[ 1390.416318][T17636] br1: port 1(vx10) entered blocking state [ 1390.416660][T17636] br1: port 1(vx10) entered disabled state [ 1390.416973][T17636] vx10: entered allmulticast mode [ 1390.419007][T17636] vx10: entered promiscuous mode [ 1390.419932][T17636] br1: port 1(vx10) entered blocking state [ 1390.420215][T17636] br1: port 1(vx10) entered forwarding state [ 1390.801762][T17641] br1: port 2(vx20) entered blocking state [ 1390.802170][T17641] br1: port 2(vx20) entered disabled state [ 1390.802832][T17641] vx20: entered allmulticast mode [ 1390.806029][T17641] vx20: entered promiscuous mode [ 1390.806862][T17641] br1: port 2(vx20) entered blocking state [ 1390.807257][T17641] br1: port 2(vx20) entered forwarding state [ 1390.993420][T17643] br1: port 3(veth1) entered blocking state [ 1390.993862][T17643] br1: port 3(veth1) entered disabled state [ 1390.994242][T17643] veth1: entered allmulticast mode [ 1390.996649][T17643] veth1: entered promiscuous mode [ 1391.082757][ T9139] br1: port 3(veth1) entered blocking state [ 1391.083062][ T9139] br1: port 3(veth1) entered forwarding state [ 1391.352340][T17647] br1: port 4(veth2) entered blocking state [ 1391.352782][T17647] br1: port 4(veth2) entered disabled state [ 1391.353138][T17647] veth2: entered allmulticast mode [ 1391.355167][T17647] veth2: entered promiscuous mode [ 1391.464295][ T9139] br1: port 4(veth2) entered blocking state [ 1391.464637][ T9139] br1: port 4(veth2) entered forwarding state [ 1395.422534][T17704] br2: port 1(w1) entered blocking state [ 1395.422795][T17704] br2: port 1(w1) entered disabled state [ 1395.423039][T17704] w1: entered allmulticast mode [ 1395.425862][T17704] w1: entered promiscuous mode [ 1396.158909][T17712] br2: port 2(vx10) entered blocking state [ 1396.159264][T17712] br2: port 2(vx10) entered disabled state [ 1396.159585][T17712] vx10: entered allmulticast mode [ 1396.161586][T17712] vx10: entered promiscuous mode [ 1396.162157][T17712] br2: port 2(vx10) entered blocking state [ 1396.162496][T17712] br2: port 2(vx10) entered forwarding state [ 1396.789640][T17719] br2: port 3(vx20) entered blocking state [ 1396.789956][T17719] br2: port 3(vx20) entered disabled state [ 1396.790253][T17719] vx20: entered allmulticast mode [ 1396.792343][T17719] vx20: entered promiscuous mode [ 1396.792922][T17719] br2: port 3(vx20) entered blocking state [ 1396.793190][T17719] br2: port 3(vx20) entered forwarding state [ 1397.534784][ T9139] br2: port 1(w1) entered blocking state [ 1397.535063][ T9139] br2: port 1(w1) entered forwarding state [ 1399.986344][T17759] br2: port 1(w1) entered blocking state [ 1399.986633][T17759] br2: port 1(w1) entered disabled state [ 1399.986887][T17759] w1: entered allmulticast mode [ 1399.988881][T17759] w1: entered promiscuous mode [ 1400.706784][T17767] br2: port 2(vx10) entered blocking state [ 1400.707127][T17767] br2: port 2(vx10) entered disabled state [ 1400.707408][T17767] vx10: entered allmulticast mode [ 1400.709346][T17767] vx10: entered promiscuous mode [ 1400.709986][T17767] br2: port 2(vx10) entered blocking state [ 1400.710350][T17767] br2: port 2(vx10) entered forwarding state [ 1401.367170][T17774] br2: port 3(vx20) entered blocking state [ 1401.367983][T17774] br2: port 3(vx20) entered disabled state [ 1401.368300][T17774] vx20: entered allmulticast mode [ 1401.370494][T17774] vx20: entered promiscuous mode [ 1401.371137][T17774] br2: port 3(vx20) entered blocking state [ 1401.371412][T17774] br2: port 3(vx20) entered forwarding state [ 1402.134991][ T37] br2: port 1(w1) entered blocking state [ 1402.135312][ T37] br2: port 1(w1) entered forwarding state [ 1418.125979][ T11] vx20: left allmulticast mode [ 1418.126571][ T11] vx20: left promiscuous mode [ 1418.127206][ T11] br2: port 3(vx20) entered disabled state [ 1418.138525][ T11] vx10: left allmulticast mode [ 1418.138902][ T11] vx10: left promiscuous mode [ 1418.139419][ T11] br2: port 2(vx10) entered disabled state [ 1418.143716][ T11] w1: left allmulticast mode [ 1418.144082][ T11] w1: left promiscuous mode [ 1418.144682][ T11] br2: port 1(w1) entered disabled state [ 1418.747981][ T11] vx20: left allmulticast mode [ 1418.748217][ T11] vx20: left promiscuous mode [ 1418.748551][ T11] br2: port 3(vx20) entered disabled state [ 1418.753785][ T11] vx10: left allmulticast mode [ 1418.754193][ T11] vx10: left promiscuous mode [ 1418.754531][ T11] br2: port 2(vx10) entered disabled state [ 1418.759269][ T11] w1: left allmulticast mode [ 1418.759481][ T11] w1: left promiscuous mode [ 1418.759804][ T11] br2: port 1(w1) entered disabled state [ 1419.155544][ T11] ================================================================== [ 1419.155797][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0x932/0xa40 [ 1419.155994][ T11] Read of size 8 at addr ffff88800c519a38 by task kworker/u16:0/11 [ 1419.156183][ T11] [ 1419.156253][ T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 1419.156451][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 1419.156626][ T11] Workqueue: netns cleanup_net [ 1419.156771][ T11] Call Trace: [ 1419.156873][ T11] [ 1419.156944][ T11] dump_stack_lvl+0x82/0xd0 [ 1419.157078][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 1419.157244][ T11] ? cleanup_net+0x932/0xa40 [ 1419.157376][ T11] print_report+0xb4/0x270 [ 1419.157503][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 1419.157654][ T11] kasan_report+0xbd/0xf0 [ 1419.157761][ T11] ? cleanup_net+0x932/0xa40 [ 1419.157896][ T11] cleanup_net+0x932/0xa40 [ 1419.158021][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1419.158154][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 1419.158298][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 1419.158426][ T11] ? lock_acquire+0x32/0xc0 [ 1419.158561][ T11] ? process_one_work+0xe0b/0x16d0 [ 1419.158708][ T11] process_one_work+0xe55/0x16d0 [ 1419.158840][ T11] ? __pfx___lock_release+0x10/0x10 [ 1419.158969][ T11] ? __pfx_process_one_work+0x10/0x10 [ 1419.159099][ T11] ? assign_work+0x16c/0x240 [ 1419.159233][ T11] worker_thread+0x58c/0xce0 [ 1419.159366][ T11] ? __pfx_worker_thread+0x10/0x10 [ 1419.159490][ T11] kthread+0x28a/0x350 [ 1419.159612][ T11] ? __pfx_kthread+0x10/0x10 [ 1419.159751][ T11] ret_from_fork+0x31/0x70 [ 1419.159878][ T11] ? __pfx_kthread+0x10/0x10 [ 1419.160005][ T11] ret_from_fork_asm+0x1a/0x30 [ 1419.160139][ T11] [ 1419.160242][ T11] [ 1419.160312][ T11] Allocated by task 17738: [ 1419.160437][ T11] kasan_save_stack+0x24/0x50 [ 1419.160574][ T11] kasan_save_track+0x14/0x30 [ 1419.160704][ T11] __kasan_slab_alloc+0x59/0x70 [ 1419.160838][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 1419.160967][ T11] copy_net_ns+0xc6/0x340 [ 1419.161070][ T11] create_new_namespaces+0x35f/0x920 [ 1419.161206][ T11] unshare_nsproxy_namespaces+0x8d/0x130 [ 1419.161335][ T11] ksys_unshare+0x2a9/0x660 [ 1419.161470][ T11] __x64_sys_unshare+0x31/0x40 [ 1419.161603][ T11] do_syscall_64+0xc1/0x1d0 [ 1419.161742][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1419.161905][ T11] [ 1419.161970][ T11] Freed by task 11: [ 1419.162070][ T11] kasan_save_stack+0x24/0x50 [ 1419.162212][ T11] kasan_save_track+0x14/0x30 [ 1419.162341][ T11] kasan_save_free_info+0x3b/0x60 [ 1419.162475][ T11] __kasan_slab_free+0x38/0x50 [ 1419.162621][ T11] kmem_cache_free+0xf8/0x330 [ 1419.162751][ T11] cleanup_net+0x5a8/0xa40 [ 1419.162877][ T11] process_one_work+0xe55/0x16d0 [ 1419.163003][ T11] worker_thread+0x58c/0xce0 [ 1419.163126][ T11] kthread+0x28a/0x350 [ 1419.163222][ T11] ret_from_fork+0x31/0x70 [ 1419.163355][ T11] ret_from_fork_asm+0x1a/0x30 [ 1419.163480][ T11] [ 1419.163547][ T11] Last potentially related work creation: [ 1419.163698][ T11] kasan_save_stack+0x24/0x50 [ 1419.163829][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 1419.163958][ T11] insert_work+0x34/0x230 [ 1419.164056][ T11] __queue_work+0x5fd/0xa40 [ 1419.164181][ T11] queue_delayed_work_on+0x8c/0xa0 [ 1419.164311][ T11] __inet_insert_ifa+0x751/0xb10 [ 1419.164440][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 1419.164566][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 1419.164694][ T11] netlink_rcv_skb+0x130/0x360 [ 1419.164823][ T11] netlink_unicast+0x44b/0x710 [ 1419.164947][ T11] netlink_sendmsg+0x723/0xbe0 [ 1419.165071][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 1419.165200][ T11] ___sys_sendmsg+0xee/0x170 [ 1419.165333][ T11] __sys_sendmsg+0x109/0x1a0 [ 1419.165456][ T11] do_syscall_64+0xc1/0x1d0 [ 1419.165583][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1419.165742][ T11] [ 1419.165809][ T11] Second to last potentially related work creation: [ 1419.165965][ T11] kasan_save_stack+0x24/0x50 [ 1419.166094][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 1419.166224][ T11] insert_work+0x34/0x230 [ 1419.166321][ T11] __queue_work+0x5fd/0xa40 [ 1419.166446][ T11] queue_delayed_work_on+0x8c/0xa0 [ 1419.166569][ T11] __inet_insert_ifa+0x751/0xb10 [ 1419.166695][ T11] inet_rtm_newaddr+0x833/0xbd0 [ 1419.166819][ T11] rtnetlink_rcv_msg+0x712/0xc10 [ 1419.166945][ T11] netlink_rcv_skb+0x130/0x360 [ 1419.167071][ T11] netlink_unicast+0x44b/0x710 [ 1419.167203][ T11] netlink_sendmsg+0x723/0xbe0 [ 1419.167329][ T11] ____sys_sendmsg+0x7ac/0xa10 [ 1419.167459][ T11] ___sys_sendmsg+0xee/0x170 [ 1419.167586][ T11] __sys_sendmsg+0x109/0x1a0 [ 1419.167710][ T11] do_syscall_64+0xc1/0x1d0 [ 1419.167834][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1419.167993][ T11] [ 1419.168057][ T11] The buggy address belongs to the object at ffff88800c519980 [ 1419.168057][ T11] which belongs to the cache net_namespace of size 6080 [ 1419.168390][ T11] The buggy address is located 184 bytes inside of [ 1419.168390][ T11] freed 6080-byte region [ffff88800c519980, ffff88800c51b140) [ 1419.168689][ T11] [ 1419.168753][ T11] The buggy address belongs to the physical page: [ 1419.168908][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c51b2c0 pfn:0xc518 [ 1419.169166][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1419.169353][ T11] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1419.169514][ T11] page_type: f5(slab) [ 1419.169623][ T11] raw: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1419.169879][ T11] raw: ffff88800c51b2c0 0000000000050002 00000001f5000000 0000000000000000 [ 1419.170099][ T11] head: 0080000000000240 ffff888001963240 ffff888001968088 ffff888001968088 [ 1419.170321][ T11] head: ffff88800c51b2c0 0000000000050002 00000001f5000000 0000000000000000 [ 1419.170539][ T11] head: 0080000000000003 ffffea0000314601 ffffffffffffffff 0000000000000000 [ 1419.170756][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1419.170977][ T11] page dumped because: kasan: bad access detected [ 1419.171128][ T11] [ 1419.171193][ T11] Memory state around the buggy address: [ 1419.171315][ T11] ffff88800c519900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1419.171498][ T11] ffff88800c519980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1419.171679][ T11] >ffff88800c519a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1419.171861][ T11] ^ [ 1419.172010][ T11] ffff88800c519a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1419.172188][ T11] ffff88800c519b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1419.172370][ T11] ================================================================== [ 1419.172632][ T11] Disabling lock debugging due to kernel taint [ 1420.666782][T17915] br1: port 4(veth2) entered disabled state [ 1420.728733][T17916] veth2: left allmulticast mode [ 1420.728938][T17916] veth2: left promiscuous mode [ 1420.729205][T17916] br1: port 4(veth2) entered disabled state [ 1420.898429][T17919] br1: port 3(veth1) entered disabled state [ 1420.954556][T17920] veth1: left allmulticast mode [ 1420.954753][T17920] veth1: left promiscuous mode [ 1420.955027][T17920] br1: port 3(veth1) entered disabled state [ 1421.072907][T17922] vx20: left allmulticast mode [ 1421.073113][T17922] vx20: left promiscuous mode [ 1421.073383][T17922] br1: port 2(vx20) entered disabled state [ 1421.346040][T17926] vx10: left allmulticast mode [ 1421.346294][T17926] vx10: left promiscuous mode [ 1421.346603][T17926] br1: port 1(vx10) entered disabled state