[   11.309072][  T270] ip (270) used greatest stack depth: 24192 bytes left
[  312.373739][   T11] ==================================================================
[  312.373971][   T11] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90
[  312.374177][   T11] Read of size 8 at addr ffff88800c8000f8 by task kworker/u16:0/11
[  312.374362][   T11] 
[  312.374428][   T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1
[  312.374625][   T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  312.374783][   T11] Workqueue: netns cleanup_net
[  312.374916][   T11] Call Trace:
[  312.375014][   T11]  <TASK>
[  312.375089][   T11]  dump_stack_lvl+0x82/0xd0
[  312.375222][   T11]  print_address_description.constprop.0+0x2c/0x3b0
[  312.375384][   T11]  ? cleanup_net+0xa5d/0xb90
[  312.375512][   T11]  print_report+0xb4/0x270
[  312.375695][   T11]  ? kasan_addr_to_slab+0x25/0x80
[  312.375882][   T11]  kasan_report+0xbd/0xf0
[  312.376026][   T11]  ? cleanup_net+0xa5d/0xb90
[  312.376227][   T11]  cleanup_net+0xa5d/0xb90
[  312.376418][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  312.376614][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  312.376806][   T11]  ? trace_lock_acquire+0x148/0x1f0
[  312.377001][   T11]  ? lock_acquire+0x32/0xc0
[  312.377194][   T11]  ? process_one_work+0xe0b/0x16d0
[  312.377389][   T11]  process_one_work+0xe55/0x16d0
[  312.377585][   T11]  ? __pfx___lock_release+0x10/0x10
[  312.377777][   T11]  ? __pfx_process_one_work+0x10/0x10
[  312.377979][   T11]  ? assign_work+0x16c/0x240
[  312.378172][   T11]  worker_thread+0x58c/0xce0
[  312.378372][   T11]  ? __pfx_worker_thread+0x10/0x10
[  312.378563][   T11]  kthread+0x28a/0x350
[  312.378712][   T11]  ? __pfx_kthread+0x10/0x10
[  312.378908][   T11]  ret_from_fork+0x31/0x70
[  312.379097][   T11]  ? __pfx_kthread+0x10/0x10
[  312.379290][   T11]  ret_from_fork_asm+0x1a/0x30
[  312.379494][   T11]  </TASK>
[  312.379644][   T11] 
[  312.379741][   T11] Allocated by task 261:
[  312.379886][   T11]  kasan_save_stack+0x24/0x50
[  312.380078][   T11]  kasan_save_track+0x14/0x30
[  312.380257][   T11]  __kasan_slab_alloc+0x59/0x70
[  312.380390][   T11]  kmem_cache_alloc_noprof+0x10b/0x350
[  312.380518][   T11]  copy_net_ns+0xc6/0x540
[  312.380619][   T11]  create_new_namespaces+0x35f/0x920
[  312.380746][   T11]  unshare_nsproxy_namespaces+0x8a/0x1b0
[  312.380873][   T11]  ksys_unshare+0x2c4/0x6e0
[  312.381014][   T11]  __x64_sys_unshare+0x31/0x40
[  312.381151][   T11]  do_syscall_64+0xc1/0x1d0
[  312.381282][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.381440][   T11] 
[  312.381509][   T11] Freed by task 11:
[  312.381609][   T11]  kasan_save_stack+0x24/0x50
[  312.381734][   T11]  kasan_save_track+0x14/0x30
[  312.381860][   T11]  kasan_save_free_info+0x3b/0x60
[  312.381988][   T11]  __kasan_slab_free+0x38/0x50
[  312.382121][   T11]  kmem_cache_free+0xf8/0x330
[  312.382247][   T11]  cleanup_net+0x5a8/0xb90
[  312.382374][   T11]  process_one_work+0xe55/0x16d0
[  312.382501][   T11]  worker_thread+0x58c/0xce0
[  312.382651][   T11]  kthread+0x28a/0x350
[  312.382794][   T11]  ret_from_fork+0x31/0x70
[  312.382976][   T11]  ret_from_fork_asm+0x1a/0x30
[  312.383159][   T11] 
[  312.383252][   T11] Last potentially related work creation:
[  312.383438][   T11]  kasan_save_stack+0x24/0x50
[  312.383641][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[  312.383840][   T11]  insert_work+0x34/0x230
[  312.383988][   T11]  __queue_work+0x5fd/0xa40
[  312.384178][   T11]  call_timer_fn+0x13b/0x230
[  312.384374][   T11]  __run_timers+0x3ff/0x810
[  312.384570][   T11]  run_timer_softirq+0x154/0x1c0
[  312.384771][   T11]  handle_softirqs+0x1f6/0x5c0
[  312.384969][   T11]  __irq_exit_rcu+0xc4/0x100
[  312.385164][   T11]  irq_exit_rcu+0xe/0x20
[  312.385315][   T11]  sysvec_apic_timer_interrupt+0x78/0x90
[  312.385515][   T11]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  312.385757][   T11] 
[  312.385856][   T11] Second to last potentially related work creation:
[  312.386085][   T11]  kasan_save_stack+0x24/0x50
[  312.386294][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[  312.386474][   T11]  insert_work+0x34/0x230
[  312.386593][   T11]  __queue_work+0x5fd/0xa40
[  312.386720][   T11]  call_timer_fn+0x13b/0x230
[  312.386856][   T11]  __run_timers+0x3ff/0x810
[  312.386984][   T11]  run_timer_softirq+0x154/0x1c0
[  312.387122][   T11]  handle_softirqs+0x1f6/0x5c0
[  312.387249][   T11]  __irq_exit_rcu+0xc4/0x100
[  312.387382][   T11]  irq_exit_rcu+0xe/0x20
[  312.387480][   T11]  sysvec_apic_timer_interrupt+0x78/0x90
[  312.387609][   T11]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  312.387766][   T11] 
[  312.387832][   T11] The buggy address belongs to the object at ffff88800c800040
[  312.387832][   T11]  which belongs to the cache net_namespace of size 6528
[  312.388222][   T11] The buggy address is located 184 bytes inside of
[  312.388222][   T11]  freed 6528-byte region [ffff88800c800040, ffff88800c8019c0)
[  312.388572][   T11] 
[  312.388636][   T11] The buggy address belongs to the physical page:
[  312.388788][   T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c803640 pfn:0xc800
[  312.389048][   T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  312.389244][   T11] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  312.389407][   T11] page_type: f5(slab)
[  312.389507][   T11] raw: 0080000000000240 ffff888001975240 ffff88800197a088 ffff88800197a088
[  312.389736][   T11] raw: ffff88800c803640 0000000000040002 00000001f5000000 0000000000000000
[  312.389965][   T11] head: 0080000000000240 ffff888001975240 ffff88800197a088 ffff88800197a088
[  312.390200][   T11] head: ffff88800c803640 0000000000040002 00000001f5000000 0000000000000000
[  312.390421][   T11] head: 0080000000000003 ffffea0000320001 ffffffffffffffff 0000000000000000
[  312.390643][   T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  312.390863][   T11] page dumped because: kasan: bad access detected
[  312.391017][   T11] 
[  312.391085][   T11] Memory state around the buggy address:
[  312.391213][   T11]  ffff88800c7fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  312.391396][   T11]  ffff88800c800000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  312.391578][   T11] >ffff88800c800080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.391763][   T11]                                                                 ^
[  312.391943][   T11]  ffff88800c800100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.392178][   T11]  ffff88800c800180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.392379][   T11] ==================================================================
[  312.392589][   T11] Disabling lock debugging due to kernel taint