[ 11.482300][ T257] br0: port 1(s0) entered blocking state [ 11.483006][ T257] br0: port 1(s0) entered disabled state [ 11.483573][ T257] s0: entered allmulticast mode [ 11.485710][ T257] s0: entered promiscuous mode [ 11.573272][ T258] bond0: (slave eth0): making interface the new active one [ 11.574204][ T258] bond0: (slave eth0): Enslaving as an active interface with an up link [ 11.575788][ T45] br0: port 1(s0) entered blocking state [ 11.576090][ T45] br0: port 1(s0) entered forwarding state [ 11.990713][ T263] br0: port 2(s1) entered blocking state [ 11.991184][ T263] br0: port 2(s1) entered disabled state [ 11.991443][ T263] s1: entered allmulticast mode [ 11.993440][ T263] s1: entered promiscuous mode [ 12.094736][ T264] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 12.096122][ T45] br0: port 2(s1) entered blocking state [ 12.096399][ T45] br0: port 2(s1) entered forwarding state [ 12.915646][ T273] br0: port 3(c0) entered blocking state [ 12.915922][ T273] br0: port 3(c0) entered disabled state [ 12.916157][ T273] c0: entered allmulticast mode [ 12.917793][ T273] c0: entered promiscuous mode [ 13.011773][ T40] br0: port 3(c0) entered blocking state [ 13.012221][ T40] br0: port 3(c0) entered forwarding state [ 14.042767][ T283] bond0 (unregistering): (slave eth0): Releasing backup interface [ 14.064045][ T283] bond0 (unregistering): (slave eth1): Releasing backup interface [ 14.083673][ T283] bond0 (unregistering): Released all slaves [ 14.105854][ T40] br0: port 1(s0) entered disabled state [ 14.108240][ T40] br0: port 2(s1) entered disabled state [ 14.381235][ T287] bond0: (slave eth0): making interface the new active one [ 14.381948][ T287] bond0: (slave eth0): Enslaving as an active interface with an up link [ 14.382575][ T40] br0: port 1(s0) entered blocking state [ 14.382792][ T40] br0: port 1(s0) entered forwarding state [ 14.463612][ T288] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 14.464414][ T39] br0: port 2(s1) entered blocking state [ 14.464709][ T39] br0: port 2(s1) entered forwarding state [ 16.267803][ T305] eth0: entered promiscuous mode [ 31.496364][ T351] eth0: left promiscuous mode [ 31.964123][ T352] bond0 (unregistering): (slave eth0): Releasing backup interface [ 31.987697][ T352] bond0 (unregistering): (slave eth1): Releasing backup interface [ 32.008617][ T352] bond0 (unregistering): Released all slaves [ 32.016850][ T45] br0: port 1(s0) entered disabled state [ 32.018227][ T45] br0: port 2(s1) entered disabled state [ 32.050510][ T352] ip (352) used greatest stack depth: 23232 bytes left [ 32.287248][ T356] bond0: (slave eth0): making interface the new active one [ 32.288140][ T356] bond0: (slave eth0): Enslaving as an active interface with an up link [ 32.288906][ T45] br0: port 1(s0) entered blocking state [ 32.289137][ T45] br0: port 1(s0) entered forwarding state [ 32.388775][ T357] bond0: (slave eth1): Enslaving as an active interface with an up link [ 32.389575][ T45] br0: port 2(s1) entered blocking state [ 32.389791][ T45] br0: port 2(s1) entered forwarding state [ 34.465571][ T377] eth0: entered promiscuous mode [ 49.711311][ T423] eth0: left promiscuous mode [ 50.126346][ T424] bond0 (unregistering): (slave eth0): Releasing active interface [ 50.145598][ T424] bond0 (unregistering): (slave eth1): Releasing active interface [ 50.169328][ T424] bond0 (unregistering): Released all slaves [ 50.183176][ T40] br0: port 1(s0) entered disabled state [ 50.184455][ T40] br0: port 2(s1) entered disabled state [ 50.433359][ T428] bond0: (slave eth0): making interface the new active one [ 50.434958][ T428] bond0: (slave eth0): Enslaving as an active interface with an up link [ 50.435760][ T39] br0: port 1(s0) entered blocking state [ 50.436022][ T39] br0: port 1(s0) entered forwarding state [ 50.521374][ T429] bond0: (slave eth1): Enslaving as an active interface with an up link [ 50.522001][ T40] br0: port 2(s1) entered blocking state [ 50.522274][ T40] br0: port 2(s1) entered forwarding state [ 52.139579][ T446] eth0: entered promiscuous mode [ 67.682724][ T491] eth0: left promiscuous mode [ 67.841306][ T11] ================================================================== [ 67.841531][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 67.841737][ T11] Read of size 8 at addr ffff88800510c838 by task kworker/u16:0/11 [ 67.841930][ T11] [ 67.841997][ T11] CPU: 2 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 67.842187][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 67.842349][ T11] Workqueue: netns cleanup_net [ 67.842509][ T11] Call Trace: [ 67.842624][ T11] [ 67.842691][ T11] dump_stack_lvl+0x82/0xd0 [ 67.842831][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 67.842993][ T11] ? cleanup_net+0x932/0xa40 [ 67.843126][ T11] print_report+0xb4/0x270 [ 67.843249][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 67.843378][ T11] kasan_report+0xbd/0xf0 [ 67.843480][ T11] ? cleanup_net+0x932/0xa40 [ 67.843607][ T11] cleanup_net+0x932/0xa40 [ 67.843731][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 67.843861][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 67.843985][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 67.844114][ T11] ? lock_acquire+0x32/0xc0 [ 67.844238][ T11] ? process_one_work+0xe0b/0x16d0 [ 67.844383][ T11] process_one_work+0xe55/0x16d0 [ 67.844508][ T11] ? __pfx___lock_release+0x10/0x10 [ 67.844634][ T11] ? __pfx_process_one_work+0x10/0x10 [ 67.844763][ T11] ? assign_work+0x16c/0x240 [ 67.844891][ T11] worker_thread+0x58c/0xce0 [ 67.845030][ T11] ? __pfx_worker_thread+0x10/0x10 [ 67.845159][ T11] kthread+0x28a/0x350 [ 67.845265][ T11] ? __pfx_kthread+0x10/0x10 [ 67.845391][ T11] ret_from_fork+0x31/0x70 [ 67.845519][ T11] ? __pfx_kthread+0x10/0x10 [ 67.845641][ T11] ret_from_fork_asm+0x1a/0x30 [ 67.845771][ T11] [ 67.845874][ T11] [ 67.845938][ T11] Allocated by task 277: [ 67.846035][ T11] kasan_save_stack+0x24/0x50 [ 67.846164][ T11] kasan_save_track+0x14/0x30 [ 67.846291][ T11] __kasan_slab_alloc+0x59/0x70 [ 67.846416][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 67.846546][ T11] copy_net_ns+0xc6/0x340 [ 67.846646][ T11] create_new_namespaces+0x35f/0x920 [ 67.846776][ T11] unshare_nsproxy_namespaces+0x8d/0x130 [ 67.846907][ T11] ksys_unshare+0x2a9/0x660 [ 67.847033][ T11] __x64_sys_unshare+0x31/0x40 [ 67.847168][ T11] do_syscall_64+0xc1/0x1d0 [ 67.847293][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.847452][ T11] [ 67.847515][ T11] Freed by task 11: [ 67.847614][ T11] kasan_save_stack+0x24/0x50 [ 67.847743][ T11] kasan_save_track+0x14/0x30 [ 67.847866][ T11] kasan_save_free_info+0x3b/0x60 [ 67.848009][ T11] __kasan_slab_free+0x38/0x50 [ 67.848133][ T11] kmem_cache_free+0xf8/0x330 [ 67.848262][ T11] cleanup_net+0x5a8/0xa40 [ 67.848386][ T11] process_one_work+0xe55/0x16d0 [ 67.848510][ T11] worker_thread+0x58c/0xce0 [ 67.848632][ T11] kthread+0x28a/0x350 [ 67.848734][ T11] ret_from_fork+0x31/0x70 [ 67.848857][ T11] ret_from_fork_asm+0x1a/0x30 [ 67.848989][ T11] [ 67.849053][ T11] Last potentially related work creation: [ 67.849176][ T11] kasan_save_stack+0x24/0x50 [ 67.849312][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 67.849439][ T11] insert_work+0x34/0x230 [ 67.849535][ T11] __queue_work+0x5fd/0xa40 [ 67.849657][ T11] queue_delayed_work_on+0x8c/0xa0 [ 67.849779][ T11] __inet_insert_ifa+0x751/0xb10 [ 67.849904][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 67.850028][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 67.850150][ T11] netlink_rcv_skb+0x130/0x360 [ 67.850272][ T11] netlink_unicast+0x44b/0x710 [ 67.850396][ T11] netlink_sendmsg+0x723/0xbe0 [ 67.850520][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 67.850647][ T11] ___sys_sendmsg+0xee/0x170 [ 67.850768][ T11] __sys_sendmsg+0x109/0x1a0 [ 67.850903][ T11] do_syscall_64+0xc1/0x1d0 [ 67.851028][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.851191][ T11] [ 67.851255][ T11] Second to last potentially related work creation: [ 67.851412][ T11] kasan_save_stack+0x24/0x50 [ 67.851545][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 67.851669][ T11] insert_work+0x34/0x230 [ 67.851762][ T11] __queue_work+0x5fd/0xa40 [ 67.851888][ T11] queue_delayed_work_on+0x8c/0xa0 [ 67.852011][ T11] __inet_insert_ifa+0x751/0xb10 [ 67.852134][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 67.852274][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 67.852398][ T11] netlink_rcv_skb+0x130/0x360 [ 67.852525][ T11] netlink_unicast+0x44b/0x710 [ 67.852652][ T11] netlink_sendmsg+0x723/0xbe0 [ 67.852775][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 67.852899][ T11] ___sys_sendmsg+0xee/0x170 [ 67.853031][ T11] __sys_sendmsg+0x109/0x1a0 [ 67.853166][ T11] do_syscall_64+0xc1/0x1d0 [ 67.853301][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.853463][ T11] [ 67.853543][ T11] The buggy address belongs to the object at ffff88800510c780 [ 67.853543][ T11] which belongs to the cache net_namespace of size 5696 [ 67.853870][ T11] The buggy address is located 184 bytes inside of [ 67.853870][ T11] freed 5696-byte region [ffff88800510c780, ffff88800510ddc0) [ 67.854180][ T11] [ 67.854249][ T11] The buggy address belongs to the physical page: [ 67.854406][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5108 [ 67.854626][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.854820][ T11] flags: 0x80000000000040(head|node=0|zone=1) [ 67.854995][ T11] page_type: f5(slab) [ 67.855093][ T11] raw: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 67.855328][ T11] raw: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 67.855541][ T11] head: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 67.855780][ T11] head: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 67.856003][ T11] head: 0080000000000003 ffffea0000144201 ffffffffffffffff 0000000000000000 [ 67.856234][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 67.856450][ T11] page dumped because: kasan: bad access detected [ 67.856669][ T11] [ 67.856736][ T11] Memory state around the buggy address: [ 67.856856][ T11] ffff88800510c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.857096][ T11] ffff88800510c780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.857280][ T11] >ffff88800510c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.857461][ T11] ^ [ 67.857676][ T11] ffff88800510c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.857857][ T11] ffff88800510c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.858042][ T11] ================================================================== [ 67.858278][ T11] Disabling lock debugging due to kernel taint [ 67.878044][ T493] br0: port 3(c0) entered disabled state [ 67.988869][ T493] c0 (unregistering): left allmulticast mode [ 67.989173][ T493] c0 (unregistering): left promiscuous mode [ 67.989348][ T493] br0: port 3(c0) entered disabled state [ 68.232421][ T500] br0: port 1(s0) entered disabled state [ 68.295879][ T500] bond0: (slave eth0): Releasing active interface [ 68.296153][ T500] bond0: (slave eth0): the permanent HWaddr of slave - ea:10:45:54:72:28 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 68.296590][ T500] bond0: (slave eth1): making interface the new active one [ 68.391439][ T500] s0 (unregistering): left allmulticast mode [ 68.391729][ T500] s0 (unregistering): left promiscuous mode [ 68.391910][ T500] br0: port 1(s0) entered disabled state [ 68.461325][ T501] br0: port 2(s1) entered disabled state [ 68.513859][ T501] bond0: (slave eth1): Releasing active interface [ 68.595257][ T501] s1 (unregistering): left allmulticast mode [ 68.595539][ T501] s1 (unregistering): left promiscuous mode [ 68.595716][ T501] br0: port 2(s1) entered disabled state [ 68.832089][ T11] bond0 (unregistering): Released all slaves