[ 20.680951][ T317] gre: GRE over IPv4 demultiplexer driver
[ 20.699193][ T317] ip_gre: GRE over IPv4 tunneling driver
[ 21.763580][ T327] GACT probability NOT on
[ 22.042216][ T329] ip6_gre: GRE over IPv6 tunneling driver
[ 22.239826][ T10] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 22.374917][ T10] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 22.422608][ T10] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 22.982910][ T12] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 23.366554][ T10] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 23.665853][ T343] br1: port 1(veth1) entered blocking state
[ 23.666788][ T343] br1: port 1(veth1) entered disabled state
[ 23.667367][ T343] veth1: entered allmulticast mode
[ 23.670932][ T343] veth1: entered promiscuous mode
[ 23.788140][ T71] br1: port 1(veth1) entered blocking state
[ 23.788762][ T71] br1: port 1(veth1) entered forwarding state
[ 23.904328][ T345] br1: port 2(veth2) entered blocking state
[ 23.904746][ T345] br1: port 2(veth2) entered disabled state
[ 23.905177][ T345] veth2: entered allmulticast mode
[ 23.908799][ T345] veth2: entered promiscuous mode
[ 24.006847][ T12] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 24.007917][ T12] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 24.015805][ T71] br1: port 2(veth2) entered blocking state
[ 24.016235][ T71] br1: port 2(veth2) entered forwarding state
[ 24.768617][ T70] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 24.904536][ T10] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 25.151552][ T70] ip6_tunnel: gt6 xmit: Local address not yet configured!
[ 28.614623][ C0] ip6_tnl_xmit_ctl: 9 callbacks suppressed
[ 28.614634][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 32.518657][ T387] Mirror/redirect action on
[ 36.806610][ C0] ip6_tunnel: h3-gt6 xmit: Local address not yet configured!
[ 49.116367][ T477] ==================================================================
[ 49.116668][ T477] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 49.116947][ T477] Read of size 1 at addr ffff88800b5d16ac by task ip/477
[ 49.117164][ T477]
[ 49.117268][ T477] CPU: 2 UID: 0 PID: 477 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 49.117273][ T477] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 49.117277][ T477] Call Trace:
[ 49.117281][ T477]
[ 49.117283][ T477] dump_stack_lvl+0x82/0xc0
[ 49.117289][ T477] print_address_description.constprop.0+0x2c/0x3a0
[ 49.117294][ T477] ? kobject_put+0xbb/0xd0
[ 49.117298][ T477] print_report+0xb4/0x270
[ 49.117301][ T477] ? kobject_put+0xbb/0xd0
[ 49.117304][ T477] ? kasan_addr_to_slab+0x21/0x70
[ 49.117307][ T477] ? kobject_put+0xbb/0xd0
[ 49.117310][ T477] kasan_report+0xca/0x100
[ 49.117314][ T477] ? kobject_put+0xbb/0xd0
[ 49.117319][ T477] kobject_put+0xbb/0xd0
[ 49.117323][ T477] netdev_run_todo+0x5f0/0xc60
[ 49.117328][ T477] ? dev_ingress_queue_create+0x190/0x190
[ 49.117331][ T477] ? generic_xdp_install+0x410/0x410
[ 49.117334][ T477] ? unregister_netdevice_many+0x20/0x20
[ 49.117337][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.117348][ T477] rtnl_dellink+0x350/0xa30
[ 49.117356][ T477] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 49.117389][ T477] ? find_held_lock+0x2b/0x80
[ 49.117396][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.117406][ T477] ? find_held_lock+0x2b/0x80
[ 49.117411][ T477] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 49.117415][ T477] ? __lock_release+0x5d/0x170
[ 49.117421][ T477] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 49.117424][ T477] rtnetlink_rcv_msg+0x709/0xc00
[ 49.117428][ T477] ? rtnl_port_fill+0x850/0x850
[ 49.117431][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.117438][ T477] netlink_rcv_skb+0x121/0x340
[ 49.117442][ T477] ? rtnl_port_fill+0x850/0x850
[ 49.117446][ T477] ? netlink_ack+0xdd0/0xdd0
[ 49.117452][ T477] ? netlink_deliver_tap+0x13e/0x340
[ 49.117455][ T477] ? netlink_deliver_tap+0xc3/0x340
[ 49.117459][ T477] netlink_unicast+0x4aa/0x780
[ 49.117463][ T477] ? netlink_attachskb+0x810/0x810
[ 49.117467][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.117472][ T477] netlink_sendmsg+0x714/0xbd0
[ 49.117477][ T477] ? netlink_unicast+0x780/0x780
[ 49.117480][ T477] ? __import_iovec+0x230/0x3b0
[ 49.117486][ T477] ? netlink_unicast+0x780/0x780
[ 49.117489][ T477] ____sys_sendmsg+0x3dd/0x890
[ 49.117495][ T477] ? get_timestamp.constprop.0+0x380/0x380
[ 49.117498][ T477] ? __copy_msghdr+0x3c0/0x3c0
[ 49.117506][ T477] ___sys_sendmsg+0xed/0x170
[ 49.117509][ T477] ? kasan_record_aux_stack+0x8c/0xa0
[ 49.117512][ T477] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 49.117518][ T477] ? copy_msghdr_from_user+0x110/0x110
[ 49.117523][ T477] ? find_held_lock+0x2b/0x80
[ 49.117528][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.117534][ T477] ? find_held_lock+0x2b/0x80
[ 49.117537][ T477] ? __virt_addr_valid+0x22a/0x450
[ 49.117542][ T477] ? __lock_release+0x5d/0x170
[ 49.117549][ T477] __sys_sendmsg+0x10b/0x1a0
[ 49.117552][ T477] ? __call_rcu_common.constprop.0+0x318/0x630
[ 49.117556][ T477] ? __sys_sendmsg_sock+0x20/0x20
[ 49.117563][ T477] ? rcu_is_watching+0x12/0xb0
[ 49.117567][ T477] do_syscall_64+0xc1/0xfd0
[ 49.117573][ T477] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 49.117576][ T477] RIP: 0033:0x7f16cae241d7
[ 49.117581][ T477] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 49.117584][ T477] RSP: 002b:00007ffc164a30d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.117588][ T477] RAX: ffffffffffffffda RBX: 00007ffc164a3800 RCX: 00007f16cae241d7
[ 49.117591][ T477] RDX: 0000000000000000 RSI: 00007ffc164a3140 RDI: 0000000000000005
[ 49.117592][ T477] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 49.117594][ T477] R10: 00007f16cad20f60 R11: 0000000000000246 R12: 0000000000000002
[ 49.117596][ T477] R13: 00000000690df99b R14: 0000000000499600 R15: 0000000000000000
[ 49.117602][ T477]
[ 49.117603][ T477]
[ 49.133344][ T477] Allocated by task 351:
[ 49.133500][ T477] kasan_save_stack+0x24/0x40
[ 49.133815][ T477] kasan_save_track+0x14/0x30
[ 49.134038][ T477] __kasan_kmalloc+0x7b/0x90
[ 49.134204][ T477] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 49.134622][ T477] alloc_netdev_mqs+0x7d/0x1370
[ 49.134821][ T477] rtnl_create_link+0xa9e/0xe20
[ 49.135133][ T477] rtnl_newlink_create+0x203/0x770
[ 49.135361][ T477] __rtnl_newlink+0x231/0xa30
[ 49.135549][ T477] rtnl_newlink+0x693/0xa60
[ 49.135726][ T477] rtnetlink_rcv_msg+0x709/0xc00
[ 49.135938][ T477] netlink_rcv_skb+0x121/0x340
[ 49.136131][ T477] netlink_unicast+0x4aa/0x780
[ 49.136308][ T477] netlink_sendmsg+0x714/0xbd0
[ 49.136581][ T477] ____sys_sendmsg+0x3dd/0x890
[ 49.136809][ T477] ___sys_sendmsg+0xed/0x170
[ 49.137000][ T477] __sys_sendmsg+0x10b/0x1a0
[ 49.137204][ T477] do_syscall_64+0xc1/0xfd0
[ 49.137433][ T477] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 49.137775][ T477]
[ 49.138024][ T477] Freed by task 477:
[ 49.138158][ T477] kasan_save_stack+0x24/0x40
[ 49.138337][ T477] kasan_save_track+0x14/0x30
[ 49.138612][ T477] __kasan_save_free_info+0x3b/0x60
[ 49.138889][ T477] __kasan_slab_free+0x3f/0x60
[ 49.139069][ T477] kfree+0x21d/0x540
[ 49.139203][ T477] device_release+0x9c/0x210
[ 49.139391][ T477] kobject_cleanup+0xfe/0x360
[ 49.139591][ T477] netdev_run_todo+0x81f/0xc60
[ 49.139835][ T477] rtnl_dellink+0x350/0xa30
[ 49.140019][ T477] rtnetlink_rcv_msg+0x709/0xc00
[ 49.140236][ T477] netlink_rcv_skb+0x121/0x340
[ 49.140553][ T477] netlink_unicast+0x4aa/0x780
[ 49.140790][ T477] netlink_sendmsg+0x714/0xbd0
[ 49.141002][ T477] ____sys_sendmsg+0x3dd/0x890
[ 49.141229][ T477] ___sys_sendmsg+0xed/0x170
[ 49.141534][ T477] __sys_sendmsg+0x10b/0x1a0
[ 49.141728][ T477] do_syscall_64+0xc1/0xfd0
[ 49.141968][ T477] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 49.142195][ T477]
[ 49.142286][ T477] The buggy address belongs to the object at ffff88800b5d1000
[ 49.142286][ T477] which belongs to the cache kmalloc-4k of size 4096
[ 49.142833][ T477] The buggy address is located 1708 bytes inside of
[ 49.142833][ T477] freed 4096-byte region [ffff88800b5d1000, ffff88800b5d2000)
[ 49.143368][ T477]
[ 49.143510][ T477] The buggy address belongs to the physical page:
[ 49.143798][ T477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb5d0
[ 49.144263][ T477] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 49.144594][ T477] flags: 0x80000000000040(head|node=0|zone=1)
[ 49.144822][ T477] page_type: f5(slab)
[ 49.144968][ T477] raw: 0080000000000040 ffff888001043700 ffffea0000132210 ffff8880010410e8
[ 49.145407][ T477] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 49.145722][ T477] head: 0080000000000040 ffff888001043700 ffffea0000132210 ffff8880010410e8
[ 49.146137][ T477] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 49.146513][ T477] head: 0080000000000003 ffffea00002d7401 00000000ffffffff 00000000ffffffff
[ 49.146954][ T477] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 49.147348][ T477] page dumped because: kasan: bad access detected
[ 49.147584][ T477]
[ 49.147764][ T477] Memory state around the buggy address:
[ 49.147938][ T477] ffff88800b5d1580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.148204][ T477] ffff88800b5d1600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.148583][ T477] >ffff88800b5d1680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.148904][ T477] ^
[ 49.149127][ T477] ffff88800b5d1700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.149495][ T477] ffff88800b5d1780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.149842][ T477] ==================================================================
[ 49.150851][ T477] Disabling lock debugging due to kernel taint
[ 49.151194][ T477] ------------[ cut here ]------------
[ 49.152056][ T477] refcount_t: underflow; use-after-free.
[ 49.152370][ T477] WARNING: CPU: 2 PID: 477 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 49.152716][ T477] Modules linked in: cls_flower act_mirred bridge stp llc ip6_gre ip6_tunnel tunnel6 act_gact cls_matchall ip_gre gre sch_ingress vrf veth
[ 49.153395][ T477] CPU: 2 UID: 0 PID: 477 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 49.153805][ T477] Tainted: [B]=BAD_PAGE
[ 49.153986][ T477] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 49.155133][ T477] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 49.155486][ T477] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 45 87 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 49.156277][ T477] RSP: 0018:ffffc90000be71f0 EFLAGS: 00010286
[ 49.156670][ T477] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 49.157091][ T477] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 49.157525][ T477] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff0fbe134
[ 49.157926][ T477] R10: 0000000000000003 R11: ffffc90000be6d80 R12: 0000000000000001
[ 49.158319][ T477] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 49.158784][ T477] FS: 00007f16cac56800(0000) GS:ffff8880ad0f2000(0000) knlGS:0000000000000000
[ 49.159166][ T477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.159613][ T477] CR2: 00000000004e5530 CR3: 000000000ca2f005 CR4: 0000000000772ef0
[ 49.160017][ T477] PKRU: 55555554
[ 49.160276][ T477] Call Trace:
[ 49.160640][ T477]
[ 49.160859][ T477] netdev_run_todo+0x5f0/0xc60
[ 49.161159][ T477] ? dev_ingress_queue_create+0x190/0x190
[ 49.161473][ T477] ? generic_xdp_install+0x410/0x410
[ 49.161794][ T477] ? unregister_netdevice_many+0x20/0x20
[ 49.162050][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.162346][ T477] rtnl_dellink+0x350/0xa30
[ 49.162765][ T477] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 49.163092][ T477] ? find_held_lock+0x2b/0x80
[ 49.163383][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.163645][ T477] ? find_held_lock+0x2b/0x80
[ 49.163983][ T477] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 49.164242][ T477] ? __lock_release+0x5d/0x170
[ 49.164521][ T477] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 49.164816][ T477] rtnetlink_rcv_msg+0x709/0xc00
[ 49.165158][ T477] ? rtnl_port_fill+0x850/0x850
[ 49.165450][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.165793][ T477] netlink_rcv_skb+0x121/0x340
[ 49.166050][ T477] ? rtnl_port_fill+0x850/0x850
[ 49.166444][ T477] ? netlink_ack+0xdd0/0xdd0
[ 49.166811][ T477] ? netlink_deliver_tap+0x13e/0x340
[ 49.167064][ T477] ? netlink_deliver_tap+0xc3/0x340
[ 49.167413][ T477] netlink_unicast+0x4aa/0x780
[ 49.167714][ T477] ? netlink_attachskb+0x810/0x810
[ 49.167986][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.168313][ T477] netlink_sendmsg+0x714/0xbd0
[ 49.168588][ T477] ? netlink_unicast+0x780/0x780
[ 49.168925][ T477] ? __import_iovec+0x230/0x3b0
[ 49.169254][ T477] ? netlink_unicast+0x780/0x780
[ 49.169575][ T477] ____sys_sendmsg+0x3dd/0x890
[ 49.169897][ T477] ? get_timestamp.constprop.0+0x380/0x380
[ 49.170237][ T477] ? __copy_msghdr+0x3c0/0x3c0
[ 49.170661][ T477] ___sys_sendmsg+0xed/0x170
[ 49.170920][ T477] ? kasan_record_aux_stack+0x8c/0xa0
[ 49.171171][ T477] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 49.171565][ T477] ? copy_msghdr_from_user+0x110/0x110
[ 49.171819][ T477] ? find_held_lock+0x2b/0x80
[ 49.172119][ T477] ? __lock_acquire+0x449/0x7e0
[ 49.172486][ T477] ? find_held_lock+0x2b/0x80
[ 49.172737][ T477] ? __virt_addr_valid+0x22a/0x450
[ 49.172960][ T477] ? __lock_release+0x5d/0x170
[ 49.173153][ T477] __sys_sendmsg+0x10b/0x1a0
[ 49.173390][ T477] ? __call_rcu_common.constprop.0+0x318/0x630
[ 49.173702][ T477] ? __sys_sendmsg_sock+0x20/0x20
[ 49.173955][ T477] ? rcu_is_watching+0x12/0xb0
[ 49.174176][ T477] do_syscall_64+0xc1/0xfd0
[ 49.174454][ T477] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 49.174840][ T477] RIP: 0033:0x7f16cae241d7
[ 49.175077][ T477] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 49.175734][ T477] RSP: 002b:00007ffc164a30d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 49.176027][ T477] RAX: ffffffffffffffda RBX: 00007ffc164a3800 RCX: 00007f16cae241d7
[ 49.176392][ T477] RDX: 0000000000000000 RSI: 00007ffc164a3140 RDI: 0000000000000005
[ 49.176682][ T477] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 49.176975][ T477] R10: 00007f16cad20f60 R11: 0000000000000246 R12: 0000000000000002
[ 49.177331][ T477] R13: 00000000690df99b R14: 0000000000499600 R15: 0000000000000000
[ 49.177718][ T477]
[ 49.177881][ T477] irq event stamp: 46479
[ 49.178033][ T477] hardirqs last enabled at (46479): [] finish_task_switch.isra.0+0x245/0x960
[ 49.178430][ T477] hardirqs last disabled at (46478): [] __schedule+0x94a/0x1b10
[ 49.178930][ T477] softirqs last enabled at (46310): [] handle_softirqs+0x352/0x610
[ 49.179319][ T477] softirqs last disabled at (46303): [] irq_exit_rcu+0xab/0x100
[ 49.179706][ T477] ---[ end trace 0000000000000000 ]---
[ 49.185028][ T477] ip (477) used greatest stack depth: 24232 bytes left
[ 49.419672][ T482] br1: port 1(veth1) entered disabled state
[ 49.516946][ T483] br1: port 2(veth2) entered disabled state
[ 49.574525][ T484] veth2: left allmulticast mode
[ 49.574816][ T484] veth2: left promiscuous mode
[ 49.575173][ T484] br1: port 2(veth2) entered disabled state
[ 49.576410][ T484] veth1: left allmulticast mode
[ 49.576626][ T484] veth1: left promiscuous mode
[ 49.576975][ T484] br1: port 1(veth1) entered disabled state