[ 43.119206][ T301] veth1: entered promiscuous mode
[ 43.536804][ T305] veth1: left promiscuous mode
[ 47.416122][ T328] veth1: entered promiscuous mode
[ 75.262385][ T410] veth1: entered allmulticast mode
[ 82.304419][ T425] veth1: left allmulticast mode
[ 111.109836][ T589] veth1: left promiscuous mode
[ 111.753307][ T38] ==================================================================
[ 111.753559][ T38] BUG: KASAN: slab-use-after-free in neigh_flush_dev.isra.0+0x5e7/0x650
[ 111.753793][ T38] Write of size 8 at addr ffff888005af9c18 by task kworker/u18:0/38
[ 111.754023][ T38]
[ 111.754093][ T38] CPU: 0 UID: 0 PID: 38 Comm: kworker/u18:0 Not tainted 6.12.0-rc3-virtme #1
[ 111.754369][ T38] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 111.754700][ T38] Workqueue: events_unbound linkwatch_event
[ 111.754867][ T38] Call Trace:
[ 111.754994][ T38]
[ 111.755067][ T38] dump_stack_lvl+0x82/0xd0
[ 111.755215][ T38] print_address_description.constprop.0+0x2c/0x3b0
[ 111.755403][ T38] ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 111.755533][ T38] print_report+0xb4/0x270
[ 111.755672][ T38] ? kasan_addr_to_slab+0x25/0x80
[ 111.755832][ T38] kasan_report+0xbd/0xf0
[ 111.755949][ T38] ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 111.756129][ T38] neigh_flush_dev.isra.0+0x5e7/0x650
[ 111.756273][ T38] ? lock_acquire+0x32/0xc0
[ 111.756409][ T38] __neigh_ifdown.isra.0+0x74/0x440
[ 111.756559][ T38] neigh_carrier_down+0x13/0x20
[ 111.756688][ T38] arp_netdev_event+0x238/0x330
[ 111.756841][ T38] ? trace_notifier_run+0xe2/0x140
[ 111.757008][ T38] notifier_call_chain+0xcd/0x150
[ 111.757139][ T38] netdev_state_change+0xf5/0x120
[ 111.757283][ T38] ? __pfx_netdev_state_change+0x10/0x10
[ 111.757429][ T38] ? dev_deactivate+0xc1/0x1b0
[ 111.757617][ T38] linkwatch_do_dev+0xd2/0x100
[ 111.757752][ T38] __linkwatch_run_queue+0x1df/0x650
[ 111.757886][ T38] ? trace_lock_acquire+0x14d/0x1f0
[ 111.758071][ T38] ? __pfx___linkwatch_run_queue+0x10/0x10
[ 111.758334][ T38] ? process_one_work+0xe0b/0x16d0
[ 111.758512][ T38] ? lock_acquire+0x32/0xc0
[ 111.758654][ T38] linkwatch_event+0x40/0x60
[ 111.758835][ T38] process_one_work+0xe55/0x16d0
[ 111.758987][ T38] ? __pfx___lock_release+0x10/0x10
[ 111.759132][ T38] ? __pfx_process_one_work+0x10/0x10
[ 111.759291][ T38] ? assign_work+0x16c/0x240
[ 111.759435][ T38] worker_thread+0x58c/0xce0
[ 111.759593][ T38] ? __pfx_worker_thread+0x10/0x10
[ 111.759751][ T38] kthread+0x28a/0x350
[ 111.759850][ T38] ? __pfx_kthread+0x10/0x10
[ 111.759993][ T38] ret_from_fork+0x31/0x70
[ 111.760149][ T38] ? __pfx_kthread+0x10/0x10
[ 111.760277][ T38] ret_from_fork_asm+0x1a/0x30
[ 111.760417][ T38]
[ 111.760524][ T38]
[ 111.760601][ T38] Allocated by task 593:
[ 111.760713][ T38] kasan_save_stack+0x24/0x50
[ 111.760858][ T38] kasan_save_track+0x14/0x30
[ 111.761011][ T38] __kasan_kmalloc+0x7f/0x90
[ 111.761180][ T38] __kmalloc_noprof+0x1ab/0x3a0
[ 111.761319][ T38] p9_fcall_init+0x7d/0x220
[ 111.761462][ T38] p9_tag_alloc+0x1bd/0x700
[ 111.761614][ T38] p9_client_prepare_req+0xe6/0x290
[ 111.761754][ T38] p9_client_rpc+0x18d/0x930
[ 111.761924][ T38] p9_client_read_once+0x1f1/0x860
[ 111.762050][ T38] p9_client_read+0xfd/0x160
[ 111.762204][ T38] v9fs_issue_read+0x10c/0x2d0
[ 111.762368][ T38] netfs_dispatch_unbuffered_reads.isra.0+0x4e6/0x8f0
[ 111.762554][ T38] netfs_unbuffered_read+0x8e/0x310
[ 111.762691][ T38] netfs_unbuffered_read_iter_locked+0x52e/0x6f0
[ 111.762877][ T38] netfs_unbuffered_read_iter+0xa4/0xe0
[ 111.763037][ T38] do_iter_readv_writev+0x433/0x670
[ 111.763189][ T38] vfs_iter_read+0x11e/0x520
[ 111.763353][ T38] backing_file_read_iter+0x4c8/0x6f0
[ 111.763483][ T38] ovl_read_iter+0x200/0x270
[ 111.763616][ T38] vfs_read+0x74c/0xcd0
[ 111.763733][ T38] ksys_read+0xf5/0x1e0
[ 111.763833][ T38] do_syscall_64+0xc1/0x1d0
[ 111.764031][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.764273][ T38]
[ 111.764365][ T38] Freed by task 593:
[ 111.764498][ T38] kasan_save_stack+0x24/0x50
[ 111.764629][ T38] kasan_save_track+0x14/0x30
[ 111.764797][ T38] kasan_save_free_info+0x3b/0x60
[ 111.764969][ T38] __kasan_slab_free+0x38/0x50
[ 111.765039][ T594] ip (594) used greatest stack depth: 23376 bytes left
[ 111.765134][ T38] kfree+0xf3/0x340
[ 111.765138][ T38] p9_req_put+0x1cd/0x220
[ 111.765603][ T38] p9_client_read_once+0x2d9/0x860
[ 111.765759][ T38] p9_client_read+0xfd/0x160
[ 111.765915][ T38] v9fs_issue_read+0x10c/0x2d0
[ 111.766168][ T38] netfs_dispatch_unbuffered_reads.isra.0+0x4e6/0x8f0
[ 111.766376][ T38] netfs_unbuffered_read+0x8e/0x310
[ 111.766520][ T38] netfs_unbuffered_read_iter_locked+0x52e/0x6f0
[ 111.766713][ T38] netfs_unbuffered_read_iter+0xa4/0xe0
[ 111.766971][ T38] do_iter_readv_writev+0x433/0x670
[ 111.767109][ T38] vfs_iter_read+0x11e/0x520
[ 111.767242][ T38] backing_file_read_iter+0x4c8/0x6f0
[ 111.767375][ T38] ovl_read_iter+0x200/0x270
[ 111.767580][ T38] vfs_read+0x74c/0xcd0
[ 111.767678][ T38] ksys_read+0xf5/0x1e0
[ 111.767774][ T38] do_syscall_64+0xc1/0x1d0
[ 111.767919][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.768083][ T38]
[ 111.768250][ T38] The buggy address belongs to the object at ffff888005af9c00
[ 111.768250][ T38] which belongs to the cache kmalloc-1k of size 1024
[ 111.768589][ T38] The buggy address is located 24 bytes inside of
[ 111.768589][ T38] freed 1024-byte region [ffff888005af9c00, ffff888005afa000)
[ 111.768923][ T38]
[ 111.768990][ T38] The buggy address belongs to the physical page:
[ 111.769144][ T38] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888005aff000 pfn:0x5af8
[ 111.769505][ T38] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 111.769695][ T38] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 111.769895][ T38] page_type: f5(slab)
[ 111.769997][ T38] raw: 0080000000000240 ffff8880010430c0 ffff888001040e48 ffffea000016d810
[ 111.770353][ T38] raw: ffff888005aff000 00000000000a0009 00000001f5000000 0000000000000000
[ 111.770592][ T38] head: 0080000000000240 ffff8880010430c0 ffff888001040e48 ffffea000016d810
[ 111.770838][ T38] head: ffff888005aff000 00000000000a0009 00000001f5000000 0000000000000000
[ 111.771100][ T38] head: 0080000000000003 ffffea000016be01 ffffffffffffffff 0000000000000000
[ 111.771376][ T38] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 111.771703][ T38] page dumped because: kasan: bad access detected
[ 111.771869][ T38]
[ 111.771963][ T38] Memory state around the buggy address:
[ 111.772101][ T38] ffff888005af9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.772312][ T38] ffff888005af9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 111.772497][ T38] >ffff888005af9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.772789][ T38] ^
[ 111.772961][ T38] ffff888005af9c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.773190][ T38] ffff888005af9d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.773451][ T38] ==================================================================
[ 111.773674][ T38] Disabling lock debugging due to kernel taint
[ 111.773950][ T38] Oops: general protection fault, probably for non-canonical address 0xe02c3c380000004a: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 111.774506][ T38] KASAN: maybe wild-memory-access in range [0x016201c000000250-0x016201c000000257]
[ 111.774748][ T38] CPU: 0 UID: 0 PID: 38 Comm: kworker/u18:0 Tainted: G B 6.12.0-rc3-virtme #1
[ 111.775108][ T38] Tainted: [B]=BAD_PAGE
[ 111.775209][ T38] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 111.775601][ T38] Workqueue: events_unbound linkwatch_event
[ 111.775891][ T38] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 111.776176][ T38] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 111.776926][ T38] RSP: 0018:ffffc900002b7a08 EFLAGS: 00010202
[ 111.777099][ T38] RAX: 002c40380000004a RBX: ffff88800604db40 RCX: ffffffffac0796f0
[ 111.777304][ T38] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888005af9c08
[ 111.777535][ T38] RBP: 016201c000000251 R08: 0000000000000000 R09: 0000000000000000
[ 111.777819][ T38] R10: ffffffffae571f0f R11: ffffffffa9ec2ce1 R12: ffff888005af9d3c
[ 111.778044][ T38] R13: dffffc0000000000 R14: ffff88800572c000 R15: ffff888005af9c00
[ 111.778286][ T38] FS: 0000000000000000(0000) GS:ffff88802f600000(0000) knlGS:0000000000000000
[ 111.778569][ T38] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.778817][ T38] CR2: 00007fd6da45c000 CR3: 0000000034326006 CR4: 0000000000772ef0
[ 111.779134][ T38] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 111.779337][ T38] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 111.779532][ T38] PKRU: 55555554
[ 111.779666][ T38] Call Trace:
[ 111.779767][ T38]
[ 111.779841][ T38] ? die_addr+0x41/0xa0
[ 111.779948][ T38] ? exc_general_protection+0x14d/0x230
[ 111.780173][ T38] ? asm_exc_general_protection+0x26/0x30
[ 111.780304][ T38] ? ret_from_fork+0x31/0x70
[ 111.780456][ T38] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 111.780588][ T38] ? neigh_flush_dev.isra.0+0x10a/0x650
[ 111.780791][ T38] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 111.780933][ T38] ? lock_acquire+0x32/0xc0
[ 111.781067][ T38] __neigh_ifdown.isra.0+0x74/0x440
[ 111.781209][ T38] neigh_carrier_down+0x13/0x20
[ 111.781439][ T38] arp_netdev_event+0x238/0x330
[ 111.781572][ T38] ? trace_notifier_run+0xe2/0x140
[ 111.781710][ T38] notifier_call_chain+0xcd/0x150
[ 111.781850][ T38] netdev_state_change+0xf5/0x120
[ 111.782014][ T38] ? __pfx_netdev_state_change+0x10/0x10
[ 111.782223][ T38] ? dev_deactivate+0xc1/0x1b0
[ 111.782363][ T38] linkwatch_do_dev+0xd2/0x100
[ 111.782513][ T38] __linkwatch_run_queue+0x1df/0x650
[ 111.782646][ T38] ? trace_lock_acquire+0x14d/0x1f0
[ 111.782862][ T38] ? __pfx___linkwatch_run_queue+0x10/0x10
[ 111.783024][ T38] ? process_one_work+0xe0b/0x16d0
[ 111.783160][ T38] ? lock_acquire+0x32/0xc0
[ 111.783293][ T38] linkwatch_event+0x40/0x60
[ 111.783502][ T38] process_one_work+0xe55/0x16d0
[ 111.783635][ T38] ? __pfx___lock_release+0x10/0x10
[ 111.783775][ T38] ? __pfx_process_one_work+0x10/0x10
[ 111.783907][ T38] ? assign_work+0x16c/0x240
[ 111.784051][ T38] worker_thread+0x58c/0xce0
[ 111.784184][ T38] ? __pfx_worker_thread+0x10/0x10
[ 111.784386][ T38] kthread+0x28a/0x350
[ 111.784488][ T38] ? __pfx_kthread+0x10/0x10
[ 111.784617][ T38] ret_from_fork+0x31/0x70
[ 111.784782][ T38] ? __pfx_kthread+0x10/0x10
[ 111.784929][ T38] ret_from_fork_asm+0x1a/0x30
[ 111.785065][ T38]
[ 111.785164][ T38] Modules linked in: vrf macvlan veth
[ 111.785424][ T38] ---[ end trace 0000000000000000 ]---
[ 111.785566][ T38] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 111.785731][ T38] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 111.786344][ T38] RSP: 0018:ffffc900002b7a08 EFLAGS: 00010202
[ 111.786520][ T38] RAX: 002c40380000004a RBX: ffff88800604db40 RCX: ffffffffac0796f0
[ 111.786720][ T38] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888005af9c08
[ 111.786948][ T38] RBP: 016201c000000251 R08: 0000000000000000 R09: 0000000000000000
[ 111.787150][ T38] R10: ffffffffae571f0f R11: ffffffffa9ec2ce1 R12: ffff888005af9d3c
[ 111.787423][ T38] R13: dffffc0000000000 R14: ffff88800572c000 R15: ffff888005af9c00
[ 111.787697][ T38] FS: 0000000000000000(0000) GS:ffff88802f600000(0000) knlGS:0000000000000000
[ 111.787956][ T38] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.788207][ T38] CR2: 00007fd6da45c000 CR3: 0000000034326006 CR4: 0000000000772ef0
[ 111.788418][ T38] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 111.788618][ T38] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 111.788825][ T38] PKRU: 55555554
[ 111.788963][ T38] Kernel panic - not syncing: Fatal exception in interrupt
[ 111.789344][ T38] Kernel Offset: 0x28c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 111.789649][ T38] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr