[ 96.505660][ T1229] br1: port 1(vx1) entered blocking state [ 96.505943][ T1229] br1: port 1(vx1) entered disabled state [ 96.506219][ T1229] vx1: entered allmulticast mode [ 96.508253][ T1229] vx1: entered promiscuous mode [ 96.509463][ T1229] br1: port 1(vx1) entered blocking state [ 96.510110][ T1229] br1: port 1(vx1) entered forwarding state [ 96.607747][ T1230] br1: port 2(veth1) entered blocking state [ 96.608100][ T1230] br1: port 2(veth1) entered disabled state [ 96.608766][ T1230] veth1: entered allmulticast mode [ 96.610735][ T1230] veth1: entered promiscuous mode [ 96.712071][ T150] br1: port 2(veth1) entered blocking state [ 96.712406][ T150] br1: port 2(veth1) entered forwarding state [ 96.810742][ T1232] br1: port 3(veth2) entered blocking state [ 96.811255][ T1232] br1: port 3(veth2) entered disabled state [ 96.811800][ T1232] veth2: entered allmulticast mode [ 96.814846][ T1232] veth2: entered promiscuous mode [ 96.891327][ T113] br1: port 3(veth2) entered blocking state [ 96.891777][ T113] br1: port 3(veth2) entered forwarding state [ 100.382160][ T1285] br2: port 1(w1) entered blocking state [ 100.382492][ T1285] br2: port 1(w1) entered disabled state [ 100.382771][ T1285] w1: entered allmulticast mode [ 100.385465][ T1285] w1: entered promiscuous mode [ 100.967712][ T1291] br2: port 2(vx2) entered blocking state [ 100.967978][ T1291] br2: port 2(vx2) entered disabled state [ 100.968458][ T1291] vx2: entered allmulticast mode [ 100.970450][ T1291] vx2: entered promiscuous mode [ 100.978097][ T1291] br2: port 2(vx2) entered blocking state [ 100.978370][ T1291] br2: port 2(vx2) entered forwarding state [ 101.660447][ T831] br2: port 1(w1) entered blocking state [ 101.660907][ T831] br2: port 1(w1) entered forwarding state [ 103.585076][ T1323] br2: port 1(w1) entered blocking state [ 103.585484][ T1323] br2: port 1(w1) entered disabled state [ 103.585862][ T1323] w1: entered allmulticast mode [ 103.589658][ T1323] w1: entered promiscuous mode [ 104.112861][ T1329] br2: port 2(vx2) entered blocking state [ 104.113137][ T1329] br2: port 2(vx2) entered disabled state [ 104.113448][ T1329] vx2: entered allmulticast mode [ 104.115531][ T1329] vx2: entered promiscuous mode [ 104.116542][ T1329] br2: port 2(vx2) entered blocking state [ 104.116797][ T1329] br2: port 2(vx2) entered forwarding state [ 104.849924][ T113] br2: port 1(w1) entered blocking state [ 104.850366][ T113] br2: port 1(w1) entered forwarding state [ 125.675522][ T1586] veth3: entered promiscuous mode [ 154.268773][ T2075] veth3: left promiscuous mode [ 177.025464][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.127070][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.228073][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.329259][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.430478][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.531381][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.632435][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.733474][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.834496][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 177.935449][ C3] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 228.371483][ C2] net_ratelimit: 10 callbacks suppressed [ 228.371492][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.473046][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.573945][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.674872][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.775887][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.876967][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 228.977830][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 229.078953][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 229.180060][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 229.281003][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 230.061834][ T3191] vx1: left allmulticast mode [ 230.062067][ T3191] vx1: left promiscuous mode [ 230.063349][ T3191] br1: port 1(vx1) entered disabled state [ 235.217958][ T3193] br1: port 1(vx1) entered blocking state [ 235.218187][ T3193] br1: port 1(vx1) entered disabled state [ 235.218429][ T3193] vx1: entered allmulticast mode [ 235.220308][ T3193] vx1: entered promiscuous mode [ 235.221063][ T3193] br1: port 1(vx1) entered blocking state [ 235.221261][ T3193] br1: port 1(vx1) entered forwarding state [ 254.823759][ T3401] veth3: entered promiscuous mode [ 282.193891][ T3890] veth3: left promiscuous mode [ 283.349251][ T3912] vx1: left allmulticast mode [ 283.349718][ T3912] vx1: left promiscuous mode [ 283.350025][ T3912] br1: port 1(vx1) entered disabled state [ 288.468796][ T3914] br1: port 1(vx1) entered blocking state [ 288.469108][ T3914] br1: port 1(vx1) entered disabled state [ 288.469359][ T3914] vx1: entered allmulticast mode [ 288.471328][ T3914] vx1: entered promiscuous mode [ 288.472114][ T3914] br1: port 1(vx1) entered blocking state [ 288.472341][ T3914] br1: port 1(vx1) entered forwarding state [ 408.325246][ T4823] vx1: left allmulticast mode [ 408.325484][ T4823] vx1: left promiscuous mode [ 408.325790][ T4823] br1: port 1(vx1) entered disabled state [ 413.453631][ T4825] br1: port 1(vx1) entered blocking state [ 413.454021][ T4825] br1: port 1(vx1) entered disabled state [ 413.454261][ T4825] vx1: entered allmulticast mode [ 413.456556][ T4825] vx1: entered promiscuous mode [ 413.457338][ T4825] br1: port 1(vx1) entered blocking state [ 413.457557][ T4825] br1: port 1(vx1) entered forwarding state [ 420.384150][ T66] vx2: left allmulticast mode [ 420.384848][ T66] vx2: left promiscuous mode [ 420.385234][ T66] br2: port 2(vx2) entered disabled state [ 420.389352][ T66] w1: left allmulticast mode [ 420.389552][ T66] w1: left promiscuous mode [ 420.389851][ T66] br2: port 1(w1) entered disabled state [ 420.758930][ T66] vx2: left allmulticast mode [ 420.759142][ T66] vx2: left promiscuous mode [ 420.759459][ T66] br2: port 2(vx2) entered disabled state [ 420.761563][ T66] w1: left allmulticast mode [ 420.761852][ T66] w1: left promiscuous mode [ 420.762149][ T66] br2: port 1(w1) entered disabled state [ 421.085443][ T66] ================================================================== [ 421.085664][ T66] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 421.085853][ T66] Read of size 8 at addr ffff88800afd9a38 by task kworker/u16:1/66 [ 421.086041][ T66] [ 421.086111][ T66] CPU: 3 UID: 0 PID: 66 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 421.086309][ T66] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 421.086464][ T66] Workqueue: netns cleanup_net [ 421.086594][ T66] Call Trace: [ 421.086690][ T66] [ 421.086758][ T66] dump_stack_lvl+0x82/0xd0 [ 421.086892][ T66] print_address_description.constprop.0+0x2c/0x3b0 [ 421.087055][ T66] ? cleanup_net+0x932/0xa40 [ 421.087189][ T66] print_report+0xb4/0x270 [ 421.087320][ T66] ? kasan_addr_to_slab+0x25/0x80 [ 421.087448][ T66] kasan_report+0xbd/0xf0 [ 421.087544][ T66] ? cleanup_net+0x932/0xa40 [ 421.087668][ T66] cleanup_net+0x932/0xa40 [ 421.087802][ T66] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 421.087931][ T66] ? __pfx_cleanup_net+0x10/0x10 [ 421.088058][ T66] ? trace_lock_acquire+0x148/0x1f0 [ 421.088188][ T66] ? lock_acquire+0x32/0xc0 [ 421.088314][ T66] ? process_one_work+0xe0b/0x16d0 [ 421.088450][ T66] process_one_work+0xe55/0x16d0 [ 421.088577][ T66] ? __pfx___lock_release+0x10/0x10 [ 421.088708][ T66] ? __pfx_process_one_work+0x10/0x10 [ 421.088846][ T66] ? assign_work+0x16c/0x240 [ 421.088978][ T66] worker_thread+0x58c/0xce0 [ 421.089106][ T66] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 421.089260][ T66] ? __pfx_worker_thread+0x10/0x10 [ 421.089386][ T66] ? __pfx_worker_thread+0x10/0x10 [ 421.089509][ T66] kthread+0x28a/0x350 [ 421.089607][ T66] ? __pfx_kthread+0x10/0x10 [ 421.089733][ T66] ret_from_fork+0x31/0x70 [ 421.089862][ T66] ? __pfx_kthread+0x10/0x10 [ 421.089985][ T66] ret_from_fork_asm+0x1a/0x30 [ 421.090117][ T66] [ 421.090211][ T66] [ 421.090275][ T66] Allocated by task 1302: [ 421.090375][ T66] kasan_save_stack+0x24/0x50 [ 421.090502][ T66] kasan_save_track+0x14/0x30 [ 421.090625][ T66] __kasan_slab_alloc+0x59/0x70 [ 421.090748][ T66] kmem_cache_alloc_noprof+0x10b/0x350 [ 421.090879][ T66] copy_net_ns+0xc6/0x340 [ 421.090973][ T66] create_new_namespaces+0x35f/0x920 [ 421.091099][ T66] unshare_nsproxy_namespaces+0x8d/0x130 [ 421.091224][ T66] ksys_unshare+0x2a9/0x660 [ 421.091351][ T66] __x64_sys_unshare+0x31/0x40 [ 421.091473][ T66] do_syscall_64+0xc1/0x1d0 [ 421.091598][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.091757][ T66] [ 421.091822][ T66] Freed by task 66: [ 421.091917][ T66] kasan_save_stack+0x24/0x50 [ 421.092046][ T66] kasan_save_track+0x14/0x30 [ 421.092170][ T66] kasan_save_free_info+0x3b/0x60 [ 421.092294][ T66] __kasan_slab_free+0x38/0x50 [ 421.092420][ T66] kmem_cache_free+0xf8/0x330 [ 421.092545][ T66] cleanup_net+0x5a8/0xa40 [ 421.092666][ T66] process_one_work+0xe55/0x16d0 [ 421.092793][ T66] worker_thread+0x58c/0xce0 [ 421.092918][ T66] kthread+0x28a/0x350 [ 421.093012][ T66] ret_from_fork+0x31/0x70 [ 421.093135][ T66] ret_from_fork_asm+0x1a/0x30 [ 421.093256][ T66] [ 421.093319][ T66] Last potentially related work creation: [ 421.093443][ T66] kasan_save_stack+0x24/0x50 [ 421.093571][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 421.093700][ T66] insert_work+0x34/0x230 [ 421.093795][ T66] __queue_work+0x5fd/0xa40 [ 421.093918][ T66] call_timer_fn+0x13b/0x230 [ 421.094044][ T66] __run_timers+0x3ff/0x810 [ 421.094170][ T66] run_timer_softirq+0x154/0x1c0 [ 421.094293][ T66] handle_softirqs+0x1f6/0x5c0 [ 421.094420][ T66] __irq_exit_rcu+0xc4/0x100 [ 421.094544][ T66] irq_exit_rcu+0xe/0x20 [ 421.094641][ T66] sysvec_apic_timer_interrupt+0x78/0x90 [ 421.094767][ T66] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 421.094922][ T66] [ 421.094986][ T66] Second to last potentially related work creation: [ 421.095139][ T66] kasan_save_stack+0x24/0x50 [ 421.095266][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 421.095388][ T66] insert_work+0x34/0x230 [ 421.095483][ T66] __queue_work+0x5fd/0xa40 [ 421.095605][ T66] call_timer_fn+0x13b/0x230 [ 421.095730][ T66] __run_timers+0x3ff/0x810 [ 421.095852][ T66] run_timer_softirq+0x154/0x1c0 [ 421.095982][ T66] handle_softirqs+0x1f6/0x5c0 [ 421.096113][ T66] __irq_exit_rcu+0xc4/0x100 [ 421.096238][ T66] irq_exit_rcu+0xe/0x20 [ 421.096332][ T66] sysvec_apic_timer_interrupt+0x78/0x90 [ 421.096464][ T66] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 421.096618][ T66] [ 421.096681][ T66] The buggy address belongs to the object at ffff88800afd9980 [ 421.096681][ T66] which belongs to the cache net_namespace of size 6080 [ 421.097008][ T66] The buggy address is located 184 bytes inside of [ 421.097008][ T66] freed 6080-byte region [ffff88800afd9980, ffff88800afdb140) [ 421.097308][ T66] [ 421.097373][ T66] The buggy address belongs to the physical page: [ 421.097521][ T66] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800afdb2c0 pfn:0xafd8 [ 421.097769][ T66] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 421.097960][ T66] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 421.098119][ T66] page_type: f5(slab) [ 421.098217][ T66] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 421.098437][ T66] raw: ffff88800afdb2c0 0000000000050002 00000001f5000000 0000000000000000 [ 421.098654][ T66] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 421.098876][ T66] head: ffff88800afdb2c0 0000000000050002 00000001f5000000 0000000000000000 [ 421.099098][ T66] head: 0080000000000003 ffffea00002bf601 ffffffffffffffff 0000000000000000 [ 421.099316][ T66] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 421.099535][ T66] page dumped because: kasan: bad access detected [ 421.099691][ T66] [ 421.099755][ T66] Memory state around the buggy address: [ 421.099881][ T66] ffff88800afd9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 421.100060][ T66] ffff88800afd9980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.100236][ T66] >ffff88800afd9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.100421][ T66] ^ [ 421.100572][ T66] ffff88800afd9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.100755][ T66] ffff88800afd9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 421.100932][ T66] ================================================================== [ 421.101132][ T66] Disabling lock debugging due to kernel taint [ 422.485796][ T4871] vx1: left allmulticast mode [ 422.486030][ T4871] vx1: left promiscuous mode [ 422.486314][ T4871] br1: port 1(vx1) entered disabled state [ 422.702114][ T4874] br1: port 3(veth2) entered disabled state [ 422.751426][ T4875] veth2: left allmulticast mode [ 422.751641][ T4875] veth2: left promiscuous mode [ 422.751914][ T4875] br1: port 3(veth2) entered disabled state [ 422.809066][ T4876] br1: port 2(veth1) entered disabled state [ 422.863200][ T4877] veth1: left allmulticast mode [ 422.863422][ T4877] veth1: left promiscuous mode [ 422.863693][ T4877] br1: port 2(veth1) entered disabled state