[   36.385543][  T659] bond0: (slave veth0): Enslaving as a backup interface with a down link
[   36.472263][  T660] bond0: (slave veth1): Enslaving as a backup interface with a down link
[   36.552151][  T661] br0: port 1(veth0) entered blocking state
[   36.552432][  T661] br0: port 1(veth0) entered disabled state
[   36.552681][  T661] veth0: entered allmulticast mode
[   36.553915][  T661] veth0: entered promiscuous mode
[   36.664876][  T662] br0: port 2(veth1) entered blocking state
[   36.665201][  T662] br0: port 2(veth1) entered disabled state
[   36.665727][  T662] veth1: entered allmulticast mode
[   36.667108][  T662] veth1: entered promiscuous mode
[   37.450993][  T551] br0: port 1(veth0) entered blocking state
[   37.451478][  T551] br0: port 1(veth0) entered forwarding state
[   37.453095][  T551] br0: port 2(veth1) entered blocking state
[   37.453329][  T551] br0: port 2(veth1) entered forwarding state
[   39.307218][   T11] bond0: (slave veth0): link status definitely up
[   39.307955][   T11] bond0: (slave veth1): link status definitely up
[   39.308147][   T11] bond0: (slave veth0): making interface the new active one
[   39.309718][   T11] bond0: active interface up!
[   39.703194][  T326] veth1: left allmulticast mode
[   39.703643][  T326] veth1: left promiscuous mode
[   39.704083][  T326] br0: port 2(veth1) entered disabled state
[   39.706031][  T326] veth0: left allmulticast mode
[   39.706268][  T326] veth0: left promiscuous mode
[   39.706656][  T326] br0: port 1(veth0) entered disabled state
[   39.853143][  T326] bond0: (slave veth1): Releasing backup interface
[   40.030211][  T326] bond0: (slave veth0): Releasing backup interface
[   40.412546][  T326] bond0 (unregistering): Released all slaves
[   40.501105][  T326] ==================================================================
[   40.501556][  T326] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[   40.501948][  T326] Read of size 8 at addr ffff88800bbd00f8 by task kworker/u16:2/326
[   40.502328][  T326] 
[   40.502454][  T326] CPU: 0 UID: 0 PID: 326 Comm: kworker/u16:2 Not tainted 6.12.0-virtme #1
[   40.502829][  T326] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   40.503133][  T326] Workqueue: netns cleanup_net
[   40.503421][  T326] Call Trace:
[   40.503660][  T326]  <TASK>
[   40.503792][  T326]  dump_stack_lvl+0x82/0xd0
[   40.504081][  T326]  print_address_description.constprop.0+0x2c/0x3b0
[   40.504443][  T326]  ? cleanup_net+0x932/0xa40
[   40.504727][  T326]  print_report+0xb4/0x270
[   40.505051][  T326]  ? kasan_addr_to_slab+0x25/0x80
[   40.505325][  T326]  kasan_report+0xbd/0xf0
[   40.505547][  T326]  ? cleanup_net+0x932/0xa40
[   40.505808][  T326]  cleanup_net+0x932/0xa40
[   40.506065][  T326]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   40.506339][  T326]  ? __pfx_cleanup_net+0x10/0x10
[   40.506581][  T326]  ? trace_lock_acquire+0x148/0x1f0
[   40.506842][  T326]  ? lock_acquire+0x32/0xc0
[   40.507088][  T326]  ? process_one_work+0xe0b/0x16d0
[   40.507379][  T326]  process_one_work+0xe55/0x16d0
[   40.507653][  T326]  ? __pfx___lock_release+0x10/0x10
[   40.507951][  T326]  ? __pfx_process_one_work+0x10/0x10
[   40.508235][  T326]  ? assign_work+0x16c/0x240
[   40.508511][  T326]  worker_thread+0x58c/0xce0
[   40.508770][  T326]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   40.509108][  T326]  ? __pfx_worker_thread+0x10/0x10
[   40.509372][  T326]  ? __pfx_worker_thread+0x10/0x10
[   40.509630][  T326]  kthread+0x28a/0x350
[   40.509831][  T326]  ? __pfx_kthread+0x10/0x10
[   40.510094][  T326]  ret_from_fork+0x31/0x70
[   40.510367][  T326]  ? __pfx_kthread+0x10/0x10
[   40.510616][  T326]  ret_from_fork_asm+0x1a/0x30
[   40.510846][  T326]  </TASK>
[   40.511019][  T326] 
[   40.511156][  T326] Allocated by task 622:
[   40.511329][  T326]  kasan_save_stack+0x24/0x50
[   40.511579][  T326]  kasan_save_track+0x14/0x30
[   40.511840][  T326]  __kasan_slab_alloc+0x59/0x70
[   40.512079][  T326]  kmem_cache_alloc_noprof+0x10b/0x350
[   40.512321][  T326]  copy_net_ns+0xc6/0x340
[   40.512489][  T326]  create_new_namespaces+0x35f/0x920
[   40.512715][  T326]  unshare_nsproxy_namespaces+0x8d/0x130
[   40.512946][  T326]  ksys_unshare+0x2a9/0x660
[   40.513228][  T326]  __x64_sys_unshare+0x31/0x40
[   40.513514][  T326]  do_syscall_64+0xc1/0x1d0
[   40.513764][  T326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.514052][  T326] 
[   40.514206][  T326] Freed by task 326:
[   40.514429][  T326]  kasan_save_stack+0x24/0x50
[   40.514704][  T326]  kasan_save_track+0x14/0x30
[   40.514968][  T326]  kasan_save_free_info+0x3b/0x60
[   40.515209][  T326]  __kasan_slab_free+0x38/0x50
[   40.515433][  T326]  kmem_cache_free+0xf8/0x330
[   40.515701][  T326]  cleanup_net+0x5a8/0xa40
[   40.515917][  T326]  process_one_work+0xe55/0x16d0
[   40.516145][  T326]  worker_thread+0x58c/0xce0
[   40.516364][  T326]  kthread+0x28a/0x350
[   40.516538][  T326]  ret_from_fork+0x31/0x70
[   40.516767][  T326]  ret_from_fork_asm+0x1a/0x30
[   40.517002][  T326] 
[   40.517116][  T326] The buggy address belongs to the object at ffff88800bbd0040
[   40.517116][  T326]  which belongs to the cache net_namespace of size 5696
[   40.517681][  T326] The buggy address is located 184 bytes inside of
[   40.517681][  T326]  freed 5696-byte region [ffff88800bbd0040, ffff88800bbd1680)
[   40.518205][  T326] 
[   40.518323][  T326] The buggy address belongs to the physical page:
[   40.518689][  T326] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800bbd2fc0 pfn:0xbbd0
[   40.519223][  T326] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   40.519697][  T326] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[   40.520173][  T326] page_type: f5(slab)
[   40.520448][  T326] raw: 0080000000000240 ffff888001965240 ffff88800196a088 ffff88800196a088
[   40.521005][  T326] raw: ffff88800bbd2fc0 0000000000050002 00000001f5000000 0000000000000000
[   40.521451][  T326] head: 0080000000000240 ffff888001965240 ffff88800196a088 ffff88800196a088
[   40.521932][  T326] head: ffff88800bbd2fc0 0000000000050002 00000001f5000000 0000000000000000
[   40.522428][  T326] head: 0080000000000003 ffffea00002ef401 ffffffffffffffff 0000000000000000
[   40.522942][  T326] head: ffff888000000008 0000000000000000 00000000ffffffff 0000000000000000
[   40.523350][  T326] page dumped because: kasan: bad access detected
[   40.523736][  T326] 
[   40.523867][  T326] Memory state around the buggy address:
[   40.524123][  T326]  ffff88800bbcff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   40.524518][  T326]  ffff88800bbd0000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   40.525051][  T326] >ffff88800bbd0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.525444][  T326]                                                                 ^
[   40.525756][  T326]  ffff88800bbd0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.526191][  T326]  ffff88800bbd0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.526536][  T326] ==================================================================
[   40.526965][  T326] Disabling lock debugging due to kernel taint