[ 1605.910935][T10343] veth1: entered promiscuous mode
[ 1606.257719][T10347] veth1: left promiscuous mode
[ 1609.626609][T10369] veth1: entered promiscuous mode
[ 1636.306195][T10451] veth1: entered allmulticast mode
[ 1643.161951][T10466] veth1: left allmulticast mode
[ 1668.740386][T10630] veth1: left promiscuous mode
[ 1669.282772][   T76] ==================================================================
[ 1669.283014][   T76] BUG: KASAN: slab-use-after-free in neigh_flush_dev.isra.0+0x5e7/0x650
[ 1669.283231][   T76] Write of size 8 at addr ffff888039110418 by task kworker/u18:2/76
[ 1669.283431][   T76] 
[ 1669.283509][   T76] CPU: 2 UID: 0 PID: 76 Comm: kworker/u18:2 Not tainted 6.12.0-rc3-virtme #1
[ 1669.283766][   T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1669.284075][   T76] Workqueue: events_unbound linkwatch_event
[ 1669.284252][   T76] Call Trace:
[ 1669.284361][   T76]  <TASK>
[ 1669.284435][   T76]  dump_stack_lvl+0x82/0xd0
[ 1669.284574][   T76]  print_address_description.constprop.0+0x2c/0x3b0
[ 1669.284740][   T76]  ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 1669.284879][   T76]  print_report+0xb4/0x270
[ 1669.285032][   T76]  ? kasan_addr_to_slab+0x25/0x80
[ 1669.285175][   T76]  kasan_report+0xbd/0xf0
[ 1669.285276][   T76]  ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 1669.285464][   T76]  neigh_flush_dev.isra.0+0x5e7/0x650
[ 1669.285601][   T76]  ? lock_acquire+0x32/0xc0
[ 1669.285737][   T76]  __neigh_ifdown.isra.0+0x74/0x440
[ 1669.285906][   T76]  neigh_carrier_down+0x13/0x20
[ 1669.286036][   T76]  arp_netdev_event+0x238/0x330
[ 1669.286182][   T76]  ? trace_notifier_run+0xe2/0x140
[ 1669.286326][   T76]  notifier_call_chain+0xcd/0x150
[ 1669.286477][   T76]  netdev_state_change+0xf5/0x120
[ 1669.286610][   T76]  ? __pfx_netdev_state_change+0x10/0x10
[ 1669.286740][   T76]  ? dev_deactivate+0xc1/0x1b0
[ 1669.286881][   T76]  linkwatch_do_dev+0xd2/0x100
[ 1669.287013][   T76]  __linkwatch_run_queue+0x1df/0x650
[ 1669.287143][   T76]  ? trace_lock_acquire+0x14d/0x1f0
[ 1669.287275][   T76]  ? __pfx___linkwatch_run_queue+0x10/0x10
[ 1669.287472][   T76]  ? process_one_work+0xe0b/0x16d0
[ 1669.287684][   T76]  ? lock_acquire+0x32/0xc0
[ 1669.287840][   T76]  linkwatch_event+0x40/0x60
[ 1669.287969][   T76]  process_one_work+0xe55/0x16d0
[ 1669.288105][   T76]  ? __pfx___lock_release+0x10/0x10
[ 1669.288235][   T76]  ? __pfx_process_one_work+0x10/0x10
[ 1669.288367][   T76]  ? assign_work+0x16c/0x240
[ 1669.288499][   T76]  worker_thread+0x58c/0xce0
[ 1669.288639][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 1669.288767][   T76]  kthread+0x28a/0x350
[ 1669.288884][   T76]  ? __pfx_kthread+0x10/0x10
[ 1669.289017][   T76]  ret_from_fork+0x31/0x70
[ 1669.289150][   T76]  ? __pfx_kthread+0x10/0x10
[ 1669.289281][   T76]  ret_from_fork_asm+0x1a/0x30
[ 1669.289437][   T76]  </TASK>
[ 1669.289538][   T76] 
[ 1669.289605][   T76] Allocated by task 10634:
[ 1669.289743][   T76]  kasan_save_stack+0x24/0x50
[ 1669.289897][   T76]  kasan_save_track+0x14/0x30
[ 1669.290028][   T76]  __kasan_kmalloc+0x7f/0x90
[ 1669.290156][   T76]  __kmalloc_noprof+0x1ab/0x3a0
[ 1669.290288][   T76]  p9_fcall_init+0x7d/0x220
[ 1669.290426][   T76]  p9_tag_alloc+0x1bd/0x700
[ 1669.290556][   T76]  p9_client_prepare_req+0xe6/0x290
[ 1669.290685][   T76]  p9_client_rpc+0x18d/0x930
[ 1669.290826][   T76]  p9_client_read_once+0x1f1/0x860
[ 1669.290966][   T76]  p9_client_read+0xfd/0x160
[ 1669.291095][   T76]  v9fs_issue_read+0x10c/0x2d0
[ 1669.291249][   T76]  netfs_dispatch_unbuffered_reads.isra.0+0x4e6/0x8f0
[ 1669.291417][   T76]  netfs_unbuffered_read+0x8e/0x310
[ 1669.291552][   T76]  netfs_unbuffered_read_iter_locked+0x52e/0x6f0
[ 1669.291746][   T76]  netfs_unbuffered_read_iter+0xa4/0xe0
[ 1669.291883][   T76]  do_iter_readv_writev+0x433/0x670
[ 1669.292021][   T76]  vfs_iter_read+0x11e/0x520
[ 1669.292154][   T76]  backing_file_read_iter+0x4c8/0x6f0
[ 1669.292285][   T76]  ovl_read_iter+0x200/0x270
[ 1669.292429][   T76]  vfs_read+0x74c/0xcd0
[ 1669.292530][   T76]  ksys_read+0xf5/0x1e0
[ 1669.292636][   T76]  do_syscall_64+0xc1/0x1d0
[ 1669.292773][   T76]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1669.292947][   T76] 
[ 1669.293015][   T76] Freed by task 10634:
[ 1669.293121][   T76]  kasan_save_stack+0x24/0x50
[ 1669.293254][   T76]  kasan_save_track+0x14/0x30
[ 1669.293403][   T76]  kasan_save_free_info+0x3b/0x60
[ 1669.293553][   T76]  __kasan_slab_free+0x38/0x50
[ 1669.293683][   T76]  kfree+0xf3/0x340
[ 1669.293786][   T76]  p9_req_put+0x1cd/0x220
[ 1669.293890][   T76]  p9_client_read_once+0x2d9/0x860
[ 1669.294027][   T76]  p9_client_read+0xfd/0x160
[ 1669.294158][   T76]  v9fs_issue_read+0x10c/0x2d0
[ 1669.294293][   T76]  netfs_dispatch_unbuffered_reads.isra.0+0x4e6/0x8f0
[ 1669.294462][   T76]  netfs_unbuffered_read+0x8e/0x310
[ 1669.294590][   T76]  netfs_unbuffered_read_iter_locked+0x52e/0x6f0
[ 1669.294771][   T76]  netfs_unbuffered_read_iter+0xa4/0xe0
[ 1669.294903][   T76]  do_iter_readv_writev+0x433/0x670
[ 1669.295035][   T76]  vfs_iter_read+0x11e/0x520
[ 1669.295176][   T76]  backing_file_read_iter+0x4c8/0x6f0
[ 1669.295313][   T76]  ovl_read_iter+0x200/0x270
[ 1669.295443][   T76]  vfs_read+0x74c/0xcd0
[ 1669.295560][   T76]  ksys_read+0xf5/0x1e0
[ 1669.295672][   T76]  do_syscall_64+0xc1/0x1d0
[ 1669.295805][   T76]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1669.295979][   T76] 
[ 1669.296047][   T76] The buggy address belongs to the object at ffff888039110400
[ 1669.296047][   T76]  which belongs to the cache kmalloc-1k of size 1024
[ 1669.296380][   T76] The buggy address is located 24 bytes inside of
[ 1669.296380][   T76]  freed 1024-byte region [ffff888039110400, ffff888039110800)
[ 1669.296726][   T76] 
[ 1669.296798][   T76] The buggy address belongs to the physical page:
[ 1669.296989][   T76] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39110
[ 1669.297223][   T76] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1669.297435][   T76] flags: 0x80000000000040(head|node=0|zone=1)
[ 1669.297609][   T76] page_type: f5(slab)
[ 1669.297718][   T76] raw: 0080000000000040 ffff8880010430c0 ffffea000016a610 ffffea0000098210
[ 1669.297955][   T76] raw: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 1669.298206][   T76] head: 0080000000000040 ffff8880010430c0 ffffea000016a610 ffffea0000098210
[ 1669.298440][   T76] head: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 1669.298753][   T76] head: 0080000000000003 ffffea0000e44401 ffffffffffffffff 0000000000000000
[ 1669.298990][   T76] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 1669.299222][   T76] page dumped because: kasan: bad access detected
[ 1669.299466][   T76] 
[ 1669.299532][   T76] Memory state around the buggy address:
[ 1669.299658][   T76]  ffff888039110300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1669.299854][   T76]  ffff888039110380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1669.300108][   T76] >ffff888039110400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1669.300302][   T76]                             ^
[ 1669.300431][   T76]  ffff888039110480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1669.300754][   T76]  ffff888039110500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1669.300951][   T76] ==================================================================
[ 1669.301256][   T76] Disabling lock debugging due to kernel taint
[ 1669.301540][   T76] Oops: general protection fault, probably for non-canonical address 0xe07b3c3820000531: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 1669.301942][   T76] KASAN: maybe wild-memory-access in range [0x03da01c100002988-0x03da01c10000298f]
[ 1669.302166][   T76] CPU: 2 UID: 0 PID: 76 Comm: kworker/u18:2 Tainted: G    B              6.12.0-rc3-virtme #1
[ 1669.302512][   T76] Tainted: [B]=BAD_PAGE
[ 1669.302616][   T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1669.302904][   T76] Workqueue: events_unbound linkwatch_event
[ 1669.303099][   T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 1669.303262][   T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 1669.303796][   T76] RSP: 0018:ffffc9000051fa08 EFLAGS: 00010202
[ 1669.303959][   T76] RAX: 007b403820000531 RBX: ffff88800815e7c0 RCX: ffffffff900796f0
[ 1669.304149][   T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888039110408
[ 1669.304410][   T76] RBP: 03da01c10000298a R08: 0000000000000000 R09: 0000000000000000
[ 1669.304599][   T76] R10: ffffffff92571f0f R11: ffffc9000051f619 R12: ffff88803911053c
[ 1669.304788][   T76] R13: dffffc0000000000 R14: ffff8880391fc000 R15: ffff888039110400
[ 1669.305055][   T76] FS:  0000000000000000(0000) GS:ffff88802f700000(0000) knlGS:0000000000000000
[ 1669.305276][   T76] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1669.305441][   T76] CR2: 00007f49ca3df270 CR3: 0000000037926005 CR4: 0000000000772ef0
[ 1669.305784][   T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1669.305991][   T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1669.306180][   T76] PKRU: 55555554
[ 1669.306349][   T76] Call Trace:
[ 1669.306449][   T76]  <TASK>
[ 1669.306517][   T76]  ? die_addr+0x41/0xa0
[ 1669.306628][   T76]  ? exc_general_protection+0x14d/0x230
[ 1669.306759][   T76]  ? asm_exc_general_protection+0x26/0x30
[ 1669.306959][   T76]  ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 1669.307100][   T76]  ? neigh_flush_dev.isra.0+0x10a/0x650
[ 1669.307226][   T76]  ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 1669.307352][   T76]  ? lock_acquire+0x32/0xc0
[ 1669.307550][   T76]  __neigh_ifdown.isra.0+0x74/0x440
[ 1669.307686][   T76]  neigh_carrier_down+0x13/0x20
[ 1669.307812][   T76]  arp_netdev_event+0x238/0x330
[ 1669.307942][   T76]  ? trace_notifier_run+0xe2/0x140
[ 1669.308072][   T76]  notifier_call_chain+0xcd/0x150
[ 1669.308267][   T76]  netdev_state_change+0xf5/0x120
[ 1669.308398][   T76]  ? __pfx_netdev_state_change+0x10/0x10
[ 1669.308522][   T76]  ? dev_deactivate+0xc1/0x1b0
[ 1669.308653][   T76]  linkwatch_do_dev+0xd2/0x100
[ 1669.308851][   T76]  __linkwatch_run_queue+0x1df/0x650
[ 1669.308984][   T76]  ? trace_lock_acquire+0x14d/0x1f0
[ 1669.309112][   T76]  ? __pfx___linkwatch_run_queue+0x10/0x10
[ 1669.309272][   T76]  ? process_one_work+0xe0b/0x16d0
[ 1669.309468][   T76]  ? lock_acquire+0x32/0xc0
[ 1669.309596][   T76]  linkwatch_event+0x40/0x60
[ 1669.309733][   T76]  process_one_work+0xe55/0x16d0
[ 1669.309868][   T76]  ? __pfx___lock_release+0x10/0x10
[ 1669.310067][   T76]  ? __pfx_process_one_work+0x10/0x10
[ 1669.310207][   T76]  ? assign_work+0x16c/0x240
[ 1669.310337][   T76]  worker_thread+0x58c/0xce0
[ 1669.310469][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 1669.310742][   T76]  kthread+0x28a/0x350
[ 1669.310848][   T76]  ? __pfx_kthread+0x10/0x10
[ 1669.310976][   T76]  ret_from_fork+0x31/0x70
[ 1669.311113][   T76]  ? __pfx_kthread+0x10/0x10
[ 1669.311243][   T76]  ret_from_fork_asm+0x1a/0x30
[ 1669.311448][   T76]  </TASK>
[ 1669.311558][   T76] Modules linked in: macvlan ip_gre ip6_gre ip6_tunnel tunnel6 gre act_skbedit sch_prio act_mirred cls_matchall 8021q act_gact cls_flower vxlan ip6_udp_tunnel udp_tunnel bridge stp llc sch_ingress vrf veth
[ 1669.312176][   T76] ---[ end trace 0000000000000000 ]---
[ 1669.312308][   T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 1669.312479][   T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 1669.313049][   T76] RSP: 0018:ffffc9000051fa08 EFLAGS: 00010202
[ 1669.313293][   T76] RAX: 007b403820000531 RBX: ffff88800815e7c0 RCX: ffffffff900796f0
[ 1669.313507][   T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888039110408
[ 1669.313703][   T76] RBP: 03da01c10000298a R08: 0000000000000000 R09: 0000000000000000
[ 1669.314003][   T76] R10: ffffffff92571f0f R11: ffffc9000051f619 R12: ffff88803911053c
[ 1669.314198][   T76] R13: dffffc0000000000 R14: ffff8880391fc000 R15: ffff888039110400
[ 1669.314438][   T76] FS:  0000000000000000(0000) GS:ffff88802f700000(0000) knlGS:0000000000000000
[ 1669.314744][   T76] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1669.314922][   T76] CR2: 00007f49ca3df270 CR3: 0000000037926005 CR4: 0000000000772ef0
[ 1669.315214][   T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1669.315420][   T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1669.315642][   T76] PKRU: 55555554
[ 1669.315833][   T76] Kernel panic - not syncing: Fatal exception in interrupt
[ 1669.316120][   T76] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1669.316448][   T76] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr