====================================== | xx__-> [ 259.457451][ T70] ================================================================== | [ 259.457635][ T70] BUG: KASAN: slab-use-after-free in idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) | [ 259.457772][ T70] Read of size 8 at addr ff1100000d249f28 by task kworker/u16:1/70 | [ 259.457906][ T70] [ 259.457963][ T70] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 259.457965][ T70] Workqueue: netns cleanup_net [ 259.457971][ T70] Call Trace: [ 259.457972][ T70] [ 259.457975][ T70] dump_stack_lvl (lib/dump_stack.c:122) [ 259.457981][ T70] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 259.457986][ T70] print_report (mm/kasan/report.c:483) [ 259.457987][ T70] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 259.457990][ T70] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2194 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 259.457993][ T70] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 259.457995][ T70] kasan_report (mm/kasan/report.c:597) [ 259.458005][ T70] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 259.458008][ T70] ? rtnl_net_notifyid (net/core/net_namespace.c:628) [ 259.458010][ T70] idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 259.458012][ T70] ? idr_find (lib/idr.c:199) [ 259.458015][ T70] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 259.458018][ T70] ? __up_write (kernel/locking/rwsem.c:1388 (discriminator 3)) [ 259.458021][ T70] ? cleanup_net (net/core/net_namespace.c:656 net/core/net_namespace.c:700) [ 259.458022][ T70] cleanup_net (net/core/net_namespace.c:658 net/core/net_namespace.c:700) [ 259.458024][ T70] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870) [ 259.458025][ T70] ? process_one_work (kernel/workqueue.c:3233 (discriminator 1)) [ 259.458029][ T70] ? net_passive_dec (net/core/net_namespace.c:668) [ 259.458030][ T70] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 259.458033][ T70] ? process_one_work (kernel/workqueue.c:3233 (discriminator 1)) [ 259.458035][ T70] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 33) kernel/locking/lockdep.c:5831 (discriminator 33)) [ 259.458036][ T70] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 259.458039][ T70] process_one_work (kernel/workqueue.c:3262) [ 259.458042][ T70] ? pwq_dec_nr_in_flight (kernel/workqueue.c:3159) [ 259.458044][ T70] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870) [ 259.458046][ T70] ? assign_work (kernel/workqueue.c:1200) [ 259.458049][ T70] worker_thread (kernel/workqueue.c:3334 (discriminator 2) kernel/workqueue.c:3421 (discriminator 2)) [ 259.458051][ T70] ? process_one_work (kernel/workqueue.c:3367) [ 259.458053][ T70] ? __kthread_parkme (./arch/x86/include/asm/bitops.h:202 (discriminator 1) ./arch/x86/include/asm/bitops.h:232 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) kernel/kthread.c:290 (discriminator 1)) [ 259.458056][ T70] ? process_one_work (kernel/workqueue.c:3367) [ 259.458058][ T70] kthread (kernel/kthread.c:463) [ 259.458060][ T70] ? kthread_is_per_cpu (kernel/kthread.c:412) [ 259.458062][ T70] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 259.458064][ T70] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 259.458066][ T70] ? kthread_is_per_cpu (kernel/kthread.c:412) [ 259.458068][ T70] ret_from_fork (arch/x86/kernel/process.c:164) [ 259.458071][ T70] ? arch_exit_to_user_mode_prepare.isra.0 (arch/x86/entry/syscall_64.c:37) [ 259.458074][ T70] ? __switch_to (./arch/x86/include/asm/cpufeature.h:101 arch/x86/kernel/process_64.c:377 arch/x86/kernel/process_64.c:665) [ 259.458077][ T70] ? kthread_is_per_cpu (kernel/kthread.c:412) Finger prints: print_report:kasan_report:idr_for_each:cleanup_net:process_one_work