[ 3522.856402][T11544] mpls_gso: MPLS GSO support
[ 3658.158330][ T76] ==================================================================
[ 3658.158581][ T76] BUG: KASAN: slab-use-after-free in neigh_flush_dev.isra.0+0x5e7/0x650
[ 3658.158785][ T76] Write of size 8 at addr ffff888007ca0418 by task kworker/u16:1/76
[ 3658.158980][ T76]
[ 3658.159057][ T76] CPU: 1 UID: 0 PID: 76 Comm: kworker/u16:1 Not tainted 6.12.0-rc3-virtme #1
[ 3658.159303][ T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 3658.159618][ T76] Workqueue: netns cleanup_net
[ 3658.159765][ T76] Call Trace:
[ 3658.159871][ T76]
[ 3658.159942][ T76] dump_stack_lvl+0x82/0xd0
[ 3658.160084][ T76] print_address_description.constprop.0+0x2c/0x3b0
[ 3658.160261][ T76] ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 3658.160398][ T76] print_report+0xb4/0x270
[ 3658.160543][ T76] ? kasan_addr_to_slab+0x25/0x80
[ 3658.160683][ T76] kasan_report+0xbd/0xf0
[ 3658.160786][ T76] ? neigh_flush_dev.isra.0+0x5e7/0x650
[ 3658.160924][ T76] neigh_flush_dev.isra.0+0x5e7/0x650
[ 3658.161060][ T76] ? lock_acquire+0x32/0xc0
[ 3658.161214][ T76] __neigh_ifdown.isra.0+0x74/0x440
[ 3658.161348][ T76] ? fib_flush+0x86/0x110
[ 3658.161454][ T76] neigh_ifdown+0x10/0x20
[ 3658.161561][ T76] fib_netdev_event+0x185/0x5a0
[ 3658.161701][ T76] notifier_call_chain+0xcd/0x150
[ 3658.161840][ T76] dev_close_many+0x2d8/0x650
[ 3658.161978][ T76] ? lock_acquire.part.0+0xeb/0x330
[ 3658.162116][ T76] ? default_device_exit_batch+0x81/0x2d0
[ 3658.162257][ T76] ? __pfx_dev_close_many+0x10/0x10
[ 3658.162396][ T76] ? fou_exit_net+0x2f/0xf0
[ 3658.162550][ T76] ? __mutex_trylock_common+0xfa/0x260
[ 3658.162691][ T76] unregister_netdevice_many_notify+0x8ed/0x1580
[ 3658.162860][ T76] ? lock_acquire+0x32/0xc0
[ 3658.163001][ T76] ? trace_contention_end+0xeb/0x150
[ 3658.163142][ T76] ? __mutex_lock+0x170/0xac0
[ 3658.163285][ T76] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 3658.163462][ T76] ? __mutex_lock+0x170/0xac0
[ 3658.163608][ T76] ? find_held_lock+0x2c/0x110
[ 3658.163750][ T76] ? mutex_is_locked+0x17/0x50
[ 3658.163889][ T76] ? rtnl_is_locked+0x15/0x20
[ 3658.164026][ T76] ? unregister_netdevice_queue+0x70/0x410
[ 3658.164198][ T76] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 3658.164372][ T76] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 3658.164560][ T76] default_device_exit_batch+0x234/0x2d0
[ 3658.164703][ T76] ? __pfx_default_device_exit_batch+0x10/0x10
[ 3658.164886][ T76] ? ops_exit_list+0xb4/0x170
[ 3658.165029][ T76] cleanup_net+0x4ef/0xb10
[ 3658.165168][ T76] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 3658.165307][ T76] ? __pfx_cleanup_net+0x10/0x10
[ 3658.165440][ T76] ? trace_lock_acquire+0x14d/0x1f0
[ 3658.165590][ T76] ? process_one_work+0xe0b/0x16d0
[ 3658.165734][ T76] ? lock_acquire+0x32/0xc0
[ 3658.165873][ T76] ? process_one_work+0xe0b/0x16d0
[ 3658.166015][ T76] process_one_work+0xe55/0x16d0
[ 3658.166156][ T76] ? __pfx___lock_release+0x10/0x10
[ 3658.166303][ T76] ? __pfx_process_one_work+0x10/0x10
[ 3658.166445][ T76] ? assign_work+0x16c/0x240
[ 3658.166591][ T76] worker_thread+0x58c/0xce0
[ 3658.166738][ T76] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 3658.166919][ T76] ? __pfx_worker_thread+0x10/0x10
[ 3658.167054][ T76] ? __pfx_worker_thread+0x10/0x10
[ 3658.167191][ T76] kthread+0x28a/0x350
[ 3658.167295][ T76] ? __pfx_kthread+0x10/0x10
[ 3658.167435][ T76] ret_from_fork+0x31/0x70
[ 3658.167611][ T76] ? __pfx_kthread+0x10/0x10
[ 3658.167750][ T76] ret_from_fork_asm+0x1a/0x30
[ 3658.167894][ T76]
[ 3658.168002][ T76]
[ 3658.168075][ T76] Allocated by task 12789:
[ 3658.168218][ T76] kasan_save_stack+0x24/0x50
[ 3658.168360][ T76] kasan_save_track+0x14/0x30
[ 3658.168512][ T76] __kasan_kmalloc+0x7f/0x90
[ 3658.168651][ T76] __kmalloc_noprof+0x1ab/0x3a0
[ 3658.168792][ T76] neigh_alloc+0x6f2/0x9d0
[ 3658.168931][ T76] ___neigh_create+0x6d/0xf30
[ 3658.169080][ T76] neigh_add+0x8f8/0xdd0
[ 3658.169186][ T76] rtnetlink_rcv_msg+0x2fb/0xc10
[ 3658.169327][ T76] netlink_rcv_skb+0x130/0x360
[ 3658.169463][ T76] netlink_unicast+0x44b/0x710
[ 3658.169686][ T76] netlink_sendmsg+0x723/0xbe0
[ 3658.169822][ T76] ____sys_sendmsg+0x7ac/0xa10
[ 3658.169962][ T76] ___sys_sendmsg+0xee/0x170
[ 3658.170105][ T76] __sys_sendmsg+0xcd/0x170
[ 3658.170322][ T76] do_syscall_64+0xc1/0x1d0
[ 3658.170460][ T76] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3658.170645][ T76]
[ 3658.170717][ T76] Freed by task 7921:
[ 3658.170811][ T76] kasan_save_stack+0x24/0x50
[ 3658.170942][ T76] kasan_save_track+0x14/0x30
[ 3658.171081][ T76] kasan_save_free_info+0x3b/0x60
[ 3658.171299][ T76] __kasan_slab_free+0x38/0x50
[ 3658.171439][ T76] kmem_cache_free_bulk.part.0+0x1f2/0x5b0
[ 3658.171626][ T76] kvfree_rcu_bulk+0x4b9/0x5d0
[ 3658.171845][ T76] kvfree_rcu_drain_ready+0x2ab/0x860
[ 3658.171984][ T76] kfree_rcu_monitor+0x26/0xe0
[ 3658.172127][ T76] process_one_work+0xe55/0x16d0
[ 3658.172263][ T76] worker_thread+0x58c/0xce0
[ 3658.172400][ T76] kthread+0x28a/0x350
[ 3658.172514][ T76] ret_from_fork+0x31/0x70
[ 3658.172734][ T76] ret_from_fork_asm+0x1a/0x30
[ 3658.172876][ T76]
[ 3658.172946][ T76] Last potentially related work creation:
[ 3658.173084][ T76] kasan_save_stack+0x24/0x50
[ 3658.173227][ T76] __kasan_record_aux_stack+0x8e/0xa0
[ 3658.173446][ T76] kvfree_call_rcu+0x114/0x4b0
[ 3658.173594][ T76] neigh_remove_one+0x1a3/0x200
[ 3658.173733][ T76] neigh_delete+0x29f/0x490
[ 3658.173872][ T76] rtnetlink_rcv_msg+0x2fb/0xc10
[ 3658.174087][ T76] netlink_rcv_skb+0x130/0x360
[ 3658.174227][ T76] netlink_unicast+0x44b/0x710
[ 3658.174369][ T76] netlink_sendmsg+0x723/0xbe0
[ 3658.174520][ T76] ____sys_sendmsg+0x7ac/0xa10
[ 3658.174742][ T76] ___sys_sendmsg+0xee/0x170
[ 3658.174954][ T76] __sys_sendmsg+0xcd/0x170
[ 3658.175101][ T76] do_syscall_64+0xc1/0x1d0
[ 3658.175239][ T76] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3658.175409][ T76]
[ 3658.175486][ T76] The buggy address belongs to the object at ffff888007ca0400
[ 3658.175486][ T76] which belongs to the cache kmalloc-1k of size 1024
[ 3658.175904][ T76] The buggy address is located 24 bytes inside of
[ 3658.175904][ T76] freed 1024-byte region [ffff888007ca0400, ffff888007ca0800)
[ 3658.176235][ T76]
[ 3658.176377][ T76] The buggy address belongs to the physical page:
[ 3658.176555][ T76] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ca0
[ 3658.176811][ T76] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 3658.177022][ T76] flags: 0x80000000000040(head|node=0|zone=1)
[ 3658.177199][ T76] page_type: f5(slab)
[ 3658.177386][ T76] raw: 0080000000000040 ffff8880010430c0 ffffea0000196a10 ffffea00000df010
[ 3658.177648][ T76] raw: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 3658.177971][ T76] head: 0080000000000040 ffff8880010430c0 ffffea0000196a10 ffffea00000df010
[ 3658.178301][ T76] head: 0000000000000000 00000000000a000a 00000001f5000000 0000000000000000
[ 3658.178550][ T76] head: 0080000000000003 ffffea00001f2801 ffffffffffffffff 0000000000000000
[ 3658.178875][ T76] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 3658.179117][ T76] page dumped because: kasan: bad access detected
[ 3658.179292][ T76]
[ 3658.179360][ T76] Memory state around the buggy address:
[ 3658.179498][ T76] ffff888007ca0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3658.179699][ T76] ffff888007ca0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3658.179892][ T76] >ffff888007ca0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3658.180158][ T76] ^
[ 3658.180288][ T76] ffff888007ca0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3658.180493][ T76] ffff888007ca0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3658.180762][ T76] ==================================================================
[ 3658.180969][ T76] Disabling lock debugging due to kernel taint
[ 3658.181212][ T76] Oops: general protection fault, probably for non-canonical address 0xe0607c3f800003de: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 3658.181615][ T76] KASAN: maybe wild-memory-access in range [0x030401fc00001ef0-0x030401fc00001ef7]
[ 3658.181845][ T76] CPU: 1 UID: 0 PID: 76 Comm: kworker/u16:1 Tainted: G B 6.12.0-rc3-virtme #1
[ 3658.182255][ T76] Tainted: [B]=BAD_PAGE
[ 3658.182358][ T76] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 3658.182732][ T76] Workqueue: netns cleanup_net
[ 3658.182876][ T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 3658.183048][ T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 3658.183604][ T76] RSP: 0018:ffffc9000050f7a8 EFLAGS: 00010206
[ 3658.183778][ T76] RAX: 0060803f800003de RBX: ffff8880073af000 RCX: ffffffffb3cc6ef0
[ 3658.184057][ T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888007ca0408
[ 3658.184261][ T76] RBP: 030401fc00001ef1 R08: 0000000000000000 R09: 0000000000000000
[ 3658.184465][ T76] R10: ffffffffb63e8a8f R11: ffffc9000050f3b9 R12: ffff888007ca053c
[ 3658.184753][ T76] R13: dffffc0000000000 R14: ffff888009c01000 R15: ffff888007ca0400
[ 3658.184966][ T76] FS: 0000000000000000(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 3658.185198][ T76] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3658.185445][ T76] CR2: 00007fa95534b2a8 CR3: 000000002373a004 CR4: 0000000000772ef0
[ 3658.185647][ T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3658.185847][ T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3658.186123][ T76] PKRU: 55555554
[ 3658.186228][ T76] Call Trace:
[ 3658.186328][ T76]
[ 3658.186396][ T76] ? die_addr+0x41/0xa0
[ 3658.186510][ T76] ? exc_general_protection+0x14d/0x230
[ 3658.186717][ T76] ? asm_exc_general_protection+0x26/0x30
[ 3658.186852][ T76] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 3658.186987][ T76] ? neigh_flush_dev.isra.0+0x10a/0x650
[ 3658.187198][ T76] ? neigh_flush_dev.isra.0+0x5d0/0x650
[ 3658.187333][ T76] ? lock_acquire+0x32/0xc0
[ 3658.187470][ T76] __neigh_ifdown.isra.0+0x74/0x440
[ 3658.187623][ T76] ? fib_flush+0x86/0x110
[ 3658.187726][ T76] neigh_ifdown+0x10/0x20
[ 3658.187827][ T76] fib_netdev_event+0x185/0x5a0
[ 3658.188106][ T76] notifier_call_chain+0xcd/0x150
[ 3658.188244][ T76] dev_close_many+0x2d8/0x650
[ 3658.188382][ T76] ? lock_acquire.part.0+0xeb/0x330
[ 3658.188523][ T76] ? default_device_exit_batch+0x81/0x2d0
[ 3658.188728][ T76] ? __pfx_dev_close_many+0x10/0x10
[ 3658.188860][ T76] ? fou_exit_net+0x2f/0xf0
[ 3658.188995][ T76] ? __mutex_trylock_common+0xfa/0x260
[ 3658.189210][ T76] unregister_netdevice_many_notify+0x8ed/0x1580
[ 3658.189377][ T76] ? lock_acquire+0x32/0xc0
[ 3658.189520][ T76] ? trace_contention_end+0xeb/0x150
[ 3658.189651][ T76] ? __mutex_lock+0x170/0xac0
[ 3658.189857][ T76] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 3658.190023][ T76] ? __mutex_lock+0x170/0xac0
[ 3658.190154][ T76] ? find_held_lock+0x2c/0x110
[ 3658.190282][ T76] ? mutex_is_locked+0x17/0x50
[ 3658.190488][ T76] ? rtnl_is_locked+0x15/0x20
[ 3658.190623][ T76] ? unregister_netdevice_queue+0x70/0x410
[ 3658.190789][ T76] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 3658.191028][ T76] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 3658.191194][ T76] default_device_exit_batch+0x234/0x2d0
[ 3658.191328][ T76] ? __pfx_default_device_exit_batch+0x10/0x10
[ 3658.191492][ T76] ? ops_exit_list+0xb4/0x170
[ 3658.191697][ T76] cleanup_net+0x4ef/0xb10
[ 3658.191835][ T76] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 3658.192035][ T76] ? __pfx_cleanup_net+0x10/0x10
[ 3658.192170][ T76] ? trace_lock_acquire+0x14d/0x1f0
[ 3658.192311][ T76] ? process_one_work+0xe0b/0x16d0
[ 3658.192444][ T76] ? lock_acquire+0x32/0xc0
[ 3658.192653][ T76] ? process_one_work+0xe0b/0x16d0
[ 3658.192789][ T76] process_one_work+0xe55/0x16d0
[ 3658.192933][ T76] ? __pfx___lock_release+0x10/0x10
[ 3658.193068][ T76] ? __pfx_process_one_work+0x10/0x10
[ 3658.193283][ T76] ? assign_work+0x16c/0x240
[ 3658.193415][ T76] worker_thread+0x58c/0xce0
[ 3658.193548][ T76] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 3658.193712][ T76] ? __pfx_worker_thread+0x10/0x10
[ 3658.193915][ T76] ? __pfx_worker_thread+0x10/0x10
[ 3658.194052][ T76] kthread+0x28a/0x350
[ 3658.194161][ T76] ? __pfx_kthread+0x10/0x10
[ 3658.194294][ T76] ret_from_fork+0x31/0x70
[ 3658.194422][ T76] ? __pfx_kthread+0x10/0x10
[ 3658.194687][ T76] ret_from_fork_asm+0x1a/0x30
[ 3658.194823][ T76]
[ 3658.194922][ T76] Modules linked in: vxlan mpls_gso mpls_iptunnel mpls_router openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh sha1_generic xfrm_user xt_policy xt_HL nft_compat nf_tables libcrc32c amt
[ 3658.195461][ T76] ---[ end trace 0000000000000000 ]---
[ 3658.195604][ T76] RIP: 0010:neigh_flush_dev.isra.0+0x10a/0x650
[ 3658.195772][ T76] Code: 0f 85 ef 04 00 00 49 8d 7f 08 49 8b 1f 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 cc 04 00 00 49 8b 6f 08 48 89 e8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 19 05 00 00 48 89 5d 00 48 85 db 74 1a 48 8d
[ 3658.196325][ T76] RSP: 0018:ffffc9000050f7a8 EFLAGS: 00010206
[ 3658.196633][ T76] RAX: 0060803f800003de RBX: ffff8880073af000 RCX: ffffffffb3cc6ef0
[ 3658.196832][ T76] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888007ca0408
[ 3658.197032][ T76] RBP: 030401fc00001ef1 R08: 0000000000000000 R09: 0000000000000000
[ 3658.197232][ T76] R10: ffffffffb63e8a8f R11: ffffc9000050f3b9 R12: ffff888007ca053c
[ 3658.197432][ T76] R13: dffffc0000000000 R14: ffff888009c01000 R15: ffff888007ca0400
[ 3658.197682][ T76] FS: 0000000000000000(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 3658.197978][ T76] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3658.198152][ T76] CR2: 00007fa95534b2a8 CR3: 000000002373a004 CR4: 0000000000772ef0
[ 3658.198352][ T76] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3658.198690][ T76] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3658.198885][ T76] PKRU: 55555554
[ 3658.198988][ T76] Kernel panic - not syncing: Fatal exception in interrupt
[ 3658.199392][ T76] Kernel Offset: 0x30800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 3658.199699][ T76] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr