[   17.155004][  T269] ip (269) used greatest stack depth: 24528 bytes left
[   18.022603][  T274] ip (274) used greatest stack depth: 24168 bytes left
[   26.216369][  T324] ip (324) used greatest stack depth: 23984 bytes left
[  130.769019][   T12] ==================================================================
[  130.769317][   T12] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[  130.769592][   T12] Read of size 1 at addr ffff888008c796c4 by task kworker/u16:0/12
[  130.769839][   T12] 
[  130.769920][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[  130.769926][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  130.769929][   T12] Workqueue: netns cleanup_net
[  130.769939][   T12] Call Trace:
[  130.769941][   T12]  <TASK>
[  130.769944][   T12]  dump_stack_lvl+0x82/0xc0
[  130.769950][   T12]  print_address_description.constprop.0+0x2c/0x3a0
[  130.769959][   T12]  ? kobject_put+0xbb/0xd0
[  130.769963][   T12]  print_report+0xb4/0x270
[  130.769966][   T12]  ? kobject_put+0xbb/0xd0
[  130.769969][   T12]  ? kasan_addr_to_slab+0x21/0x70
[  130.769973][   T12]  ? kobject_put+0xbb/0xd0
[  130.769976][   T12]  kasan_report+0xca/0x100
[  130.769980][   T12]  ? kobject_put+0xbb/0xd0
[  130.769985][   T12]  kobject_put+0xbb/0xd0
[  130.769989][   T12]  netdev_run_todo+0x5f0/0xc60
[  130.769997][   T12]  ? dev_ingress_queue_create+0x190/0x190
[  130.770000][   T12]  ? generic_xdp_install+0x410/0x410
[  130.770003][   T12]  ? net_generic+0xb1/0x1f0
[  130.770013][   T12]  ops_undo_list+0x714/0x890
[  130.770019][   T12]  ? rtnl_net_dumpid_one+0x270/0x270
[  130.770022][   T12]  ? cleanup_net+0x2d6/0x8b0
[  130.770028][   T12]  cleanup_net+0x3b2/0x8b0
[  130.770032][   T12]  ? net_passive_dec+0x190/0x190
[  130.770037][   T12]  ? rcu_is_watching+0x12/0xb0
[  130.770046][   T12]  process_one_work+0xe35/0x1650
[  130.770057][   T12]  ? pwq_dec_nr_in_flight+0x550/0x550
[  130.770063][   T12]  ? assign_work+0x168/0x240
[  130.770067][   T12]  worker_thread+0x591/0xcf0
[  130.770073][   T12]  ? rescuer_thread+0xd10/0xd10
[  130.770076][   T12]  kthread+0x37b/0x5f0
[  130.770081][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.770084][   T12]  ? ret_from_fork+0x1b/0x270
[  130.770090][   T12]  ? __lock_release+0x5d/0x170
[  130.770095][   T12]  ? rcu_is_watching+0x12/0xb0
[  130.770098][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.770102][   T12]  ret_from_fork+0x1db/0x270
[  130.770105][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.770108][   T12]  ret_from_fork_asm+0x11/0x20
[  130.770120][   T12]  </TASK>
[  130.770121][   T12] 
[  130.776245][   T12] Allocated by task 268:
[  130.776370][   T12]  kasan_save_stack+0x24/0x40
[  130.776551][   T12]  kasan_save_track+0x14/0x30
[  130.776712][   T12]  __kasan_kmalloc+0x7b/0x90
[  130.776874][   T12]  __kvmalloc_node_noprof+0x2e5/0x8e0
[  130.777035][   T12]  alloc_netdev_mqs+0x7d/0x1370
[  130.777196][   T12]  ip6_tnl_init_net+0x102/0x3f0
[  130.777357][   T12]  ops_init+0x189/0x550
[  130.777477][   T12]  setup_net+0xf1/0x380
[  130.777597][   T12]  copy_net_ns+0x253/0x510
[  130.777753][   T12]  create_new_namespaces+0x35f/0x900
[  130.777912][   T12]  unshare_nsproxy_namespaces+0x8a/0x1a0
[  130.778070][   T12]  ksys_unshare+0x2be/0x6e0
[  130.778227][   T12]  __x64_sys_unshare+0x31/0x40
[  130.778393][   T12]  do_syscall_64+0xc1/0xfd0
[  130.778597][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  130.778905][   T12] 
[  130.778993][   T12] Freed by task 12:
[  130.779118][   T12]  kasan_save_stack+0x24/0x40
[  130.779299][   T12]  kasan_save_track+0x14/0x30
[  130.779473][   T12]  __kasan_save_free_info+0x3b/0x60
[  130.779735][   T12]  __kasan_slab_free+0x3f/0x60
[  130.779904][   T12]  kfree+0x21d/0x540
[  130.780032][   T12]  device_release+0x9c/0x210
[  130.780206][   T12]  kobject_cleanup+0xfe/0x360
[  130.780498][   T12]  netdev_run_todo+0x81f/0xc60
[  130.780689][   T12]  ops_undo_list+0x714/0x890
[  130.780860][   T12]  cleanup_net+0x3b2/0x8b0
[  130.781035][   T12]  process_one_work+0xe35/0x1650
[  130.781343][   T12]  worker_thread+0x591/0xcf0
[  130.781536][   T12]  kthread+0x37b/0x5f0
[  130.781676][   T12]  ret_from_fork+0x1db/0x270
[  130.781868][   T12]  ret_from_fork_asm+0x11/0x20
[  130.782164][   T12] 
[  130.782246][   T12] The buggy address belongs to the object at ffff888008c79000
[  130.782246][   T12]  which belongs to the cache kmalloc-4k of size 4096
[  130.782692][   T12] The buggy address is located 1732 bytes inside of
[  130.782692][   T12]  freed 4096-byte region [ffff888008c79000, ffff888008c7a000)
[  130.783240][   T12] 
[  130.783336][   T12] The buggy address belongs to the physical page:
[  130.783568][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8c78
[  130.783917][   T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  130.784207][   T12] flags: 0x80000000000040(head|node=0|zone=1)
[  130.784464][   T12] page_type: f5(slab)
[  130.784727][   T12] raw: 0080000000000040 ffff888001043700 ffffea0000231c10 ffffea0000231810
[  130.785072][   T12] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  130.785521][   T12] head: 0080000000000040 ffff888001043700 ffffea0000231c10 ffffea0000231810
[  130.785851][   T12] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  130.786179][   T12] head: 0080000000000003 ffffea0000231e01 00000000ffffffff 00000000ffffffff
[  130.786609][   T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  130.786919][   T12] page dumped because: kasan: bad access detected
[  130.787257][   T12] 
[  130.787371][   T12] Memory state around the buggy address:
[  130.787548][   T12]  ffff888008c79580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.787810][   T12]  ffff888008c79600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.788191][   T12] >ffff888008c79680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.788472][   T12]                                            ^
[  130.788698][   T12]  ffff888008c79700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.789067][   T12]  ffff888008c79780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  130.789348][   T12] ==================================================================
[  130.790301][   T12] Disabling lock debugging due to kernel taint
[  130.790538][   T12] ------------[ cut here ]------------
[  130.790783][   T12] refcount_t: underflow; use-after-free.
[  130.792168][   T12] WARNING: CPU: 0 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[  130.792505][   T12] Modules linked in:
[  130.792635][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[  130.793045][   T12] Tainted: [B]=BAD_PAGE
[  130.793211][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  130.793475][   T12] Workqueue: netns cleanup_net
[  130.793664][   T12] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[  130.793921][   T12] Code: cc 38 03 80 fb 01 0f 87 29 33 d7 fe 83 e3 01 0f 85 51 ff ff ff c6 05 17 cc 38 03 01 90 48 c7 c7 40 ba c5 b3 e8 62 d6 16 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 c0 9d a0 ff e9 ba fe ff ff
[  130.794562][   T12] RSP: 0018:ffffc900000c7a08 EFLAGS: 00010282
[  130.794822][   T12] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  130.795121][   T12] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[  130.795427][   T12] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff6980934
[  130.795866][   T12] R10: 0000000000000003 R11: ffffc900000c7580 R12: 0000000000000001
[  130.796186][   T12] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[  130.796487][   T12] FS:  0000000000000000(0000) GS:ffff8880b6f08000(0000) knlGS:0000000000000000
[  130.796867][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.797095][   T12] CR2: 00007f3b8f063e60 CR3: 000000003a549005 CR4: 0000000000772ef0
[  130.797362][   T12] PKRU: 55555554
[  130.797492][   T12] Call Trace:
[  130.797627][   T12]  <TASK>
[  130.797776][   T12]  netdev_run_todo+0x5f0/0xc60
[  130.797950][   T12]  ? dev_ingress_queue_create+0x190/0x190
[  130.798137][   T12]  ? generic_xdp_install+0x410/0x410
[  130.798323][   T12]  ? net_generic+0xb1/0x1f0
[  130.798501][   T12]  ops_undo_list+0x714/0x890
[  130.798750][   T12]  ? rtnl_net_dumpid_one+0x270/0x270
[  130.798922][   T12]  ? cleanup_net+0x2d6/0x8b0
[  130.799090][   T12]  cleanup_net+0x3b2/0x8b0
[  130.799247][   T12]  ? net_passive_dec+0x190/0x190
[  130.799403][   T12]  ? rcu_is_watching+0x12/0xb0
[  130.799569][   T12]  process_one_work+0xe35/0x1650
[  130.799786][   T12]  ? pwq_dec_nr_in_flight+0x550/0x550
[  130.799941][   T12]  ? assign_work+0x168/0x240
[  130.800096][   T12]  worker_thread+0x591/0xcf0
[  130.800262][   T12]  ? rescuer_thread+0xd10/0xd10
[  130.800419][   T12]  kthread+0x37b/0x5f0
[  130.800539][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.800760][   T12]  ? ret_from_fork+0x1b/0x270
[  130.800918][   T12]  ? __lock_release+0x5d/0x170
[  130.801075][   T12]  ? rcu_is_watching+0x12/0xb0
[  130.801229][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.801386][   T12]  ret_from_fork+0x1db/0x270
[  130.801537][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[  130.801762][   T12]  ret_from_fork_asm+0x11/0x20
[  130.801923][   T12]  </TASK>
[  130.802042][   T12] irq event stamp: 23017
[  130.802156][   T12] hardirqs last  enabled at (23017): [<ffffffffb3800e8b>] irqentry_exit+0x3b/0x80
[  130.802434][   T12] hardirqs last disabled at (23016): [<ffffffffb146395f>] handle_softirqs+0x47f/0x610
[  130.802755][   T12] softirqs last  enabled at (22032): [<ffffffffb1463832>] handle_softirqs+0x352/0x610
[  130.803062][   T12] softirqs last disabled at (22023): [<ffffffffb146409b>] irq_exit_rcu+0xab/0x100
[  130.803340][   T12] ---[ end trace 0000000000000000 ]---
[  203.534365][ T1443] mpls_gso: MPLS GSO support
[ 1237.262160][T14097] ip (14097) used greatest stack depth: 23896 bytes left