[   28.685566][   T11] ==================================================================
[   28.685822][   T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[   28.686054][   T11] Read of size 8 at addr ffff88800a8380f8 by task kworker/u16:0/11
[   28.686266][   T11] 
[   28.686341][   T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1
[   28.686573][   T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   28.686754][   T11] Workqueue: netns cleanup_net
[   28.686907][   T11] Call Trace:
[   28.687024][   T11]  <TASK>
[   28.687100][   T11]  dump_stack_lvl+0x82/0xd0
[   28.687254][   T11]  print_address_description.constprop.0+0x2c/0x3b0
[   28.687440][   T11]  ? cleanup_net+0x932/0xa40
[   28.687584][   T11]  print_report+0xb4/0x270
[   28.687726][   T11]  ? kasan_addr_to_slab+0x25/0x80
[   28.687874][   T11]  kasan_report+0xbd/0xf0
[   28.687983][   T11]  ? cleanup_net+0x932/0xa40
[   28.688130][   T11]  cleanup_net+0x932/0xa40
[   28.688277][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   28.688422][   T11]  ? __pfx_cleanup_net+0x10/0x10
[   28.688566][   T11]  ? trace_lock_acquire+0x148/0x1f0
[   28.688715][   T11]  ? lock_acquire+0x32/0xc0
[   28.688860][   T11]  ? process_one_work+0xe0b/0x16d0
[   28.689006][   T11]  process_one_work+0xe55/0x16d0
[   28.689150][   T11]  ? __pfx___lock_release+0x10/0x10
[   28.689299][   T11]  ? __pfx_process_one_work+0x10/0x10
[   28.689449][   T11]  ? assign_work+0x16c/0x240
[   28.689606][   T11]  worker_thread+0x58c/0xce0
[   28.689751][   T11]  ? __pfx_worker_thread+0x10/0x10
[   28.689894][   T11]  kthread+0x28a/0x350
[   28.690005][   T11]  ? __pfx_kthread+0x10/0x10
[   28.690153][   T11]  ret_from_fork+0x31/0x70
[   28.690296][   T11]  ? __pfx_kthread+0x10/0x10
[   28.690441][   T11]  ret_from_fork_asm+0x1a/0x30
[   28.690591][   T11]  </TASK>
[   28.690699][   T11] 
[   28.690772][   T11] Allocated by task 251:
[   28.690883][   T11]  kasan_save_stack+0x24/0x50
[   28.691029][   T11]  kasan_save_track+0x14/0x30
[   28.691170][   T11]  __kasan_slab_alloc+0x59/0x70
[   28.691314][   T11]  kmem_cache_alloc_noprof+0x10b/0x350
[   28.691456][   T11]  copy_net_ns+0xc6/0x340
[   28.691564][   T11]  create_new_namespaces+0x35f/0x920
[   28.691709][   T11]  unshare_nsproxy_namespaces+0x8d/0x130
[   28.691849][   T11]  ksys_unshare+0x2a9/0x660
[   28.691992][   T11]  __x64_sys_unshare+0x31/0x40
[   28.692136][   T11]  do_syscall_64+0xc1/0x1d0
[   28.692286][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.692465][   T11] 
[   28.692538][   T11] Freed by task 11:
[   28.692646][   T11]  kasan_save_stack+0x24/0x50
[   28.692790][   T11]  kasan_save_track+0x14/0x30
[   28.692937][   T11]  kasan_save_free_info+0x3b/0x60
[   28.693082][   T11]  __kasan_slab_free+0x38/0x50
[   28.693222][   T11]  kmem_cache_free+0xf8/0x330
[   28.693366][   T11]  cleanup_net+0x5a8/0xa40
[   28.693520][   T11]  process_one_work+0xe55/0x16d0
[   28.693661][   T11]  worker_thread+0x58c/0xce0
[   28.693808][   T11]  kthread+0x28a/0x350
[   28.693918][   T11]  ret_from_fork+0x31/0x70
[   28.694058][   T11]  ret_from_fork_asm+0x1a/0x30
[   28.694201][   T11] 
[   28.694274][   T11] Last potentially related work creation:
[   28.694420][   T11]  kasan_save_stack+0x24/0x50
[   28.694570][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[   28.694722][   T11]  insert_work+0x34/0x230
[   28.694831][   T11]  __queue_work+0x5fd/0xa40
[   28.694972][   T11]  queue_delayed_work_on+0x8c/0xa0
[   28.695117][   T11]  __inet_insert_ifa+0x751/0xb10
[   28.695261][   T11]  inet_rtm_newaddr+0x833/0xbd0
[   28.695408][   T11]  rtnetlink_rcv_msg+0x712/0xc10
[   28.695553][   T11]  netlink_rcv_skb+0x130/0x360
[   28.695710][   T11]  netlink_unicast+0x44b/0x710
[   28.695853][   T11]  netlink_sendmsg+0x723/0xbe0
[   28.695994][   T11]  ____sys_sendmsg+0x7ac/0xa10
[   28.696136][   T11]  ___sys_sendmsg+0xee/0x170
[   28.696280][   T11]  __sys_sendmsg+0x109/0x1a0
[   28.696422][   T11]  do_syscall_64+0xc1/0x1d0
[   28.696562][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.696737][   T11] 
[   28.696812][   T11] Second to last potentially related work creation:
[   28.696989][   T11]  kasan_save_stack+0x24/0x50
[   28.697135][   T11]  __kasan_record_aux_stack+0x8e/0xa0
[   28.697277][   T11]  insert_work+0x34/0x230
[   28.697388][   T11]  __queue_work+0x5fd/0xa40
[   28.697532][   T11]  queue_delayed_work_on+0x8c/0xa0
[   28.697674][   T11]  __inet_insert_ifa+0x751/0xb10
[   28.697832][   T11]  inetdev_event+0xb18/0xcf0
[   28.697973][   T11]  notifier_call_chain+0xcd/0x150
[   28.698116][   T11]  __dev_notify_flags+0xe6/0x250
[   28.698259][   T11]  dev_change_flags+0xec/0x160
[   28.698401][   T11]  do_setlink.constprop.0+0x79d/0x2300
[   28.698544][   T11]  rtnl_newlink+0x6de/0xa80
[   28.698686][   T11]  rtnetlink_rcv_msg+0x712/0xc10
[   28.698830][   T11]  netlink_rcv_skb+0x130/0x360
[   28.698976][   T11]  netlink_unicast+0x44b/0x710
[   28.699121][   T11]  netlink_sendmsg+0x723/0xbe0
[   28.699263][   T11]  ____sys_sendmsg+0x7ac/0xa10
[   28.699408][   T11]  ___sys_sendmsg+0xee/0x170
[   28.699549][   T11]  __sys_sendmsg+0x109/0x1a0
[   28.699688][   T11]  do_syscall_64+0xc1/0x1d0
[   28.699842][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   28.700019][   T11] 
[   28.700095][   T11] The buggy address belongs to the object at ffff88800a838040
[   28.700095][   T11]  which belongs to the cache net_namespace of size 6592
[   28.700473][   T11] The buggy address is located 184 bytes inside of
[   28.700473][   T11]  freed 6592-byte region [ffff88800a838040, ffff88800a839a00)
[   28.700816][   T11] 
[   28.700898][   T11] The buggy address belongs to the physical page:
[   28.701076][   T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800a83b6c0 pfn:0xa838
[   28.701364][   T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   28.701578][   T11] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[   28.701758][   T11] page_type: f5(slab)
[   28.701868][   T11] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[   28.702129][   T11] raw: ffff88800a83b6c0 0000000000040002 00000001f5000000 0000000000000000
[   28.702377][   T11] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088
[   28.702627][   T11] head: ffff88800a83b6c0 0000000000040002 00000001f5000000 0000000000000000
[   28.702872][   T11] head: 0080000000000003 ffffea00002a0e01 ffffffffffffffff 0000000000000000
[   28.703121][   T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   28.703364][   T11] page dumped because: kasan: bad access detected
[   28.703539][   T11] 
[   28.703614][   T11] Memory state around the buggy address:
[   28.703753][   T11]  ffff88800a837f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   28.703961][   T11]  ffff88800a838000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   28.704173][   T11] >ffff88800a838080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.704379][   T11]                                                                 ^
[   28.704581][   T11]  ffff88800a838100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.704792][   T11]  ffff88800a838180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.705002][   T11] ==================================================================
[   28.705257][   T11] Disabling lock debugging due to kernel taint