[ 277.867252][ T1383] mpls_gso: MPLS GSO support
[ 436.421233][ T2634] ==================================================================
[ 436.421478][ T2634] BUG: KASAN: slab-use-after-free in ___neigh_create+0xd58/0xf30
[ 436.421712][ T2634] Write of size 8 at addr ffff888011339c18 by task ip/2634
[ 436.421923][ T2634]
[ 436.422001][ T2634] CPU: 1 UID: 0 PID: 2634 Comm: ip Not tainted 6.12.0-rc3-virtme #1
[ 436.422209][ T2634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 436.422547][ T2634] Call Trace:
[ 436.422663][ T2634]
[ 436.422749][ T2634] dump_stack_lvl+0x82/0xd0
[ 436.422933][ T2634] print_address_description.constprop.0+0x2c/0x3b0
[ 436.423131][ T2634] ? ___neigh_create+0xd58/0xf30
[ 436.423297][ T2634] print_report+0xb4/0x270
[ 436.423459][ T2634] ? kasan_addr_to_slab+0x25/0x80
[ 436.423599][ T2634] kasan_report+0xbd/0xf0
[ 436.423722][ T2634] ? ___neigh_create+0xd58/0xf30
[ 436.423866][ T2634] ___neigh_create+0xd58/0xf30
[ 436.424023][ T2634] neigh_add+0x8f8/0xdd0
[ 436.424127][ T2634] ? __pfx_neigh_add+0x10/0x10
[ 436.424262][ T2634] ? __mutex_lock+0x170/0xac0
[ 436.424422][ T2634] rtnetlink_rcv_msg+0x2fb/0xc10
[ 436.424563][ T2634] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 436.424701][ T2634] ? hlock_class+0x4e/0x130
[ 436.424860][ T2634] ? mark_lock+0x38/0x3e0
[ 436.424974][ T2634] ? __lock_acquire+0xb3f/0x1580
[ 436.425130][ T2634] netlink_rcv_skb+0x130/0x360
[ 436.425267][ T2634] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 436.425441][ T2634] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 436.425582][ T2634] ? netlink_deliver_tap+0x13e/0x340
[ 436.425737][ T2634] ? netlink_deliver_tap+0xc3/0x340
[ 436.425919][ T2634] netlink_unicast+0x44b/0x710
[ 436.426065][ T2634] ? __pfx_netlink_unicast+0x10/0x10
[ 436.426212][ T2634] ? find_held_lock+0x2c/0x110
[ 436.426353][ T2634] netlink_sendmsg+0x723/0xbe0
[ 436.426509][ T2634] ? __pfx_netlink_sendmsg+0x10/0x10
[ 436.426669][ T2634] ? __might_fault+0xc3/0x170
[ 436.426814][ T2634] ? __import_iovec+0x35d/0x5d0
[ 436.426979][ T2634] ____sys_sendmsg+0x7ac/0xa10
[ 436.427125][ T2634] ? __pfx_____sys_sendmsg+0x10/0x10
[ 436.427265][ T2634] ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 436.427451][ T2634] ___sys_sendmsg+0xee/0x170
[ 436.427600][ T2634] ? __pfx____sys_sendmsg+0x10/0x10
[ 436.427744][ T2634] ? ___sys_recvmsg+0xe0/0x150
[ 436.427985][ T2634] ? __pfx____sys_recvmsg+0x10/0x10
[ 436.428124][ T2634] ? reacquire_held_locks+0x22f/0x4f0
[ 436.428276][ T2634] ? do_user_addr_fault+0x8fd/0xe30
[ 436.428428][ T2634] ? fdget+0x52/0x1e0
[ 436.428547][ T2634] __sys_sendmsg+0xcd/0x170
[ 436.428694][ T2634] ? __pfx___sys_sendmsg+0x10/0x10
[ 436.428838][ T2634] ? __pfx___up_read+0x10/0x10
[ 436.429000][ T2634] do_syscall_64+0xc1/0x1d0
[ 436.429142][ T2634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 436.429328][ T2634] RIP: 0033:0x7fa38fb797b7
[ 436.429492][ T2634] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 436.430002][ T2634] RSP: 002b:00007ffd80cfdba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 436.430248][ T2634] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa38fb797b7
[ 436.430479][ T2634] RDX: 0000000000000000 RSI: 00007ffd80cfdc10 RDI: 0000000000000005
[ 436.430728][ T2634] RBP: 0000000000000000 R08: 0000000000000014 R09: 0000000000000000
[ 436.430959][ T2634] R10: 00007fa38fa32708 R11: 0000000000000246 R12: 0000000000000000
[ 436.431191][ T2634] R13: 00000000671671ec R14: 0000000000496600 R15: 00007ffd80cfe148
[ 436.431423][ T2634]
[ 436.431540][ T2634]
[ 436.431622][ T2634] Allocated by task 2624:
[ 436.431766][ T2634] kasan_save_stack+0x24/0x50
[ 436.431927][ T2634] kasan_save_track+0x14/0x30
[ 436.432084][ T2634] __kasan_kmalloc+0x7f/0x90
[ 436.432236][ T2634] __kmalloc_noprof+0x1ab/0x3a0
[ 436.432388][ T2634] neigh_alloc+0x6f2/0x9d0
[ 436.432545][ T2634] ___neigh_create+0x6d/0xf30
[ 436.432694][ T2634] neigh_add+0x8f8/0xdd0
[ 436.432809][ T2634] rtnetlink_rcv_msg+0x2fb/0xc10
[ 436.432960][ T2634] netlink_rcv_skb+0x130/0x360
[ 436.433112][ T2634] netlink_unicast+0x44b/0x710
[ 436.433266][ T2634] netlink_sendmsg+0x723/0xbe0
[ 436.433434][ T2634] ____sys_sendmsg+0x7ac/0xa10
[ 436.433589][ T2634] ___sys_sendmsg+0xee/0x170
[ 436.433746][ T2634] __sys_sendmsg+0xcd/0x170
[ 436.433898][ T2634] do_syscall_64+0xc1/0x1d0
[ 436.434051][ T2634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 436.434212][ T2634]
[ 436.434280][ T2634] Freed by task 64:
[ 436.434382][ T2634] kasan_save_stack+0x24/0x50
[ 436.434516][ T2634] kasan_save_track+0x14/0x30
[ 436.434649][ T2634] kasan_save_free_info+0x3b/0x60
[ 436.434781][ T2634] __kasan_slab_free+0x38/0x50
[ 436.434934][ T2634] kmem_cache_free_bulk.part.0+0x1f2/0x5b0
[ 436.435126][ T2634] kvfree_rcu_bulk+0x4b9/0x5d0
[ 436.435277][ T2634] kvfree_rcu_drain_ready+0x2ab/0x860
[ 436.435422][ T2634] kfree_rcu_monitor+0x26/0xe0
[ 436.435554][ T2634] process_one_work+0xe55/0x16d0
[ 436.435691][ T2634] worker_thread+0x58c/0xce0
[ 436.435834][ T2634] kthread+0x28a/0x350
[ 436.435939][ T2634] ret_from_fork+0x31/0x70
[ 436.436089][ T2634] ret_from_fork_asm+0x1a/0x30
[ 436.436243][ T2634]
[ 436.436324][ T2634] Last potentially related work creation:
[ 436.436473][ T2634] kasan_save_stack+0x24/0x50
[ 436.436623][ T2634] __kasan_record_aux_stack+0x8e/0xa0
[ 436.436761][ T2634] kvfree_call_rcu+0x114/0x4b0
[ 436.436894][ T2634] neigh_remove_one+0x1a3/0x200
[ 436.437029][ T2634] neigh_delete+0x29f/0x490
[ 436.437194][ T2634] rtnetlink_rcv_msg+0x2fb/0xc10
[ 436.437341][ T2634] netlink_rcv_skb+0x130/0x360
[ 436.437493][ T2634] netlink_unicast+0x44b/0x710
[ 436.437641][ T2634] netlink_sendmsg+0x723/0xbe0
[ 436.437773][ T2634] ____sys_sendmsg+0x7ac/0xa10
[ 436.437919][ T2634] ___sys_sendmsg+0xee/0x170
[ 436.438068][ T2634] __sys_sendmsg+0xcd/0x170
[ 436.438224][ T2634] do_syscall_64+0xc1/0x1d0
[ 436.438379][ T2634] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 436.438585][ T2634]
[ 436.438669][ T2634] The buggy address belongs to the object at ffff888011339c00
[ 436.438669][ T2634] which belongs to the cache kmalloc-1k of size 1024
[ 436.439023][ T2634] The buggy address is located 24 bytes inside of
[ 436.439023][ T2634] freed 1024-byte region [ffff888011339c00, ffff88801133a000)
[ 436.439402][ T2634]
[ 436.439480][ T2634] The buggy address belongs to the physical page:
[ 436.439677][ T2634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11338
[ 436.439952][ T2634] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 436.440180][ T2634] flags: 0x80000000000040(head|node=0|zone=1)
[ 436.440379][ T2634] page_type: f5(slab)
[ 436.440498][ T2634] raw: 0080000000000040 ffff8880010430c0 ffffea00001ade10 ffffea0000690e10
[ 436.440768][ T2634] raw: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 436.441047][ T2634] head: 0080000000000040 ffff8880010430c0 ffffea00001ade10 ffffea0000690e10
[ 436.441319][ T2634] head: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 436.441586][ T2634] head: 0080000000000003 ffffea000044ce01 ffffffffffffffff 0000000000000000
[ 436.441857][ T2634] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 436.442129][ T2634] page dumped because: kasan: bad access detected
[ 436.442325][ T2634]
[ 436.442402][ T2634] Memory state around the buggy address:
[ 436.442554][ T2634] ffff888011339b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 436.442774][ T2634] ffff888011339b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 436.442994][ T2634] >ffff888011339c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 436.443212][ T2634] ^
[ 436.443363][ T2634] ffff888011339c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 436.443589][ T2634] ffff888011339d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 436.443804][ T2634] ==================================================================
[ 436.444141][ T2634] Disabling lock debugging due to kernel taint
[ 436.772759][ T11] Oops: general protection fault, probably for non-canonical address 0xed6d696d6d6d6d6d: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 436.773117][ T11] KASAN: maybe wild-memory-access in range [0x6b6b6b6b6b6b6b68-0x6b6b6b6b6b6b6b6f]
[ 436.773338][ T11] CPU: 2 UID: 0 PID: 11 Comm: kworker/u16:0 Tainted: G B 6.12.0-rc3-virtme #1
[ 436.773618][ T11] Tainted: [B]=BAD_PAGE
[ 436.773721][ T11] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 436.774006][ T11] Workqueue: netns cleanup_net
[ 436.774148][ T11] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 436.774324][ T11] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 436.774806][ T11] RSP: 0018:ffffc900000bf7a8 EFLAGS: 00010202
[ 436.774972][ T11] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff84cc6ef0
[ 436.775155][ T11] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888011339c08
[ 436.775341][ T11] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000
[ 436.775550][ T11] R10: ffffffff873e878f R11: ffffc900000bf3b9 R12: ffff888011339d3c
[ 436.775745][ T11] R13: dffffc0000000000 R14: ffff888004dd9000 R15: ffff888011339c00
[ 436.775949][ T11] FS: 0000000000000000(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[ 436.776165][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 436.776323][ T11] CR2: 00007efdc7fb32a8 CR3: 0000000007b00005 CR4: 0000000000772ef0
[ 436.776514][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 436.776730][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 436.776916][ T11] PKRU: 55555554
[ 436.777014][ T11] Call Trace:
[ 436.777129][ T11]
[ 436.777196][ T11] ? die_addr+0x41/0xa0
[ 436.777299][ T11] ? exc_general_protection+0x14d/0x230
[ 436.777431][ T11] ? asm_exc_general_protection+0x26/0x30
[ 436.777559][ T11] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 436.777687][ T11] ? neigh_flush_dev.isra.0+0x10a/0x650
[ 436.777810][ T11] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 436.777958][ T11] ? lock_acquire+0x32/0xc0
[ 436.778088][ T11] __neigh_ifdown.isra.0+0x74/0x440
[ 436.778214][ T11] ? fib_flush+0x86/0x110
[ 436.778310][ T11] neigh_ifdown+0x10/0x20
[ 436.778404][ T11] fib_netdev_event+0x185/0x5a0
[ 436.778526][ T11] notifier_call_chain+0xcd/0x150
[ 436.778655][ T11] dev_close_many+0x2d8/0x650
[ 436.778782][ T11] ? trace_irq_enable.constprop.0+0xe4/0x140
[ 436.778939][ T11] ? __pfx_dev_close_many+0x10/0x10
[ 436.779066][ T11] ? __mutex_trylock_common+0xfa/0x260
[ 436.779192][ T11] unregister_netdevice_many_notify+0x8ed/0x1580
[ 436.779350][ T11] ? lock_acquire+0x32/0xc0
[ 436.779472][ T11] ? trace_contention_end+0xeb/0x150
[ 436.779623][ T11] ? __mutex_lock+0x170/0xac0
[ 436.779753][ T11] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 436.779907][ T11] ? __mutex_lock+0x170/0xac0
[ 436.780033][ T11] ? mutex_is_locked+0x17/0x50
[ 436.780157][ T11] ? rtnl_is_locked+0x15/0x20
[ 436.780278][ T11] ? unregister_netdevice_queue+0x70/0x410
[ 436.780430][ T11] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 436.780583][ T11] ? ops_exit_list+0x99/0x170
[ 436.780707][ T11] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 436.780865][ T11] ? __mutex_unlock_slowpath+0x145/0x3b0
[ 436.780993][ T11] default_device_exit_batch+0x234/0x2d0
[ 436.781135][ T11] ? __pfx_default_device_exit_batch+0x10/0x10
[ 436.781289][ T11] ? ops_exit_list+0xb4/0x170
[ 436.781422][ T11] cleanup_net+0x4ef/0xb10
[ 436.781562][ T11] ? __pfx_cleanup_net+0x10/0x10
[ 436.781686][ T11] ? trace_lock_acquire+0x14d/0x1f0
[ 436.781809][ T11] ? process_one_work+0xe0b/0x16d0
[ 436.781939][ T11] ? lock_acquire+0x32/0xc0
[ 436.782067][ T11] ? process_one_work+0xe0b/0x16d0
[ 436.782191][ T11] process_one_work+0xe55/0x16d0
[ 436.782315][ T11] ? __pfx___lock_release+0x10/0x10
[ 436.782441][ T11] ? __pfx_process_one_work+0x10/0x10
[ 436.782577][ T11] ? assign_work+0x16c/0x240
[ 436.782705][ T11] worker_thread+0x58c/0xce0
[ 436.782830][ T11] ? __pfx_worker_thread+0x10/0x10
[ 436.782957][ T11] kthread+0x28a/0x350
[ 436.783056][ T11] ? __pfx_kthread+0x10/0x10
[ 436.783180][ T11] ret_from_fork+0x31/0x70
[ 436.783309][ T11] ? __pfx_kthread+0x10/0x10
[ 436.783432][ T11] ret_from_fork_asm+0x1a/0x30
[ 436.783600][ T11]
[ 436.783704][ T11] Modules linked in: vxlan mpls_gso mpls_iptunnel mpls_router
[ 436.783935][ T11] ---[ end trace 0000000000000000 ]---
[ 436.784066][ T11] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 436.784231][ T11] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 436.784721][ T11] RSP: 0018:ffffc900000bf7a8 EFLAGS: 00010202
[ 436.784898][ T11] RAX: 0d6d6d6d6d6d6d6d RBX: 6b6b6b6b6b6b6b6b RCX: ffffffff84cc6ef0
[ 436.785087][ T11] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888011339c08
[ 436.785270][ T11] RBP: 6b6b6b6b6b6b6b6b R08: 0000000000000000 R09: 0000000000000000
[ 436.785468][ T11] R10: ffffffff873e878f R11: ffffc900000bf3b9 R12: ffff888011339d3c
[ 436.785685][ T11] R13: dffffc0000000000 R14: ffff888004dd9000 R15: ffff888011339c00
[ 436.785893][ T11] FS: 0000000000000000(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[ 436.786114][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 436.786272][ T11] CR2: 00007efdc7fb32a8 CR3: 0000000007b00005 CR4: 0000000000772ef0
[ 436.786463][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 436.786647][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 436.786834][ T11] PKRU: 55555554
[ 436.786940][ T11] Kernel panic - not syncing: Fatal exception in interrupt
[ 436.787226][ T11] Kernel Offset: 0x1800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 436.787531][ T11] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr