[   12.111924][  T249] ip (249) used greatest stack depth: 23984 bytes left
[   15.457660][  T300] 8021q: 802.1Q VLAN Support v1.8
[   19.626906][  T349] br1: port 1(vx10) entered blocking state
[   19.627380][  T349] br1: port 1(vx10) entered disabled state
[   19.627799][  T349] vx10: entered allmulticast mode
[   19.629899][  T349] vx10: entered promiscuous mode
[   19.631921][  T349] br1: port 1(vx10) entered blocking state
[   19.632287][  T349] br1: port 1(vx10) entered forwarding state
[   19.995476][  T354] br1: port 2(vx20) entered blocking state
[   19.996117][  T354] br1: port 2(vx20) entered disabled state
[   19.997005][  T354] vx20: entered allmulticast mode
[   19.999010][  T354] vx20: entered promiscuous mode
[   19.999922][  T354] br1: port 2(vx20) entered blocking state
[   20.000192][  T354] br1: port 2(vx20) entered forwarding state
[   20.192054][  T356] br1: port 3(veth1) entered blocking state
[   20.192431][  T356] br1: port 3(veth1) entered disabled state
[   20.192799][  T356] veth1: entered allmulticast mode
[   20.194949][  T356] veth1: entered promiscuous mode
[   20.314860][  T150] br1: port 3(veth1) entered blocking state
[   20.315483][  T150] br1: port 3(veth1) entered forwarding state
[   20.711049][  T361] br1: port 4(veth2) entered blocking state
[   20.711400][  T361] br1: port 4(veth2) entered disabled state
[   20.711698][  T361] veth2: entered allmulticast mode
[   20.713618][  T361] veth2: entered promiscuous mode
[   20.831904][  T151] br1: port 4(veth2) entered blocking state
[   20.832266][  T151] br1: port 4(veth2) entered forwarding state
[   24.776546][  T412] br2: port 1(w1) entered blocking state
[   24.776920][  T412] br2: port 1(w1) entered disabled state
[   24.777480][  T412] w1: entered allmulticast mode
[   24.780869][  T412] w1: entered promiscuous mode
[   25.462293][  T420] br2: port 2(vx10) entered blocking state
[   25.462609][  T420] br2: port 2(vx10) entered disabled state
[   25.462882][  T420] vx10: entered allmulticast mode
[   25.464830][  T420] vx10: entered promiscuous mode
[   25.465411][  T420] br2: port 2(vx10) entered blocking state
[   25.465688][  T420] br2: port 2(vx10) entered forwarding state
[   26.057556][  T427] br2: port 3(vx20) entered blocking state
[   26.058025][  T427] br2: port 3(vx20) entered disabled state
[   26.058506][  T427] vx20: entered allmulticast mode
[   26.062258][  T427] vx20: entered promiscuous mode
[   26.063152][  T427] br2: port 3(vx20) entered blocking state
[   26.063602][  T427] br2: port 3(vx20) entered forwarding state
[   26.877274][   T39] br2: port 1(w1) entered blocking state
[   26.877841][   T39] br2: port 1(w1) entered forwarding state
[   29.526868][  T469] br2: port 1(w1) entered blocking state
[   29.527262][  T469] br2: port 1(w1) entered disabled state
[   29.528632][  T469] w1: entered allmulticast mode
[   29.531964][  T469] w1: entered promiscuous mode
[   30.280197][  T477] br2: port 2(vx10) entered blocking state
[   30.281619][  T477] br2: port 2(vx10) entered disabled state
[   30.282139][  T477] vx10: entered allmulticast mode
[   30.284201][  T477] vx10: entered promiscuous mode
[   30.284763][  T477] br2: port 2(vx10) entered blocking state
[   30.285003][  T477] br2: port 2(vx10) entered forwarding state
[   30.920494][  T484] br2: port 3(vx20) entered blocking state
[   30.920819][  T484] br2: port 3(vx20) entered disabled state
[   30.921118][  T484] vx20: entered allmulticast mode
[   30.923120][  T484] vx20: entered promiscuous mode
[   30.923715][  T484] br2: port 3(vx20) entered blocking state
[   30.924056][  T484] br2: port 3(vx20) entered forwarding state
[   31.659990][  T151] br2: port 1(w1) entered blocking state
[   31.660286][  T151] br2: port 1(w1) entered forwarding state
[   42.852408][  T572] GACT probability NOT on
[  172.881177][ T1374] veth3: entered promiscuous mode
[  228.049199][ T2301] veth3: left promiscuous mode
[  228.620758][ T2307] veth3: entered promiscuous mode
[  284.589200][ T3234] veth3: left promiscuous mode
[  285.666000][ T3252] vx20: left allmulticast mode
[  285.666296][ T3252] vx20: left promiscuous mode
[  285.666644][ T3252] br1: port 2(vx20) entered disabled state
[  285.769782][ T3253] vx10: left allmulticast mode
[  285.770065][ T3253] vx10: left promiscuous mode
[  285.770450][ T3253] br1: port 1(vx10) entered disabled state
[  291.231785][ T3258] br1: port 1(vx10) entered blocking state
[  291.232276][ T3258] br1: port 1(vx10) entered disabled state
[  291.232678][ T3258] vx10: entered allmulticast mode
[  291.235763][ T3258] vx10: entered promiscuous mode
[  291.236624][ T3258] br1: port 1(vx10) entered blocking state
[  291.237035][ T3258] br1: port 1(vx10) entered forwarding state
[  291.427355][ T3260] br1: port 2(vx20) entered blocking state
[  291.427690][ T3260] br1: port 2(vx20) entered disabled state
[  291.427991][ T3260] vx20: entered allmulticast mode
[  291.431086][ T3260] vx20: entered promiscuous mode
[  291.431712][ T3260] br1: port 2(vx20) entered blocking state
[  291.431984][ T3260] br1: port 2(vx20) entered forwarding state
[  431.647477][ T4088] veth3: entered promiscuous mode
[  486.223677][ T5015] veth3: left promiscuous mode
[  486.743962][ T5021] veth3: entered promiscuous mode
[  546.011842][ T5949] veth3: left promiscuous mode
[  892.878738][   T66] vx20: left allmulticast mode
[  892.879041][   T66] vx20: left promiscuous mode
[  892.879512][   T66] br2: port 3(vx20) entered disabled state
[  892.882234][   T66] vx10: left allmulticast mode
[  892.882433][   T66] vx10: left promiscuous mode
[  892.882755][   T66] br2: port 2(vx10) entered disabled state
[  892.884431][   T66] w1: left allmulticast mode
[  892.884714][   T66] w1: left promiscuous mode
[  892.885020][   T66] br2: port 1(w1) entered disabled state
[  893.442249][   T66] vx20: left allmulticast mode
[  893.442472][   T66] vx20: left promiscuous mode
[  893.442786][   T66] br2: port 3(vx20) entered disabled state
[  893.445083][   T66] vx10: left allmulticast mode
[  893.445312][   T66] vx10: left promiscuous mode
[  893.445611][   T66] br2: port 2(vx10) entered disabled state
[  893.456031][   T66] w1: left allmulticast mode
[  893.457617][   T66] w1: left promiscuous mode
[  893.457967][   T66] br2: port 1(w1) entered disabled state
[  893.851849][   T66] ==================================================================
[  893.852193][   T66] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[  893.852464][   T66] Read of size 8 at addr ffff88800f169a38 by task kworker/u16:1/66
[  893.852665][   T66] 
[  893.852739][   T66] CPU: 0 UID: 0 PID: 66 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1
[  893.853006][   T66] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  893.853181][   T66] Workqueue: netns cleanup_net
[  893.853387][   T66] Call Trace:
[  893.853506][   T66]  <TASK>
[  893.853580][   T66]  dump_stack_lvl+0x82/0xd0
[  893.853778][   T66]  print_address_description.constprop.0+0x2c/0x3b0
[  893.854007][   T66]  ? cleanup_net+0x932/0xa40
[  893.854150][   T66]  print_report+0xb4/0x270
[  893.854305][   T66]  ? kasan_addr_to_slab+0x25/0x80
[  893.854493][   T66]  kasan_report+0xbd/0xf0
[  893.854607][   T66]  ? cleanup_net+0x932/0xa40
[  893.854764][   T66]  cleanup_net+0x932/0xa40
[  893.854934][   T66]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  893.855079][   T66]  ? __pfx_cleanup_net+0x10/0x10
[  893.855233][   T66]  ? trace_lock_acquire+0x148/0x1f0
[  893.855424][   T66]  ? lock_acquire+0x32/0xc0
[  893.855564][   T66]  ? process_one_work+0xe0b/0x16d0
[  893.855702][   T66]  process_one_work+0xe55/0x16d0
[  893.855846][   T66]  ? __pfx___lock_release+0x10/0x10
[  893.856027][   T66]  ? __pfx_process_one_work+0x10/0x10
[  893.856192][   T66]  ? assign_work+0x16c/0x240
[  893.856345][   T66]  worker_thread+0x58c/0xce0
[  893.856488][   T66]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  893.856711][   T66]  ? __pfx_worker_thread+0x10/0x10
[  893.856841][   T66]  ? __pfx_worker_thread+0x10/0x10
[  893.857015][   T66]  kthread+0x28a/0x350
[  893.857136][   T66]  ? __pfx_kthread+0x10/0x10
[  893.857289][   T66]  ret_from_fork+0x31/0x70
[  893.857430][   T66]  ? __pfx_kthread+0x10/0x10
[  893.857576][   T66]  ret_from_fork_asm+0x1a/0x30
[  893.857722][   T66]  </TASK>
[  893.857848][   T66] 
[  893.857922][   T66] Allocated by task 448:
[  893.858028][   T66]  kasan_save_stack+0x24/0x50
[  893.858181][   T66]  kasan_save_track+0x14/0x30
[  893.858378][   T66]  __kasan_slab_alloc+0x59/0x70
[  893.858521][   T66]  kmem_cache_alloc_noprof+0x10b/0x350
[  893.858682][   T66]  copy_net_ns+0xc6/0x340
[  893.858801][   T66]  create_new_namespaces+0x35f/0x920
[  893.858987][   T66]  unshare_nsproxy_namespaces+0x8d/0x130
[  893.859150][   T66]  ksys_unshare+0x2a9/0x660
[  893.859320][   T66]  __x64_sys_unshare+0x31/0x40
[  893.859505][   T66]  do_syscall_64+0xc1/0x1d0
[  893.859647][   T66]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.859821][   T66] 
[  893.859892][   T66] Freed by task 66:
[  893.859994][   T66]  kasan_save_stack+0x24/0x50
[  893.860138][   T66]  kasan_save_track+0x14/0x30
[  893.860288][   T66]  kasan_save_free_info+0x3b/0x60
[  893.860442][   T66]  __kasan_slab_free+0x38/0x50
[  893.860630][   T66]  kmem_cache_free+0xf8/0x330
[  893.860761][   T66]  cleanup_net+0x5a8/0xa40
[  893.860886][   T66]  process_one_work+0xe55/0x16d0
[  893.861009][   T66]  worker_thread+0x58c/0xce0
[  893.861131][   T66]  kthread+0x28a/0x350
[  893.861240][   T66]  ret_from_fork+0x31/0x70
[  893.861384][   T66]  ret_from_fork_asm+0x1a/0x30
[  893.861527][   T66] 
[  893.861609][   T66] Last potentially related work creation:
[  893.861746][   T66]  kasan_save_stack+0x24/0x50
[  893.861887][   T66]  __kasan_record_aux_stack+0x8e/0xa0
[  893.862024][   T66]  insert_work+0x34/0x230
[  893.862130][   T66]  __queue_work+0x5fd/0xa40
[  893.862271][   T66]  call_timer_fn+0x13b/0x230
[  893.862411][   T66]  __run_timers+0x3ff/0x810
[  893.862559][   T66]  run_timer_softirq+0x154/0x1c0
[  893.862697][   T66]  handle_softirqs+0x1f6/0x5c0
[  893.862834][   T66]  __irq_exit_rcu+0xc4/0x100
[  893.862975][   T66]  irq_exit_rcu+0xe/0x20
[  893.863116][   T66]  sysvec_apic_timer_interrupt+0x78/0x90
[  893.863277][   T66]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  893.863455][   T66] 
[  893.863533][   T66] Second to last potentially related work creation:
[  893.863711][   T66]  kasan_save_stack+0x24/0x50
[  893.863856][   T66]  __kasan_record_aux_stack+0x8e/0xa0
[  893.864001][   T66]  insert_work+0x34/0x230
[  893.864136][   T66]  __queue_work+0x5fd/0xa40
[  893.864315][   T66]  call_timer_fn+0x13b/0x230
[  893.864457][   T66]  __run_timers+0x3ff/0x810
[  893.864601][   T66]  run_timer_softirq+0x154/0x1c0
[  893.864747][   T66]  handle_softirqs+0x1f6/0x5c0
[  893.864889][   T66]  __irq_exit_rcu+0xc4/0x100
[  893.865029][   T66]  irq_exit_rcu+0xe/0x20
[  893.865135][   T66]  sysvec_apic_timer_interrupt+0x78/0x90
[  893.865329][   T66]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  893.865525][   T66] 
[  893.865598][   T66] The buggy address belongs to the object at ffff88800f169980
[  893.865598][   T66]  which belongs to the cache net_namespace of size 6080
[  893.865979][   T66] The buggy address is located 184 bytes inside of
[  893.865979][   T66]  freed 6080-byte region [ffff88800f169980, ffff88800f16b140)
[  893.866380][   T66] 
[  893.866466][   T66] The buggy address belongs to the physical page:
[  893.866678][   T66] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800f16b2c0 pfn:0xf168
[  893.866967][   T66] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  893.867194][   T66] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  893.867393][   T66] page_type: f5(slab)
[  893.867535][   T66] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[  893.867813][   T66] raw: ffff88800f16b2c0 0000000000050002 00000001f5000000 0000000000000000
[  893.868065][   T66] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[  893.868370][   T66] head: ffff88800f16b2c0 0000000000050002 00000001f5000000 0000000000000000
[  893.868614][   T66] head: 0080000000000003 ffffea00003c5a01 ffffffffffffffff 0000000000000000
[  893.868860][   T66] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  893.869146][   T66] page dumped because: kasan: bad access detected
[  893.869328][   T66] 
[  893.869398][   T66] Memory state around the buggy address:
[  893.869559][   T66]  ffff88800f169900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  893.869827][   T66]  ffff88800f169980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  893.870058][   T66] >ffff88800f169a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  893.870322][   T66]                                         ^
[  893.870527][   T66]  ffff88800f169a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  893.870800][   T66]  ffff88800f169b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  893.871091][   T66] ==================================================================
[  893.871422][   T66] Disabling lock debugging due to kernel taint
[  895.469401][T10515] br1: port 4(veth2) entered disabled state
[  895.547810][T10517] veth2: left allmulticast mode
[  895.548080][T10517] veth2: left promiscuous mode
[  895.548831][T10517] br1: port 4(veth2) entered disabled state
[  895.838440][T10521] br1: port 3(veth1) entered disabled state
[  895.924515][T10522] veth1: left allmulticast mode
[  895.924705][T10522] veth1: left promiscuous mode
[  895.924966][T10522] br1: port 3(veth1) entered disabled state
[  896.046015][T10524] vx20: left allmulticast mode
[  896.046225][T10524] vx20: left promiscuous mode
[  896.046484][T10524] br1: port 2(vx20) entered disabled state
[  896.342132][T10528] vx10: left allmulticast mode
[  896.342808][T10528] vx10: left promiscuous mode
[  896.343095][T10528] br1: port 1(vx10) entered disabled state