[   16.446309][  T251] ip (251) used greatest stack depth: 24656 bytes left
[   23.851923][  T319] br1: port 1(veth1) entered blocking state
[   23.852879][  T319] br1: port 1(veth1) entered disabled state
[   23.853815][  T319] veth1: entered allmulticast mode
[   23.860005][  T319] veth1: entered promiscuous mode
[   23.997821][   T37] br1: port 1(veth1) entered blocking state
[   23.998569][   T37] br1: port 1(veth1) entered forwarding state
[   24.116947][  T321] br1: port 2(veth2) entered blocking state
[   24.117445][  T321] br1: port 2(veth2) entered disabled state
[   24.117891][  T321] veth2: entered allmulticast mode
[   24.123025][  T321] veth2: entered promiscuous mode
[   24.264380][   T71] br1: port 2(veth2) entered blocking state
[   24.265164][   T71] br1: port 2(veth2) entered forwarding state
[   24.679918][  T325] 8021q: 802.1Q VLAN Support v1.8
[   25.841322][  T335] GACT probability NOT on
[   26.318605][  T339] ip (339) used greatest stack depth: 24552 bytes left
[   34.820769][  T374] Mirror/redirect action on
[   77.061500][  T554] ==================================================================
[   77.061973][  T554] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[   77.062462][  T554] Read of size 1 at addr ffff88800c15c6ac by task ip/554
[   77.062887][  T554] 
[   77.063055][  T554] CPU: 1 UID: 0 PID: 554 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[   77.063064][  T554] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   77.063068][  T554] Call Trace:
[   77.063074][  T554]  <TASK>
[   77.063077][  T554]  dump_stack_lvl+0x82/0xc0
[   77.063091][  T554]  print_address_description.constprop.0+0x2c/0x3a0
[   77.063109][  T554]  ? kobject_put+0xbb/0xd0
[   77.063119][  T554]  print_report+0xb4/0x270
[   77.063125][  T554]  ? kobject_put+0xbb/0xd0
[   77.063130][  T554]  ? kasan_addr_to_slab+0x21/0x70
[   77.063136][  T554]  ? kobject_put+0xbb/0xd0
[   77.063141][  T554]  kasan_report+0xca/0x100
[   77.063147][  T554]  ? kobject_put+0xbb/0xd0
[   77.063157][  T554]  kobject_put+0xbb/0xd0
[   77.063164][  T554]  netdev_run_todo+0x5f0/0xc60
[   77.063176][  T554]  ? dev_ingress_queue_create+0x190/0x190
[   77.063182][  T554]  ? generic_xdp_install+0x410/0x410
[   77.063189][  T554]  ? lockdep_hardirqs_on+0x7c/0x110
[   77.063201][  T554]  rtnl_dellink+0x350/0xa30
[   77.063209][  T554]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   77.063249][  T554]  ? find_held_lock+0x2b/0x80
[   77.063262][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.063274][  T554]  ? find_held_lock+0x2b/0x80
[   77.063281][  T554]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   77.063285][  T554]  ? __lock_release+0x5d/0x170
[   77.063293][  T554]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   77.063300][  T554]  rtnetlink_rcv_msg+0x709/0xc00
[   77.063307][  T554]  ? rtnl_port_fill+0x850/0x850
[   77.063312][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.063326][  T554]  netlink_rcv_skb+0x121/0x340
[   77.063336][  T554]  ? rtnl_port_fill+0x850/0x850
[   77.063343][  T554]  ? netlink_ack+0xdd0/0xdd0
[   77.063356][  T554]  ? netlink_deliver_tap+0x13e/0x340
[   77.063361][  T554]  ? netlink_deliver_tap+0xc3/0x340
[   77.063368][  T554]  netlink_unicast+0x4aa/0x780
[   77.063376][  T554]  ? netlink_attachskb+0x810/0x810
[   77.063383][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.063393][  T554]  netlink_sendmsg+0x714/0xbd0
[   77.063401][  T554]  ? netlink_unicast+0x780/0x780
[   77.063407][  T554]  ? __import_iovec+0x230/0x3b0
[   77.063427][  T554]  ? netlink_unicast+0x780/0x780
[   77.063434][  T554]  ____sys_sendmsg+0x3dd/0x890
[   77.063450][  T554]  ? get_timestamp.constprop.0+0x380/0x380
[   77.063455][  T554]  ? __copy_msghdr+0x3c0/0x3c0
[   77.063470][  T554]  ___sys_sendmsg+0xed/0x170
[   77.063475][  T554]  ? kasan_record_aux_stack+0x8c/0xa0
[   77.063480][  T554]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   77.063492][  T554]  ? copy_msghdr_from_user+0x110/0x110
[   77.063501][  T554]  ? find_held_lock+0x2b/0x80
[   77.063509][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.063519][  T554]  ? find_held_lock+0x2b/0x80
[   77.063526][  T554]  ? __virt_addr_valid+0x22a/0x450
[   77.063542][  T554]  ? __lock_release+0x5d/0x170
[   77.063554][  T554]  __sys_sendmsg+0x10b/0x1a0
[   77.063559][  T554]  ? __call_rcu_common.constprop.0+0x318/0x630
[   77.063566][  T554]  ? __sys_sendmsg_sock+0x20/0x20
[   77.063580][  T554]  ? rcu_is_watching+0x12/0xb0
[   77.063588][  T554]  do_syscall_64+0xc1/0xfd0
[   77.063597][  T554]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   77.063604][  T554] RIP: 0033:0x7f820cf161d7
[   77.063612][  T554] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   77.063617][  T554] RSP: 002b:00007ffc7979d988 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.063624][  T554] RAX: ffffffffffffffda RBX: 00007ffc7979e0b0 RCX: 00007f820cf161d7
[   77.063628][  T554] RDX: 0000000000000000 RSI: 00007ffc7979d9f0 RDI: 0000000000000005
[   77.063631][  T554] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[   77.063634][  T554] R10: 00007f820ce12f60 R11: 0000000000000246 R12: 0000000000000002
[   77.063637][  T554] R13: 00000000690dec22 R14: 0000000000499600 R15: 0000000000000000
[   77.063650][  T554]  </TASK>
[   77.063653][  T554] 
[   77.086358][  T554] Allocated by task 342:
[   77.086803][  T554]  kasan_save_stack+0x24/0x40
[   77.087116][  T554]  kasan_save_track+0x14/0x30
[   77.087452][  T554]  __kasan_kmalloc+0x7b/0x90
[   77.087758][  T554]  __kvmalloc_node_noprof+0x2e5/0x8e0
[   77.088273][  T554]  alloc_netdev_mqs+0x7d/0x1370
[   77.088597][  T554]  rtnl_create_link+0xa9e/0xe20
[   77.088887][  T554]  rtnl_newlink_create+0x203/0x770
[   77.089190][  T554]  __rtnl_newlink+0x231/0xa30
[   77.089719][  T554]  rtnl_newlink+0x693/0xa60
[   77.090020][  T554]  rtnetlink_rcv_msg+0x709/0xc00
[   77.090324][  T554]  netlink_rcv_skb+0x121/0x340
[   77.090626][  T554]  netlink_unicast+0x4aa/0x780
[   77.091113][  T554]  netlink_sendmsg+0x714/0xbd0
[   77.091407][  T554]  ____sys_sendmsg+0x3dd/0x890
[   77.091708][  T554]  ___sys_sendmsg+0xed/0x170
[   77.092002][  T554]  __sys_sendmsg+0x10b/0x1a0
[   77.092488][  T554]  do_syscall_64+0xc1/0xfd0
[   77.092788][  T554]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   77.093159][  T554] 
[   77.093309][  T554] Freed by task 554:
[   77.093755][  T554]  kasan_save_stack+0x24/0x40
[   77.094062][  T554]  kasan_save_track+0x14/0x30
[   77.094358][  T554]  __kasan_save_free_info+0x3b/0x60
[   77.094664][  T554]  __kasan_slab_free+0x3f/0x60
[   77.095139][  T554]  kfree+0x21d/0x540
[   77.095362][  T554]  device_release+0x9c/0x210
[   77.095668][  T554]  kobject_cleanup+0xfe/0x360
[   77.095981][  T554]  netdev_run_todo+0x81f/0xc60
[   77.096286][  T554]  rtnl_dellink+0x350/0xa30
[   77.096781][  T554]  rtnetlink_rcv_msg+0x709/0xc00
[   77.097078][  T554]  netlink_rcv_skb+0x121/0x340
[   77.097380][  T554]  netlink_unicast+0x4aa/0x780
[   77.097668][  T554]  netlink_sendmsg+0x714/0xbd0
[   77.098149][  T554]  ____sys_sendmsg+0x3dd/0x890
[   77.098449][  T554]  ___sys_sendmsg+0xed/0x170
[   77.098754][  T554]  __sys_sendmsg+0x10b/0x1a0
[   77.099051][  T554]  do_syscall_64+0xc1/0xfd0
[   77.099562][  T554]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   77.099915][  T554] 
[   77.100070][  T554] The buggy address belongs to the object at ffff88800c15c000
[   77.100070][  T554]  which belongs to the cache kmalloc-4k of size 4096
[   77.100976][  T554] The buggy address is located 1708 bytes inside of
[   77.100976][  T554]  freed 4096-byte region [ffff88800c15c000, ffff88800c15d000)
[   77.101697][  T554] 
[   77.102035][  T554] The buggy address belongs to the physical page:
[   77.102470][  T554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc158
[   77.103032][  T554] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   77.103724][  T554] flags: 0x80000000000040(head|node=0|zone=1)
[   77.104108][  T554] page_type: f5(slab)
[   77.104376][  T554] raw: 0080000000000040 ffff888001043700 ffffea000020e210 ffffea00001b8410
[   77.105157][  T554] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   77.105694][  T554] head: 0080000000000040 ffff888001043700 ffffea000020e210 ffffea00001b8410
[   77.106243][  T554] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   77.107028][  T554] head: 0080000000000003 ffffea0000305601 00000000ffffffff 00000000ffffffff
[   77.107650][  T554] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   77.108403][  T554] page dumped because: kasan: bad access detected
[   77.108920][  T554] 
[   77.109077][  T554] Memory state around the buggy address:
[   77.109375][  T554]  ffff88800c15c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.109999][  T554]  ffff88800c15c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.110457][  T554] >ffff88800c15c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.111185][  T554]                                   ^
[   77.111477][  T554]  ffff88800c15c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.111931][  T554]  ffff88800c15c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.112561][  T554] ==================================================================
[   77.114205][  T554] Disabling lock debugging due to kernel taint
[   77.114672][  T554] ------------[ cut here ]------------
[   77.114985][  T554] refcount_t: underflow; use-after-free.
[   77.115382][  T554] WARNING: CPU: 2 PID: 554 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[   77.115937][  T554] Modules linked in: act_mirred cls_flower act_gact cls_matchall 8021q bridge stp llc sch_ingress vrf veth
[   77.116673][  T554] CPU: 2 UID: 0 PID: 554 Comm: ip Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[   77.117335][  T554] Tainted: [B]=BAD_PAGE
[   77.117604][  T554] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   77.117987][  T554] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[   77.118424][  T554] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 25 93 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[   77.119448][  T554] RSP: 0018:ffffc90000e5f1f0 EFLAGS: 00010286
[   77.119847][  T554] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   77.120318][  T554] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[   77.120787][  T554] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff277e134
[   77.121241][  T554] R10: 0000000000000003 R11: ffffc90000e5ed80 R12: 0000000000000001
[   77.121723][  T554] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[   77.122202][  T554] FS:  00007f820cd48800(0000) GS:ffff88809b6f2000(0000) knlGS:0000000000000000
[   77.122784][  T554] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.123170][  T554] CR2: 00007f47d5b83050 CR3: 000000000c985005 CR4: 0000000000772ef0
[   77.123621][  T554] PKRU: 55555554
[   77.123875][  T554] Call Trace:
[   77.124132][  T554]  <TASK>
[   77.124305][  T554]  netdev_run_todo+0x5f0/0xc60
[   77.124711][  T554]  ? dev_ingress_queue_create+0x190/0x190
[   77.125032][  T554]  ? generic_xdp_install+0x410/0x410
[   77.125345][  T554]  ? lockdep_hardirqs_on+0x7c/0x110
[   77.125659][  T554]  rtnl_dellink+0x350/0xa30
[   77.125978][  T554]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   77.126388][  T554]  ? find_held_lock+0x2b/0x80
[   77.126717][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.127048][  T554]  ? find_held_lock+0x2b/0x80
[   77.127372][  T554]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   77.127673][  T554]  ? __lock_release+0x5d/0x170
[   77.127983][  T554]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   77.128356][  T554]  rtnetlink_rcv_msg+0x709/0xc00
[   77.128703][  T554]  ? rtnl_port_fill+0x850/0x850
[   77.129017][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.129340][  T554]  netlink_rcv_skb+0x121/0x340
[   77.129678][  T554]  ? rtnl_port_fill+0x850/0x850
[   77.130007][  T554]  ? netlink_ack+0xdd0/0xdd0
[   77.130365][  T554]  ? netlink_deliver_tap+0x13e/0x340
[   77.130686][  T554]  ? netlink_deliver_tap+0xc3/0x340
[   77.131007][  T554]  netlink_unicast+0x4aa/0x780
[   77.131349][  T554]  ? netlink_attachskb+0x810/0x810
[   77.131665][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.131987][  T554]  netlink_sendmsg+0x714/0xbd0
[   77.132319][  T554]  ? netlink_unicast+0x780/0x780
[   77.132674][  T554]  ? __import_iovec+0x230/0x3b0
[   77.133005][  T554]  ? netlink_unicast+0x780/0x780
[   77.133344][  T554]  ____sys_sendmsg+0x3dd/0x890
[   77.133677][  T554]  ? get_timestamp.constprop.0+0x380/0x380
[   77.134071][  T554]  ? __copy_msghdr+0x3c0/0x3c0
[   77.134420][  T554]  ___sys_sendmsg+0xed/0x170
[   77.134735][  T554]  ? kasan_record_aux_stack+0x8c/0xa0
[   77.135047][  T554]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   77.135461][  T554]  ? copy_msghdr_from_user+0x110/0x110
[   77.135781][  T554]  ? find_held_lock+0x2b/0x80
[   77.136092][  T554]  ? __lock_acquire+0x449/0x7e0
[   77.136431][  T554]  ? find_held_lock+0x2b/0x80
[   77.136759][  T554]  ? __virt_addr_valid+0x22a/0x450
[   77.137082][  T554]  ? __lock_release+0x5d/0x170
[   77.137426][  T554]  __sys_sendmsg+0x10b/0x1a0
[   77.137767][  T554]  ? __call_rcu_common.constprop.0+0x318/0x630
[   77.138175][  T554]  ? __sys_sendmsg_sock+0x20/0x20
[   77.138499][  T554]  ? rcu_is_watching+0x12/0xb0
[   77.138802][  T554]  do_syscall_64+0xc1/0xfd0
[   77.139102][  T554]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   77.139490][  T554] RIP: 0033:0x7f820cf161d7
[   77.139848][  T554] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   77.140976][  T554] RSP: 002b:00007ffc7979d988 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.141489][  T554] RAX: ffffffffffffffda RBX: 00007ffc7979e0b0 RCX: 00007f820cf161d7
[   77.141975][  T554] RDX: 0000000000000000 RSI: 00007ffc7979d9f0 RDI: 0000000000000005
[   77.142483][  T554] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[   77.142978][  T554] R10: 00007f820ce12f60 R11: 0000000000000246 R12: 0000000000000002
[   77.143471][  T554] R13: 00000000690dec22 R14: 0000000000499600 R15: 0000000000000000
[   77.143963][  T554]  </TASK>
[   77.144240][  T554] irq event stamp: 47583
[   77.144502][  T554] hardirqs last  enabled at (47583): [<ffffffff916cd1a9>] kasan_quarantine_put+0xf9/0x210
[   77.145072][  T554] hardirqs last disabled at (47582): [<ffffffff916cd15c>] kasan_quarantine_put+0xac/0x210
[   77.145682][  T554] softirqs last  enabled at (47236): [<ffffffff90e5b112>] handle_softirqs+0x352/0x610
[   77.146247][  T554] softirqs last disabled at (47231): [<ffffffff90e5b97b>] irq_exit_rcu+0xab/0x100
[   77.146790][  T554] ---[ end trace 0000000000000000 ]---
[   77.161572][  T554] ip (554) used greatest stack depth: 24232 bytes left
[   77.712699][  T561] br1: port 1(veth1) entered disabled state
[   77.803568][  T562] br1: port 2(veth2) entered disabled state
[   77.903294][  T563] veth2: left allmulticast mode
[   77.903705][  T563] veth2: left promiscuous mode
[   77.904272][  T563] br1: port 2(veth2) entered disabled state
[   77.906963][  T563] veth1: left allmulticast mode
[   77.907365][  T563] veth1: left promiscuous mode
[   77.907896][  T563] br1: port 1(veth1) entered disabled state