[ 12.840881][ T258] br0: port 1(s0) entered blocking state [ 12.841547][ T258] br0: port 1(s0) entered disabled state [ 12.848901][ T258] s0: entered allmulticast mode [ 12.850573][ T258] s0: entered promiscuous mode [ 12.935647][ T259] bond0: (slave eth0): making interface the new active one [ 12.936534][ T259] bond0: (slave eth0): Enslaving as an active interface with an up link [ 12.938218][ T39] br0: port 1(s0) entered blocking state [ 12.938529][ T39] br0: port 1(s0) entered forwarding state [ 13.402656][ T264] br0: port 2(s1) entered blocking state [ 13.403147][ T264] br0: port 2(s1) entered disabled state [ 13.404355][ T264] s1: entered allmulticast mode [ 13.405907][ T264] s1: entered promiscuous mode [ 13.510458][ T265] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 13.511685][ T40] br0: port 2(s1) entered blocking state [ 13.511920][ T40] br0: port 2(s1) entered forwarding state [ 14.311523][ T273] br0: port 3(c0) entered blocking state [ 14.311786][ T273] br0: port 3(c0) entered disabled state [ 14.312024][ T273] c0: entered allmulticast mode [ 14.314030][ T273] c0: entered promiscuous mode [ 14.412791][ T37] br0: port 3(c0) entered blocking state [ 14.413027][ T37] br0: port 3(c0) entered forwarding state [ 15.048468][ T282] ip (282) used greatest stack depth: 24184 bytes left [ 15.423873][ T283] bond0 (unregistering): (slave eth0): Releasing backup interface [ 15.436608][ T283] bond0 (unregistering): (slave eth1): Releasing backup interface [ 15.455830][ T283] bond0 (unregistering): Released all slaves [ 15.466410][ T37] br0: port 1(s0) entered disabled state [ 15.468495][ T37] br0: port 2(s1) entered disabled state [ 15.743953][ T287] bond0: (slave eth0): making interface the new active one [ 15.744589][ T287] bond0: (slave eth0): Enslaving as an active interface with an up link [ 15.745252][ T40] br0: port 1(s0) entered blocking state [ 15.745464][ T40] br0: port 1(s0) entered forwarding state [ 15.831002][ T288] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 15.831733][ T40] br0: port 2(s1) entered blocking state [ 15.831951][ T40] br0: port 2(s1) entered forwarding state [ 18.104714][ T308] eth0: entered promiscuous mode [ 18.115974][ T308] ip (308) used greatest stack depth: 23440 bytes left [ 33.814764][ T354] eth0: left promiscuous mode [ 34.269830][ T355] bond0 (unregistering): (slave eth0): Releasing backup interface [ 34.297789][ T355] bond0 (unregistering): (slave eth1): Releasing backup interface [ 34.315998][ T355] bond0 (unregistering): Released all slaves [ 34.325318][ T40] br0: port 1(s0) entered disabled state [ 34.326853][ T40] br0: port 2(s1) entered disabled state [ 34.369078][ T355] ip (355) used greatest stack depth: 23232 bytes left [ 34.610836][ T360] bond0: (slave eth0): making interface the new active one [ 34.611703][ T360] bond0: (slave eth0): Enslaving as an active interface with an up link [ 34.612395][ T39] br0: port 1(s0) entered blocking state [ 34.612643][ T39] br0: port 1(s0) entered forwarding state [ 34.704874][ T361] bond0: (slave eth1): Enslaving as an active interface with an up link [ 34.705485][ T40] br0: port 2(s1) entered blocking state [ 34.705696][ T40] br0: port 2(s1) entered forwarding state [ 37.253163][ T384] eth0: entered promiscuous mode [ 52.924591][ T430] eth0: left promiscuous mode [ 53.329597][ T431] bond0 (unregistering): (slave eth0): Releasing active interface [ 53.352276][ T431] bond0 (unregistering): (slave eth1): Releasing active interface [ 53.370867][ T431] bond0 (unregistering): Released all slaves [ 53.391591][ T40] br0: port 1(s0) entered disabled state [ 53.394442][ T40] br0: port 2(s1) entered disabled state [ 53.665567][ T435] bond0: (slave eth0): making interface the new active one [ 53.666949][ T435] bond0: (slave eth0): Enslaving as an active interface with an up link [ 53.668245][ T39] br0: port 1(s0) entered blocking state [ 53.668534][ T39] br0: port 1(s0) entered forwarding state [ 53.766782][ T436] bond0: (slave eth1): Enslaving as an active interface with an up link [ 53.767444][ T37] br0: port 2(s1) entered blocking state [ 53.767641][ T37] br0: port 2(s1) entered forwarding state [ 55.638624][ T453] eth0: entered promiscuous mode [ 71.644700][ T498] eth0: left promiscuous mode [ 71.819766][ T260] ================================================================== [ 71.820106][ T260] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 71.820317][ T260] Read of size 8 at addr ffff88800aae4838 by task kworker/u16:2/260 [ 71.820517][ T260] [ 71.820590][ T260] CPU: 0 UID: 0 PID: 260 Comm: kworker/u16:2 Not tainted 6.12.0-virtme #1 [ 71.820797][ T260] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 71.820971][ T260] Workqueue: netns cleanup_net [ 71.821112][ T260] Call Trace: [ 71.821216][ T260] [ 71.821289][ T260] dump_stack_lvl+0x82/0xd0 [ 71.821436][ T260] print_address_description.constprop.0+0x2c/0x3b0 [ 71.821614][ T260] ? cleanup_net+0x932/0xa40 [ 71.821754][ T260] print_report+0xb4/0x270 [ 71.821892][ T260] ? kasan_addr_to_slab+0x25/0x80 [ 71.822028][ T260] kasan_report+0xbd/0xf0 [ 71.822132][ T260] ? cleanup_net+0x932/0xa40 [ 71.822270][ T260] cleanup_net+0x932/0xa40 [ 71.822407][ T260] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.822543][ T260] ? __pfx_cleanup_net+0x10/0x10 [ 71.822679][ T260] ? trace_lock_acquire+0x148/0x1f0 [ 71.822816][ T260] ? lock_acquire+0x32/0xc0 [ 71.822945][ T260] ? process_one_work+0xe0b/0x16d0 [ 71.823081][ T260] process_one_work+0xe55/0x16d0 [ 71.823223][ T260] ? __pfx___lock_release+0x10/0x10 [ 71.823359][ T260] ? __pfx_process_one_work+0x10/0x10 [ 71.823491][ T260] ? assign_work+0x16c/0x240 [ 71.823630][ T260] worker_thread+0x58c/0xce0 [ 71.823765][ T260] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 71.823933][ T260] ? __pfx_worker_thread+0x10/0x10 [ 71.824065][ T260] ? __pfx_worker_thread+0x10/0x10 [ 71.824204][ T260] kthread+0x28a/0x350 [ 71.824304][ T260] ? __pfx_kthread+0x10/0x10 [ 71.824443][ T260] ret_from_fork+0x31/0x70 [ 71.824576][ T260] ? __pfx_kthread+0x10/0x10 [ 71.824709][ T260] ret_from_fork_asm+0x1a/0x30 [ 71.824852][ T260] [ 71.824956][ T260] [ 71.825031][ T260] Allocated by task 277: [ 71.825130][ T260] kasan_save_stack+0x24/0x50 [ 71.825268][ T260] kasan_save_track+0x14/0x30 [ 71.825405][ T260] __kasan_slab_alloc+0x59/0x70 [ 71.825546][ T260] kmem_cache_alloc_noprof+0x10b/0x350 [ 71.825684][ T260] copy_net_ns+0xc6/0x340 [ 71.825785][ T260] create_new_namespaces+0x35f/0x920 [ 71.825942][ T260] unshare_nsproxy_namespaces+0x8d/0x130 [ 71.826088][ T260] ksys_unshare+0x2a9/0x660 [ 71.826222][ T260] __x64_sys_unshare+0x31/0x40 [ 71.826354][ T260] do_syscall_64+0xc1/0x1d0 [ 71.826493][ T260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.826664][ T260] [ 71.826738][ T260] Freed by task 260: [ 71.826864][ T260] kasan_save_stack+0x24/0x50 [ 71.826996][ T260] kasan_save_track+0x14/0x30 [ 71.827127][ T260] kasan_save_free_info+0x3b/0x60 [ 71.827261][ T260] __kasan_slab_free+0x38/0x50 [ 71.827400][ T260] kmem_cache_free+0xf8/0x330 [ 71.827537][ T260] cleanup_net+0x5a8/0xa40 [ 71.827671][ T260] process_one_work+0xe55/0x16d0 [ 71.827817][ T260] worker_thread+0x58c/0xce0 [ 71.827951][ T260] kthread+0x28a/0x350 [ 71.828057][ T260] ret_from_fork+0x31/0x70 [ 71.828201][ T260] ret_from_fork_asm+0x1a/0x30 [ 71.828336][ T260] [ 71.828408][ T260] Last potentially related work creation: [ 71.828542][ T260] kasan_save_stack+0x24/0x50 [ 71.828683][ T260] __kasan_record_aux_stack+0x8e/0xa0 [ 71.828818][ T260] insert_work+0x34/0x230 [ 71.828925][ T260] __queue_work+0x5fd/0xa40 [ 71.829054][ T260] queue_delayed_work_on+0x8c/0xa0 [ 71.829187][ T260] __inet_insert_ifa+0x751/0xb10 [ 71.829325][ T260] inet_rtm_newaddr+0x833/0xbd0 [ 71.829459][ T260] rtnetlink_rcv_msg+0x712/0xc10 [ 71.829594][ T260] netlink_rcv_skb+0x130/0x360 [ 71.829732][ T260] netlink_unicast+0x44b/0x710 [ 71.829865][ T260] netlink_sendmsg+0x723/0xbe0 [ 71.830006][ T260] ____sys_sendmsg+0x7ac/0xa10 [ 71.830136][ T260] ___sys_sendmsg+0xee/0x170 [ 71.830271][ T260] __sys_sendmsg+0x109/0x1a0 [ 71.830401][ T260] do_syscall_64+0xc1/0x1d0 [ 71.830535][ T260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.830708][ T260] [ 71.830780][ T260] Second to last potentially related work creation: [ 71.830947][ T260] kasan_save_stack+0x24/0x50 [ 71.831095][ T260] __kasan_record_aux_stack+0x8e/0xa0 [ 71.831231][ T260] insert_work+0x34/0x230 [ 71.831337][ T260] __queue_work+0x5fd/0xa40 [ 71.831475][ T260] queue_delayed_work_on+0x8c/0xa0 [ 71.831616][ T260] __inet_insert_ifa+0x751/0xb10 [ 71.831754][ T260] inet_rtm_newaddr+0x833/0xbd0 [ 71.831890][ T260] rtnetlink_rcv_msg+0x712/0xc10 [ 71.832022][ T260] netlink_rcv_skb+0x130/0x360 [ 71.832159][ T260] netlink_unicast+0x44b/0x710 [ 71.832300][ T260] netlink_sendmsg+0x723/0xbe0 [ 71.832437][ T260] ____sys_sendmsg+0x7ac/0xa10 [ 71.832571][ T260] ___sys_sendmsg+0xee/0x170 [ 71.832705][ T260] __sys_sendmsg+0x109/0x1a0 [ 71.832834][ T260] do_syscall_64+0xc1/0x1d0 [ 71.832964][ T260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.833132][ T260] [ 71.833199][ T260] The buggy address belongs to the object at ffff88800aae4780 [ 71.833199][ T260] which belongs to the cache net_namespace of size 5696 [ 71.833537][ T260] The buggy address is located 184 bytes inside of [ 71.833537][ T260] freed 5696-byte region [ffff88800aae4780, ffff88800aae5dc0) [ 71.833848][ T260] [ 71.833927][ T260] The buggy address belongs to the physical page: [ 71.834089][ T260] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaae0 [ 71.834321][ T260] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.834525][ T260] flags: 0x80000000000040(head|node=0|zone=1) [ 71.834690][ T260] page_type: f5(slab) [ 71.834794][ T260] raw: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 71.835032][ T260] raw: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 71.835258][ T260] head: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 71.835498][ T260] head: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 71.835728][ T260] head: 0080000000000003 ffffea00002ab801 ffffffffffffffff 0000000000000000 [ 71.835957][ T260] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 71.836193][ T260] page dumped because: kasan: bad access detected [ 71.836354][ T260] [ 71.836420][ T260] Memory state around the buggy address: [ 71.836557][ T260] ffff88800aae4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.836742][ T260] ffff88800aae4780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.836931][ T260] >ffff88800aae4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.837121][ T260] ^ [ 71.837288][ T260] ffff88800aae4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.837474][ T260] ffff88800aae4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.837660][ T260] ================================================================== [ 71.837895][ T260] Disabling lock debugging due to kernel taint [ 71.869084][ T500] br0: port 3(c0) entered disabled state [ 71.997690][ T500] c0 (unregistering): left allmulticast mode [ 71.998013][ T500] c0 (unregistering): left promiscuous mode [ 71.998243][ T500] br0: port 3(c0) entered disabled state [ 72.278386][ T507] br0: port 1(s0) entered disabled state [ 72.339770][ T507] bond0: (slave eth0): Releasing active interface [ 72.340045][ T507] bond0: (slave eth0): the permanent HWaddr of slave - 3e:1b:ac:48:45:14 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 72.340666][ T507] bond0: (slave eth1): making interface the new active one [ 72.444649][ T507] s0 (unregistering): left allmulticast mode [ 72.444946][ T507] s0 (unregistering): left promiscuous mode [ 72.445138][ T507] br0: port 1(s0) entered disabled state [ 72.541862][ T508] br0: port 2(s1) entered disabled state [ 72.623371][ T508] bond0: (slave eth1): Releasing active interface [ 72.730788][ T508] s1 (unregistering): left allmulticast mode [ 72.731145][ T508] s1 (unregistering): left promiscuous mode [ 72.731444][ T508] br0: port 2(s1) entered disabled state [ 73.002106][ T260] bond0 (unregistering): Released all slaves