[   25.261655][   T73] ==================================================================
[   25.262149][   T73] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[   25.262518][   T73] Read of size 1 at addr ffff8880025ec6c4 by task kworker/u16:1/73
[   25.262884][   T73] 
[   25.263015][   T73] CPU: 0 UID: 0 PID: 73 Comm: kworker/u16:1 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[   25.263023][   T73] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   25.263028][   T73] Workqueue: netns cleanup_net
[   25.263040][   T73] Call Trace:
[   25.263043][   T73]  <TASK>
[   25.263047][   T73]  dump_stack_lvl+0x82/0xc0
[   25.263056][   T73]  print_address_description.constprop.0+0x2c/0x3a0
[   25.263067][   T73]  ? kobject_put+0xbb/0xd0
[   25.263073][   T73]  print_report+0xb4/0x270
[   25.263079][   T73]  ? kobject_put+0xbb/0xd0
[   25.263083][   T73]  ? kasan_addr_to_slab+0x21/0x70
[   25.263089][   T73]  ? kobject_put+0xbb/0xd0
[   25.263094][   T73]  kasan_report+0xca/0x100
[   25.263101][   T73]  ? kobject_put+0xbb/0xd0
[   25.263108][   T73]  kobject_put+0xbb/0xd0
[   25.263113][   T73]  netdev_run_todo+0x5f0/0xc60
[   25.263121][   T73]  ? dev_ingress_queue_create+0x190/0x190
[   25.263127][   T73]  ? generic_xdp_install+0x410/0x410
[   25.263131][   T73]  ? net_generic+0xb1/0x1f0
[   25.263145][   T73]  ops_undo_list+0x714/0x890
[   25.263155][   T73]  ? rtnl_net_dumpid_one+0x270/0x270
[   25.263159][   T73]  ? cleanup_net+0x2d6/0x8b0
[   25.263168][   T73]  cleanup_net+0x3b2/0x8b0
[   25.263175][   T73]  ? net_passive_dec+0x190/0x190
[   25.263183][   T73]  ? rcu_is_watching+0x12/0xb0
[   25.263192][   T73]  process_one_work+0xe35/0x1650
[   25.263206][   T73]  ? pwq_dec_nr_in_flight+0x550/0x550
[   25.263214][   T73]  ? assign_work+0x168/0x240
[   25.263221][   T73]  worker_thread+0x591/0xcf0
[   25.263232][   T73]  ? rescuer_thread+0xd10/0xd10
[   25.263239][   T73]  kthread+0x37b/0x5f0
[   25.263247][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.263251][   T73]  ? ret_from_fork+0x1b/0x270
[   25.263258][   T73]  ? __lock_release+0x5d/0x170
[   25.263264][   T73]  ? rcu_is_watching+0x12/0xb0
[   25.263269][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.263276][   T73]  ret_from_fork+0x1db/0x270
[   25.263280][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.263285][   T73]  ret_from_fork_asm+0x11/0x20
[   25.263303][   T73]  </TASK>
[   25.263306][   T73] 
[   25.272701][   T73] Allocated by task 267:
[   25.272840][   T73]  kasan_save_stack+0x24/0x40
[   25.273034][   T73]  kasan_save_track+0x14/0x30
[   25.273208][   T73]  __kasan_kmalloc+0x7b/0x90
[   25.273380][   T73]  __kvmalloc_node_noprof+0x2e5/0x8e0
[   25.273558][   T73]  alloc_netdev_mqs+0x7d/0x1370
[   25.273737][   T73]  ip6_tnl_init_net+0x102/0x3f0
[   25.273914][   T73]  ops_init+0x189/0x550
[   25.274056][   T73]  setup_net+0xf1/0x380
[   25.274206][   T73]  copy_net_ns+0x253/0x510
[   25.274381][   T73]  create_new_namespaces+0x35f/0x900
[   25.274560][   T73]  unshare_nsproxy_namespaces+0x8a/0x1a0
[   25.274732][   T73]  ksys_unshare+0x2be/0x6e0
[   25.274924][   T73]  __x64_sys_unshare+0x31/0x40
[   25.275107][   T73]  do_syscall_64+0xc1/0xfd0
[   25.275286][   T73]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   25.275505][   T73] 
[   25.275598][   T73] Freed by task 73:
[   25.275739][   T73]  kasan_save_stack+0x24/0x40
[   25.275917][   T73]  kasan_save_track+0x14/0x30
[   25.276109][   T73]  __kasan_save_free_info+0x3b/0x60
[   25.276283][   T73]  __kasan_slab_free+0x3f/0x60
[   25.276462][   T73]  kfree+0x21d/0x540
[   25.276616][   T73]  device_release+0x9c/0x210
[   25.276800][   T73]  kobject_cleanup+0xfe/0x360
[   25.277051][   T73]  netdev_run_todo+0x81f/0xc60
[   25.277254][   T73]  ops_undo_list+0x714/0x890
[   25.277454][   T73]  cleanup_net+0x3b2/0x8b0
[   25.277686][   T73]  process_one_work+0xe35/0x1650
[   25.277898][   T73]  worker_thread+0x591/0xcf0
[   25.278109][   T73]  kthread+0x37b/0x5f0
[   25.278252][   T73]  ret_from_fork+0x1db/0x270
[   25.278446][   T73]  ret_from_fork_asm+0x11/0x20
[   25.278665][   T73] 
[   25.278764][   T73] The buggy address belongs to the object at ffff8880025ec000
[   25.278764][   T73]  which belongs to the cache kmalloc-4k of size 4096
[   25.279286][   T73] The buggy address is located 1732 bytes inside of
[   25.279286][   T73]  freed 4096-byte region [ffff8880025ec000, ffff8880025ed000)
[   25.279737][   T73] 
[   25.279826][   T73] The buggy address belongs to the physical page:
[   25.280054][   T73] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25e8
[   25.280409][   T73] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.280733][   T73] flags: 0x80000000000040(head|node=0|zone=1)
[   25.280996][   T73] page_type: f5(slab)
[   25.281142][   T73] raw: 0080000000000040 ffff888001043700 ffffea00000ab010 ffffea0000155210
[   25.281471][   T73] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   25.281836][   T73] head: 0080000000000040 ffff888001043700 ffffea00000ab010 ffffea0000155210
[   25.282206][   T73] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   25.282585][   T73] head: 0080000000000003 ffffea0000097a01 00000000ffffffff 00000000ffffffff
[   25.282944][   T73] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   25.283288][   T73] page dumped because: kasan: bad access detected
[   25.283522][   T73] 
[   25.283636][   T73] Memory state around the buggy address:
[   25.283808][   T73]  ffff8880025ec580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.284068][   T73]  ffff8880025ec600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.284335][   T73] >ffff8880025ec680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.284607][   T73]                                            ^
[   25.284823][   T73]  ffff8880025ec700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.285072][   T73]  ffff8880025ec780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.285322][   T73] ==================================================================
[   25.285715][   T73] Disabling lock debugging due to kernel taint
[   25.286037][   T73] ------------[ cut here ]------------
[   25.286240][   T73] refcount_t: underflow; use-after-free.
[   25.286487][   T73] WARNING: CPU: 2 PID: 73 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[   25.286900][   T73] Modules linked in: netdevsim psample
[   25.287148][   T73] CPU: 2 UID: 0 PID: 73 Comm: kworker/u16:1 Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[   25.287603][   T73] Tainted: [B]=BAD_PAGE
[   25.287780][   T73] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   25.288037][   T73] Workqueue: netns cleanup_net
[   25.288256][   T73] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[   25.288542][   T73] Code: cc 38 03 80 fb 01 0f 87 29 33 d7 fe 83 e3 01 0f 85 51 ff ff ff c6 05 17 cc 38 03 01 90 48 c7 c7 40 ba 05 b9 e8 62 d6 16 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 c0 9d a0 ff e9 ba fe ff ff
[   25.289248][   T73] RSP: 0018:ffffc900004e7a08 EFLAGS: 00010282
[   25.289509][   T73] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   25.289796][   T73] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[   25.290096][   T73] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff7400934
[   25.290402][   T73] R10: 0000000000000003 R11: ffffc900004e7580 R12: 0000000000000001
[   25.290677][   T73] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[   25.290998][   T73] FS:  0000000000000000(0000) GS:ffff8880ab808000(0000) knlGS:0000000000000000
[   25.291465][   T73] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.291728][   T73] CR2: 00005642b0aec220 CR3: 0000000004eea001 CR4: 0000000000772ef0
[   25.292094][   T73] PKRU: 55555554
[   25.292295][   T73] Call Trace:
[   25.292507][   T73]  <TASK>
[   25.292682][   T73]  netdev_run_todo+0x5f0/0xc60
[   25.293001][   T73]  ? dev_ingress_queue_create+0x190/0x190
[   25.293312][   T73]  ? generic_xdp_install+0x410/0x410
[   25.293604][   T73]  ? net_generic+0xb1/0x1f0
[   25.293917][   T73]  ops_undo_list+0x714/0x890
[   25.294225][   T73]  ? rtnl_net_dumpid_one+0x270/0x270
[   25.294514][   T73]  ? cleanup_net+0x2d6/0x8b0
[   25.294815][   T73]  cleanup_net+0x3b2/0x8b0
[   25.295262][   T73]  ? net_passive_dec+0x190/0x190
[   25.295553][   T73]  ? rcu_is_watching+0x12/0xb0
[   25.295862][   T73]  process_one_work+0xe35/0x1650
[   25.296327][   T73]  ? pwq_dec_nr_in_flight+0x550/0x550
[   25.296629][   T73]  ? assign_work+0x168/0x240
[   25.300355][   T73]  worker_thread+0x591/0xcf0
[   25.300633][   T73]  ? rescuer_thread+0xd10/0xd10
[   25.300877][   T73]  kthread+0x37b/0x5f0
[   25.301070][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.301365][   T73]  ? ret_from_fork+0x1b/0x270
[   25.301579][   T73]  ? __lock_release+0x5d/0x170
[   25.301828][   T73]  ? rcu_is_watching+0x12/0xb0
[   25.302059][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.302324][   T73]  ret_from_fork+0x1db/0x270
[   25.307396][   T73]  ? kthread_is_per_cpu+0xc0/0xc0
[   25.307701][   T73]  ret_from_fork_asm+0x11/0x20
[   25.307938][   T73]  </TASK>
[   25.308121][   T73] irq event stamp: 10705
[   25.308318][   T73] hardirqs last  enabled at (10705): [<ffffffffb69072e5>] finish_task_switch.isra.0+0x245/0x960
[   25.309515][   T73] hardirqs last disabled at (10704): [<ffffffffb8c0a2ca>] __schedule+0x94a/0x1b10
[   25.310005][   T73] softirqs last  enabled at (10408): [<ffffffffb6863832>] handle_softirqs+0x352/0x610
[   25.310492][   T73] softirqs last disabled at (9495): [<ffffffffb686409b>] irq_exit_rcu+0xab/0x100
[   25.310915][   T73] ---[ end trace 0000000000000000 ]---
[   25.383813][  T262] netdevsim netdevsim8052 eni8052np1: renamed from eth0
[   37.961066][  T257] ------------[ cut here ]------------
[   37.961398][  T257] kernel BUG at net/core/net-sysfs.c:2246!
[   37.961731][  T257] Oops: invalid opcode: 0000 [#1] SMP KASAN
[   37.962085][  T257] CPU: 3 UID: 0 PID: 257 Comm: python3 Tainted: G    B   W           6.18.0-rc4-virtme #1 PREEMPT(full) 
[   37.962559][  T257] Tainted: [B]=BAD_PAGE, [W]=WARN
[   37.962795][  T257] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   37.963104][  T257] RIP: 0010:netdev_release+0x6f/0x80
[   37.963362][  T257] Code: 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 20 48 8b bb b0 fa ff ff e8 9c 81 d1 fe 48 89 ef 5b 5d e9 62 8e d1 fe 90 <0f> 0b e8 0a 65 d8 fe eb bc e8 63 65 d8 fe eb d9 90 f3 0f 1e fa 0f
[   37.964231][  T257] RSP: 0018:ffffc90000a678a8 EFLAGS: 00010297
[   37.964618][  T257] RAX: 0000000000000000 RBX: ffff888015682688 RCX: ffffffffb8b7ab51
[   37.964973][  T257] RDX: 1ffff11002ad04cc RSI: ffffffffb90602c0 RDI: ffff888015682660
[   37.965320][  T257] RBP: ffff888015682000 R08: 0000000000000001 R09: ffffed1002ad04d8
[   37.965662][  T257] R10: ffff8880156826c3 R11: ffffffffb62000b0 R12: ffff88800c87ca00
[   37.966022][  T257] R13: 0000000000000000 R14: dead000000000122 R15: dead000000000100
[   37.966386][  T257] FS:  00007fdc51bef740(0000) GS:ffff8880ab888000(0000) knlGS:0000000000000000
[   37.966802][  T257] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   37.967092][  T257] CR2: 00007fdc44458490 CR3: 000000000bfd8006 CR4: 0000000000772ef0
[   37.967444][  T257] PKRU: 55555554
[   37.967619][  T257] Call Trace:
[   37.967794][  T257]  <TASK>
[   37.967924][  T257]  device_release+0x9c/0x210
[   37.968165][  T257]  kobject_cleanup+0xfe/0x360
[   37.968401][  T257]  netdev_run_todo+0x5f0/0xc60
[   37.968632][  T257]  ? generic_xdp_install+0x410/0x410
[   37.968913][  T257]  ? kfree+0x21d/0x540
[   37.969147][  T257]  nsim_destroy+0x1da/0x700 [netdevsim]
[   37.969363][  T257]  __nsim_dev_port_del+0x17e/0x250 [netdevsim]
[   37.969628][  T257]  nsim_dev_reload_destroy+0xdc/0x470 [netdevsim]
[   37.969895][  T257]  nsim_drv_remove+0x51/0x1d0 [netdevsim]
[   37.970106][  T257]  device_release_driver_internal+0x3bb/0x580
[   37.970355][  T257]  ? klist_put+0xb1/0x170
[   37.970502][  T257]  bus_remove_device+0x1ee/0x3f0
[   37.970698][  T257]  device_del+0x33b/0x8c0
[   37.970899][  T257]  ? __device_link_del+0x3c0/0x3c0
[   37.971119][  T257]  ? kernfs_fop_write_iter+0x207/0x490
[   37.971342][  T257]  device_unregister+0x17/0xa0
[   37.971582][  T257]  del_device_store+0x2f2/0x4f0 [netdevsim]
[   37.971873][  T257]  ? sysfs_file_kobj+0xb5/0x1f0
[   37.972087][  T257]  ? rcu_is_watching+0x12/0xb0
[   37.972322][  T257]  ? nsim_bus_dev_numvfs_show+0x60/0x60 [netdevsim]
[   37.972571][  T257]  ? sysfs_file_kobj+0xbf/0x1f0
[   37.972774][  T257]  ? sysfs_file_ops+0x120/0x120
[   37.973018][  T257]  kernfs_fop_write_iter+0x2f2/0x490
[   37.973227][  T257]  vfs_write+0xaae/0x12c0
[   37.973407][  T257]  ? kernel_write+0x6b0/0x6b0
[   37.973643][  T257]  ? lock_vma_under_rcu+0x138/0x3d0
[   37.973873][  T257]  ? __handle_mm_fault+0x5d0/0x5d0
[   37.974104][  T257]  ksys_write+0xf7/0x1d0
[   37.974268][  T257]  ? __ia32_sys_read+0xb0/0xb0
[   37.974491][  T257]  ? do_user_addr_fault+0x955/0xe00
[   37.974707][  T257]  do_syscall_64+0xc1/0xfd0
[   37.974928][  T257]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   37.975193][  T257] RIP: 0033:0x7fdc51dce257
[   37.975416][  T257] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[   37.976243][  T257] RSP: 002b:00007ffff7baba88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   37.976566][  T257] RAX: ffffffffffffffda RBX: 00007fdc51bef6e0 RCX: 00007fdc51dce257
[   37.976913][  T257] RDX: 0000000000000004 RSI: 000055b9aaeb3040 RDI: 0000000000000005
[   37.977322][  T257] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000002
[   37.977674][  T257] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fdc439ab940
[   37.978001][  T257] R13: 000055b9aaeb3040 R14: 0000000000000005 R15: 000055b9aa9e39c0
[   37.978318][  T257]  </TASK>
[   37.978480][  T257] Modules linked in: netdevsim psample
[   37.978753][  T257] ---[ end trace 0000000000000000 ]---
[   37.979017][  T257] RIP: 0010:netdev_release+0x6f/0x80
[   37.979258][  T257] Code: 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 20 48 8b bb b0 fa ff ff e8 9c 81 d1 fe 48 89 ef 5b 5d e9 62 8e d1 fe 90 <0f> 0b e8 0a 65 d8 fe eb bc e8 63 65 d8 fe eb d9 90 f3 0f 1e fa 0f
[   37.980867][  T257] RSP: 0018:ffffc90000a678a8 EFLAGS: 00010297
[   37.981155][  T257] RAX: 0000000000000000 RBX: ffff888015682688 RCX: ffffffffb8b7ab51
[   37.981482][  T257] RDX: 1ffff11002ad04cc RSI: ffffffffb90602c0 RDI: ffff888015682660
[   37.981806][  T257] RBP: ffff888015682000 R08: 0000000000000001 R09: ffffed1002ad04d8
[   37.982128][  T257] R10: ffff8880156826c3 R11: ffffffffb62000b0 R12: ffff88800c87ca00
[   37.982439][  T257] R13: 0000000000000000 R14: dead000000000122 R15: dead000000000100
[   37.982765][  T257] FS:  00007fdc51bef740(0000) GS:ffff8880ab888000(0000) knlGS:0000000000000000
[   37.983125][  T257] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   37.983387][  T257] CR2: 00007fdc44458490 CR3: 000000000bfd8006 CR4: 0000000000772ef0
[   37.983705][  T257] PKRU: 55555554
[   37.983899][  T257] Kernel panic - not syncing: Fatal exception
[   37.984281][  T257] Kernel Offset: 0x35200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   37.984751][  T257] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr