[ 550.062685][ T3091] ip (3091) used greatest stack depth: 23168 bytes left [ 550.161230][ T3092] eth0: renamed from r1h1 [ 550.369119][ T3094] eth1: renamed from r1h2 [ 556.149514][ T11] ================================================================== [ 556.149762][ T11] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90 [ 556.149967][ T11] Read of size 8 at addr ffff88800aea80f8 by task kworker/u16:0/11 [ 556.150166][ T11] [ 556.150235][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.12.0-virtme #1 [ 556.150434][ T11] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 556.150596][ T11] Workqueue: netns cleanup_net [ 556.150744][ T11] Call Trace: [ 556.150844][ T11] [ 556.150925][ T11] dump_stack_lvl+0x82/0xd0 [ 556.151059][ T11] print_address_description.constprop.0+0x2c/0x3b0 [ 556.151229][ T11] ? cleanup_net+0xa5d/0xb90 [ 556.151364][ T11] print_report+0xb4/0x270 [ 556.151498][ T11] ? kasan_addr_to_slab+0x25/0x80 [ 556.151634][ T11] kasan_report+0xbd/0xf0 [ 556.151737][ T11] ? cleanup_net+0xa5d/0xb90 [ 556.151887][ T11] cleanup_net+0xa5d/0xb90 [ 556.152023][ T11] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 556.152155][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 556.152291][ T11] ? trace_lock_acquire+0x148/0x1f0 [ 556.152420][ T11] ? lock_acquire+0x32/0xc0 [ 556.152550][ T11] ? process_one_work+0xe0b/0x16d0 [ 556.152689][ T11] process_one_work+0xe55/0x16d0 [ 556.152822][ T11] ? __pfx___lock_release+0x10/0x10 [ 556.152959][ T11] ? __pfx_process_one_work+0x10/0x10 [ 556.153090][ T11] ? assign_work+0x16c/0x240 [ 556.153221][ T11] worker_thread+0x58c/0xce0 [ 556.153350][ T11] ? __pfx_worker_thread+0x10/0x10 [ 556.153476][ T11] kthread+0x28a/0x350 [ 556.153589][ T11] ? __pfx_kthread+0x10/0x10 [ 556.153720][ T11] ret_from_fork+0x31/0x70 [ 556.153852][ T11] ? __pfx_kthread+0x10/0x10 [ 556.153985][ T11] ret_from_fork_asm+0x1a/0x30 [ 556.154127][ T11] [ 556.154230][ T11] [ 556.154302][ T11] Allocated by task 252: [ 556.154402][ T11] kasan_save_stack+0x24/0x50 [ 556.154534][ T11] kasan_save_track+0x14/0x30 [ 556.154662][ T11] __kasan_slab_alloc+0x59/0x70 [ 556.154799][ T11] kmem_cache_alloc_noprof+0x10b/0x350 [ 556.154933][ T11] copy_net_ns+0xc6/0x540 [ 556.155038][ T11] create_new_namespaces+0x35f/0x920 [ 556.155173][ T11] unshare_nsproxy_namespaces+0x8a/0x1b0 [ 556.155311][ T11] ksys_unshare+0x2c4/0x6e0 [ 556.155433][ T11] __x64_sys_unshare+0x31/0x40 [ 556.155570][ T11] do_syscall_64+0xc1/0x1d0 [ 556.155700][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.155874][ T11] [ 556.155942][ T11] Freed by task 11: [ 556.156037][ T11] kasan_save_stack+0x24/0x50 [ 556.156171][ T11] kasan_save_track+0x14/0x30 [ 556.156300][ T11] kasan_save_free_info+0x3b/0x60 [ 556.156429][ T11] __kasan_slab_free+0x38/0x50 [ 556.156568][ T11] kmem_cache_free+0xf8/0x330 [ 556.156697][ T11] cleanup_net+0x5a8/0xb90 [ 556.156834][ T11] process_one_work+0xe55/0x16d0 [ 556.156959][ T11] worker_thread+0x58c/0xce0 [ 556.157095][ T11] kthread+0x28a/0x350 [ 556.157199][ T11] ret_from_fork+0x31/0x70 [ 556.157326][ T11] ret_from_fork_asm+0x1a/0x30 [ 556.157452][ T11] [ 556.157518][ T11] Last potentially related work creation: [ 556.157642][ T11] kasan_save_stack+0x24/0x50 [ 556.157788][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 556.157920][ T11] insert_work+0x34/0x230 [ 556.158022][ T11] __queue_work+0x5fd/0xa40 [ 556.158155][ T11] call_timer_fn+0x13b/0x230 [ 556.158283][ T11] __run_timers+0x3ff/0x810 [ 556.158417][ T11] run_timer_softirq+0x154/0x1c0 [ 556.158544][ T11] handle_softirqs+0x1f6/0x5c0 [ 556.158684][ T11] __irq_exit_rcu+0xc4/0x100 [ 556.158822][ T11] irq_exit_rcu+0xe/0x20 [ 556.158921][ T11] sysvec_apic_timer_interrupt+0x78/0x90 [ 556.159051][ T11] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 556.159216][ T11] [ 556.159284][ T11] Second to last potentially related work creation: [ 556.159444][ T11] kasan_save_stack+0x24/0x50 [ 556.159576][ T11] __kasan_record_aux_stack+0x8e/0xa0 [ 556.159704][ T11] insert_work+0x34/0x230 [ 556.159801][ T11] __queue_work+0x5fd/0xa40 [ 556.159928][ T11] call_timer_fn+0x13b/0x230 [ 556.160061][ T11] __run_timers+0x3ff/0x810 [ 556.160190][ T11] run_timer_softirq+0x154/0x1c0 [ 556.160322][ T11] handle_softirqs+0x1f6/0x5c0 [ 556.160446][ T11] __irq_exit_rcu+0xc4/0x100 [ 556.160572][ T11] irq_exit_rcu+0xe/0x20 [ 556.160670][ T11] sysvec_apic_timer_interrupt+0x78/0x90 [ 556.160799][ T11] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 556.160958][ T11] [ 556.161026][ T11] The buggy address belongs to the object at ffff88800aea8040 [ 556.161026][ T11] which belongs to the cache net_namespace of size 6528 [ 556.161356][ T11] The buggy address is located 184 bytes inside of [ 556.161356][ T11] freed 6528-byte region [ffff88800aea8040, ffff88800aea99c0) [ 556.161660][ T11] [ 556.161726][ T11] The buggy address belongs to the physical page: [ 556.161887][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaea8 [ 556.162112][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 556.162305][ T11] flags: 0x80000000000040(head|node=0|zone=1) [ 556.162467][ T11] page_type: f5(slab) [ 556.162570][ T11] raw: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 556.162803][ T11] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 556.163029][ T11] head: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 556.163254][ T11] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 556.163476][ T11] head: 0080000000000003 ffffea00002baa01 ffffffffffffffff 0000000000000000 [ 556.163700][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 556.163921][ T11] page dumped because: kasan: bad access detected [ 556.164084][ T11] [ 556.164151][ T11] Memory state around the buggy address: [ 556.164276][ T11] ffff88800aea7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 556.164464][ T11] ffff88800aea8000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 556.164648][ T11] >ffff88800aea8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 556.164837][ T11] ^ [ 556.165023][ T11] ffff88800aea8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 556.165204][ T11] ffff88800aea8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 556.165390][ T11] ================================================================== [ 556.165593][ T11] Disabling lock debugging due to kernel taint [ 558.356319][ T3188] eth0: renamed from r1h1 [ 558.501943][ T3190] eth1: renamed from r1h2 [ 565.541626][ T3283] eth0: renamed from r1h1 [ 565.708231][ T3285] eth1: renamed from r1h2 [ 572.877131][ T3378] eth0: renamed from r1h1 [ 573.061984][ T3380] eth1: renamed from r1h2 [ 580.452211][ T3471] eth0: renamed from r1h1 [ 580.594198][ T3473] eth1: renamed from r1h2 [ 588.703027][ T3568] eth0: renamed from r1h1 [ 588.858015][ T3570] eth1: renamed from r1h2 [ 597.174185][ T3672] eth0: renamed from r1h1 [ 597.337725][ T3674] eth0: renamed from r2h1 [ 597.489923][ T3676] eth1: renamed from r1h2 [ 597.640171][ T3678] eth1: renamed from r2h2 [ 597.938937][ T3683] br0: port 1(eth0) entered blocking state [ 597.939201][ T3683] br0: port 1(eth0) entered disabled state [ 597.939427][ T3683] eth0: entered allmulticast mode [ 597.940403][ T3683] eth0: entered promiscuous mode [ 597.942121][ T70] br0: port 1(eth0) entered blocking state [ 597.942366][ T70] br0: port 1(eth0) entered forwarding state [ 598.008837][ T3684] br0: port 2(eth1) entered blocking state [ 598.009078][ T3684] br0: port 2(eth1) entered disabled state [ 598.009301][ T3684] eth1: entered allmulticast mode [ 598.010259][ T3684] eth1: entered promiscuous mode [ 598.011456][ T40] br0: port 2(eth1) entered blocking state [ 598.011659][ T40] br0: port 2(eth1) entered forwarding state [ 598.430338][ T3691] br0: port 1(eth0) entered blocking state [ 598.430553][ T3691] br0: port 1(eth0) entered disabled state [ 598.430745][ T3691] eth0: entered allmulticast mode [ 598.431682][ T3691] eth0: entered promiscuous mode [ 598.497682][ T3692] br0: port 2(eth1) entered blocking state [ 598.497944][ T3692] br0: port 2(eth1) entered disabled state [ 598.498150][ T3692] eth1: entered allmulticast mode [ 598.499102][ T3692] eth1: entered promiscuous mode [ 598.500272][ T39] br0: port 2(eth1) entered blocking state [ 598.500448][ T39] br0: port 2(eth1) entered forwarding state [ 599.141785][ T38] br0: port 1(eth0) entered blocking state [ 599.142023][ T38] br0: port 1(eth0) entered forwarding state [ 602.742382][ T11] eth1: left allmulticast mode [ 602.742572][ T11] eth1: left promiscuous mode [ 602.742869][ T11] br0: port 2(eth1) entered disabled state [ 602.744085][ T11] eth0: left allmulticast mode [ 602.744272][ T11] eth0: left promiscuous mode [ 602.744521][ T11] br0: port 1(eth0) entered disabled state [ 603.004541][ T11] eth1: left allmulticast mode [ 603.004720][ T11] eth1: left promiscuous mode [ 603.004969][ T11] br0: port 2(eth1) entered disabled state [ 603.006120][ T11] eth0: left allmulticast mode [ 603.006364][ T11] eth0: left promiscuous mode [ 603.006647][ T11] br0: port 1(eth0) entered disabled state [ 605.868115][ T3796] eth0: renamed from r1h1 [ 606.023326][ T3798] eth0: renamed from r2h1 [ 606.164942][ T3800] eth1: renamed from r1h2 [ 606.313942][ T3802] eth1: renamed from r2h2 [ 606.632309][ T3807] br0: port 1(eth0) entered blocking state [ 606.632601][ T3807] br0: port 1(eth0) entered disabled state [ 606.632783][ T3807] eth0: entered allmulticast mode [ 606.633712][ T3807] eth0: entered promiscuous mode [ 606.635365][ T40] br0: port 1(eth0) entered blocking state [ 606.635543][ T40] br0: port 1(eth0) entered forwarding state [ 606.698101][ T3808] br0: port 2(eth1) entered blocking state [ 606.698347][ T3808] br0: port 2(eth1) entered disabled state [ 606.698556][ T3808] eth1: entered allmulticast mode [ 606.699548][ T3808] eth1: entered promiscuous mode [ 606.700592][ T70] br0: port 2(eth1) entered blocking state [ 606.700780][ T70] br0: port 2(eth1) entered forwarding state [ 607.114658][ T3815] br0: port 1(eth0) entered blocking state [ 607.114947][ T3815] br0: port 1(eth0) entered disabled state [ 607.115133][ T3815] eth0: entered allmulticast mode [ 607.116061][ T3815] eth0: entered promiscuous mode [ 607.176250][ T3816] br0: port 2(eth1) entered blocking state [ 607.176538][ T3816] br0: port 2(eth1) entered disabled state [ 607.176720][ T3816] eth1: entered allmulticast mode [ 607.177664][ T3816] eth1: entered promiscuous mode [ 607.179571][ T40] br0: port 2(eth1) entered blocking state [ 607.179801][ T40] br0: port 2(eth1) entered forwarding state [ 607.845618][ T70] br0: port 1(eth0) entered blocking state [ 607.845860][ T70] br0: port 1(eth0) entered forwarding state [ 611.407317][ T11] eth1: left allmulticast mode [ 611.407538][ T11] eth1: left promiscuous mode [ 611.407806][ T11] br0: port 2(eth1) entered disabled state [ 611.408912][ T11] eth0: left allmulticast mode [ 611.409073][ T11] eth0: left promiscuous mode [ 611.409575][ T11] br0: port 1(eth0) entered disabled state [ 611.666484][ T11] eth1: left allmulticast mode [ 611.666671][ T11] eth1: left promiscuous mode [ 611.666923][ T11] br0: port 2(eth1) entered disabled state [ 611.667998][ T11] eth0: left allmulticast mode [ 611.668137][ T11] eth0: left promiscuous mode [ 611.668404][ T11] br0: port 1(eth0) entered disabled state [ 614.023882][ T3908] eth0: renamed from r1h1 [ 614.171988][ T3910] eth1: renamed from r1h2 [ 621.357949][ T4009] eth0: renamed from r1h1 [ 621.515241][ T4011] eth1: renamed from r1h2 [ 628.968224][ T4109] eth0: renamed from r1h1 [ 629.127205][ T4111] eth1: renamed from r1h2 [ 636.335446][ T4207] eth0: renamed from r1h1 [ 636.492115][ T4209] eth1: renamed from r1h2 [ 644.668023][ T4309] eth0: renamed from r1h1 [ 644.817067][ T4311] eth1: renamed from r1h2 [ 653.611978][ T4422] eth0: renamed from r1h1 [ 653.763942][ T4424] eth0: renamed from r2h1 [ 653.922192][ T4426] eth1: renamed from r1h2 [ 654.057881][ T4428] eth1: renamed from r2h2 [ 654.355040][ T4433] br0: port 1(eth0) entered blocking state [ 654.355283][ T4433] br0: port 1(eth0) entered disabled state [ 654.355480][ T4433] eth0: entered allmulticast mode [ 654.356397][ T4433] eth0: entered promiscuous mode [ 654.358018][ T40] br0: port 1(eth0) entered blocking state [ 654.358248][ T40] br0: port 1(eth0) entered forwarding state [ 654.411001][ T4434] br0: port 2(eth1) entered blocking state [ 654.411258][ T4434] br0: port 2(eth1) entered disabled state [ 654.411460][ T4434] eth1: entered allmulticast mode [ 654.412686][ T4434] eth1: entered promiscuous mode [ 654.413948][ T157] br0: port 2(eth1) entered blocking state [ 654.414156][ T157] br0: port 2(eth1) entered forwarding state [ 654.829701][ T4441] br0: port 1(eth0) entered blocking state [ 654.829915][ T4441] br0: port 1(eth0) entered disabled state [ 654.830097][ T4441] eth0: entered allmulticast mode [ 654.831032][ T4441] eth0: entered promiscuous mode [ 654.892719][ T4442] br0: port 2(eth1) entered blocking state [ 654.892929][ T4442] br0: port 2(eth1) entered disabled state [ 654.893115][ T4442] eth1: entered allmulticast mode [ 654.894025][ T4442] eth1: entered promiscuous mode [ 654.900967][ T40] br0: port 2(eth1) entered blocking state [ 654.901220][ T40] br0: port 2(eth1) entered forwarding state [ 655.589670][ T38] br0: port 1(eth0) entered blocking state [ 655.589911][ T38] br0: port 1(eth0) entered forwarding state [ 659.167062][ T11] eth1: left allmulticast mode [ 659.167307][ T11] eth1: left promiscuous mode [ 659.167579][ T11] br0: port 2(eth1) entered disabled state [ 659.168713][ T11] eth0: left allmulticast mode [ 659.168879][ T11] eth0: left promiscuous mode [ 659.169129][ T11] br0: port 1(eth0) entered disabled state [ 659.405406][ T11] eth1: left allmulticast mode [ 659.405633][ T11] eth1: left promiscuous mode [ 659.405902][ T11] br0: port 2(eth1) entered disabled state [ 659.407094][ T11] eth0: left allmulticast mode [ 659.407310][ T11] eth0: left promiscuous mode [ 659.407561][ T11] br0: port 1(eth0) entered disabled state [ 662.373968][ T4547] eth0: renamed from r1h1 [ 662.531192][ T4549] eth0: renamed from r2h1 [ 662.683398][ T4551] eth1: renamed from r1h2 [ 662.827392][ T4553] eth1: renamed from r2h2 [ 663.130719][ T4558] br0: port 1(eth0) entered blocking state [ 663.130976][ T4558] br0: port 1(eth0) entered disabled state [ 663.131198][ T4558] eth0: entered allmulticast mode [ 663.132139][ T4558] eth0: entered promiscuous mode [ 663.134232][ T157] br0: port 1(eth0) entered blocking state [ 663.134418][ T157] br0: port 1(eth0) entered forwarding state [ 663.188356][ T4559] br0: port 2(eth1) entered blocking state [ 663.188579][ T4559] br0: port 2(eth1) entered disabled state [ 663.188783][ T4559] eth1: entered allmulticast mode [ 663.189732][ T4559] eth1: entered promiscuous mode [ 663.198607][ T68] br0: port 2(eth1) entered blocking state [ 663.198822][ T68] br0: port 2(eth1) entered forwarding state [ 663.596233][ T4566] br0: port 1(eth0) entered blocking state [ 663.596470][ T4566] br0: port 1(eth0) entered disabled state [ 663.596675][ T4566] eth0: entered allmulticast mode [ 663.598582][ T4566] eth0: entered promiscuous mode [ 663.666269][ T4567] br0: port 2(eth1) entered blocking state [ 663.666523][ T4567] br0: port 2(eth1) entered disabled state [ 663.666737][ T4567] eth1: entered allmulticast mode [ 663.667708][ T4567] eth1: entered promiscuous mode [ 663.668813][ T157] br0: port 2(eth1) entered blocking state [ 663.669007][ T157] br0: port 2(eth1) entered forwarding state [ 664.357679][ T38] br0: port 1(eth0) entered blocking state [ 664.357914][ T38] br0: port 1(eth0) entered forwarding state [ 667.975475][ T11] eth1: left allmulticast mode [ 667.975730][ T11] eth1: left promiscuous mode [ 667.975990][ T11] br0: port 2(eth1) entered disabled state [ 667.977063][ T11] eth0: left allmulticast mode [ 667.977248][ T11] eth0: left promiscuous mode [ 667.977485][ T11] br0: port 1(eth0) entered disabled state [ 668.273448][ T11] eth1: left allmulticast mode [ 668.273635][ T11] eth1: left promiscuous mode [ 668.273899][ T11] br0: port 2(eth1) entered disabled state [ 668.275069][ T11] eth0: left allmulticast mode [ 668.275248][ T11] eth0: left promiscuous mode [ 668.275483][ T11] br0: port 1(eth0) entered disabled state