[ 13.179239][ T298] eth0: renamed from r1h1 [ 13.354434][ T300] eth0: renamed from r2h1 [ 13.619846][ T303] eth2: renamed from r2h2 [ 13.876432][ T306] eth1: renamed from r2r1 [ 14.257947][ T311] br0: port 1(eth0) entered blocking state [ 14.258422][ T311] br0: port 1(eth0) entered disabled state [ 14.258692][ T311] eth0: entered allmulticast mode [ 14.259939][ T311] eth0: entered promiscuous mode [ 14.269573][ T110] br0: port 1(eth0) entered blocking state [ 14.269908][ T110] br0: port 1(eth0) entered forwarding state [ 14.347727][ T312] br0: port 2(eth1) entered blocking state [ 14.348131][ T312] br0: port 2(eth1) entered disabled state [ 14.348512][ T312] eth1: entered allmulticast mode [ 14.350210][ T312] eth1: entered promiscuous mode [ 14.352117][ T110] br0: port 2(eth1) entered blocking state [ 14.352347][ T110] br0: port 2(eth1) entered forwarding state [ 30.644928][ T66] eth1: left allmulticast mode [ 30.645284][ T66] eth1: left promiscuous mode [ 30.645659][ T66] br0: port 2(eth1) entered disabled state [ 30.648560][ T66] eth0: left allmulticast mode [ 30.648781][ T66] eth0: left promiscuous mode [ 30.649100][ T66] br0: port 1(eth0) entered disabled state [ 31.133521][ T66] ================================================================== [ 31.133755][ T66] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90 [ 31.133965][ T66] Read of size 8 at addr ffff888010f480f8 by task kworker/u16:1/66 [ 31.134167][ T66] [ 31.134238][ T66] CPU: 2 UID: 0 PID: 66 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 31.134441][ T66] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 31.134613][ T66] Workqueue: netns cleanup_net [ 31.134758][ T66] Call Trace: [ 31.134860][ T66] [ 31.134935][ T66] dump_stack_lvl+0x82/0xd0 [ 31.135078][ T66] print_address_description.constprop.0+0x2c/0x3b0 [ 31.135252][ T66] ? cleanup_net+0xa5d/0xb90 [ 31.135393][ T66] print_report+0xb4/0x270 [ 31.135529][ T66] ? kasan_addr_to_slab+0x25/0x80 [ 31.135668][ T66] kasan_report+0xbd/0xf0 [ 31.135777][ T66] ? cleanup_net+0xa5d/0xb90 [ 31.135915][ T66] cleanup_net+0xa5d/0xb90 [ 31.136055][ T66] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 31.136197][ T66] ? __pfx_cleanup_net+0x10/0x10 [ 31.136336][ T66] ? trace_lock_acquire+0x148/0x1f0 [ 31.136486][ T66] ? lock_acquire+0x32/0xc0 [ 31.136621][ T66] ? process_one_work+0xe0b/0x16d0 [ 31.136763][ T66] process_one_work+0xe55/0x16d0 [ 31.136902][ T66] ? __pfx___lock_release+0x10/0x10 [ 31.137040][ T66] ? __pfx_process_one_work+0x10/0x10 [ 31.137183][ T66] ? assign_work+0x16c/0x240 [ 31.137322][ T66] worker_thread+0x58c/0xce0 [ 31.137469][ T66] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 31.137642][ T66] ? __pfx_worker_thread+0x10/0x10 [ 31.137781][ T66] ? __pfx_worker_thread+0x10/0x10 [ 31.137917][ T66] kthread+0x28a/0x350 [ 31.138026][ T66] ? __pfx_kthread+0x10/0x10 [ 31.138164][ T66] ret_from_fork+0x31/0x70 [ 31.138299][ T66] ? __pfx_kthread+0x10/0x10 [ 31.138438][ T66] ret_from_fork_asm+0x1a/0x30 [ 31.138586][ T66] [ 31.138692][ T66] [ 31.138762][ T66] Allocated by task 257: [ 31.138868][ T66] kasan_save_stack+0x24/0x50 [ 31.139006][ T66] kasan_save_track+0x14/0x30 [ 31.139143][ T66] __kasan_slab_alloc+0x59/0x70 [ 31.139278][ T66] kmem_cache_alloc_noprof+0x10b/0x350 [ 31.139419][ T66] copy_net_ns+0xc6/0x540 [ 31.139530][ T66] create_new_namespaces+0x35f/0x920 [ 31.139678][ T66] unshare_nsproxy_namespaces+0x8a/0x1b0 [ 31.139816][ T66] ksys_unshare+0x2c4/0x6e0 [ 31.139955][ T66] __x64_sys_unshare+0x31/0x40 [ 31.140091][ T66] do_syscall_64+0xc1/0x1d0 [ 31.140231][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.140405][ T66] [ 31.140481][ T66] Freed by task 66: [ 31.140585][ T66] kasan_save_stack+0x24/0x50 [ 31.140726][ T66] kasan_save_track+0x14/0x30 [ 31.140861][ T66] kasan_save_free_info+0x3b/0x60 [ 31.141002][ T66] __kasan_slab_free+0x38/0x50 [ 31.141138][ T66] kmem_cache_free+0xf8/0x330 [ 31.141275][ T66] cleanup_net+0x5a8/0xb90 [ 31.141413][ T66] process_one_work+0xe55/0x16d0 [ 31.141552][ T66] worker_thread+0x58c/0xce0 [ 31.141688][ T66] kthread+0x28a/0x350 [ 31.141791][ T66] ret_from_fork+0x31/0x70 [ 31.141932][ T66] ret_from_fork_asm+0x1a/0x30 [ 31.142072][ T66] [ 31.142141][ T66] Last potentially related work creation: [ 31.142277][ T66] kasan_save_stack+0x24/0x50 [ 31.142418][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 31.142571][ T66] insert_work+0x34/0x230 [ 31.142674][ T66] __queue_work+0x5fd/0xa40 [ 31.142809][ T66] queue_delayed_work_on+0x8c/0xa0 [ 31.142945][ T66] __inet_insert_ifa+0x751/0xb10 [ 31.143087][ T66] inet_rtm_newaddr+0x833/0xbd0 [ 31.143225][ T66] rtnetlink_rcv_msg+0x712/0xc10 [ 31.143367][ T66] netlink_rcv_skb+0x130/0x360 [ 31.143511][ T66] netlink_unicast+0x44b/0x710 [ 31.143650][ T66] netlink_sendmsg+0x723/0xbe0 [ 31.143788][ T66] ____sys_sendmsg+0x7ac/0xa10 [ 31.143924][ T66] ___sys_sendmsg+0xee/0x170 [ 31.144061][ T66] __sys_sendmsg+0x109/0x1a0 [ 31.144199][ T66] do_syscall_64+0xc1/0x1d0 [ 31.144335][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.144503][ T66] [ 31.144573][ T66] Second to last potentially related work creation: [ 31.144757][ T66] kasan_save_stack+0x24/0x50 [ 31.144896][ T66] __kasan_record_aux_stack+0x8e/0xa0 [ 31.145034][ T66] insert_work+0x34/0x230 [ 31.145139][ T66] __queue_work+0x5fd/0xa40 [ 31.145275][ T66] queue_delayed_work_on+0x8c/0xa0 [ 31.145412][ T66] __inet_insert_ifa+0x751/0xb10 [ 31.145549][ T66] inetdev_event+0xb18/0xcf0 [ 31.145687][ T66] notifier_call_chain+0xcd/0x150 [ 31.145826][ T66] __dev_notify_flags+0xe6/0x250 [ 31.145966][ T66] dev_change_flags+0xec/0x160 [ 31.146104][ T66] do_setlink.constprop.0+0x79d/0x2300 [ 31.146244][ T66] rtnl_newlink+0x6de/0xa80 [ 31.146383][ T66] rtnetlink_rcv_msg+0x712/0xc10 [ 31.146519][ T66] netlink_rcv_skb+0x130/0x360 [ 31.146653][ T66] netlink_unicast+0x44b/0x710 [ 31.146792][ T66] netlink_sendmsg+0x723/0xbe0 [ 31.146931][ T66] ____sys_sendmsg+0x7ac/0xa10 [ 31.147072][ T66] ___sys_sendmsg+0xee/0x170 [ 31.147209][ T66] __sys_sendmsg+0x109/0x1a0 [ 31.147347][ T66] do_syscall_64+0xc1/0x1d0 [ 31.147483][ T66] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.147654][ T66] [ 31.147723][ T66] The buggy address belongs to the object at ffff888010f48040 [ 31.147723][ T66] which belongs to the cache net_namespace of size 6528 [ 31.148090][ T66] The buggy address is located 184 bytes inside of [ 31.148090][ T66] freed 6528-byte region [ffff888010f48040, ffff888010f499c0) [ 31.148418][ T66] [ 31.148488][ T66] The buggy address belongs to the physical page: [ 31.148655][ T66] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f48 [ 31.148898][ T66] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.149102][ T66] flags: 0x80000000000040(head|node=0|zone=1) [ 31.149274][ T66] page_type: f5(slab) [ 31.149384][ T66] raw: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 31.149634][ T66] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 31.149878][ T66] head: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 31.150121][ T66] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 31.150363][ T66] head: 0080000000000003 ffffea000043d201 ffffffffffffffff 0000000000000000 [ 31.150604][ T66] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 31.150852][ T66] page dumped because: kasan: bad access detected [ 31.151022][ T66] [ 31.151092][ T66] Memory state around the buggy address: [ 31.151227][ T66] ffff888010f47f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.151424][ T66] ffff888010f48000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.151624][ T66] >ffff888010f48080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.151826][ T66] ^ [ 31.152021][ T66] ffff888010f48100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.152224][ T66] ffff888010f48180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.152485][ T66] ================================================================== [ 31.152741][ T66] Disabling lock debugging due to kernel taint [ 34.624344][ T514] eth0: renamed from r1h1 [ 34.768861][ T516] eth0: renamed from r2h1 [ 34.962941][ T519] eth2: renamed from r2h2 [ 35.163791][ T522] eth1: renamed from r2r1 [ 35.973484][ T537] br0: port 1(eth0) entered blocking state [ 35.973715][ T537] br0: port 1(eth0) entered disabled state [ 35.973908][ T537] eth0: entered allmulticast mode [ 35.974817][ T537] eth0: entered promiscuous mode [ 35.976322][ T110] br0: port 1(eth0) entered blocking state [ 35.976497][ T110] br0: port 1(eth0) entered forwarding state [ 36.027314][ T538] br0: port 2(eth1) entered blocking state [ 36.027604][ T538] br0: port 2(eth1) entered disabled state [ 36.027803][ T538] eth1: entered allmulticast mode [ 36.029862][ T538] eth1: entered promiscuous mode [ 36.031029][ T110] br0: port 2(eth1) entered blocking state [ 36.031206][ T110] br0: port 2(eth1) entered forwarding state [ 50.676415][ T66] eth1: left allmulticast mode [ 50.676574][ T66] eth1: left promiscuous mode [ 50.676831][ T66] br0: port 2(eth1) entered disabled state [ 50.677945][ T66] eth0: left allmulticast mode [ 50.678088][ T66] eth0: left promiscuous mode [ 50.678336][ T66] br0: port 1(eth0) entered disabled state [ 54.714902][ T740] eth0: renamed from r1h1 [ 54.854813][ T742] eth0: renamed from r2h1 [ 55.056252][ T745] eth2: renamed from r2h2 [ 55.258873][ T748] eth1: renamed from r2r1 [ 55.534191][ T753] br0: port 1(eth0) entered blocking state [ 55.534490][ T753] br0: port 1(eth0) entered disabled state [ 55.534677][ T753] eth0: entered allmulticast mode [ 55.535547][ T753] eth0: entered promiscuous mode [ 55.537107][ T55] br0: port 1(eth0) entered blocking state [ 55.537318][ T55] br0: port 1(eth0) entered forwarding state [ 55.593060][ T754] br0: port 2(eth1) entered blocking state [ 55.593531][ T754] br0: port 2(eth1) entered disabled state [ 55.593726][ T754] eth1: entered allmulticast mode [ 55.594640][ T754] eth1: entered promiscuous mode [ 55.595703][ T110] br0: port 2(eth1) entered blocking state [ 55.595881][ T110] br0: port 2(eth1) entered forwarding state [ 70.514484][ T66] eth1: left allmulticast mode [ 70.514684][ T66] eth1: left promiscuous mode [ 70.514970][ T66] br0: port 2(eth1) entered disabled state [ 70.516078][ T66] eth0: left allmulticast mode [ 70.516310][ T66] eth0: left promiscuous mode [ 70.516580][ T66] br0: port 1(eth0) entered disabled state [ 74.218217][ T967] eth0: renamed from r1h1 [ 74.370482][ T969] eth0: renamed from r2h1 [ 74.566333][ T972] eth2: renamed from r2h2 [ 74.763246][ T975] eth1: renamed from r2r1 [ 75.558691][ T990] br0: port 1(eth0) entered blocking state [ 75.558893][ T990] br0: port 1(eth0) entered disabled state [ 75.559068][ T990] eth0: entered allmulticast mode [ 75.559967][ T990] eth0: entered promiscuous mode [ 75.562565][ T55] br0: port 1(eth0) entered blocking state [ 75.562764][ T55] br0: port 1(eth0) entered forwarding state [ 75.617734][ T991] br0: port 2(eth1) entered blocking state [ 75.618004][ T991] br0: port 2(eth1) entered disabled state [ 75.618180][ T991] eth1: entered allmulticast mode [ 75.619034][ T991] eth1: entered promiscuous mode [ 75.620048][ T45] br0: port 2(eth1) entered blocking state [ 75.620223][ T45] br0: port 2(eth1) entered forwarding state [ 90.444462][ T66] eth1: left allmulticast mode [ 90.444651][ T66] eth1: left promiscuous mode [ 90.444887][ T66] br0: port 2(eth1) entered disabled state [ 90.446330][ T66] eth0: left allmulticast mode [ 90.446504][ T66] eth0: left promiscuous mode [ 90.446732][ T66] br0: port 1(eth0) entered disabled state