[ 17.310409][ T293] eth1: renamed from tmp [ 80.628285][ T494] ip (494) used greatest stack depth: 23600 bytes left [ 81.662050][ T67] ================================================================== [ 81.662429][ T67] BUG: KASAN: slab-use-after-free in cleanup_net+0xa5d/0xb90 [ 81.662765][ T67] Read of size 8 at addr ffff88800b5780f8 by task kworker/u16:1/67 [ 81.663038][ T67] [ 81.663140][ T67] CPU: 1 UID: 0 PID: 67 Comm: kworker/u16:1 Not tainted 6.12.0-virtme #1 [ 81.663430][ T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 81.663671][ T67] Workqueue: netns cleanup_net [ 81.663880][ T67] Call Trace: [ 81.664027][ T67] [ 81.664131][ T67] dump_stack_lvl+0x82/0xd0 [ 81.664331][ T67] print_address_description.constprop.0+0x2c/0x3b0 [ 81.664573][ T67] ? cleanup_net+0xa5d/0xb90 [ 81.664766][ T67] print_report+0xb4/0x270 [ 81.664963][ T67] ? kasan_addr_to_slab+0x25/0x80 [ 81.665159][ T67] kasan_report+0xbd/0xf0 [ 81.665306][ T67] ? cleanup_net+0xa5d/0xb90 [ 81.665503][ T67] cleanup_net+0xa5d/0xb90 [ 81.665693][ T67] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 81.665900][ T67] ? __pfx_cleanup_net+0x10/0x10 [ 81.666088][ T67] ? trace_lock_acquire+0x148/0x1f0 [ 81.666284][ T67] ? lock_acquire+0x32/0xc0 [ 81.666473][ T67] ? process_one_work+0xe0b/0x16d0 [ 81.666669][ T67] process_one_work+0xe55/0x16d0 [ 81.666867][ T67] ? __pfx___lock_release+0x10/0x10 [ 81.667061][ T67] ? __pfx_process_one_work+0x10/0x10 [ 81.667256][ T67] ? assign_work+0x16c/0x240 [ 81.667456][ T67] worker_thread+0x58c/0xce0 [ 81.667656][ T67] ? lockdep_hardirqs_on_prepare+0x275/0x410 [ 81.667900][ T67] ? __pfx_worker_thread+0x10/0x10 [ 81.668098][ T67] ? __pfx_worker_thread+0x10/0x10 [ 81.668293][ T67] kthread+0x28a/0x350 [ 81.668452][ T67] ? __pfx_kthread+0x10/0x10 [ 81.668650][ T67] ret_from_fork+0x31/0x70 [ 81.668843][ T67] ? __pfx_kthread+0x10/0x10 [ 81.669043][ T67] ret_from_fork_asm+0x1a/0x30 [ 81.669252][ T67] [ 81.669402][ T67] [ 81.669501][ T67] Allocated by task 269: [ 81.669658][ T67] kasan_save_stack+0x24/0x50 [ 81.669861][ T67] kasan_save_track+0x14/0x30 [ 81.670054][ T67] __kasan_slab_alloc+0x59/0x70 [ 81.670248][ T67] kmem_cache_alloc_noprof+0x10b/0x350 [ 81.670474][ T67] copy_net_ns+0xc6/0x540 [ 81.670621][ T67] create_new_namespaces+0x35f/0x920 [ 81.670817][ T67] unshare_nsproxy_namespaces+0x8a/0x1b0 [ 81.671012][ T67] ksys_unshare+0x2c4/0x6e0 [ 81.671211][ T67] __x64_sys_unshare+0x31/0x40 [ 81.671405][ T67] do_syscall_64+0xc1/0x1d0 [ 81.671603][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.671842][ T67] [ 81.671943][ T67] Freed by task 67: [ 81.672088][ T67] kasan_save_stack+0x24/0x50 [ 81.672286][ T67] kasan_save_track+0x14/0x30 [ 81.672481][ T67] kasan_save_free_info+0x3b/0x60 [ 81.672676][ T67] __kasan_slab_free+0x38/0x50 [ 81.672857][ T67] kmem_cache_free+0xf8/0x330 [ 81.673044][ T67] cleanup_net+0x5a8/0xb90 [ 81.673234][ T67] process_one_work+0xe55/0x16d0 [ 81.673428][ T67] worker_thread+0x58c/0xce0 [ 81.673617][ T67] kthread+0x28a/0x350 [ 81.673764][ T67] ret_from_fork+0x31/0x70 [ 81.673955][ T67] ret_from_fork_asm+0x1a/0x30 [ 81.674145][ T67] [ 81.674248][ T67] Last potentially related work creation: [ 81.674446][ T67] kasan_save_stack+0x24/0x50 [ 81.674644][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 81.674840][ T67] insert_work+0x34/0x230 [ 81.674986][ T67] __queue_work+0x5fd/0xa40 [ 81.675180][ T67] queue_delayed_work_on+0x8c/0xa0 [ 81.675378][ T67] __inet_insert_ifa+0x751/0xb10 [ 81.675578][ T67] inet_rtm_newaddr+0x833/0xbd0 [ 81.675775][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 81.675978][ T67] netlink_rcv_skb+0x130/0x360 [ 81.676176][ T67] netlink_unicast+0x44b/0x710 [ 81.676387][ T67] netlink_sendmsg+0x723/0xbe0 [ 81.676589][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 81.676788][ T67] ___sys_sendmsg+0xee/0x170 [ 81.676998][ T67] __sys_sendmsg+0x109/0x1a0 [ 81.677192][ T67] do_syscall_64+0xc1/0x1d0 [ 81.677394][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.677642][ T67] [ 81.677745][ T67] Second to last potentially related work creation: [ 81.677976][ T67] kasan_save_stack+0x24/0x50 [ 81.678184][ T67] __kasan_record_aux_stack+0x8e/0xa0 [ 81.678371][ T67] insert_work+0x34/0x230 [ 81.678521][ T67] __queue_work+0x5fd/0xa40 [ 81.678710][ T67] queue_delayed_work_on+0x8c/0xa0 [ 81.678898][ T67] __inet_insert_ifa+0x751/0xb10 [ 81.679098][ T67] inet_rtm_newaddr+0x833/0xbd0 [ 81.679299][ T67] rtnetlink_rcv_msg+0x712/0xc10 [ 81.679499][ T67] netlink_rcv_skb+0x130/0x360 [ 81.679686][ T67] netlink_unicast+0x44b/0x710 [ 81.679881][ T67] netlink_sendmsg+0x723/0xbe0 [ 81.680069][ T67] ____sys_sendmsg+0x7ac/0xa10 [ 81.680247][ T67] ___sys_sendmsg+0xee/0x170 [ 81.680450][ T67] __sys_sendmsg+0x109/0x1a0 [ 81.680634][ T67] do_syscall_64+0xc1/0x1d0 [ 81.680829][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.681076][ T67] [ 81.681171][ T67] The buggy address belongs to the object at ffff88800b578040 [ 81.681171][ T67] which belongs to the cache net_namespace of size 6528 [ 81.681673][ T67] The buggy address is located 184 bytes inside of [ 81.681673][ T67] freed 6528-byte region [ffff88800b578040, ffff88800b5799c0) [ 81.682124][ T67] [ 81.682221][ T67] The buggy address belongs to the physical page: [ 81.682427][ T67] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800b57b640 pfn:0xb578 [ 81.682792][ T67] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.683084][ T67] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 81.683323][ T67] page_type: f5(slab) [ 81.683472][ T67] raw: 0080000000000240 ffff888001975240 ffff88800197a088 ffff88800197a088 [ 81.683810][ T67] raw: ffff88800b57b640 0000000000040002 00000001f5000000 0000000000000000 [ 81.684146][ T67] head: 0080000000000240 ffff888001975240 ffff88800197a088 ffff88800197a088 [ 81.684485][ T67] head: ffff88800b57b640 0000000000040002 00000001f5000000 0000000000000000 [ 81.684814][ T67] head: 0080000000000003 ffffea00002d5e01 ffffffffffffffff 0000000000000000 [ 81.685145][ T67] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 81.685503][ T67] page dumped because: kasan: bad access detected [ 81.685716][ T67] [ 81.685804][ T67] Memory state around the buggy address: [ 81.685977][ T67] ffff88800b577f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 81.686232][ T67] ffff88800b578000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 81.686491][ T67] >ffff88800b578080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.686750][ T67] ^ [ 81.687001][ T67] ffff88800b578100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.687248][ T67] ffff88800b578180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.687491][ T67] ================================================================== [ 81.687886][ T67] Disabling lock debugging due to kernel taint [ 85.071151][ T546] eth1: renamed from tmp [ 150.548272][ T800] eth1: renamed from tmp [ 213.128746][ T1052] eth1: renamed from tmp [ 274.618632][ T1313] eth1: renamed from tmp [ 336.191763][ T1576] eth1: renamed from tmp [ 661.265681][ T2428] eth1: renamed from tmp [ 693.589430][ T2566] eth2: renamed from tmp [ 900.776286][ T3138] eth1: renamed from tmp [ 1234.148498][ T4065] eth1: renamed from tmp [ 1360.926420][ T4547] eth1: renamed from tmp [ 1393.003199][ T4712] eth1: renamed from tmp [ 1441.806325][ T4939] eth1: renamed from tmp [ 1455.623652][ T5054] eth1: renamed from tmp [ 1469.668208][ T5168] eth1: renamed from tmp [ 1483.788625][ T5282] eth1: renamed from tmp [ 1498.872132][ T5400] eth1: renamed from tmp [ 1514.064298][ T5518] eth1: renamed from tmp [ 1529.264118][ T5636] eth1: renamed from tmp [ 1544.487616][ T5754] eth1: renamed from tmp [ 1559.514397][ T5872] eth1: renamed from tmp [ 1574.332782][ T5990] eth1: renamed from tmp [ 1589.074409][ T6109] eth1: renamed from tmp [ 1603.847183][ T6227] eth1: renamed from tmp [ 1618.547143][ T6345] eth1: renamed from tmp [ 1633.353067][ T6463] eth1: renamed from tmp [ 1647.990062][ T6582] eth1: renamed from tmp [ 1662.738113][ T6700] eth1: renamed from tmp [ 1677.656162][ T6818] eth1: renamed from tmp [ 1692.436643][ T6936] eth1: renamed from tmp [ 1707.216463][ T7054] eth1: renamed from tmp [ 1722.025449][ T7172] eth1: renamed from tmp [ 1736.927492][ T7290] eth1: renamed from tmp [ 1751.760162][ T7408] eth1: renamed from tmp [ 1766.681991][ T7526] eth1: renamed from tmp [ 1781.638608][ T7645] eth1: renamed from tmp [ 1796.441523][ T7764] eth1: renamed from tmp [ 1811.233352][ T7882] eth1: renamed from tmp [ 1826.205132][ T8000] eth1: renamed from tmp [ 1841.139227][ T8118] eth1: renamed from tmp [ 1855.950360][ T8236] eth1: renamed from tmp [ 1870.587968][ T8354] eth1: renamed from tmp [ 1885.240104][ T8472] eth1: renamed from tmp [ 1899.825104][ T8590] eth1: renamed from tmp [ 1930.998298][ T8775] eth1: renamed from tmp [ 2008.793830][ T9101] eth1: renamed from tmp [ 2086.369164][ T9428] eth1: renamed from tmp [ 2166.692120][ T9765] eth1: renamed from tmp [ 2247.184439][T10104] eth1: renamed from tmp [ 2521.122452][T10888] eth1: renamed from tmp [ 2565.502344][T11070] eth2: renamed from tmp [ 2769.423422][T11660] eth1: renamed from tmp [ 3064.238240][T12698] eth1: renamed from tmp [ 3212.931488][T13257] eth1: renamed from tmp [ 3237.952028][T13400] eth1: renamed from tmp [ 3272.791074][T13584] eth1: renamed from tmp [ 3286.663228][T13698] eth1: renamed from tmp [ 3298.579175][T13812] eth1: renamed from tmp [ 3313.395580][T13930] eth1: renamed from tmp [ 3328.442216][T14048] eth1: renamed from tmp [ 3343.392313][T14166] eth1: renamed from tmp [ 3358.578258][T14285] eth1: renamed from tmp [ 3373.541227][T14403] eth1: renamed from tmp [ 3388.495479][T14521] eth1: renamed from tmp [ 3403.137077][T14639] eth1: renamed from tmp [ 3417.935344][T14756] eth1: renamed from tmp [ 3432.611084][T14874] eth1: renamed from tmp [ 3447.394516][T14992] eth1: renamed from tmp [ 3462.013292][T15110] eth1: renamed from tmp [ 3476.601047][T15229] eth1: renamed from tmp [ 3491.050288][T15347] eth1: renamed from tmp [ 3505.949663][T15465] eth1: renamed from tmp [ 3521.567593][T15584] eth1: renamed from tmp [ 3536.699362][T15703] eth1: renamed from tmp [ 3551.280300][T15822] eth1: renamed from tmp [ 3565.795167][T15940] eth1: renamed from tmp [ 3580.478210][T16058] eth1: renamed from tmp [ 3595.050183][T16176] eth1: renamed from tmp [ 3609.561275][T16294] eth1: renamed from tmp [ 3624.054119][T16411] eth1: renamed from tmp [ 3638.595260][T16528] eth1: renamed from tmp [ 3653.194099][T16647] eth1: renamed from tmp [ 3667.772175][T16765] eth1: renamed from tmp [ 3682.572370][T16884] eth1: renamed from tmp [ 3697.357630][T17002] eth1: renamed from tmp [ 3711.939228][T17121] eth1: renamed from tmp [ 3726.775914][T17239] eth1: renamed from tmp [ 3742.545300][T17357] eth1: renamed from tmp [ 3758.144204][T17475] eth1: renamed from tmp [ 3773.164094][T17593] eth1: renamed from tmp [ 3787.789155][T17711] eth1: renamed from tmp [ 3802.581195][T17829] eth1: renamed from tmp [ 3817.507075][T17947] eth1: renamed from tmp [ 3832.408174][T18065] eth1: renamed from tmp [ 3847.345391][T18182] eth1: renamed from tmp [ 3862.368782][T18300] eth1: renamed from tmp [ 3877.205088][T18418] eth1: renamed from tmp [ 3892.078356][T18536] eth1: renamed from tmp [ 3907.044629][T18654] eth1: renamed from tmp [ 3921.998354][T18772] eth1: renamed from tmp [ 3937.233229][T18890] eth1: renamed from tmp [ 3952.188205][T19008] eth1: renamed from tmp [ 3967.089690][T19126] eth1: renamed from tmp [ 3999.688971][T19307] eth1: renamed from tmp [ 4003.126234][T19354] br0: port 1(eth1) entered blocking state [ 4003.126525][T19354] br0: port 1(eth1) entered disabled state [ 4003.126717][T19354] eth1: entered allmulticast mode [ 4003.127657][T19354] eth1: entered promiscuous mode [ 4003.355866][T19358] br0: port 1(eth1) entered blocking state [ 4003.356137][T19358] br0: port 1(eth1) entered forwarding state [ 4003.483799][T19360] br0: port 1(eth1) entered disabled state [ 4003.485049][T19360] br0: port 1(eth1) entered blocking state [ 4003.485279][T19360] br0: port 1(eth1) entered forwarding state [ 4014.051948][T19389] br0: port 1(eth1) entered disabled state [ 4014.052950][T19389] br0: port 1(eth1) entered blocking state [ 4014.053179][T19389] br0: port 1(eth1) entered forwarding state [ 4021.591838][T19434] eth1: left allmulticast mode [ 4021.592014][T19434] eth1: left promiscuous mode [ 4021.592273][T19434] br0: port 1(eth1) entered disabled state [ 4027.033203][T19512] eth1: renamed from tmp [ 4027.300124][T19516] eth2: renamed from tmp [ 4047.125015][T19659] eth1: renamed from tmp