[ 12.144961][ T258] br0: port 1(s0) entered blocking state [ 12.145625][ T258] br0: port 1(s0) entered disabled state [ 12.145931][ T258] s0: entered allmulticast mode [ 12.148023][ T258] s0: entered promiscuous mode [ 12.256719][ T259] bond0: (slave eth0): making interface the new active one [ 12.257409][ T259] bond0: (slave eth0): Enslaving as an active interface with an up link [ 12.258788][ T69] br0: port 1(s0) entered blocking state [ 12.259112][ T69] br0: port 1(s0) entered forwarding state [ 12.672379][ T264] br0: port 2(s1) entered blocking state [ 12.672604][ T264] br0: port 2(s1) entered disabled state [ 12.672816][ T264] s1: entered allmulticast mode [ 12.674022][ T264] s1: entered promiscuous mode [ 12.761004][ T265] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 12.762112][ T69] br0: port 2(s1) entered blocking state [ 12.762308][ T69] br0: port 2(s1) entered forwarding state [ 13.519548][ T273] br0: port 3(c0) entered blocking state [ 13.519817][ T273] br0: port 3(c0) entered disabled state [ 13.520040][ T273] c0: entered allmulticast mode [ 13.521663][ T273] c0: entered promiscuous mode [ 13.608607][ T37] br0: port 3(c0) entered blocking state [ 13.608806][ T37] br0: port 3(c0) entered forwarding state [ 14.230377][ T282] ip (282) used greatest stack depth: 23720 bytes left [ 14.597915][ T283] bond0 (unregistering): (slave eth0): Releasing backup interface [ 14.623969][ T283] bond0 (unregistering): (slave eth1): Releasing backup interface [ 14.643950][ T283] bond0 (unregistering): Released all slaves [ 14.654804][ T69] br0: port 1(s0) entered disabled state [ 14.657160][ T69] br0: port 2(s1) entered disabled state [ 14.976223][ T287] bond0: (slave eth0): making interface the new active one [ 14.976921][ T287] bond0: (slave eth0): Enslaving as an active interface with an up link [ 14.977613][ T69] br0: port 1(s0) entered blocking state [ 14.977841][ T69] br0: port 1(s0) entered forwarding state [ 15.067112][ T288] bond0: (slave eth1): Enslaving as a backup interface with an up link [ 15.067696][ T37] br0: port 2(s1) entered blocking state [ 15.067908][ T37] br0: port 2(s1) entered forwarding state [ 17.143469][ T306] eth0: entered promiscuous mode [ 33.095066][ T352] eth0: left promiscuous mode [ 33.576955][ T353] bond0 (unregistering): (slave eth0): Releasing backup interface [ 33.599275][ T353] bond0 (unregistering): (slave eth1): Releasing backup interface [ 33.622917][ T353] bond0 (unregistering): Released all slaves [ 33.632009][ T37] br0: port 1(s0) entered disabled state [ 33.634444][ T37] br0: port 2(s1) entered disabled state [ 33.928608][ T357] bond0: (slave eth0): making interface the new active one [ 33.929415][ T357] bond0: (slave eth0): Enslaving as an active interface with an up link [ 33.930060][ T304] br0: port 1(s0) entered blocking state [ 33.930332][ T304] br0: port 1(s0) entered forwarding state [ 34.046204][ T358] bond0: (slave eth1): Enslaving as an active interface with an up link [ 34.046941][ T37] br0: port 2(s1) entered blocking state [ 34.047298][ T37] br0: port 2(s1) entered forwarding state [ 35.927614][ T375] eth0: entered promiscuous mode [ 51.989287][ T422] eth0: left promiscuous mode [ 52.464664][ T423] bond0 (unregistering): (slave eth0): Releasing active interface [ 52.494872][ T423] bond0 (unregistering): (slave eth1): Releasing active interface [ 52.516052][ T423] bond0 (unregistering): Released all slaves [ 52.529999][ T304] br0: port 1(s0) entered disabled state [ 52.532083][ T304] br0: port 2(s1) entered disabled state [ 52.837475][ T428] bond0: (slave eth0): making interface the new active one [ 52.838476][ T428] bond0: (slave eth0): Enslaving as an active interface with an up link [ 52.839163][ T69] br0: port 1(s0) entered blocking state [ 52.839453][ T69] br0: port 1(s0) entered forwarding state [ 52.927147][ T429] bond0: (slave eth1): Enslaving as an active interface with an up link [ 52.928096][ T304] br0: port 2(s1) entered blocking state [ 52.928466][ T304] br0: port 2(s1) entered forwarding state [ 55.332760][ T449] eth0: entered promiscuous mode [ 71.276537][ T494] eth0: left promiscuous mode [ 71.468681][ T11] ================================================================== [ 71.469011][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 71.469309][ T11] Read of size 8 at addr ffff888005b8c838 by task kworker/u16:0/11 [ 71.469600][ T11] [ 71.469701][ T11] CPU: 2 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 71.469990][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 71.470224][ T11] Workqueue: netns cleanup_net [ 71.470440][ T11] Call Trace: [ 71.470589][ T11] [ 71.470694][ T11] dump_stack_lvl+0x82/0xd0 [ 71.470894][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 71.471139][ T11] ? cleanup_net+0x932/0xa40 [ 71.471339][ T11] print_report+0xb4/0x270 [ 71.471529][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 71.471723][ T11] kasan_report+0xbd/0xf0 [ 71.471871][ T11] ? cleanup_net+0x932/0xa40 [ 71.472068][ T11] cleanup_net+0x932/0xa40 [ 71.472256][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.472449][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 71.472642][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 71.472839][ T11] ? lock_acquire+0x32/0xc0 [ 71.473026][ T11] ? process_one_work+0xe0b/0x16d0 [ 71.473226][ T11] process_one_work+0xe55/0x16d0 [ 71.473421][ T11] ? __pfx___lock_release+0x10/0x10 [ 71.473613][ T11] ? __pfx_process_one_work+0x10/0x10 [ 71.473807][ T11] ? assign_work+0x16c/0x240 [ 71.473998][ T11] worker_thread+0x58c/0xce0 [ 71.474192][ T11] ? __pfx_worker_thread+0x10/0x10 [ 71.474386][ T11] kthread+0x28a/0x350 [ 71.474532][ T11] ? __pfx_kthread+0x10/0x10 [ 71.474723][ T11] ret_from_fork+0x31/0x70 [ 71.474914][ T11] ? __pfx_kthread+0x10/0x10 [ 71.475105][ T11] ret_from_fork_asm+0x1a/0x30 [ 71.475306][ T11] [ 71.475454][ T11] [ 71.475550][ T11] Allocated by task 277: [ 71.475689][ T11] kasan_save_stack+0x24/0x50 [ 71.475891][ T11] kasan_save_track+0x14/0x30 [ 71.476080][ T11] __kasan_slab_alloc+0x59/0x70 [ 71.476271][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 71.476467][ T11] copy_net_ns+0xc6/0x340 [ 71.476620][ T11] create_new_namespaces+0x35f/0x920 [ 71.476809][ T11] unshare_nsproxy_namespaces+0x8d/0x130 [ 71.476999][ T11] ksys_unshare+0x2a9/0x660 [ 71.477193][ T11] __x64_sys_unshare+0x31/0x40 [ 71.477382][ T11] do_syscall_64+0xc1/0x1d0 [ 71.477573][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.477817][ T11] [ 71.477918][ T11] Freed by task 11: [ 71.478049][ T11] kasan_save_stack+0x24/0x50 [ 71.478233][ T11] kasan_save_track+0x14/0x30 [ 71.478423][ T11] kasan_save_free_info+0x3b/0x60 [ 71.478612][ T11] __kasan_slab_free+0x38/0x50 [ 71.478807][ T11] kmem_cache_free+0xf8/0x330 [ 71.478998][ T11] cleanup_net+0x5a8/0xa40 [ 71.479188][ T11] process_one_work+0xe55/0x16d0 [ 71.479388][ T11] worker_thread+0x58c/0xce0 [ 71.479577][ T11] kthread+0x28a/0x350 [ 71.479722][ T11] ret_from_fork+0x31/0x70 [ 71.479916][ T11] ret_from_fork_asm+0x1a/0x30 [ 71.480111][ T11] [ 71.480202][ T11] Last potentially related work creation: [ 71.480379][ T11] kasan_save_stack+0x24/0x50 [ 71.480568][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 71.480758][ T11] insert_work+0x34/0x230 [ 71.480901][ T11] __queue_work+0x5fd/0xa40 [ 71.481098][ T11] queue_delayed_work_on+0x8c/0xa0 [ 71.481292][ T11] __inet_insert_ifa+0x751/0xb10 [ 71.481486][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 71.481681][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 71.481877][ T11] netlink_rcv_skb+0x130/0x360 [ 71.482075][ T11] netlink_unicast+0x44b/0x710 [ 71.482264][ T11] netlink_sendmsg+0x723/0xbe0 [ 71.482459][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 71.482658][ T11] ___sys_sendmsg+0xee/0x170 [ 71.482849][ T11] __sys_sendmsg+0x109/0x1a0 [ 71.483048][ T11] do_syscall_64+0xc1/0x1d0 [ 71.483236][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.483472][ T11] [ 71.483570][ T11] Second to last potentially related work creation: [ 71.483810][ T11] kasan_save_stack+0x24/0x50 [ 71.484004][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 71.484203][ T11] insert_work+0x34/0x230 [ 71.484340][ T11] __queue_work+0x5fd/0xa40 [ 71.484530][ T11] queue_delayed_work_on+0x8c/0xa0 [ 71.484725][ T11] __inet_insert_ifa+0x751/0xb10 [ 71.484924][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 71.485128][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 71.485319][ T11] netlink_rcv_skb+0x130/0x360 [ 71.485511][ T11] netlink_unicast+0x44b/0x710 [ 71.485703][ T11] netlink_sendmsg+0x723/0xbe0 [ 71.485898][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 71.486086][ T11] ___sys_sendmsg+0xee/0x170 [ 71.486279][ T11] __sys_sendmsg+0x109/0x1a0 [ 71.486476][ T11] do_syscall_64+0xc1/0x1d0 [ 71.486668][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.486912][ T11] [ 71.487009][ T11] The buggy address belongs to the object at ffff888005b8c780 [ 71.487009][ T11] which belongs to the cache net_namespace of size 5696 [ 71.487507][ T11] The buggy address is located 184 bytes inside of [ 71.487507][ T11] freed 5696-byte region [ffff888005b8c780, ffff888005b8ddc0) [ 71.487960][ T11] [ 71.488054][ T11] The buggy address belongs to the physical page: [ 71.488279][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b88 [ 71.488619][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.488916][ T11] flags: 0x80000000000040(head|node=0|zone=1) [ 71.489162][ T11] page_type: f5(slab) [ 71.489330][ T11] raw: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 71.489688][ T11] raw: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 71.490022][ T11] head: 0080000000000040 ffff888001965240 ffff88800196a0a8 ffff88800196a0a8 [ 71.490363][ T11] head: 0000000000000000 0000000000050005 00000001f5000000 0000000000000000 [ 71.490709][ T11] head: 0080000000000003 ffffea000016e201 ffffffffffffffff 0000000000000000 [ 71.491048][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 71.491374][ T11] page dumped because: kasan: bad access detected [ 71.491607][ T11] [ 71.491702][ T11] Memory state around the buggy address: [ 71.491895][ T11] ffff888005b8c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.492165][ T11] ffff888005b8c780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.492447][ T11] >ffff888005b8c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.492716][ T11] ^ [ 71.492940][ T11] ffff888005b8c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.493214][ T11] ffff888005b8c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.493491][ T11] ================================================================== [ 71.493842][ T11] Disabling lock debugging due to kernel taint [ 71.516853][ T496] br0: port 3(c0) entered disabled state [ 71.639754][ T496] c0 (unregistering): left allmulticast mode [ 71.640091][ T496] c0 (unregistering): left promiscuous mode [ 71.640335][ T496] br0: port 3(c0) entered disabled state [ 71.927934][ T503] br0: port 1(s0) entered disabled state [ 72.020684][ T503] bond0: (slave eth0): Releasing active interface [ 72.020921][ T503] bond0: (slave eth0): the permanent HWaddr of slave - e2:00:e1:79:28:b7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 72.021446][ T503] bond0: (slave eth1): making interface the new active one [ 72.158686][ T503] s0 (unregistering): left allmulticast mode [ 72.158948][ T503] s0 (unregistering): left promiscuous mode [ 72.159149][ T503] br0: port 1(s0) entered disabled state [ 72.253649][ T504] br0: port 2(s1) entered disabled state [ 72.343857][ T504] bond0: (slave eth1): Releasing active interface [ 72.456695][ T504] s1 (unregistering): left allmulticast mode [ 72.456965][ T504] s1 (unregistering): left promiscuous mode [ 72.457150][ T504] br0: port 2(s1) entered disabled state [ 72.769934][ T11] bond0 (unregistering): Released all slaves