[ 6721.371480][ T1015] mpls_gso: MPLS GSO support
[ 6853.739583][   T76] ==================================================================
[ 6853.739855][   T76] BUG: KASAN: slab-use-after-free in neigh_flush_dev.isra.0+0x5e7/0x650
[ 6853.740093][   T76] Write of size 8 at addr ffff888006021018 by task kworker/u16:1/76
[ 6853.740324][   T76] 
[ 6853.740414][   T76] CPU: 2 UID: 0 PID: 76 Comm: kworker/u16:1 Not tainted 6.12.0-rc3-virtme #1
[ 6853.740693][   T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 6853.741040][   T76] Workqueue: netns cleanup_net
[ 6853.741211][   T76] Call Trace:
[ 6853.741335][   T76]  <TASK>
[ 6853.741423][   T76]  dump_stack_lvl+0x82/0xd0
[ 6853.741585][   T76]  print_address_description.constprop.0+0x2c/0x3b0
[ 6853.741782][   T76]  ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 6853.741943][   T76]  print_report+0xb4/0x270
[ 6853.742102][   T76]  ? kasan_addr_to_slab+0x25/0x80
[ 6853.742261][   T76]  kasan_report+0xbd/0xf0
[ 6853.742382][   T76]  ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 6853.742539][   T76]  neigh_flush_dev.isra.0+0x5e7/0x650
[ 6853.742692][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.742852][   T76]  __neigh_ifdown.isra.0+0x74/0x440
[ 6853.743014][   T76]  ? fib_flush+0x86/0x110
[ 6853.743135][   T76]  neigh_ifdown+0x10/0x20
[ 6853.743253][   T76]  fib_netdev_event+0x185/0x5a0
[ 6853.743410][   T76]  notifier_call_chain+0xcd/0x150
[ 6853.743570][   T76]  dev_close_many+0x2d8/0x650
[ 6853.743728][   T76]  ? lock_acquire.part.0+0xeb/0x330
[ 6853.743904][   T76]  ? default_device_exit_batch+0x81/0x2d0
[ 6853.744063][   T76]  ? __pfx_dev_close_many+0x10/0x10
[ 6853.744220][   T76]  ? fou_exit_net+0x2f/0xf0
[ 6853.744379][   T76]  ? __mutex_trylock_common+0xfa/0x260
[ 6853.744537][   T76]  unregister_netdevice_many_notify+0x8ed/0x1580
[ 6853.744743][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.744898][   T76]  ? trace_contention_end+0xeb/0x150
[ 6853.745054][   T76]  ? __mutex_lock+0x170/0xac0
[ 6853.745212][   T76]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 6853.745405][   T76]  ? __mutex_lock+0x170/0xac0
[ 6853.745560][   T76]  ? find_held_lock+0x2c/0x110
[ 6853.745721][   T76]  ? mutex_is_locked+0x17/0x50
[ 6853.745878][   T76]  ? rtnl_is_locked+0x15/0x20
[ 6853.746037][   T76]  ? unregister_netdevice_queue+0x70/0x410
[ 6853.746229][   T76]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 6853.746423][   T76]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 6853.746619][   T76]  default_device_exit_batch+0x234/0x2d0
[ 6853.746776][   T76]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 6853.746970][   T76]  ? ops_exit_list+0xb4/0x170
[ 6853.747128][   T76]  cleanup_net+0x4ef/0xb10
[ 6853.747288][   T76]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 6853.747514][   T76]  ? __pfx_cleanup_net+0x10/0x10
[ 6853.747670][   T76]  ? trace_lock_acquire+0x14d/0x1f0
[ 6853.747827][   T76]  ? process_one_work+0xe0b/0x16d0
[ 6853.747981][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.748207][   T76]  ? process_one_work+0xe0b/0x16d0
[ 6853.748363][   T76]  process_one_work+0xe55/0x16d0
[ 6853.748522][   T76]  ? __pfx___lock_release+0x10/0x10
[ 6853.748681][   T76]  ? __pfx_process_one_work+0x10/0x10
[ 6853.748838][   T76]  ? assign_work+0x16c/0x240
[ 6853.749075][   T76]  worker_thread+0x58c/0xce0
[ 6853.749231][   T76]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 6853.749426][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 6853.749581][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 6853.749804][   T76]  kthread+0x28a/0x350
[ 6853.749922][   T76]  ? __pfx_kthread+0x10/0x10
[ 6853.750080][   T76]  ret_from_fork+0x31/0x70
[ 6853.750239][   T76]  ? __pfx_kthread+0x10/0x10
[ 6853.750464][   T76]  ret_from_fork_asm+0x1a/0x30
[ 6853.750624][   T76]  </TASK>
[ 6853.750744][   T76] 
[ 6853.750824][   T76] Allocated by task 2260:
[ 6853.750940][   T76]  kasan_save_stack+0x24/0x50
[ 6853.751168][   T76]  kasan_save_track+0x14/0x30
[ 6853.751321][   T76]  __kasan_kmalloc+0x7f/0x90
[ 6853.751476][   T76]  __kmalloc_noprof+0x1ab/0x3a0
[ 6853.751636][   T76]  neigh_alloc+0x6f2/0x9d0
[ 6853.751790][   T76]  ___neigh_create+0x6d/0xf30
[ 6853.752012][   T76]  neigh_add+0x8f8/0xdd0
[ 6853.752128][   T76]  rtnetlink_rcv_msg+0x2fb/0xc10
[ 6853.752283][   T76]  netlink_rcv_skb+0x130/0x360
[ 6853.752438][   T76]  netlink_unicast+0x44b/0x710
[ 6853.752662][   T76]  netlink_sendmsg+0x723/0xbe0
[ 6853.752817][   T76]  ____sys_sendmsg+0x7ac/0xa10
[ 6853.752972][   T76]  ___sys_sendmsg+0xee/0x170
[ 6853.753128][   T76]  __sys_sendmsg+0xcd/0x170
[ 6853.753350][   T76]  do_syscall_64+0xc1/0x1d0
[ 6853.753507][   T76]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 6853.753700][   T76] 
[ 6853.753779][   T76] Freed by task 63:
[ 6853.753901][   T76]  kasan_save_stack+0x24/0x50
[ 6853.754128][   T76]  kasan_save_track+0x14/0x30
[ 6853.754282][   T76]  kasan_save_free_info+0x3b/0x60
[ 6853.754436][   T76]  __kasan_slab_free+0x38/0x50
[ 6853.754592][   T76]  kmem_cache_free_bulk.part.0+0x1f2/0x5b0
[ 6853.754860][   T76]  kvfree_rcu_bulk+0x4b9/0x5d0
[ 6853.755017][   T76]  kvfree_rcu_drain_ready+0x2ab/0x860
[ 6853.755172][   T76]  kfree_rcu_monitor+0x26/0xe0
[ 6853.755328][   T76]  process_one_work+0xe55/0x16d0
[ 6853.755559][   T76]  worker_thread+0x58c/0xce0
[ 6853.755713][   T76]  kthread+0x28a/0x350
[ 6853.755831][   T76]  ret_from_fork+0x31/0x70
[ 6853.755986][   T76]  ret_from_fork_asm+0x1a/0x30
[ 6853.756144][   T76] 
[ 6853.756225][   T76] Last potentially related work creation:
[ 6853.756378][   T76]  kasan_save_stack+0x24/0x50
[ 6853.756535][   T76]  __kasan_record_aux_stack+0x8e/0xa0
[ 6853.756690][   T76]  kvfree_call_rcu+0x114/0x4b0
[ 6853.756847][   T76]  neigh_remove_one+0x1a3/0x200
[ 6853.757005][   T76]  neigh_delete+0x29f/0x490
[ 6853.757160][   T76]  rtnetlink_rcv_msg+0x2fb/0xc10
[ 6853.757317][   T76]  netlink_rcv_skb+0x130/0x360
[ 6853.757475][   T76]  netlink_unicast+0x44b/0x710
[ 6853.757702][   T76]  netlink_sendmsg+0x723/0xbe0
[ 6853.757858][   T76]  ____sys_sendmsg+0x7ac/0xa10
[ 6853.758013][   T76]  ___sys_sendmsg+0xee/0x170
[ 6853.758169][   T76]  __sys_sendmsg+0xcd/0x170
[ 6853.758396][   T76]  do_syscall_64+0xc1/0x1d0
[ 6853.758557][   T76]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 6853.758755][   T76] 
[ 6853.758836][   T76] The buggy address belongs to the object at ffff888006021000
[ 6853.758836][   T76]  which belongs to the cache kmalloc-1k of size 1024
[ 6853.759355][   T76] The buggy address is located 24 bytes inside of
[ 6853.759355][   T76]  freed 1024-byte region [ffff888006021000, ffff888006021400)
[ 6853.759733][   T76] 
[ 6853.759883][   T76] The buggy address belongs to the physical page:
[ 6853.760073][   T76] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6020
[ 6853.760354][   T76] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 6853.760661][   T76] flags: 0x80000000000040(head|node=0|zone=1)
[ 6853.760863][   T76] page_type: f5(slab)
[ 6853.760988][   T76] raw: 0080000000000040 ffff8880010430c0 ffffea0000140e10 ffffea00002d5e10
[ 6853.761265][   T76] raw: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 6853.761613][   T76] head: 0080000000000040 ffff8880010430c0 ffffea0000140e10 ffffea00002d5e10
[ 6853.761890][   T76] head: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 6853.762233][   T76] head: 0080000000000003 ffffea0000180801 ffffffffffffffff 0000000000000000
[ 6853.762504][   T76] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 6853.762846][   T76] page dumped because: kasan: bad access detected
[ 6853.763038][   T76] 
[ 6853.763116][   T76] Memory state around the buggy address:
[ 6853.763271][   T76]  ffff888006020f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 6853.763571][   T76]  ffff888006020f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 6853.763794][   T76] >ffff888006021000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 6853.764017][   T76]                             ^
[ 6853.764170][   T76]  ffff888006021080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 6853.764398][   T76]  ffff888006021100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 6853.764621][   T76] ==================================================================
[ 6853.764876][   T76] Disabling lock debugging due to kernel taint
[ 6853.765174][   T76] Oops: general protection fault, probably for non-canonical address 0xe079bc3ee0000007: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 6853.765658][   T76] KASAN: maybe wild-memory-access in range [0x03ce01f700000038-0x03ce01f70000003f]
[ 6853.765919][   T76] CPU: 2 UID: 0 PID: 76 Comm: kworker/u16:1 Tainted: G    B              6.12.0-rc3-virtme #1
[ 6853.766293][   T76] Tainted: [B]=BAD_PAGE
[ 6853.766408][   T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 6853.766748][   T76] Workqueue: netns cleanup_net
[ 6853.766981][   T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 6853.767180][   T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 6853.767781][   T76] RSP: 0018:ffffc9000050f7a8 EFLAGS: 00010203
[ 6853.767973][   T76] RAX: 0079c03ee0000007 RBX: ffff88800456a040 RCX: ffffffff9a0c6ef0
[ 6853.768203][   T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888006021008
[ 6853.768502][   T76] RBP: 03ce01f70000003f R08: 0000000000000000 R09: 0000000000000000
[ 6853.768731][   T76] R10: ffffffff9c7e8a8f R11: ffffc9000050f3b9 R12: ffff88800602113c
[ 6853.768962][   T76] R13: dffffc0000000000 R14: ffff888014af1000 R15: ffff888006021000
[ 6853.769265][   T76] FS:  0000000000000000(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[ 6853.769534][   T76] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6853.769727][   T76] CR2: 00007fae54b91000 CR3: 000000002b73a004 CR4: 0000000000772ef0
[ 6853.770094][   T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6853.770320][   T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 6853.770548][   T76] PKRU: 55555554
[ 6853.770736][   T76] Call Trace:
[ 6853.770851][   T76]  <TASK>
[ 6853.770932][   T76]  ? die_addr+0x41/0xa0
[ 6853.771055][   T76]  ? exc_general_protection+0x14d/0x230
[ 6853.771211][   T76]  ? asm_exc_general_protection+0x26/0x30
[ 6853.771432][   T76]  ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 6853.771583][   T76]  ? neigh_flush_dev.isra.0+0x10a/0x650
[ 6853.771735][   T76]  ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 6853.771885][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.772112][   T76]  __neigh_ifdown.isra.0+0x74/0x440
[ 6853.772271][   T76]  ? fib_flush+0x86/0x110
[ 6853.772386][   T76]  neigh_ifdown+0x10/0x20
[ 6853.772501][   T76]  fib_netdev_event+0x185/0x5a0
[ 6853.772652][   T76]  notifier_call_chain+0xcd/0x150
[ 6853.772873][   T76]  dev_close_many+0x2d8/0x650
[ 6853.773025][   T76]  ? lock_acquire.part.0+0xeb/0x330
[ 6853.773177][   T76]  ? default_device_exit_batch+0x81/0x2d0
[ 6853.773334][   T76]  ? __pfx_dev_close_many+0x10/0x10
[ 6853.773569][   T76]  ? fou_exit_net+0x2f/0xf0
[ 6853.773722][   T76]  ? __mutex_trylock_common+0xfa/0x260
[ 6853.773874][   T76]  unregister_netdevice_many_notify+0x8ed/0x1580
[ 6853.774063][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.774215][   T76]  ? trace_contention_end+0xeb/0x150
[ 6853.774367][   T76]  ? __mutex_lock+0x170/0xac0
[ 6853.774522][   T76]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 6853.774714][   T76]  ? __mutex_lock+0x170/0xac0
[ 6853.774866][   T76]  ? find_held_lock+0x2c/0x110
[ 6853.775019][   T76]  ? mutex_is_locked+0x17/0x50
[ 6853.775170][   T76]  ? rtnl_is_locked+0x15/0x20
[ 6853.775320][   T76]  ? unregister_netdevice_queue+0x70/0x410
[ 6853.775586][   T76]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 6853.775774][   T76]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 6853.775965][   T76]  default_device_exit_batch+0x234/0x2d0
[ 6853.776122][   T76]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 6853.776313][   T76]  ? ops_exit_list+0xb4/0x170
[ 6853.776467][   T76]  cleanup_net+0x4ef/0xb10
[ 6853.776620][   T76]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 6853.776771][   T76]  ? __pfx_cleanup_net+0x10/0x10
[ 6853.776924][   T76]  ? trace_lock_acquire+0x14d/0x1f0
[ 6853.777077][   T76]  ? process_one_work+0xe0b/0x16d0
[ 6853.777233][   T76]  ? lock_acquire+0x32/0xc0
[ 6853.777383][   T76]  ? process_one_work+0xe0b/0x16d0
[ 6853.777535][   T76]  process_one_work+0xe55/0x16d0
[ 6853.777689][   T76]  ? __pfx___lock_release+0x10/0x10
[ 6853.777841][   T76]  ? __pfx_process_one_work+0x10/0x10
[ 6853.777995][   T76]  ? assign_work+0x16c/0x240
[ 6853.778148][   T76]  worker_thread+0x58c/0xce0
[ 6853.778299][   T76]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 6853.778493][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 6853.778645][   T76]  ? __pfx_worker_thread+0x10/0x10
[ 6853.778797][   T76]  kthread+0x28a/0x350
[ 6853.778913][   T76]  ? __pfx_kthread+0x10/0x10
[ 6853.779076][   T76]  ret_from_fork+0x31/0x70
[ 6853.779227][   T76]  ? __pfx_kthread+0x10/0x10
[ 6853.779378][   T76]  ret_from_fork_asm+0x1a/0x30
[ 6853.779534][   T76]  </TASK>
[ 6853.779650][   T76] Modules linked in: mpls_gso mpls_iptunnel mpls_router sctp sch_fq ip6t_rpfilter nft_compat nf_tables l2tp_ip6 l2tp_eth l2tp_ip l2tp_netlink l2tp_core act_mirred cls_u32 ifb cls_matchall act_gact sch_ingress xfrm_user geneve vxlan act_csum act_pedit cls_flower sch_prio openvswitch psample nf_nat nf_conntrack libcrc32c nf_defrag_ipv6 nf_defrag_ipv4 nsh
[ 6853.780613][   T76] ---[ end trace 0000000000000000 ]---
[ 6853.780767][   T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 6853.780976][   T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 6853.781542][   T76] RSP: 0018:ffffc9000050f7a8 EFLAGS: 00010203
[ 6853.781735][   T76] RAX: 0079c03ee0000007 RBX: ffff88800456a040 RCX: ffffffff9a0c6ef0
[ 6853.781984][   T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888006021008
[ 6853.782215][   T76] RBP: 03ce01f70000003f R08: 0000000000000000 R09: 0000000000000000
[ 6853.782463][   T76] R10: ffffffff9c7e8a8f R11: ffffc9000050f3b9 R12: ffff88800602113c
[ 6853.782709][   T76] R13: dffffc0000000000 R14: ffff888014af1000 R15: ffff888006021000
[ 6853.782959][   T76] FS:  0000000000000000(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[ 6853.783232][   T76] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6853.783531][   T76] CR2: 00007fae54b91000 CR3: 000000002b73a004 CR4: 0000000000772ef0
[ 6853.783763][   T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6853.784015][   T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 6853.784331][   T76] PKRU: 55555554
[ 6853.784454][   T76] Kernel panic - not syncing: Fatal exception in interrupt
[ 6853.784797][   T76] Kernel Offset: 0x16c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 6853.785217][   T76] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr