[ 4998.220052][    C0] ==================================================================
[ 4998.220325][    C0] BUG: KASAN: slab-use-after-free in dst_destroy+0x316/0x370
[ 4998.220564][    C0] Read of size 8 at addr ffff88800a39d730 by task swapper/0/0
[ 4998.220785][    C0] 
[ 4998.220872][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.9.0-rc6-virtme #1
[ 4998.221114][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 4998.221454][    C0] Call Trace:
[ 4998.221570][    C0]  <IRQ>
[ 4998.221652][    C0]  dump_stack_lvl+0x82/0xd0
[ 4998.221815][    C0]  print_address_description.constprop.0+0x2c/0x3b0
[ 4998.221998][    C0]  ? dst_destroy+0x316/0x370
[ 4998.222154][    C0]  print_report+0xb4/0x270
[ 4998.222302][    C0]  ? kasan_addr_to_slab+0x4e/0x90
[ 4998.222464][    C0]  kasan_report+0xbd/0xf0
[ 4998.222596][    C0]  ? dst_destroy+0x316/0x370
[ 4998.222770][    C0]  dst_destroy+0x316/0x370
[ 4998.222921][    C0]  ? rcu_do_batch+0x3be/0xfb0
[ 4998.223091][    C0]  rcu_do_batch+0x3c0/0xfb0
[ 4998.223238][    C0]  ? __pfx_rcu_do_batch+0x10/0x10
[ 4998.223390][    C0]  ? lockdep_hardirqs_on_prepare.part.0+0x14f/0x370
[ 4998.223583][    C0]  rcu_core+0x2be/0x500
[ 4998.223699][    C0]  __do_softirq+0x1f8/0x5df
[ 4998.223858][    C0]  irq_exit_rcu+0x97/0xc0
[ 4998.223984][    C0]  sysvec_apic_timer_interrupt+0x75/0x80
[ 4998.224137][    C0]  </IRQ>
[ 4998.224215][    C0]  <TASK>
[ 4998.224297][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 4998.224490][    C0] RIP: 0010:default_idle+0xf/0x20
[ 4998.224649][    C0] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 e6 30 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
[ 4998.225176][    C0] RSP: 0018:ffffffff92a07e00 EFLAGS: 00000246
[ 4998.225371][    C0] RAX: 0000000005ad0005 RBX: 1ffffffff2540fc2 RCX: ffffffff91b526a5
[ 4998.225611][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8f2aefc4
[ 4998.225834][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1005ec709c
[ 4998.226056][    C0] R10: ffff88802f6384e3 R11: ffff88802f63de40 R12: 0000000000000000
[ 4998.226286][    C0] R13: ffffffff92a31000 R14: dffffc0000000000 R15: 0000000000014770
[ 4998.226621][    C0]  ? ct_kernel_exit.constprop.0+0xc5/0xf0
[ 4998.226772][    C0]  ? cpuidle_idle_call+0x1f4/0x280
[ 4998.226928][    C0]  default_idle_call+0x6d/0xb0
[ 4998.227076][    C0]  cpuidle_idle_call+0x1f4/0x280
[ 4998.227328][    C0]  ? __pfx_cpuidle_idle_call+0x10/0x10
[ 4998.227482][    C0]  ? tsc_verify_tsc_adjust+0x5e/0x2b0
[ 4998.227634][    C0]  do_idle+0xf9/0x160
[ 4998.227751][    C0]  cpu_startup_entry+0x54/0x60
[ 4998.227993][    C0]  rest_init+0x14f/0x260
[ 4998.228104][    C0]  start_kernel+0x318/0x3d0
[ 4998.228259][    C0]  x86_64_start_reservations+0x18/0x30
[ 4998.228419][    C0]  x86_64_start_kernel+0xba/0x110
[ 4998.228566][    C0]  common_startup_64+0x12c/0x138
[ 4998.228821][    C0]  </TASK>
[ 4998.228929][    C0] 
[ 4998.229007][    C0] Allocated by task 28444:
[ 4998.229160][    C0]  kasan_save_stack+0x24/0x50
[ 4998.229311][    C0]  kasan_save_track+0x14/0x30
[ 4998.229564][    C0]  __kasan_slab_alloc+0x59/0x70
[ 4998.229713][    C0]  kmem_cache_alloc+0xef/0x270
[ 4998.229867][    C0]  copy_net_ns+0xc6/0x730
[ 4998.229981][    C0]  create_new_namespaces+0x35f/0x920
[ 4998.230136][    C0]  unshare_nsproxy_namespaces+0x8a/0x1b0
[ 4998.230378][    C0]  ksys_unshare+0x2cc/0x6e0
[ 4998.230522][    C0]  __x64_sys_unshare+0x31/0x40
[ 4998.230673][    C0]  do_syscall_64+0xc3/0x1d0
[ 4998.230825][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 4998.231099][    C0] 
[ 4998.231176][    C0] Freed by task 10:
[ 4998.231290][    C0]  kasan_save_stack+0x24/0x50
[ 4998.231446][    C0]  kasan_save_track+0x14/0x30
[ 4998.231595][    C0]  kasan_save_free_info+0x3b/0x60
[ 4998.231742][    C0]  __kasan_slab_free+0xf4/0x180
[ 4998.231888][    C0]  kmem_cache_free+0xd7/0x220
[ 4998.232037][    C0]  cleanup_net+0x7de/0xb60
[ 4998.232184][    C0]  process_one_work+0xe2c/0x1730
[ 4998.232421][    C0]  worker_thread+0x587/0xd30
[ 4998.232570][    C0]  kthread+0x28a/0x350
[ 4998.232681][    C0]  ret_from_fork+0x31/0x70
[ 4998.232863][    C0]  ret_from_fork_asm+0x1a/0x30
[ 4998.233092][    C0] 
[ 4998.233165][    C0] The buggy address belongs to the object at ffff88800a39cd80
[ 4998.233165][    C0]  which belongs to the cache net_namespace of size 6208
[ 4998.233550][    C0] The buggy address is located 2480 bytes inside of
[ 4998.233550][    C0]  freed 6208-byte region [ffff88800a39cd80, ffff88800a39e5c0)
[ 4998.233979][    C0] 
[ 4998.234053][    C0] The buggy address belongs to the physical page:
[ 4998.234239][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800a399a00 pfn:0xa398
[ 4998.234616][    C0] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 4998.234830][    C0] flags: 0x80000000000a40(workingset|slab|head|node=0|zone=1)
[ 4998.235134][    C0] page_type: 0xffffffff()
[ 4998.235247][    C0] raw: 0080000000000a40 ffff88800192d240 ffff888001932088 ffffea0000161e10
[ 4998.235505][    C0] raw: ffff88800a399a00 0000000000040002 00000001ffffffff 0000000000000000
[ 4998.235872][    C0] head: 0080000000000a40 ffff88800192d240 ffff888001932088 ffffea0000161e10
[ 4998.236124][    C0] head: ffff88800a399a00 0000000000040002 00000001ffffffff 0000000000000000
[ 4998.236371][    C0] head: 0080000000000003 ffffea000028e601 dead000000000122 00000000ffffffff
[ 4998.236626][    C0] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 4998.236884][    C0] page dumped because: kasan: bad access detected
[ 4998.237068][    C0] 
[ 4998.237144][    C0] Memory state around the buggy address:
[ 4998.237283][    C0]  ffff88800a39d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 4998.237490][    C0]  ffff88800a39d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 4998.237782][    C0] >ffff88800a39d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 4998.237987][    C0]                                      ^
[ 4998.238125][    C0]  ffff88800a39d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 4998.238343][    C0]  ffff88800a39d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 4998.238550][    C0] ==================================================================
[ 4998.238777][    C0] Disabling lock debugging due to kernel taint
[ 5005.608922][T28788] eth0: renamed from r1h0
[ 5006.546940][T28795] eth1: renamed from r1h1
[ 5007.487172][T28802] eth2: renamed from r1h2
[ 5008.435767][T28809] eth3: renamed from r1h3