[ 17.623002][ T250] ip (250) used greatest stack depth: 24400 bytes left
[ 23.839133][ T310] 8021q: 802.1Q VLAN Support v1.8
[ 25.227241][ T321] gre: GRE over IPv4 demultiplexer driver
[ 25.255659][ T321] ip_gre: GRE over IPv4 tunneling driver
[ 31.339241][ T367] ip (367) used greatest stack depth: 24296 bytes left
[ 34.380380][ T387] GACT probability NOT on
[ 130.554917][ T661] ==================================================================
[ 130.555485][ T661] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 130.555979][ T661] Read of size 1 at addr ffff8880074a96ac by task ip/661
[ 130.556306][ T661]
[ 130.556425][ T661] CPU: 0 UID: 0 PID: 661 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 130.556431][ T661] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 130.556436][ T661] Call Trace:
[ 130.556443][ T661]
[ 130.556445][ T661] dump_stack_lvl+0x82/0xc0
[ 130.556458][ T661] print_address_description.constprop.0+0x2c/0x3a0
[ 130.556475][ T661] ? kobject_put+0xbb/0xd0
[ 130.556480][ T661] print_report+0xb4/0x270
[ 130.556483][ T661] ? kobject_put+0xbb/0xd0
[ 130.556486][ T661] ? kasan_addr_to_slab+0x21/0x70
[ 130.556490][ T661] ? kobject_put+0xbb/0xd0
[ 130.556493][ T661] kasan_report+0xca/0x100
[ 130.556497][ T661] ? kobject_put+0xbb/0xd0
[ 130.556502][ T661] kobject_put+0xbb/0xd0
[ 130.556506][ T661] netdev_run_todo+0x5f0/0xc60
[ 130.556514][ T661] ? dev_ingress_queue_create+0x190/0x190
[ 130.556520][ T661] ? generic_xdp_install+0x410/0x410
[ 130.556525][ T661] ? vrf_dellink+0xff/0x150 [vrf]
[ 130.556532][ T661] ? vrf_map_unregister_dev+0x480/0x480 [vrf]
[ 130.556537][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.556551][ T661] rtnl_dellink+0x350/0xa30
[ 130.556559][ T661] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 130.556578][ T661] ? find_held_lock+0x2b/0x80
[ 130.556582][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.556588][ T661] ? find_held_lock+0x2b/0x80
[ 130.556592][ T661] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 130.556595][ T661] ? __lock_release+0x5d/0x170
[ 130.556600][ T661] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 130.556603][ T661] rtnetlink_rcv_msg+0x709/0xc00
[ 130.556607][ T661] ? rtnl_port_fill+0x850/0x850
[ 130.556610][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.556616][ T661] netlink_rcv_skb+0x121/0x340
[ 130.556624][ T661] ? rtnl_port_fill+0x850/0x850
[ 130.556627][ T661] ? netlink_ack+0xdd0/0xdd0
[ 130.556634][ T661] ? netlink_deliver_tap+0x13e/0x340
[ 130.556636][ T661] ? netlink_deliver_tap+0xc3/0x340
[ 130.556640][ T661] netlink_unicast+0x4aa/0x780
[ 130.556644][ T661] ? netlink_attachskb+0x810/0x810
[ 130.556648][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.556654][ T661] netlink_sendmsg+0x714/0xbd0
[ 130.556659][ T661] ? netlink_unicast+0x780/0x780
[ 130.556662][ T661] ? __import_iovec+0x230/0x3b0
[ 130.556673][ T661] ? netlink_unicast+0x780/0x780
[ 130.556676][ T661] ____sys_sendmsg+0x3dd/0x890
[ 130.556689][ T661] ? get_timestamp.constprop.0+0x380/0x380
[ 130.556692][ T661] ? __copy_msghdr+0x3c0/0x3c0
[ 130.556701][ T661] ___sys_sendmsg+0xed/0x170
[ 130.556705][ T661] ? kasan_record_aux_stack+0x8c/0xa0
[ 130.556708][ T661] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 130.556721][ T661] ? copy_msghdr_from_user+0x110/0x110
[ 130.556726][ T661] ? find_held_lock+0x2b/0x80
[ 130.556731][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.556736][ T661] ? find_held_lock+0x2b/0x80
[ 130.556740][ T661] ? __virt_addr_valid+0x22a/0x450
[ 130.556752][ T661] ? __lock_release+0x5d/0x170
[ 130.556758][ T661] __sys_sendmsg+0x10b/0x1a0
[ 130.556761][ T661] ? __call_rcu_common.constprop.0+0x318/0x630
[ 130.556765][ T661] ? __sys_sendmsg_sock+0x20/0x20
[ 130.556773][ T661] ? rcu_is_watching+0x12/0xb0
[ 130.556779][ T661] do_syscall_64+0xc1/0xfd0
[ 130.556789][ T661] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 130.556795][ T661] RIP: 0033:0x7f0bd2b1d1d7
[ 130.556802][ T661] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 130.556805][ T661] RSP: 002b:00007ffdce414498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 130.556812][ T661] RAX: ffffffffffffffda RBX: 00007ffdce414bc0 RCX: 00007f0bd2b1d1d7
[ 130.556814][ T661] RDX: 0000000000000000 RSI: 00007ffdce414500 RDI: 0000000000000005
[ 130.556816][ T661] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 130.556818][ T661] R10: 00007f0bd2a19f60 R11: 0000000000000246 R12: 0000000000000002
[ 130.556820][ T661] R13: 00000000690deb0c R14: 0000000000499600 R15: 0000000000000000
[ 130.556826][ T661]
[ 130.556828][ T661]
[ 130.570931][ T661] Allocated by task 389:
[ 130.571089][ T661] kasan_save_stack+0x24/0x40
[ 130.571298][ T661] kasan_save_track+0x14/0x30
[ 130.571485][ T661] __kasan_kmalloc+0x7b/0x90
[ 130.571664][ T661] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 130.571859][ T661] alloc_netdev_mqs+0x7d/0x1370
[ 130.572049][ T661] rtnl_create_link+0xa9e/0xe20
[ 130.572247][ T661] rtnl_newlink_create+0x203/0x770
[ 130.572441][ T661] __rtnl_newlink+0x231/0xa30
[ 130.572622][ T661] rtnl_newlink+0x693/0xa60
[ 130.572810][ T661] rtnetlink_rcv_msg+0x709/0xc00
[ 130.572996][ T661] netlink_rcv_skb+0x121/0x340
[ 130.573185][ T661] netlink_unicast+0x4aa/0x780
[ 130.573391][ T661] netlink_sendmsg+0x714/0xbd0
[ 130.573580][ T661] ____sys_sendmsg+0x3dd/0x890
[ 130.573767][ T661] ___sys_sendmsg+0xed/0x170
[ 130.573970][ T661] __sys_sendmsg+0x10b/0x1a0
[ 130.574151][ T661] do_syscall_64+0xc1/0xfd0
[ 130.574358][ T661] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 130.574579][ T661]
[ 130.574680][ T661] Freed by task 661:
[ 130.574839][ T661] kasan_save_stack+0x24/0x40
[ 130.575034][ T661] kasan_save_track+0x14/0x30
[ 130.575227][ T661] __kasan_save_free_info+0x3b/0x60
[ 130.575421][ T661] __kasan_slab_free+0x3f/0x60
[ 130.575605][ T661] kfree+0x21d/0x540
[ 130.575743][ T661] device_release+0x9c/0x210
[ 130.575960][ T661] kobject_cleanup+0xfe/0x360
[ 130.576149][ T661] netdev_run_todo+0x81f/0xc60
[ 130.576359][ T661] rtnl_dellink+0x350/0xa30
[ 130.576594][ T661] rtnetlink_rcv_msg+0x709/0xc00
[ 130.576831][ T661] netlink_rcv_skb+0x121/0x340
[ 130.577052][ T661] netlink_unicast+0x4aa/0x780
[ 130.577252][ T661] netlink_sendmsg+0x714/0xbd0
[ 130.577451][ T661] ____sys_sendmsg+0x3dd/0x890
[ 130.577643][ T661] ___sys_sendmsg+0xed/0x170
[ 130.577837][ T661] __sys_sendmsg+0x10b/0x1a0
[ 130.578023][ T661] do_syscall_64+0xc1/0xfd0
[ 130.578218][ T661] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 130.578458][ T661]
[ 130.578562][ T661] The buggy address belongs to the object at ffff8880074a9000
[ 130.578562][ T661] which belongs to the cache kmalloc-4k of size 4096
[ 130.579059][ T661] The buggy address is located 1708 bytes inside of
[ 130.579059][ T661] freed 4096-byte region [ffff8880074a9000, ffff8880074aa000)
[ 130.579623][ T661]
[ 130.579727][ T661] The buggy address belongs to the physical page:
[ 130.579984][ T661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74a8
[ 130.580463][ T661] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 130.580868][ T661] flags: 0x80000000000040(head|node=0|zone=1)
[ 130.581141][ T661] page_type: f5(slab)
[ 130.581360][ T661] raw: 0080000000000040 ffff888001043700 ffffea0000225410 ffffea000007fc10
[ 130.582048][ T661] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 130.582556][ T661] head: 0080000000000040 ffff888001043700 ffffea0000225410 ffffea000007fc10
[ 130.583500][ T661] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 130.584034][ T661] head: 0080000000000003 ffffea00001d2a01 00000000ffffffff 00000000ffffffff
[ 130.584567][ T661] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 130.585247][ T661] page dumped because: kasan: bad access detected
[ 130.585511][ T661]
[ 130.585611][ T661] Memory state around the buggy address:
[ 130.585796][ T661] ffff8880074a9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.586072][ T661] ffff8880074a9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.586360][ T661] >ffff8880074a9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.586741][ T661] ^
[ 130.586930][ T661] ffff8880074a9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.587201][ T661] ffff8880074a9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.587572][ T661] ==================================================================
[ 130.588098][ T661] Disabling lock debugging due to kernel taint
[ 130.588404][ T661] ------------[ cut here ]------------
[ 130.588613][ T661] refcount_t: underflow; use-after-free.
[ 130.588997][ T661] WARNING: CPU: 1 PID: 661 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 130.589385][ T661] Modules linked in: act_gact cls_flower sch_ingress ip_gre gre 8021q vrf veth
[ 130.589772][ T661] CPU: 1 UID: 0 PID: 661 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 130.590181][ T661] Tainted: [B]=BAD_PAGE
[ 130.590346][ T661] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 130.590598][ T661] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 130.590885][ T661] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d e5 a5 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 130.591716][ T661] RSP: 0018:ffffc900010bf1f0 EFLAGS: 00010286
[ 130.591979][ T661] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 130.592398][ T661] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 130.592708][ T661] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff4cfe134
[ 130.593002][ T661] R10: 0000000000000003 R11: ffffc900010bed80 R12: 0000000000000001
[ 130.593403][ T661] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 130.593704][ T661] FS: 00007f0bd294f800(0000) GS:ffff88808e672000(0000) knlGS:0000000000000000
[ 130.594184][ T661] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 130.594465][ T661] CR2: 00007fa1742a0000 CR3: 000000000ed5c006 CR4: 0000000000772ef0
[ 130.594792][ T661] PKRU: 55555554
[ 130.594941][ T661] Call Trace:
[ 130.595218][ T661]
[ 130.595333][ T661] netdev_run_todo+0x5f0/0xc60
[ 130.595563][ T661] ? dev_ingress_queue_create+0x190/0x190
[ 130.595766][ T661] ? generic_xdp_install+0x410/0x410
[ 130.596073][ T661] ? vrf_dellink+0xff/0x150 [vrf]
[ 130.596294][ T661] ? vrf_map_unregister_dev+0x480/0x480 [vrf]
[ 130.596552][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.596763][ T661] rtnl_dellink+0x350/0xa30
[ 130.597066][ T661] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 130.597335][ T661] ? find_held_lock+0x2b/0x80
[ 130.597544][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.597744][ T661] ? find_held_lock+0x2b/0x80
[ 130.598055][ T661] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 130.598256][ T661] ? __lock_release+0x5d/0x170
[ 130.598461][ T661] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 130.598705][ T661] rtnetlink_rcv_msg+0x709/0xc00
[ 130.598929][ T661] ? rtnl_port_fill+0x850/0x850
[ 130.599123][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.599335][ T661] netlink_rcv_skb+0x121/0x340
[ 130.599531][ T661] ? rtnl_port_fill+0x850/0x850
[ 130.599852][ T661] ? netlink_ack+0xdd0/0xdd0
[ 130.600037][ T661] ? netlink_deliver_tap+0x13e/0x340
[ 130.600257][ T661] ? netlink_deliver_tap+0xc3/0x340
[ 130.600452][ T661] netlink_unicast+0x4aa/0x780
[ 130.600769][ T661] ? netlink_attachskb+0x810/0x810
[ 130.600962][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.601151][ T661] netlink_sendmsg+0x714/0xbd0
[ 130.601353][ T661] ? netlink_unicast+0x780/0x780
[ 130.601651][ T661] ? __import_iovec+0x230/0x3b0
[ 130.601854][ T661] ? netlink_unicast+0x780/0x780
[ 130.602030][ T661] ____sys_sendmsg+0x3dd/0x890
[ 130.602227][ T661] ? get_timestamp.constprop.0+0x380/0x380
[ 130.602598][ T661] ? __copy_msghdr+0x3c0/0x3c0
[ 130.602796][ T661] ___sys_sendmsg+0xed/0x170
[ 130.602975][ T661] ? kasan_record_aux_stack+0x8c/0xa0
[ 130.603266][ T661] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 130.603526][ T661] ? copy_msghdr_from_user+0x110/0x110
[ 130.603726][ T661] ? find_held_lock+0x2b/0x80
[ 130.603936][ T661] ? __lock_acquire+0x449/0x7e0
[ 130.604228][ T661] ? find_held_lock+0x2b/0x80
[ 130.604435][ T661] ? __virt_addr_valid+0x22a/0x450
[ 130.604647][ T661] ? __lock_release+0x5d/0x170
[ 130.604854][ T661] __sys_sendmsg+0x10b/0x1a0
[ 130.605154][ T661] ? __call_rcu_common.constprop.0+0x318/0x630
[ 130.605413][ T661] ? __sys_sendmsg_sock+0x20/0x20
[ 130.605619][ T661] ? rcu_is_watching+0x12/0xb0
[ 130.605818][ T661] do_syscall_64+0xc1/0xfd0
[ 130.606100][ T661] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 130.606350][ T661] RIP: 0033:0x7f0bd2b1d1d7
[ 130.606560][ T661] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 130.607275][ T661] RSP: 002b:00007ffdce414498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 130.607584][ T661] RAX: ffffffffffffffda RBX: 00007ffdce414bc0 RCX: 00007f0bd2b1d1d7
[ 130.607988][ T661] RDX: 0000000000000000 RSI: 00007ffdce414500 RDI: 0000000000000005
[ 130.608312][ T661] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 130.608761][ T661] R10: 00007f0bd2a19f60 R11: 0000000000000246 R12: 0000000000000002
[ 130.609057][ T661] R13: 00000000690deb0c R14: 0000000000499600 R15: 0000000000000000
[ 130.609369][ T661]
[ 130.609631][ T661] irq event stamp: 39185
[ 130.609800][ T661] hardirqs last enabled at (39185): [] kasan_quarantine_put+0xf9/0x210
[ 130.610162][ T661] hardirqs last disabled at (39184): [] kasan_quarantine_put+0xac/0x210
[ 130.610679][ T661] softirqs last enabled at (38924): [] handle_softirqs+0x352/0x610
[ 130.611075][ T661] softirqs last disabled at (38917): [] irq_exit_rcu+0xab/0x100
[ 130.611502][ T661] ---[ end trace 0000000000000000 ]---
[ 130.619956][ T661] ip (661) used greatest stack depth: 24232 bytes left