[   17.622855][  T294] ==================================================================
[   17.623287][  T294] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[   17.623573][  T294] Read of size 1 at addr ffff8880079616c4 by task ip/294
[   17.623787][  T294] 
[   17.623886][  T294] CPU: 2 UID: 0 PID: 294 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[   17.623896][  T294] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   17.623899][  T294] Call Trace:
[   17.623905][  T294]  <TASK>
[   17.623907][  T294]  dump_stack_lvl+0x82/0xc0
[   17.623915][  T294]  print_address_description.constprop.0+0x2c/0x3a0
[   17.623925][  T294]  ? kobject_put+0xbb/0xd0
[   17.623929][  T294]  print_report+0xb4/0x270
[   17.623932][  T294]  ? kobject_put+0xbb/0xd0
[   17.623935][  T294]  ? kasan_addr_to_slab+0x21/0x70
[   17.623939][  T294]  ? kobject_put+0xbb/0xd0
[   17.623942][  T294]  kasan_report+0xca/0x100
[   17.623947][  T294]  ? kobject_put+0xbb/0xd0
[   17.623952][  T294]  kobject_put+0xbb/0xd0
[   17.623956][  T294]  netdev_run_todo+0x5f0/0xc60
[   17.623966][  T294]  ? dev_ingress_queue_create+0x190/0x190
[   17.623970][  T294]  ? generic_xdp_install+0x410/0x410
[   17.623974][  T294]  ? unregister_netdevice_many+0x20/0x20
[   17.623978][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.623991][  T294]  rtnl_dellink+0x350/0xa30
[   17.623996][  T294]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   17.624016][  T294]  ? find_held_lock+0x2b/0x80
[   17.624023][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.624028][  T294]  ? find_held_lock+0x2b/0x80
[   17.624032][  T294]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   17.624035][  T294]  ? __lock_release+0x5d/0x170
[   17.624039][  T294]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   17.624043][  T294]  rtnetlink_rcv_msg+0x709/0xc00
[   17.624047][  T294]  ? rtnl_port_fill+0x890/0x890
[   17.624050][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.624056][  T294]  netlink_rcv_skb+0x121/0x340
[   17.624061][  T294]  ? rtnl_port_fill+0x890/0x890
[   17.624066][  T294]  ? netlink_ack+0xdf0/0xdf0
[   17.624072][  T294]  ? netlink_deliver_tap+0x13e/0x340
[   17.624075][  T294]  ? netlink_deliver_tap+0xc3/0x340
[   17.624079][  T294]  netlink_unicast+0x4aa/0x780
[   17.624083][  T294]  ? netlink_attachskb+0x810/0x810
[   17.624086][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.624091][  T294]  netlink_sendmsg+0x714/0xbd0
[   17.624095][  T294]  ? netlink_unicast+0x780/0x780
[   17.624099][  T294]  ? __import_iovec+0x230/0x3b0
[   17.624106][  T294]  ? netlink_unicast+0x780/0x780
[   17.624109][  T294]  ____sys_sendmsg+0x3dd/0x890
[   17.624115][  T294]  ? get_timestamp.constprop.0+0x370/0x370
[   17.624118][  T294]  ? __copy_msghdr+0x3c0/0x3c0
[   17.624126][  T294]  ___sys_sendmsg+0xed/0x170
[   17.624128][  T294]  ? kasan_record_aux_stack+0x8c/0xa0
[   17.624133][  T294]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   17.624140][  T294]  ? copy_msghdr_from_user+0x110/0x110
[   17.624144][  T294]  ? find_held_lock+0x2b/0x80
[   17.624149][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.624153][  T294]  ? find_held_lock+0x2b/0x80
[   17.624157][  T294]  ? __virt_addr_valid+0x22a/0x450
[   17.624171][  T294]  ? __lock_release+0x5d/0x170
[   17.624176][  T294]  __sys_sendmsg+0x10b/0x1a0
[   17.624178][  T294]  ? __call_rcu_common.constprop.0+0x318/0x630
[   17.624181][  T294]  ? __sys_sendmsg_sock+0x20/0x20
[   17.624188][  T294]  ? rcu_is_watching+0x12/0xb0
[   17.624195][  T294]  do_syscall_64+0xc1/0xfd0
[   17.624201][  T294]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   17.624207][  T294] RIP: 0033:0x7f570b6721d7
[   17.624212][  T294] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   17.624215][  T294] RSP: 002b:00007fff21912568 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   17.624220][  T294] RAX: ffffffffffffffda RBX: 00007fff21912c90 RCX: 00007f570b6721d7
[   17.624222][  T294] RDX: 0000000000000000 RSI: 00007fff219125d0 RDI: 0000000000000005
[   17.624224][  T294] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[   17.624226][  T294] R10: 00007f570b56ef60 R11: 0000000000000246 R12: 0000000000000002
[   17.624228][  T294] R13: 00000000690dfa96 R14: 0000000000499600 R15: 0000000000000000
[   17.624234][  T294]  </TASK>
[   17.624236][  T294] 
[   17.637523][  T294] Allocated by task 266:
[   17.637666][  T294]  kasan_save_stack+0x24/0x40
[   17.637857][  T294]  kasan_save_track+0x14/0x30
[   17.638041][  T294]  __kasan_kmalloc+0x7b/0x90
[   17.638214][  T294]  __kvmalloc_node_noprof+0x2e5/0x8e0
[   17.638417][  T294]  alloc_netdev_mqs+0x7d/0x1370
[   17.638596][  T294]  rtnl_create_link+0xa9e/0xe20
[   17.638782][  T294]  rtnl_newlink_create+0x203/0x8f0
[   17.638967][  T294]  __rtnl_newlink+0x231/0xa30
[   17.639142][  T294]  rtnl_newlink+0x693/0xa60
[   17.639329][  T294]  rtnetlink_rcv_msg+0x709/0xc00
[   17.639507][  T294]  netlink_rcv_skb+0x121/0x340
[   17.639681][  T294]  netlink_unicast+0x4aa/0x780
[   17.639865][  T294]  netlink_sendmsg+0x714/0xbd0
[   17.640044][  T294]  ____sys_sendmsg+0x3dd/0x890
[   17.640216][  T294]  ___sys_sendmsg+0xed/0x170
[   17.640401][  T294]  __sys_sendmsg+0x10b/0x1a0
[   17.640576][  T294]  do_syscall_64+0xc1/0xfd0
[   17.640758][  T294]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   17.640989][  T294] 
[   17.641078][  T294] Freed by task 294:
[   17.641219][  T294]  kasan_save_stack+0x24/0x40
[   17.641411][  T294]  kasan_save_track+0x14/0x30
[   17.641587][  T294]  __kasan_save_free_info+0x3b/0x60
[   17.641764][  T294]  __kasan_slab_free+0x3f/0x60
[   17.641947][  T294]  kfree+0x21d/0x540
[   17.642079][  T294]  device_release+0x9c/0x210
[   17.642265][  T294]  kobject_cleanup+0xfe/0x360
[   17.642454][  T294]  netdev_run_todo+0x81f/0xc60
[   17.642634][  T294]  rtnl_dellink+0x350/0xa30
[   17.642813][  T294]  rtnetlink_rcv_msg+0x709/0xc00
[   17.642993][  T294]  netlink_rcv_skb+0x121/0x340
[   17.643176][  T294]  netlink_unicast+0x4aa/0x780
[   17.643352][  T294]  netlink_sendmsg+0x714/0xbd0
[   17.643543][  T294]  ____sys_sendmsg+0x3dd/0x890
[   17.643719][  T294]  ___sys_sendmsg+0xed/0x170
[   17.643903][  T294]  __sys_sendmsg+0x10b/0x1a0
[   17.644079][  T294]  do_syscall_64+0xc1/0xfd0
[   17.644262][  T294]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   17.644491][  T294] 
[   17.644586][  T294] The buggy address belongs to the object at ffff888007961000
[   17.644586][  T294]  which belongs to the cache kmalloc-4k of size 4096
[   17.645019][  T294] The buggy address is located 1732 bytes inside of
[   17.645019][  T294]  freed 4096-byte region [ffff888007961000, ffff888007962000)
[   17.645557][  T294] 
[   17.645645][  T294] The buggy address belongs to the physical page:
[   17.645868][  T294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7960
[   17.646289][  T294] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.646566][  T294] flags: 0x80000000000040(head|node=0|zone=1)
[   17.646797][  T294] page_type: f5(slab)
[   17.647045][  T294] raw: 0080000000000040 ffff888001043700 ffffea00001f1c10 ffffea000018f410
[   17.647362][  T294] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   17.647787][  T294] head: 0080000000000040 ffff888001043700 ffffea00001f1c10 ffffea000018f410
[   17.648111][  T294] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   17.648428][  T294] head: 0080000000000003 ffffea00001e5801 00000000ffffffff 00000000ffffffff
[   17.648853][  T294] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   17.649170][  T294] page dumped because: kasan: bad access detected
[   17.649480][  T294] 
[   17.649575][  T294] Memory state around the buggy address:
[   17.649750][  T294]  ffff888007961580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.650024][  T294]  ffff888007961600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.650376][  T294] >ffff888007961680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.650639][  T294]                                            ^
[   17.650856][  T294]  ffff888007961700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.651216][  T294]  ffff888007961780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.651466][  T294] ==================================================================
[   17.652110][  T294] Disabling lock debugging due to kernel taint
[   17.652541][  T294] ------------[ cut here ]------------
[   17.652794][  T294] refcount_t: underflow; use-after-free.
[   17.653090][  T294] WARNING: CPU: 1 PID: 294 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[   17.653569][  T294] Modules linked in:
[   17.653765][  T294] CPU: 1 UID: 0 PID: 294 Comm: ip Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[   17.654293][  T294] Tainted: [B]=BAD_PAGE
[   17.654492][  T294] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   17.654804][  T294] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[   17.655147][  T294] Code: cc 38 03 80 fb 01 0f 87 29 33 d7 fe 83 e3 01 0f 85 51 ff ff ff c6 05 17 cc 38 03 01 90 48 c7 c7 40 ba 25 96 e8 62 d6 16 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 c0 9d a0 ff e9 ba fe ff ff
[   17.656141][  T294] RSP: 0018:ffffc90000cd71f0 EFLAGS: 00010286
[   17.656503][  T294] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   17.656931][  T294] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[   17.657337][  T294] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff2e40934
[   17.657761][  T294] R10: 0000000000000003 R11: ffffc90000cd6d80 R12: 0000000000000001
[   17.658179][  T294] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[   17.658606][  T294] FS:  00007f570b4a4800(0000) GS:ffff8880d4988000(0000) knlGS:0000000000000000
[   17.659079][  T294] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   17.659630][  T294] CR2: 00005597d52b3b68 CR3: 0000000008d41001 CR4: 0000000000772ef0
[   17.660037][  T294] PKRU: 55555554
[   17.660245][  T294] Call Trace:
[   17.660472][  T294]  <TASK>
[   17.660614][  T294]  netdev_run_todo+0x5f0/0xc60
[   17.661072][  T294]  ? dev_ingress_queue_create+0x190/0x190
[   17.661348][  T294]  ? generic_xdp_install+0x410/0x410
[   17.661634][  T294]  ? unregister_netdevice_many+0x20/0x20
[   17.661911][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.662365][  T294]  rtnl_dellink+0x350/0xa30
[   17.662650][  T294]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   17.663016][  T294]  ? find_held_lock+0x2b/0x80
[   17.663497][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.663768][  T294]  ? find_held_lock+0x2b/0x80
[   17.664041][  T294]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   17.664309][  T294]  ? __lock_release+0x5d/0x170
[   17.664764][  T294]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   17.665106][  T294]  rtnetlink_rcv_msg+0x709/0xc00
[   17.665392][  T294]  ? rtnl_port_fill+0x890/0x890
[   17.665663][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.666116][  T294]  netlink_rcv_skb+0x121/0x340
[   17.666399][  T294]  ? rtnl_port_fill+0x890/0x890
[   17.666670][  T294]  ? netlink_ack+0xdf0/0xdf0
[   17.666943][  T294]  ? netlink_deliver_tap+0x13e/0x340
[   17.667402][  T294]  ? netlink_deliver_tap+0xc3/0x340
[   17.667678][  T294]  netlink_unicast+0x4aa/0x780
[   17.667947][  T294]  ? netlink_attachskb+0x810/0x810
[   17.668217][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.668501][  T294]  netlink_sendmsg+0x714/0xbd0
[   17.668770][  T294]  ? netlink_unicast+0x780/0x780
[   17.669040][  T294]  ? __import_iovec+0x230/0x3b0
[   17.669311][  T294]  ? netlink_unicast+0x780/0x780
[   17.669771][  T294]  ____sys_sendmsg+0x3dd/0x890
[   17.670050][  T294]  ? get_timestamp.constprop.0+0x370/0x370
[   17.670392][  T294]  ? __copy_msghdr+0x3c0/0x3c0
[   17.670669][  T294]  ___sys_sendmsg+0xed/0x170
[   17.671109][  T294]  ? kasan_record_aux_stack+0x8c/0xa0
[   17.671395][  T294]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   17.671731][  T294]  ? copy_msghdr_from_user+0x110/0x110
[   17.672001][  T294]  ? find_held_lock+0x2b/0x80
[   17.672470][  T294]  ? __lock_acquire+0x449/0x7e0
[   17.672744][  T294]  ? find_held_lock+0x2b/0x80
[   17.673014][  T294]  ? __virt_addr_valid+0x22a/0x450
[   17.673299][  T294]  ? __lock_release+0x5d/0x170
[   17.673764][  T294]  __sys_sendmsg+0x10b/0x1a0
[   17.674034][  T294]  ? __call_rcu_common.constprop.0+0x318/0x630
[   17.674370][  T294]  ? __sys_sendmsg_sock+0x20/0x20
[   17.674831][  T294]  ? rcu_is_watching+0x12/0xb0
[   17.675116][  T294]  do_syscall_64+0xc1/0xfd0
[   17.675405][  T294]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   17.675743][  T294] RIP: 0033:0x7f570b6721d7
[   17.676220][  T294] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   17.677400][  T294] RSP: 002b:00007fff21912568 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   17.677811][  T294] RAX: ffffffffffffffda RBX: 00007fff21912c90 RCX: 00007f570b6721d7
[   17.678220][  T294] RDX: 0000000000000000 RSI: 00007fff219125d0 RDI: 0000000000000005
[   17.678820][  T294] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[   17.679226][  T294] R10: 00007f570b56ef60 R11: 0000000000000246 R12: 0000000000000002
[   17.679646][  T294] R13: 00000000690dfa96 R14: 0000000000499600 R15: 0000000000000000
[   17.680242][  T294]  </TASK>
[   17.680464][  T294] irq event stamp: 37607
[   17.680668][  T294] hardirqs last  enabled at (37607): [<ffffffff93b072e5>] finish_task_switch.isra.0+0x245/0x960
[   17.681405][  T294] hardirqs last disabled at (37606): [<ffffffff95e0a2ca>] __schedule+0x94a/0x1b10
[   17.681890][  T294] softirqs last  enabled at (37144): [<ffffffff93a63832>] handle_softirqs+0x352/0x610
[   17.682356][  T294] softirqs last disabled at (37139): [<ffffffff93a6409b>] irq_exit_rcu+0xab/0x100
[   17.682835][  T294] ---[ end trace 0000000000000000 ]---
[   17.702722][  T294] ip (294) used greatest stack depth: 24232 bytes left