[ 374.928758][ T3137] br1: port 1(vx1) entered blocking state [ 374.928998][ T3137] br1: port 1(vx1) entered disabled state [ 374.929229][ T3137] vx1: entered allmulticast mode [ 374.941261][ T3137] vx1: entered promiscuous mode [ 374.943001][ T3137] br1: port 1(vx1) entered blocking state [ 374.943355][ T3137] br1: port 1(vx1) entered forwarding state [ 375.038841][ T3138] br1: port 2(veth1) entered blocking state [ 375.039161][ T3138] br1: port 2(veth1) entered disabled state [ 375.039459][ T3138] veth1: entered allmulticast mode [ 375.041548][ T3138] veth1: entered promiscuous mode [ 375.136032][ T39] br1: port 2(veth1) entered blocking state [ 375.136471][ T39] br1: port 2(veth1) entered forwarding state [ 375.217854][ T3140] br1: port 3(veth2) entered blocking state [ 375.218150][ T3140] br1: port 3(veth2) entered disabled state [ 375.218454][ T3140] veth2: entered allmulticast mode [ 375.220470][ T3140] veth2: entered promiscuous mode [ 375.308006][ T39] br1: port 3(veth2) entered blocking state [ 375.308299][ T39] br1: port 3(veth2) entered forwarding state [ 378.982798][ T3194] br2: port 1(w1) entered blocking state [ 378.983139][ T3194] br2: port 1(w1) entered disabled state [ 378.983459][ T3194] w1: entered allmulticast mode [ 378.985543][ T3194] w1: entered promiscuous mode [ 379.581298][ T3200] br2: port 2(vx2) entered blocking state [ 379.581610][ T3200] br2: port 2(vx2) entered disabled state [ 379.581879][ T3200] vx2: entered allmulticast mode [ 379.584002][ T3200] vx2: entered promiscuous mode [ 379.584971][ T3200] br2: port 2(vx2) entered blocking state [ 379.585265][ T3200] br2: port 2(vx2) entered forwarding state [ 380.304385][ T39] br2: port 1(w1) entered blocking state [ 380.304774][ T39] br2: port 1(w1) entered forwarding state [ 382.242901][ T3232] br2: port 1(w1) entered blocking state [ 382.243252][ T3232] br2: port 1(w1) entered disabled state [ 382.243592][ T3232] w1: entered allmulticast mode [ 382.245687][ T3232] w1: entered promiscuous mode [ 382.800484][ T3238] br2: port 2(vx2) entered blocking state [ 382.800935][ T3238] br2: port 2(vx2) entered disabled state [ 382.801349][ T3238] vx2: entered allmulticast mode [ 382.803770][ T3238] vx2: entered promiscuous mode [ 382.804643][ T3238] br2: port 2(vx2) entered blocking state [ 382.804877][ T3238] br2: port 2(vx2) entered forwarding state [ 383.623857][ T151] br2: port 1(w1) entered blocking state [ 383.624172][ T151] br2: port 1(w1) entered forwarding state [ 404.656261][ T3495] veth3: entered promiscuous mode [ 432.751492][ T3984] veth3: left promiscuous mode [ 455.343356][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.444797][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.545703][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.646645][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.747587][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.848477][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 455.949426][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 456.050270][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 456.151162][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 456.252104][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 505.670501][ C0] net_ratelimit: 10 callbacks suppressed [ 505.670509][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 505.772019][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 505.872954][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 505.973932][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.075096][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.176252][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.277478][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.378662][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.479723][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 506.580586][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 507.335068][ T5100] vx1: left allmulticast mode [ 507.335309][ T5100] vx1: left promiscuous mode [ 507.335779][ T5100] br1: port 1(vx1) entered disabled state [ 512.465789][ T5102] br1: port 1(vx1) entered blocking state [ 512.466046][ T5102] br1: port 1(vx1) entered disabled state [ 512.466270][ T5102] vx1: entered allmulticast mode [ 512.468236][ T5102] vx1: entered promiscuous mode [ 512.469016][ T5102] br1: port 1(vx1) entered blocking state [ 512.469238][ T5102] br1: port 1(vx1) entered forwarding state [ 531.987358][ T5310] veth3: entered promiscuous mode [ 559.919009][ T5799] veth3: left promiscuous mode [ 561.036541][ T5821] vx1: left allmulticast mode [ 561.036769][ T5821] vx1: left promiscuous mode [ 561.037100][ T5821] br1: port 1(vx1) entered disabled state [ 566.174586][ T5823] br1: port 1(vx1) entered blocking state [ 566.174826][ T5823] br1: port 1(vx1) entered disabled state [ 566.175065][ T5823] vx1: entered allmulticast mode [ 566.177087][ T5823] vx1: entered promiscuous mode [ 566.177884][ T5823] br1: port 1(vx1) entered blocking state [ 566.178107][ T5823] br1: port 1(vx1) entered forwarding state [ 687.071644][ T6732] vx1: left allmulticast mode [ 687.071868][ T6732] vx1: left promiscuous mode [ 687.072177][ T6732] br1: port 1(vx1) entered disabled state [ 692.203867][ T6734] br1: port 1(vx1) entered blocking state [ 692.204173][ T6734] br1: port 1(vx1) entered disabled state [ 692.204539][ T6734] vx1: entered allmulticast mode [ 692.206468][ T6734] vx1: entered promiscuous mode [ 692.207245][ T6734] br1: port 1(vx1) entered blocking state [ 692.207471][ T6734] br1: port 1(vx1) entered forwarding state [ 699.091921][ T66] vx2: left allmulticast mode [ 699.092982][ T66] vx2: left promiscuous mode [ 699.093432][ T66] br2: port 2(vx2) entered disabled state [ 699.097890][ T66] w1: left allmulticast mode [ 699.098191][ T66] w1: left promiscuous mode [ 699.098531][ T66] br2: port 1(w1) entered disabled state [ 699.530452][ T66] vx2: left allmulticast mode [ 699.530667][ T66] vx2: left promiscuous mode [ 699.530980][ T66] br2: port 2(vx2) entered disabled state [ 699.534069][ T66] w1: left allmulticast mode [ 699.534270][ T66] w1: left promiscuous mode [ 699.535275][ T66] br2: port 1(w1) entered disabled state [ 699.875040][ T66] ================================================================== [ 699.875264][ T66] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 699.875459][ T66] Read of size 8 at addr ffff88800e311a38 by task kworker/u16:1/66 [ 699.875635][ T66] [ 699.875701][ T66] CPU: 0 UID: 0 PID: 66 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 699.875890][ T66] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 699.876044][ T66] Workqueue: netns cleanup_net [ 699.876180][ T66] Call Trace: [ 699.876282][ T66] [ 699.876359][ T66] dump_stack_lvl+0x82/0xd0 [ 699.876488][ T66] print_address_description.constprop.0+0x2c/0x3b0 [ 699.876646][ T66] ? cleanup_net+0x932/0xa40 [ 699.876773][ T66] print_report+0xb4/0x270 [ 699.876898][ T66] ? kasan_addr_to_slab+0x25/0x80 [ 699.877025][ T66] kasan_report+0xbd/0xf0 [ 699.877121][ T66] ? cleanup_net+0x932/0xa40 [ 699.877251][ T66] cleanup_net+0x932/0xa40 [ 699.877379][ T66] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 699.877509][ T66] ? __pfx_cleanup_net+0x10/0x10 [ 699.877634][ T66] ? trace_lock_acquire+0x148/0x1f0 [ 699.877760][ T66] ? lock_acquire+0x32/0xc0 [ 699.877883][ T66] ? process_one_work+0xe0b/0x16d0 [ 699.878010][ T66] process_one_work+0xe55/0x16d0 [ 699.878135][ T66] ? __pfx___lock_release+0x10/0x10 [ 699.878260][ T66] ? __pfx_process_one_work+0x10/0x10 [ 699.878392][ T66] ? assign_work+0x16c/0x240 [ 699.878518][ T66] worker_thread+0x58c/0xce0 [ 699.878645][ T66] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 699.878800][ T66] ? __pfx_worker_thread+0x10/0x10 [ 699.878924][ T66] ? __pfx_worker_thread+0x10/0x10 [ 699.879050][ T66] kthread+0x28a/0x350 [ 699.879144][ T66] ? __pfx_kthread+0x10/0x10 [ 699.879269][ T66] ret_from_fork+0x31/0x70 [ 699.879396][ T66] ? __pfx_kthread+0x10/0x10 [ 699.879520][ T66] ret_from_fork_asm+0x1a/0x30 [ 699.879648][ T66] [ 699.879742][ T66] [ 699.879805][ T66] Allocated by task 3211: [ 699.879899][ T66] kasan_save_stack+0x24/0x50 [ 699.880025][ T66] kasan_save_track+0x14/0x30 [ 699.880149][ T66] __kasan_slab_alloc+0x59/0x70 [ 699.880273][ T66] kmem_cache_alloc_noprof+0x10b/0x350 [ 699.880404][ T66] copy_net_ns+0xc6/0x340 [ 699.880501][ T66] create_new_namespaces+0x35f/0x920 [ 699.880638][ T66] unshare_nsproxy_namespaces+0x8d/0x130 [ 699.880761][ T66] ksys_unshare+0x2a9/0x660 [ 699.880887][ T66] __x64_sys_unshare+0x31/0x40 [ 699.881012][ T66] do_syscall_64+0xc1/0x1d0 [ 699.881140][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.881299][ T66] [ 699.881364][ T66] Freed by task 66: [ 699.881457][ T66] kasan_save_stack+0x24/0x50 [ 699.881583][ T66] kasan_save_track+0x14/0x30 [ 699.881708][ T66] kasan_save_free_info+0x3b/0x60 [ 699.881833][ T66] __kasan_slab_free+0x38/0x50 [ 699.881958][ T66] kmem_cache_free+0xf8/0x330 [ 699.882084][ T66] cleanup_net+0x5a8/0xa40 [ 699.882206][ T66] process_one_work+0xe55/0x16d0 [ 699.882332][ T66] worker_thread+0x58c/0xce0 [ 699.882456][ T66] kthread+0x28a/0x350 [ 699.882553][ T66] ret_from_fork+0x31/0x70 [ 699.882674][ T66] ret_from_fork_asm+0x1a/0x30 [ 699.882799][ T66] [ 699.882863][ T66] Last potentially related work creation: [ 699.882989][ T66] kasan_save_stack+0x24/0x50 [ 699.883117][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 699.883240][ T66] insert_work+0x34/0x230 [ 699.883336][ T66] __queue_work+0x5fd/0xa40 [ 699.883463][ T66] call_timer_fn+0x13b/0x230 [ 699.883591][ T66] __run_timers+0x3ff/0x810 [ 699.883722][ T66] run_timer_softirq+0x154/0x1c0 [ 699.883847][ T66] handle_softirqs+0x1f6/0x5c0 [ 699.883975][ T66] __irq_exit_rcu+0xc4/0x100 [ 699.884098][ T66] irq_exit_rcu+0xe/0x20 [ 699.884194][ T66] sysvec_apic_timer_interrupt+0x78/0x90 [ 699.884321][ T66] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 699.884488][ T66] [ 699.884553][ T66] Second to last potentially related work creation: [ 699.884704][ T66] kasan_save_stack+0x24/0x50 [ 699.884835][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 699.884958][ T66] insert_work+0x34/0x230 [ 699.885052][ T66] __queue_work+0x5fd/0xa40 [ 699.885173][ T66] call_timer_fn+0x13b/0x230 [ 699.885297][ T66] __run_timers+0x3ff/0x810 [ 699.885420][ T66] run_timer_softirq+0x154/0x1c0 [ 699.885545][ T66] handle_softirqs+0x1f6/0x5c0 [ 699.885668][ T66] __irq_exit_rcu+0xc4/0x100 [ 699.885794][ T66] irq_exit_rcu+0xe/0x20 [ 699.885888][ T66] sysvec_apic_timer_interrupt+0x78/0x90 [ 699.886013][ T66] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 699.886177][ T66] [ 699.886242][ T66] The buggy address belongs to the object at ffff88800e311980 [ 699.886242][ T66] which belongs to the cache net_namespace of size 6080 [ 699.886580][ T66] The buggy address is located 184 bytes inside of [ 699.886580][ T66] freed 6080-byte region [ffff88800e311980, ffff88800e313140) [ 699.886878][ T66] [ 699.886942][ T66] The buggy address belongs to the physical page: [ 699.887091][ T66] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800e3132c0 pfn:0xe310 [ 699.887359][ T66] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 699.887550][ T66] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 699.887713][ T66] page_type: f5(slab) [ 699.887813][ T66] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 699.888035][ T66] raw: ffff88800e3132c0 0000000000050002 00000001f5000000 0000000000000000 [ 699.888250][ T66] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 699.888473][ T66] head: ffff88800e3132c0 0000000000050002 00000001f5000000 0000000000000000 [ 699.888691][ T66] head: 0080000000000003 ffffea000038c401 ffffffffffffffff 0000000000000000 [ 699.888910][ T66] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 699.889125][ T66] page dumped because: kasan: bad access detected [ 699.889281][ T66] [ 699.889344][ T66] Memory state around the buggy address: [ 699.889464][ T66] ffff88800e311900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 699.889646][ T66] ffff88800e311980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 699.889826][ T66] >ffff88800e311a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 699.890008][ T66] ^ [ 699.890154][ T66] ffff88800e311a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 699.890334][ T66] ffff88800e311b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 699.890511][ T66] ================================================================== [ 699.890714][ T66] Disabling lock debugging due to kernel taint [ 701.187356][ T6780] vx1: left allmulticast mode [ 701.187546][ T6780] vx1: left promiscuous mode [ 701.187808][ T6780] br1: port 1(vx1) entered disabled state [ 701.406720][ T6783] br1: port 3(veth2) entered disabled state [ 701.463345][ T6784] veth2: left allmulticast mode [ 701.463531][ T6784] veth2: left promiscuous mode [ 701.463792][ T6784] br1: port 3(veth2) entered disabled state [ 701.514693][ T6785] br1: port 2(veth1) entered disabled state [ 701.571226][ T6786] veth1: left allmulticast mode [ 701.572189][ T6786] veth1: left promiscuous mode [ 701.572469][ T6786] br1: port 2(veth1) entered disabled state