[ 10.645042][ T256] ip (256) used greatest stack depth: 24200 bytes left [ 10.795933][ T258] br0: port 1(s0) entered blocking state [ 10.796385][ T258] br0: port 1(s0) entered disabled state [ 10.796862][ T258] s0: entered allmulticast mode [ 10.798106][ T258] s0: entered promiscuous mode [ 10.876397][ T259] bond0: (slave eth0): making interface the new active one [ 10.877067][ T259] bond0: (slave eth0): Enslaving as an active interface with an up link [ 10.878766][ T154] br0: port 1(s0) entered blocking state [ 10.879081][ T154] br0: port 1(s0) entered forwarding state [ 11.273778][ T264] br0: port 2(s1) entered blocking state [ 11.273988][ T264] br0: port 2(s1) entered disabled state [ 11.274185][ T264] s1: entered allmulticast mode [ 11.275372][ T264] s1: entered promiscuous mode [ 11.363611][ T265] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 11.364873][ T39] br0: port 2(s1) entered blocking state [ 11.365067][ T39] br0: port 2(s1) entered forwarding state [ 12.078685][ T274] br0: port 3(c0) entered blocking state [ 12.078922][ T274] br0: port 3(c0) entered disabled state [ 12.079141][ T274] c0: entered allmulticast mode [ 12.080728][ T274] c0: entered promiscuous mode [ 12.174279][ T39] br0: port 3(c0) entered blocking state [ 12.174549][ T39] br0: port 3(c0) entered forwarding state [ 13.061499][ T284] bond0 (unregistering): (slave eth0): Releasing backup interface [ 13.085939][ T284] bond0 (unregistering): (slave eth1): Releasing backup interface [ 13.110383][ T284] bond0 (unregistering): Released all slaves [ 13.120712][ T39] br0: port 1(s0) entered disabled state [ 13.122650][ T39] br0: port 2(s1) entered disabled state [ 13.371957][ T288] bond0: (slave eth0): making interface the new active one [ 13.372560][ T288] bond0: (slave eth0): Enslaving as an active interface with an up link [ 13.373286][ T154] br0: port 1(s0) entered blocking state [ 13.373548][ T154] br0: port 1(s0) entered forwarding state [ 13.484543][ T289] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 13.485071][ T37] br0: port 2(s1) entered blocking state [ 13.485291][ T37] br0: port 2(s1) entered forwarding state [ 15.610831][ T309] eth0: entered promiscuous mode [ 31.006956][ T355] eth0: left promiscuous mode [ 31.421701][ T356] bond0 (unregistering): (slave eth0): Releasing backup interface [ 31.441227][ T356] bond0 (unregistering): (slave eth1): Releasing backup interface [ 31.460594][ T356] bond0 (unregistering): Released all slaves [ 31.474337][ T37] br0: port 1(s0) entered disabled state [ 31.476000][ T37] br0: port 2(s1) entered disabled state [ 31.734785][ T360] bond0: (slave eth0): making interface the new active one [ 31.736127][ T360] bond0: (slave eth0): Enslaving as an active interface with an up link [ 31.736778][ T154] br0: port 1(s0) entered blocking state [ 31.736955][ T154] br0: port 1(s0) entered forwarding state [ 31.812597][ T361] bond0: (slave eth1): Enslaving as an active interface with an up link [ 31.813162][ T37] br0: port 2(s1) entered blocking state [ 31.813366][ T37] br0: port 2(s1) entered forwarding state [ 33.731945][ T381] eth0: entered promiscuous mode [ 48.962149][ T427] eth0: left promiscuous mode [ 49.262876][ T428] bond0 (unregistering): (slave eth0): Releasing active interface [ 49.285634][ T428] bond0 (unregistering): (slave eth1): Releasing active interface [ 49.295173][ T428] bond0 (unregistering): Released all slaves [ 49.303365][ T154] br0: port 1(s0) entered disabled state [ 49.304694][ T154] br0: port 2(s1) entered disabled state [ 49.534087][ T432] bond0: (slave eth0): making interface the new active one [ 49.535090][ T432] bond0: (slave eth0): Enslaving as an active interface with an up link [ 49.535636][ T37] br0: port 1(s0) entered blocking state [ 49.535807][ T37] br0: port 1(s0) entered forwarding state [ 49.610803][ T433] bond0: (slave eth1): Enslaving as an active interface with an up link [ 49.611485][ T55] br0: port 2(s1) entered blocking state [ 49.611763][ T55] br0: port 2(s1) entered forwarding state [ 51.871522][ T456] eth0: entered promiscuous mode [ 67.159624][ T501] eth0: left promiscuous mode [ 67.320324][ T67] ================================================================== [ 67.320547][ T67] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 67.320747][ T67] Read of size 8 at addr ffff88800202c838 by task kworker/u16:1/67 [ 67.320936][ T67] [ 67.321001][ T67] CPU: 1 UID: 0 PID: 67 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 67.321200][ T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 67.321360][ T67] Workqueue: netns cleanup_net [ 67.321493][ T67] Call Trace: [ 67.321603][ T67] [ 67.321672][ T67] dump_stack_lvl+0x82/0xd0 [ 67.321804][ T67] print_address_description.constprop.0+0x2c/0x3b0 [ 67.321966][ T67] ? cleanup_net+0x932/0xa40 [ 67.322107][ T67] print_report+0xb4/0x270 [ 67.322235][ T67] ? kasan_addr_to_slab+0x25/0x80 [ 67.322365][ T67] kasan_report+0xbd/0xf0 [ 67.322463][ T67] ? cleanup_net+0x932/0xa40 [ 67.322593][ T67] cleanup_net+0x932/0xa40 [ 67.322729][ T67] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 67.322860][ T67] ? __pfx_cleanup_net+0x10/0x10 [ 67.322987][ T67] ? trace_lock_acquire+0x148/0x1f0 [ 67.323114][ T67] ? lock_acquire+0x32/0xc0 [ 67.323239][ T67] ? process_one_work+0xe0b/0x16d0 [ 67.323370][ T67] process_one_work+0xe55/0x16d0 [ 67.323498][ T67] ? __pfx___lock_release+0x10/0x10 [ 67.323625][ T67] ? __pfx_process_one_work+0x10/0x10 [ 67.323769][ T67] ? assign_work+0x16c/0x240 [ 67.323897][ T67] worker_thread+0x58c/0xce0 [ 67.324027][ T67] ? __pfx_worker_thread+0x10/0x10 [ 67.324151][ T67] kthread+0x28a/0x350 [ 67.324251][ T67] ? __pfx_kthread+0x10/0x10 [ 67.324377][ T67] ret_from_fork+0x31/0x70 [ 67.324506][ T67] ? __pfx_kthread+0x10/0x10 [ 67.324632][ T67] ret_from_fork_asm+0x1a/0x30 [ 67.324762][ T67] [ 67.324861][ T67] [ 67.324925][ T67] Allocated by task 278: [ 67.325023][ T67] kasan_save_stack+0x24/0x50 [ 67.325152][ T67] kasan_save_track+0x14/0x30 [ 67.325278][ T67] __kasan_slab_alloc+0x59/0x70 [ 67.325409][ T67] kmem_cache_alloc_noprof+0x10b/0x350 [ 67.325538][ T67] copy_net_ns+0xc6/0x340 [ 67.325637][ T67] create_new_namespaces+0x35f/0x920 [ 67.325762][ T67] unshare_nsproxy_namespaces+0x8d/0x130 [ 67.325891][ T67] ksys_unshare+0x2a9/0x660 [ 67.326019][ T67] __x64_sys_unshare+0x31/0x40 [ 67.326143][ T67] do_syscall_64+0xc1/0x1d0 [ 67.326268][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.326423][ T67] [ 67.326490][ T67] Freed by task 67: [ 67.326585][ T67] kasan_save_stack+0x24/0x50 [ 67.326710][ T67] kasan_save_track+0x14/0x30 [ 67.326834][ T67] kasan_save_free_info+0x3b/0x60 [ 67.326960][ T67] __kasan_slab_free+0x38/0x50 [ 67.327085][ T67] kmem_cache_free+0xf8/0x330 [ 67.327213][ T67] cleanup_net+0x5a8/0xa40 [ 67.327337][ T67] process_one_work+0xe55/0x16d0 [ 67.327462][ T67] worker_thread+0x58c/0xce0 [ 67.327586][ T67] kthread+0x28a/0x350 [ 67.327680][ T67] ret_from_fork+0x31/0x70 [ 67.327804][ T67] ret_from_fork_asm+0x1a/0x30 [ 67.327929][ T67] [ 67.327993][ T67] Last potentially related work creation: [ 67.328123][ T67] kasan_save_stack+0x24/0x50 [ 67.328252][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 67.328376][ T67] insert_work+0x34/0x230 [ 67.328475][ T67] __queue_work+0x5fd/0xa40 [ 67.328604][ T67] queue_delayed_work_on+0x8c/0xa0 [ 67.328731][ T67] __inet_insert_ifa+0x751/0xb10 [ 67.328859][ T67] inet_rtm_newaddr+0x833/0xbd0 [ 67.328987][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 67.329117][ T67] netlink_rcv_skb+0x130/0x360 [ 67.329258][ T67] netlink_unicast+0x44b/0x710 [ 67.329383][ T67] netlink_sendmsg+0x723/0xbe0 [ 67.329508][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 67.329650][ T67] ___sys_sendmsg+0xee/0x170 [ 67.329778][ T67] __sys_sendmsg+0x109/0x1a0 [ 67.329911][ T67] do_syscall_64+0xc1/0x1d0 [ 67.330036][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.330204][ T67] [ 67.330270][ T67] Second to last potentially related work creation: [ 67.330421][ T67] kasan_save_stack+0x24/0x50 [ 67.330553][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 67.330692][ T67] insert_work+0x34/0x230 [ 67.330787][ T67] __queue_work+0x5fd/0xa40 [ 67.330910][ T67] queue_delayed_work_on+0x8c/0xa0 [ 67.331045][ T67] __inet_insert_ifa+0x751/0xb10 [ 67.331171][ T67] inet_rtm_newaddr+0x833/0xbd0 [ 67.331297][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 67.331431][ T67] netlink_rcv_skb+0x130/0x360 [ 67.331558][ T67] netlink_unicast+0x44b/0x710 [ 67.331693][ T67] netlink_sendmsg+0x723/0xbe0 [ 67.331820][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 67.331952][ T67] ___sys_sendmsg+0xee/0x170 [ 67.332077][ T67] __sys_sendmsg+0x109/0x1a0 [ 67.332201][ T67] do_syscall_64+0xc1/0x1d0 [ 67.332325][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.332481][ T67] [ 67.332547][ T67] The buggy address belongs to the object at ffff88800202c780 [ 67.332547][ T67] which belongs to the cache net_namespace of size 5696 [ 67.332875][ T67] The buggy address is located 184 bytes inside of [ 67.332875][ T67] freed 5696-byte region [ffff88800202c780, ffff88800202ddc0) [ 67.333180][ T67] [ 67.333258][ T67] The buggy address belongs to the physical page: [ 67.333419][ T67] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2028 [ 67.333662][ T67] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.333864][ T67] flags: 0x80000000000040(head|node=0|zone=1) [ 67.334039][ T67] page_type: f5(slab) [ 67.334147][ T67] raw: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 67.334371][ T67] raw: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 67.334590][ T67] head: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 67.334813][ T67] head: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 67.335037][ T67] head: 0080000000000003 ffffea0000080a01 ffffffffffffffff 0000000000000000 [ 67.335261][ T67] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 67.335477][ T67] page dumped because: kasan: bad access detected [ 67.335629][ T67] [ 67.335758][ T67] Memory state around the buggy address: [ 67.335882][ T67] ffff88800202c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 67.336064][ T67] ffff88800202c780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.336313][ T67] >ffff88800202c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.336491][ T67] ^ [ 67.336642][ T67] ffff88800202c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.336896][ T67] ffff88800202c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.337074][ T67] ================================================================== [ 67.337326][ T67] Disabling lock debugging due to kernel taint [ 67.380554][ T503] br0: port 3(c0) entered disabled state [ 67.503630][ T503] c0 (unregistering): left allmulticast mode [ 67.503924][ T503] c0 (unregistering): left promiscuous mode [ 67.504103][ T503] br0: port 3(c0) entered disabled state [ 67.730785][ T510] br0: port 1(s0) entered disabled state [ 67.759621][ T510] bond0: (slave eth0): Releasing active interface [ 67.759886][ T510] bond0: (slave eth0): the permanent HWaddr of slave - 72:fa:c8:c0:0b:af - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 67.760356][ T510] bond0: (slave eth1): making interface the new active one [ 67.832653][ T510] s0 (unregistering): left allmulticast mode [ 67.832965][ T510] s0 (unregistering): left promiscuous mode [ 67.833137][ T510] br0: port 1(s0) entered disabled state [ 67.899996][ T511] br0: port 2(s1) entered disabled state [ 67.968507][ T511] bond0: (slave eth1): Releasing active interface [ 68.052649][ T511] s1 (unregistering): left allmulticast mode [ 68.052974][ T511] s1 (unregistering): left promiscuous mode [ 68.053161][ T511] br0: port 2(s1) entered disabled state [ 68.343827][ T67] bond0 (unregistering): Released all slaves