[ 1383.627171][T18381] br1: port 1(vx10) entered blocking state [ 1383.627616][T18381] br1: port 1(vx10) entered disabled state [ 1383.628100][T18381] vx10: entered allmulticast mode [ 1383.631415][T18381] vx10: entered promiscuous mode [ 1383.633150][T18381] br1: port 1(vx10) entered blocking state [ 1383.633860][T18381] br1: port 1(vx10) entered forwarding state [ 1384.033390][T18386] br1: port 2(vx20) entered blocking state [ 1384.034398][T18386] br1: port 2(vx20) entered disabled state [ 1384.043580][T18386] vx20: entered allmulticast mode [ 1384.045713][T18386] vx20: entered promiscuous mode [ 1384.046773][T18386] br1: port 2(vx20) entered blocking state [ 1384.047150][T18386] br1: port 2(vx20) entered forwarding state [ 1384.231328][T18388] br1: port 3(veth1) entered blocking state [ 1384.231701][T18388] br1: port 3(veth1) entered disabled state [ 1384.232043][T18388] veth1: entered allmulticast mode [ 1384.234186][T18388] veth1: entered promiscuous mode [ 1384.317292][ T37] br1: port 3(veth1) entered blocking state [ 1384.317801][ T37] br1: port 3(veth1) entered forwarding state [ 1384.743335][T18393] br1: port 4(veth2) entered blocking state [ 1384.743926][T18393] br1: port 4(veth2) entered disabled state [ 1384.744216][T18393] veth2: entered allmulticast mode [ 1384.746139][T18393] veth2: entered promiscuous mode [ 1384.835953][ T37] br1: port 4(veth2) entered blocking state [ 1384.836266][ T37] br1: port 4(veth2) entered forwarding state [ 1388.845274][T18450] br2: port 1(w1) entered blocking state [ 1388.845692][T18450] br2: port 1(w1) entered disabled state [ 1388.846066][T18450] w1: entered allmulticast mode [ 1388.849602][T18450] w1: entered promiscuous mode [ 1389.535925][T18458] br2: port 2(vx10) entered blocking state [ 1389.536247][T18458] br2: port 2(vx10) entered disabled state [ 1389.536609][T18458] vx10: entered allmulticast mode [ 1389.538591][T18458] vx10: entered promiscuous mode [ 1389.539202][T18458] br2: port 2(vx10) entered blocking state [ 1389.539460][T18458] br2: port 2(vx10) entered forwarding state [ 1390.244727][T18465] br2: port 3(vx20) entered blocking state [ 1390.245024][T18465] br2: port 3(vx20) entered disabled state [ 1390.245345][T18465] vx20: entered allmulticast mode [ 1390.247353][T18465] vx20: entered promiscuous mode [ 1390.247908][T18465] br2: port 3(vx20) entered blocking state [ 1390.248154][T18465] br2: port 3(vx20) entered forwarding state [ 1390.998704][ T37] br2: port 1(w1) entered blocking state [ 1390.999451][ T37] br2: port 1(w1) entered forwarding state [ 1393.397706][T18506] ip (18506) used greatest stack depth: 23568 bytes left [ 1393.482922][T18507] br2: port 1(w1) entered blocking state [ 1393.484762][T18507] br2: port 1(w1) entered disabled state [ 1393.485099][T18507] w1: entered allmulticast mode [ 1393.487733][T18507] w1: entered promiscuous mode [ 1394.242196][T18515] br2: port 2(vx10) entered blocking state [ 1394.242670][T18515] br2: port 2(vx10) entered disabled state [ 1394.243662][T18515] vx10: entered allmulticast mode [ 1394.247747][T18515] vx10: entered promiscuous mode [ 1394.248829][T18515] br2: port 2(vx10) entered blocking state [ 1394.249147][T18515] br2: port 2(vx10) entered forwarding state [ 1394.969729][T18522] br2: port 3(vx20) entered blocking state [ 1394.970057][T18522] br2: port 3(vx20) entered disabled state [ 1394.970352][T18522] vx20: entered allmulticast mode [ 1394.972389][T18522] vx20: entered promiscuous mode [ 1394.972944][T18522] br2: port 3(vx20) entered blocking state [ 1394.973209][T18522] br2: port 3(vx20) entered forwarding state [ 1395.718279][T17884] br2: port 1(w1) entered blocking state [ 1395.718741][T17884] br2: port 1(w1) entered forwarding state [ 1500.362170][ T66] vx20: left allmulticast mode [ 1500.362496][ T66] vx20: left promiscuous mode [ 1500.362849][ T66] br2: port 3(vx20) entered disabled state [ 1500.365393][ T66] vx10: left allmulticast mode [ 1500.365588][ T66] vx10: left promiscuous mode [ 1500.365971][ T66] br2: port 2(vx10) entered disabled state [ 1500.367894][ T66] w1: left allmulticast mode [ 1500.368082][ T66] w1: left promiscuous mode [ 1500.368372][ T66] br2: port 1(w1) entered disabled state [ 1500.891281][ T66] vx20: left allmulticast mode [ 1500.891554][ T66] vx20: left promiscuous mode [ 1500.891944][ T66] br2: port 3(vx20) entered disabled state [ 1500.894447][ T66] vx10: left allmulticast mode [ 1500.894724][ T66] vx10: left promiscuous mode [ 1500.895047][ T66] br2: port 2(vx10) entered disabled state [ 1500.897012][ T66] w1: left allmulticast mode [ 1500.897233][ T66] w1: left promiscuous mode [ 1500.898206][ T66] br2: port 1(w1) entered disabled state [ 1501.293035][ T66] ================================================================== [ 1501.293257][ T66] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 1501.293450][ T66] Read of size 8 at addr ffff888009979a38 by task kworker/u16:1/66 [ 1501.293638][ T66] [ 1501.293705][ T66] CPU: 2 UID: 0 PID: 66 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 1501.293899][ T66] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1501.294060][ T66] Workqueue: netns cleanup_net [ 1501.294195][ T66] Call Trace: [ 1501.294291][ T66] [ 1501.294356][ T66] dump_stack_lvl+0x82/0xd0 [ 1501.294489][ T66] print_address_description.constprop.0+0x2c/0x3b0 [ 1501.294665][ T66] ? cleanup_net+0x932/0xa40 [ 1501.294795][ T66] print_report+0xb4/0x270 [ 1501.294925][ T66] ? kasan_addr_to_slab+0x25/0x80 [ 1501.295051][ T66] kasan_report+0xbd/0xf0 [ 1501.295147][ T66] ? cleanup_net+0x932/0xa40 [ 1501.295273][ T66] cleanup_net+0x932/0xa40 [ 1501.295396][ T66] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1501.295523][ T66] ? __pfx_cleanup_net+0x10/0x10 [ 1501.295647][ T66] ? trace_lock_acquire+0x148/0x1f0 [ 1501.295772][ T66] ? lock_acquire+0x32/0xc0 [ 1501.295896][ T66] ? process_one_work+0xe0b/0x16d0 [ 1501.296022][ T66] process_one_work+0xe55/0x16d0 [ 1501.296151][ T66] ? __pfx___lock_release+0x10/0x10 [ 1501.296279][ T66] ? __pfx_process_one_work+0x10/0x10 [ 1501.296412][ T66] ? assign_work+0x16c/0x240 [ 1501.296536][ T66] worker_thread+0x58c/0xce0 [ 1501.296660][ T66] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 1501.296820][ T66] ? __pfx_worker_thread+0x10/0x10 [ 1501.296950][ T66] ? __pfx_worker_thread+0x10/0x10 [ 1501.297073][ T66] kthread+0x28a/0x350 [ 1501.297176][ T66] ? __pfx_kthread+0x10/0x10 [ 1501.297310][ T66] ret_from_fork+0x31/0x70 [ 1501.297433][ T66] ? __pfx_kthread+0x10/0x10 [ 1501.297557][ T66] ret_from_fork_asm+0x1a/0x30 [ 1501.297688][ T66] [ 1501.297793][ T66] [ 1501.297860][ T66] Allocated by task 18486: [ 1501.297982][ T66] kasan_save_stack+0x24/0x50 [ 1501.298114][ T66] kasan_save_track+0x14/0x30 [ 1501.298239][ T66] __kasan_slab_alloc+0x59/0x70 [ 1501.298361][ T66] kmem_cache_alloc_noprof+0x10b/0x350 [ 1501.298482][ T66] copy_net_ns+0xc6/0x340 [ 1501.298574][ T66] create_new_namespaces+0x35f/0x920 [ 1501.298697][ T66] unshare_nsproxy_namespaces+0x8d/0x130 [ 1501.298820][ T66] ksys_unshare+0x2a9/0x660 [ 1501.298949][ T66] __x64_sys_unshare+0x31/0x40 [ 1501.299085][ T66] do_syscall_64+0xc1/0x1d0 [ 1501.299214][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.299370][ T66] [ 1501.299438][ T66] Freed by task 66: [ 1501.299530][ T66] kasan_save_stack+0x24/0x50 [ 1501.299656][ T66] kasan_save_track+0x14/0x30 [ 1501.299781][ T66] kasan_save_free_info+0x3b/0x60 [ 1501.299908][ T66] __kasan_slab_free+0x38/0x50 [ 1501.300031][ T66] kmem_cache_free+0xf8/0x330 [ 1501.300157][ T66] cleanup_net+0x5a8/0xa40 [ 1501.300288][ T66] process_one_work+0xe55/0x16d0 [ 1501.300411][ T66] worker_thread+0x58c/0xce0 [ 1501.300534][ T66] kthread+0x28a/0x350 [ 1501.300628][ T66] ret_from_fork+0x31/0x70 [ 1501.300752][ T66] ret_from_fork_asm+0x1a/0x30 [ 1501.300878][ T66] [ 1501.300941][ T66] Last potentially related work creation: [ 1501.301065][ T66] kasan_save_stack+0x24/0x50 [ 1501.301192][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 1501.301326][ T66] insert_work+0x34/0x230 [ 1501.301421][ T66] __queue_work+0x5fd/0xa40 [ 1501.301549][ T66] queue_delayed_work_on+0x8c/0xa0 [ 1501.301751][ T66] __inet_insert_ifa+0x751/0xb10 [ 1501.301876][ T66] inet_rtm_newaddr+0x833/0xbd0 [ 1501.302004][ T66] rtnetlink_rcv_msg+0x712/0xc10 [ 1501.302130][ T66] netlink_rcv_skb+0x130/0x360 [ 1501.302317][ T66] netlink_unicast+0x44b/0x710 [ 1501.302449][ T66] netlink_sendmsg+0x723/0xbe0 [ 1501.302570][ T66] ____sys_sendmsg+0x7ac/0xa10 [ 1501.302691][ T66] ___sys_sendmsg+0xee/0x170 [ 1501.302880][ T66] __sys_sendmsg+0x109/0x1a0 [ 1501.303005][ T66] do_syscall_64+0xc1/0x1d0 [ 1501.303129][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.303343][ T66] [ 1501.303406][ T66] Second to last potentially related work creation: [ 1501.303558][ T66] kasan_save_stack+0x24/0x50 [ 1501.303684][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 1501.303808][ T66] insert_work+0x34/0x230 [ 1501.303963][ T66] __queue_work+0x5fd/0xa40 [ 1501.304089][ T66] queue_delayed_work_on+0x8c/0xa0 [ 1501.304216][ T66] __inet_insert_ifa+0x751/0xb10 [ 1501.304336][ T66] inet_rtm_newaddr+0x833/0xbd0 [ 1501.304534][ T66] rtnetlink_rcv_msg+0x712/0xc10 [ 1501.304658][ T66] netlink_rcv_skb+0x130/0x360 [ 1501.304782][ T66] netlink_unicast+0x44b/0x710 [ 1501.304906][ T66] netlink_sendmsg+0x723/0xbe0 [ 1501.305097][ T66] ____sys_sendmsg+0x7ac/0xa10 [ 1501.305221][ T66] ___sys_sendmsg+0xee/0x170 [ 1501.305347][ T66] __sys_sendmsg+0x109/0x1a0 [ 1501.305484][ T66] do_syscall_64+0xc1/0x1d0 [ 1501.305613][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1501.305770][ T66] [ 1501.305836][ T66] The buggy address belongs to the object at ffff888009979980 [ 1501.305836][ T66] which belongs to the cache net_namespace of size 6080 [ 1501.306218][ T66] The buggy address is located 184 bytes inside of [ 1501.306218][ T66] freed 6080-byte region [ffff888009979980, ffff88800997b140) [ 1501.306529][ T66] [ 1501.306685][ T66] The buggy address belongs to the physical page: [ 1501.306836][ T66] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800997b2c0 pfn:0x9978 [ 1501.307088][ T66] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1501.307276][ T66] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1501.307443][ T66] page_type: f5(slab) [ 1501.307570][ T66] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1501.307864][ T66] raw: ffff88800997b2c0 0000000000050002 00000001f5000000 0000000000000000 [ 1501.308092][ T66] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1501.308392][ T66] head: ffff88800997b2c0 0000000000050002 00000001f5000000 0000000000000000 [ 1501.308614][ T66] head: 0080000000000003 ffffea0000265e01 ffffffffffffffff 0000000000000000 [ 1501.308838][ T66] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1501.309056][ T66] page dumped because: kasan: bad access detected [ 1501.309275][ T66] [ 1501.309338][ T66] Memory state around the buggy address: [ 1501.309525][ T66] ffff888009979900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1501.309707][ T66] ffff888009979980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1501.309881][ T66] >ffff888009979a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1501.310076][ T66] ^ [ 1501.310227][ T66] ffff888009979a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1501.310417][ T66] ffff888009979b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1501.310660][ T66] ================================================================== [ 1501.311489][ T66] Disabling lock debugging due to kernel taint [ 1502.612833][T18814] br1: port 4(veth2) entered disabled state [ 1502.665790][T18815] veth2: left allmulticast mode [ 1502.666038][T18815] veth2: left promiscuous mode [ 1502.666342][T18815] br1: port 4(veth2) entered disabled state [ 1502.929177][T18819] br1: port 3(veth1) entered disabled state [ 1502.973687][T18820] veth1: left allmulticast mode [ 1502.973870][T18820] veth1: left promiscuous mode [ 1502.974134][T18820] br1: port 3(veth1) entered disabled state [ 1503.083206][T18822] vx20: left allmulticast mode [ 1503.083401][T18822] vx20: left promiscuous mode [ 1503.083667][T18822] br1: port 2(vx20) entered disabled state [ 1503.326402][T18826] vx10: left allmulticast mode [ 1503.326634][T18826] vx10: left promiscuous mode [ 1503.326912][T18826] br1: port 1(vx10) entered disabled state