[   12.886672][  T256] ip (256) used greatest stack depth: 24112 bytes left
[   28.899344][   T69] ==================================================================
[   28.899568][   T69] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[   28.899763][   T69] Read of size 8 at addr ffff8880090e00f8 by task kworker/u16:1/69
[   28.899945][   T69] 
[   28.900012][   T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1
[   28.900205][   T69] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   28.900370][   T69] Workqueue: netns cleanup_net
[   28.900519][   T69] Call Trace:
[   28.900617][   T69]  <TASK>
[   28.900683][   T69]  dump_stack_lvl+0x82/0xd0
[   28.900821][   T69]  print_address_description.constprop.0+0x2c/0x3b0
[   28.900982][   T69]  ? cleanup_net+0x932/0xa40
[   28.901108][   T69]  print_report+0xb4/0x270
[   28.901235][   T69]  ? kasan_addr_to_slab+0x25/0x80
[   28.901367][   T69]  kasan_report+0xbd/0xf0
[   28.901466][   T69]  ? cleanup_net+0x932/0xa40
[   28.901592][   T69]  cleanup_net+0x932/0xa40
[   28.901717][   T69]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   28.901845][   T69]  ? __pfx_cleanup_net+0x10/0x10
[   28.901971][   T69]  ? trace_lock_acquire+0x148/0x1f0
[   28.902098][   T69]  ? lock_acquire+0x32/0xc0
[   28.902229][   T69]  ? process_one_work+0xe0b/0x16d0
[   28.902361][   T69]  process_one_work+0xe55/0x16d0
[   28.902486][   T69]  ? __pfx___lock_release+0x10/0x10
[   28.902616][   T69]  ? __pfx_process_one_work+0x10/0x10
[   28.902746][   T69]  ? assign_work+0x16c/0x240
[   28.902880][   T69]  worker_thread+0x58c/0xce0
[   28.903020][   T69]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   28.903176][   T69]  ? __pfx_worker_thread+0x10/0x10
[   28.903306][   T69]  ? __pfx_worker_thread+0x10/0x10
[   28.903436][   T69]  kthread+0x28a/0x350
[   28.903535][   T69]  ? __pfx_kthread+0x10/0x10
[   28.903670][   T69]  ret_from_fork+0x31/0x70
[   28.903795][   T69]  ? __pfx_kthread+0x10/0x10
[   28.903918][   T69]  ret_from_fork_asm+0x1a/0x30
[   28.904045][   T69]  </TASK>
[   28.904139][   T69] 
[   28.904202][   T69] Allocated by task 250:
[   28.904296][   T69]  kasan_save_stack+0x24/0x50
[   28.904424][   T69]  kasan_save_track+0x14/0x30
[   28.904546][   T69]  __kasan_slab_alloc+0x59/0x70
[   28.904672][   T69]  kmem_cache_alloc_noprof+0x10b/0x350
[   28.904804][   T69]  copy_net_ns+0xc6/0x340
[   28.904898][   T69]  create_new_namespaces+0x35f/0x920
[   28.905021][   T69]  unshare_nsproxy_namespaces+0x8d/0x130
[   28.905144][   T69]  ksys_unshare+0x2a9/0x660
[   28.905271][   T69]  __x64_sys_unshare+0x31/0x40
[   28.905397][   T69]  do_syscall_64+0xc1/0x1d0
[   28.905527][   T69]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.905683][   T69] 
[   28.905746][   T69] Freed by task 69:
[   28.905839][   T69]  kasan_save_stack+0x24/0x50
[   28.905965][   T69]  kasan_save_track+0x14/0x30
[   28.906088][   T69]  kasan_save_free_info+0x3b/0x60
[   28.906216][   T69]  __kasan_slab_free+0x38/0x50
[   28.906339][   T69]  kmem_cache_free+0xf8/0x330
[   28.906466][   T69]  cleanup_net+0x5a8/0xa40
[   28.906597][   T69]  process_one_work+0xe55/0x16d0
[   28.906722][   T69]  worker_thread+0x58c/0xce0
[   28.906846][   T69]  kthread+0x28a/0x350
[   28.906941][   T69]  ret_from_fork+0x31/0x70
[   28.907068][   T69]  ret_from_fork_asm+0x1a/0x30
[   28.907193][   T69] 
[   28.907258][   T69] Last potentially related work creation:
[   28.907384][   T69]  kasan_save_stack+0x24/0x50
[   28.907517][   T69]  __kasan_record_aux_stack+0x8e/0xa0
[   28.907642][   T69]  insert_work+0x34/0x230
[   28.907736][   T69]  __queue_work+0x5fd/0xa40
[   28.907862][   T69]  queue_delayed_work_on+0x8c/0xa0
[   28.907989][   T69]  __inet_insert_ifa+0x751/0xb10
[   28.908117][   T69]  inet_rtm_newaddr+0x833/0xbd0
[   28.908244][   T69]  rtnetlink_rcv_msg+0x712/0xc10
[   28.908374][   T69]  netlink_rcv_skb+0x130/0x360
[   28.908508][   T69]  netlink_unicast+0x44b/0x710
[   28.908633][   T69]  netlink_sendmsg+0x723/0xbe0
[   28.908760][   T69]  ____sys_sendmsg+0x7ac/0xa10
[   28.908888][   T69]  ___sys_sendmsg+0xee/0x170
[   28.909016][   T69]  __sys_sendmsg+0x109/0x1a0
[   28.909140][   T69]  do_syscall_64+0xc1/0x1d0
[   28.909264][   T69]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.909424][   T69] 
[   28.909492][   T69] Second to last potentially related work creation:
[   28.909645][   T69]  kasan_save_stack+0x24/0x50
[   28.909775][   T69]  __kasan_record_aux_stack+0x8e/0xa0
[   28.909901][   T69]  insert_work+0x34/0x230
[   28.909997][   T69]  __queue_work+0x5fd/0xa40
[   28.910121][   T69]  queue_delayed_work_on+0x8c/0xa0
[   28.910245][   T69]  __inet_insert_ifa+0x751/0xb10
[   28.910377][   T69]  inetdev_event+0xb18/0xcf0
[   28.910509][   T69]  notifier_call_chain+0xcd/0x150
[   28.910648][   T69]  __dev_notify_flags+0xe6/0x250
[   28.910775][   T69]  dev_change_flags+0xec/0x160
[   28.910901][   T69]  do_setlink.constprop.0+0x79d/0x2300
[   28.911028][   T69]  rtnl_newlink+0x6de/0xa80
[   28.911154][   T69]  rtnetlink_rcv_msg+0x712/0xc10
[   28.911282][   T69]  netlink_rcv_skb+0x130/0x360
[   28.911411][   T69]  netlink_unicast+0x44b/0x710
[   28.911535][   T69]  netlink_sendmsg+0x723/0xbe0
[   28.911662][   T69]  ____sys_sendmsg+0x7ac/0xa10
[   28.911788][   T69]  ___sys_sendmsg+0xee/0x170
[   28.911915][   T69]  __sys_sendmsg+0x109/0x1a0
[   28.912041][   T69]  do_syscall_64+0xc1/0x1d0
[   28.912166][   T69]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.912321][   T69] 
[   28.912390][   T69] The buggy address belongs to the object at ffff8880090e0040
[   28.912390][   T69]  which belongs to the cache net_namespace of size 6592
[   28.912716][   T69] The buggy address is located 184 bytes inside of
[   28.912716][   T69]  freed 6592-byte region [ffff8880090e0040, ffff8880090e1a00)
[   28.913019][   T69] 
[   28.913083][   T69] The buggy address belongs to the physical page:
[   28.913239][   T69] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880090e36c0 pfn:0x90e0
[   28.913490][   T69] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.913678][   T69] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[   28.913836][   T69] page_type: f5(slab)
[   28.913938][   T69] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[   28.914164][   T69] raw: ffff8880090e36c0 0000000000040002 00000001f5000000 0000000000000000
[   28.914382][   T69] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[   28.914603][   T69] head: ffff8880090e36c0 0000000000040002 00000001f5000000 0000000000000000
[   28.914820][   T69] head: 0080000000000003 ffffea0000243801 ffffffffffffffff 0000000000000000
[   28.915042][   T69] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   28.915258][   T69] page dumped because: kasan: bad access detected
[   28.915412][   T69] 
[   28.915475][   T69] Memory state around the buggy address:
[   28.915596][   T69]  ffff8880090dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.915779][   T69]  ffff8880090e0000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   28.915967][   T69] >ffff8880090e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.916145][   T69]                                                                 ^
[   28.916322][   T69]  ffff8880090e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.916502][   T69]  ffff8880090e0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.916681][   T69] ==================================================================
[   28.916945][   T69] Disabling lock debugging due to kernel taint