[ 1267.208870][ T8724] br1: port 1(vx100) entered blocking state
[ 1267.209193][ T8724] br1: port 1(vx100) entered disabled state
[ 1267.209468][ T8724] vx100: entered allmulticast mode
[ 1267.211412][ T8724] vx100: entered promiscuous mode
[ 1267.212228][ T8724] br1: port 1(vx100) entered blocking state
[ 1267.212501][ T8724] br1: port 1(vx100) entered forwarding state
[ 1267.390004][ T8726] br1: port 2(veth1) entered blocking state
[ 1267.390439][ T8726] br1: port 2(veth1) entered disabled state
[ 1267.390759][ T8726] veth1: entered allmulticast mode
[ 1267.392781][ T8726] veth1: entered promiscuous mode
[ 1267.470848][   T37] br1: port 2(veth1) entered blocking state
[ 1267.471188][   T37] br1: port 2(veth1) entered forwarding state
[ 1267.638979][ T8729] br1: port 3(veth2) entered blocking state
[ 1267.639277][ T8729] br1: port 3(veth2) entered disabled state
[ 1267.639549][ T8729] veth2: entered allmulticast mode
[ 1267.641519][ T8729] veth2: entered promiscuous mode
[ 1267.737421][  T150] br1: port 3(veth2) entered blocking state
[ 1267.737771][  T150] br1: port 3(veth2) entered forwarding state
[ 1271.294016][ T8783] br2: port 1(w1) entered blocking state
[ 1271.294270][ T8783] br2: port 1(w1) entered disabled state
[ 1271.294502][ T8783] w1: entered allmulticast mode
[ 1271.296446][ T8783] w1: entered promiscuous mode
[ 1271.892769][ T8790] br2: port 2(vx100) entered blocking state
[ 1271.893110][ T8790] br2: port 2(vx100) entered disabled state
[ 1271.893533][ T8790] vx100: entered allmulticast mode
[ 1271.895591][ T8790] vx100: entered promiscuous mode
[ 1271.896142][ T8790] br2: port 2(vx100) entered blocking state
[ 1271.896424][ T8790] br2: port 2(vx100) entered forwarding state
[ 1272.604089][  T150] br2: port 1(w1) entered blocking state
[ 1272.604347][  T150] br2: port 1(w1) entered forwarding state
[ 1275.073745][ T8830] br2: port 1(w1) entered blocking state
[ 1275.074032][ T8830] br2: port 1(w1) entered disabled state
[ 1275.074323][ T8830] w1: entered allmulticast mode
[ 1275.076316][ T8830] w1: entered promiscuous mode
[ 1275.763615][ T8837] br2: port 2(vx100) entered blocking state
[ 1275.764255][ T8837] br2: port 2(vx100) entered disabled state
[ 1275.764743][ T8837] vx100: entered allmulticast mode
[ 1275.768213][ T8837] vx100: entered promiscuous mode
[ 1275.781646][ T8837] br2: port 2(vx100) entered blocking state
[ 1275.782312][ T8837] br2: port 2(vx100) entered forwarding state
[ 1276.528570][   T37] br2: port 1(w1) entered blocking state
[ 1276.528837][   T37] br2: port 1(w1) entered forwarding state
[ 1288.854420][   T64] vx100: left allmulticast mode
[ 1288.854781][   T64] vx100: left promiscuous mode
[ 1288.855184][   T64] br2: port 2(vx100) entered disabled state
[ 1288.857587][   T64] w1: left allmulticast mode
[ 1288.857809][   T64] w1: left promiscuous mode
[ 1288.858373][   T64] br2: port 1(w1) entered disabled state
[ 1289.255690][   T64] vx100: left allmulticast mode
[ 1289.255906][   T64] vx100: left promiscuous mode
[ 1289.256281][   T64] br2: port 2(vx100) entered disabled state
[ 1289.258859][   T64] w1: left allmulticast mode
[ 1289.259075][   T64] w1: left promiscuous mode
[ 1289.259746][   T64] br2: port 1(w1) entered disabled state
[ 1289.607632][   T64] ==================================================================
[ 1289.607858][   T64] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[ 1289.608049][   T64] Read of size 8 at addr ffff88800f1a9a38 by task kworker/u16:1/64
[ 1289.608236][   T64] 
[ 1289.608301][   T64] CPU: 3 UID: 0 PID: 64 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1
[ 1289.608514][   T64] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1289.608693][   T64] Workqueue: netns cleanup_net
[ 1289.608840][   T64] Call Trace:
[ 1289.608957][   T64]  <TASK>
[ 1289.609033][   T64]  dump_stack_lvl+0x82/0xd0
[ 1289.609179][   T64]  print_address_description.constprop.0+0x2c/0x3b0
[ 1289.609334][   T64]  ? cleanup_net+0x932/0xa40
[ 1289.609463][   T64]  print_report+0xb4/0x270
[ 1289.609587][   T64]  ? kasan_addr_to_slab+0x25/0x80
[ 1289.609735][   T64]  kasan_report+0xbd/0xf0
[ 1289.609843][   T64]  ? cleanup_net+0x932/0xa40
[ 1289.609971][   T64]  cleanup_net+0x932/0xa40
[ 1289.610117][   T64]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1289.610265][   T64]  ? __pfx_cleanup_net+0x10/0x10
[ 1289.610407][   T64]  ? trace_lock_acquire+0x148/0x1f0
[ 1289.610535][   T64]  ? lock_acquire+0x32/0xc0
[ 1289.610662][   T64]  ? process_one_work+0xe0b/0x16d0
[ 1289.610796][   T64]  process_one_work+0xe55/0x16d0
[ 1289.610927][   T64]  ? __pfx___lock_release+0x10/0x10
[ 1289.611075][   T64]  ? __pfx_process_one_work+0x10/0x10
[ 1289.611209][   T64]  ? assign_work+0x16c/0x240
[ 1289.611352][   T64]  worker_thread+0x58c/0xce0
[ 1289.611498][   T64]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 1289.611687][   T64]  ? __pfx_worker_thread+0x10/0x10
[ 1289.611815][   T64]  ? __pfx_worker_thread+0x10/0x10
[ 1289.611938][   T64]  kthread+0x28a/0x350
[ 1289.612038][   T64]  ? __pfx_kthread+0x10/0x10
[ 1289.612179][   T64]  ret_from_fork+0x31/0x70
[ 1289.612322][   T64]  ? __pfx_kthread+0x10/0x10
[ 1289.612448][   T64]  ret_from_fork_asm+0x1a/0x30
[ 1289.612597][   T64]  </TASK>
[ 1289.612716][   T64] 
[ 1289.612781][   T64] Allocated by task 8809:
[ 1289.612895][   T64]  kasan_save_stack+0x24/0x50
[ 1289.613025][   T64]  kasan_save_track+0x14/0x30
[ 1289.613158][   T64]  __kasan_slab_alloc+0x59/0x70
[ 1289.613289][   T64]  kmem_cache_alloc_noprof+0x10b/0x350
[ 1289.613427][   T64]  copy_net_ns+0xc6/0x340
[ 1289.613527][   T64]  create_new_namespaces+0x35f/0x920
[ 1289.613668][   T64]  unshare_nsproxy_namespaces+0x8d/0x130
[ 1289.613809][   T64]  ksys_unshare+0x2a9/0x660
[ 1289.613955][   T64]  __x64_sys_unshare+0x31/0x40
[ 1289.614096][   T64]  do_syscall_64+0xc1/0x1d0
[ 1289.614232][   T64]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1289.614386][   T64] 
[ 1289.614448][   T64] Freed by task 64:
[ 1289.614539][   T64]  kasan_save_stack+0x24/0x50
[ 1289.614685][   T64]  kasan_save_track+0x14/0x30
[ 1289.614807][   T64]  kasan_save_free_info+0x3b/0x60
[ 1289.614948][   T64]  __kasan_slab_free+0x38/0x50
[ 1289.615074][   T64]  kmem_cache_free+0xf8/0x330
[ 1289.615204][   T64]  cleanup_net+0x5a8/0xa40
[ 1289.615346][   T64]  process_one_work+0xe55/0x16d0
[ 1289.615489][   T64]  worker_thread+0x58c/0xce0
[ 1289.615628][   T64]  kthread+0x28a/0x350
[ 1289.615728][   T64]  ret_from_fork+0x31/0x70
[ 1289.615851][   T64]  ret_from_fork_asm+0x1a/0x30
[ 1289.615981][   T64] 
[ 1289.616045][   T64] Last potentially related work creation:
[ 1289.616181][   T64]  kasan_save_stack+0x24/0x50
[ 1289.616307][   T64]  __kasan_record_aux_stack+0x8e/0xa0
[ 1289.616433][   T64]  insert_work+0x34/0x230
[ 1289.616547][   T64]  __queue_work+0x5fd/0xa40
[ 1289.616675][   T64]  queue_delayed_work_on+0x8c/0xa0
[ 1289.616798][   T64]  __inet_insert_ifa+0x751/0xb10
[ 1289.616942][   T64]  inet_rtm_newaddr+0x833/0xbd0
[ 1289.617078][   T64]  rtnetlink_rcv_msg+0x712/0xc10
[ 1289.617206][   T64]  netlink_rcv_skb+0x130/0x360
[ 1289.617351][   T64]  netlink_unicast+0x44b/0x710
[ 1289.617506][   T64]  netlink_sendmsg+0x723/0xbe0
[ 1289.617653][   T64]  ____sys_sendmsg+0x7ac/0xa10
[ 1289.617785][   T64]  ___sys_sendmsg+0xee/0x170
[ 1289.617909][   T64]  __sys_sendmsg+0x109/0x1a0
[ 1289.618041][   T64]  do_syscall_64+0xc1/0x1d0
[ 1289.618169][   T64]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1289.618345][   T64] 
[ 1289.618494][   T64] Second to last potentially related work creation:
[ 1289.618670][   T64]  kasan_save_stack+0x24/0x50
[ 1289.618806][   T64]  __kasan_record_aux_stack+0x8e/0xa0
[ 1289.618941][   T64]  insert_work+0x34/0x230
[ 1289.619039][   T64]  __queue_work+0x5fd/0xa40
[ 1289.619164][   T64]  queue_delayed_work_on+0x8c/0xa0
[ 1289.619294][   T64]  __inet_insert_ifa+0x751/0xb10
[ 1289.619426][   T64]  inet_rtm_newaddr+0x833/0xbd0
[ 1289.619547][   T64]  rtnetlink_rcv_msg+0x712/0xc10
[ 1289.619670][   T64]  netlink_rcv_skb+0x130/0x360
[ 1289.619793][   T64]  netlink_unicast+0x44b/0x710
[ 1289.619913][   T64]  netlink_sendmsg+0x723/0xbe0
[ 1289.620033][   T64]  ____sys_sendmsg+0x7ac/0xa10
[ 1289.620156][   T64]  ___sys_sendmsg+0xee/0x170
[ 1289.620277][   T64]  __sys_sendmsg+0x109/0x1a0
[ 1289.620403][   T64]  do_syscall_64+0xc1/0x1d0
[ 1289.620545][   T64]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1289.620701][   T64] 
[ 1289.620764][   T64] The buggy address belongs to the object at ffff88800f1a9980
[ 1289.620764][   T64]  which belongs to the cache net_namespace of size 6080
[ 1289.621094][   T64] The buggy address is located 184 bytes inside of
[ 1289.621094][   T64]  freed 6080-byte region [ffff88800f1a9980, ffff88800f1ab140)
[ 1289.621407][   T64] 
[ 1289.621470][   T64] The buggy address belongs to the physical page:
[ 1289.621624][   T64] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800f1ab2c0 pfn:0xf1a8
[ 1289.621872][   T64] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1289.622065][   T64] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1289.622221][   T64] page_type: f5(slab)
[ 1289.622329][   T64] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[ 1289.622557][   T64] raw: ffff88800f1ab2c0 0000000000050002 00000001f5000000 0000000000000000
[ 1289.622776][   T64] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[ 1289.623001][   T64] head: ffff88800f1ab2c0 0000000000050002 00000001f5000000 0000000000000000
[ 1289.623219][   T64] head: 0080000000000003 ffffea00003c6a01 ffffffffffffffff 0000000000000000
[ 1289.623457][   T64] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 1289.623692][   T64] page dumped because: kasan: bad access detected
[ 1289.623847][   T64] 
[ 1289.623919][   T64] Memory state around the buggy address:
[ 1289.624043][   T64]  ffff88800f1a9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1289.624261][   T64]  ffff88800f1a9980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1289.624443][   T64] >ffff88800f1a9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1289.624619][   T64]                                         ^
[ 1289.624775][   T64]  ffff88800f1a9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1289.624949][   T64]  ffff88800f1a9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1289.625124][   T64] ==================================================================
[ 1289.625326][   T64] Disabling lock debugging due to kernel taint
[ 1290.933283][ T8959] br1: port 3(veth2) entered disabled state
[ 1290.987538][ T8960] veth2: left allmulticast mode
[ 1290.987744][ T8960] veth2: left promiscuous mode
[ 1290.988016][ T8960] br1: port 3(veth2) entered disabled state
[ 1291.104011][ T8962] br1: port 2(veth1) entered disabled state
[ 1291.164407][ T8963] veth1: left allmulticast mode
[ 1291.164632][ T8963] veth1: left promiscuous mode
[ 1291.164915][ T8963] br1: port 2(veth1) entered disabled state
[ 1291.231240][ T8964] vx100: left allmulticast mode
[ 1291.231515][ T8964] vx100: left promiscuous mode
[ 1291.231916][ T8964] br1: port 1(vx100) entered disabled state