[ 1368.424823][ T8985] br1: port 1(vx100) entered blocking state [ 1368.425187][ T8985] br1: port 1(vx100) entered disabled state [ 1368.425519][ T8985] vx100: entered allmulticast mode [ 1368.428533][ T8985] vx100: entered promiscuous mode [ 1368.429417][ T8985] br1: port 1(vx100) entered blocking state [ 1368.429717][ T8985] br1: port 1(vx100) entered forwarding state [ 1368.624340][ T8987] br1: port 2(veth1) entered blocking state [ 1368.624831][ T8987] br1: port 2(veth1) entered disabled state [ 1368.625365][ T8987] veth1: entered allmulticast mode [ 1368.628792][ T8987] veth1: entered promiscuous mode [ 1368.723479][ T250] br1: port 2(veth1) entered blocking state [ 1368.723815][ T250] br1: port 2(veth1) entered forwarding state [ 1369.092362][ T8993] br2: port 1(vx200) entered blocking state [ 1369.092659][ T8993] br2: port 1(vx200) entered disabled state [ 1369.092955][ T8993] vx200: entered allmulticast mode [ 1369.094931][ T8993] vx200: entered promiscuous mode [ 1369.096671][ T8993] br2: port 1(vx200) entered blocking state [ 1369.096940][ T8993] br2: port 1(vx200) entered forwarding state [ 1369.384244][ T8996] br2: port 2(veth2.20) entered blocking state [ 1369.384580][ T8996] br2: port 2(veth2.20) entered disabled state [ 1369.384891][ T8996] veth2.20: entered allmulticast mode [ 1369.386873][ T8996] veth2.20: entered promiscuous mode [ 1369.479246][ T8998] veth2: entered allmulticast mode [ 1369.479501][ T8998] veth2: entered promiscuous mode [ 1369.481036][ T8998] br2: port 2(veth2.20) entered blocking state [ 1369.481353][ T8998] br2: port 2(veth2.20) entered forwarding state [ 1373.055212][ T9050] br3: port 1(w1) entered blocking state [ 1373.055607][ T9050] br3: port 1(w1) entered disabled state [ 1373.055993][ T9050] w1: entered allmulticast mode [ 1373.059335][ T9050] w1: entered promiscuous mode [ 1373.560936][ T9056] br3: port 2(vx100) entered blocking state [ 1373.561296][ T9056] br3: port 2(vx100) entered disabled state [ 1373.561612][ T9056] vx100: entered allmulticast mode [ 1373.563580][ T9056] vx100: entered promiscuous mode [ 1373.572277][ T9056] br3: port 2(vx100) entered blocking state [ 1373.572606][ T9056] br3: port 2(vx100) entered forwarding state [ 1374.215469][ T250] br3: port 1(w1) entered blocking state [ 1374.215787][ T250] br3: port 1(w1) entered forwarding state [ 1376.925807][ T9104] br3: port 1(w1) entered blocking state [ 1376.926130][ T9104] br3: port 1(w1) entered disabled state [ 1376.926422][ T9104] w1: entered allmulticast mode [ 1376.928483][ T9104] w1: entered promiscuous mode [ 1377.446849][ T9110] br3: port 2(vx200) entered blocking state [ 1377.447181][ T9110] br3: port 2(vx200) entered disabled state [ 1377.447472][ T9110] vx200: entered allmulticast mode [ 1377.449424][ T9110] vx200: entered promiscuous mode [ 1377.453442][ T9110] br3: port 2(vx200) entered blocking state [ 1377.453888][ T9110] br3: port 2(vx200) entered forwarding state [ 1378.106488][ T250] br3: port 1(w1) entered blocking state [ 1378.106764][ T250] br3: port 1(w1) entered forwarding state [ 1379.794192][ T9149] br3: port 3(w1.20) entered blocking state [ 1379.794470][ T9149] br3: port 3(w1.20) entered disabled state [ 1379.794740][ T9149] w1.20: entered allmulticast mode [ 1379.796803][ T9149] w1.20: entered promiscuous mode [ 1380.412001][ T9162] br3: port 3(w1.20) entered blocking state [ 1380.412372][ T9162] br3: port 3(w1.20) entered forwarding state [ 1390.378081][ T11] w1.20: left allmulticast mode [ 1390.378451][ T11] w1.20: left promiscuous mode [ 1390.378967][ T11] br3: port 3(w1.20) entered disabled state [ 1390.383362][ T11] vx200: left allmulticast mode [ 1390.383584][ T11] vx200: left promiscuous mode [ 1390.383893][ T11] br3: port 2(vx200) entered disabled state [ 1390.386285][ T11] w1: left allmulticast mode [ 1390.386476][ T11] w1: left promiscuous mode [ 1390.386798][ T11] br3: port 1(w1) entered disabled state [ 1390.919330][ T11] vx100: left allmulticast mode [ 1390.919660][ T11] vx100: left promiscuous mode [ 1390.920119][ T11] br3: port 2(vx100) entered disabled state [ 1390.923402][ T11] w1: left allmulticast mode [ 1390.923711][ T11] w1: left promiscuous mode [ 1390.924243][ T11] br3: port 1(w1) entered disabled state [ 1391.246034][ T11] ================================================================== [ 1391.246274][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 1391.246490][ T11] Read of size 8 at addr ffff8880103f1a38 by task kworker/u16:0/11 [ 1391.246703][ T11] [ 1391.246780][ T11] CPU: 3 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 1391.246991][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1391.247167][ T11] Workqueue: netns cleanup_net [ 1391.247319][ T11] Call Trace: [ 1391.247429][ T11] [ 1391.247505][ T11] dump_stack_lvl+0x82/0xd0 [ 1391.247651][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 1391.247833][ T11] ? cleanup_net+0x932/0xa40 [ 1391.247976][ T11] print_report+0xb4/0x270 [ 1391.248117][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 1391.248257][ T11] kasan_report+0xbd/0xf0 [ 1391.248364][ T11] ? cleanup_net+0x932/0xa40 [ 1391.248508][ T11] cleanup_net+0x932/0xa40 [ 1391.248648][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1391.248797][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 1391.248934][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 1391.249076][ T11] ? lock_acquire+0x32/0xc0 [ 1391.249217][ T11] ? process_one_work+0xe0b/0x16d0 [ 1391.249360][ T11] process_one_work+0xe55/0x16d0 [ 1391.249501][ T11] ? __pfx___lock_release+0x10/0x10 [ 1391.249643][ T11] ? __pfx_process_one_work+0x10/0x10 [ 1391.249791][ T11] ? assign_work+0x16c/0x240 [ 1391.249931][ T11] worker_thread+0x58c/0xce0 [ 1391.250075][ T11] ? __pfx_worker_thread+0x10/0x10 [ 1391.250215][ T11] kthread+0x28a/0x350 [ 1391.250322][ T11] ? __pfx_kthread+0x10/0x10 [ 1391.250463][ T11] ret_from_fork+0x31/0x70 [ 1391.250601][ T11] ? __pfx_kthread+0x10/0x10 [ 1391.250741][ T11] ret_from_fork_asm+0x1a/0x30 [ 1391.250902][ T11] [ 1391.251009][ T11] [ 1391.251080][ T11] Allocated by task 9083: [ 1391.251186][ T11] kasan_save_stack+0x24/0x50 [ 1391.251332][ T11] kasan_save_track+0x14/0x30 [ 1391.251471][ T11] __kasan_slab_alloc+0x59/0x70 [ 1391.251611][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 1391.251751][ T11] copy_net_ns+0xc6/0x340 [ 1391.251856][ T11] create_new_namespaces+0x35f/0x920 [ 1391.252004][ T11] unshare_nsproxy_namespaces+0x8d/0x130 [ 1391.252145][ T11] ksys_unshare+0x2a9/0x660 [ 1391.252287][ T11] __x64_sys_unshare+0x31/0x40 [ 1391.252428][ T11] do_syscall_64+0xc1/0x1d0 [ 1391.252569][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.252743][ T11] [ 1391.252815][ T11] Freed by task 11: [ 1391.252918][ T11] kasan_save_stack+0x24/0x50 [ 1391.253068][ T11] kasan_save_track+0x14/0x30 [ 1391.253206][ T11] kasan_save_free_info+0x3b/0x60 [ 1391.253349][ T11] __kasan_slab_free+0x38/0x50 [ 1391.253487][ T11] kmem_cache_free+0xf8/0x330 [ 1391.253628][ T11] cleanup_net+0x5a8/0xa40 [ 1391.253769][ T11] process_one_work+0xe55/0x16d0 [ 1391.253905][ T11] worker_thread+0x58c/0xce0 [ 1391.254041][ T11] kthread+0x28a/0x350 [ 1391.254152][ T11] ret_from_fork+0x31/0x70 [ 1391.254289][ T11] ret_from_fork_asm+0x1a/0x30 [ 1391.254432][ T11] [ 1391.254503][ T11] Last potentially related work creation: [ 1391.254643][ T11] kasan_save_stack+0x24/0x50 [ 1391.254788][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 1391.254928][ T11] insert_work+0x34/0x230 [ 1391.255034][ T11] __queue_work+0x5fd/0xa40 [ 1391.255176][ T11] queue_delayed_work_on+0x8c/0xa0 [ 1391.255322][ T11] __inet_insert_ifa+0x751/0xb10 [ 1391.255466][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 1391.255611][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 1391.255756][ T11] netlink_rcv_skb+0x130/0x360 [ 1391.255903][ T11] netlink_unicast+0x44b/0x710 [ 1391.256045][ T11] netlink_sendmsg+0x723/0xbe0 [ 1391.256194][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 1391.256334][ T11] ___sys_sendmsg+0xee/0x170 [ 1391.256477][ T11] __sys_sendmsg+0x109/0x1a0 [ 1391.256618][ T11] do_syscall_64+0xc1/0x1d0 [ 1391.256762][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.256940][ T11] [ 1391.257014][ T11] Second to last potentially related work creation: [ 1391.257188][ T11] kasan_save_stack+0x24/0x50 [ 1391.257334][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 1391.257472][ T11] insert_work+0x34/0x230 [ 1391.257579][ T11] __queue_work+0x5fd/0xa40 [ 1391.257720][ T11] queue_delayed_work_on+0x8c/0xa0 [ 1391.257864][ T11] __inet_insert_ifa+0x751/0xb10 [ 1391.258008][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 1391.258151][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 1391.258300][ T11] netlink_rcv_skb+0x130/0x360 [ 1391.258450][ T11] netlink_unicast+0x44b/0x710 [ 1391.258589][ T11] netlink_sendmsg+0x723/0xbe0 [ 1391.258729][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 1391.258870][ T11] ___sys_sendmsg+0xee/0x170 [ 1391.259012][ T11] __sys_sendmsg+0x109/0x1a0 [ 1391.259155][ T11] do_syscall_64+0xc1/0x1d0 [ 1391.259296][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.259471][ T11] [ 1391.259542][ T11] The buggy address belongs to the object at ffff8880103f1980 [ 1391.259542][ T11] which belongs to the cache net_namespace of size 6080 [ 1391.259915][ T11] The buggy address is located 184 bytes inside of [ 1391.259915][ T11] freed 6080-byte region [ffff8880103f1980, ffff8880103f3140) [ 1391.260264][ T11] [ 1391.260336][ T11] The buggy address belongs to the physical page: [ 1391.260507][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880103f32c0 pfn:0x103f0 [ 1391.260787][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1391.261014][ T11] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1391.261199][ T11] page_type: f5(slab) [ 1391.261307][ T11] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1391.261553][ T11] raw: ffff8880103f32c0 0000000000050002 00000001f5000000 0000000000000000 [ 1391.261796][ T11] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1391.262050][ T11] head: ffff8880103f32c0 0000000000050002 00000001f5000000 0000000000000000 [ 1391.262303][ T11] head: 0080000000000003 ffffea000040fc01 ffffffffffffffff 0000000000000000 [ 1391.262547][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1391.262789][ T11] page dumped because: kasan: bad access detected [ 1391.262960][ T11] [ 1391.263034][ T11] Memory state around the buggy address: [ 1391.263171][ T11] ffff8880103f1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1391.263377][ T11] ffff8880103f1980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1391.263579][ T11] >ffff8880103f1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1391.263784][ T11] ^ [ 1391.263956][ T11] ffff8880103f1a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1391.264156][ T11] ffff8880103f1b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1391.264357][ T11] ================================================================== [ 1391.264582][ T11] Disabling lock debugging due to kernel taint [ 1392.524424][ T9261] vx200: left allmulticast mode [ 1392.524663][ T9261] vx200: left promiscuous mode [ 1392.524953][ T9261] br2: port 1(vx200) entered disabled state [ 1392.741296][ T9264] veth2: left allmulticast mode [ 1392.741577][ T9264] veth2: left promiscuous mode [ 1392.743280][ T9264] br2: port 2(veth2.20) entered disabled state [ 1392.761540][ T9264] veth2.20 (unregistering): left allmulticast mode [ 1392.761868][ T9264] veth2.20 (unregistering): left promiscuous mode [ 1392.762148][ T9264] br2: port 2(veth2.20) entered disabled state [ 1392.992984][ T9268] br1: port 2(veth1) entered disabled state [ 1393.047177][ T9269] veth1: left allmulticast mode [ 1393.047373][ T9269] veth1: left promiscuous mode [ 1393.047627][ T9269] br1: port 2(veth1) entered disabled state [ 1393.098974][ T9270] vx100: left allmulticast mode [ 1393.099202][ T9270] vx100: left promiscuous mode [ 1393.099602][ T9270] br1: port 1(vx100) entered disabled state