T797] RSP: 002b:00007ffc256be198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 128.640956][ T797] RAX: ffffffffffffffda RBX: 00007ffc256be8c0 RCX: 00007ff3c23c51d7
[ 128.641447][ T797] RDX: 0000000000000000 RSI: 00007ffc256be200 RDI: 0000000000000005
[ 128.641907][ T797] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 128.642552][ T797] R10: 00007ff3c22c1f60 R11: 0000000000000246 R12: 0000000000000002
[ 128.642952][ T797] R13: 00000000690deafa R14: 0000000000499600 R15: 0000000000000000
[ 128.643597][ T797]
[ 128.643876][ T797] irq event stamp: 45461
[ 128.644109][ T797] hardirqs last enabled at (45461): [] finish_task_switch.isra.0+0x245/0x960
[ 128.644927][ T797] hardirqs last disabled at (45460): [] __schedule+0x94a/0x1b10
[ 128.645476][ T797] softirqs last enabled at (45380): [] handle_softirqs+0x352/0x610
[ 128.646004][ T797] softirqs last disabled at (45375): [] irq_exit_rcu+0xab/0x100
[ 128.646698][ T797] ---[ end trace 0000000000000000 ]---
[ 128.965190][ T802] br1: port 1(veth1) entered disabled state
[ 129.041806][ T803] br1: port 2(veth2) entered disabled state
[ 129.139114][ T804] veth2: left allmulticast mode
[ 129.139730][ T804] veth2: left promiscuous mode
[ 129.140221][ T804] br1: port 2(veth2) entered disabled state
[ 129.141996][ T804] veth1: left allmulticast mode
[ 129.142306][ T804] veth1: left promiscuous mode
[ 129.142764][ T804] br1: port 1(veth1) entered disabled state