[ 54.594715][ T633] br1: port 1(vx1) entered blocking state [ 54.595143][ T633] br1: port 1(vx1) entered disabled state [ 54.595582][ T633] vx1: entered allmulticast mode [ 54.599322][ T633] vx1: entered promiscuous mode [ 54.601215][ T633] br1: port 1(vx1) entered blocking state [ 54.601616][ T633] br1: port 1(vx1) entered forwarding state [ 54.698114][ T634] br1: port 2(veth1) entered blocking state [ 54.698417][ T634] br1: port 2(veth1) entered disabled state [ 54.698722][ T634] veth1: entered allmulticast mode [ 54.700781][ T634] veth1: entered promiscuous mode [ 54.791957][ T37] br1: port 2(veth1) entered blocking state [ 54.792281][ T37] br1: port 2(veth1) entered forwarding state [ 54.876366][ T636] br1: port 3(veth2) entered blocking state [ 54.876821][ T636] br1: port 3(veth2) entered disabled state [ 54.877143][ T636] veth2: entered allmulticast mode [ 54.879133][ T636] veth2: entered promiscuous mode [ 54.987655][ T37] br1: port 3(veth2) entered blocking state [ 54.987961][ T37] br1: port 3(veth2) entered forwarding state [ 58.148191][ T689] br2: port 1(w1) entered blocking state [ 58.148554][ T689] br2: port 1(w1) entered disabled state [ 58.148800][ T689] w1: entered allmulticast mode [ 58.150748][ T689] w1: entered promiscuous mode [ 58.650061][ T695] br2: port 2(vx2) entered blocking state [ 58.650294][ T695] br2: port 2(vx2) entered disabled state [ 58.650532][ T695] vx2: entered allmulticast mode [ 58.652529][ T695] vx2: entered promiscuous mode [ 58.653625][ T695] br2: port 2(vx2) entered blocking state [ 58.653830][ T695] br2: port 2(vx2) entered forwarding state [ 59.278738][ T39] br2: port 1(w1) entered blocking state [ 59.279007][ T39] br2: port 1(w1) entered forwarding state [ 61.014931][ T726] br2: port 1(w1) entered blocking state [ 61.015178][ T726] br2: port 1(w1) entered disabled state [ 61.015407][ T726] w1: entered allmulticast mode [ 61.017634][ T726] w1: entered promiscuous mode [ 61.487325][ T732] br2: port 2(vx2) entered blocking state [ 61.487580][ T732] br2: port 2(vx2) entered disabled state [ 61.487809][ T732] vx2: entered allmulticast mode [ 61.489684][ T732] vx2: entered promiscuous mode [ 61.490447][ T732] br2: port 2(vx2) entered blocking state [ 61.490657][ T732] br2: port 2(vx2) entered forwarding state [ 62.094807][ T37] br2: port 1(w1) entered blocking state [ 62.095045][ T37] br2: port 1(w1) entered forwarding state [ 73.847365][ T65] vx2: left allmulticast mode [ 73.847930][ T65] vx2: left promiscuous mode [ 73.848513][ T65] br2: port 2(vx2) entered disabled state [ 73.853250][ T65] w1: left allmulticast mode [ 73.853608][ T65] w1: left promiscuous mode [ 73.854142][ T65] br2: port 1(w1) entered disabled state [ 74.290105][ T65] vx2: left allmulticast mode [ 74.290425][ T65] vx2: left promiscuous mode [ 74.290886][ T65] br2: port 2(vx2) entered disabled state [ 74.293045][ T65] w1: left allmulticast mode [ 74.293968][ T65] w1: left promiscuous mode [ 74.294456][ T65] br2: port 1(w1) entered disabled state [ 74.670643][ T65] ================================================================== [ 74.670915][ T65] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 74.671146][ T65] Read of size 8 at addr ffff88800daa1a38 by task kworker/u16:1/65 [ 74.671347][ T65] [ 74.671417][ T65] CPU: 3 UID: 0 PID: 65 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 74.671633][ T65] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 74.671801][ T65] Workqueue: netns cleanup_net [ 74.671950][ T65] Call Trace: [ 74.672063][ T65] [ 74.672145][ T65] dump_stack_lvl+0x82/0xd0 [ 74.672293][ T65] print_address_description.constprop.0+0x2c/0x3b0 [ 74.672472][ T65] ? cleanup_net+0x932/0xa40 [ 74.672623][ T65] print_report+0xb4/0x270 [ 74.672761][ T65] ? kasan_addr_to_slab+0x25/0x80 [ 74.672903][ T65] kasan_report+0xbd/0xf0 [ 74.673012][ T65] ? cleanup_net+0x932/0xa40 [ 74.673154][ T65] cleanup_net+0x932/0xa40 [ 74.673304][ T65] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 74.673448][ T65] ? __pfx_cleanup_net+0x10/0x10 [ 74.673587][ T65] ? trace_lock_acquire+0x148/0x1f0 [ 74.673730][ T65] ? lock_acquire+0x32/0xc0 [ 74.673872][ T65] ? process_one_work+0xe0b/0x16d0 [ 74.674015][ T65] process_one_work+0xe55/0x16d0 [ 74.674158][ T65] ? __pfx___lock_release+0x10/0x10 [ 74.674305][ T65] ? __pfx_process_one_work+0x10/0x10 [ 74.674450][ T65] ? assign_work+0x16c/0x240 [ 74.674593][ T65] worker_thread+0x58c/0xce0 [ 74.674741][ T65] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 74.674923][ T65] ? __pfx_worker_thread+0x10/0x10 [ 74.675065][ T65] ? __pfx_worker_thread+0x10/0x10 [ 74.675207][ T65] kthread+0x28a/0x350 [ 74.675322][ T65] ? __pfx_kthread+0x10/0x10 [ 74.675466][ T65] ret_from_fork+0x31/0x70 [ 74.675607][ T65] ? __pfx_kthread+0x10/0x10 [ 74.675750][ T65] ret_from_fork_asm+0x1a/0x30 [ 74.675897][ T65] [ 74.676004][ T65] [ 74.676075][ T65] Allocated by task 706: [ 74.676181][ T65] kasan_save_stack+0x24/0x50 [ 74.676324][ T65] kasan_save_track+0x14/0x30 [ 74.676480][ T65] __kasan_slab_alloc+0x59/0x70 [ 74.676622][ T65] kmem_cache_alloc_noprof+0x10b/0x350 [ 74.676762][ T65] copy_net_ns+0xc6/0x340 [ 74.676867][ T65] create_new_namespaces+0x35f/0x920 [ 74.677008][ T65] unshare_nsproxy_namespaces+0x8d/0x130 [ 74.677149][ T65] ksys_unshare+0x2a9/0x660 [ 74.677290][ T65] __x64_sys_unshare+0x31/0x40 [ 74.677436][ T65] do_syscall_64+0xc1/0x1d0 [ 74.677580][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.677758][ T65] [ 74.677830][ T65] Freed by task 65: [ 74.677935][ T65] kasan_save_stack+0x24/0x50 [ 74.678078][ T65] kasan_save_track+0x14/0x30 [ 74.678215][ T65] kasan_save_free_info+0x3b/0x60 [ 74.678357][ T65] __kasan_slab_free+0x38/0x50 [ 74.678498][ T65] kmem_cache_free+0xf8/0x330 [ 74.678643][ T65] cleanup_net+0x5a8/0xa40 [ 74.678781][ T65] process_one_work+0xe55/0x16d0 [ 74.678921][ T65] worker_thread+0x58c/0xce0 [ 74.679058][ T65] kthread+0x28a/0x350 [ 74.679163][ T65] ret_from_fork+0x31/0x70 [ 74.679304][ T65] ret_from_fork_asm+0x1a/0x30 [ 74.679445][ T65] [ 74.679518][ T65] Last potentially related work creation: [ 74.679661][ T65] kasan_save_stack+0x24/0x50 [ 74.679804][ T65] __kasan_record_aux_stack+0x8e/0xa0 [ 74.679947][ T65] insert_work+0x34/0x230 [ 74.680052][ T65] __queue_work+0x5fd/0xa40 [ 74.680191][ T65] queue_delayed_work_on+0x8c/0xa0 [ 74.680332][ T65] __inet_insert_ifa+0x751/0xb10 [ 74.680472][ T65] inet_rtm_newaddr+0x833/0xbd0 [ 74.680615][ T65] rtnetlink_rcv_msg+0x712/0xc10 [ 74.680764][ T65] netlink_rcv_skb+0x130/0x360 [ 74.680903][ T65] netlink_unicast+0x44b/0x710 [ 74.681042][ T65] netlink_sendmsg+0x723/0xbe0 [ 74.681186][ T65] ____sys_sendmsg+0x7ac/0xa10 [ 74.681325][ T65] ___sys_sendmsg+0xee/0x170 [ 74.681467][ T65] __sys_sendmsg+0x109/0x1a0 [ 74.681606][ T65] do_syscall_64+0xc1/0x1d0 [ 74.681750][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.681929][ T65] [ 74.682003][ T65] Second to last potentially related work creation: [ 74.682172][ T65] kasan_save_stack+0x24/0x50 [ 74.682337][ T65] __kasan_record_aux_stack+0x8e/0xa0 [ 74.682484][ T65] insert_work+0x34/0x230 [ 74.682598][ T65] __queue_work+0x5fd/0xa40 [ 74.682753][ T65] queue_delayed_work_on+0x8c/0xa0 [ 74.682929][ T65] __inet_insert_ifa+0x751/0xb10 [ 74.683111][ T65] inet_rtm_newaddr+0x833/0xbd0 [ 74.683282][ T65] rtnetlink_rcv_msg+0x712/0xc10 [ 74.683433][ T65] netlink_rcv_skb+0x130/0x360 [ 74.683576][ T65] netlink_unicast+0x44b/0x710 [ 74.683715][ T65] netlink_sendmsg+0x723/0xbe0 [ 74.683854][ T65] ____sys_sendmsg+0x7ac/0xa10 [ 74.684012][ T65] ___sys_sendmsg+0xee/0x170 [ 74.684160][ T65] __sys_sendmsg+0x109/0x1a0 [ 74.684311][ T65] do_syscall_64+0xc1/0x1d0 [ 74.684455][ T65] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.684630][ T65] [ 74.684705][ T65] The buggy address belongs to the object at ffff88800daa1980 [ 74.684705][ T65] which belongs to the cache net_namespace of size 6080 [ 74.685071][ T65] The buggy address is located 184 bytes inside of [ 74.685071][ T65] freed 6080-byte region [ffff88800daa1980, ffff88800daa3140) [ 74.685446][ T65] [ 74.685534][ T65] The buggy address belongs to the physical page: [ 74.685777][ T65] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800daa32c0 pfn:0xdaa0 [ 74.686178][ T65] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 74.686486][ T65] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 74.686749][ T65] page_type: f5(slab) [ 74.686917][ T65] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 74.687268][ T65] raw: ffff88800daa32c0 0000000000050002 00000001f5000000 0000000000000000 [ 74.687625][ T65] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 74.687998][ T65] head: ffff88800daa32c0 0000000000050002 00000001f5000000 0000000000000000 [ 74.688358][ T65] head: 0080000000000003 ffffea000036a801 ffffffffffffffff 0000000000000000 [ 74.688714][ T65] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 74.689082][ T65] page dumped because: kasan: bad access detected [ 74.689332][ T65] [ 74.689436][ T65] Memory state around the buggy address: [ 74.689634][ T65] ffff88800daa1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.689904][ T65] ffff88800daa1980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.690171][ T65] >ffff88800daa1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.690473][ T65] ^ [ 74.690714][ T65] ffff88800daa1a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.691011][ T65] ffff88800daa1b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.691303][ T65] ================================================================== [ 74.691633][ T65] Disabling lock debugging due to kernel taint [ 76.216358][ T849] vx1: left allmulticast mode [ 76.216587][ T849] vx1: left promiscuous mode [ 76.216854][ T849] br1: port 1(vx1) entered disabled state [ 76.433163][ T852] br1: port 3(veth2) entered disabled state [ 76.491945][ T853] veth2: left allmulticast mode [ 76.492156][ T853] veth2: left promiscuous mode [ 76.492424][ T853] br1: port 3(veth2) entered disabled state [ 76.551311][ T854] br1: port 2(veth1) entered disabled state [ 76.618339][ T855] veth1: left allmulticast mode [ 76.618553][ T855] veth1: left promiscuous mode [ 76.618839][ T855] br1: port 2(veth1) entered disabled state