[ 7.209969] veth2: entered promiscuous mode [ 24.467341] 8021q: 802.1Q VLAN Support v1.8 [ 44.939479] ------------[ cut here ]------------ [ 44.939561] refcount_t: underflow; use-after-free. [ 44.939621] WARNING: CPU: 3 PID: 386 at lib/refcount.c:28 refcount_warn_saturate+0xbc/0x110 [ 44.939692] Modules linked in: 8021q vrf veth [ 44.939740] CPU: 3 UID: 0 PID: 386 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(voluntary) [ 44.939818] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 44.939866] RIP: 0010:refcount_warn_saturate+0xbc/0x110 [ 44.939913] Code: a8 e8 18 df ba ff 90 0f 0b 90 90 c3 80 3d f9 da eb 00 00 75 89 c6 05 f0 da eb 00 01 90 48 c7 c7 28 e0 91 a8 e8 f5 de ba ff 90 <0f> 0b 90 90 c3 80 3d d4 da eb 00 00 0f 85 62 ff ff ff c6 05 c7 da [ 44.940047] RSP: 0018:ffffbd468034b730 EFLAGS: 00010282 [ 44.940085] RAX: 0000000000000000 RBX: ffffbd468034b740 RCX: 00000000ffffdfff [ 44.940150] RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000001 [ 44.940258] RBP: ffffbd468034b248 R08: ffffffffa8d56a28 R09: 00000000ffffdfff [ 44.940313] R10: ffffffffa8c76a40 R11: ffffffffa8d26a40 R12: dead000000000122 [ 44.940370] R13: 00000000fffc1b2e R14: 0000000000000001 R15: ffff9deac2d31000 [ 44.940434] FS: 00007f49ba5ab800(0000) GS:ffff9deb55959000(0000) knlGS:0000000000000000 [ 44.940510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.940567] CR2: 00000000004e6680 CR3: 0000000003e98003 CR4: 0000000000772ef0 [ 44.940632] PKRU: 55555554 [ 44.940654] Call Trace: [ 44.940679] [ 44.940701] netdev_run_todo+0x21a/0x550 [ 44.940743] rtnl_dellink+0x15b/0x350 [ 44.940781] ? virtio_fs_enqueue_req+0x352/0x570 [ 44.940825] ? netdev_run_todo+0x63/0x550 [ 44.940855] ? rtnl_bridge_getlink+0x1a0/0x1a0 [ 44.940895] rtnetlink_rcv_msg+0x358/0x400 [ 44.940926] ? get_page_from_freelist+0x15b4/0x1770 [ 44.940968] ? rtnl_calcit.isra.0+0x110/0x110 [ 44.941008] netlink_rcv_skb+0x57/0x100 [ 44.941045] netlink_unicast+0x252/0x380 [ 44.941076] ? __alloc_skb+0xdb/0x190 [ 44.941109] netlink_sendmsg+0x1be/0x3e0 [ 44.941140] ____sys_sendmsg+0x132/0x260 [ 44.941178] ? copy_msghdr_from_user+0x6c/0xa0 [ 44.941224] ___sys_sendmsg+0x87/0xd0 [ 44.941255] ? do_wp_page+0x369/0xe90 [ 44.941311] ? ___pte_offset_map+0x1b/0xd0 [ 44.941346] ? nfulnl_rcv_nl_event+0x36/0xa0 [ 44.941396] ? fsnotify_grab_connector+0x48/0x80 [ 44.941463] ? fsnotify_destroy_marks+0x29/0x150 [ 44.941505] __sys_sendmsg+0x71/0xd0 [ 44.941542] do_syscall_64+0xa4/0xfd0 [ 44.941582] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 44.941634] RIP: 0033:0x7f49ba7791d7 [ 44.941670] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 [ 44.941805] RSP: 002b:00007fff519a0668 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.941863] RAX: ffffffffffffffda RBX: 00007fff519a0d90 RCX: 00007f49ba7791d7 [ 44.941932] RDX: 0000000000000000 RSI: 00007fff519a06d0 RDI: 0000000000000005 [ 44.941992] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 44.942061] R10: 00007f49ba675f60 R11: 0000000000000246 R12: 0000000000000002 [ 44.942124] R13: 00000000690de185 R14: 0000000000499600 R15: 0000000000000000 [ 44.942186] [ 44.942212] ---[ end trace 0000000000000000 ]--- [ 44.942740] ip (386) used greatest stack depth: 11744 bytes left [ 333.215908] veth2: left promiscuous mode [ 337.064744] br0: port 1(veth1) entered blocking state [ 337.064815] br0: port 1(veth1) entered disabled state [ 337.064861] veth1: entered allmulticast mode [ 337.064941] veth1: entered promiscuous mode [ 337.064992] br0: port 1(veth1) entered blocking state [ 337.065035] br0: port 1(veth1) entered forwarding state [ 337.074170] br1: port 1(veth3) entered blocking state [ 337.074224] br1: port 1(veth3) entered disabled state [ 337.074270] veth3: entered allmulticast mode [ 337.074344] veth3: entered promiscuous mode [ 337.074391] br1: port 1(veth3) entered blocking state [ 337.074429] br1: port 1(veth3) entered forwarding state [ 337.136838] veth2: entered promiscuous mode WAIT TIMEOUT stderr Ctrl-C stderr Ctrl-C stderr [ 638.183858] veth2: left promiscuous mode WAIT TIMEOUT stderr