[ 17.154478][ T252] ip (252) used greatest stack depth: 24064 bytes left
[ 24.190353][ T317] rc1: renamed from rc0 (while UP)
[ 24.397936][ T321] rs1: renamed from rs0 (while UP)
[ 24.568906][ T327] rc2: renamed from rc1 (while UP)
[ 24.752810][ T328] rs2: renamed from rs1 (while UP)
[ 25.294868][ T349] rc3: renamed from rc2 (while UP)
[ 25.876763][ T351] rs3: renamed from rs2 (while UP)
[ 26.682025][ T353] rc4: renamed from rc3 (while UP)
[ 27.197745][ T354] rs4: renamed from rs3 (while UP)
[ 27.743136][ T356] rc5: renamed from rc4 (while UP)
[ 28.296284][ T357] rs5: renamed from rs4 (while UP)
[ 28.924753][ T359] rc6: renamed from rc5 (while UP)
[ 29.456772][ T360] rs6: renamed from rs5 (while UP)
[ 29.900865][ T362] rc7: renamed from rc6 (while UP)
[ 30.363349][ T363] rs7: renamed from rs6 (while UP)
[ 30.898593][ T364] rc8: renamed from rc7 (while UP)
[ 31.396977][ T366] rs8: renamed from rs7 (while UP)
[ 31.980350][ T367] rc9: renamed from rc8 (while UP)
[ 32.711154][ T368] rs9: renamed from rs8 (while UP)
[ 33.188926][ T370] rc0: renamed from rc9 (while UP)
[ 33.649276][ T371] rs0: renamed from rs9 (while UP)
[ 34.276334][ T373] rc1: renamed from rc0 (while UP)
[ 35.113731][ T374] rs1: renamed from rs0 (while UP)
[ 35.755900][ T376] rc2: renamed from rc1 (while UP)
[ 36.175388][ T377] rs2: renamed from rs1 (while UP)
[ 36.761627][ T378] rc3: renamed from rc2 (while UP)
[ 37.141805][ T380] rs3: renamed from rs2 (while UP)
[ 37.615991][ T381] rc4: renamed from rc3 (while UP)
[ 38.171438][ T383] rs4: renamed from rs3 (while UP)
[ 38.834118][ T384] rc5: renamed from rc4 (while UP)
[ 39.289141][ T386] rs5: renamed from rs4 (while UP)
[ 39.865011][ T387] rc6: renamed from rc5 (while UP)
[ 40.205109][ T388] rs6: renamed from rs5 (while UP)
[ 40.882597][ T390] rc7: renamed from rc6 (while UP)
[ 41.440817][ T391] rs7: renamed from rs6 (while UP)
[ 42.066181][ T392] rc8: renamed from rc7 (while UP)
[ 42.844166][ T394] rs8: renamed from rs7 (while UP)
[ 43.357457][ T396] rc9: renamed from rc8 (while UP)
[ 44.013057][ T397] rs9: renamed from rs8 (while UP)
[ 44.593659][ T398] rc0: renamed from rc9 (while UP)
[ 45.069333][ T400] rs0: renamed from rs9 (while UP)
[ 45.738540][ T401] rc1: renamed from rc0 (while UP)
[ 46.474135][ T403] rs1: renamed from rs0 (while UP)
[ 47.143115][ T404] rc2: renamed from rc1 (while UP)
[ 47.725931][ T406] rs2: renamed from rs1 (while UP)
[ 48.401441][ T407] rc3: renamed from rc2 (while UP)
[ 49.128099][ T409] rs3: renamed from rs2 (while UP)
[ 49.668604][ T411] rc4: renamed from rc3 (while UP)
[ 50.132630][ T412] rs4: renamed from rs3 (while UP)
[ 50.504087][ T413] rc5: renamed from rc4 (while UP)
[ 51.125094][ T414] rs5: renamed from rs4 (while UP)
[ 51.695155][ T416] rc6: renamed from rc5 (while UP)
[ 52.232122][ T417] rs6: renamed from rs5 (while UP)
[ 52.875935][ T419] rc7: renamed from rc6 (while UP)
[ 53.450626][ T420] rs7: renamed from rs6 (while UP)
[ 54.123138][ T422] rc8: renamed from rc7 (while UP)
[ 54.627945][ T423] rs8: renamed from rs7 (while UP)
[ 55.091907][ T425] rc9: renamed from rc8 (while UP)
[ 55.634965][ T426] rs9: renamed from rs8 (while UP)
[ 56.306943][ T427] rc0: renamed from rc9 (while UP)
[ 56.907512][ T429] rs0: renamed from rs9 (while UP)
[ 57.503816][ T430] rc1: renamed from rc0 (while UP)
[ 58.040130][ T432] rs1: renamed from rs0 (while UP)
[ 58.598710][ T433] rc2: renamed from rc1 (while UP)
[ 59.092063][ T435] rs2: renamed from rs1 (while UP)
[ 59.476831][ T436] rc3: renamed from rc2 (while UP)
[ 60.029814][ T438] rs3: renamed from rs2 (while UP)
[ 60.479272][ T439] rc4: renamed from rc3 (while UP)
[ 61.051063][ T440] rs4: renamed from rs3 (while UP)
[ 61.480741][ T442] rc5: renamed from rc4 (while UP)
[ 61.835414][ T443] rs5: renamed from rs4 (while UP)
[ 62.176495][ T444] rc6: renamed from rc5 (while UP)
[ 62.854997][ T445] rs6: renamed from rs5 (while UP)
[ 63.499132][ T447] rc7: renamed from rc6 (while UP)
[ 64.064650][ T449] rs7: renamed from rs6 (while UP)
[ 64.622120][ T450] rc8: renamed from rc7 (while UP)
[ 65.069064][ T451] rs8: renamed from rs7 (while UP)
[ 65.577050][ T453] rc9: renamed from rc8 (while UP)
[ 66.052175][ T454] rs9: renamed from rs8 (while UP)
[ 66.580438][ T456] rc0: renamed from rc9 (while UP)
[ 67.108835][ T457] rs0: renamed from rs9 (while UP)
[ 67.658565][ T458] rc1: renamed from rc0 (while UP)
[ 68.392460][ T460] rs1: renamed from rs0 (while UP)
[ 69.254166][ T461] rc2: renamed from rc1 (while UP)
[ 69.853864][ T463] rs2: renamed from rs1 (while UP)
[ 70.375756][ T464] rc3: renamed from rc2 (while UP)
[ 70.912119][ T466] rs3: renamed from rs2 (while UP)
[ 71.623804][ T467] rc4: renamed from rc3 (while UP)
[ 72.358134][ T469] rs4: renamed from rs3 (while UP)
[ 72.834919][ T471] rc5: renamed from rc4 (while UP)
[ 73.040620][ T472] rs5: renamed from rs4 (while UP)
[ 73.569898][ T12] ==================================================================
[ 73.570195][ T12] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 73.570444][ T12] Read of size 1 at addr ffff888007ec96ac by task kworker/u16:0/12
[ 73.570679][ T12]
[ 73.570763][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 73.570768][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 73.570771][ T12] Workqueue: netns cleanup_net
[ 73.570778][ T12] Call Trace:
[ 73.570780][ T12]
[ 73.570783][ T12] dump_stack_lvl+0x82/0xc0
[ 73.570788][ T12] print_address_description.constprop.0+0x2c/0x3a0
[ 73.570797][ T12] ? kobject_put+0xbb/0xd0
[ 73.570801][ T12] print_report+0xb4/0x270
[ 73.570805][ T12] ? kobject_put+0xbb/0xd0
[ 73.570808][ T12] ? kasan_addr_to_slab+0x21/0x70
[ 73.570812][ T12] ? kobject_put+0xbb/0xd0
[ 73.570815][ T12] kasan_report+0xca/0x100
[ 73.570820][ T12] ? kobject_put+0xbb/0xd0
[ 73.570825][ T12] kobject_put+0xbb/0xd0
[ 73.570829][ T12] netdev_run_todo+0x5f0/0xc60
[ 73.570835][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 73.570839][ T12] ? generic_xdp_install+0x410/0x410
[ 73.570846][ T12] ops_undo_list+0x714/0x890
[ 73.570854][ T12] ? netns_get+0x110/0x110
[ 73.570857][ T12] ? cleanup_net+0x2d6/0x830
[ 73.570862][ T12] cleanup_net+0x3b2/0x830
[ 73.570866][ T12] ? net_passive_dec+0x190/0x190
[ 73.570870][ T12] ? rcu_is_watching+0x12/0xb0
[ 73.570876][ T12] process_one_work+0xe35/0x1650
[ 73.570885][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 73.570891][ T12] ? assign_work+0x168/0x240
[ 73.570895][ T12] worker_thread+0x591/0xcf0
[ 73.570903][ T12] ? rescuer_thread+0xd10/0xd10
[ 73.570909][ T12] kthread+0x37b/0x5f0
[ 73.570916][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.570919][ T12] ? ret_from_fork+0x1b/0x270
[ 73.570929][ T12] ? __lock_release+0x5d/0x170
[ 73.570937][ T12] ? rcu_is_watching+0x12/0xb0
[ 73.570941][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.570944][ T12] ret_from_fork+0x1db/0x270
[ 73.570948][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.570951][ T12] ret_from_fork_asm+0x11/0x20
[ 73.570961][ T12]
[ 73.570962][ T12]
[ 73.577004][ T12] Allocated by task 251:
[ 73.577126][ T12] kasan_save_stack+0x24/0x40
[ 73.577299][ T12] kasan_save_track+0x14/0x30
[ 73.577457][ T12] __kasan_kmalloc+0x7b/0x90
[ 73.577614][ T12] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 73.577776][ T12] alloc_netdev_mqs+0x7d/0x1370
[ 73.577950][ T12] sit_init_net+0x169/0x550
[ 73.578110][ T12] ops_init+0x189/0x550
[ 73.578231][ T12] setup_net+0xf1/0x380
[ 73.578353][ T12] copy_net_ns+0x21a/0x380
[ 73.578515][ T12] create_new_namespaces+0x35f/0x900
[ 73.578680][ T12] unshare_nsproxy_namespaces+0x89/0x120
[ 73.578834][ T12] ksys_unshare+0x2a3/0x660
[ 73.579001][ T12] __x64_sys_unshare+0x31/0x40
[ 73.579158][ T12] do_syscall_64+0xc1/0xfd0
[ 73.579318][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 73.579526][ T12]
[ 73.579609][ T12] Freed by task 12:
[ 73.579733][ T12] kasan_save_stack+0x24/0x40
[ 73.579895][ T12] kasan_save_track+0x14/0x30
[ 73.580060][ T12] __kasan_save_free_info+0x3b/0x60
[ 73.580220][ T12] __kasan_slab_free+0x3f/0x60
[ 73.580381][ T12] kfree+0x21d/0x540
[ 73.580499][ T12] device_release+0x9c/0x210
[ 73.580657][ T12] kobject_cleanup+0xfe/0x360
[ 73.580815][ T12] netdev_run_todo+0x81f/0xc60
[ 73.580984][ T12] ops_undo_list+0x714/0x890
[ 73.581148][ T12] cleanup_net+0x3b2/0x830
[ 73.581303][ T12] process_one_work+0xe35/0x1650
[ 73.581461][ T12] worker_thread+0x591/0xcf0
[ 73.581619][ T12] kthread+0x37b/0x5f0
[ 73.581739][ T12] ret_from_fork+0x1db/0x270
[ 73.581905][ T12] ret_from_fork_asm+0x11/0x20
[ 73.582064][ T12]
[ 73.582151][ T12] The buggy address belongs to the object at ffff888007ec9000
[ 73.582151][ T12] which belongs to the cache kmalloc-4k of size 4096
[ 73.582532][ T12] The buggy address is located 1708 bytes inside of
[ 73.582532][ T12] freed 4096-byte region [ffff888007ec9000, ffff888007eca000)
[ 73.582916][ T12]
[ 73.582998][ T12] The buggy address belongs to the physical page:
[ 73.583196][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ec8
[ 73.583480][ T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 73.583719][ T12] flags: 0x80000000000040(head|node=0|zone=1)
[ 73.583931][ T12] page_type: f5(slab)
[ 73.584056][ T12] raw: 0080000000000040 ffff888001043700 ffffea00000a8e10 ffffea00001d9610
[ 73.584346][ T12] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 73.584627][ T12] head: 0080000000000040 ffff888001043700 ffffea00000a8e10 ffffea00001d9610
[ 73.584920][ T12] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 73.585202][ T12] head: 0080000000000003 ffffea00001fb201 00000000ffffffff 00000000ffffffff
[ 73.585487][ T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 73.585769][ T12] page dumped because: kasan: bad access detected
[ 73.585969][ T12]
[ 73.586049][ T12] Memory state around the buggy address:
[ 73.586204][ T12] ffff888007ec9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.586437][ T12] ffff888007ec9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.586668][ T12] >ffff888007ec9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.586893][ T12] ^
[ 73.587056][ T12] ffff888007ec9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.587281][ T12] ffff888007ec9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.587507][ T12] ==================================================================
[ 73.588045][ T12] Disabling lock debugging due to kernel taint
[ 73.588265][ T12] ------------[ cut here ]------------
[ 73.588416][ T12] refcount_t: underflow; use-after-free.
[ 73.588599][ T12] WARNING: CPU: 0 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 73.588978][ T12] Modules linked in: nft_flow_offload nf_flow_table_inet nf_flow_table nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables veth
[ 73.589492][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 73.589840][ T12] Tainted: [B]=BAD_PAGE
[ 73.589962][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 73.590269][ T12] Workqueue: netns cleanup_net
[ 73.590444][ T12] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 73.590653][ T12] Code: 83 90 02 80 fb 01 0f 87 95 6b d6 fe 83 e3 01 0f 85 51 ff ff ff c6 05 b1 83 90 02 01 90 48 c7 c7 a0 de 85 aa e8 c2 8b 15 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 f0 34 a1 ff e9 ba fe ff ff
[ 73.591318][ T12] RSP: 0018:ffffc900000c7a08 EFLAGS: 00010282
[ 73.591520][ T12] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 73.591840][ T12] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 73.592075][ T12] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff563e220
[ 73.592321][ T12] R10: 0000000000000003 R11: ffffc900000c7580 R12: 0000000000000001
[ 73.592647][ T12] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 73.592883][ T12] FS: 0000000000000000(0000) GS:ffff888089bec000(0000) knlGS:0000000000000000
[ 73.593261][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 73.593461][ T12] CR2: 00007fff052ead90 CR3: 0000000008fed005 CR4: 0000000000772ef0
[ 73.593698][ T12] PKRU: 55555554
[ 73.593817][ T12] Call Trace:
[ 73.594028][ T12]
[ 73.594113][ T12] netdev_run_todo+0x5f0/0xc60
[ 73.594281][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 73.594441][ T12] ? generic_xdp_install+0x410/0x410
[ 73.594684][ T12] ops_undo_list+0x714/0x890
[ 73.594846][ T12] ? netns_get+0x110/0x110
[ 73.595006][ T12] ? cleanup_net+0x2d6/0x830
[ 73.595169][ T12] cleanup_net+0x3b2/0x830
[ 73.595422][ T12] ? net_passive_dec+0x190/0x190
[ 73.595580][ T12] ? rcu_is_watching+0x12/0xb0
[ 73.595741][ T12] process_one_work+0xe35/0x1650
[ 73.595912][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 73.596155][ T12] ? assign_work+0x168/0x240
[ 73.596321][ T12] worker_thread+0x591/0xcf0
[ 73.596492][ T12] ? rescuer_thread+0xd10/0xd10
[ 73.596650][ T12] kthread+0x37b/0x5f0
[ 73.596768][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.596924][ T12] ? ret_from_fork+0x1b/0x270
[ 73.597082][ T12] ? __lock_release+0x5d/0x170
[ 73.597244][ T12] ? rcu_is_watching+0x12/0xb0
[ 73.597403][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.597557][ T12] ret_from_fork+0x1db/0x270
[ 73.597710][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 73.597868][ T12] ret_from_fork_asm+0x11/0x20
[ 73.598029][ T12]
[ 73.598146][ T12] irq event stamp: 5605
[ 73.598276][ T12] hardirqs last enabled at (5605): [] finish_task_switch.isra.0+0x245/0x960
[ 73.598580][ T12] hardirqs last disabled at (5604): [] __schedule+0x94a/0x1b10
[ 73.598845][ T12] softirqs last enabled at (4738): [] unregister_netdevice_many_notify+0x711/0x1b30
[ 73.599158][ T12] softirqs last disabled at (4736): [] dev_mc_flush+0x54/0x90
[ 73.599441][ T12] ---[ end trace 0000000000000000 ]---