[   35.434294][  T672] bond0: (slave veth0): Enslaving as a backup interface with a down link
[   35.531820][  T673] bond0: (slave veth1): Enslaving as a backup interface with a down link
[   35.643040][  T674] br0: port 1(veth0) entered blocking state
[   35.643384][  T674] br0: port 1(veth0) entered disabled state
[   35.643672][  T674] veth0: entered allmulticast mode
[   35.644902][  T674] veth0: entered promiscuous mode
[   35.752715][  T675] br0: port 2(veth1) entered blocking state
[   35.752987][  T675] br0: port 2(veth1) entered disabled state
[   35.753241][  T675] veth1: entered allmulticast mode
[   35.754516][  T675] veth1: entered promiscuous mode
[   36.561097][   T60] br0: port 1(veth0) entered blocking state
[   36.561506][   T60] br0: port 1(veth0) entered forwarding state
[   36.562990][   T60] br0: port 2(veth1) entered blocking state
[   36.563196][   T60] br0: port 2(veth1) entered forwarding state
[   38.417359][   T67] bond0: (slave veth0): link status definitely up
[   38.418003][   T67] bond0: (slave veth1): link status definitely up
[   38.418231][   T67] bond0: (slave veth0): making interface the new active one
[   38.419401][   T67] bond0: active interface up!
[   38.857100][  T718] veth1: left allmulticast mode
[   38.857427][  T718] veth1: left promiscuous mode
[   38.857815][  T718] br0: port 2(veth1) entered disabled state
[   38.859552][  T718] veth0: left allmulticast mode
[   38.859771][  T718] veth0: left promiscuous mode
[   38.860085][  T718] br0: port 1(veth0) entered disabled state
[   39.055461][  T718] bond0: (slave veth1): Releasing backup interface
[   39.239828][  T718] bond0: (slave veth0): Releasing backup interface
[   39.626619][  T718] bond0 (unregistering): Released all slaves
[   39.701669][  T718] ==================================================================
[   39.702012][  T718] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[   39.702418][  T718] Read of size 8 at addr ffff8880025480f8 by task kworker/u16:2/718
[   39.702698][  T718] 
[   39.702781][  T718] CPU: 0 UID: 0 PID: 718 Comm: kworker/u16:2 Not tainted 6.12.0-virtme #1
[   39.703058][  T718] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   39.703282][  T718] Workqueue: netns cleanup_net
[   39.703527][  T718] Call Trace:
[   39.703678][  T718]  <TASK>
[   39.703784][  T718]  dump_stack_lvl+0x82/0xd0
[   39.704020][  T718]  print_address_description.constprop.0+0x2c/0x3b0
[   39.704249][  T718]  ? cleanup_net+0x932/0xa40
[   39.704449][  T718]  print_report+0xb4/0x270
[   39.704641][  T718]  ? kasan_addr_to_slab+0x25/0x80
[   39.704792][  T718]  kasan_report+0xbd/0xf0
[   39.704931][  T718]  ? cleanup_net+0x932/0xa40
[   39.705126][  T718]  cleanup_net+0x932/0xa40
[   39.705310][  T718]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   39.705465][  T718]  ? __pfx_cleanup_net+0x10/0x10
[   39.705612][  T718]  ? trace_lock_acquire+0x148/0x1f0
[   39.705760][  T718]  ? lock_acquire+0x32/0xc0
[   39.705913][  T718]  ? process_one_work+0xe0b/0x16d0
[   39.706073][  T718]  process_one_work+0xe55/0x16d0
[   39.706228][  T718]  ? __pfx___lock_release+0x10/0x10
[   39.706383][  T718]  ? __pfx_process_one_work+0x10/0x10
[   39.706562][  T718]  ? assign_work+0x16c/0x240
[   39.706718][  T718]  worker_thread+0x58c/0xce0
[   39.706870][  T718]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   39.707061][  T718]  ? __pfx_worker_thread+0x10/0x10
[   39.707214][  T718]  ? __pfx_worker_thread+0x10/0x10
[   39.707368][  T718]  kthread+0x28a/0x350
[   39.707488][  T718]  ? __pfx_kthread+0x10/0x10
[   39.707638][  T718]  ret_from_fork+0x31/0x70
[   39.707788][  T718]  ? __pfx_kthread+0x10/0x10
[   39.707938][  T718]  ret_from_fork_asm+0x1a/0x30
[   39.708095][  T718]  </TASK>
[   39.708218][  T718] 
[   39.708314][  T718] Allocated by task 635:
[   39.708435][  T718]  kasan_save_stack+0x24/0x50
[   39.708600][  T718]  kasan_save_track+0x14/0x30
[   39.708747][  T718]  __kasan_slab_alloc+0x59/0x70
[   39.708897][  T718]  kmem_cache_alloc_noprof+0x10b/0x350
[   39.709074][  T718]  copy_net_ns+0xc6/0x340
[   39.709230][  T718]  create_new_namespaces+0x35f/0x920
[   39.709414][  T718]  unshare_nsproxy_namespaces+0x8d/0x130
[   39.709629][  T718]  ksys_unshare+0x2a9/0x660
[   39.709836][  T718]  __x64_sys_unshare+0x31/0x40
[   39.710010][  T718]  do_syscall_64+0xc1/0x1d0
[   39.710152][  T718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   39.710376][  T718] 
[   39.710493][  T718] Freed by task 718:
[   39.710662][  T718]  kasan_save_stack+0x24/0x50
[   39.710890][  T718]  kasan_save_track+0x14/0x30
[   39.711111][  T718]  kasan_save_free_info+0x3b/0x60
[   39.711332][  T718]  __kasan_slab_free+0x38/0x50
[   39.711551][  T718]  kmem_cache_free+0xf8/0x330
[   39.711770][  T718]  cleanup_net+0x5a8/0xa40
[   39.711988][  T718]  process_one_work+0xe55/0x16d0
[   39.712224][  T718]  worker_thread+0x58c/0xce0
[   39.712436][  T718]  kthread+0x28a/0x350
[   39.712545][  T718]  ret_from_fork+0x31/0x70
[   39.712696][  T718]  ret_from_fork_asm+0x1a/0x30
[   39.712888][  T718] 
[   39.712992][  T718] The buggy address belongs to the object at ffff888002548040
[   39.712992][  T718]  which belongs to the cache net_namespace of size 5696
[   39.713475][  T718] The buggy address is located 184 bytes inside of
[   39.713475][  T718]  freed 5696-byte region [ffff888002548040, ffff888002549680)
[   39.713875][  T718] 
[   39.714001][  T718] The buggy address belongs to the physical page:
[   39.714235][  T718] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800254afc0 pfn:0x2548
[   39.714635][  T718] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.714877][  T718] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[   39.715069][  T718] page_type: f5(slab)
[   39.715183][  T718] raw: 0080000000000240 ffff888001965240 ffff88800196a088 ffff88800196a088
[   39.715576][  T718] raw: ffff88800254afc0 0000000000050002 00000001f5000000 0000000000000000
[   39.715831][  T718] head: 0080000000000240 ffff888001965240 ffff88800196a088 ffff88800196a088
[   39.716124][  T718] head: ffff88800254afc0 0000000000050002 00000001f5000000 0000000000000000
[   39.716476][  T718] head: 0080000000000003 ffffea0000095201 ffffffffffffffff 0000000000000000
[   39.716712][  T718] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   39.717035][  T718] page dumped because: kasan: bad access detected
[   39.717234][  T718] 
[   39.717324][  T718] Memory state around the buggy address:
[   39.717452][  T718]  ffff888002547f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   39.717713][  T718]  ffff888002548000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   39.718012][  T718] >ffff888002548080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.718503][  T718]                                                                 ^
[   39.718796][  T718]  ffff888002548100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.719059][  T718]  ffff888002548180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.719272][  T718] ==================================================================
[   39.719531][  T718] Disabling lock debugging due to kernel taint