[  136.876838][ T2407] netdevsim netdevsim10 eni10np3: renamed from eth2
[  136.935869][ T2412] netdevsim netdevsim10 eni10np4: renamed from eth3
[  136.990394][ T2255] netdevsim netdevsim10 eni10np1: renamed from eth0
[  142.592027][ T2401] netdevsim netdevsim10 eni10np2: renamed from eth1
[  142.593664][ T2417] devlink (2417) used greatest stack depth: 22256 bytes left
[  166.834611][ T2464] netdevsim netdevsim10 eni10np4: renamed from eth3
[  166.957053][ T2471] netdevsim netdevsim10 eni10np2: renamed from eth1
[  167.016086][ T2473] netdevsim netdevsim10 eni10np1: renamed from eth0
[  167.168149][ T2475] netdevsim netdevsim10 eni10np3: renamed from eth2
[  169.888583][ T2561] netdevsim netdevsim10 eni10np4: renamed from eth3
[  169.894333][ T2475] netdevsim netdevsim10 eni10np2: renamed from eth1
[  172.000420][   T11] ==================================================================
[  172.000661][   T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[  172.000870][   T11] Read of size 8 at addr ffff888009ca00f8 by task kworker/u16:0/11
[  172.001067][   T11] 
[  172.001137][   T11] CPU: 3 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1
[  172.001342][   T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  172.001513][   T11] Workqueue: netns cleanup_net
[  172.001663][   T11] Call Trace:
[  172.001778][   T11]  <TASK>
[  172.001850][   T11]  dump_stack_lvl+0x82/0xd0
[  172.001995][   T11]  print_address_description.constprop.0+0x2c/0x3b0
[  172.002181][   T11]  ? cleanup_net+0x932/0xa40
[  172.002319][   T11]  print_report+0xb4/0x270
[  172.002457][   T11]  ? kasan_addr_to_slab+0x25/0x80
[  172.002599][   T11]  kasan_report+0xbd/0xf0
[  172.002711][   T11]  ? cleanup_net+0x932/0xa40
[  172.002852][   T11]  cleanup_net+0x932/0xa40
[  172.002987][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  172.003127][   T11]  ? __pfx_cleanup_net+0x10/0x10
[  172.003266][   T11]  ? trace_lock_acquire+0x148/0x1f0
[  172.003410][   T11]  ? lock_acquire+0x32/0xc0
[  172.003549][   T11]  ? process_one_work+0xe0b/0x16d0
[  172.003690][   T11]  process_one_work+0xe55/0x16d0
[  172.003831][   T11]  ? __pfx___lock_release+0x10/0x10
[  172.003971][   T11]  ? __pfx_process_one_work+0x10/0x10
[  172.004111][   T11]  ? assign_work+0x16c/0x240
[  172.004256][   T11]  worker_thread+0x58c/0xce0
[  172.004403][   T11]  ? __pfx_worker_thread+0x10/0x10
[  172.004545][   T11]  kthread+0x28a/0x350
[  172.004655][   T11]  ? __pfx_kthread+0x10/0x10
[  172.004800][   T11]  ret_from_fork+0x31/0x70
[  172.004937][   T11]  ? __pfx_kthread+0x10/0x10
[  172.005075][   T11]  ret_from_fork_asm+0x1a/0x30
[  172.005219][   T11]  </TASK>
[  172.005337][   T11] 
[  172.005408][   T11] Allocated by task 418:
[  172.005514][   T11]  kasan_save_stack+0x24/0x50
[  172.005659][   T11]  kasan_save_track+0x14/0x30
[  172.005799][   T11]  __kasan_slab_alloc+0x59/0x70
[  172.005939][   T11]  kmem_cache_alloc_noprof+0x10b/0x350
[  172.006081][   T11]  copy_net_ns+0xc6/0x340
[  172.006188][   T11]  create_new_namespaces+0x35f/0x920
[  172.006328][   T11]  unshare_nsproxy_namespaces+0x8d/0x130
[  172.006474][   T11]  ksys_unshare+0x2a9/0x660
[  172.006613][   T11]  __x64_sys_unshare+0x31/0x40
[  172.006761][   T11]  do_syscall_64+0xc1/0x1d0
[  172.006903][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.007076][   T11] 
[  172.007146][   T11] Freed by task 11:
[  172.007248][   T11]  kasan_save_stack+0x24/0x50
[  172.007391][   T11]  kasan_save_track+0x14/0x30
[  172.007534][   T11]  kasan_save_free_info+0x3b/0x60
[  172.007675][   T11]  __kasan_slab_free+0x38/0x50
[  172.007814][   T11]  kmem_cache_free+0xf8/0x330
[  172.007951][   T11]  cleanup_net+0x5a8/0xa40
[  172.008088][   T11]  process_one_work+0xe55/0x16d0
[  172.008226][   T11]  worker_thread+0x58c/0xce0
[  172.008365][   T11]  kthread+0x28a/0x350
[  172.008470][   T11]  ret_from_fork+0x31/0x70
[  172.008613][   T11]  ret_from_fork_asm+0x1a/0x30
[  172.008753][   T11] 
[  172.008823][   T11] The buggy address belongs to the object at ffff888009ca0040
[  172.008823][   T11]  which belongs to the cache net_namespace of size 5696
[  172.009187][   T11] The buggy address is located 184 bytes inside of
[  172.009187][   T11]  freed 5696-byte region [ffff888009ca0040, ffff888009ca1680)
[  172.009520][   T11] 
[  172.009594][   T11] The buggy address belongs to the physical page:
[  172.009764][   T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888009ca4780 pfn:0x9ca0
[  172.010045][   T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  172.010259][   T11] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  172.010436][   T11] page_type: f5(slab)
[  172.010548][   T11] raw: 0080000000000240 ffff888001927240 ffff88800192a088 ffff88800192a088
[  172.010792][   T11] raw: ffff888009ca4780 0000000000050003 00000001f5000000 0000000000000000
[  172.011034][   T11] head: 0080000000000240 ffff888001927240 ffff88800192a088 ffff88800192a088
[  172.011279][   T11] head: ffff888009ca4780 0000000000050003 00000001f5000000 0000000000000000
[  172.011525][   T11] head: 0080000000000003 ffffea0000272801 ffffffffffffffff 0000000000000000
[  172.011767][   T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  172.012021][   T11] page dumped because: kasan: bad access detected
[  172.012182][   T11] 
[  172.012244][   T11] Memory state around the buggy address:
[  172.012367][   T11]  ffff888009c9ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  172.012549][   T11]  ffff888009ca0000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  172.012741][   T11] >ffff888009ca0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  172.012938][   T11]                                                                 ^
[  172.013124][   T11]  ffff888009ca0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  172.013312][   T11]  ffff888009ca0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  172.013516][   T11] ==================================================================
[  172.013780][   T11] Disabling lock debugging due to kernel taint
[  172.056310][ T2475] netdevsim netdevsim10 eni10np2: renamed from eth1
[  172.078978][ T2471] netdevsim netdevsim10 eni10np3: renamed from eth2
[  172.165800][ T2464] netdevsim netdevsim10 eni10np1: renamed from eth0
[  172.175622][ T2465] netdevsim netdevsim10 eni10np4: renamed from eth3
[  174.021485][ T2682] Failed to register fib notifier
[  174.298178][ T2464] netdevsim netdevsim10 eni10np1: renamed from eth0
[  174.302500][ T2475] netdevsim netdevsim10 eni10np2: renamed from eth1
[  174.317856][ T2471] netdevsim netdevsim10 eni10np3: renamed from eth2
[  174.459236][ T2465] netdevsim netdevsim10 eni10np4: renamed from eth3
[  179.641725][ T2934] netdevsim netdevsim10 eni10npf0vf2: renamed from eth2
[  179.644546][ T2930] netdevsim netdevsim10 eni10npf0vf0: renamed from eth0
[  179.734060][ T2936] netdevsim netdevsim10 eni10npf0vf3: renamed from eth3
[  179.757194][ T2931] netdevsim netdevsim10 eni10npf0vf1: renamed from eth1