[  267.620410][   T12] ==================================================================
[  267.620594][   T12] BUG: KASAN: slab-use-after-free in idr_for_each+0x1c1/0x1f0
[  267.620742][   T12] Read of size 8 at addr ff1100000cb296b8 by task kworker/u16:0/12
[  267.620877][   T12] 
[  267.620926][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.19.0-rc7-virtme #1 PREEMPT(full) 
[  267.620930][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  267.620932][   T12] Workqueue: netns cleanup_net
[  267.620938][   T12] Call Trace:
[  267.620939][   T12]  <TASK>
[  267.620942][   T12]  dump_stack_lvl+0x6f/0xa0
[  267.620947][   T12]  print_address_description.constprop.0+0x6e/0x300
[  267.620952][   T12]  print_report+0xfc/0x1fb
[  267.620953][   T12]  ? idr_for_each+0x1c1/0x1f0
[  267.620955][   T12]  ? __virt_addr_valid+0x1da/0x430
[  267.620959][   T12]  ? idr_for_each+0x1c1/0x1f0
[  267.620961][   T12]  kasan_report+0xe8/0x120
[  267.620965][   T12]  ? idr_for_each+0x1c1/0x1f0
[  267.620968][   T12]  ? rtnl_net_notifyid+0x1a0/0x1a0
[  267.620973][   T12]  idr_for_each+0x1c1/0x1f0
[  267.620975][   T12]  ? idr_find+0x70/0x70
[  267.620978][   T12]  ? __lock_release.isra.0+0x59/0x170
[  267.620981][   T12]  ? __up_write+0x283/0x4f0
[  267.620984][   T12]  ? cleanup_net+0x1f2/0x810
[  267.620985][   T12]  cleanup_net+0x260/0x810
[  267.620987][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  267.620988][   T12]  ? process_one_work+0xd16/0x1390
[  267.620992][   T12]  ? net_passive_dec+0x190/0x190
[  267.620993][   T12]  ? rcu_is_watching+0x15/0xd0
[  267.620996][   T12]  ? process_one_work+0xd16/0x1390
[  267.620998][   T12]  ? lock_acquire+0x10a/0x150
[  267.620999][   T12]  ? rcu_is_watching+0x15/0xd0
[  267.621001][   T12]  process_one_work+0xd57/0x1390
[  267.621004][   T12]  ? pwq_dec_nr_in_flight+0x700/0x700
[  267.621006][   T12]  ? lock_acquire.part.0+0xbc/0x260
[  267.621009][   T12]  ? assign_work+0x152/0x380
[  267.621011][   T12]  worker_thread+0x4d6/0xd40
[  267.621014][   T12]  ? process_one_work+0x1390/0x1390
[  267.621016][   T12]  kthread+0x355/0x5b0
[  267.621019][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  267.621021][   T12]  ? __lock_release.isra.0+0x59/0x170
[  267.621022][   T12]  ? rcu_is_watching+0x15/0xd0
[  267.621024][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  267.621026][   T12]  ret_from_fork+0x3fb/0x510
[  267.621030][   T12]  ? arch_exit_to_user_mode_prepare.isra.0+0x140/0x140
[  267.621032][   T12]  ? __switch_to+0x53c/0xd00
[  267.621035][   T12]  ? kthread_is_per_cpu+0xe0/0xe0
[  267.621037][   T12]  ret_from_fork_asm+0x11/0x20
[  267.621040][   T12]  </TASK>
[  267.621041][   T12] 
[  267.624995][   T12] Allocated by task 655:
[  267.625064][   T12]  kasan_save_stack+0x30/0x50
[  267.625155][   T12]  kasan_save_track+0x14/0x30
[  267.625243][   T12]  __kasan_slab_alloc+0x5f/0x70
[  267.625333][   T12]  kmem_cache_alloc_noprof+0x226/0x6e0
[  267.625425][   T12]  radix_tree_node_alloc.constprop.0+0x176/0x340
[  267.625534][   T12]  idr_get_free+0x326/0x840
[  267.625622][   T12]  idr_alloc_u32+0x14a/0x2e0
[  267.625714][   T12]  idr_alloc+0x7d/0xc0
[  267.625782][   T12]  peernet2id_alloc+0x22c/0x340
[  267.625875][   T12]  rtnl_fill_ifinfo.isra.0+0x1630/0x2d80
[  267.625969][   T12]  rtmsg_ifinfo_build_skb+0x135/0x230
[  267.626063][   T12]  rtmsg_ifinfo_event.part.0+0x2c/0x130
[  267.626156][   T12]  rtmsg_ifinfo+0x5c/0xb0
[  267.626222][   T12]  __dev_notify_flags+0x1b8/0x280
[  267.626314][   T12]  netif_change_flags+0xee/0x170
[  267.626406][   T12]  do_setlink.isra.0+0x180a/0x25d0
[  267.626500][   T12]  rtnl_newlink+0x75c/0xe90
[  267.626590][   T12]  rtnetlink_rcv_msg+0x6fe/0xb90
[  267.626684][   T12]  netlink_rcv_skb+0x123/0x380
[  267.626777][   T12]  netlink_unicast+0x4a3/0x770
[  267.626867][   T12]  netlink_sendmsg+0x735/0xc60
[  267.626956][   T12]  __sys_sendto+0x265/0x390
[  267.627047][   T12]  __x64_sys_sendto+0xe4/0x1f0
[  267.627142][   T12]  do_syscall_64+0xbd/0xfc0
[  267.627232][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  267.627351][   T12] 
[  267.627397][   T12] Freed by task 12:
[  267.627467][   T12]  kasan_save_stack+0x30/0x50
[  267.627561][   T12]  kasan_save_track+0x14/0x30
[  267.627655][   T12]  kasan_save_free_info+0x3b/0x60
[  267.627751][   T12]  __kasan_slab_free+0x43/0x70
[  267.627841][   T12]  kmem_cache_free+0xfe/0x5e0
[  267.627934][   T12]  rcu_do_batch+0x28b/0xfe0
[  267.628023][   T12]  rcu_core+0x2b4/0x5f0
[  267.628088][   T12]  handle_softirqs+0x1d7/0x840
[  267.628177][   T12]  irq_exit_rcu+0xa2/0xf0
[  267.628243][   T12]  sysvec_apic_timer_interrupt+0x9d/0xe0
[  267.628334][   T12]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  267.628447][   T12] 
[  267.628495][   T12] Last potentially related work creation:
[  267.628584][   T12]  kasan_save_stack+0x30/0x50
[  267.628674][   T12]  kasan_record_aux_stack+0x8c/0xa0
[  267.628762][   T12]  __call_rcu_common.constprop.0+0xa6/0xa00
[  267.628874][   T12]  delete_node+0x198/0x810
[  267.628963][   T12]  radix_tree_delete_item+0xc5/0x1b0
[  267.629052][   T12]  unhash_nsid_callback+0xb4/0x100
[  267.629148][   T12]  idr_for_each+0x108/0x1f0
[  267.629238][   T12]  cleanup_net+0x260/0x810
[  267.629336][   T12]  process_one_work+0xd57/0x1390
[  267.629429][   T12]  worker_thread+0x4d6/0xd40
[  267.629517][   T12]  kthread+0x355/0x5b0
[  267.629585][   T12]  ret_from_fork+0x3fb/0x510
[  267.629674][   T12]  ret_from_fork_asm+0x11/0x20
[  267.629762][   T12] 
[  267.629808][   T12] The buggy address belongs to the object at ff1100000cb29688
[  267.629808][   T12]  which belongs to the cache radix_tree_node of size 576
[  267.630056][   T12] The buggy address is located 48 bytes inside of
[  267.630056][   T12]  freed 576-byte region [ff1100000cb29688, ff1100000cb298c8)
[  267.630274][   T12] 
[  267.630320][   T12] The buggy address belongs to the physical page:
[  267.630432][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000cb2a498 pfn:0xcb28
[  267.630613][   T12] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  267.630749][   T12] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  267.630864][   T12] page_type: f5(slab)
[  267.630935][   T12] raw: 0080000000000240 ff11000001043700 ffd4000000326f10 ffd400000032fb10
[  267.631095][   T12] raw: ff1100000cb2a498 000000000016000f 00000000f5000000 0000000000000000
[  267.631250][   T12] head: 0080000000000240 ff11000001043700 ffd4000000326f10 ffd400000032fb10
[  267.631410][   T12] head: ff1100000cb2a498 000000000016000f 00000000f5000000 0000000000000000
[  267.631567][   T12] head: 0080000000000002 ffd400000032ca01 00000000ffffffff 00000000ffffffff
[  267.631722][   T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  267.631883][   T12] page dumped because: kasan: bad access detected
[  267.631999][   T12] 
[  267.632044][   T12] Memory state around the buggy address:
[  267.632130][   T12]  ff1100000cb29580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  267.632269][   T12]  ff1100000cb29600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  267.632403][   T12] >ff1100000cb29680: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  267.632541][   T12]                                         ^
[  267.632655][   T12]  ff1100000cb29700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  267.632783][   T12]  ff1100000cb29780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  267.632915][   T12] ==================================================================
[  267.633049][   T12] Disabling lock debugging due to kernel taint