[   15.072231][  T251] ip (251) used greatest stack depth: 24688 bytes left
[   16.090142][  T273] ip (273) used greatest stack depth: 24064 bytes left
[   21.991067][  T327] br1: port 1(vx10) entered blocking state
[   21.992016][  T327] br1: port 1(vx10) entered disabled state
[   21.992614][  T327] vx10: entered allmulticast mode
[   21.996228][  T327] vx10: entered promiscuous mode
[   21.997258][  T327] br1: port 1(vx10) entered blocking state
[   21.997794][  T327] br1: port 1(vx10) entered forwarding state
[   22.546561][  T332] br1: port 2(vx20) entered blocking state
[   22.547784][  T332] br1: port 2(vx20) entered disabled state
[   22.548489][  T332] vx20: entered allmulticast mode
[   22.552171][  T332] vx20: entered promiscuous mode
[   22.553382][  T332] br1: port 2(vx20) entered blocking state
[   22.553803][  T332] br1: port 2(vx20) entered forwarding state
[   22.825912][  T334] br1: port 3(veth1) entered blocking state
[   22.826396][  T334] br1: port 3(veth1) entered disabled state
[   22.826962][  T334] veth1: entered allmulticast mode
[   22.830340][  T334] veth1: entered promiscuous mode
[   22.952738][   T35] br1: port 3(veth1) entered blocking state
[   22.953320][   T35] br1: port 3(veth1) entered forwarding state
[   23.196331][  T337] br1: port 4(veth2) entered blocking state
[   23.196787][  T337] br1: port 4(veth2) entered disabled state
[   23.197197][  T337] veth2: entered allmulticast mode
[   23.200580][  T337] veth2: entered promiscuous mode
[   23.348251][   T36] br1: port 4(veth2) entered blocking state
[   23.349012][   T36] br1: port 4(veth2) entered forwarding state
[   24.401324][  T347] 8021q: 802.1Q VLAN Support v1.8
[   24.882155][  T350] br1: entered promiscuous mode
[   24.886630][  T350] br1: left promiscuous mode
[   24.895816][  T350] br1: entered promiscuous mode
[   33.192998][  T431] br1: port 1(vx10) entered blocking state
[   33.193541][  T431] br1: port 1(vx10) entered disabled state
[   33.194030][  T431] vx10: entered allmulticast mode
[   33.197914][  T431] vx10: entered promiscuous mode
[   33.199223][  T431] br1: port 1(vx10) entered blocking state
[   33.199749][  T431] br1: port 1(vx10) entered forwarding state
[   33.685420][  T435] br1: port 2(vx20) entered blocking state
[   33.686120][  T435] br1: port 2(vx20) entered disabled state
[   33.686558][  T435] vx20: entered allmulticast mode
[   33.690161][  T435] vx20: entered promiscuous mode
[   33.691039][  T435] br1: port 2(vx20) entered blocking state
[   33.691451][  T435] br1: port 2(vx20) entered forwarding state
[   33.932283][  T437] br1: port 3(w1) entered blocking state
[   33.932729][  T437] br1: port 3(w1) entered disabled state
[   33.933149][  T437] w1: entered allmulticast mode
[   33.936573][  T437] w1: entered promiscuous mode
[   34.031866][   T45] br1: port 3(w1) entered blocking state
[   34.032225][   T45] br1: port 3(w1) entered forwarding state
[   34.303651][  T440] br1: port 4(w3) entered blocking state
[   34.304123][  T440] br1: port 4(w3) entered disabled state
[   34.304542][  T440] w3: entered allmulticast mode
[   34.308052][  T440] w3: entered promiscuous mode
[   34.443407][   T36] br1: port 4(w3) entered blocking state
[   34.443953][   T36] br1: port 4(w3) entered forwarding state
[   35.588560][  T450] br1: entered promiscuous mode
[   35.592483][  T450] br1: left promiscuous mode
[   35.597488][  T450] br1: entered promiscuous mode
[   36.499846][    C0] br1: received packet on vx10 with own address as source address (addr:00:00:5e:00:01:01, vlan:10)
[   36.504200][    C0] IPv6: vlan10-v: IPv6 duplicate address fe80::200:5eff:fe00:101 used by 00:00:5e:00:01:01 detected!
[   36.883781][    C1] br1: received packet on vx20 with own address as source address (addr:00:00:5e:00:01:01, vlan:20)
[   36.886462][    C1] br1: received packet on vx20 with own address as source address (addr:00:00:5e:00:01:01, vlan:20)
[   36.887852][    C1] IPv6: vlan20-v: IPv6 duplicate address fe80::200:5eff:fe00:101 used by 00:00:5e:00:01:01 detected!
[   65.500896][  T674] GACT probability NOT on
[   72.792429][   T12] w3: left allmulticast mode
[   72.792976][   T12] w3: left promiscuous mode
[   72.793572][   T12] br1: port 4(w3) entered disabled state
[   72.797938][   T12] w1: left allmulticast mode
[   72.798336][   T12] w1: left promiscuous mode
[   72.799833][   T12] br1: port 3(w1) entered disabled state
[   72.804140][   T12] vx20: left allmulticast mode
[   72.804607][   T12] vx20: left promiscuous mode
[   72.805155][   T12] br1: port 2(vx20) entered disabled state
[   72.808970][   T12] vx10: left allmulticast mode
[   72.809376][   T12] vx10: left promiscuous mode
[   72.809908][   T12] br1: port 1(vx10) entered disabled state
[   72.929874][   T12] ==================================================================
[   72.930171][   T12] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[   72.930439][   T12] Read of size 1 at addr ffff8880090046ac by task kworker/u16:0/12
[   72.930688][   T12] 
[   72.930785][   T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[   72.930791][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   72.930794][   T12] Workqueue: netns cleanup_net
[   72.930803][   T12] Call Trace:
[   72.930805][   T12]  <TASK>
[   72.930807][   T12]  dump_stack_lvl+0x82/0xc0
[   72.930813][   T12]  print_address_description.constprop.0+0x2c/0x3a0
[   72.930822][   T12]  ? kobject_put+0xbb/0xd0
[   72.930827][   T12]  print_report+0xb4/0x270
[   72.930830][   T12]  ? kobject_put+0xbb/0xd0
[   72.930833][   T12]  ? kasan_addr_to_slab+0x21/0x70
[   72.930837][   T12]  ? kobject_put+0xbb/0xd0
[   72.930840][   T12]  kasan_report+0xca/0x100
[   72.930843][   T12]  ? kobject_put+0xbb/0xd0
[   72.930849][   T12]  kobject_put+0xbb/0xd0
[   72.930853][   T12]  netdev_run_todo+0x5f0/0xc60
[   72.930858][   T12]  ? rtnl_is_locked+0x15/0x20
[   72.930863][   T12]  ? dev_ingress_queue_create+0x190/0x190
[   72.930866][   T12]  ? generic_xdp_install+0x410/0x410
[   72.930873][   T12]  ops_undo_list+0x714/0x890
[   72.930878][   T12]  ? netns_get+0x110/0x110
[   72.930880][   T12]  ? cleanup_net+0x2d6/0x830
[   72.930886][   T12]  cleanup_net+0x3b2/0x830
[   72.930890][   T12]  ? net_passive_dec+0x190/0x190
[   72.930894][   T12]  ? rcu_is_watching+0x12/0xb0
[   72.930902][   T12]  process_one_work+0xe35/0x1650
[   72.930913][   T12]  ? pwq_dec_nr_in_flight+0x550/0x550
[   72.930919][   T12]  ? assign_work+0x168/0x240
[   72.930923][   T12]  worker_thread+0x591/0xcf0
[   72.930929][   T12]  ? rescuer_thread+0xd10/0xd10
[   72.930932][   T12]  kthread+0x37b/0x5f0
[   72.930937][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.930940][   T12]  ? ret_from_fork+0x1b/0x270
[   72.930946][   T12]  ? __lock_release+0x5d/0x170
[   72.930954][   T12]  ? rcu_is_watching+0x12/0xb0
[   72.930957][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.930961][   T12]  ret_from_fork+0x1db/0x270
[   72.930963][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.930966][   T12]  ret_from_fork_asm+0x11/0x20
[   72.930978][   T12]  </TASK>
[   72.930980][   T12] 
[   72.937322][   T12] Allocated by task 450:
[   72.937449][   T12]  kasan_save_stack+0x24/0x40
[   72.937625][   T12]  kasan_save_track+0x14/0x30
[   72.937785][   T12]  __kasan_kmalloc+0x7b/0x90
[   72.937957][   T12]  __kvmalloc_node_noprof+0x2e5/0x8e0
[   72.938130][   T12]  alloc_netdev_mqs+0x7d/0x1370
[   72.938312][   T12]  rtnl_create_link+0xa9e/0xe20
[   72.938472][   T12]  rtnl_newlink_create+0x203/0x770
[   72.938639][   T12]  __rtnl_newlink+0x231/0xa30
[   72.938799][   T12]  rtnl_newlink+0x693/0xa60
[   72.938970][   T12]  rtnetlink_rcv_msg+0x709/0xc00
[   72.939135][   T12]  netlink_rcv_skb+0x121/0x340
[   72.939311][   T12]  netlink_unicast+0x4aa/0x780
[   72.939478][   T12]  netlink_sendmsg+0x714/0xbd0
[   72.939634][   T12]  ____sys_sendmsg+0x3dd/0x890
[   72.939794][   T12]  ___sys_sendmsg+0xed/0x170
[   72.939950][   T12]  __sys_sendmsg+0x10b/0x1a0
[   72.940114][   T12]  do_syscall_64+0xc1/0xfd0
[   72.940289][   T12]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   72.940494][   T12] 
[   72.940586][   T12] Freed by task 12:
[   72.940709][   T12]  kasan_save_stack+0x24/0x40
[   72.940867][   T12]  kasan_save_track+0x14/0x30
[   72.941036][   T12]  __kasan_save_free_info+0x3b/0x60
[   72.941196][   T12]  __kasan_slab_free+0x3f/0x60
[   72.941361][   T12]  kfree+0x21d/0x540
[   72.941480][   T12]  device_release+0x9c/0x210
[   72.941661][   T12]  kobject_cleanup+0xfe/0x360
[   72.941816][   T12]  netdev_run_todo+0x81f/0xc60
[   72.941983][   T12]  ops_undo_list+0x714/0x890
[   72.942141][   T12]  cleanup_net+0x3b2/0x830
[   72.942314][   T12]  process_one_work+0xe35/0x1650
[   72.942484][   T12]  worker_thread+0x591/0xcf0
[   72.942655][   T12]  kthread+0x37b/0x5f0
[   72.942776][   T12]  ret_from_fork+0x1db/0x270
[   72.942941][   T12]  ret_from_fork_asm+0x11/0x20
[   72.943111][   T12] 
[   72.943194][   T12] The buggy address belongs to the object at ffff888009004000
[   72.943194][   T12]  which belongs to the cache kmalloc-4k of size 4096
[   72.943601][   T12] The buggy address is located 1708 bytes inside of
[   72.943601][   T12]  freed 4096-byte region [ffff888009004000, ffff888009005000)
[   72.943992][   T12] 
[   72.944078][   T12] The buggy address belongs to the physical page:
[   72.944288][   T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9000
[   72.944591][   T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   72.944841][   T12] flags: 0x80000000000040(head|node=0|zone=1)
[   72.945053][   T12] page_type: f5(slab)
[   72.945193][   T12] raw: 0080000000000040 ffff888001043700 ffffea00002ba610 ffffea000023ba10
[   72.945676][   T12] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   72.945973][   T12] head: 0080000000000040 ffff888001043700 ffffea00002ba610 ffffea000023ba10
[   72.946375][   T12] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[   72.946673][   T12] head: 0080000000000003 ffffea0000240001 00000000ffffffff 00000000ffffffff
[   72.946959][   T12] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   72.947237][   T12] page dumped because: kasan: bad access detected
[   72.947446][   T12] 
[   72.947531][   T12] Memory state around the buggy address:
[   72.947766][   T12]  ffff888009004580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.948016][   T12]  ffff888009004600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.948331][   T12] >ffff888009004680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.948647][   T12]                                   ^
[   72.948808][   T12]  ffff888009004700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.949125][   T12]  ffff888009004780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.949439][   T12] ==================================================================
[   72.949741][   T12] Disabling lock debugging due to kernel taint
[   72.949936][   T12] ------------[ cut here ]------------
[   72.950082][   T12] refcount_t: underflow; use-after-free.
[   72.950289][   T12] WARNING: CPU: 3 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[   72.950568][   T12] Modules linked in: act_gact cls_flower sch_ingress macvlan 8021q vxlan ip6_udp_tunnel udp_tunnel bridge stp llc vrf veth
[   72.951001][   T12] CPU: 3 UID: 0 PID: 12 Comm: kworker/u16:0 Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[   72.951549][   T12] Tainted: [B]=BAD_PAGE
[   72.951677][   T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   72.951878][   T12] Workqueue: netns cleanup_net
[   72.952221][   T12] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[   72.952432][   T12] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 25 95 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[   72.953008][   T12] RSP: 0018:ffffc900000c7a08 EFLAGS: 00010282
[   72.953215][   T12] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   72.953456][   T12] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[   72.953688][   T12] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff2b7e134
[   72.954020][   T12] R10: 0000000000000003 R11: ffffc900000c7580 R12: 0000000000000001
[   72.954256][   T12] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[   72.954495][   T12] FS:  0000000000000000(0000) GS:ffff88809f372000(0000) knlGS:0000000000000000
[   72.954780][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.955035][   T12] CR2: 00007fba18707770 CR3: 000000000f3d8005 CR4: 0000000000772ef0
[   72.955299][   T12] PKRU: 55555554
[   72.955517][   T12] Call Trace:
[   72.955735][   T12]  <TASK>
[   72.955828][   T12]  netdev_run_todo+0x5f0/0xc60
[   72.956007][   T12]  ? rtnl_is_locked+0x15/0x20
[   72.956191][   T12]  ? dev_ingress_queue_create+0x190/0x190
[   72.956446][   T12]  ? generic_xdp_install+0x410/0x410
[   72.956631][   T12]  ops_undo_list+0x714/0x890
[   72.956817][   T12]  ? netns_get+0x110/0x110
[   72.956995][   T12]  ? cleanup_net+0x2d6/0x830
[   72.957337][   T12]  cleanup_net+0x3b2/0x830
[   72.957512][   T12]  ? net_passive_dec+0x190/0x190
[   72.957684][   T12]  ? rcu_is_watching+0x12/0xb0
[   72.958060][   T12]  process_one_work+0xe35/0x1650
[   72.958252][   T12]  ? pwq_dec_nr_in_flight+0x550/0x550
[   72.958435][   T12]  ? assign_work+0x168/0x240
[   72.958609][   T12]  worker_thread+0x591/0xcf0
[   72.958795][   T12]  ? rescuer_thread+0xd10/0xd10
[   72.958971][   T12]  kthread+0x37b/0x5f0
[   72.959102][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.959271][   T12]  ? ret_from_fork+0x1b/0x270
[   72.959444][   T12]  ? __lock_release+0x5d/0x170
[   72.959706][   T12]  ? rcu_is_watching+0x12/0xb0
[   72.959899][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.960071][   T12]  ret_from_fork+0x1db/0x270
[   72.960324][   T12]  ? kthread_is_per_cpu+0xc0/0xc0
[   72.960489][   T12]  ret_from_fork_asm+0x11/0x20
[   72.960664][   T12]  </TASK>
[   72.960804][   T12] irq event stamp: 73727
[   72.960932][   T12] hardirqs last  enabled at (73727): [<ffffffff94f93e8b>] irqentry_exit+0x3b/0x80
[   72.961242][   T12] hardirqs last disabled at (73726): [<ffffffff92e5b23f>] handle_softirqs+0x47f/0x610
[   72.961538][   T12] softirqs last  enabled at (73474): [<ffffffff92e5b112>] handle_softirqs+0x352/0x610
[   72.961904][   T12] softirqs last disabled at (73467): [<ffffffff92e5b97b>] irq_exit_rcu+0xab/0x100
[   72.962258][   T12] ---[ end trace 0000000000000000 ]---
[   74.212123][  T805] br1: left promiscuous mode
[   74.782932][  T811] br1: port 4(veth2) entered disabled state
[   74.856918][  T812] veth2: left allmulticast mode
[   74.857172][  T812] veth2: left promiscuous mode
[   74.857534][  T812] br1: port 4(veth2) entered disabled state
[   75.012994][  T814] br1: port 3(veth1) entered disabled state
[   75.074947][  T815] veth1: left allmulticast mode
[   75.075166][  T815] veth1: left promiscuous mode
[   75.075470][  T815] br1: port 3(veth1) entered disabled state
[   75.210115][  T817] vx20: left allmulticast mode
[   75.210334][  T817] vx20: left promiscuous mode
[   75.210636][  T817] br1: port 2(vx20) entered disabled state
[   75.517315][  T821] vx10: left allmulticast mode
[   75.517537][  T821] vx10: left promiscuous mode
[   75.517844][  T821] br1: port 1(vx10) entered disabled state