[ 20.598336][ T299] 8021q: 802.1Q VLAN Support v1.8
[ 25.815762][ T344] br1: port 1(vx10) entered blocking state
[ 25.816389][ T344] br1: port 1(vx10) entered disabled state
[ 25.817432][ T344] vx10: entered allmulticast mode
[ 25.820989][ T344] vx10: entered promiscuous mode
[ 25.822027][ T344] br1: port 1(vx10) entered blocking state
[ 25.822776][ T344] br1: port 1(vx10) entered forwarding state
[ 26.365064][ T349] br1: port 2(vx20) entered blocking state
[ 26.365590][ T349] br1: port 2(vx20) entered disabled state
[ 26.366078][ T349] vx20: entered allmulticast mode
[ 26.370085][ T349] vx20: entered promiscuous mode
[ 26.371372][ T349] br1: port 2(vx20) entered blocking state
[ 26.372126][ T349] br1: port 2(vx20) entered forwarding state
[ 26.604405][ T351] br1: port 3(veth1) entered blocking state
[ 26.605173][ T351] br1: port 3(veth1) entered disabled state
[ 26.605719][ T351] veth1: entered allmulticast mode
[ 26.609427][ T351] veth1: entered promiscuous mode
[ 26.729087][ T251] br1: port 3(veth1) entered blocking state
[ 26.729788][ T251] br1: port 3(veth1) entered forwarding state
[ 27.149258][ T355] br1: port 4(veth2) entered blocking state
[ 27.150008][ T355] br1: port 4(veth2) entered disabled state
[ 27.150800][ T355] veth2: entered allmulticast mode
[ 27.157114][ T355] veth2: entered promiscuous mode
[ 27.277438][ T37] br1: port 4(veth2) entered blocking state
[ 27.278227][ T37] br1: port 4(veth2) entered forwarding state
[ 32.826046][ T407] br2: port 1(w1) entered blocking state
[ 32.826406][ T407] br2: port 1(w1) entered disabled state
[ 32.826766][ T407] w1: entered allmulticast mode
[ 32.830161][ T407] w1: entered promiscuous mode
[ 33.809178][ T415] br2: port 2(vx10) entered blocking state
[ 33.809634][ T415] br2: port 2(vx10) entered disabled state
[ 33.810112][ T415] vx10: entered allmulticast mode
[ 33.813605][ T415] vx10: entered promiscuous mode
[ 33.814470][ T415] br2: port 2(vx10) entered blocking state
[ 33.814904][ T415] br2: port 2(vx10) entered forwarding state
[ 34.839716][ T423] br2: port 3(vx20) entered blocking state
[ 34.840253][ T423] br2: port 3(vx20) entered disabled state
[ 34.840786][ T423] vx20: entered allmulticast mode
[ 34.844809][ T423] vx20: entered promiscuous mode
[ 34.845721][ T423] br2: port 3(vx20) entered blocking state
[ 34.846237][ T423] br2: port 3(vx20) entered forwarding state
[ 35.951024][ T251] br2: port 1(w1) entered blocking state
[ 35.951916][ T251] br2: port 1(w1) entered forwarding state
[ 39.163151][ T463] br2: port 1(w1) entered blocking state
[ 39.163499][ T463] br2: port 1(w1) entered disabled state
[ 39.163996][ T463] w1: entered allmulticast mode
[ 39.167392][ T463] w1: entered promiscuous mode
[ 40.081783][ T471] br2: port 2(vx10) entered blocking state
[ 40.082322][ T471] br2: port 2(vx10) entered disabled state
[ 40.083427][ T471] vx10: entered allmulticast mode
[ 40.087226][ T471] vx10: entered promiscuous mode
[ 40.088260][ T471] br2: port 2(vx10) entered blocking state
[ 40.088766][ T471] br2: port 2(vx10) entered forwarding state
[ 41.000763][ T478] br2: port 3(vx20) entered blocking state
[ 41.001311][ T478] br2: port 3(vx20) entered disabled state
[ 41.001965][ T478] vx20: entered allmulticast mode
[ 41.006816][ T478] vx20: entered promiscuous mode
[ 41.008048][ T478] br2: port 3(vx20) entered blocking state
[ 41.008721][ T478] br2: port 3(vx20) entered forwarding state
[ 42.151866][ T36] br2: port 1(w1) entered blocking state
[ 42.152447][ T36] br2: port 1(w1) entered forwarding state
[ 60.452697][ T593] GACT probability NOT on
[ 158.403826][ T1832] veth3: entered promiscuous mode
[ 233.370877][ T2759] veth3: left promiscuous mode
[ 234.119774][ T2765] veth3: entered promiscuous mode
[ 313.334792][ T3692] veth3: left promiscuous mode
[ 314.962725][ T3710] vx20: left allmulticast mode
[ 314.963214][ T3710] vx20: left promiscuous mode
[ 314.963984][ T3710] br1: port 2(vx20) entered disabled state
[ 315.113138][ T3711] vx10: left allmulticast mode
[ 315.113700][ T3711] vx10: left promiscuous mode
[ 315.114501][ T3711] br1: port 1(vx10) entered disabled state
[ 320.750298][ T3716] br1: port 1(vx10) entered blocking state
[ 320.750846][ T3716] br1: port 1(vx10) entered disabled state
[ 320.751352][ T3716] vx10: entered allmulticast mode
[ 320.755181][ T3716] vx10: entered promiscuous mode
[ 320.756167][ T3716] br1: port 1(vx10) entered blocking state
[ 320.756662][ T3716] br1: port 1(vx10) entered forwarding state
[ 321.017751][ T3718] br1: port 2(vx20) entered blocking state
[ 321.018314][ T3718] br1: port 2(vx20) entered disabled state
[ 321.019329][ T3718] vx20: entered allmulticast mode
[ 321.023059][ T3718] vx20: entered promiscuous mode
[ 321.023947][ T3718] br1: port 2(vx20) entered blocking state
[ 321.024443][ T3718] br1: port 2(vx20) entered forwarding state
[ 443.210114][ T5015] veth3: entered promiscuous mode
[ 527.386293][ T5943] veth3: left promiscuous mode
[ 528.250377][ T5949] veth3: entered promiscuous mode
[ 610.786019][ T6876] veth3: left promiscuous mode
[ 613.078061][ T6899] vx20: left allmulticast mode
[ 613.078446][ T6899] vx20: left promiscuous mode
[ 613.079480][ T6899] br1: port 2(vx20) entered disabled state
[ 613.242767][ T6900] vx10: left allmulticast mode
[ 613.243336][ T6900] vx10: left promiscuous mode
[ 613.244159][ T6900] br1: port 1(vx10) entered disabled state
[ 618.908269][ T6905] br1: port 1(vx10) entered blocking state
[ 618.908774][ T6905] br1: port 1(vx10) entered disabled state
[ 618.909278][ T6905] vx10: entered allmulticast mode
[ 618.913153][ T6905] vx10: entered promiscuous mode
[ 618.914895][ T6905] br1: port 1(vx10) entered blocking state
[ 618.915423][ T6905] br1: port 1(vx10) entered forwarding state
[ 619.208498][ T6907] br1: port 2(vx20) entered blocking state
[ 619.208988][ T6907] br1: port 2(vx20) entered disabled state
[ 619.209573][ T6907] vx20: entered allmulticast mode
[ 619.213476][ T6907] vx20: entered promiscuous mode
[ 619.214486][ T6907] br1: port 2(vx20) entered blocking state
[ 619.215050][ T6907] br1: port 2(vx20) entered forwarding state
[ 1040.214421][T10183] vx20: left allmulticast mode
[ 1040.215015][T10183] vx20: left promiscuous mode
[ 1040.215771][T10183] br1: port 2(vx20) entered disabled state
[ 1040.340802][T10184] vx10: left allmulticast mode
[ 1040.341269][T10184] vx10: left promiscuous mode
[ 1040.341849][T10184] br1: port 1(vx10) entered disabled state
[ 1046.057295][T10189] br1: port 1(vx10) entered blocking state
[ 1046.058173][T10189] br1: port 1(vx10) entered disabled state
[ 1046.058909][T10189] vx10: entered allmulticast mode
[ 1046.064970][T10189] vx10: entered promiscuous mode
[ 1046.066392][T10189] br1: port 1(vx10) entered blocking state
[ 1046.067114][T10189] br1: port 1(vx10) entered forwarding state
[ 1046.345621][T10191] br1: port 2(vx20) entered blocking state
[ 1046.346209][T10191] br1: port 2(vx20) entered disabled state
[ 1046.346964][T10191] vx20: entered allmulticast mode
[ 1046.350394][T10191] vx20: entered promiscuous mode
[ 1046.351234][T10191] br1: port 2(vx20) entered blocking state
[ 1046.351661][T10191] br1: port 2(vx20) entered forwarding state
[ 1214.235045][ T12] vx20: left allmulticast mode
[ 1214.235705][ T12] vx20: left promiscuous mode
[ 1214.236405][ T12] br2: port 3(vx20) entered disabled state
[ 1214.243928][ T12] vx10: left allmulticast mode
[ 1214.244350][ T12] vx10: left promiscuous mode
[ 1214.245208][ T12] br2: port 2(vx10) entered disabled state
[ 1214.249175][ T12] w1: left allmulticast mode
[ 1214.249731][ T12] w1: left promiscuous mode
[ 1214.250285][ T12] br2: port 1(w1) entered disabled state
[ 1214.341487][ T12] ==================================================================
[ 1214.341799][ T12] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[ 1214.342083][ T12] Read of size 1 at addr ffff88800b7fc6ac by task kworker/u16:0/12
[ 1214.342321][ T12]
[ 1214.342410][ T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 1214.342419][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1214.342424][ T12] Workqueue: netns cleanup_net
[ 1214.342434][ T12] Call Trace:
[ 1214.342437][ T12]
[ 1214.342441][ T12] dump_stack_lvl+0x82/0xc0
[ 1214.342448][ T12] print_address_description.constprop.0+0x2c/0x3a0
[ 1214.342455][ T12] ? kobject_put+0xbb/0xd0
[ 1214.342459][ T12] print_report+0xb4/0x270
[ 1214.342462][ T12] ? kobject_put+0xbb/0xd0
[ 1214.342466][ T12] ? kasan_addr_to_slab+0x21/0x70
[ 1214.342469][ T12] ? kobject_put+0xbb/0xd0
[ 1214.342472][ T12] kasan_report+0xca/0x100
[ 1214.342476][ T12] ? kobject_put+0xbb/0xd0
[ 1214.342481][ T12] kobject_put+0xbb/0xd0
[ 1214.342485][ T12] netdev_run_todo+0x5f0/0xc60
[ 1214.342489][ T12] ? rtnl_is_locked+0x15/0x20
[ 1214.342495][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 1214.342498][ T12] ? generic_xdp_install+0x410/0x410
[ 1214.342504][ T12] ops_undo_list+0x714/0x890
[ 1214.342509][ T12] ? netns_get+0x110/0x110
[ 1214.342512][ T12] ? cleanup_net+0x2d6/0x830
[ 1214.342517][ T12] cleanup_net+0x3b2/0x830
[ 1214.342521][ T12] ? net_passive_dec+0x190/0x190
[ 1214.342525][ T12] ? rcu_is_watching+0x12/0xb0
[ 1214.342533][ T12] process_one_work+0xe35/0x1650
[ 1214.342542][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 1214.342548][ T12] ? assign_work+0x168/0x240
[ 1214.342552][ T12] worker_thread+0x591/0xcf0
[ 1214.342557][ T12] ? rescuer_thread+0xd10/0xd10
[ 1214.342561][ T12] kthread+0x37b/0x5f0
[ 1214.342565][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.342568][ T12] ? ret_from_fork+0x1b/0x270
[ 1214.342572][ T12] ? __lock_release+0x5d/0x170
[ 1214.342579][ T12] ? rcu_is_watching+0x12/0xb0
[ 1214.342583][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.342590][ T12] ret_from_fork+0x1db/0x270
[ 1214.342593][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.342597][ T12] ret_from_fork_asm+0x11/0x20
[ 1214.342611][ T12]
[ 1214.342613][ T12]
[ 1214.349599][ T12] Allocated by task 442:
[ 1214.349733][ T12] kasan_save_stack+0x24/0x40
[ 1214.349927][ T12] kasan_save_track+0x14/0x30
[ 1214.350101][ T12] __kasan_kmalloc+0x7b/0x90
[ 1214.350264][ T12] __kvmalloc_node_noprof+0x2e5/0x8e0
[ 1214.350434][ T12] alloc_netdev_mqs+0x7d/0x1370
[ 1214.350624][ T12] sit_init_net+0x169/0x550
[ 1214.350786][ T12] ops_init+0x189/0x550
[ 1214.350927][ T12] setup_net+0xf1/0x380
[ 1214.351064][ T12] copy_net_ns+0x21a/0x380
[ 1214.351295][ T12] create_new_namespaces+0x35f/0x900
[ 1214.351470][ T12] unshare_nsproxy_namespaces+0x89/0x120
[ 1214.351704][ T12] ksys_unshare+0x2a3/0x660
[ 1214.351921][ T12] __x64_sys_unshare+0x31/0x40
[ 1214.352104][ T12] do_syscall_64+0xc1/0xfd0
[ 1214.352271][ T12] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1214.352495][ T12]
[ 1214.352590][ T12] Freed by task 12:
[ 1214.352721][ T12] kasan_save_stack+0x24/0x40
[ 1214.352919][ T12] kasan_save_track+0x14/0x30
[ 1214.353119][ T12] __kasan_save_free_info+0x3b/0x60
[ 1214.353280][ T12] __kasan_slab_free+0x3f/0x60
[ 1214.353444][ T12] kfree+0x21d/0x540
[ 1214.353569][ T12] device_release+0x9c/0x210
[ 1214.353751][ T12] kobject_cleanup+0xfe/0x360
[ 1214.353938][ T12] netdev_run_todo+0x81f/0xc60
[ 1214.354107][ T12] ops_undo_list+0x714/0x890
[ 1214.354272][ T12] cleanup_net+0x3b2/0x830
[ 1214.354458][ T12] process_one_work+0xe35/0x1650
[ 1214.354643][ T12] worker_thread+0x591/0xcf0
[ 1214.354808][ T12] kthread+0x37b/0x5f0
[ 1214.354944][ T12] ret_from_fork+0x1db/0x270
[ 1214.355107][ T12] ret_from_fork_asm+0x11/0x20
[ 1214.355268][ T12]
[ 1214.355357][ T12] The buggy address belongs to the object at ffff88800b7fc000
[ 1214.355357][ T12] which belongs to the cache kmalloc-4k of size 4096
[ 1214.355797][ T12] The buggy address is located 1708 bytes inside of
[ 1214.355797][ T12] freed 4096-byte region [ffff88800b7fc000, ffff88800b7fd000)
[ 1214.356208][ T12]
[ 1214.356293][ T12] The buggy address belongs to the physical page:
[ 1214.356511][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb7f8
[ 1214.356828][ T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1214.357118][ T12] flags: 0x80000000000040(head|node=0|zone=1)
[ 1214.357336][ T12] page_type: f5(slab)
[ 1214.357473][ T12] raw: 0080000000000040 ffff888001043700 ffffea0000412c10 ffffea000041ba10
[ 1214.357793][ T12] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1214.358112][ T12] head: 0080000000000040 ffff888001043700 ffffea0000412c10 ffffea000041ba10
[ 1214.358415][ T12] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1214.358731][ T12] head: 0080000000000003 ffffea00002dfe01 00000000ffffffff 00000000ffffffff
[ 1214.359016][ T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1214.359330][ T12] page dumped because: kasan: bad access detected
[ 1214.359550][ T12]
[ 1214.359644][ T12] Memory state around the buggy address:
[ 1214.359822][ T12] ffff88800b7fc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1214.360088][ T12] ffff88800b7fc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1214.360361][ T12] >ffff88800b7fc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1214.360658][ T12] ^
[ 1214.360830][ T12] ffff88800b7fc700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1214.361086][ T12] ffff88800b7fc780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1214.361333][ T12] ==================================================================
[ 1214.361747][ T12] Disabling lock debugging due to kernel taint
[ 1214.361991][ T12] ------------[ cut here ]------------
[ 1214.362163][ T12] refcount_t: underflow; use-after-free.
[ 1214.362375][ T12] WARNING: CPU: 3 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[ 1214.362726][ T12] Modules linked in: act_gact cls_flower vxlan ip6_udp_tunnel udp_tunnel bridge stp llc 8021q sch_ingress vrf veth
[ 1214.363164][ T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G B 6.18.0-rc4-virtme #1 PREEMPT(full)
[ 1214.363569][ T12] Tainted: [B]=BAD_PAGE
[ 1214.363702][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1214.363912][ T12] Workqueue: netns cleanup_net
[ 1214.364099][ T12] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[ 1214.364318][ T12] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d c5 89 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[ 1214.364957][ T12] RSP: 0000:ffffc900000c7a08 EFLAGS: 00010282
[ 1214.365169][ T12] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 1214.365421][ T12] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[ 1214.365697][ T12] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff14be134
[ 1214.365965][ T12] R10: 0000000000000003 R11: ffffc900000c7580 R12: 0000000000000001
[ 1214.366214][ T12] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[ 1214.366471][ T12] FS: 0000000000000000(0000) GS:ffff8880aa972000(0000) knlGS:0000000000000000
[ 1214.366803][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1214.367040][ T12] CR2: 00007fac5991fc38 CR3: 000000000fcaf003 CR4: 0000000000772ef0
[ 1214.367292][ T12] PKRU: 55555554
[ 1214.367423][ T12] Call Trace:
[ 1214.367572][ T12]
[ 1214.367675][ T12] netdev_run_todo+0x5f0/0xc60
[ 1214.367861][ T12] ? rtnl_is_locked+0x15/0x20
[ 1214.368044][ T12] ? dev_ingress_queue_create+0x190/0x190
[ 1214.368210][ T12] ? generic_xdp_install+0x410/0x410
[ 1214.368371][ T12] ops_undo_list+0x714/0x890
[ 1214.368560][ T12] ? netns_get+0x110/0x110
[ 1214.368729][ T12] ? cleanup_net+0x2d6/0x830
[ 1214.368919][ T12] cleanup_net+0x3b2/0x830
[ 1214.369103][ T12] ? net_passive_dec+0x190/0x190
[ 1214.369263][ T12] ? rcu_is_watching+0x12/0xb0
[ 1214.369430][ T12] process_one_work+0xe35/0x1650
[ 1214.369630][ T12] ? pwq_dec_nr_in_flight+0x550/0x550
[ 1214.369797][ T12] ? assign_work+0x168/0x240
[ 1214.369998][ T12] worker_thread+0x591/0xcf0
[ 1214.370186][ T12] ? rescuer_thread+0xd10/0xd10
[ 1214.370358][ T12] kthread+0x37b/0x5f0
[ 1214.370511][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.370694][ T12] ? ret_from_fork+0x1b/0x270
[ 1214.370862][ T12] ? __lock_release+0x5d/0x170
[ 1214.371034][ T12] ? rcu_is_watching+0x12/0xb0
[ 1214.371203][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.371362][ T12] ret_from_fork+0x1db/0x270
[ 1214.371549][ T12] ? kthread_is_per_cpu+0xc0/0xc0
[ 1214.371720][ T12] ret_from_fork_asm+0x11/0x20
[ 1214.371891][ T12]
[ 1214.372031][ T12] irq event stamp: 128115
[ 1214.372167][ T12] hardirqs last enabled at (128115): [] irqentry_exit+0x3b/0x80
[ 1214.372500][ T12] hardirqs last disabled at (128114): [] handle_softirqs+0x47f/0x610
[ 1214.372807][ T12] softirqs last enabled at (127614): [] handle_softirqs+0x352/0x610
[ 1214.373181][ T12] softirqs last disabled at (127607): [] irq_exit_rcu+0xab/0x100
[ 1214.373471][ T12] ---[ end trace 0000000000000000 ]---
[ 1214.695818][ T12] vx20: left allmulticast mode
[ 1214.696158][ T12] vx20: left promiscuous mode
[ 1214.696656][ T12] br2: port 3(vx20) entered disabled state
[ 1214.699331][ T12] vx10: left allmulticast mode
[ 1214.700148][ T12] vx10: left promiscuous mode
[ 1214.700652][ T12] br2: port 2(vx10) entered disabled state
[ 1214.704618][ T12] w1: left allmulticast mode
[ 1214.704930][ T12] w1: left promiscuous mode
[ 1214.705410][ T12] br2: port 1(w1) entered disabled state
[ 1216.923833][T12094] br1: port 4(veth2) entered disabled state
[ 1217.001166][T12096] veth2: left allmulticast mode
[ 1217.001485][T12096] veth2: left promiscuous mode
[ 1217.002027][T12096] br1: port 4(veth2) entered disabled state
[ 1217.238537][T12099] br1: port 3(veth1) entered disabled state
[ 1217.336022][T12100] veth1: left allmulticast mode
[ 1217.336368][T12100] veth1: left promiscuous mode
[ 1217.336926][T12100] br1: port 3(veth1) entered disabled state
[ 1217.510043][T12102] vx20: left allmulticast mode
[ 1217.510488][T12102] vx20: left promiscuous mode
[ 1217.511221][T12102] br1: port 2(vx20) entered disabled state
[ 1217.839023][T12106] vx10: left allmulticast mode
[ 1217.839310][T12106] vx10: left promiscuous mode
[ 1217.839713][T12106] br1: port 1(vx10) entered disabled state