[   16.742734][  T249] ip (249) used greatest stack depth: 24448 bytes left
[   24.531997][  T323] br1: port 1(vx1) entered blocking state
[   24.532803][  T323] br1: port 1(vx1) entered disabled state
[   24.533604][  T323] vx1: entered allmulticast mode
[   24.539822][  T323] vx1: entered promiscuous mode
[   24.542511][  T323] br1: port 1(vx1) entered blocking state
[   24.543175][  T323] br1: port 1(vx1) entered forwarding state
[   24.681501][  T324] br1: port 2(veth1) entered blocking state
[   24.681971][  T324] br1: port 2(veth1) entered disabled state
[   24.682792][  T324] veth1: entered allmulticast mode
[   24.687699][  T324] veth1: entered promiscuous mode
[   24.812141][   T37] br1: port 2(veth1) entered blocking state
[   24.812787][   T37] br1: port 2(veth1) entered forwarding state
[   24.962801][  T326] br1: port 3(veth2) entered blocking state
[   24.963682][  T326] br1: port 3(veth2) entered disabled state
[   24.964217][  T326] veth2: entered allmulticast mode
[   24.968426][  T326] veth2: entered promiscuous mode
[   25.091261][   T37] br1: port 3(veth2) entered blocking state
[   25.091808][   T37] br1: port 3(veth2) entered forwarding state
[   30.211193][  T375] br2: port 1(w1) entered blocking state
[   30.211590][  T375] br2: port 1(w1) entered disabled state
[   30.211951][  T375] w1: entered allmulticast mode
[   30.216604][  T375] w1: entered promiscuous mode
[   31.032110][  T381] br2: port 2(vx2) entered blocking state
[   31.032743][  T381] br2: port 2(vx2) entered disabled state
[   31.033114][  T381] vx2: entered allmulticast mode
[   31.036595][  T381] vx2: entered promiscuous mode
[   31.038189][  T381] br2: port 2(vx2) entered blocking state
[   31.038552][  T381] br2: port 2(vx2) entered forwarding state
[   32.021659][   T37] br2: port 1(w1) entered blocking state
[   32.022574][   T37] br2: port 1(w1) entered forwarding state
[   34.690188][  T414] br2: port 1(w1) entered blocking state
[   34.690665][  T414] br2: port 1(w1) entered disabled state
[   34.691046][  T414] w1: entered allmulticast mode
[   34.694532][  T414] w1: entered promiscuous mode
[   35.434738][  T420] br2: port 2(vx2) entered blocking state
[   35.435159][  T420] br2: port 2(vx2) entered disabled state
[   35.435524][  T420] vx2: entered allmulticast mode
[   35.441177][  T420] vx2: entered promiscuous mode
[   35.443504][  T420] br2: port 2(vx2) entered blocking state
[   35.444367][  T420] br2: port 2(vx2) entered forwarding state
[   36.346031][   T37] br2: port 1(w1) entered blocking state
[   36.346594][   T37] br2: port 1(w1) entered forwarding state
[   50.057534][  T511] GACT probability NOT on
[   70.389846][  T764] seq (764) used greatest stack depth: 24096 bytes left
[   77.923271][  T843] veth3: entered promiscuous mode
[  119.775693][ T1332] veth3: left promiscuous mode
[  147.862570][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  147.964279][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.065540][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.166507][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.267514][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.368571][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.469612][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.570928][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.672375][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  148.773491][    C1] vxlan: non-ECT from 192.0.2.34 with TOS=0x1
[  152.955489][    C0] net_ratelimit: 3 callbacks suppressed
[  152.955501][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.056911][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.157969][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.258993][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.360086][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.461181][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  153.562276][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x2
[  213.760856][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  213.862665][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  213.964124][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.065621][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.166930][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.268061][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.369556][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.470587][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.571626][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  214.672625][    C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3
[  215.848646][ T2448] vx1: left allmulticast mode
[  215.849045][ T2448] vx1: left promiscuous mode
[  215.849591][ T2448] br1: port 1(vx1) entered disabled state
[  221.103696][ T2450] br1: port 1(vx1) entered blocking state
[  221.104266][ T2450] br1: port 1(vx1) entered disabled state
[  221.104860][ T2450] vx1: entered allmulticast mode
[  221.111092][ T2450] vx1: entered promiscuous mode
[  221.114079][ T2450] br1: port 1(vx1) entered blocking state
[  221.114585][ T2450] br1: port 1(vx1) entered forwarding state
[  259.539787][ T2821] veth3: entered promiscuous mode
[  300.904177][ T3310] veth3: left promiscuous mode
[  302.832069][ T3332] vx1: left allmulticast mode
[  302.832459][ T3332] vx1: left promiscuous mode
[  302.832962][ T3332] br1: port 1(vx1) entered disabled state
[  308.045921][ T3334] br1: port 1(vx1) entered blocking state
[  308.046323][ T3334] br1: port 1(vx1) entered disabled state
[  308.046693][ T3334] vx1: entered allmulticast mode
[  308.050677][ T3334] vx1: entered promiscuous mode
[  308.052407][ T3334] br1: port 1(vx1) entered blocking state
[  308.052762][ T3334] br1: port 1(vx1) entered forwarding state
[  455.573889][ T4246] vx1: left allmulticast mode
[  455.574240][ T4246] vx1: left promiscuous mode
[  455.574922][ T4246] br1: port 1(vx1) entered disabled state
[  460.825681][ T4248] br1: port 1(vx1) entered blocking state
[  460.826165][ T4248] br1: port 1(vx1) entered disabled state
[  460.827385][ T4248] vx1: entered allmulticast mode
[  460.832918][ T4248] vx1: entered promiscuous mode
[  460.834548][ T4248] br1: port 1(vx1) entered blocking state
[  460.835012][ T4248] br1: port 1(vx1) entered forwarding state
[  468.082184][   T69] vx2: left allmulticast mode
[  468.082882][   T69] vx2: left promiscuous mode
[  468.084941][   T69] br2: port 2(vx2) entered disabled state
[  468.094274][   T69] w1: left allmulticast mode
[  468.094867][   T69] w1: left promiscuous mode
[  468.095703][   T69] br2: port 1(w1) entered disabled state
[  468.172998][   T69] ==================================================================
[  468.173288][   T69] BUG: KASAN: slab-use-after-free in kobject_put+0xbb/0xd0
[  468.173562][   T69] Read of size 1 at addr ffff8880100946ac by task kworker/u16:1/69
[  468.173800][   T69] 
[  468.173887][   T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u16:1 Not tainted 6.18.0-rc4-virtme #1 PREEMPT(full) 
[  468.173892][   T69] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  468.173899][   T69] Workqueue: netns cleanup_net
[  468.173910][   T69] Call Trace:
[  468.173915][   T69]  <TASK>
[  468.173918][   T69]  dump_stack_lvl+0x82/0xc0
[  468.173925][   T69]  print_address_description.constprop.0+0x2c/0x3a0
[  468.173936][   T69]  ? kobject_put+0xbb/0xd0
[  468.173940][   T69]  print_report+0xb4/0x270
[  468.173943][   T69]  ? kobject_put+0xbb/0xd0
[  468.173946][   T69]  ? kasan_addr_to_slab+0x21/0x70
[  468.173950][   T69]  ? kobject_put+0xbb/0xd0
[  468.173953][   T69]  kasan_report+0xca/0x100
[  468.173956][   T69]  ? kobject_put+0xbb/0xd0
[  468.173962][   T69]  kobject_put+0xbb/0xd0
[  468.173966][   T69]  netdev_run_todo+0x5f0/0xc60
[  468.173972][   T69]  ? rtnl_is_locked+0x15/0x20
[  468.173977][   T69]  ? dev_ingress_queue_create+0x190/0x190
[  468.173980][   T69]  ? generic_xdp_install+0x410/0x410
[  468.173987][   T69]  ops_undo_list+0x714/0x890
[  468.173991][   T69]  ? netns_get+0x110/0x110
[  468.173994][   T69]  ? cleanup_net+0x2d6/0x830
[  468.173999][   T69]  cleanup_net+0x3b2/0x830
[  468.174003][   T69]  ? net_passive_dec+0x190/0x190
[  468.174007][   T69]  ? rcu_is_watching+0x12/0xb0
[  468.174019][   T69]  process_one_work+0xe35/0x1650
[  468.174028][   T69]  ? pwq_dec_nr_in_flight+0x550/0x550
[  468.174035][   T69]  ? assign_work+0x168/0x240
[  468.174040][   T69]  worker_thread+0x591/0xcf0
[  468.174045][   T69]  ? rescuer_thread+0xd10/0xd10
[  468.174049][   T69]  kthread+0x37b/0x5f0
[  468.174053][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.174056][   T69]  ? ret_from_fork+0x1b/0x270
[  468.174062][   T69]  ? __lock_release+0x5d/0x170
[  468.174070][   T69]  ? rcu_is_watching+0x12/0xb0
[  468.174073][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.174076][   T69]  ret_from_fork+0x1db/0x270
[  468.174078][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.174081][   T69]  ret_from_fork_asm+0x11/0x20
[  468.174091][   T69]  </TASK>
[  468.174092][   T69] 
[  468.180486][   T69] Allocated by task 393:
[  468.180614][   T69]  kasan_save_stack+0x24/0x40
[  468.180791][   T69]  kasan_save_track+0x14/0x30
[  468.180949][   T69]  __kasan_kmalloc+0x7b/0x90
[  468.181106][   T69]  __kvmalloc_node_noprof+0x2e5/0x8e0
[  468.181267][   T69]  alloc_netdev_mqs+0x7d/0x1370
[  468.181436][   T69]  sit_init_net+0x169/0x550
[  468.181599][   T69]  ops_init+0x189/0x550
[  468.181720][   T69]  setup_net+0xf1/0x380
[  468.181839][   T69]  copy_net_ns+0x21a/0x380
[  468.182007][   T69]  create_new_namespaces+0x35f/0x900
[  468.182164][   T69]  unshare_nsproxy_namespaces+0x89/0x120
[  468.182324][   T69]  ksys_unshare+0x2a3/0x660
[  468.182510][   T69]  __x64_sys_unshare+0x31/0x40
[  468.182675][   T69]  do_syscall_64+0xc1/0xfd0
[  468.182836][   T69]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  468.183039][   T69] 
[  468.183122][   T69] Freed by task 69:
[  468.183251][   T69]  kasan_save_stack+0x24/0x40
[  468.183417][   T69]  kasan_save_track+0x14/0x30
[  468.183579][   T69]  __kasan_save_free_info+0x3b/0x60
[  468.183743][   T69]  __kasan_slab_free+0x3f/0x60
[  468.183905][   T69]  kfree+0x21d/0x540
[  468.184026][   T69]  device_release+0x9c/0x210
[  468.184194][   T69]  kobject_cleanup+0xfe/0x360
[  468.184355][   T69]  netdev_run_todo+0x81f/0xc60
[  468.184530][   T69]  ops_undo_list+0x714/0x890
[  468.184691][   T69]  cleanup_net+0x3b2/0x830
[  468.184851][   T69]  process_one_work+0xe35/0x1650
[  468.185012][   T69]  worker_thread+0x591/0xcf0
[  468.185168][   T69]  kthread+0x37b/0x5f0
[  468.185289][   T69]  ret_from_fork+0x1db/0x270
[  468.185455][   T69]  ret_from_fork_asm+0x11/0x20
[  468.185623][   T69] 
[  468.185711][   T69] The buggy address belongs to the object at ffff888010094000
[  468.185711][   T69]  which belongs to the cache kmalloc-4k of size 4096
[  468.186107][   T69] The buggy address is located 1708 bytes inside of
[  468.186107][   T69]  freed 4096-byte region [ffff888010094000, ffff888010095000)
[  468.186502][   T69] 
[  468.186581][   T69] The buggy address belongs to the physical page:
[  468.186787][   T69] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090
[  468.187107][   T69] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  468.187350][   T69] flags: 0x80000000000040(head|node=0|zone=1)
[  468.187599][   T69] page_type: f5(slab)
[  468.187729][   T69] raw: 0080000000000040 ffff888001043700 ffffea0000385c10 ffffea00002bb410
[  468.188025][   T69] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  468.188323][   T69] head: 0080000000000040 ffff888001043700 ffffea0000385c10 ffffea00002bb410
[  468.188612][   T69] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  468.188892][   T69] head: 0080000000000003 ffffea0000402401 00000000ffffffff 00000000ffffffff
[  468.189168][   T69] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  468.189458][   T69] page dumped because: kasan: bad access detected
[  468.189662][   T69] 
[  468.189741][   T69] Memory state around the buggy address:
[  468.189895][   T69]  ffff888010094580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.190124][   T69]  ffff888010094600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.190361][   T69] >ffff888010094680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.190595][   T69]                                   ^
[  468.190747][   T69]  ffff888010094700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.190975][   T69]  ffff888010094780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  468.191287][   T69] ==================================================================
[  468.191937][   T69] Disabling lock debugging due to kernel taint
[  468.192190][   T69] ------------[ cut here ]------------
[  468.192466][   T69] refcount_t: underflow; use-after-free.
[  468.192661][   T69] WARNING: CPU: 1 PID: 69 at lib/refcount.c:28 refcount_warn_saturate+0x16f/0x1b0
[  468.192933][   T69] Modules linked in: act_gact cls_flower vxlan ip6_udp_tunnel udp_tunnel bridge stp llc sch_ingress vrf veth
[  468.193322][   T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u16:1 Tainted: G    B               6.18.0-rc4-virtme #1 PREEMPT(full) 
[  468.193687][   T69] Tainted: [B]=BAD_PAGE
[  468.193804][   T69] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  468.194002][   T69] Workqueue: netns cleanup_net
[  468.194173][   T69] RIP: 0010:refcount_warn_saturate+0x16f/0x1b0
[  468.194395][   T69] Code: 7d 93 02 80 fb 01 0f 87 bb 99 d9 fe 83 e3 01 0f 85 51 ff ff ff c6 05 a8 7d 93 02 01 90 48 c7 c7 60 8d 05 87 e8 32 bf 18 ff 90 <0f> 0b 90 90 e9 33 ff ff ff 48 89 df e8 b0 63 a1 ff e9 ba fe ff ff
[  468.195049][   T69] RSP: 0018:ffffc900004a7a08 EFLAGS: 00010282
[  468.195252][   T69] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  468.195502][   T69] RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000001
[  468.195798][   T69] RBP: 0000000000000003 R08: 0000000000000000 R09: fffffbfff0f3e134
[  468.196122][   T69] R10: 0000000000000003 R11: ffffc900004a7580 R12: 0000000000000001
[  468.196359][   T69] R13: dffffc0000000000 R14: dead000000000122 R15: dead000000000100
[  468.196603][   T69] FS:  0000000000000000(0000) GS:ffff8880ad472000(0000) knlGS:0000000000000000
[  468.196965][   T69] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  468.197160][   T69] CR2: 00000000004061e9 CR3: 000000000f64c001 CR4: 0000000000772ef0
[  468.197411][   T69] PKRU: 55555554
[  468.197641][   T69] Call Trace:
[  468.197760][   T69]  <TASK>
[  468.197845][   T69]  netdev_run_todo+0x5f0/0xc60
[  468.198009][   T69]  ? rtnl_is_locked+0x15/0x20
[  468.198211][   T69]  ? dev_ingress_queue_create+0x190/0x190
[  468.198467][   T69]  ? generic_xdp_install+0x410/0x410
[  468.198644][   T69]  ops_undo_list+0x714/0x890
[  468.198806][   T69]  ? netns_get+0x110/0x110
[  468.198959][   T69]  ? cleanup_net+0x2d6/0x830
[  468.201488][   T69]  cleanup_net+0x3b2/0x830
[  468.201713][   T69]  ? net_passive_dec+0x190/0x190
[  468.201869][   T69]  ? rcu_is_watching+0x12/0xb0
[  468.202043][   T69]  process_one_work+0xe35/0x1650
[  468.202284][   T69]  ? pwq_dec_nr_in_flight+0x550/0x550
[  468.202470][   T69]  ? assign_work+0x168/0x240
[  468.202648][   T69]  worker_thread+0x591/0xcf0
[  468.202817][   T69]  ? rescuer_thread+0xd10/0xd10
[  468.203055][   T69]  kthread+0x37b/0x5f0
[  468.203170][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.203330][   T69]  ? ret_from_fork+0x1b/0x270
[  468.203500][   T69]  ? __lock_release+0x5d/0x170
[  468.203779][   T69]  ? rcu_is_watching+0x12/0xb0
[  468.203933][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.204085][   T69]  ret_from_fork+0x1db/0x270
[  468.204239][   T69]  ? kthread_is_per_cpu+0xc0/0xc0
[  468.204407][   T69]  ret_from_fork_asm+0x11/0x20
[  468.204573][   T69]  </TASK>
[  468.204697][   T69] irq event stamp: 64459
[  468.204820][   T69] hardirqs last  enabled at (64459): [<ffffffff84cfd505>] finish_task_switch.isra.0+0x245/0x960
[  468.205216][   T69] hardirqs last disabled at (64458): [<ffffffff86d9d2ca>] __schedule+0x94a/0x1b10
[  468.205514][   T69] softirqs last  enabled at (63740): [<ffffffff84c5b112>] handle_softirqs+0x352/0x610
[  468.205864][   T69] softirqs last disabled at (63735): [<ffffffff84c5b97b>] irq_exit_rcu+0xab/0x100
[  468.206147][   T69] ---[ end trace 0000000000000000 ]---
[  468.414040][   T69] vx2: left allmulticast mode
[  468.414292][   T69] vx2: left promiscuous mode
[  468.414647][   T69] br2: port 2(vx2) entered disabled state
[  468.416449][   T69] w1: left allmulticast mode
[  468.416685][   T69] w1: left promiscuous mode
[  468.417041][   T69] br2: port 1(w1) entered disabled state
[  470.223931][ T4293] vx1: left allmulticast mode
[  470.224181][ T4293] vx1: left promiscuous mode
[  470.224513][ T4293] br1: port 1(vx1) entered disabled state
[  470.460791][ T4296] br1: port 3(veth2) entered disabled state
[  470.537929][ T4297] veth2: left allmulticast mode
[  470.538231][ T4297] veth2: left promiscuous mode
[  470.538842][ T4297] br1: port 3(veth2) entered disabled state
[  470.610449][ T4298] br1: port 2(veth1) entered disabled state
[  470.697849][ T4299] veth1: left allmulticast mode
[  470.698087][ T4299] veth1: left promiscuous mode
[  470.698442][ T4299] br1: port 2(veth1) entered disabled state