[   16.674949][  T265] ip (265) used greatest stack depth: 24624 bytes left
[   18.753594][  T291] ==================================================================
[   18.753976][  T291] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[   18.754290][  T291] Read of size 1 at addr ffff888008a016c4 by task ip/291
[   18.754529][  T291] 
[   18.754636][  T291] CPU: 3 UID: 0 PID: 291 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[   18.754642][  T291] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   18.754646][  T291] Call Trace:
[   18.754650][  T291]  <TASK>
[   18.754653][  T291]  dump_stack_lvl+0x82/0xc0
[   18.754658][  T291]  print_address_description.constprop.0+0x2c/0x3a0
[   18.754673][  T291]  ? kobject_put+0xbb/0xd0
[   18.754677][  T291]  print_report+0xb4/0x270
[   18.754681][  T291]  ? kobject_put+0xbb/0xd0
[   18.754684][  T291]  ? kasan_addr_to_slab+0x21/0x70
[   18.754687][  T291]  ? kobject_put+0xbb/0xd0
[   18.754690][  T291]  kasan_report+0xca/0x100
[   18.754694][  T291]  ? kobject_put+0xbb/0xd0
[   18.754700][  T291]  kobject_put+0xbb/0xd0
[   18.754703][  T291]  netdev_run_todo+0x5f0/0xc60
[   18.754715][  T291]  ? dev_ingress_queue_create+0x190/0x190
[   18.754719][  T291]  ? generic_xdp_install+0x410/0x410
[   18.754725][  T291]  ? unregister_netdevice_many+0x20/0x20
[   18.754731][  T291]  rtnl_dellink+0x350/0xa30
[   18.754737][  T291]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   18.754756][  T291]  ? find_held_lock+0x2b/0x80
[   18.754770][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.754775][  T291]  ? find_held_lock+0x2b/0x80
[   18.754779][  T291]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   18.754783][  T291]  ? __lock_release+0x5d/0x170
[   18.754786][  T291]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   18.754790][  T291]  rtnetlink_rcv_msg+0x709/0xc00
[   18.754794][  T291]  ? rtnl_port_fill+0x890/0x890
[   18.754798][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.754804][  T291]  netlink_rcv_skb+0x121/0x340
[   18.754810][  T291]  ? rtnl_port_fill+0x890/0x890
[   18.754814][  T291]  ? netlink_ack+0xdf0/0xdf0
[   18.754820][  T291]  ? netlink_deliver_tap+0x13e/0x340
[   18.754823][  T291]  ? netlink_deliver_tap+0xc3/0x340
[   18.754827][  T291]  netlink_unicast+0x4aa/0x780
[   18.754831][  T291]  ? netlink_attachskb+0x810/0x810
[   18.754834][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.754839][  T291]  netlink_sendmsg+0x714/0xbd0
[   18.754843][  T291]  ? netlink_unicast+0x780/0x780
[   18.754847][  T291]  ? __import_iovec+0x230/0x3b0
[   18.754857][  T291]  ? netlink_unicast+0x780/0x780
[   18.754861][  T291]  ____sys_sendmsg+0x3dd/0x890
[   18.754866][  T291]  ? get_timestamp.constprop.0+0x370/0x370
[   18.754869][  T291]  ? __copy_msghdr+0x3c0/0x3c0
[   18.754877][  T291]  ___sys_sendmsg+0xed/0x170
[   18.754879][  T291]  ? kasan_record_aux_stack+0x8c/0xa0
[   18.754884][  T291]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   18.754889][  T291]  ? copy_msghdr_from_user+0x110/0x110
[   18.754894][  T291]  ? find_held_lock+0x2b/0x80
[   18.754898][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.754903][  T291]  ? find_held_lock+0x2b/0x80
[   18.754907][  T291]  ? __virt_addr_valid+0x22a/0x450
[   18.754917][  T291]  ? __lock_release+0x5d/0x170
[   18.754922][  T291]  __sys_sendmsg+0x10b/0x1a0
[   18.754925][  T291]  ? __call_rcu_common.constprop.0+0x318/0x630
[   18.754927][  T291]  ? __sys_sendmsg_sock+0x20/0x20
[   18.754935][  T291]  ? rcu_is_watching+0x12/0xb0
[   18.754941][  T291]  do_syscall_64+0xc1/0xfd0
[   18.754947][  T291]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   18.754956][  T291] RIP: 0033:0x7f1893b601d7
[   18.754962][  T291] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   18.754965][  T291] RSP: 002b:00007ffcc4afd578 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   18.754972][  T291] RAX: ffffffffffffffda RBX: 00007ffcc4afdca0 RCX: 00007f1893b601d7
[   18.754974][  T291] RDX: 0000000000000000 RSI: 00007ffcc4afd5e0 RDI: 0000000000000005
[   18.754977][  T291] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000078
[   18.754978][  T291] R10: 00007f1893a5cf60 R11: 0000000000000246 R12: 0000000000000001
[   18.754980][  T291] R13: 00000000690df495 R14: 0000000000499600 R15: 0000000000000000
[   18.754987][  T291]  </TASK>
[   18.754988][  T291] 
[   18.769431][  T291] Allocated by task 265:
[   18.769580][  T291]  kasan_save_stack+0x24/0x40
[   18.769786][  T291]  kasan_save_track+0x14/0x30
[   18.769982][  T291]  __kasan_kmalloc+0x7b/0x90
[   18.770178][  T291]  __kvmalloc_node_noprof+0x2e5/0x8e0
[   18.770393][  T291]  alloc_netdev_mqs+0x7d/0x1370
[   18.770591][  T291]  rtnl_create_link+0xa9e/0xe20
[   18.770794][  T291]  rtnl_newlink_create+0x203/0x8f0
[   18.770990][  T291]  __rtnl_newlink+0x231/0xa30
[   18.771188][  T291]  rtnl_newlink+0x693/0xa60
[   18.771390][  T291]  rtnetlink_rcv_msg+0x709/0xc00
[   18.771587][  T291]  netlink_rcv_skb+0x121/0x340
[   18.771783][  T291]  netlink_unicast+0x4aa/0x780
[   18.771975][  T291]  netlink_sendmsg+0x714/0xbd0
[   18.772170][  T291]  ____sys_sendmsg+0x3dd/0x890
[   18.772383][  T291]  ___sys_sendmsg+0xed/0x170
[   18.772577][  T291]  __sys_sendmsg+0x10b/0x1a0
[   18.772768][  T291]  do_syscall_64+0xc1/0xfd0
[   18.772963][  T291]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   18.773212][  T291] 
[   18.773369][  T291] Freed by task 291:
[   18.773591][  T291]  kasan_save_stack+0x24/0x40
[   18.773792][  T291]  kasan_save_track+0x14/0x30
[   18.773985][  T291]  __kasan_save_free_info+0x3b/0x60
[   18.774197][  T291]  __kasan_slab_free+0x3f/0x60
[   18.774396][  T291]  kfree+0x21d/0x540
[   18.774543][  T291]  device_release+0x9c/0x210
[   18.774744][  T291]  kobject_cleanup+0xfe/0x360
[   18.774937][  T291]  netdev_run_todo+0x81f/0xc60
[   18.775130][  T291]  rtnl_dellink+0x350/0xa30
[   18.775334][  T291]  rtnetlink_rcv_msg+0x709/0xc00
[   18.775527][  T291]  netlink_rcv_skb+0x121/0x340
[   18.775740][  T291]  netlink_unicast+0x4aa/0x780
[   18.775935][  T291]  netlink_sendmsg+0x714/0xbd0
[   18.776132][  T291]  ____sys_sendmsg+0x3dd/0x890
[   18.776336][  T291]  ___sys_sendmsg+0xed/0x170
[   18.776535][  T291]  __sys_sendmsg+0x10b/0x1a0
[   18.776728][  T291]  do_syscall_64+0xc1/0xfd0
[   18.776923][  T291]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   18.777167][  T291] 
[   18.777285][  T291] The buggy address belongs to the object at ffff888008a01000
[   18.777285][  T291]  which belongs to the cache kmalloc-4k of size 4096
[   18.777761][  T291] The buggy address is located 1732 bytes inside of
[   18.777761][  T291]  freed 4096-byte region [ffff888008a01000, ffff888008a02000)
[   18.778264][  T291] 
[   18.778418][  T291] The buggy address belongs to the physical page:
[   18.778690][  T291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a00
[   18.779040][  T291] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   18.779347][  T291] flags: 0x80000000000040(head|node=0|zone=1)
[   18.779607][  T291] page_type: f5(slab)
[   18.779766][  T291] raw: 0080000000000040 ffff888001043700 ffffea0000237a10 ffffea0000096810
[   18.780124][  T291] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   18.780483][  T291] head: 0080000000000040 ffff888001043700 ffffea0000237a10 ffffea0000096810
[   18.780831][  T291] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   18.781175][  T291] head: 0080000000000003 ffffea0000228001 00000000ffffffff 00000000ffffffff
[   18.781532][  T291] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   18.781882][  T291] page dumped because: kasan: bad access detected
[   18.782235][  T291] 
[   18.782335][  T291] Memory state around the buggy address:
[   18.782526][  T291]  ffff888008a01580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.782812][  T291]  ffff888008a01600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.783201][  T291] >ffff888008a01680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.783487][  T291]                                            ^
[   18.783810][  T291]  ffff888008a01700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.784094][  T291]  ffff888008a01780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.784391][  T291] ==================================================================
[   18.784835][  T291] Disabling lock debugging due to kernel taint
[   18.785072][  T291] ------------[ cut here ]------------
[   18.785262][  T291] refcount_t: underflow; use-after-free.
[   18.785502][  T291] WARNING: CPU: 3 PID: 291 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[   18.785979][  T291] Modules linked in:
[   18.786135][  T291] CPU: 3 UID: 0 PID: 291 Comm: ip Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[   18.787265][  T291] Tainted: [B]=BAD_PAGE
[   18.787495][  T291] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   18.787739][  T291] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[   18.787991][  T291] Code: cc 38 03 80 fb 01 0f 87 29 33 d7 fe 83 e3 01 0f 85 51 ff ff ff c6 05 17 cc 38 03 01 90 48 c7 c7 40 ba 25 93 e8 62 d6 16 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 c0 9d a0 ff e9 ba fe ff ff
[   18.788762][  T291] RSP: 0018:ffffc90000ce71f0 EFLAGS: 00010286
[   18.789007][  T291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   18.789359][  T291] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[   18.789647][  T291] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff2840934
[   18.789940][  T291] R10: 0000000000000003 R11: ffffc90000ce6d80 R12: 0000000000000001
[   18.790435][  T291] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[   18.790727][  T291] FS:  00007f1893992800(0000) GS:ffff8880d7a88000(0000) knlGS:0000000000000000
[   18.791172][  T291] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   18.791535][  T291] CR2: 00000000004e5ae0 CR3: 000000000bc82004 CR4: 0000000000772ef0
[   18.791927][  T291] PKRU: 55555554
[   18.792129][  T291] Call Trace:
[   18.792362][  T291]  <TASK>
[   18.792517][  T291]  netdev_run_todo+0x5f0/0xc60
[   18.792808][  T291]  ? dev_ingress_queue_create+0x190/0x190
[   18.793113][  T291]  ? generic_xdp_install+0x410/0x410
[   18.793422][  T291]  ? unregister_netdevice_many+0x20/0x20
[   18.793728][  T291]  rtnl_dellink+0x350/0xa30
[   18.794032][  T291]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   18.794435][  T291]  ? find_held_lock+0x2b/0x80
[   18.794736][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.795038][  T291]  ? find_held_lock+0x2b/0x80
[   18.795359][  T291]  ? rtnetlink_rcv_msg+0x6e6/0xc00
[   18.795659][  T291]  ? __lock_release+0x5d/0x170
[   18.795970][  T291]  ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[   18.796359][  T291]  rtnetlink_rcv_msg+0x709/0xc00
[   18.796661][  T291]  ? rtnl_port_fill+0x890/0x890
[   18.796961][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.797264][  T291]  netlink_rcv_skb+0x121/0x340
[   18.797587][  T291]  ? rtnl_port_fill+0x890/0x890
[   18.797890][  T291]  ? netlink_ack+0xdf0/0xdf0
[   18.798190][  T291]  ? netlink_deliver_tap+0x13e/0x340
[   18.798646][  T291]  ? netlink_deliver_tap+0xc3/0x340
[   18.798848][  T291]  netlink_unicast+0x4aa/0x780
[   18.799038][  T291]  ? netlink_attachskb+0x810/0x810
[   18.799228][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.799558][  T291]  netlink_sendmsg+0x714/0xbd0
[   18.799751][  T291]  ? netlink_unicast+0x780/0x780
[   18.799944][  T291]  ? __import_iovec+0x230/0x3b0
[   18.800132][  T291]  ? netlink_unicast+0x780/0x780
[   18.800515][  T291]  ____sys_sendmsg+0x3dd/0x890
[   18.800706][  T291]  ? get_timestamp.constprop.0+0x370/0x370
[   18.800939][  T291]  ? __copy_msghdr+0x3c0/0x3c0
[   18.801128][  T291]  ___sys_sendmsg+0xed/0x170
[   18.801340][  T291]  ? kasan_record_aux_stack+0x8c/0xa0
[   18.801533][  T291]  ? __call_rcu_common.constprop.0+0xa8/0x630
[   18.801768][  T291]  ? copy_msghdr_from_user+0x110/0x110
[   18.801954][  T291]  ? find_held_lock+0x2b/0x80
[   18.802238][  T291]  ? __lock_acquire+0x449/0x7e0
[   18.802439][  T291]  ? find_held_lock+0x2b/0x80
[   18.802628][  T291]  ? __virt_addr_valid+0x22a/0x450
[   18.802829][  T291]  ? __lock_release+0x5d/0x170
[   18.803109][  T291]  __sys_sendmsg+0x10b/0x1a0
[   18.803301][  T291]  ? __call_rcu_common.constprop.0+0x318/0x630
[   18.803550][  T291]  ? __sys_sendmsg_sock+0x20/0x20
[   18.803739][  T291]  ? rcu_is_watching+0x12/0xb0
[   18.804021][  T291]  do_syscall_64+0xc1/0xfd0
[   18.804210][  T291]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   18.804490][  T291] RIP: 0033:0x7f1893b601d7
[   18.804696][  T291] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   18.805475][  T291] RSP: 002b:00007ffcc4afd578 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   18.805871][  T291] RAX: ffffffffffffffda RBX: 00007ffcc4afdca0 RCX: 00007f1893b601d7
[   18.806160][  T291] RDX: 0000000000000000 RSI: 00007ffcc4afd5e0 RDI: 0000000000000005
[   18.806554][  T291] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000078
[   18.806839][  T291] R10: 00007f1893a5cf60 R11: 0000000000000246 R12: 0000000000000001
[   18.807116][  T291] R13: 00000000690df495 R14: 0000000000499600 R15: 0000000000000000
[   18.807529][  T291]  </TASK>
[   18.807678][  T291] irq event stamp: 48887
[   18.807819][  T291] hardirqs last  enabled at (48887): [<ffffffff92e0ad47>] __schedule+0x13c7/0x1b10
[   18.808159][  T291] hardirqs last disabled at (48886): [<ffffffff92e0a2ca>] __schedule+0x94a/0x1b10
[   18.808640][  T291] softirqs last  enabled at (45904): [<ffffffff90a63832>] handle_softirqs+0x352/0x610
[   18.808978][  T291] softirqs last disabled at (45709): [<ffffffff90a6409b>] irq_exit_rcu+0xab/0x100
[   18.809411][  T291] ---[ end trace 0000000000000000 ]---
[   19.898393][  T308] ip (308) used greatest stack depth: 24488 bytes left