====================================== | xx__-> [ 267.620410][ T12] ================================================================== | [ 267.620594][ T12] BUG: KASAN: slab-use-after-free in idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) | [ 267.620742][ T12] Read of size 8 at addr ff1100000cb296b8 by task kworker/u16:0/12 | [ 267.620877][ T12] [ 267.620930][ T12] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 267.620932][ T12] Workqueue: netns cleanup_net [ 267.620938][ T12] Call Trace: [ 267.620939][ T12] [ 267.620942][ T12] dump_stack_lvl (lib/dump_stack.c:122) [ 267.620947][ T12] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 267.620952][ T12] print_report (mm/kasan/report.c:483) [ 267.620953][ T12] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 267.620955][ T12] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2194 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 267.620959][ T12] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 267.620961][ T12] kasan_report (mm/kasan/report.c:597) [ 267.620965][ T12] ? idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 267.620968][ T12] ? rtnl_net_notifyid (net/core/net_namespace.c:628) [ 267.620973][ T12] idr_for_each (./include/linux/radix-tree.h:424 lib/idr.c:204) [ 267.620975][ T12] ? idr_find (lib/idr.c:199) [ 267.620978][ T12] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 267.620981][ T12] ? __up_write (kernel/locking/rwsem.c:1388 (discriminator 3)) [ 267.620984][ T12] ? cleanup_net (net/core/net_namespace.c:656 net/core/net_namespace.c:700) [ 267.620985][ T12] cleanup_net (net/core/net_namespace.c:658 net/core/net_namespace.c:700) [ 267.620987][ T12] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870) [ 267.620988][ T12] ? process_one_work (kernel/workqueue.c:3233 (discriminator 1)) [ 267.620992][ T12] ? net_passive_dec (net/core/net_namespace.c:668) [ 267.620993][ T12] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 267.620996][ T12] ? process_one_work (kernel/workqueue.c:3233 (discriminator 1)) [ 267.620998][ T12] ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 33) kernel/locking/lockdep.c:5831 (discriminator 33)) [ 267.620999][ T12] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 267.621001][ T12] process_one_work (kernel/workqueue.c:3262) [ 267.621004][ T12] ? pwq_dec_nr_in_flight (kernel/workqueue.c:3159) [ 267.621006][ T12] ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870) [ 267.621009][ T12] ? assign_work (kernel/workqueue.c:1200) [ 267.621011][ T12] worker_thread (kernel/workqueue.c:3334 (discriminator 2) kernel/workqueue.c:3421 (discriminator 2)) [ 267.621014][ T12] ? process_one_work (kernel/workqueue.c:3367) [ 267.621016][ T12] kthread (kernel/kthread.c:463) [ 267.621019][ T12] ? kthread_is_per_cpu (kernel/kthread.c:412) [ 267.621021][ T12] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 267.621022][ T12] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 267.621024][ T12] ? kthread_is_per_cpu (kernel/kthread.c:412) [ 267.621026][ T12] ret_from_fork (arch/x86/kernel/process.c:164) [ 267.621030][ T12] ? arch_exit_to_user_mode_prepare.isra.0 (arch/x86/entry/syscall_64.c:37) [ 267.621032][ T12] ? __switch_to (./arch/x86/include/asm/cpufeature.h:101 arch/x86/kernel/process_64.c:377 arch/x86/kernel/process_64.c:665) [ 267.621035][ T12] ? kthread_is_per_cpu (kernel/kthread.c:412) Finger prints: print_report:kasan_report:idr_for_each:cleanup_net:process_one_work