[ 12.692195][ T251] ip (251) used greatest stack depth: 24000 bytes left [ 17.796532][ T327] br1: port 1(vx1) entered blocking state [ 17.797836][ T327] br1: port 1(vx1) entered disabled state [ 17.798382][ T327] vx1: entered allmulticast mode [ 17.802251][ T327] vx1: entered promiscuous mode [ 17.813483][ T327] br1: port 1(vx1) entered blocking state [ 17.813824][ T327] br1: port 1(vx1) entered forwarding state [ 17.823798][ T327] ip (327) used greatest stack depth: 23664 bytes left [ 17.921872][ T328] br1: port 2(veth1) entered blocking state [ 17.922275][ T328] br1: port 2(veth1) entered disabled state [ 17.922689][ T328] veth1: entered allmulticast mode [ 17.924833][ T328] veth1: entered promiscuous mode [ 18.052411][ T39] br1: port 2(veth1) entered blocking state [ 18.053240][ T39] br1: port 2(veth1) entered forwarding state [ 18.151893][ T330] br1: port 3(veth2) entered blocking state [ 18.152251][ T330] br1: port 3(veth2) entered disabled state [ 18.152546][ T330] veth2: entered allmulticast mode [ 18.154733][ T330] veth2: entered promiscuous mode [ 18.243539][ T39] br1: port 3(veth2) entered blocking state [ 18.243982][ T39] br1: port 3(veth2) entered forwarding state [ 21.748195][ T376] br2: port 1(w1) entered blocking state [ 21.748424][ T376] br2: port 1(w1) entered disabled state [ 21.748654][ T376] w1: entered allmulticast mode [ 21.750624][ T376] w1: entered promiscuous mode [ 22.243874][ T382] br2: port 2(vx2) entered blocking state [ 22.244113][ T382] br2: port 2(vx2) entered disabled state [ 22.244370][ T382] vx2: entered allmulticast mode [ 22.247635][ T382] vx2: entered promiscuous mode [ 22.248510][ T382] br2: port 2(vx2) entered blocking state [ 22.248711][ T382] br2: port 2(vx2) entered forwarding state [ 22.885933][ T146] br2: port 1(w1) entered blocking state [ 22.886390][ T146] br2: port 1(w1) entered forwarding state [ 24.586097][ T414] br2: port 1(w1) entered blocking state [ 24.586380][ T414] br2: port 1(w1) entered disabled state [ 24.586626][ T414] w1: entered allmulticast mode [ 24.588573][ T414] w1: entered promiscuous mode [ 25.152778][ T420] br2: port 2(vx2) entered blocking state [ 25.153069][ T420] br2: port 2(vx2) entered disabled state [ 25.153537][ T420] vx2: entered allmulticast mode [ 25.155489][ T420] vx2: entered promiscuous mode [ 25.156314][ T420] br2: port 2(vx2) entered blocking state [ 25.156551][ T420] br2: port 2(vx2) entered forwarding state [ 25.818772][ T39] br2: port 1(w1) entered blocking state [ 25.819172][ T39] br2: port 1(w1) entered forwarding state [ 37.872928][ T511] GACT probability NOT on [ 48.208087][ T680] veth3: entered promiscuous mode [ 79.961385][ T1169] veth3: left promiscuous mode [ 103.803270][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 103.904905][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.006040][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.106962][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.207964][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.308961][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.410034][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.511117][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.612008][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 104.712995][ C0] vxlan: non-ECT from 192.0.2.34 with TOS=0x1 [ 163.433733][ C2] net_ratelimit: 10 callbacks suppressed [ 163.433749][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 163.536032][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 163.637052][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 163.738231][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 163.839582][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 163.940892][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 164.042301][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 164.143504][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 164.244467][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 164.345568][ C2] vxlan: non-ECT from 192.0.2.34 with TOS=0x3 [ 165.220371][ T2285] vx1: left allmulticast mode [ 165.220696][ T2285] vx1: left promiscuous mode [ 165.221144][ T2285] br1: port 1(vx1) entered disabled state [ 170.391084][ T2287] br1: port 1(vx1) entered blocking state [ 170.391418][ T2287] br1: port 1(vx1) entered disabled state [ 170.391697][ T2287] vx1: entered allmulticast mode [ 170.393795][ T2287] vx1: entered promiscuous mode [ 170.395168][ T2287] br1: port 1(vx1) entered blocking state [ 170.395443][ T2287] br1: port 1(vx1) entered forwarding state [ 192.069112][ T2495] veth3: entered promiscuous mode [ 224.884048][ T2984] veth3: left promiscuous mode [ 226.306482][ T3006] vx1: left allmulticast mode [ 226.306772][ T3006] vx1: left promiscuous mode [ 226.307122][ T3006] br1: port 1(vx1) entered disabled state [ 231.465982][ T3008] br1: port 1(vx1) entered blocking state [ 231.466295][ T3008] br1: port 1(vx1) entered disabled state [ 231.466555][ T3008] vx1: entered allmulticast mode [ 231.468582][ T3008] vx1: entered promiscuous mode [ 231.469421][ T3008] br1: port 1(vx1) entered blocking state [ 231.469642][ T3008] br1: port 1(vx1) entered forwarding state [ 362.302821][ T3917] vx1: left allmulticast mode [ 362.303087][ T3917] vx1: left promiscuous mode [ 362.303445][ T3917] br1: port 1(vx1) entered disabled state [ 367.463344][ T3919] br1: port 1(vx1) entered blocking state [ 367.463649][ T3919] br1: port 1(vx1) entered disabled state [ 367.463906][ T3919] vx1: entered allmulticast mode [ 367.466381][ T3919] vx1: entered promiscuous mode [ 367.467241][ T3919] br1: port 1(vx1) entered blocking state [ 367.467465][ T3919] br1: port 1(vx1) entered forwarding state [ 374.507420][ T11] vx2: left allmulticast mode [ 374.507805][ T11] vx2: left promiscuous mode [ 374.508239][ T11] br2: port 2(vx2) entered disabled state [ 374.512498][ T11] w1: left allmulticast mode [ 374.512763][ T11] w1: left promiscuous mode [ 374.513104][ T11] br2: port 1(w1) entered disabled state [ 374.969157][ T11] vx2: left allmulticast mode [ 374.969386][ T11] vx2: left promiscuous mode [ 374.969734][ T11] br2: port 2(vx2) entered disabled state [ 374.972116][ T11] w1: left allmulticast mode [ 374.972657][ T11] w1: left promiscuous mode [ 374.972969][ T11] br2: port 1(w1) entered disabled state [ 375.251698][ T11] ================================================================== [ 375.251942][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 375.252171][ T11] Read of size 8 at addr ffff88800fcb1a38 by task kworker/u16:0/11 [ 375.252386][ T11] [ 375.252490][ T11] CPU: 3 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 375.252695][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 375.252853][ T11] Workqueue: netns cleanup_net [ 375.252987][ T11] Call Trace: [ 375.253086][ T11] [ 375.253155][ T11] dump_stack_lvl+0x82/0xd0 [ 375.253304][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 375.253467][ T11] ? cleanup_net+0x932/0xa40 [ 375.253598][ T11] print_report+0xb4/0x270 [ 375.253725][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 375.253855][ T11] kasan_report+0xbd/0xf0 [ 375.253959][ T11] ? cleanup_net+0x932/0xa40 [ 375.254088][ T11] cleanup_net+0x932/0xa40 [ 375.254222][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 375.254354][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 375.254484][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 375.254618][ T11] ? lock_acquire+0x32/0xc0 [ 375.254752][ T11] ? process_one_work+0xe0b/0x16d0 [ 375.254960][ T11] process_one_work+0xe55/0x16d0 [ 375.255095][ T11] ? __pfx___lock_release+0x10/0x10 [ 375.255240][ T11] ? __pfx_process_one_work+0x10/0x10 [ 375.255382][ T11] ? assign_work+0x16c/0x240 [ 375.255512][ T11] worker_thread+0x58c/0xce0 [ 375.255655][ T11] ? __pfx_worker_thread+0x10/0x10 [ 375.255780][ T11] kthread+0x28a/0x350 [ 375.255881][ T11] ? __pfx_kthread+0x10/0x10 [ 375.256014][ T11] ret_from_fork+0x31/0x70 [ 375.256152][ T11] ? __pfx_kthread+0x10/0x10 [ 375.256297][ T11] ret_from_fork_asm+0x1a/0x30 [ 375.256447][ T11] [ 375.256550][ T11] [ 375.256621][ T11] Allocated by task 393: [ 375.256726][ T11] kasan_save_stack+0x24/0x50 [ 375.256889][ T11] kasan_save_track+0x14/0x30 [ 375.257024][ T11] __kasan_slab_alloc+0x59/0x70 [ 375.257157][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 375.257308][ T11] copy_net_ns+0xc6/0x340 [ 375.257413][ T11] create_new_namespaces+0x35f/0x920 [ 375.257548][ T11] unshare_nsproxy_namespaces+0x8d/0x130 [ 375.257687][ T11] ksys_unshare+0x2a9/0x660 [ 375.257822][ T11] __x64_sys_unshare+0x31/0x40 [ 375.257955][ T11] do_syscall_64+0xc1/0x1d0 [ 375.258097][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.258277][ T11] [ 375.258347][ T11] Freed by task 11: [ 375.258451][ T11] kasan_save_stack+0x24/0x50 [ 375.258595][ T11] kasan_save_track+0x14/0x30 [ 375.258744][ T11] kasan_save_free_info+0x3b/0x60 [ 375.258881][ T11] __kasan_slab_free+0x38/0x50 [ 375.259019][ T11] kmem_cache_free+0xf8/0x330 [ 375.259149][ T11] cleanup_net+0x5a8/0xa40 [ 375.259334][ T11] process_one_work+0xe55/0x16d0 [ 375.259484][ T11] worker_thread+0x58c/0xce0 [ 375.259620][ T11] kthread+0x28a/0x350 [ 375.259724][ T11] ret_from_fork+0x31/0x70 [ 375.259860][ T11] ret_from_fork_asm+0x1a/0x30 [ 375.259990][ T11] [ 375.260059][ T11] Last potentially related work creation: [ 375.260205][ T11] kasan_save_stack+0x24/0x50 [ 375.260365][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 375.260507][ T11] insert_work+0x34/0x230 [ 375.260626][ T11] __queue_work+0x5fd/0xa40 [ 375.260786][ T11] call_timer_fn+0x13b/0x230 [ 375.260942][ T11] __run_timers+0x3ff/0x810 [ 375.261103][ T11] run_timer_softirq+0x154/0x1c0 [ 375.261253][ T11] handle_softirqs+0x1f6/0x5c0 [ 375.261388][ T11] __irq_exit_rcu+0xc4/0x100 [ 375.261516][ T11] irq_exit_rcu+0xe/0x20 [ 375.261613][ T11] sysvec_apic_timer_interrupt+0x78/0x90 [ 375.261743][ T11] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 375.261903][ T11] [ 375.261975][ T11] Second to last potentially related work creation: [ 375.262130][ T11] kasan_save_stack+0x24/0x50 [ 375.262274][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 375.262401][ T11] insert_work+0x34/0x230 [ 375.262495][ T11] __queue_work+0x5fd/0xa40 [ 375.262647][ T11] call_timer_fn+0x13b/0x230 [ 375.262782][ T11] __run_timers+0x3ff/0x810 [ 375.262912][ T11] run_timer_softirq+0x154/0x1c0 [ 375.263049][ T11] handle_softirqs+0x1f6/0x5c0 [ 375.263180][ T11] __irq_exit_rcu+0xc4/0x100 [ 375.263335][ T11] irq_exit_rcu+0xe/0x20 [ 375.263431][ T11] sysvec_apic_timer_interrupt+0x78/0x90 [ 375.263559][ T11] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 375.263715][ T11] [ 375.263785][ T11] The buggy address belongs to the object at ffff88800fcb1980 [ 375.263785][ T11] which belongs to the cache net_namespace of size 6080 [ 375.264170][ T11] The buggy address is located 184 bytes inside of [ 375.264170][ T11] freed 6080-byte region [ffff88800fcb1980, ffff88800fcb3140) [ 375.264525][ T11] [ 375.264595][ T11] The buggy address belongs to the physical page: [ 375.264760][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800fcb32c0 pfn:0xfcb0 [ 375.265060][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 375.265292][ T11] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 375.265472][ T11] page_type: f5(slab) [ 375.265581][ T11] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 375.265855][ T11] raw: ffff88800fcb32c0 0000000000050002 00000001f5000000 0000000000000000 [ 375.266108][ T11] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 375.266352][ T11] head: ffff88800fcb32c0 0000000000050002 00000001f5000000 0000000000000000 [ 375.266583][ T11] head: 0080000000000003 ffffea00003f2c01 ffffffffffffffff 0000000000000000 [ 375.266837][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 375.267064][ T11] page dumped because: kasan: bad access detected [ 375.267238][ T11] [ 375.267302][ T11] Memory state around the buggy address: [ 375.267426][ T11] ffff88800fcb1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 375.267610][ T11] ffff88800fcb1980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.267800][ T11] >ffff88800fcb1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.267986][ T11] ^ [ 375.268137][ T11] ffff88800fcb1a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.268345][ T11] ffff88800fcb1b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.268544][ T11] ================================================================== [ 375.268789][ T11] Disabling lock debugging due to kernel taint [ 376.860960][ T3965] vx1: left allmulticast mode [ 376.861221][ T3965] vx1: left promiscuous mode [ 376.861491][ T3965] br1: port 1(vx1) entered disabled state [ 377.109492][ T3968] br1: port 3(veth2) entered disabled state [ 377.171196][ T3969] veth2: left allmulticast mode [ 377.171458][ T3969] veth2: left promiscuous mode [ 377.171748][ T3969] br1: port 3(veth2) entered disabled state [ 377.230993][ T3970] br1: port 2(veth1) entered disabled state [ 377.294079][ T3971] veth1: left allmulticast mode [ 377.294313][ T3971] veth1: left promiscuous mode [ 377.294578][ T3971] br1: port 2(veth1) entered disabled state