[ 17.631528][ T252] ip (252) used greatest stack depth: 24352 bytes left
[ 18.183196][ T261] ip (261) used greatest stack depth: 24272 bytes left
[ 24.185729][ T314] gre: GRE over IPv4 demultiplexer driver
[ 24.212737][ T314] ip_gre: GRE over IPv4 tunneling driver
[ 25.407834][ T325] GACT probability NOT on
[ 25.799885][ T327] ip6_gre: GRE over IPv6 tunneling driver
[ 26.051743][ T66] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.177802][ T66] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.237897][ T66] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.276639][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 26.432698][ T66] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.321095][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.323007][ T70] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.688634][ T324] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 27.821162][ T341] br1: port 1(veth1) entered blocking state
[ 27.821921][ T341] br1: port 1(veth1) entered disabled state
[ 27.822553][ T341] veth1: entered allmulticast mode
[ 27.826600][ T341] veth1: entered promiscuous mode
[ 28.003403][ T72] br1: port 1(veth1) entered blocking state
[ 28.004123][ T72] br1: port 1(veth1) entered forwarding state
[ 28.126542][ T343] br1: port 2(veth2) entered blocking state
[ 28.127297][ T343] br1: port 2(veth2) entered disabled state
[ 28.128043][ T343] veth2: entered allmulticast mode
[ 28.131790][ T343] veth2: entered promiscuous mode
[ 28.259652][ T45] br1: port 2(veth2) entered blocking state
[ 28.260194][ T45] br1: port 2(veth2) entered forwarding state
[ 29.122305][ T324] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 29.160833][ T70] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 31.288605][ C1] ip6_tnl_xmit_ctl: 4 callbacks suppressed
[ 31.288620][ C1] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 37.031844][ T381] Mirror/redirect action on
[ 39.544569][ C1] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 55.416682][ C1] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 86.136584][ C1] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 125.508524][ T734] ==================================================================
[ 125.508846][ T734] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 125.509142][ T734] Read of size 1 at addr ffff88800eb146ac by task ip/734
[ 125.509386][ T734]
[ 125.509502][ T734] CPU: 0 UID: 0 PID: 734 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 125.509507][ T734] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 125.509510][ T734] Call Trace:
[ 125.509512][ T734]
[ 125.509514][ T734] dump_stack_lvl+0x82/0xc0
[ 125.509521][ T734] print_address_description.constprop.0+0x2c/0x3a0
[ 125.509529][ T734] ? kobject_put+0xbb/0xd0
[ 125.509533][ T734] print_report+0xb4/0x270
[ 125.509536][ T734] ? kobject_put+0xbb/0xd0
[ 125.509539][ T734] ? kasan_addr_to_slab+0x21/0x70
[ 125.509542][ T734] ? kobject_put+0xbb/0xd0
[ 125.509545][ T734] kasan_report+0xca/0x100
[ 125.509549][ T734] ? kobject_put+0xbb/0xd0
[ 125.509554][ T734] kobject_put+0xbb/0xd0
[ 125.509558][ T734] netdev_run_todo+0x5f0/0xc60
[ 125.509564][ T734] ? dev_ingress_queue_create+0x190/0x190
[ 125.509567][ T734] ? generic_xdp_install+0x410/0x410
[ 125.509570][ T734] ? unregister_netdevice_many+0x20/0x20
[ 125.509573][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.509583][ T734] rtnl_dellink+0x350/0xa30
[ 125.509589][ T734] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 125.509608][ T734] ? find_held_lock+0x2b/0x80
[ 125.509613][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.509618][ T734] ? find_held_lock+0x2b/0x80
[ 125.509622][ T734] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 125.509624][ T734] ? __lock_release+0x5d/0x170
[ 125.509629][ T734] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 125.509632][ T734] rtnetlink_rcv_msg+0x709/0xc00
[ 125.509639][ T734] ? rtnl_port_fill+0x850/0x850
[ 125.509643][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.509653][ T734] netlink_rcv_skb+0x121/0x340
[ 125.509659][ T734] ? rtnl_port_fill+0x850/0x850
[ 125.509662][ T734] ? netlink_ack+0xdd0/0xdd0
[ 125.509669][ T734] ? netlink_deliver_tap+0x13e/0x340
[ 125.509671][ T734] ? netlink_deliver_tap+0xc3/0x340
[ 125.509675][ T734] netlink_unicast+0x4aa/0x780
[ 125.509679][ T734] ? netlink_attachskb+0x810/0x810
[ 125.509683][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.509689][ T734] netlink_sendmsg+0x714/0xbd0
[ 125.509693][ T734] ? netlink_unicast+0x780/0x780
[ 125.509697][ T734] ? __import_iovec+0x230/0x3b0
[ 125.509703][ T734] ? netlink_unicast+0x780/0x780
[ 125.509707][ T734] ____sys_sendmsg+0x3dd/0x890
[ 125.509714][ T734] ? get_timestamp.constprop.0+0x380/0x380
[ 125.509718][ T734] ? __copy_msghdr+0x3c0/0x3c0
[ 125.509726][ T734] ___sys_sendmsg+0xed/0x170
[ 125.509730][ T734] ? kasan_record_aux_stack+0x8c/0xa0
[ 125.509733][ T734] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 125.509742][ T734] ? copy_msghdr_from_user+0x110/0x110
[ 125.509747][ T734] ? find_held_lock+0x2b/0x80
[ 125.509751][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.509757][ T734] ? find_held_lock+0x2b/0x80
[ 125.509761][ T734] ? __virt_addr_valid+0x22a/0x450
[ 125.509768][ T734] ? __lock_release+0x5d/0x170
[ 125.509774][ T734] __sys_sendmsg+0x10b/0x1a0
[ 125.509777][ T734] ? __call_rcu_common.constprop.0+0x318/0x630
[ 125.509781][ T734] ? __sys_sendmsg_sock+0x20/0x20
[ 125.509788][ T734] ? rcu_is_watching+0x12/0xb0
[ 125.509793][ T734] do_syscall_64+0xc1/0xfd0
[ 125.509801][ T734] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 125.509804][ T734] RIP: 0033:0x7f5999ab11d7
[ 125.509809][ T734] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 125.509812][ T734] RSP: 002b:00007ffd1dd0c8b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 125.509817][ T734] RAX: ffffffffffffffda RBX: 00007ffd1dd0cfe0 RCX: 00007f5999ab11d7
[ 125.509819][ T734] RDX: 0000000000000000 RSI: 00007ffd1dd0c920 RDI: 0000000000000005
[ 125.509821][ T734] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 125.509822][ T734] R10: 00007f59999adf60 R11: 0000000000000246 R12: 0000000000000002
[ 125.509824][ T734] R13: 00000000690deb47 R14: 0000000000499600 R15: 0000000000000000
[ 125.509830][ T734]
[ 125.509832][ T734]
[ 125.523385][ T734] Allocated by task 349:
[ 125.523534][ T734] kasan_save_stack+0x24/0x40
[ 125.523716][ T734] kasan_save_track+0x14/0x30
[ 125.523886][ T734] __kasan_kmalloc+0x7b/0x90
[ 125.524078][ T734] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 125.524248][ T734] alloc_netdev_mqs+0x7d/0x1370
[ 125.524449][ T734] rtnl_create_link+0xa9e/0xe20
[ 125.524622][ T734] rtnl_newlink_create+0x203/0x770
[ 125.524800][ T734] __rtnl_newlink+0x231/0xa30
[ 125.524981][ T734] rtnl_newlink+0x693/0xa60
[ 125.525149][ T734] rtnetlink_rcv_msg+0x709/0xc00
[ 125.525313][ T734] netlink_rcv_skb+0x121/0x340
[ 125.525505][ T734] netlink_unicast+0x4aa/0x780
[ 125.525676][ T734] netlink_sendmsg+0x714/0xbd0
[ 125.525850][ T734] ____sys_sendmsg+0x3dd/0x890
[ 125.526024][ T734] ___sys_sendmsg+0xed/0x170
[ 125.526199][ T734] __sys_sendmsg+0x10b/0x1a0
[ 125.526427][ T734] do_syscall_64+0xc1/0xfd0
[ 125.526601][ T734] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 125.526818][ T734]
[ 125.526937][ T734] Freed by task 734:
[ 125.527064][ T734] kasan_save_stack+0x24/0x40
[ 125.527255][ T734] kasan_save_track+0x14/0x30
[ 125.527443][ T734] __kasan_save_free_info+0x3b/0x60
[ 125.527622][ T734] __kasan_slab_free+0x3f/0x60
[ 125.527816][ T734] kfree+0x21d/0x540
[ 125.527950][ T734] device_release+0x9c/0x210
[ 125.528125][ T734] kobject_cleanup+0xfe/0x360
[ 125.528295][ T734] netdev_run_todo+0x81f/0xc60
[ 125.528482][ T734] rtnl_dellink+0x350/0xa30
[ 125.528660][ T734] rtnetlink_rcv_msg+0x709/0xc00
[ 125.528830][ T734] netlink_rcv_skb+0x121/0x340
[ 125.529033][ T734] netlink_unicast+0x4aa/0x780
[ 125.529207][ T734] netlink_sendmsg+0x714/0xbd0
[ 125.529539][ T734] ____sys_sendmsg+0x3dd/0x890
[ 125.529714][ T734] ___sys_sendmsg+0xed/0x170
[ 125.529884][ T734] __sys_sendmsg+0x10b/0x1a0
[ 125.530152][ T734] do_syscall_64+0xc1/0xfd0
[ 125.530333][ T734] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 125.530566][ T734]
[ 125.530680][ T734] The buggy address belongs to the object at ffff88800eb14000
[ 125.530680][ T734] which belongs to the cache kmalloc-4k of size 4096
[ 125.531186][ T734] The buggy address is located 1708 bytes inside of
[ 125.531186][ T734] freed 4096-byte region [ffff88800eb14000, ffff88800eb15000)
[ 125.531676][ T734]
[ 125.531763][ T734] The buggy address belongs to the physical page:
[ 125.531989][ T734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xeb10
[ 125.532401][ T734] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 125.532665][ T734] flags: 0x80000000000040(head|node=0|zone=1)
[ 125.533091][ T734] page_type: f5(slab)
[ 125.533224][ T734] raw: 0080000000000040 ffff888001043700 ffffea0000324810 ffffea0000277c10
[ 125.533554][ T734] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 125.533981][ T734] head: 0080000000000040 ffff888001043700 ffffea0000324810 ffffea0000277c10
[ 125.534490][ T734] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 125.534789][ T734] head: 0080000000000003 ffffea00003ac401 00000000ffffffff 00000000ffffffff
[ 125.535301][ T734] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 125.535715][ T734] page dumped because: kasan: bad access detected
[ 125.536002][ T734]
[ 125.536091][ T734] Memory state around the buggy address:
[ 125.536485][ T734] ffff88800eb14580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.536738][ T734] ffff88800eb14600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.537047][ T734] >ffff88800eb14680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.537289][ T734] ^
[ 125.537477][ T734] ffff88800eb14700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.537838][ T734] ffff88800eb14780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.538179][ T734] ==================================================================
[ 125.538547][ T734] Disabling lock debugging due to kernel taint
[ 125.538908][ T734] ------------[ cut here ]------------
[ 125.539156][ T734] refcount_t: underflow; use-after-free.
[ 125.539373][ T734] WARNING: CPU: 0 PID: 734 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 125.539702][ T734] Modules linked in: act_mirred cls_flower bridge stp llc ip6_gre ip6_tunnel tunnel6 act_gact cls_matchall ip_gre gre sch_ingress vrf veth
[ 125.541150][ T734] CPU: 0 UID: 0 PID: 734 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 125.541636][ T734] Tainted: [B]=BAD_PAGE
[ 125.541898][ T734] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 125.542130][ T734] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 125.542476][ T734] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 05 99 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 125.543233][ T734] RSP: 0018:ffffc9000130f1f0 EFLAGS: 00010286
[ 125.543493][ T734] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 125.543763][ T734] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 125.544029][ T734] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff333e134
[ 125.544397][ T734] R10: 0000000000000003 R11: ffffc9000130ed80 R12: 0000000000000001
[ 125.544674][ T734] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 125.545036][ T734] FS: 00007f59998e3800(0000) GS:ffff88809b3f2000(0000) knlGS:0000000000000000
[ 125.545346][ T734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 125.545685][ T734] CR2: 00000000004e5530 CR3: 000000000ea7b003 CR4: 0000000000772ef0
[ 125.545982][ T734] PKRU: 55555554
[ 125.546209][ T734] Call Trace:
[ 125.546349][ T734]
[ 125.546459][ T734] netdev_run_todo+0x5f0/0xc60
[ 125.546647][ T734] ? dev_ingress_queue_create+0x190/0x190
[ 125.546824][ T734] ? generic_xdp_install+0x410/0x410
[ 125.546996][ T734] ? unregister_netdevice_many+0x20/0x20
[ 125.547180][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.547372][ T734] rtnl_dellink+0x350/0xa30
[ 125.547564][ T734] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 125.547800][ T734] ? find_held_lock+0x2b/0x80
[ 125.547973][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.548142][ T734] ? find_held_lock+0x2b/0x80
[ 125.548312][ T734] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 125.548494][ T734] ? __lock_release+0x5d/0x170
[ 125.548711][ T734] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 125.548930][ T734] rtnetlink_rcv_msg+0x709/0xc00
[ 125.549321][ T734] ? rtnl_port_fill+0x850/0x850
[ 125.549507][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.549676][ T734] netlink_rcv_skb+0x121/0x340
[ 125.549850][ T734] ? rtnl_port_fill+0x850/0x850
[ 125.550228][ T734] ? netlink_ack+0xdd0/0xdd0
[ 125.550423][ T734] ? netlink_deliver_tap+0x13e/0x340
[ 125.550617][ T734] ? netlink_deliver_tap+0xc3/0x340
[ 125.550829][ T734] netlink_unicast+0x4aa/0x780
[ 125.551007][ T734] ? netlink_attachskb+0x810/0x810
[ 125.551173][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.551358][ T734] netlink_sendmsg+0x714/0xbd0
[ 125.551579][ T734] ? netlink_unicast+0x780/0x780
[ 125.551931][ T734] ? __import_iovec+0x230/0x3b0
[ 125.552133][ T734] ? netlink_unicast+0x780/0x780
[ 125.552306][ T734] ____sys_sendmsg+0x3dd/0x890
[ 125.552508][ T734] ? get_timestamp.constprop.0+0x380/0x380
[ 125.552838][ T734] ? __copy_msghdr+0x3c0/0x3c0
[ 125.553012][ T734] ___sys_sendmsg+0xed/0x170
[ 125.553178][ T734] ? kasan_record_aux_stack+0x8c/0xa0
[ 125.553403][ T734] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 125.553789][ T734] ? copy_msghdr_from_user+0x110/0x110
[ 125.553961][ T734] ? find_held_lock+0x2b/0x80
[ 125.554156][ T734] ? __lock_acquire+0x449/0x7e0
[ 125.554512][ T734] ? find_held_lock+0x2b/0x80
[ 125.554744][ T734] ? __virt_addr_valid+0x22a/0x450
[ 125.554919][ T734] ? __lock_release+0x5d/0x170
[ 125.555088][ T734] __sys_sendmsg+0x10b/0x1a0
[ 125.555253][ T734] ? __call_rcu_common.constprop.0+0x318/0x630
[ 125.555488][ T734] ? __sys_sendmsg_sock+0x20/0x20
[ 125.555660][ T734] ? rcu_is_watching+0x12/0xb0
[ 125.555837][ T734] do_syscall_64+0xc1/0xfd0
[ 125.556104][ T734] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 125.556313][ T734] RIP: 0033:0x7f5999ab11d7
[ 125.556526][ T734] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 125.557230][ T734] RSP: 002b:00007ffd1dd0c8b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 125.557512][ T734] RAX: ffffffffffffffda RBX: 00007ffd1dd0cfe0 RCX: 00007f5999ab11d7
[ 125.558027][ T734] RDX: 0000000000000000 RSI: 00007ffd1dd0c920 RDI: 0000000000000005
[ 125.558309][ T734] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 125.558606][ T734] R10: 00007f59999adf60 R11: 0000000000000246 R12: 0000000000000002
[ 125.559016][ T734] R13: 00000000690deb47 R14: 0000000000499600 R15: 0000000000000000
[ 125.559269][ T734]
[ 125.559428][ T734] irq event stamp: 40031
[ 125.559658][ T734] hardirqs last enabled at (40031): [] __schedule+0x13c7/0x1b10
[ 125.559985][ T734] hardirqs last disabled at (40030): [] __schedule+0x94a/0x1b10
[ 125.560300][ T734] softirqs last enabled at (38200): [] handle_softirqs+0x352/0x610
[ 125.560616][ T734] softirqs last disabled at (37683): [] irq_exit_rcu+0xab/0x100
[ 125.560924][ T734] ---[ end trace 0000000000000000 ]---
[ 125.568768][ T734] ip (734) used greatest stack depth: 24232 bytes left
[ 125.882712][ T739] br1: port 1(veth1) entered disabled state
[ 125.968891][ T740] br1: port 2(veth2) entered disabled state
[ 126.068598][ T741] veth2: left allmulticast mode
[ 126.068992][ T741] veth2: left promiscuous mode
[ 126.069507][ T741] br1: port 2(veth2) entered disabled state
[ 126.071822][ T741] veth1: left allmulticast mode
[ 126.072168][ T741] veth1: left promiscuous mode
[ 126.072680][ T741] br1: port 1(veth1) entered disabled state