[ 13.108979][ T297] ip (297) used greatest stack depth: 24176 bytes left [ 13.197164][ T298] eth0: renamed from r1h1 [ 13.378749][ T300] eth0: renamed from r2h1 [ 13.637593][ T303] eth2: renamed from r2h2 [ 13.903373][ T306] eth1: renamed from r2r1 [ 14.285187][ T311] br0: port 1(eth0) entered blocking state [ 14.285646][ T311] br0: port 1(eth0) entered disabled state [ 14.285989][ T311] eth0: entered allmulticast mode [ 14.287209][ T311] eth0: entered promiscuous mode [ 14.295784][ T37] br0: port 1(eth0) entered blocking state [ 14.296079][ T37] br0: port 1(eth0) entered forwarding state [ 14.378032][ T312] br0: port 2(eth1) entered blocking state [ 14.378271][ T312] br0: port 2(eth1) entered disabled state [ 14.378505][ T312] eth1: entered allmulticast mode [ 14.379986][ T312] eth1: entered promiscuous mode [ 14.381751][ T37] br0: port 2(eth1) entered blocking state [ 14.382000][ T37] br0: port 2(eth1) entered forwarding state [ 30.722712][ T67] eth1: left allmulticast mode [ 30.722991][ T67] eth1: left promiscuous mode [ 30.723310][ T67] br0: port 2(eth1) entered disabled state [ 30.726428][ T67] eth0: left allmulticast mode [ 30.726604][ T67] eth0: left promiscuous mode [ 30.726867][ T67] br0: port 1(eth0) entered disabled state [ 31.218370][ T67] ================================================================== [ 31.218665][ T67] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90 [ 31.218851][ T67] Read of size 8 at addr ffff88800e4b80f8 by task kworker/u16:1/67 [ 31.219038][ T67] [ 31.219102][ T67] CPU: 3 UID: 0 PID: 67 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 31.219287][ T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 31.219449][ T67] Workqueue: netns cleanup_net [ 31.219580][ T67] Call Trace: [ 31.219676][ T67] [ 31.219741][ T67] dump_stack_lvl+0x82/0xd0 [ 31.219873][ T67] print_address_description.constprop.0+0x2c/0x3b0 [ 31.220029][ T67] ? cleanup_net+0xa5d/0xb90 [ 31.220152][ T67] print_report+0xb4/0x270 [ 31.220273][ T67] ? kasan_addr_to_slab+0x25/0x80 [ 31.220399][ T67] kasan_report+0xbd/0xf0 [ 31.220495][ T67] ? cleanup_net+0xa5d/0xb90 [ 31.220620][ T67] cleanup_net+0xa5d/0xb90 [ 31.220742][ T67] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 31.220870][ T67] ? __pfx_cleanup_net+0x10/0x10 [ 31.220992][ T67] ? trace_lock_acquire+0x148/0x1f0 [ 31.221116][ T67] ? lock_acquire+0x32/0xc0 [ 31.221239][ T67] ? process_one_work+0xe0b/0x16d0 [ 31.221365][ T67] process_one_work+0xe55/0x16d0 [ 31.221489][ T67] ? __pfx___lock_release+0x10/0x10 [ 31.221612][ T67] ? __pfx_process_one_work+0x10/0x10 [ 31.221736][ T67] ? assign_work+0x16c/0x240 [ 31.221866][ T67] worker_thread+0x58c/0xce0 [ 31.221989][ T67] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 31.222148][ T67] ? __pfx_worker_thread+0x10/0x10 [ 31.222270][ T67] ? __pfx_worker_thread+0x10/0x10 [ 31.222390][ T67] kthread+0x28a/0x350 [ 31.222484][ T67] ? __pfx_kthread+0x10/0x10 [ 31.222608][ T67] ret_from_fork+0x31/0x70 [ 31.222730][ T67] ? __pfx_kthread+0x10/0x10 [ 31.222854][ T67] ret_from_fork_asm+0x1a/0x30 [ 31.222985][ T67] [ 31.223078][ T67] [ 31.223149][ T67] Allocated by task 258: [ 31.223250][ T67] kasan_save_stack+0x24/0x50 [ 31.223388][ T67] kasan_save_track+0x14/0x30 [ 31.223509][ T67] __kasan_slab_alloc+0x59/0x70 [ 31.223633][ T67] kmem_cache_alloc_noprof+0x10b/0x350 [ 31.223757][ T67] copy_net_ns+0xc6/0x540 [ 31.223850][ T67] create_new_namespaces+0x35f/0x920 [ 31.223971][ T67] unshare_nsproxy_namespaces+0x8a/0x1b0 [ 31.224097][ T67] ksys_unshare+0x2c4/0x6e0 [ 31.224223][ T67] __x64_sys_unshare+0x31/0x40 [ 31.224346][ T67] do_syscall_64+0xc1/0x1d0 [ 31.224470][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.224623][ T67] [ 31.224696][ T67] Freed by task 67: [ 31.224787][ T67] kasan_save_stack+0x24/0x50 [ 31.224911][ T67] kasan_save_track+0x14/0x30 [ 31.225031][ T67] kasan_save_free_info+0x3b/0x60 [ 31.225155][ T67] __kasan_slab_free+0x38/0x50 [ 31.225279][ T67] kmem_cache_free+0xf8/0x330 [ 31.225400][ T67] cleanup_net+0x5a8/0xb90 [ 31.225523][ T67] process_one_work+0xe55/0x16d0 [ 31.225645][ T67] worker_thread+0x58c/0xce0 [ 31.225767][ T67] kthread+0x28a/0x350 [ 31.225862][ T67] ret_from_fork+0x31/0x70 [ 31.225984][ T67] ret_from_fork_asm+0x1a/0x30 [ 31.226106][ T67] [ 31.226173][ T67] Last potentially related work creation: [ 31.226295][ T67] kasan_save_stack+0x24/0x50 [ 31.226420][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 31.226543][ T67] insert_work+0x34/0x230 [ 31.226634][ T67] __queue_work+0x5fd/0xa40 [ 31.226756][ T67] queue_delayed_work_on+0x8c/0xa0 [ 31.226880][ T67] __inet_insert_ifa+0x751/0xb10 [ 31.227006][ T67] inet_rtm_newaddr+0x833/0xbd0 [ 31.227129][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 31.227256][ T67] netlink_rcv_skb+0x130/0x360 [ 31.227382][ T67] netlink_unicast+0x44b/0x710 [ 31.227504][ T67] netlink_sendmsg+0x723/0xbe0 [ 31.227626][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 31.227753][ T67] ___sys_sendmsg+0xee/0x170 [ 31.227878][ T67] __sys_sendmsg+0x109/0x1a0 [ 31.228002][ T67] do_syscall_64+0xc1/0x1d0 [ 31.228128][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.228280][ T67] [ 31.228351][ T67] Second to last potentially related work creation: [ 31.228502][ T67] kasan_save_stack+0x24/0x50 [ 31.228626][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 31.228750][ T67] insert_work+0x34/0x230 [ 31.228845][ T67] __queue_work+0x5fd/0xa40 [ 31.228967][ T67] queue_delayed_work_on+0x8c/0xa0 [ 31.229090][ T67] __inet_insert_ifa+0x751/0xb10 [ 31.229213][ T67] inetdev_event+0xb18/0xcf0 [ 31.229338][ T67] notifier_call_chain+0xcd/0x150 [ 31.229462][ T67] __dev_notify_flags+0xe6/0x250 [ 31.229586][ T67] dev_change_flags+0xec/0x160 [ 31.229708][ T67] do_setlink.constprop.0+0x79d/0x2300 [ 31.229833][ T67] rtnl_newlink+0x6de/0xa80 [ 31.229956][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 31.230077][ T67] netlink_rcv_skb+0x130/0x360 [ 31.230203][ T67] netlink_unicast+0x44b/0x710 [ 31.230327][ T67] netlink_sendmsg+0x723/0xbe0 [ 31.230450][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 31.230574][ T67] ___sys_sendmsg+0xee/0x170 [ 31.230697][ T67] __sys_sendmsg+0x109/0x1a0 [ 31.230820][ T67] do_syscall_64+0xc1/0x1d0 [ 31.230944][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.231098][ T67] [ 31.231160][ T67] The buggy address belongs to the object at ffff88800e4b8040 [ 31.231160][ T67] which belongs to the cache net_namespace of size 6528 [ 31.231493][ T67] The buggy address is located 184 bytes inside of [ 31.231493][ T67] freed 6528-byte region [ffff88800e4b8040, ffff88800e4b99c0) [ 31.231785][ T67] [ 31.231848][ T67] The buggy address belongs to the physical page: [ 31.232000][ T67] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe4b8 [ 31.232220][ T67] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 31.232403][ T67] flags: 0x80000000000040(head|node=0|zone=1) [ 31.232561][ T67] page_type: f5(slab) [ 31.232657][ T67] raw: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 31.232876][ T67] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 31.233096][ T67] head: 0080000000000040 ffff888001975240 ffff88800197a0a8 ffff88800197a0a8 [ 31.233321][ T67] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 31.233534][ T67] head: 0080000000000003 ffffea0000392e01 ffffffffffffffff 0000000000000000 [ 31.233750][ T67] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 31.233966][ T67] page dumped because: kasan: bad access detected [ 31.234123][ T67] [ 31.234185][ T67] Memory state around the buggy address: [ 31.234302][ T67] ffff88800e4b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.234482][ T67] ffff88800e4b8000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 31.234661][ T67] >ffff88800e4b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.234839][ T67] ^ [ 31.235014][ T67] ffff88800e4b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.235190][ T67] ffff88800e4b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.235366][ T67] ================================================================== [ 31.235620][ T67] Disabling lock debugging due to kernel taint [ 34.640163][ T514] eth0: renamed from r1h1 [ 34.775990][ T516] eth0: renamed from r2h1 [ 34.959228][ T519] eth2: renamed from r2h2 [ 35.147051][ T522] eth1: renamed from r2r1 [ 35.958804][ T537] br0: port 1(eth0) entered blocking state [ 35.959100][ T537] br0: port 1(eth0) entered disabled state [ 35.959294][ T537] eth0: entered allmulticast mode [ 35.960183][ T537] eth0: entered promiscuous mode [ 35.963482][ T70] br0: port 1(eth0) entered blocking state [ 35.963662][ T70] br0: port 1(eth0) entered forwarding state [ 36.013049][ T538] br0: port 2(eth1) entered blocking state [ 36.013329][ T538] br0: port 2(eth1) entered disabled state [ 36.013522][ T538] eth1: entered allmulticast mode [ 36.014433][ T538] eth1: entered promiscuous mode [ 36.016390][ T45] br0: port 2(eth1) entered blocking state [ 36.016567][ T45] br0: port 2(eth1) entered forwarding state [ 50.589999][ T67] eth1: left allmulticast mode [ 50.590153][ T67] eth1: left promiscuous mode [ 50.590401][ T67] br0: port 2(eth1) entered disabled state [ 50.594509][ T67] eth0: left allmulticast mode [ 50.594728][ T67] eth0: left promiscuous mode [ 50.594957][ T67] br0: port 1(eth0) entered disabled state [ 54.507092][ T740] eth0: renamed from r1h1 [ 54.650212][ T742] eth0: renamed from r2h1 [ 54.831753][ T745] eth2: renamed from r2h2 [ 55.031927][ T748] eth1: renamed from r2r1 [ 55.305886][ T753] br0: port 1(eth0) entered blocking state [ 55.306153][ T753] br0: port 1(eth0) entered disabled state [ 55.306331][ T753] eth0: entered allmulticast mode [ 55.307201][ T753] eth0: entered promiscuous mode [ 55.308716][ T45] br0: port 1(eth0) entered blocking state [ 55.308895][ T45] br0: port 1(eth0) entered forwarding state [ 55.363669][ T754] br0: port 2(eth1) entered blocking state [ 55.363869][ T754] br0: port 2(eth1) entered disabled state [ 55.364044][ T754] eth1: entered allmulticast mode [ 55.365295][ T754] eth1: entered promiscuous mode [ 55.366549][ T56] br0: port 2(eth1) entered blocking state [ 55.366759][ T56] br0: port 2(eth1) entered forwarding state [ 70.356299][ T67] eth1: left allmulticast mode [ 70.356613][ T67] eth1: left promiscuous mode [ 70.356922][ T67] br0: port 2(eth1) entered disabled state [ 70.358420][ T67] eth0: left allmulticast mode [ 70.358559][ T67] eth0: left promiscuous mode [ 70.358781][ T67] br0: port 1(eth0) entered disabled state [ 74.178056][ T967] eth0: renamed from r1h1 [ 74.318415][ T969] eth0: renamed from r2h1 [ 74.504065][ T972] eth2: renamed from r2h2 [ 74.693189][ T975] eth1: renamed from r2r1 [ 75.509329][ T990] br0: port 1(eth0) entered blocking state [ 75.509569][ T990] br0: port 1(eth0) entered disabled state [ 75.509760][ T990] eth0: entered allmulticast mode [ 75.510674][ T990] eth0: entered promiscuous mode [ 75.512226][ T70] br0: port 1(eth0) entered blocking state [ 75.512419][ T70] br0: port 1(eth0) entered forwarding state [ 75.567103][ T991] br0: port 2(eth1) entered blocking state [ 75.567305][ T991] br0: port 2(eth1) entered disabled state [ 75.568021][ T991] eth1: entered allmulticast mode [ 75.569147][ T991] eth1: entered promiscuous mode [ 75.570168][ T45] br0: port 2(eth1) entered blocking state [ 75.570353][ T45] br0: port 2(eth1) entered forwarding state [ 90.478734][ T67] eth1: left allmulticast mode [ 90.478892][ T67] eth1: left promiscuous mode [ 90.479149][ T67] br0: port 2(eth1) entered disabled state [ 90.480438][ T67] eth0: left allmulticast mode [ 90.480578][ T67] eth0: left promiscuous mode [ 90.480802][ T67] br0: port 1(eth0) entered disabled state