[ 1647.183928][T22599] veth0: renamed from veth-rt-1
[ 1647.540778][T22608] veth0: renamed from veth-rt-2
[ 1708.386016][   T70] ==================================================================
[ 1708.386176][   T70] BUG: KASAN: slab-use-after-free in idr_for_each+0x1c1/0x1f0
[ 1708.386304][   T70] Read of size 8 at addr ff1100001d9a61f8 by task kworker/u16:1/70
[ 1708.386426][   T70] 
[ 1708.386471][   T70] CPU: 3 UID: 0 PID: 70 Comm: kworker/u16:1 Not tainted 6.19.0-rc7-virtme #1 PREEMPT(full) 
[ 1708.386474][   T70] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1708.386476][   T70] Workqueue: netns cleanup_net
[ 1708.386482][   T70] Call Trace:
[ 1708.386484][   T70]  <TASK>
[ 1708.386486][   T70]  dump_stack_lvl+0x6f/0xa0
[ 1708.386491][   T70]  print_address_description.constprop.0+0x6e/0x300
[ 1708.386496][   T70]  print_report+0xfc/0x1fb
[ 1708.386497][   T70]  ? idr_for_each+0x1c1/0x1f0
[ 1708.386499][   T70]  ? __virt_addr_valid+0x1da/0x430
[ 1708.386503][   T70]  ? idr_for_each+0x1c1/0x1f0
[ 1708.386504][   T70]  kasan_report+0xe8/0x120
[ 1708.386508][   T70]  ? idr_for_each+0x1c1/0x1f0
[ 1708.386511][   T70]  ? rtnl_net_notifyid+0x1a0/0x1a0
[ 1708.386513][   T70]  idr_for_each+0x1c1/0x1f0
[ 1708.386515][   T70]  ? idr_find+0x70/0x70
[ 1708.386517][   T70]  ? __lock_release.isra.0+0x59/0x170
[ 1708.386520][   T70]  ? __up_write+0x283/0x4f0
[ 1708.386522][   T70]  ? cleanup_net+0x1f6/0x880
[ 1708.386524][   T70]  cleanup_net+0x264/0x880
[ 1708.386525][   T70]  ? lock_acquire.part.0+0xbc/0x260
[ 1708.386527][   T70]  ? process_one_work+0xd16/0x1390
[ 1708.386530][   T70]  ? net_passive_dec+0x190/0x190
[ 1708.386532][   T70]  ? rcu_is_watching+0x15/0xd0
[ 1708.386535][   T70]  ? process_one_work+0xd16/0x1390
[ 1708.386536][   T70]  ? lock_acquire+0x10a/0x150
[ 1708.386538][   T70]  ? rcu_is_watching+0x15/0xd0
[ 1708.386540][   T70]  process_one_work+0xd57/0x1390
[ 1708.386543][   T70]  ? pwq_dec_nr_in_flight+0x700/0x700
[ 1708.386545][   T70]  ? lock_acquire.part.0+0xbc/0x260
[ 1708.386548][   T70]  ? assign_work+0x152/0x380
[ 1708.386550][   T70]  worker_thread+0x4d6/0xd40
[ 1708.386552][   T70]  ? process_one_work+0x1390/0x1390
[ 1708.386554][   T70]  ? __kthread_parkme+0xb3/0x200
[ 1708.386557][   T70]  ? process_one_work+0x1390/0x1390
[ 1708.386559][   T70]  kthread+0x355/0x5b0
[ 1708.386561][   T70]  ? kthread_is_per_cpu+0xe0/0xe0
[ 1708.386563][   T70]  ? __lock_release.isra.0+0x59/0x170
[ 1708.386566][   T70]  ? rcu_is_watching+0x15/0xd0
[ 1708.386569][   T70]  ? kthread_is_per_cpu+0xe0/0xe0
[ 1708.386572][   T70]  ret_from_fork+0x3fb/0x510
[ 1708.386575][   T70]  ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[ 1708.386578][   T70]  ? __switch_to+0x53c/0xd00
[ 1708.386580][   T70]  ? kthread_is_per_cpu+0xe0/0xe0
[ 1708.386582][   T70]  ret_from_fork_asm+0x11/0x20
[ 1708.386586][   T70]  </TASK>
[ 1708.386587][   T70] 
[ 1708.390341][   T70] Allocated by task 22696:
[ 1708.390428][   T70]  kasan_save_stack+0x30/0x50
[ 1708.390515][   T70]  kasan_save_track+0x14/0x30
[ 1708.390603][   T70]  __kasan_slab_alloc+0x5f/0x70
[ 1708.390687][   T70]  kmem_cache_alloc_noprof+0x226/0x6e0
[ 1708.390768][   T70]  radix_tree_node_alloc.constprop.0+0x176/0x340
[ 1708.390868][   T70]  idr_get_free+0x326/0x840
[ 1708.390948][   T70]  idr_alloc_u32+0x14a/0x2e0
[ 1708.391028][   T70]  idr_alloc+0x7d/0xc0
[ 1708.391089][   T70]  peernet2id_alloc+0x22c/0x340
[ 1708.391168][   T70]  __dev_change_net_namespace+0x8e7/0x1f00
[ 1708.391271][   T70]  do_setlink.isra.0+0x211/0x2880
[ 1708.391351][   T70]  rtnl_newlink+0x75c/0xe90
[ 1708.391432][   T70]  rtnetlink_rcv_msg+0x6fe/0xb90
[ 1708.391513][   T70]  netlink_rcv_skb+0x123/0x380
[ 1708.391599][   T70]  netlink_unicast+0x4a3/0x770
[ 1708.391683][   T70]  netlink_sendmsg+0x735/0xc60
[ 1708.391764][   T70]  ____sys_sendmsg+0x419/0x850
[ 1708.391853][   T70]  ___sys_sendmsg+0xfd/0x180
[ 1708.391938][   T70]  __sys_sendmsg+0x124/0x1c0
[ 1708.392020][   T70]  do_syscall_64+0xbd/0xfc0
[ 1708.392103][   T70]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1708.392212][   T70] 
[ 1708.392254][   T70] Freed by task 22562:
[ 1708.392318][   T70]  kasan_save_stack+0x30/0x50
[ 1708.392399][   T70]  kasan_save_track+0x14/0x30
[ 1708.392483][   T70]  kasan_save_free_info+0x3b/0x60
[ 1708.392576][   T70]  __kasan_slab_free+0x43/0x70
[ 1708.392661][   T70]  kmem_cache_free+0xfe/0x5e0
[ 1708.392743][   T70]  rcu_do_batch+0x28b/0xfe0
[ 1708.392829][   T70]  rcu_core+0x2b4/0x5f0
[ 1708.392889][   T70]  handle_softirqs+0x1d7/0x840
[ 1708.392971][   T70]  irq_exit_rcu+0xa2/0xf0
[ 1708.393031][   T70]  sysvec_apic_timer_interrupt+0x9d/0xe0
[ 1708.393115][   T70]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1708.393220][   T70] 
[ 1708.393263][   T70] Last potentially related work creation:
[ 1708.393344][   T70]  kasan_save_stack+0x30/0x50
[ 1708.393434][   T70]  kasan_record_aux_stack+0x8c/0xa0
[ 1708.393516][   T70]  __call_rcu_common.constprop.0+0xa6/0xa00
[ 1708.393627][   T70]  delete_node+0x198/0x810
[ 1708.393717][   T70]  radix_tree_delete_item+0xc5/0x1b0
[ 1708.393802][   T70]  unhash_nsid_callback+0xb4/0x100
[ 1708.393884][   T70]  idr_for_each+0x108/0x1f0
[ 1708.393966][   T70]  cleanup_net+0x264/0x880
[ 1708.394046][   T70]  process_one_work+0xd57/0x1390
[ 1708.394128][   T70]  worker_thread+0x4d6/0xd40
[ 1708.394216][   T70]  kthread+0x355/0x5b0
[ 1708.394281][   T70]  ret_from_fork+0x3fb/0x510
[ 1708.394368][   T70]  ret_from_fork_asm+0x11/0x20
[ 1708.394451][   T70] 
[ 1708.394493][   T70] The buggy address belongs to the object at ff1100001d9a61c8
[ 1708.394493][   T70]  which belongs to the cache radix_tree_node of size 576
[ 1708.394730][   T70] The buggy address is located 48 bytes inside of
[ 1708.394730][   T70]  freed 576-byte region [ff1100001d9a61c8, ff1100001d9a6408)
[ 1708.394927][   T70] 
[ 1708.394968][   T70] The buggy address belongs to the physical page:
[ 1708.395075][   T70] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d9a4
[ 1708.395236][   T70] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1708.395363][   T70] flags: 0x80000000000040(head|node=0|zone=1)
[ 1708.395481][   T70] page_type: f5(slab)
[ 1708.395554][   T70] raw: 0080000000000040 ff11000001043700 ffd4000000767510 ff11000001041ea8
[ 1708.395710][   T70] raw: 0000000000000000 0000000000160016 00000000f5000000 0000000000000000
[ 1708.395858][   T70] head: 0080000000000040 ff11000001043700 ffd4000000767510 ff11000001041ea8
[ 1708.396003][   T70] head: 0000000000000000 0000000000160016 00000000f5000000 0000000000000000
[ 1708.396142][   T70] head: 0080000000000002 ffd4000000766901 00000000ffffffff 00000000ffffffff
[ 1708.396284][   T70] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1708.396424][   T70] page dumped because: kasan: bad access detected
[ 1708.396526][   T70] 
[ 1708.396573][   T70] Memory state around the buggy address:
[ 1708.396659][   T70]  ff1100001d9a6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1708.396785][   T70]  ff1100001d9a6100: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 1708.396903][   T70] >ff1100001d9a6180: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
[ 1708.397028][   T70]                                                                 ^
[ 1708.397150][   T70]  ff1100001d9a6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1708.397272][   T70]  ff1100001d9a6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1708.397393][   T70] ==================================================================
[ 1708.398142][   T70] Disabling lock debugging due to kernel taint