[ 17.869133][ T282] veth0: renamed from veth1
[ 18.645834][ T301] gre: GRE over IPv4 demultiplexer driver
[ 18.671085][ T301] ip6_gre: GRE over IPv6 tunneling driver
[ 18.901909][ T12] ip6_tunnel: gre1 xmit: Local address not yet configured!
[ 23.393687][ T326] socat (326) used greatest stack depth: 23216 bytes left
[ 24.849374][ T339] socat (339) used greatest stack depth: 22544 bytes left
[ 25.152859][ T343] ==================================================================
[ 25.153241][ T343] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 25.153513][ T343] Read of size 1 at addr ffff88800aa296c4 by task ip/343
[ 25.153728][ T343]
[ 25.153828][ T343] CPU: 3 UID: 0 PID: 343 Comm: ip Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 25.153834][ T343] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 25.153836][ T343] Call Trace:
[ 25.153838][ T343]
[ 25.153840][ T343] dump_stack_lvl+0x82/0xc0
[ 25.153847][ T343] print_address_description.constprop.0+0x2c/0x3a0
[ 25.153855][ T343] ? kobject_put+0xbb/0xd0
[ 25.153859][ T343] print_report+0xb4/0x270
[ 25.153862][ T343] ? kobject_put+0xbb/0xd0
[ 25.153866][ T343] ? kasan_addr_to_slab+0x21/0x70
[ 25.153869][ T343] ? kobject_put+0xbb/0xd0
[ 25.153872][ T343] kasan_report+0xca/0x100
[ 25.153876][ T343] ? kobject_put+0xbb/0xd0
[ 25.153882][ T343] kobject_put+0xbb/0xd0
[ 25.153886][ T343] netdev_run_todo+0x5f0/0xc60
[ 25.153893][ T343] ? dev_ingress_queue_create+0x190/0x190
[ 25.153897][ T343] ? generic_xdp_install+0x410/0x410
[ 25.153900][ T343] ? unregister_netdevice_many+0x20/0x20
[ 25.153906][ T343] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 25.153914][ T343] rtnl_dellink+0x350/0xa30
[ 25.153919][ T343] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 25.153939][ T343] ? find_held_lock+0x2b/0x80
[ 25.153949][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.153954][ T343] ? find_held_lock+0x2b/0x80
[ 25.153958][ T343] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 25.153961][ T343] ? __lock_release+0x5d/0x170
[ 25.153967][ T343] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 25.153973][ T343] rtnetlink_rcv_msg+0x709/0xc00
[ 25.153979][ T343] ? rtnl_port_fill+0x890/0x890
[ 25.153984][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.153992][ T343] netlink_rcv_skb+0x121/0x340
[ 25.153997][ T343] ? rtnl_port_fill+0x890/0x890
[ 25.154002][ T343] ? netlink_ack+0xdf0/0xdf0
[ 25.154008][ T343] ? netlink_deliver_tap+0x13e/0x340
[ 25.154011][ T343] ? netlink_deliver_tap+0xc3/0x340
[ 25.154015][ T343] netlink_unicast+0x4aa/0x780
[ 25.154019][ T343] ? netlink_attachskb+0x810/0x810
[ 25.154022][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.154027][ T343] netlink_sendmsg+0x714/0xbd0
[ 25.154031][ T343] ? netlink_unicast+0x780/0x780
[ 25.154034][ T343] ? __import_iovec+0x230/0x3b0
[ 25.154040][ T343] ? netlink_unicast+0x780/0x780
[ 25.154044][ T343] ____sys_sendmsg+0x3dd/0x890
[ 25.154048][ T343] ? get_timestamp.constprop.0+0x370/0x370
[ 25.154051][ T343] ? __copy_msghdr+0x3c0/0x3c0
[ 25.154058][ T343] ___sys_sendmsg+0xed/0x170
[ 25.154061][ T343] ? kasan_record_aux_stack+0x8c/0xa0
[ 25.154065][ T343] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 25.154071][ T343] ? copy_msghdr_from_user+0x110/0x110
[ 25.154075][ T343] ? find_held_lock+0x2b/0x80
[ 25.154079][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.154084][ T343] ? find_held_lock+0x2b/0x80
[ 25.154088][ T343] ? __virt_addr_valid+0x22a/0x450
[ 25.154095][ T343] ? __lock_release+0x5d/0x170
[ 25.154101][ T343] __sys_sendmsg+0x10b/0x1a0
[ 25.154103][ T343] ? __call_rcu_common.constprop.0+0x318/0x630
[ 25.154106][ T343] ? __sys_sendmsg_sock+0x20/0x20
[ 25.154113][ T343] ? rcu_is_watching+0x12/0xb0
[ 25.154120][ T343] do_syscall_64+0xc1/0xfd0
[ 25.154126][ T343] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 25.154131][ T343] RIP: 0033:0x7f20648321d7
[ 25.154136][ T343] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 25.154140][ T343] RSP: 002b:00007ffe93e0a3f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 25.154144][ T343] RAX: ffffffffffffffda RBX: 00007ffe93e0ab20 RCX: 00007f20648321d7
[ 25.154146][ T343] RDX: 0000000000000000 RSI: 00007ffe93e0a460 RDI: 0000000000000005
[ 25.154148][ T343] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 25.154150][ T343] R10: 00007f206472ef60 R11: 0000000000000246 R12: 0000000000000002
[ 25.154152][ T343] R13: 00000000690df686 R14: 0000000000499600 R15: 0000000000000000
[ 25.154158][ T343]
[ 25.154160][ T343]
[ 25.166959][ T343] Allocated by task 300:
[ 25.167100][ T343] kasan_save_stack+0x24/0x40
[ 25.167282][ T343] kasan_save_track+0x14/0x30
[ 25.167450][ T343] __kasan_kmalloc+0x7b/0x90
[ 25.167631][ T343] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 25.167812][ T343] alloc_netdev_mqs+0x7d/0x1370
[ 25.168010][ T343] ip6gre_tunnel_locate+0x166/0x440 [ip6_gre]
[ 25.168235][ T343] ip6gre_tunnel_siocdevprivate+0x25e/0x600 [ip6_gre]
[ 25.168447][ T343] dev_ifsioc+0x17a6/0x2000
[ 25.168612][ T343] dev_ioctl+0x15d/0xec0
[ 25.168742][ T343] sock_ioctl+0x497/0x580
[ 25.168879][ T343] __x64_sys_ioctl+0x118/0x190
[ 25.169066][ T343] do_syscall_64+0xc1/0xfd0
[ 25.169241][ T343] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 25.169452][ T343]
[ 25.169539][ T343] Freed by task 343:
[ 25.169675][ T343] kasan_save_stack+0x24/0x40
[ 25.169857][ T343] kasan_save_track+0x14/0x30
[ 25.170042][ T343] __kasan_save_free_info+0x3b/0x60
[ 25.170217][ T343] __kasan_slab_free+0x3f/0x60
[ 25.170384][ T343] kfree+0x21d/0x540
[ 25.170518][ T343] device_release+0x9c/0x210
[ 25.170691][ T343] kobject_cleanup+0xfe/0x360
[ 25.170872][ T343] netdev_run_todo+0x81f/0xc60
[ 25.171071][ T343] rtnl_dellink+0x350/0xa30
[ 25.171243][ T343] rtnetlink_rcv_msg+0x709/0xc00
[ 25.171422][ T343] netlink_rcv_skb+0x121/0x340
[ 25.171592][ T343] netlink_unicast+0x4aa/0x780
[ 25.171779][ T343] netlink_sendmsg+0x714/0xbd0
[ 25.171949][ T343] ____sys_sendmsg+0x3dd/0x890
[ 25.172124][ T343] ___sys_sendmsg+0xed/0x170
[ 25.172293][ T343] __sys_sendmsg+0x10b/0x1a0
[ 25.172467][ T343] do_syscall_64+0xc1/0xfd0
[ 25.172636][ T343] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 25.172859][ T343]
[ 25.172957][ T343] The buggy address belongs to the object at ffff88800aa29000
[ 25.172957][ T343] which belongs to the cache kmalloc-4k of size 4096
[ 25.173370][ T343] The buggy address is located 1732 bytes inside of
[ 25.173370][ T343] freed 4096-byte region [ffff88800aa29000, ffff88800aa2a000)
[ 25.173791][ T343]
[ 25.173883][ T343] The buggy address belongs to the physical page:
[ 25.174098][ T343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaa28
[ 25.174400][ T343] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 25.174661][ T343] flags: 0x80000000000040(head|node=0|zone=1)
[ 25.174893][ T343] page_type: f5(slab)
[ 25.175037][ T343] raw: 0080000000000040 ffff888001043700 ffffea0000392a10 ffffea0000136c10
[ 25.175341][ T343] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 25.175644][ T343] head: 0080000000000040 ffff888001043700 ffffea0000392a10 ffffea0000136c10
[ 25.175951][ T343] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 25.176264][ T343] head: 0080000000000003 ffffea00002a8a01 00000000ffffffff 00000000ffffffff
[ 25.176570][ T343] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 25.176877][ T343] page dumped because: kasan: bad access detected
[ 25.177099][ T343]
[ 25.177184][ T343] Memory state around the buggy address:
[ 25.177345][ T343] ffff88800aa29580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.177595][ T343] ffff88800aa29600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.177843][ T343] >ffff88800aa29680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.178109][ T343] ^
[ 25.178311][ T343] ffff88800aa29700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.178554][ T343] ffff88800aa29780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.178810][ T343] ==================================================================
[ 25.179135][ T343] Disabling lock debugging due to kernel taint
[ 25.179439][ T343] ------------[ cut here ]------------
[ 25.179608][ T343] refcount_t: underflow; use-after-free.
[ 25.179827][ T343] WARNING: CPU: 1 PID: 343 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 25.180250][ T343] Modules linked in: ip6_gre gre
[ 25.180432][ T343] CPU: 1 UID: 0 PID: 343 Comm: ip Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 25.180803][ T343] Tainted: [B]=BAD_PAGE
[ 25.180948][ T343] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 25.181169][ T343] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 25.181396][ T343] Code: cc 38 03 80 fb 01 0f 87 29 33 d7 fe 83 e3 01 0f 85 51 ff ff ff c6 05 17 cc 38 03 01 90 48 c7 c7 40 ba a5 ba e8 62 d6 16 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 c0 9d a0 ff e9 ba fe ff ff
[ 25.182032][ T343] RSP: 0018:ffffc90000d371f0 EFLAGS: 00010286
[ 25.182259][ T343] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 25.182518][ T343] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 25.182796][ T343] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff7740934
[ 25.183065][ T343] R10: 0000000000000003 R11: ffffc90000d36d80 R12: 0000000000000001
[ 25.183327][ T343] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 25.183587][ T343] FS: 00007f2064664800(0000) GS:ffff8880b0188000(0000) knlGS:0000000000000000
[ 25.183914][ T343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.184138][ T343] CR2: 00007f8bc14c7600 CR3: 000000000b82f005 CR4: 0000000000772ef0
[ 25.184399][ T343] PKRU: 55555554
[ 25.184522][ T343] Call Trace:
[ 25.184662][ T343]
[ 25.184763][ T343] netdev_run_todo+0x5f0/0xc60
[ 25.184963][ T343] ? dev_ingress_queue_create+0x190/0x190
[ 25.185131][ T343] ? generic_xdp_install+0x410/0x410
[ 25.185310][ T343] ? unregister_netdevice_many+0x20/0x20
[ 25.185477][ T343] ? net_generic+0xbb/0x1f0 [ip6_gre]
[ 25.185664][ T343] rtnl_dellink+0x350/0xa30
[ 25.185857][ T343] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 25.186101][ T343] ? find_held_lock+0x2b/0x80
[ 25.186283][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.186447][ T343] ? find_held_lock+0x2b/0x80
[ 25.186615][ T343] ? rtnetlink_rcv_msg+0x6e6/0xc00
[ 25.186805][ T343] ? __lock_release+0x5d/0x170
[ 25.186987][ T343] ? valid_bridge_getlink_req.constprop.0+0x640/0x640
[ 25.187208][ T343] rtnetlink_rcv_msg+0x709/0xc00
[ 25.187373][ T343] ? rtnl_port_fill+0x890/0x890
[ 25.187542][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.187739][ T343] netlink_rcv_skb+0x121/0x340
[ 25.187922][ T343] ? rtnl_port_fill+0x890/0x890
[ 25.188187][ T343] ? netlink_ack+0xdf0/0xdf0
[ 25.188360][ T343] ? netlink_deliver_tap+0x13e/0x340
[ 25.188523][ T343] ? netlink_deliver_tap+0xc3/0x340
[ 25.188695][ T343] netlink_unicast+0x4aa/0x780
[ 25.188882][ T343] ? netlink_attachskb+0x810/0x810
[ 25.189066][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.189241][ T343] netlink_sendmsg+0x714/0xbd0
[ 25.189407][ T343] ? netlink_unicast+0x780/0x780
[ 25.189569][ T343] ? __import_iovec+0x230/0x3b0
[ 25.189743][ T343] ? netlink_unicast+0x780/0x780
[ 25.189935][ T343] ____sys_sendmsg+0x3dd/0x890
[ 25.190102][ T343] ? get_timestamp.constprop.0+0x370/0x370
[ 25.190327][ T343] ? __copy_msghdr+0x3c0/0x3c0
[ 25.190494][ T343] ___sys_sendmsg+0xed/0x170
[ 25.190664][ T343] ? kasan_record_aux_stack+0x8c/0xa0
[ 25.190848][ T343] ? __call_rcu_common.constprop.0+0xa8/0x630
[ 25.191074][ T343] ? copy_msghdr_from_user+0x110/0x110
[ 25.191245][ T343] ? find_held_lock+0x2b/0x80
[ 25.191410][ T343] ? __lock_acquire+0x449/0x7e0
[ 25.191581][ T343] ? find_held_lock+0x2b/0x80
[ 25.191751][ T343] ? __virt_addr_valid+0x22a/0x450
[ 25.191945][ T343] ? __lock_release+0x5d/0x170
[ 25.192115][ T343] __sys_sendmsg+0x10b/0x1a0
[ 25.192288][ T343] ? __call_rcu_common.constprop.0+0x318/0x630
[ 25.192514][ T343] ? __sys_sendmsg_sock+0x20/0x20
[ 25.192687][ T343] ? rcu_is_watching+0x12/0xb0
[ 25.192868][ T343] do_syscall_64+0xc1/0xfd0
[ 25.193057][ T343] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 25.193276][ T343] RIP: 0033:0x7f20648321d7
[ 25.193450][ T343] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 25.194101][ T343] RSP: 002b:00007ffe93e0a3f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 25.194650][ T343] RAX: ffffffffffffffda RBX: 00007ffe93e0ab20 RCX: 00007f20648321d7
[ 25.195037][ T343] RDX: 0000000000000000 RSI: 00007ffe93e0a460 RDI: 0000000000000005
[ 25.195418][ T343] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000078
[ 25.195894][ T343] R10: 00007f206472ef60 R11: 0000000000000246 R12: 0000000000000002
[ 25.196262][ T343] R13: 00000000690df686 R14: 0000000000499600 R15: 0000000000000000
[ 25.196821][ T343]
[ 25.197047][ T343] irq event stamp: 48885
[ 25.197244][ T343] hardirqs last enabled at (48885): [] irqentry_exit+0x3b/0x80
[ 25.197703][ T343] hardirqs last disabled at (48884): [] sysvec_reschedule_ipi+0xf/0xc0
[ 25.198355][ T343] softirqs last enabled at (47828): [] handle_softirqs+0x352/0x610
[ 25.198791][ T343] softirqs last disabled at (46919): [] irq_exit_rcu+0xab/0x100
[ 25.199415][ T343] ---[ end trace 0000000000000000 ]---