[ 20.066384][ T250] ip (250) used greatest stack depth: 24688 bytes left
[ 21.493839][ T273] ip (273) used greatest stack depth: 24496 bytes left
[ 30.086123][ T339] 8021q: 802.1Q VLAN Support v1.8
[ 30.677649][ T344] gre: GRE over IPv4 demultiplexer driver
[ 30.748834][ T344] ip6_gre: GRE over IPv6 tunneling driver
[ 43.913642][ T423] GACT probability NOT on
[ 74.111247][ T639] ==================================================================
[ 74.111583][ T639] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 74.111878][ T639] Read of size 1 at addr ffff888008d316ac by task ip/639
[ 74.112161][ T639]
[ 74.112256][ T639] CPU: 0 UID: 0 PID: 639 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 74.112262][ T639] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 74.112265][ T639] Call Trace:
[ 74.112267][ T639]
[ 74.112270][ T639] dump_stack_lvl+0x82/0xc0
[ 74.112277][ T639] print_address_description.constprop.0+0x2c/0x3a0
[ 74.112285][ T639] ? kobject_put+0xbb/0xd0
[ 74.112289][ T639] print_report+0xb4/0x270
[ 74.112292][ T639] ? kobject_put+0xbb/0xd0
[ 74.112296][ T639] ? kasan_addr_to_slab+0x21/0x70
[ 74.112302][ T639] ? kobject_put+0xbb/0xd0
[ 74.112306][ T639] kasan_report+0xca/0x100
[ 74.112311][ T639] ? kobject_put+0xbb/0xd0
[ 74.112320][ T639] kobject_put+0xbb/0xd0
[ 74.112325][ T639] netdev_run_todo+0x5f0/0xc60
[ 74.112332][ T639] ? dev_ingress_queue_create+0x190/0x190
[ 74.112337][ T639] ? generic_xdp_install+0x410/0x410
[ 74.112340][ T639] ? unregister_netdevice_many+0x20/0x20
[ 74.112346][ T639] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 74.112354][ T639] rtnl_dellink+0x350/0xa30
[ 74.112360][ T639] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 74.112379][ T639] ? find_held_lock+0x2b/0x80
[ 74.112387][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.112394][ T639] ? find_held_lock+0x2b/0x80
[ 74.112398][ T639] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 74.112401][ T639] ? __lock_release+0x5d/0x170
[ 74.112405][ T639] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 74.112409][ T639] rtnetlink_rcv_msg+0x709/0xc00
[ 74.112412][ T639] ? rtnl_port_fill+0x850/0x850
[ 74.112415][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.112423][ T639] netlink_rcv_skb+0x121/0x340
[ 74.112429][ T639] ? rtnl_port_fill+0x850/0x850
[ 74.112432][ T639] ? netlink_ack+0xdd0/0xdd0
[ 74.112439][ T639] ? netlink_deliver_tap+0x13e/0x340
[ 74.112442][ T639] ? netlink_deliver_tap+0xc3/0x340
[ 74.112445][ T639] netlink_unicast+0x4aa/0x780
[ 74.112449][ T639] ? netlink_attachskb+0x810/0x810
[ 74.112453][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.112459][ T639] netlink_sendmsg+0x714/0xbd0
[ 74.112464][ T639] ? netlink_unicast+0x780/0x780
[ 74.112468][ T639] ? __import_iovec+0x230/0x3b0
[ 74.112475][ T639] ? netlink_unicast+0x780/0x780
[ 74.112479][ T639] ____sys_sendmsg+0x3dd/0x890
[ 74.112486][ T639] ? get_timestamp.constprop.0+0x380/0x380
[ 74.112489][ T639] ? __copy_msghdr+0x3c0/0x3c0
[ 74.112497][ T639] ___sys_sendmsg+0xed/0x170
[ 74.112500][ T639] ? kasan_record_aux_stack+0x8c/0xa0
[ 74.112503][ T639] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 74.112513][ T639] ? copy_msghdr_from_user+0x110/0x110
[ 74.112518][ T639] ? find_held_lock+0x2b/0x80
[ 74.112523][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.112528][ T639] ? find_held_lock+0x2b/0x80
[ 74.112532][ T639] ? __virt_addr_valid+0x22a/0x450
[ 74.112540][ T639] ? __lock_release+0x5d/0x170
[ 74.112546][ T639] __sys_sendmsg+0x10b/0x1a0
[ 74.112550][ T639] ? __call_rcu_common.constprop.0+0x318/0x630
[ 74.112554][ T639] ? __sys_sendmsg_sock+0x20/0x20
[ 74.112561][ T639] ? rcu_is_watching+0x12/0xb0
[ 74.112565][ T639] do_syscall_64+0xc1/0xfd0
[ 74.112572][ T639] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 74.112577][ T639] RIP: 0033:0x7f782d20c1d7
[ 74.112583][ T639] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 74.112586][ T639] RSP: 002b:00007ffdd57b59b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 74.112591][ T639] RAX: ffffffffffffffda RBX: 00007ffdd57b60e0 RCX: 00007f782d20c1d7
[ 74.112593][ T639] RDX: 0000000000000000 RSI: 00007ffdd57b5a20 RDI: 0000000000000005
[ 74.112595][ T639] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 74.112596][ T639] R10: 00007f782d108f60 R11: 0000000000000246 R12: 0000000000000002
[ 74.112599][ T639] R13: 00000000690ded2d R14: 0000000000499600 R15: 0000000000000000
[ 74.112605][ T639]
[ 74.112607][ T639]
[ 74.126539][ T639] Allocated by task 374:
[ 74.126681][ T639] kasan_save_stack+0x24/0x40
[ 74.126891][ T639] kasan_save_track+0x14/0x30
[ 74.127068][ T639] __kasan_kmalloc+0x7b/0x90
[ 74.127256][ T639] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 74.127463][ T639] alloc_netdev_mqs+0x7d/0x1370
[ 74.127649][ T639] rtnl_create_link+0xa9e/0xe20
[ 74.127836][ T639] rtnl_newlink_create+0x203/0x770
[ 74.128032][ T639] __rtnl_newlink+0x231/0xa30
[ 74.128220][ T639] rtnl_newlink+0x693/0xa60
[ 74.128406][ T639] rtnetlink_rcv_msg+0x709/0xc00
[ 74.128583][ T639] netlink_rcv_skb+0x121/0x340
[ 74.128762][ T639] netlink_unicast+0x4aa/0x780
[ 74.128968][ T639] netlink_sendmsg+0x714/0xbd0
[ 74.129187][ T639] ____sys_sendmsg+0x3dd/0x890
[ 74.129375][ T639] ___sys_sendmsg+0xed/0x170
[ 74.129559][ T639] __sys_sendmsg+0x10b/0x1a0
[ 74.129740][ T639] do_syscall_64+0xc1/0xfd0
[ 74.129941][ T639] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 74.130223][ T639]
[ 74.130318][ T639] Freed by task 639:
[ 74.130465][ T639] kasan_save_stack+0x24/0x40
[ 74.130800][ T639] kasan_save_track+0x14/0x30
[ 74.131133][ T639] __kasan_save_free_info+0x3b/0x60
[ 74.131394][ T639] __kasan_slab_free+0x3f/0x60
[ 74.131582][ T639] kfree+0x21d/0x540
[ 74.131726][ T639] device_release+0x9c/0x210
[ 74.131932][ T639] kobject_cleanup+0xfe/0x360
[ 74.132119][ T639] netdev_run_todo+0x81f/0xc60
[ 74.132313][ T639] rtnl_dellink+0x350/0xa30
[ 74.132501][ T639] rtnetlink_rcv_msg+0x709/0xc00
[ 74.132703][ T639] netlink_rcv_skb+0x121/0x340
[ 74.132899][ T639] netlink_unicast+0x4aa/0x780
[ 74.133082][ T639] netlink_sendmsg+0x714/0xbd0
[ 74.133266][ T639] ____sys_sendmsg+0x3dd/0x890
[ 74.133472][ T639] ___sys_sendmsg+0xed/0x170
[ 74.133716][ T639] __sys_sendmsg+0x10b/0x1a0
[ 74.133998][ T639] do_syscall_64+0xc1/0xfd0
[ 74.134290][ T639] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 74.134635][ T639]
[ 74.134780][ T639] The buggy address belongs to the object at ffff888008d31000
[ 74.134780][ T639] which belongs to the cache kmalloc-4k of size 4096
[ 74.135468][ T639] The buggy address is located 1708 bytes inside of
[ 74.135468][ T639] freed 4096-byte region [ffff888008d31000, ffff888008d32000)
[ 74.136156][ T639]
[ 74.136294][ T639] The buggy address belongs to the physical page:
[ 74.136795][ T639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8d30
[ 74.137279][ T639] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 74.137668][ T639] flags: 0x80000000000040(head|node=0|zone=1)
[ 74.138198][ T639] page_type: f5(slab)
[ 74.138422][ T639] raw: 0080000000000040 ffff888001043700 ffffea000038f210 ffffea0000231c10
[ 74.138959][ T639] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 74.139473][ T639] head: 0080000000000040 ffff888001043700 ffffea000038f210 ffffea0000231c10
[ 74.139985][ T639] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 74.140711][ T639] head: 0080000000000003 ffffea0000234c01 00000000ffffffff 00000000ffffffff
[ 74.141238][ T639] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 74.141732][ T639] page dumped because: kasan: bad access detected
[ 74.142080][ T639]
[ 74.142215][ T639] Memory state around the buggy address:
[ 74.142513][ T639] ffff888008d31580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.142936][ T639] ffff888008d31600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.143327][ T639] >ffff888008d31680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.143727][ T639] ^
[ 74.143974][ T639] ffff888008d31700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.144338][ T639] ffff888008d31780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.144705][ T639] ==================================================================
[ 74.145317][ T639] Disabling lock debugging due to kernel taint
[ 74.145816][ T639] ------------[ cut here ]------------
[ 74.146152][ T639] refcount_t: underflow; use-after-free.
[ 74.146503][ T639] WARNING: CPU: 3 PID: 639 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 74.147165][ T639] Modules linked in: act_gact cls_flower sch_ingress ip6_gre ip6_tunnel tunnel6 gre 8021q vrf veth
[ 74.147810][ T639] CPU: 3 UID: 0 PID: 639 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 74.148478][ T639] Tainted: [B]=BAD_PAGE
[ 74.148715][ T639] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 74.149148][ T639] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 74.149551][ T639] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 85 93 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 74.150837][ T639] RSP: 0000:ffffc90000f0f1f0 EFLAGS: 00010286
[ 74.151282][ T639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 74.151726][ T639] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 74.152201][ T639] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff283e134
[ 74.152659][ T639] R10: 0000000000000003 R11: ffffc90000f0ed80 R12: 0000000000000001
[ 74.153306][ T639] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 74.153792][ T639] FS: 00007f782d03e800(0000) GS:ffff8880a0d72000(0000) knlGS:0000000000000000
[ 74.154564][ T639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 74.155176][ T639] CR2: 00007f782d3f1b30 CR3: 000000000a419006 CR4: 0000000000772ef0
[ 74.155828][ T639] PKRU: 55555554
[ 74.156081][ T639] Call Trace:
[ 74.156334][ T639]
[ 74.156482][ T639] netdev_run_todo+0x5f0/0xc60
[ 74.156771][ T639] ? dev_ingress_queue_create+0x190/0x190
[ 74.157087][ T639] ? generic_xdp_install+0x410/0x410
[ 74.157380][ T639] ? unregister_netdevice_many+0x20/0x20
[ 74.157676][ T639] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 74.158269][ T639] rtnl_dellink+0x350/0xa30
[ 74.158590][ T639] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 74.159007][ T639] ? find_held_lock+0x2b/0x80
[ 74.159294][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.159578][ T639] ? find_held_lock+0x2b/0x80
[ 74.160062][ T639] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 74.160633][ T639] ? __lock_release+0x5d/0x170
[ 74.161180][ T639] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 74.161596][ T639] rtnetlink_rcv_msg+0x709/0xc00
[ 74.161923][ T639] ? rtnl_port_fill+0x850/0x850
[ 74.162264][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.162810][ T639] netlink_rcv_skb+0x121/0x340
[ 74.163163][ T639] ? rtnl_port_fill+0x850/0x850
[ 74.163474][ T639] ? netlink_ack+0xdd0/0xdd0
[ 74.163772][ T639] ? netlink_deliver_tap+0x13e/0x340
[ 74.164268][ T639] ? netlink_deliver_tap+0xc3/0x340
[ 74.164562][ T639] netlink_unicast+0x4aa/0x780
[ 74.164868][ T639] ? netlink_attachskb+0x810/0x810
[ 74.165179][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.165674][ T639] netlink_sendmsg+0x714/0xbd0
[ 74.165994][ T639] ? netlink_unicast+0x780/0x780
[ 74.166297][ T639] ? __import_iovec+0x230/0x3b0
[ 74.166654][ T639] ? netlink_unicast+0x780/0x780
[ 74.167174][ T639] ____sys_sendmsg+0x3dd/0x890
[ 74.167484][ T639] ? get_timestamp.constprop.0+0x380/0x380
[ 74.167863][ T639] ? __copy_msghdr+0x3c0/0x3c0
[ 74.168397][ T639] ___sys_sendmsg+0xed/0x170
[ 74.168722][ T639] ? kasan_record_aux_stack+0x8c/0xa0
[ 74.169044][ T639] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 74.169434][ T639] ? copy_msghdr_from_user+0x110/0x110
[ 74.169912][ T639] ? find_held_lock+0x2b/0x80
[ 74.170233][ T639] ? __lock_acquire+0x449/0x7e0
[ 74.170541][ T639] ? find_held_lock+0x2b/0x80
[ 74.170842][ T639] ? __virt_addr_valid+0x22a/0x450
[ 74.171355][ T639] ? __lock_release+0x5d/0x170
[ 74.171665][ T639] __sys_sendmsg+0x10b/0x1a0
[ 74.172025][ T639] ? __call_rcu_common.constprop.0+0x318/0x630
[ 74.172406][ T639] ? __sys_sendmsg_sock+0x20/0x20
[ 74.172953][ T639] ? rcu_is_watching+0x12/0xb0
[ 74.173301][ T639] do_syscall_64+0xc1/0xfd0
[ 74.173603][ T639] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 74.173998][ T639] RIP: 0033:0x7f782d20c1d7
[ 74.174503][ T639] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 74.175843][ T639] RSP: 002b:00007ffdd57b59b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 74.176381][ T639] RAX: ffffffffffffffda RBX: 00007ffdd57b60e0 RCX: 00007f782d20c1d7
[ 74.176853][ T639] RDX: 0000000000000000 RSI: 00007ffdd57b5a20 RDI: 0000000000000005
[ 74.177538][ T639] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 74.178001][ T639] R10: 00007f782d108f60 R11: 0000000000000246 R12: 0000000000000002
[ 74.178449][ T639] R13: 00000000690ded2d R14: 0000000000499600 R15: 0000000000000000
[ 74.179115][ T639]
[ 74.179361][ T639] irq event stamp: 39407
[ 74.179595][ T639] hardirqs last enabled at (39407): [] finish_task_switch.isra.0+0x245/0x960
[ 74.180412][ T639] hardirqs last disabled at (39406): [] __schedule+0x94a/0x1b10
[ 74.180955][ T639] softirqs last enabled at (39326): [] handle_softirqs+0x352/0x610
[ 74.181684][ T639] softirqs last disabled at (39317): [] irq_exit_rcu+0xab/0x100
[ 74.182235][ T639] ---[ end trace 0000000000000000 ]---
[ 74.191552][ T639] ip (639) used greatest stack depth: 24232 bytes left