make -C tools/testing/selftests TARGETS=net TEST_PROGS=amt.sh TEST_GEN_PROOGS="" run_tests
make: Entering directory '/home/virtme/testing-3/tools/testing/selftests'
make[1]: Entering directory '/home/virtme/testing-3/tools/testing/selftests/net'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/virtme/testing-3/tools/testing/selftests/net'
make[1]: Entering directory '/home/virtme/testing-3/tools/testing/selftests/net'
TAP version 13
1..1
# timeout set to 6000
# selftests: net: amt.sh
[ 422.695233][ T3837] br0: port 1(gw_l) entered blocking state
[ 422.695749][ T3837] br0: port 1(gw_l) entered disabled state
[ 422.698790][ T3837] gw_l: entered allmulticast mode
[ 422.700791][ T3837] gw_l: entered promiscuous mode
[ 422.702832][ T3837] br0: port 1(gw_l) entered blocking state
[ 422.703236][ T3837] br0: port 1(gw_l) entered forwarding state
[ 423.267563][ T3839] br0: port 2(amtg) entered blocking state
[ 423.267962][ T3839] br0: port 2(amtg) entered disabled state
[ 423.268377][ T3839] amtg: entered allmulticast mode
[ 423.273989][ T3839] amtg: entered promiscuous mode
[ 425.162709][ T3850] br0: port 2(amtg) entered blocking state
[ 425.163098][ T3850] br0: port 2(amtg) entered forwarding state
[ 426.029500][ T3856] amtr: entered allmulticast mode
[ 426.032585][ T3856] relay_gw: entered allmulticast mode
[ 426.032965][ T3856] relay_src: entered allmulticast mode
# smcroutectl: Cannot find IPC socket /usr/local/var/run/smcroute.sock
# smcroutectl: Daemon may be running with another -i NAME
[ 426.294018][ T70] br0: port 1(gw_l) entered disabled state
[ 426.316429][ T70] gw_l (unregistering): left allmulticast mode
[ 426.316864][ T70] gw_l (unregistering): left promiscuous mode
[ 426.317683][ T70] br0: port 1(gw_l) entered disabled state
[ 426.394497][ T70] amtg: left allmulticast mode
[ 426.394811][ T70] amtg: left promiscuous mode
[ 426.395188][ T70] br0: port 2(amtg) entered disabled state
[ 426.411469][ T70] ==================================================================
[ 426.411919][ T70] BUG: KASAN: slab-use-after-free in kobject_put+0xc7/0xe0
[ 426.412336][ T70] Read of size 1 at addr ffff888001d85e7c by task kworker/u8:1/70
[ 426.412747][ T70]
[ 426.412878][ T70] CPU: 0 PID: 70 Comm: kworker/u8:1 Not tainted 6.8.0-rc2-virtme #1
[ 426.413296][ T70] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 426.413938][ T70] Workqueue: netns cleanup_net
[ 426.414201][ T70] Call Trace:
[ 426.414379][ T70]
[ 426.414535][ T70] dump_stack_lvl+0x64/0xb0
[ 426.414779][ T70] print_address_description.constprop.0+0x2c/0x3b0
[ 426.415127][ T70] ? kobject_put+0xc7/0xe0
[ 426.415363][ T70] print_report+0xb5/0x270
[ 426.415600][ T70] ? kasan_addr_to_slab+0x4e/0x90
[ 426.415866][ T70] kasan_report+0xbe/0xf0
[ 426.416098][ T70] ? kobject_put+0xc7/0xe0
[ 426.416334][ T70] kobject_put+0xc7/0xe0
[ 426.416563][ T70] br_sysfs_delbr+0x3f/0x70
[ 426.416803][ T70] br_dev_delete+0x10d/0x190
[ 426.417051][ T70] br_net_exit_batch_rtnl+0xd6/0x190
[ 426.417335][ T70] cleanup_net+0x499/0xb50
[ 426.417569][ T70] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 426.417867][ T70] ? __pfx_cleanup_net+0x10/0x10
[ 426.418137][ T70] ? lock_acquire+0x1c1/0x220
[ 426.418385][ T70] ? process_one_work+0x714/0x1310
[ 426.418657][ T70] process_one_work+0x78f/0x1310
[ 426.418922][ T70] ? hlock_class+0x4e/0x130
[ 426.419162][ T70] ? __pfx_process_one_work+0x10/0x10
[ 426.419444][ T70] ? assign_work+0x16c/0x240
[ 426.419687][ T70] worker_thread+0x73d/0x1010
[ 426.419937][ T70] ? lockdep_hardirqs_on_prepare.part.0+0x1b1/0x370
[ 426.420292][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.420564][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.420832][ T70] kthread+0x292/0x360
[ 426.421047][ T70] ? __pfx_kthread+0x10/0x10
[ 426.421289][ T70] ret_from_fork+0x34/0x70
[ 426.421528][ T70] ? __pfx_kthread+0x10/0x10
[ 426.421772][ T70] ret_from_fork_asm+0x1b/0x30
[ 426.422033][ T70]
[ 426.422196][ T70]
[ 426.422322][ T70] Allocated by task 3835:
[ 426.422548][ T70] kasan_save_stack+0x24/0x50
[ 426.422800][ T70] kasan_save_track+0x14/0x30
[ 426.423051][ T70] __kasan_kmalloc+0x7f/0x90
[ 426.423294][ T70] kobject_create_and_add+0x44/0xc0
[ 426.423571][ T70] br_sysfs_addbr+0x57/0x160
[ 426.423817][ T70] br_device_event+0x1ff/0x740
[ 426.424072][ T70] notifier_call_chain+0x9d/0x290
[ 426.424343][ T70] register_netdevice+0x116d/0x17a0
[ 426.424625][ T70] br_dev_newlink+0x2b/0x100
[ 426.424872][ T70] rtnl_newlink_create+0x344/0x850
[ 426.425141][ T70] __rtnl_newlink+0xad2/0xd60
[ 426.425393][ T70] rtnl_newlink+0x63/0xa0
[ 426.425623][ T70] rtnetlink_rcv_msg+0x2fe/0xb80
[ 426.425885][ T70] netlink_rcv_skb+0x133/0x360
[ 426.426141][ T70] netlink_unicast+0x44c/0x710
[ 426.426394][ T70] netlink_sendmsg+0x726/0xbe0
[ 426.426643][ T70] ____sys_sendmsg+0x7b5/0xa10
[ 426.426900][ T70] ___sys_sendmsg+0xee/0x170
[ 426.427143][ T70] __sys_sendmsg+0xcd/0x170
[ 426.427384][ T70] do_syscall_64+0xcc/0x1e0
[ 426.427627][ T70] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 426.427940][ T70]
[ 426.428077][ T70] Freed by task 70:
[ 426.428285][ T70] kasan_save_stack+0x24/0x50
[ 426.428536][ T70] kasan_save_track+0x14/0x30
[ 426.428786][ T70] kasan_save_free_info+0x3f/0x60
[ 426.429055][ T70] __kasan_slab_free+0xfc/0x1c0
[ 426.429312][ T70] kfree+0xf2/0x2d0
[ 426.429518][ T70] kobject_cleanup+0xe2/0x280
[ 426.429772][ T70] br_sysfs_delbr+0x3f/0x70
[ 426.430012][ T70] br_dev_delete+0x10d/0x190
[ 426.430259][ T70] default_device_exit_batch_rtnl+0x112/0x210
[ 426.430577][ T70] cleanup_net+0x499/0xb50
[ 426.430810][ T70] process_one_work+0x78f/0x1310
[ 426.431074][ T70] worker_thread+0x73d/0x1010
[ 426.431326][ T70] kthread+0x292/0x360
[ 426.431541][ T70] ret_from_fork+0x34/0x70
[ 426.431778][ T70] ret_from_fork_asm+0x1b/0x30
[ 426.432030][ T70]
[ 426.432158][ T70] The buggy address belongs to the object at ffff888001d85e40
[ 426.432158][ T70] which belongs to the cache kmalloc-64 of size 64
[ 426.432870][ T70] The buggy address is located 60 bytes inside of
[ 426.432870][ T70] freed 64-byte region [ffff888001d85e40, ffff888001d85e80)
[ 426.433569][ T70]
[ 426.433695][ T70] The buggy address belongs to the physical page:
[ 426.434027][ T70] page:ffffea0000076100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d84
[ 426.434560][ T70] head:ffffea0000076100 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 426.435024][ T70] flags: 0x80000000000840(slab|head|node=0|zone=1)
[ 426.435372][ T70] page_type: 0xffffffff()
[ 426.435600][ T70] raw: 0080000000000840 ffff888001042900 ffffea00000eaf10 ffffea000006ab90
[ 426.436045][ T70] raw: 0000000000000000 0000000000190019 00000001ffffffff 0000000000000000
[ 426.436498][ T70] page dumped because: kasan: bad access detected
[ 426.436831][ T70]
[ 426.436956][ T70] Memory state around the buggy address:
[ 426.437256][ T70] ffff888001d85d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 426.437676][ T70] ffff888001d85d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 426.438104][ T70] >ffff888001d85e00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 426.438528][ T70] ^
[ 426.438938][ T70] ffff888001d85e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 426.439356][ T70] ffff888001d85f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 426.439782][ T70] ==================================================================
[ 426.440307][ T70] Disabling lock debugging due to kernel taint
[ 426.440693][ T70] ------------[ cut here ]------------
[ 426.441022][ T70] refcount_t: underflow; use-after-free.
[ 426.441394][ T70] WARNING: CPU: 0 PID: 70 at lib/refcount.c:28 refcount_warn_saturate+0x173/0x1b0
[ 426.441917][ T70] Modules linked in: xt_HL amt udp_tunnel xt_conntrack cls_bpf nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables libcrc32c act_mirred cls_u32 sch_ingress ifb
[ 426.443008][ T70] CPU: 0 PID: 70 Comm: kworker/u8:1 Tainted: G B 6.8.0-rc2-virtme #1
[ 426.443558][ T70] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 426.444245][ T70] Workqueue: netns cleanup_net
[ 426.444503][ T70] RIP: 0010:refcount_warn_saturate+0x173/0x1b0
[ 426.444876][ T70] Code: f9 82 03 80 fb 01 0f 87 ee 02 b1 01 83 e3 01 0f 85 4d ff ff ff c6 05 9a f9 82 03 01 90 48 c7 c7 20 7a 02 9e e8 3e 05 2a ff 90 <0f> 0b 90 90 e9 2f ff ff ff 48 89 df e8 8c 68 a6 ff e9 b6 fe ff ff
[ 426.445943][ T70] RSP: 0018:ffffc9000050fb98 EFLAGS: 00010282
[ 426.446318][ T70] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff9b31056f
[ 426.446768][ T70] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000001
[ 426.447238][ T70] RBP: 0000000000000003 R08: 0000000000000000 R09: fffff520000a1f18
[ 426.447704][ T70] R10: ffffc9000050f8c7 R11: 205d303754202020 R12: ffff88800ae42000
[ 426.448227][ T70] R13: ffff88800ae42df8 R14: ffffc9000050fc98 R15: ffff88800ae42bc0
[ 426.448676][ T70] FS: 0000000000000000(0000) GS:ffff888035200000(0000) knlGS:0000000000000000
[ 426.449196][ T70] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 426.449594][ T70] CR2: 00007facc307e000 CR3: 000000002e734003 CR4: 00000000001706f0
[ 426.450063][ T70] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 426.450507][ T70] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 426.450963][ T70] Call Trace:
[ 426.451159][ T70]
[ 426.451350][ T70] ? __warn+0xcd/0x2d0
[ 426.451584][ T70] ? refcount_warn_saturate+0x173/0x1b0
[ 426.451906][ T70] ? report_bug+0x291/0x2e0
[ 426.452190][ T70] ? vprintk_emit+0xff/0x1d0
[ 426.452484][ T70] ? handle_bug+0x3d/0x80
[ 426.452764][ T70] ? exc_invalid_op+0x18/0x50
[ 426.453064][ T70] ? asm_exc_invalid_op+0x1a/0x20
[ 426.453363][ T70] ? desc_read+0x2af/0x440
[ 426.453639][ T70] ? refcount_warn_saturate+0x173/0x1b0
[ 426.453977][ T70] ? refcount_warn_saturate+0x172/0x1b0
[ 426.454317][ T70] br_sysfs_delbr+0x3f/0x70
[ 426.454590][ T70] br_dev_delete+0x10d/0x190
[ 426.454881][ T70] br_net_exit_batch_rtnl+0xd6/0x190
[ 426.455222][ T70] cleanup_net+0x499/0xb50
[ 426.455458][ T70] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 426.455757][ T70] ? __pfx_cleanup_net+0x10/0x10
[ 426.456021][ T70] ? lock_acquire+0x1c1/0x220
[ 426.456282][ T70] ? process_one_work+0x714/0x1310
[ 426.456553][ T70] process_one_work+0x78f/0x1310
[ 426.456818][ T70] ? hlock_class+0x4e/0x130
[ 426.457103][ T70] ? __pfx_process_one_work+0x10/0x10
[ 426.457418][ T70] ? assign_work+0x16c/0x240
[ 426.457710][ T70] worker_thread+0x73d/0x1010
[ 426.458008][ T70] ? lockdep_hardirqs_on_prepare.part.0+0x1b1/0x370
[ 426.458417][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.458717][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.459031][ T70] kthread+0x292/0x360
[ 426.459305][ T70] ? __pfx_kthread+0x10/0x10
[ 426.459593][ T70] ret_from_fork+0x34/0x70
[ 426.459858][ T70] ? __pfx_kthread+0x10/0x10
[ 426.460158][ T70] ret_from_fork_asm+0x1b/0x30
[ 426.460470][ T70]
[ 426.460646][ T70] irq event stamp: 3294175
[ 426.460914][ T70] hardirqs last enabled at (3294175): [] irqentry_exit+0x3b/0x90
[ 426.461457][ T70] hardirqs last disabled at (3294174): [] __do_softirq+0x670/0x7ff
[ 426.461995][ T70] softirqs last enabled at (3294114): [] br_dev_delete+0xd8/0x190
[ 426.462539][ T70] softirqs last disabled at (3294112): [] br_fdb_delete_by_port+0x36/0x260
[ 426.463115][ T70] ---[ end trace 0000000000000000 ]---
[ 426.463464][ T70] ------------[ cut here ]------------
[ 426.463830][ T70] sysfs group 'bridge' not found for kobject 'br0'
[ 426.464322][ T70] WARNING: CPU: 2 PID: 70 at fs/sysfs/group.c:282 sysfs_remove_group+0x101/0x160
[ 426.464878][ T70] Modules linked in: xt_HL amt udp_tunnel xt_conntrack cls_bpf nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_compat nf_tables libcrc32c act_mirred cls_u32 sch_ingress ifb
[ 426.466030][ T70] CPU: 2 PID: 70 Comm: kworker/u8:1 Tainted: G B W 6.8.0-rc2-virtme #1
[ 426.466614][ T70] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 426.467364][ T70] Workqueue: netns cleanup_net
[ 426.467676][ T70] RIP: 0010:sysfs_remove_group+0x101/0x160
[ 426.468035][ T70] Code: 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 01 00 75 45 48 8b 33 48 c7 c7 a0 a7 fc 9d e8 60 65 5e ff 90 <0f> 0b 90 90 48 83 c4 08 5b 5d 41 5c c3 cc cc cc cc e8 e9 c7 da ff
[ 426.469239][ T70] RSP: 0018:ffffc9000050fba0 EFLAGS: 00010282
[ 426.469595][ T70] RAX: 0000000000000000 RBX: ffffffff9e3be220 RCX: ffffffff9b31056f
[ 426.470065][ T70] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000001
[ 426.470489][ T70] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff520000a1f19
[ 426.470913][ T70] R10: ffffc9000050f8cf R11: 205d303754202020 R12: ffff88800ae42628
[ 426.471343][ T70] R13: ffff88800ae42df8 R14: ffffc9000050fc98 R15: ffff88800ae42bc0
[ 426.471817][ T70] FS: 0000000000000000(0000) GS:ffff888035a00000(0000) knlGS:0000000000000000
[ 426.472376][ T70] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 426.472730][ T70] CR2: 0000557d1e789dec CR3: 0000000004f94001 CR4: 00000000001706f0
[ 426.473248][ T70] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 426.473737][ T70] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 426.474263][ T70] Call Trace:
[ 426.474466][ T70]
[ 426.474628][ T70] ? __warn+0xcd/0x2d0
[ 426.474921][ T70] ? console_trylock+0x61/0xf0
[ 426.475188][ T70] ? sysfs_remove_group+0x101/0x160
[ 426.475467][ T70] ? report_bug+0x291/0x2e0
[ 426.475753][ T70] ? handle_bug+0x3d/0x80
[ 426.476027][ T70] ? exc_invalid_op+0x18/0x50
[ 426.476335][ T70] ? asm_exc_invalid_op+0x1a/0x20
[ 426.476676][ T70] ? desc_read+0x2af/0x440
[ 426.476979][ T70] ? sysfs_remove_group+0x101/0x160
[ 426.477289][ T70] br_dev_delete+0x10d/0x190
[ 426.477569][ T70] br_net_exit_batch_rtnl+0xd6/0x190
[ 426.477887][ T70] cleanup_net+0x499/0xb50
[ 426.478144][ T70] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 426.478537][ T70] ? __pfx_cleanup_net+0x10/0x10
[ 426.478835][ T70] ? lock_acquire+0x1c1/0x220
[ 426.479140][ T70] ? process_one_work+0x714/0x1310
[ 426.479451][ T70] process_one_work+0x78f/0x1310
[ 426.479810][ T70] ? hlock_class+0x4e/0x130
[ 426.480095][ T70] ? __pfx_process_one_work+0x10/0x10
[ 426.480443][ T70] ? assign_work+0x16c/0x240
[ 426.480693][ T70] worker_thread+0x73d/0x1010
[ 426.480975][ T70] ? lockdep_hardirqs_on_prepare.part.0+0x1b1/0x370
[ 426.481373][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.481673][ T70] ? __pfx_worker_thread+0x10/0x10
[ 426.481993][ T70] kthread+0x292/0x360
[ 426.482286][ T70] ? __pfx_kthread+0x10/0x10
[ 426.482566][ T70] ret_from_fork+0x34/0x70
[ 426.482835][ T70] ? __pfx_kthread+0x10/0x10
[ 426.483234][ T70] ret_from_fork_asm+0x1b/0x30
[ 426.483549][ T70]
[ 426.483737][ T70] irq event stamp: 3294175
[ 426.483973][ T70] hardirqs last enabled at (3294175): [] irqentry_exit+0x3b/0x90
[ 426.484517][ T70] hardirqs last disabled at (3294174): [] __do_softirq+0x670/0x7ff
[ 426.485096][ T70] softirqs last enabled at (3294114): [] br_dev_delete+0xd8/0x190
[ 426.485621][ T70] softirqs last disabled at (3294112): [] br_fdb_delete_by_port+0x36/0x260
[ 426.486165][ T70] ---[ end trace 0000000000000000 ]---
[ 426.504248][ T70] relay_gw (unregistering): left allmulticast mode
[ 426.514278][ T70] amtr (unregistering): left allmulticast mode
ok 1 selftests: net: amt.sh # SKIP
[ 426.607961][ T70] relay_src (unregistering): left allmulticast mode
make[1]: Leaving directory '/home/virtme/testing-3/tools/testing/selftests/net'
make: Leaving directory '/home/virtme/testing-3/tools/testing/selftests'
xx__-> echo $?
0
xx__->