[ 2.230535] ip (248) used greatest stack depth: 12344 bytes left [ 19.114431] Initializing XFRM netlink socket [ 24.302910] ------------[ cut here ]------------ [ 24.303079] refcount_t: underflow; use-after-free. [ 24.303152] WARNING: CPU: 2 PID: 435 at lib/refcount.c:28 refcount_warn_saturate+0xbc/0x110 [ 24.303231] Modules linked in: xfrm_user vrf veth [ 24.303312] CPU: 2 UID: 0 PID: 435 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(voluntary) [ 24.303425] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 24.303503] RIP: 0010:refcount_warn_saturate+0xbc/0x110 [ 24.303597] Code: a7 e8 18 df ba ff 90 0f 0b 90 90 c3 80 3d f9 da eb 00 00 75 89 c6 05 f0 da eb 00 01 90 48 c7 c7 28 e0 b1 a7 e8 f5 de ba ff 90 <0f> 0b 90 90 c3 80 3d d4 da eb 00 00 0f 85 62 ff ff ff c6 05 c7 da [ 24.303781] RSP: 0018:ffffb95d402f3730 EFLAGS: 00010282 [ 24.303841] RAX: 0000000000000000 RBX: ffffb95d402f3740 RCX: 00000000ffffdfff [ 24.303920] RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000001 [ 24.304000] RBP: ffffb95d402f3248 R08: ffffffffa7f56a28 R09: 00000000ffffdfff [ 24.304074] R10: ffffffffa7e76a40 R11: ffffffffa7f26a40 R12: dead000000000122 [ 24.304170] R13: 00000000fffbca8f R14: 0000000000000001 R15: ffff9b2184e94000 [ 24.304244] FS: 00007f444e6d4800(0000) GS:ffff9b22166d9000(0000) knlGS:0000000000000000 [ 24.304316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.304386] CR2: 00000000004e73c8 CR3: 0000000002f92001 CR4: 0000000000772ef0 [ 24.304465] PKRU: 55555554 [ 24.304509] Call Trace: [ 24.304557] [ 24.304596] netdev_run_todo+0x21a/0x550 [ 24.304681] rtnl_dellink+0x15b/0x350 [ 24.304746] ? virtio_fs_enqueue_req+0x352/0x570 [ 24.304822] ? netdev_run_todo+0x63/0x550 [ 24.304881] ? rtnl_bridge_getlink+0x1a0/0x1a0 [ 24.304949] rtnetlink_rcv_msg+0x358/0x400 [ 24.304999] ? get_page_from_freelist+0x15b4/0x1770 [ 24.305059] ? rtnl_calcit.isra.0+0x110/0x110 [ 24.305117] netlink_rcv_skb+0x57/0x100 [ 24.305193] netlink_unicast+0x252/0x380 [ 24.305242] ? __alloc_skb+0xdb/0x190 [ 24.305292] netlink_sendmsg+0x1be/0x3e0 [ 24.305341] ____sys_sendmsg+0x132/0x260 [ 24.305393] ? copy_msghdr_from_user+0x6c/0xa0 [ 24.305455] ___sys_sendmsg+0x87/0xd0 [ 24.305508] ? do_wp_page+0x369/0xe90 [ 24.305562] ? nfulnl_rcv_nl_event+0x36/0xa0 [ 24.305626] ? fsnotify_grab_connector+0x48/0x80 [ 24.305688] ? fsnotify_destroy_marks+0x29/0x150 [ 24.305746] __sys_sendmsg+0x71/0xd0 [ 24.305795] do_syscall_64+0xa4/0xfd0 [ 24.305847] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 24.305926] RIP: 0033:0x7f444e8a21d7 [ 24.305986] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 [ 24.306132] RSP: 002b:00007ffd97439638 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 24.306204] RAX: ffffffffffffffda RBX: 00007ffd97439d60 RCX: 00007f444e8a21d7 [ 24.306274] RDX: 0000000000000000 RSI: 00007ffd974396a0 RDI: 0000000000000005 [ 24.306345] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078 [ 24.306428] R10: 00007f444e79ef60 R11: 0000000000000246 R12: 0000000000000002 [ 24.306499] R13: 00000000690de716 R14: 0000000000499600 R15: 0000000000000000 [ 24.306578] [ 24.306617] ---[ end trace 0000000000000000 ]--- [ 24.307292] ip (435) used greatest stack depth: 11744 bytes left