[ 25.490471][ T359] 8021q: 802.1Q VLAN Support v1.8
[ 26.096651][ T365] gre: GRE over IPv4 demultiplexer driver
[ 26.160992][ T365] ip6_gre: GRE over IPv6 tunneling driver
[ 38.070320][ T450] GACT probability NOT on
[ 60.785770][ T663] ==================================================================
[ 60.786093][ T663] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 60.786394][ T663] Read of size 1 at addr ffff88800ec346ac by task ip/663
[ 60.786618][ T663]
[ 60.786720][ T663] CPU: 3 UID: 0 PID: 663 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 60.786728][ T663] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 60.786737][ T663] Call Trace:
[ 60.786740][ T663]
[ 60.786742][ T663] dump_stack_lvl+0x82/0xc0
[ 60.786750][ T663] print_address_description.constprop.0+0x2c/0x3a0
[ 60.786764][ T663] ? kobject_put+0xbb/0xd0
[ 60.786768][ T663] print_report+0xb4/0x270
[ 60.786771][ T663] ? kobject_put+0xbb/0xd0
[ 60.786774][ T663] ? kasan_addr_to_slab+0x21/0x70
[ 60.786777][ T663] ? kobject_put+0xbb/0xd0
[ 60.786780][ T663] kasan_report+0xca/0x100
[ 60.786784][ T663] ? kobject_put+0xbb/0xd0
[ 60.786789][ T663] kobject_put+0xbb/0xd0
[ 60.786793][ T663] netdev_run_todo+0x5f0/0xc60
[ 60.786802][ T663] ? dev_ingress_queue_create+0x190/0x190
[ 60.786805][ T663] ? generic_xdp_install+0x410/0x410
[ 60.786808][ T663] ? unregister_netdevice_many+0x20/0x20
[ 60.786813][ T663] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 60.786822][ T663] rtnl_dellink+0x350/0xa30
[ 60.786829][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.786848][ T663] ? find_held_lock+0x2b/0x80
[ 60.786858][ T663] ? rcu_is_watching+0x12/0xb0
[ 60.786869][ T663] ? irqentry_exit+0x3b/0x80
[ 60.786877][ T663] ? lockdep_hardirqs_on+0x7c/0x110
[ 60.786881][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.786886][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.786889][ T663] rtnetlink_rcv_msg+0x709/0xc00
[ 60.786893][ T663] ? rtnl_port_fill+0x850/0x850
[ 60.786896][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.786904][ T663] netlink_rcv_skb+0x121/0x340
[ 60.786910][ T663] ? rtnl_port_fill+0x850/0x850
[ 60.786913][ T663] ? netlink_ack+0xdd0/0xdd0
[ 60.786920][ T663] ? netlink_deliver_tap+0x13e/0x340
[ 60.786923][ T663] ? netlink_deliver_tap+0xc3/0x340
[ 60.786927][ T663] netlink_unicast+0x4aa/0x780
[ 60.786931][ T663] ? netlink_attachskb+0x810/0x810
[ 60.786935][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.786940][ T663] netlink_sendmsg+0x714/0xbd0
[ 60.786945][ T663] ? netlink_unicast+0x780/0x780
[ 60.786948][ T663] ? __import_iovec+0x230/0x3b0
[ 60.786963][ T663] ? netlink_unicast+0x780/0x780
[ 60.786966][ T663] ____sys_sendmsg+0x3dd/0x890
[ 60.786977][ T663] ? get_timestamp.constprop.0+0x380/0x380
[ 60.786980][ T663] ? __copy_msghdr+0x3c0/0x3c0
[ 60.786989][ T663] ___sys_sendmsg+0xed/0x170
[ 60.786992][ T663] ? kasan_record_aux_stack+0x8c/0xa0
[ 60.786995][ T663] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 60.786999][ T663] ? copy_msghdr_from_user+0x110/0x110
[ 60.787004][ T663] ? find_held_lock+0x2b/0x80
[ 60.787008][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.787014][ T663] ? find_held_lock+0x2b/0x80
[ 60.787017][ T663] ? __virt_addr_valid+0x22a/0x450
[ 60.787030][ T663] ? __lock_release+0x5d/0x170
[ 60.787037][ T663] __sys_sendmsg+0x10b/0x1a0
[ 60.787040][ T663] ? __call_rcu_common.constprop.0+0x318/0x630
[ 60.787044][ T663] ? __sys_sendmsg_sock+0x20/0x20
[ 60.787051][ T663] ? rcu_is_watching+0x12/0xb0
[ 60.787055][ T663] do_syscall_64+0xc1/0xfd0
[ 60.787060][ T663] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 60.787068][ T663] RIP: 0033:0x7f2b1b0d11d7
[ 60.787072][ T663] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 60.787075][ T663] RSP: 002b:00007ffdeec202f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.787081][ T663] RAX: ffffffffffffffda RBX: 00007ffdeec20a20 RCX: 00007f2b1b0d11d7
[ 60.787083][ T663] RDX: 0000000000000000 RSI: 00007ffdeec20360 RDI: 0000000000000005
[ 60.787085][ T663] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 60.787087][ T663] R10: 00007f2b1afcdf60 R11: 0000000000000246 R12: 0000000000000002
[ 60.787088][ T663] R13: 00000000690df829 R14: 0000000000499600 R15: 0000000000000000
[ 60.787095][ T663]
[ 60.787096][ T663]
[ 60.800305][ T663] Allocated by task 403:
[ 60.800445][ T663] kasan_save_stack+0x24/0x40
[ 60.800631][ T663] kasan_save_track+0x14/0x30
[ 60.800813][ T663] __kasan_kmalloc+0x7b/0x90
[ 60.800990][ T663] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 60.801174][ T663] alloc_netdev_mqs+0x7d/0x1370
[ 60.801356][ T663] rtnl_create_link+0xa9e/0xe20
[ 60.801535][ T663] rtnl_newlink_create+0x203/0x770
[ 60.801715][ T663] __rtnl_newlink+0x231/0xa30
[ 60.801892][ T663] rtnl_newlink+0x693/0xa60
[ 60.802076][ T663] rtnetlink_rcv_msg+0x709/0xc00
[ 60.802255][ T663] netlink_rcv_skb+0x121/0x340
[ 60.802434][ T663] netlink_unicast+0x4aa/0x780
[ 60.802612][ T663] netlink_sendmsg+0x714/0xbd0
[ 60.802794][ T663] ____sys_sendmsg+0x3dd/0x890
[ 60.802972][ T663] ___sys_sendmsg+0xed/0x170
[ 60.803153][ T663] __sys_sendmsg+0x10b/0x1a0
[ 60.803338][ T663] do_syscall_64+0xc1/0xfd0
[ 60.803524][ T663] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 60.803748][ T663]
[ 60.803845][ T663] Freed by task 663:
[ 60.803979][ T663] kasan_save_stack+0x24/0x40
[ 60.804163][ T663] kasan_save_track+0x14/0x30
[ 60.804342][ T663] __kasan_save_free_info+0x3b/0x60
[ 60.804524][ T663] __kasan_slab_free+0x3f/0x60
[ 60.804702][ T663] kfree+0x21d/0x540
[ 60.804842][ T663] device_release+0x9c/0x210
[ 60.805036][ T663] kobject_cleanup+0xfe/0x360
[ 60.805218][ T663] netdev_run_todo+0x81f/0xc60
[ 60.805400][ T663] rtnl_dellink+0x350/0xa30
[ 60.805577][ T663] rtnetlink_rcv_msg+0x709/0xc00
[ 60.805756][ T663] netlink_rcv_skb+0x121/0x340
[ 60.805938][ T663] netlink_unicast+0x4aa/0x780
[ 60.806113][ T663] netlink_sendmsg+0x714/0xbd0
[ 60.806295][ T663] ____sys_sendmsg+0x3dd/0x890
[ 60.806476][ T663] ___sys_sendmsg+0xed/0x170
[ 60.806654][ T663] __sys_sendmsg+0x10b/0x1a0
[ 60.806834][ T663] do_syscall_64+0xc1/0xfd0
[ 60.807012][ T663] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 60.807235][ T663]
[ 60.807336][ T663] The buggy address belongs to the object at ffff88800ec34000
[ 60.807336][ T663] which belongs to the cache kmalloc-4k of size 4096
[ 60.807779][ T663] The buggy address is located 1708 bytes inside of
[ 60.807779][ T663] freed 4096-byte region [ffff88800ec34000, ffff88800ec35000)
[ 60.808309][ T663]
[ 60.808401][ T663] The buggy address belongs to the physical page:
[ 60.808627][ T663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xec30
[ 60.809054][ T663] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 60.809337][ T663] flags: 0x80000000000040(head|node=0|zone=1)
[ 60.809575][ T663] page_type: f5(slab)
[ 60.809717][ T663] raw: 0080000000000040 ffff888001043700 ffffea00000a6c10 ffffea0000161c10
[ 60.810168][ T663] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 60.810461][ T663] head: 0080000000000040 ffff888001043700 ffffea00000a6c10 ffffea0000161c10
[ 60.810893][ T663] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 60.811219][ T663] head: 0080000000000003 ffffea00003b0c01 00000000ffffffff 00000000ffffffff
[ 60.811638][ T663] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 60.811955][ T663] page dumped because: kasan: bad access detected
[ 60.812183][ T663]
[ 60.812272][ T663] Memory state around the buggy address:
[ 60.812539][ T663] ffff88800ec34580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.812804][ T663] ffff88800ec34600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.813062][ T663] >ffff88800ec34680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.813431][ T663] ^
[ 60.813607][ T663] ffff88800ec34700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.813867][ T663] ffff88800ec34780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.814221][ T663] ==================================================================
[ 60.814595][ T663] Disabling lock debugging due to kernel taint
[ 60.815039][ T663] ------------[ cut here ]------------
[ 60.815333][ T663] refcount_t: underflow; use-after-free.
[ 60.815713][ T663] WARNING: CPU: 0 PID: 663 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 60.816241][ T663] Modules linked in: act_gact cls_flower sch_ingress ip6_gre ip6_tunnel tunnel6 gre 8021q dummy vrf veth
[ 60.817049][ T663] CPU: 0 UID: 0 PID: 663 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 60.817647][ T663] Tainted: [B]=BAD_PAGE
[ 60.817889][ T663] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 60.818264][ T663] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 60.818648][ T663] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d a5 bc e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 60.819712][ T663] RSP: 0018:ffffc9000103f1f0 EFLAGS: 00010286
[ 60.820100][ T663] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 60.820524][ T663] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 60.820946][ T663] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff7a7e134
[ 60.821383][ T663] R10: 0000000000000003 R11: ffffc9000103ed80 R12: 0000000000000001
[ 60.821999][ T663] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 60.822415][ T663] FS: 00007f2b1af03800(0000) GS:ffff8880779f2000(0000) knlGS:0000000000000000
[ 60.822925][ T663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.823467][ T663] CR2: 000055c0b7f61dec CR3: 000000000df78004 CR4: 0000000000772ef0
[ 60.823888][ T663] PKRU: 55555554
[ 60.824103][ T663] Call Trace:
[ 60.824312][ T663]
[ 60.824459][ T663] netdev_run_todo+0x5f0/0xc60
[ 60.824743][ T663] ? dev_ingress_queue_create+0x190/0x190
[ 60.825024][ T663] ? generic_xdp_install+0x410/0x410
[ 60.825288][ T663] ? unregister_netdevice_many+0x20/0x20
[ 60.825561][ T663] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 60.825844][ T663] rtnl_dellink+0x350/0xa30
[ 60.826116][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.826482][ T663] ? find_held_lock+0x2b/0x80
[ 60.826954][ T663] ? rcu_is_watching+0x12/0xb0
[ 60.827234][ T663] ? irqentry_exit+0x3b/0x80
[ 60.827535][ T663] ? lockdep_hardirqs_on+0x7c/0x110
[ 60.827817][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.828330][ T663] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 60.828666][ T663] rtnetlink_rcv_msg+0x709/0xc00
[ 60.828949][ T663] ? rtnl_port_fill+0x850/0x850
[ 60.829250][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.829723][ T663] netlink_rcv_skb+0x121/0x340
[ 60.830016][ T663] ? rtnl_port_fill+0x850/0x850
[ 60.830299][ T663] ? netlink_ack+0xdd0/0xdd0
[ 60.830584][ T663] ? netlink_deliver_tap+0x13e/0x340
[ 60.831066][ T663] ? netlink_deliver_tap+0xc3/0x340
[ 60.831351][ T663] netlink_unicast+0x4aa/0x780
[ 60.831641][ T663] ? netlink_attachskb+0x810/0x810
[ 60.831943][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.832407][ T663] netlink_sendmsg+0x714/0xbd0
[ 60.832682][ T663] ? netlink_unicast+0x780/0x780
[ 60.832958][ T663] ? __import_iovec+0x230/0x3b0
[ 60.833228][ T663] ? netlink_unicast+0x780/0x780
[ 60.833672][ T663] ____sys_sendmsg+0x3dd/0x890
[ 60.833951][ T663] ? get_timestamp.constprop.0+0x380/0x380
[ 60.834283][ T663] ? __copy_msghdr+0x3c0/0x3c0
[ 60.834562][ T663] ___sys_sendmsg+0xed/0x170
[ 60.835027][ T663] ? kasan_record_aux_stack+0x8c/0xa0
[ 60.835290][ T663] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 60.835621][ T663] ? copy_msghdr_from_user+0x110/0x110
[ 60.836071][ T663] ? find_held_lock+0x2b/0x80
[ 60.836346][ T663] ? __lock_acquire+0x449/0x7e0
[ 60.836614][ T663] ? find_held_lock+0x2b/0x80
[ 60.836886][ T663] ? __virt_addr_valid+0x22a/0x450
[ 60.837346][ T663] ? __lock_release+0x5d/0x170
[ 60.837624][ T663] __sys_sendmsg+0x10b/0x1a0
[ 60.837905][ T663] ? __call_rcu_common.constprop.0+0x318/0x630
[ 60.838257][ T663] ? __sys_sendmsg_sock+0x20/0x20
[ 60.838741][ T663] ? rcu_is_watching+0x12/0xb0
[ 60.839013][ T663] do_syscall_64+0xc1/0xfd0
[ 60.839284][ T663] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 60.839629][ T663] RIP: 0033:0x7f2b1b0d11d7
[ 60.839934][ T663] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 60.841105][ T663] RSP: 002b:00007ffdeec202f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 60.841532][ T663] RAX: ffffffffffffffda RBX: 00007ffdeec20a20 RCX: 00007f2b1b0d11d7
[ 60.841950][ T663] RDX: 0000000000000000 RSI: 00007ffdeec20360 RDI: 0000000000000005
[ 60.842524][ T663] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 60.842930][ T663] R10: 00007f2b1afcdf60 R11: 0000000000000246 R12: 0000000000000002
[ 60.843354][ T663] R13: 00000000690df829 R14: 0000000000499600 R15: 0000000000000000
[ 60.843973][ T663]
[ 60.844178][ T663] irq event stamp: 43773
[ 60.844379][ T663] hardirqs last enabled at (43773): [] finish_task_switch.isra.0+0x245/0x960
[ 60.844927][ T663] hardirqs last disabled at (43772): [] __schedule+0x94a/0x1b10
[ 60.845401][ T663] softirqs last enabled at (43680): [] handle_softirqs+0x352/0x610
[ 60.846073][ T663] softirqs last disabled at (43673): [] irq_exit_rcu+0xab/0x100
[ 60.846542][ T663] ---[ end trace 0000000000000000 ]---