[   11.712713][  T268] ip (268) used greatest stack depth: 24640 bytes left
[   11.804568][  T269] ip (269) used greatest stack depth: 23456 bytes left
[   16.182551][  T315] Initializing XFRM netlink socket
[  587.144673][   T11] ==================================================================
[  587.144958][   T11] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90
[  587.145143][   T11] Read of size 8 at addr ffff8880058500f8 by task kworker/u16:0/11
[  587.145330][   T11] 
[  587.145393][   T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1
[  587.145590][   T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  587.145747][   T11] Workqueue: netns cleanup_net
[  587.145877][   T11] Call Trace:
[  587.145970][   T11]  <TASK>
[  587.146037][   T11]  dump_stack_lvl+0x82/0xd0
[  587.146167][   T11]  print_address_description.constprop.0+0x2c/0x3b0
[  587.146325][   T11]  ? cleanup_net+0xa5d/0xb90
[  587.146454][   T11]  print_report+0xb4/0x270
[  587.146586][   T11]  ? kasan_addr_to_slab+0x25/0x80
[  587.146717][   T11]  kasan_report+0xbd/0xf0
[  587.146813][   T11]  ? cleanup_net+0xa5d/0xb90
[  587.146939][   T11]  cleanup_net+0xa5d/0xb90
[  587.147063][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  587.147192][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  587.147319][   T11]  ? trace_lock_acquire+0x148/0x1f0
[  587.147445][   T11]  ? lock_acquire+0x32/0xc0
[  587.147570][   T11]  ? process_one_work+0xe0b/0x16d0
[  587.147697][   T11]  process_one_work+0xe55/0x16d0
[  587.147823][   T11]  ? __pfx___lock_release+0x10/0x10
[  587.147952][   T11]  ? __pfx_process_one_work+0x10/0x10
[  587.148078][   T11]  ? assign_work+0x16c/0x240
[  587.148204][   T11]  worker_thread+0x58c/0xce0
[  587.148337][   T11]  ? __pfx_worker_thread+0x10/0x10
[  587.148461][   T11]  kthread+0x28a/0x350
[  587.148559][   T11]  ? __pfx_kthread+0x10/0x10
[  587.148688][   T11]  ret_from_fork+0x31/0x70
[  587.148815][   T11]  ? __pfx_kthread+0x10/0x10
[  587.148943][   T11]  ret_from_fork_asm+0x1a/0x30
[  587.149072][   T11]  </TASK>
[  587.149165][   T11] 
[  587.149229][   T11] Allocated by task 257:
[  587.149322][   T11]  kasan_save_stack+0x24/0x50
[  587.149454][   T11]  kasan_save_track+0x14/0x30
[  587.149581][   T11]  __kasan_slab_alloc+0x59/0x70
[  587.149709][   T11]  kmem_cache_alloc_noprof+0x10b/0x350
[  587.149844][   T11]  copy_net_ns+0xc6/0x540
[  587.149943][   T11]  create_new_namespaces+0x35f/0x920
[  587.150071][   T11]  unshare_nsproxy_namespaces+0x8a/0x1b0
[  587.150200][   T11]  ksys_unshare+0x2c4/0x6e0
[  587.150330][   T11]  __x64_sys_unshare+0x31/0x40
[  587.150456][   T11]  do_syscall_64+0xc1/0x1d0
[  587.150582][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.150742][   T11] 
[  587.150807][   T11] Freed by task 11:
[  587.150907][   T11]  kasan_save_stack+0x24/0x50
[  587.151037][   T11]  kasan_save_track+0x14/0x30
[  587.151161][   T11]  kasan_save_free_info+0x3b/0x60
[  587.151289][   T11]  __kasan_slab_free+0x38/0x50
[  587.151415][   T11]  kmem_cache_free+0xf8/0x330
[  587.151539][   T11]  cleanup_net+0x5a8/0xb90
[  587.151665][   T11]  process_one_work+0xe55/0x16d0
[  587.151790][   T11]  worker_thread+0x58c/0xce0
[  587.151919][   T11]  kthread+0x28a/0x350
[  587.152013][   T11]  ret_from_fork+0x31/0x70
[  587.152133][   T11]  ret_from_fork_asm+0x1a/0x30
[  587.152259][   T11] 
[  587.152324][   T11] Last potentially related work creation:
[  587.152446][   T11]  kasan_save_stack+0x24/0x50
[  587.152572][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[  587.152696][   T11]  insert_work+0x34/0x230
[  587.152796][   T11]  __queue_work+0x5fd/0xa40
[  587.152920][   T11]  call_timer_fn+0x13b/0x230
[  587.153044][   T11]  __run_timers+0x3ff/0x810
[  587.153174][   T11]  run_timer_softirq+0x154/0x1c0
[  587.153300][   T11]  handle_softirqs+0x1f6/0x5c0
[  587.153432][   T11]  __irq_exit_rcu+0xc4/0x100
[  587.153569][   T11]  irq_exit_rcu+0xe/0x20
[  587.153664][   T11]  sysvec_apic_timer_interrupt+0x78/0x90
[  587.153799][   T11]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  587.153954][   T11] 
[  587.154017][   T11] Second to last potentially related work creation:
[  587.154176][   T11]  kasan_save_stack+0x24/0x50
[  587.154302][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[  587.154426][   T11]  insert_work+0x34/0x230
[  587.154519][   T11]  __queue_work+0x2ff/0xa40
[  587.154663][   T11]  call_timer_fn+0x13b/0x230
[  587.154788][   T11]  __run_timers+0x3ff/0x810
[  587.154912][   T11]  run_timer_softirq+0x154/0x1c0
[  587.155035][   T11]  handle_softirqs+0x1f6/0x5c0
[  587.155158][   T11]  __irq_exit_rcu+0xc4/0x100
[  587.155282][   T11]  irq_exit_rcu+0xe/0x20
[  587.155377][   T11]  sysvec_apic_timer_interrupt+0x78/0x90
[  587.155506][   T11]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  587.155669][   T11] 
[  587.155733][   T11] The buggy address belongs to the object at ffff888005850040
[  587.155733][   T11]  which belongs to the cache net_namespace of size 6528
[  587.156065][   T11] The buggy address is located 184 bytes inside of
[  587.156065][   T11]  freed 6528-byte region [ffff888005850040, ffff8880058519c0)
[  587.156361][   T11] 
[  587.156429][   T11] The buggy address belongs to the physical page:
[  587.156579][   T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5850
[  587.156796][   T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  587.156983][   T11] flags: 0x80000000000040(head|node=0|zone=1)
[  587.157139][   T11] page_type: f5(slab)
[  587.157235][   T11] raw: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8
[  587.157461][   T11] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  587.157683][   T11] head: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8
[  587.157911][   T11] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  587.158133][   T11] head: 0080000000000003 ffffea0000161401 ffffffffffffffff 0000000000000000
[  587.158360][   T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  587.158584][   T11] page dumped because: kasan: bad access detected
[  587.158737][   T11] 
[  587.158805][   T11] Memory state around the buggy address:
[  587.158925][   T11]  ffff88800584ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  587.159117][   T11]  ffff888005850000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  587.159299][   T11] >ffff888005850080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  587.159485][   T11]                                                                 ^
[  587.159662][   T11]  ffff888005850100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  587.159841][   T11]  ffff888005850180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  587.160019][   T11] ==================================================================
[  587.160257][   T11] Disabling lock debugging due to kernel taint