[   11.035977][   T63] ==================================================================
[   11.036284][   T63] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40
[   11.036515][   T63] Read of size 8 at addr ffff888009d980f8 by task kworker/u16:1/63
[   11.036734][   T63] 
[   11.036813][   T63] CPU: 3 UID: 0 PID: 63 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1
[   11.037036][   T63] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   11.037218][   T63] Workqueue: netns cleanup_net
[   11.037369][   T63] Call Trace:
[   11.037479][   T63]  <TASK>
[   11.037561][   T63]  dump_stack_lvl+0x82/0xd0
[   11.037721][   T63]  print_address_description.constprop.0+0x2c/0x3b0
[   11.037904][   T63]  ? cleanup_net+0x932/0xa40
[   11.038064][   T63]  print_report+0xb4/0x270
[   11.038216][   T63]  ? kasan_addr_to_slab+0x25/0x80
[   11.038366][   T63]  kasan_report+0xbd/0xf0
[   11.038479][   T63]  ? cleanup_net+0x932/0xa40
[   11.038630][   T63]  cleanup_net+0x932/0xa40
[   11.038843][   T63]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   11.038994][   T63]  ? __pfx_cleanup_net+0x10/0x10
[   11.039136][   T63]  ? trace_lock_acquire+0x148/0x1f0
[   11.039287][   T63]  ? lock_acquire+0x32/0xc0
[   11.039430][   T63]  ? process_one_work+0xe0b/0x16d0
[   11.039588][   T63]  process_one_work+0xe55/0x16d0
[   11.039753][   T63]  ? __pfx___lock_release+0x10/0x10
[   11.039901][   T63]  ? __pfx_process_one_work+0x10/0x10
[   11.040051][   T63]  ? assign_work+0x16c/0x240
[   11.040201][   T63]  worker_thread+0x58c/0xce0
[   11.040374][   T63]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   11.040555][   T63]  ? __pfx_worker_thread+0x10/0x10
[   11.040705][   T63]  ? __pfx_worker_thread+0x10/0x10
[   11.040847][   T63]  kthread+0x28a/0x350
[   11.040957][   T63]  ? __pfx_kthread+0x10/0x10
[   11.041109][   T63]  ret_from_fork+0x31/0x70
[   11.041261][   T63]  ? __pfx_kthread+0x10/0x10
[   11.041414][   T63]  ret_from_fork_asm+0x1a/0x30
[   11.041564][   T63]  </TASK>
[   11.041675][   T63] 
[   11.041750][   T63] Allocated by task 226:
[   11.041862][   T63]  kasan_save_stack+0x24/0x50
[   11.042021][   T63]  kasan_save_track+0x14/0x30
[   11.042170][   T63]  __kasan_slab_alloc+0x59/0x70
[   11.042313][   T63]  kmem_cache_alloc_noprof+0x10b/0x350
[   11.042461][   T63]  copy_net_ns+0xc6/0x340
[   11.042572][   T63]  create_new_namespaces+0x35f/0x920
[   11.042732][   T63]  unshare_nsproxy_namespaces+0x8d/0x130
[   11.042875][   T63]  ksys_unshare+0x2a9/0x660
[   11.043026][   T63]  __x64_sys_unshare+0x31/0x40
[   11.043173][   T63]  do_syscall_64+0xc1/0x1d0
[   11.043316][   T63]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   11.043495][   T63] 
[   11.043569][   T63] Freed by task 63:
[   11.043688][   T63]  kasan_save_stack+0x24/0x50
[   11.043834][   T63]  kasan_save_track+0x14/0x30
[   11.043976][   T63]  kasan_save_free_info+0x3b/0x60
[   11.044121][   T63]  __kasan_slab_free+0x38/0x50
[   11.044267][   T63]  kmem_cache_free+0xf8/0x330
[   11.044408][   T63]  cleanup_net+0x5a8/0xa40
[   11.044551][   T63]  process_one_work+0xe55/0x16d0
[   11.044731][   T63]  worker_thread+0x58c/0xce0
[   11.044873][   T63]  kthread+0x28a/0x350
[   11.044970][   T63]  ret_from_fork+0x31/0x70
[   11.045099][   T63]  ret_from_fork_asm+0x1a/0x30
[   11.045226][   T63] 
[   11.045292][   T63] The buggy address belongs to the object at ffff888009d98040
[   11.045292][   T63]  which belongs to the cache net_namespace of size 5696
[   11.045642][   T63] The buggy address is located 184 bytes inside of
[   11.045642][   T63]  freed 5696-byte region [ffff888009d98040, ffff888009d99680)
[   11.045947][   T63] 
[   11.046014][   T63] The buggy address belongs to the physical page:
[   11.046170][   T63] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888009d9afc0 pfn:0x9d98
[   11.046430][   T63] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.046626][   T63] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[   11.046795][   T63] page_type: f5(slab)
[   11.046897][   T63] raw: 0080000000000240 ffff88800195f240 ffff888001962088 ffff888001962088
[   11.047123][   T63] raw: ffff888009d9afc0 0000000000050002 00000001f5000000 0000000000000000
[   11.047390][   T63] head: 0080000000000240 ffff88800195f240 ffff888001962088 ffff888001962088
[   11.047614][   T63] head: ffff888009d9afc0 0000000000050002 00000001f5000000 0000000000000000
[   11.047844][   T63] head: 0080000000000003 ffffea0000276601 ffffffffffffffff 0000000000000000
[   11.048065][   T63] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   11.048292][   T63] page dumped because: kasan: bad access detected
[   11.048452][   T63] 
[   11.048518][   T63] Memory state around the buggy address:
[   11.048648][   T63]  ffff888009d97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.048831][   T63]  ffff888009d98000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   11.049025][   T63] >ffff888009d98080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.049206][   T63]                                                                 ^
[   11.049399][   T63]  ffff888009d98100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.049590][   T63]  ffff888009d98180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.049783][   T63] ==================================================================
[   11.050001][   T63] Disabling lock debugging due to kernel taint