[ 702.659369][ T4219] veth1: entered promiscuous mode
[ 702.995323][ T4223] veth1: left promiscuous mode
[ 706.323117][ T4245] veth1: entered promiscuous mode
[ 732.825524][ T4327] veth1: entered allmulticast mode
[ 739.043065][ T4337] ==================================================================
[ 739.043381][ T4337] BUG: KASAN: slab-use-after-free in ___neigh_create+0xd58/0xf30
[ 739.043675][ T4337] Write of size 8 at addr ffff88800924cc18 by task msend/4337
[ 739.043964][ T4337]
[ 739.044067][ T4337] CPU: 3 UID: 0 PID: 4337 Comm: msend Not tainted 6.12.0-rc3-virtme #1
[ 739.044348][ T4337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 739.044792][ T4337] Call Trace:
[ 739.044947][ T4337]
[ 739.045049][ T4337] dump_stack_lvl+0x82/0xd0
[ 739.045251][ T4337] print_address_description.constprop.0+0x2c/0x3b0
[ 739.045499][ T4337] ? ___neigh_create+0xd58/0xf30
[ 739.045693][ T4337] print_report+0xb4/0x270
[ 739.045885][ T4337] ? kasan_addr_to_slab+0x25/0x80
[ 739.046084][ T4337] kasan_report+0xbd/0xf0
[ 739.046239][ T4337] ? ___neigh_create+0xd58/0xf30
[ 739.046442][ T4337] ___neigh_create+0xd58/0xf30
[ 739.046647][ T4337] ip_finish_output2+0xb79/0x17f0
[ 739.046839][ T4337] ? kfree+0x2d/0x340
[ 739.046997][ T4337] ? __ip_select_ident+0x1a3/0x2e0
[ 739.047170][ T4337] ? __pfx___lock_release+0x10/0x10
[ 739.047364][ T4337] ? __pfx_ip_finish_output2+0x10/0x10
[ 739.047559][ T4337] ? __ip_finish_output+0x10f/0x770
[ 739.047710][ T4337] ip_output+0x16b/0x4f0
[ 739.047865][ T4337] ? __ip_local_out+0x4f6/0x7f0
[ 739.048061][ T4337] ? __pfx_ip_output+0x10/0x10
[ 739.048207][ T4337] ? ip_make_skb+0x22b/0x2f0
[ 739.048332][ T4337] ? ip_route_output_key_hash+0x13c/0x260
[ 739.048529][ T4337] ? __pfx_ip_make_skb+0x10/0x10
[ 739.048721][ T4337] ? ip_route_output_key_hash+0x146/0x260
[ 739.048906][ T4337] ip_send_skb+0x2e0/0x440
[ 739.049104][ T4337] udp_send_skb+0x5f7/0x1a80
[ 739.049308][ T4337] udp_sendmsg+0x14bb/0x22c0
[ 739.049490][ T4337] ? __pfx_ip_generic_getfrag+0x10/0x10
[ 739.049693][ T4337] ? __pfx_udp_sendmsg+0x10/0x10
[ 739.049891][ T4337] ? __lock_acquire+0xb3f/0x1580
[ 739.050087][ T4337] ? find_held_lock+0x2c/0x110
[ 739.050284][ T4337] ? __might_fault+0x11b/0x170
[ 739.050485][ T4337] ? __pfx___lock_release+0x10/0x10
[ 739.050679][ T4337] ? trace_lock_acquire+0x14d/0x1f0
[ 739.050889][ T4337] ? __might_fault+0xc3/0x170
[ 739.051087][ T4337] ? lock_acquire+0x32/0xc0
[ 739.051278][ T4337] ? __might_fault+0xc3/0x170
[ 739.051470][ T4337] ? __might_fault+0x11b/0x170
[ 739.051679][ T4337] __sys_sendto+0x32c/0x400
[ 739.051886][ T4337] ? __pfx___sys_sendto+0x10/0x10
[ 739.052089][ T4337] ? vfs_write+0x4e5/0x11d0
[ 739.052293][ T4337] ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 739.052496][ T4337] ? __local_bh_enable_ip+0xa6/0x120
[ 739.052672][ T4337] ? handle_signal+0x266/0x360
[ 739.052866][ T4337] ? arch_do_signal_or_restart+0x29b/0x2f0
[ 739.053116][ T4337] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 739.053353][ T4337] ? ksys_write+0xf5/0x1e0
[ 739.053545][ T4337] ? __pfx_ksys_write+0x10/0x10
[ 739.053741][ T4337] __x64_sys_sendto+0xe0/0x1c0
[ 739.053949][ T4337] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 739.054192][ T4337] do_syscall_64+0xc1/0x1d0
[ 739.054394][ T4337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 739.054643][ T4337] RIP: 0033:0x7fb8c5e5e85a
[ 739.054850][ T4337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 739.055541][ T4337] RSP: 002b:00007ffda62afd58 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 739.055853][ T4337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb8c5e5e85a
[ 739.056154][ T4337] RDX: 0000000000000001 RSI: 00007ffda62b0c20 RDI: 0000000000000005
[ 739.056452][ T4337] RBP: 00007ffda62afd80 R08: 00007ffda62b1024 R09: 0000000000000010
[ 739.056762][ T4337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda62b11d8
[ 739.057061][ T4337] R13: 000000000040140a R14: 0000000000404de8 R15: 00007fb8c5f59000
[ 739.057369][ T4337]
[ 739.057514][ T4337]
[ 739.057613][ T4337] Allocated by task 4328:
[ 739.057764][ T4337] kasan_save_stack+0x24/0x50
[ 739.057971][ T4337] kasan_save_track+0x14/0x30
[ 739.058164][ T4337] __kasan_kmalloc+0x7f/0x90
[ 739.058359][ T4337] __kmalloc_noprof+0x1ab/0x3a0
[ 739.058556][ T4337] neigh_alloc+0xc4/0x9d0
[ 739.058691][ T4337] ___neigh_create+0x6d/0xf30
[ 739.058890][ T4337] neigh_add+0x8f8/0xdd0
[ 739.059043][ T4337] rtnetlink_rcv_msg+0x2fb/0xc10
[ 739.059206][ T4337] netlink_rcv_skb+0x130/0x360
[ 739.059403][ T4337] netlink_unicast+0x44b/0x710
[ 739.059599][ T4337] netlink_sendmsg+0x723/0xbe0
[ 739.059792][ T4337] ____sys_sendmsg+0x7ac/0xa10
[ 739.059984][ T4337] ___sys_sendmsg+0xee/0x170
[ 739.060189][ T4337] __sys_sendmsg+0xcd/0x170
[ 739.060384][ T4337] do_syscall_64+0xc1/0x1d0
[ 739.060583][ T4337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 739.060800][ T4337]
[ 739.060904][ T4337] Freed by task 38:
[ 739.061056][ T4337] kasan_save_stack+0x24/0x50
[ 739.061257][ T4337] kasan_save_track+0x14/0x30
[ 739.061452][ T4337] kasan_save_free_info+0x3b/0x60
[ 739.061658][ T4337] __kasan_slab_free+0x38/0x50
[ 739.061865][ T4337] kmem_cache_free_bulk.part.0+0x1f2/0x5b0
[ 739.062120][ T4337] kvfree_rcu_bulk+0x4b9/0x5d0
[ 739.062327][ T4337] kvfree_rcu_drain_ready+0x2ab/0x860
[ 739.062536][ T4337] kfree_rcu_monitor+0x26/0xe0
[ 739.062739][ T4337] process_one_work+0xe55/0x16d0
[ 739.062938][ T4337] worker_thread+0x58c/0xce0
[ 739.063138][ T4337] kthread+0x28a/0x350
[ 739.063280][ T4337] ret_from_fork+0x31/0x70
[ 739.063479][ T4337] ret_from_fork_asm+0x1a/0x30
[ 739.063674][ T4337]
[ 739.063777][ T4337] Last potentially related work creation:
[ 739.063977][ T4337] kasan_save_stack+0x24/0x50
[ 739.064182][ T4337] __kasan_record_aux_stack+0x8e/0xa0
[ 739.064382][ T4337] kvfree_call_rcu+0x114/0x4b0
[ 739.064576][ T4337] neigh_remove_one+0x1a3/0x200
[ 739.064770][ T4337] neigh_delete+0x29f/0x490
[ 739.064964][ T4337] rtnetlink_rcv_msg+0x2fb/0xc10
[ 739.065153][ T4337] netlink_rcv_skb+0x130/0x360
[ 739.065345][ T4337] netlink_unicast+0x44b/0x710
[ 739.065539][ T4337] netlink_sendmsg+0x723/0xbe0
[ 739.065746][ T4337] ____sys_sendmsg+0x7ac/0xa10
[ 739.065964][ T4337] ___sys_sendmsg+0xee/0x170
[ 739.066150][ T4337] __sys_sendmsg+0xcd/0x170
[ 739.066333][ T4337] do_syscall_64+0xc1/0x1d0
[ 739.066517][ T4337] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 739.066757][ T4337]
[ 739.066858][ T4337] The buggy address belongs to the object at ffff88800924cc00
[ 739.066858][ T4337] which belongs to the cache kmalloc-1k of size 1024
[ 739.067297][ T4337] The buggy address is located 24 bytes inside of
[ 739.067297][ T4337] freed 1024-byte region [ffff88800924cc00, ffff88800924d000)
[ 739.067735][ T4337]
[ 739.067829][ T4337] The buggy address belongs to the physical page:
[ 739.068053][ T4337] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9248
[ 739.068386][ T4337] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 739.068660][ T4337] flags: 0x80000000000040(head|node=0|zone=1)
[ 739.068903][ T4337] page_type: f5(slab)
[ 739.069046][ T4337] raw: 0080000000000040 ffff8880010430c0 ffffea0000144410 ffffea0000099210
[ 739.069382][ T4337] raw: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 739.069713][ T4337] head: 0080000000000040 ffff8880010430c0 ffffea0000144410 ffffea0000099210
[ 739.070045][ T4337] head: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 739.070371][ T4337] head: 0080000000000003 ffffea0000249201 ffffffffffffffff 0000000000000000
[ 739.070724][ T4337] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 739.071092][ T4337] page dumped because: kasan: bad access detected
[ 739.071343][ T4337]
[ 739.071434][ T4337] Memory state around the buggy address:
[ 739.071616][ T4337] ffff88800924cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 739.071902][ T4337] ffff88800924cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 739.072166][ T4337] >ffff88800924cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 739.072426][ T4337] ^
[ 739.072605][ T4337] ffff88800924cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 739.072864][ T4337] ffff88800924cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 739.073129][ T4337] ==================================================================
[ 739.073447][ T4337] Disabling lock debugging due to kernel taint
[ 739.540860][ T4342] veth1: left allmulticast mode
[ 761.537794][ T4506] veth1: left promiscuous mode
[ 761.945797][ T78] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d6d: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 761.946158][ T78] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6b68-0x6b6b6b6b6b6b6b6f]
[ 761.946383][ T78] CPU: 0 UID: 0 PID: 78 Comm: kworker/u20:2 Tainted: G B 6.12.0-rc3-virtme #1
[ 761.946651][ T78] Tainted: [B]=BAD_PAGE
[ 761.946753][ T78] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 761.947033][ T78] Workqueue: events_unbound linkwatch_event
[ 761.947198][ T78] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 761.947362][ T78] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 761.947800][ T78] RSP: 0018:ffffc9000053fa08 EFLAGS: 00010202
[ 761.947958][ T78] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff910796f0
[ 761.948146][ T78] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800924cc08
[ 761.948330][ T78] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000
[ 761.948516][ T78] R10: ffffffff93571f0f R11: ffffc9000053f619 R12: ffff88800924cd3c
[ 761.948697][ T78] R13: dffffc0000000000 R14: ffff888005ae4000 R15: ffff88800924cc00
[ 761.948881][ T78] FS: 0000000000000000(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[ 761.949101][ T78] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 761.949257][ T78] CR2: 00007f1580b662a8 CR3: 0000000006328004 CR4: 0000000000772ef0
[ 761.949449][ T78] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 761.949633][ T78] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 761.949817][ T78] PKRU: 55555554
[ 761.949912][ T78] Call Trace:
[ 761.950006][ T78]
[ 761.950071][ T78] ? die_addr+0x41/0xa0
[ 761.950170][ T78] ? exc_general_protection+0x14d/0x230
[ 761.950297][ T78] ? asm_exc_general_protection+0x26/0x30
[ 761.950427][ T78] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 761.950550][ T78] ? neigh_flush_dev.isra.0+0x10a/0x650
[ 761.950675][ T78] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 761.950797][ T78] ? lock_acquire+0x32/0xc0
[ 761.950923][ T78] __neigh_ifdown.isra.0+0x74/0x440
[ 761.951049][ T78] neigh_carrier_down+0x13/0x20
[ 761.951171][ T78] arp_netdev_event+0x238/0x330
[ 761.951298][ T78] ? trace_notifier_run+0xe2/0x140
[ 761.951422][ T78] notifier_call_chain+0xcd/0x150
[ 761.951547][ T78] netdev_state_change+0xf5/0x120
[ 761.951670][ T78] ? __pfx_netdev_state_change+0x10/0x10
[ 761.951791][ T78] ? dev_deactivate+0xc1/0x1b0
[ 761.951916][ T78] ? veth_get_iflink+0xd2/0x210 [veth]
[ 761.952045][ T78] linkwatch_do_dev+0xd2/0x100
[ 761.952169][ T78] __linkwatch_run_queue+0x1df/0x650
[ 761.952296][ T78] ? trace_lock_acquire+0x14d/0x1f0
[ 761.952421][ T78] ? __pfx___linkwatch_run_queue+0x10/0x10
[ 761.952598][ T78] ? process_one_work+0xe0b/0x16d0
[ 761.952719][ T78] ? lock_acquire+0x32/0xc0
[ 761.952842][ T78] linkwatch_event+0x40/0x60
[ 761.952968][ T78] process_one_work+0xe55/0x16d0
[ 761.953095][ T78] ? __pfx___lock_release+0x10/0x10
[ 761.953216][ T78] ? __pfx_process_one_work+0x10/0x10
[ 761.953343][ T78] ? assign_work+0x16c/0x240
[ 761.953468][ T78] worker_thread+0x58c/0xce0
[ 761.953591][ T78] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 761.953758][ T78] ? __pfx_worker_thread+0x10/0x10
[ 761.953881][ T78] ? __pfx_worker_thread+0x10/0x10
[ 761.954002][ T78] kthread+0x28a/0x350
[ 761.954096][ T78] ? __pfx_kthread+0x10/0x10
[ 761.954222][ T78] ret_from_fork+0x31/0x70
[ 761.954349][ T78] ? __pfx_kthread+0x10/0x10
[ 761.954472][ T78] ret_from_fork_asm+0x1a/0x30
[ 761.954599][ T78]
[ 761.954693][ T78] Modules linked in: macvlan dummy act_vlan 8021q act_mirred ip6_gre ip6_tunnel tunnel6 cls_matchall ip_gre gre act_gact act_pedit cls_flower bridge stp llc sch_ingress vrf veth
[ 761.955128][ T78] ---[ end trace 0000000000000000 ]---
[ 761.955258][ T78] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 761.955426][ T78] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 761.955883][ T78] RSP: 0018:ffffc9000053fa08 EFLAGS: 00010202
[ 761.956045][ T78] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff910796f0
[ 761.956230][ T78] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88800924cc08
[ 761.956513][ T78] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000
[ 761.956701][ T78] R10: ffffffff93571f0f R11: ffffc9000053f619 R12: ffff88800924cd3c
[ 761.956892][ T78] R13: dffffc0000000000 R14: ffff888005ae4000 R15: ffff88800924cc00
[ 761.957154][ T78] FS: 0000000000000000(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[ 761.957368][ T78] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 761.957532][ T78] CR2: 00007f1580b662a8 CR3: 000000001e726005 CR4: 0000000000772ef0
[ 761.957792][ T78] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 761.957983][ T78] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 761.958162][ T78] PKRU: 55555554
[ 761.958322][ T78] Kernel panic - not syncing: Fatal exception in interrupt
[ 761.958610][ T78] Kernel Offset: 0xdc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 761.958899][ T78] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr