[ 22.188130][ T264] ip (264) used greatest stack depth: 23632 bytes left
[ 36.775921][ T539] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.779115][ T560] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.779949][ T563] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.783438][ T545] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.795296][ T543] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.881719][ T552] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.911264][ T557] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.911957][ T555] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.914036][ T564] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 36.915361][ T566] nf_conntrack: nf_conntrack: table full in netns 4026532049, dropping packet
[ 149.486610][ T12] ==================================================================
[ 149.486952][ T12] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 149.487251][ T12] Read of size 1 at addr ffff88800a1116ac by task kworker/u16:0/12
[ 149.487544][ T12]
[ 149.487639][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 149.487644][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 149.487647][ T12] Workqueue: netns cleanup_net
[ 149.487656][ T12] Call Trace:
[ 149.487659][ T12]
[ 149.487662][ T12] dump_stack_lvl+0x82/0xc0
[ 149.487672][ T12] print_address_description.constprop.0+0x2c/0x3a0
[ 149.487682][ T12] ? kobject_put+0xbb/0xd0
[ 149.487686][ T12] print_report+0xb4/0x270
[ 149.487690][ T12] ? kobject_put+0xbb/0xd0
[ 149.487693][ T12] ? kasan_addr_to_slab+0x21/0x70
[ 149.487697][ T12] ? kobject_put+0xbb/0xd0
[ 149.487700][ T12] kasan_report+0xca/0x100
[ 149.487705][ T12] ? kobject_put+0xbb/0xd0
[ 149.487711][ T12] kobject_put+0xbb/0xd0
[ 149.487715][ T12] netdev_run_todo+0x5f0/0xc60
[ 149.487721][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 149.487724][ T12] ? generic_xdp_install+0x410/0x410
[ 149.487732][ T12] ops_undo_list+0x714/0x890
[ 149.487742][ T12] ? netns_get+0x110/0x110
[ 149.487746][ T12] ? cleanup_net+0x2d6/0x830
[ 149.487754][ T12] cleanup_net+0x3b2/0x830
[ 149.487758][ T12] ? net_passive_dec+0x190/0x190
[ 149.487764][ T12] ? rcu_is_watching+0x12/0xb0
[ 149.487775][ T12] process_one_work+0xe35/0x1650
[ 149.487788][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 149.487794][ T12] ? assign_work+0x168/0x240
[ 149.487798][ T12] worker_thread+0x591/0xcf0
[ 149.487804][ T12] ? rescuer_thread+0xd10/0xd10
[ 149.487808][ T12] kthread+0x37b/0x5f0
[ 149.487813][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.487816][ T12] ? ret_from_fork+0x1b/0x270
[ 149.487823][ T12] ? __lock_release+0x5d/0x170
[ 149.487834][ T12] ? rcu_is_watching+0x12/0xb0
[ 149.487837][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.487840][ T12] ret_from_fork+0x1db/0x270
[ 149.487844][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.487847][ T12] ret_from_fork_asm+0x11/0x20
[ 149.487859][ T12]
[ 149.487861][ T12]
[ 149.494804][ T12] Allocated by task 263:
[ 149.494927][ T12] kasan_save_stack+0x24/0x40
[ 149.495117][ T12] kasan_save_track+0x14/0x30
[ 149.495270][ T12] __kasan_kmalloc+0x7b/0x90
[ 149.495437][ T12] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 149.495606][ T12] alloc_netdev_mqs+0x7d/0x1370
[ 149.495823][ T12] sit_init_net+0x169/0x550
[ 149.495989][ T12] ops_init+0x189/0x550
[ 149.496124][ T12] setup_net+0xf1/0x380
[ 149.496247][ T12] copy_net_ns+0x21a/0x380
[ 149.496409][ T12] create_new_namespaces+0x35f/0x900
[ 149.496661][ T12] unshare_nsproxy_namespaces+0x89/0x120
[ 149.496816][ T12] ksys_unshare+0x2a3/0x660
[ 149.496986][ T12] __x64_sys_unshare+0x31/0x40
[ 149.497150][ T12] do_syscall_64+0xc1/0xfd0
[ 149.497308][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 149.497531][ T12]
[ 149.497611][ T12] Freed by task 12:
[ 149.497727][ T12] kasan_save_stack+0x24/0x40
[ 149.497901][ T12] kasan_save_track+0x14/0x30
[ 149.498057][ T12] __kasan_save_free_info+0x3b/0x60
[ 149.498218][ T12] __kasan_slab_free+0x3f/0x60
[ 149.498377][ T12] kfree+0x21d/0x540
[ 149.498512][ T12] device_release+0x9c/0x210
[ 149.498764][ T12] kobject_cleanup+0xfe/0x360
[ 149.498935][ T12] netdev_run_todo+0x81f/0xc60
[ 149.499094][ T12] ops_undo_list+0x714/0x890
[ 149.499262][ T12] cleanup_net+0x3b2/0x830
[ 149.499515][ T12] process_one_work+0xe35/0x1650
[ 149.499677][ T12] worker_thread+0x591/0xcf0
[ 149.499846][ T12] kthread+0x37b/0x5f0
[ 149.499965][ T12] ret_from_fork+0x1db/0x270
[ 149.500229][ T12] ret_from_fork_asm+0x11/0x20
[ 149.500388][ T12]
[ 149.500477][ T12] The buggy address belongs to the object at ffff88800a111000
[ 149.500477][ T12] which belongs to the cache kmalloc-4k of size 4096
[ 149.500868][ T12] The buggy address is located 1708 bytes inside of
[ 149.500868][ T12] freed 4096-byte region [ffff88800a111000, ffff88800a112000)
[ 149.501283][ T12]
[ 149.501376][ T12] The buggy address belongs to the physical page:
[ 149.501576][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa110
[ 149.501877][ T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 149.502121][ T12] flags: 0x80000000000040(head|node=0|zone=1)
[ 149.502426][ T12] page_type: f5(slab)
[ 149.502560][ T12] raw: 0080000000000040 ffff888001043700 ffffea000009ba10 ffffea0000223610
[ 149.502855][ T12] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 149.503132][ T12] head: 0080000000000040 ffff888001043700 ffffea000009ba10 ffffea0000223610
[ 149.503415][ T12] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 149.503809][ T12] head: 0080000000000003 ffffea0000284401 00000000ffffffff 00000000ffffffff
[ 149.504126][ T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 149.504501][ T12] page dumped because: kasan: bad access detected
[ 149.504698][ T12]
[ 149.504791][ T12] Memory state around the buggy address:
[ 149.504956][ T12] ffff88800a111580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 149.505319][ T12] ffff88800a111600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 149.505561][ T12] >ffff88800a111680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 149.505816][ T12] ^
[ 149.506069][ T12] ffff88800a111700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 149.506291][ T12] ffff88800a111780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 149.506563][ T12] ==================================================================
[ 149.507031][ T12] Disabling lock debugging due to kernel taint
[ 149.507235][ T12] ------------[ cut here ]------------
[ 149.507493][ T12] refcount_t: underflow; use-after-free.
[ 149.507717][ T12] WARNING: CPU: 0 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 149.508011][ T12] Modules linked in: nf_conntrack_netlink nft_ct nf_tables nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
[ 149.508430][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 149.509377][ T12] Tainted: [B]=BAD_PAGE
[ 149.509518][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 149.509719][ T12] Workqueue: netns cleanup_net
[ 149.509902][ T12] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 149.510110][ T12] Code: 83 90 02 80 fb 01 0f 87 95 6b d6 fe 83 e3 01 0f 85 51 ff ff ff c6 05 b1 83 90 02 01 90 48 c7 c7 a0 de a5 8b e8 c2 8b 15 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 f0 34 a1 ff e9 ba fe ff ff
[ 149.510672][ T12] RSP: 0018:ffffc900000c7a08 EFLAGS: 00010282
[ 149.510888][ T12] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 149.511116][ T12] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 149.511346][ T12] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff187e220
[ 149.511624][ T12] R10: 0000000000000003 R11: ffffc900000c7580 R12: 0000000000000001
[ 149.511863][ T12] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 149.512094][ T12] FS: 0000000000000000(0000) GS:ffff8880a2dec000(0000) knlGS:0000000000000000
[ 149.512355][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 149.512582][ T12] CR2: 00007f3d0a200000 CR3: 0000000039735001 CR4: 0000000000772ef0
[ 149.512830][ T12] PKRU: 55555554
[ 149.512947][ T12] Call Trace:
[ 149.513067][ T12]
[ 149.513148][ T12] netdev_run_todo+0x5f0/0xc60
[ 149.513308][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 149.513485][ T12] ? generic_xdp_install+0x410/0x410
[ 149.513647][ T12] ops_undo_list+0x714/0x890
[ 149.513804][ T12] ? netns_get+0x110/0x110
[ 149.513978][ T12] ? cleanup_net+0x2d6/0x830
[ 149.514154][ T12] cleanup_net+0x3b2/0x830
[ 149.514301][ T12] ? net_passive_dec+0x190/0x190
[ 149.514514][ T12] ? rcu_is_watching+0x12/0xb0
[ 149.514670][ T12] process_one_work+0xe35/0x1650
[ 149.514873][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 149.515114][ T12] ? assign_work+0x168/0x240
[ 149.515265][ T12] worker_thread+0x591/0xcf0
[ 149.515445][ T12] ? rescuer_thread+0xd10/0xd10
[ 149.515614][ T12] kthread+0x37b/0x5f0
[ 149.515747][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.515909][ T12] ? ret_from_fork+0x1b/0x270
[ 149.516078][ T12] ? __lock_release+0x5d/0x170
[ 149.516235][ T12] ? rcu_is_watching+0x12/0xb0
[ 149.516398][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.516557][ T12] ret_from_fork+0x1db/0x270
[ 149.516713][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 149.516869][ T12] ret_from_fork_asm+0x11/0x20
[ 149.517048][ T12]
[ 149.517166][ T12] irq event stamp: 2673
[ 149.517279][ T12] hardirqs last enabled at (2673): [] finish_task_switch.isra.0+0x245/0x960
[ 149.517628][ T12] hardirqs last disabled at (2672): [] __schedule+0x94a/0x1b10
[ 149.518011][ T12] softirqs last enabled at (2580): [] handle_softirqs+0x352/0x610
[ 149.518396][ T12] softirqs last disabled at (2573): [] irq_exit_rcu+0xab/0x100
[ 149.518767][ T12] ---[ end trace 0000000000000000 ]---