[ 9.716157][ T191] ip (191) used greatest stack depth: 24456 bytes left [ 15.359451][ T236] veth1: entered promiscuous mode [ 15.433889][ T240] veth1: left promiscuous mode [ 15.438745][ T241] ================================================================== [ 15.438935][ T241] BUG: KASAN: slab-use-after-free in macvlan_fill_info+0x6b7/0x770 [macvlan] [ 15.439147][ T241] Read of size 4 at addr ff110000138328b8 by task (udev-worker)/241 [ 15.439338][ T241] [ 15.439404][ T241] CPU: 2 UID: 0 PID: 241 Comm: (udev-worker) Not tainted 7.1.0-rc5-virtme #1 PREEMPT(full) [ 15.439409][ T241] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 15.439412][ T241] Call Trace: [ 15.439415][ T241] [ 15.439416][ T241] dump_stack_lvl+0x6f/0xa0 [ 15.439426][ T241] print_address_description.constprop.0+0x56/0x2d0 [ 15.439433][ T241] print_report+0xfc/0x1fa [ 15.439436][ T241] ? __virt_addr_valid+0x102/0x440 [ 15.439441][ T241] ? __virt_addr_valid+0x1da/0x440 [ 15.439445][ T241] kasan_report+0x108/0x130 [ 15.439449][ T241] ? macvlan_fill_info+0x6b7/0x770 [macvlan] [ 15.439454][ T241] ? macvlan_fill_info+0x6b7/0x770 [macvlan] [ 15.439458][ T241] macvlan_fill_info+0x6b7/0x770 [macvlan] [ 15.439462][ T241] ? __asan_memcpy+0x3c/0x60 [ 15.439466][ T241] ? macvlan_port_create+0x720/0x720 [macvlan] [ 15.439470][ T241] ? rtnl_xdp_fill+0x151/0x430 [ 15.439475][ T241] ? __asan_memcpy+0x3c/0x60 [ 15.439478][ T241] rtnl_link_fill+0x250/0x920 [ 15.439482][ T241] rtnl_fill_ifinfo.isra.0+0x151f/0x2c20 [ 15.439487][ T241] ? rtnl_fill_vf+0x460/0x460 [ 15.439490][ T241] ? trace_kmalloc+0xed/0x130 [ 15.439495][ T241] ? __kasan_kmalloc+0x7b/0x90 [ 15.439499][ T241] ? __kmalloc_node_track_caller_noprof+0x2f0/0x7b0 [ 15.439505][ T241] ? __alloc_skb+0x4c2/0x5f0 [ 15.439509][ T241] ? napi_skb_cache_get+0x7b0/0x7b0 [ 15.439513][ T241] rtnl_getlink+0x9c9/0xeb0 [ 15.439518][ T241] ? lock_acquire.part.0+0xbc/0x260 [ 15.439521][ T241] ? find_held_lock+0x2b/0x80 [ 15.439525][ T241] ? rtnl_dump_ifinfo+0x1250/0x1250 [ 15.439528][ T241] ? mark_usage+0x61/0x170 [ 15.439530][ T241] ? __lock_release.isra.0+0x6b/0x1a0 [ 15.439532][ T241] ? __lock_acquire+0x508/0xc10 [ 15.439545][ T241] ? lock_acquire.part.0+0xbc/0x260 [ 15.439548][ T241] ? find_held_lock+0x2b/0x80 [ 15.439551][ T241] ? mark_usage+0x61/0x170 [ 15.439553][ T241] ? __lock_release.isra.0+0x6b/0x1a0 [ 15.439555][ T241] ? __lock_acquire+0x508/0xc10 [ 15.439558][ T241] ? is_bpf_text_address+0x22/0x110 [ 15.439563][ T241] ? lock_acquire.part.0+0xbc/0x260 [ 15.439566][ T241] ? find_held_lock+0x2b/0x80 [ 15.439569][ T241] ? rtnl_dump_ifinfo+0x1250/0x1250 [ 15.439571][ T241] ? __lock_release.isra.0+0x6b/0x1a0 [ 15.439575][ T241] ? rtnl_dump_ifinfo+0x1250/0x1250 [ 15.439578][ T241] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 15.439581][ T241] ? validate_chain+0x38b/0xc20 [ 15.439583][ T241] ? rtnl_link_fill+0x920/0x920 [ 15.439586][ T241] ? __lock_acquire+0x508/0xc10 [ 15.439589][ T241] ? lock_acquire.part.0+0xbc/0x260 [ 15.439592][ T241] ? find_held_lock+0x2b/0x80 [ 15.439595][ T241] netlink_rcv_skb+0x14e/0x3a0 [ 15.439602][ T241] ? rtnl_link_fill+0x920/0x920 [ 15.439605][ T241] ? netlink_ack+0xcf0/0xcf0 [ 15.439610][ T241] ? netlink_deliver_tap+0xc5/0x330 [ 15.439612][ T241] ? netlink_deliver_tap+0x13c/0x330 [ 15.439616][ T241] netlink_unicast+0x486/0x750 [ 15.439619][ T241] ? netlink_attachskb+0x810/0x810 [ 15.439622][ T241] ? __lock_acquire+0x508/0xc10 [ 15.439625][ T241] ? sched_numa_find_closest+0x172/0x320 [ 15.439629][ T241] netlink_sendmsg+0x735/0xc60 [ 15.439633][ T241] ? netlink_unicast+0x750/0x750 [ 15.439636][ T241] ? __might_fault+0x97/0x140 [ 15.439640][ T241] ? __might_fault+0x97/0x140 [ 15.439643][ T241] __sys_sendto+0x2c9/0x400 [ 15.439648][ T241] ? __ia32_sys_getpeername+0xd0/0xd0 [ 15.439652][ T241] ? __pmd_alloc+0x840/0x840 [ 15.439660][ T241] ? exc_page_fault+0x87/0x100 [ 15.439666][ T241] __x64_sys_sendto+0xe4/0x1f0 [ 15.439669][ T241] ? trace_irq_enable.constprop.0+0x9b/0x180 [ 15.439674][ T241] ? lockdep_hardirqs_on+0x8c/0x130 [ 15.439676][ T241] ? do_syscall_64+0x82/0x590 [ 15.439679][ T241] do_syscall_64+0x117/0x590 [ 15.439681][ T241] ? trace_hardirqs_off+0xd/0x30 [ 15.439684][ T241] ? exc_page_fault+0xee/0x100 [ 15.439687][ T241] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 15.439691][ T241] RIP: 0033:0x7fd5d4ee608e [ 15.439695][ T241] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa [ 15.439698][ T241] RSP: 002b:00007ffdd4474270 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 15.439703][ T241] RAX: ffffffffffffffda RBX: 0000556954a434d0 RCX: 00007fd5d4ee608e [ 15.439705][ T241] RDX: 0000000000000020 RSI: 0000556954a46060 RDI: 0000000000000012 [ 15.439707][ T241] RBP: 00007ffdd4474280 R08: 00007ffdd44742d0 R09: 0000000000000080 [ 15.439708][ T241] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556954bc0fb0 [ 15.439710][ T241] R13: 00007ffdd44743b4 R14: 0000000000000000 R15: 00007ffdd4474450 [ 15.439715][ T241] [ 15.439716][ T241] [ 15.450029][ T241] Allocated by task 231: [ 15.450100][ T241] kasan_save_stack+0x2f/0x50 [ 15.450202][ T241] kasan_save_track+0x14/0x30 [ 15.450289][ T241] __kasan_kmalloc+0x7b/0x90 [ 15.450375][ T241] macvlan_port_create+0xcd/0x720 [macvlan] [ 15.450485][ T241] macvlan_common_newlink+0xb85/0x1300 [macvlan] [ 15.450597][ T241] rtnl_newlink_create+0x2da/0x780 [ 15.450687][ T241] __rtnl_newlink+0x22b/0xa50 [ 15.450772][ T241] rtnl_newlink+0x8d1/0xef0 [ 15.450859][ T241] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 15.450946][ T241] netlink_rcv_skb+0x14e/0x3a0 [ 15.451033][ T241] netlink_unicast+0x486/0x750 [ 15.451118][ T241] netlink_sendmsg+0x735/0xc60 [ 15.451212][ T241] ____sys_sendmsg+0x419/0x850 [ 15.451300][ T241] ___sys_sendmsg+0x14e/0x1d0 [ 15.451386][ T241] __sys_sendmsg+0x145/0x1f0 [ 15.451471][ T241] do_syscall_64+0x117/0x590 [ 15.451565][ T241] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 15.451675][ T241] [ 15.451719][ T241] Freed by task 240: [ 15.451785][ T241] kasan_save_stack+0x2f/0x50 [ 15.451872][ T241] kasan_save_track+0x14/0x30 [ 15.451959][ T241] kasan_save_free_info+0x3b/0x60 [ 15.452044][ T241] __kasan_slab_free+0x43/0x70 [ 15.452129][ T241] kfree+0x123/0x5a0 [ 15.452200][ T241] macvlan_port_destroy+0x39e/0x5f0 [macvlan] [ 15.452308][ T241] unregister_netdevice_many_notify+0xe02/0x19a0 [ 15.452417][ T241] rtnl_dellink+0x4a0/0xae0 [ 15.452504][ T241] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 15.452590][ T241] netlink_rcv_skb+0x14e/0x3a0 [ 15.452675][ T241] netlink_unicast+0x486/0x750 [ 15.452762][ T241] netlink_sendmsg+0x735/0xc60 [ 15.452846][ T241] ____sys_sendmsg+0x419/0x850 [ 15.452929][ T241] ___sys_sendmsg+0x14e/0x1d0 [ 15.453014][ T241] __sys_sendmsg+0x145/0x1f0 [ 15.453097][ T241] do_syscall_64+0x117/0x590 [ 15.453186][ T241] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 15.453291][ T241] [ 15.453334][ T241] The buggy address belongs to the object at ff11000013832000 [ 15.453334][ T241] which belongs to the cache kmalloc-8k of size 8192 [ 15.453562][ T241] The buggy address is located 2232 bytes inside of [ 15.453562][ T241] freed 8192-byte region [ff11000013832000, ff11000013834000) [ 15.453872][ T241] [ 15.453915][ T241] The buggy address belongs to the physical page: [ 15.454024][ T241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13830 [ 15.454233][ T241] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.454358][ T241] flags: 0x80000000000040(head|node=0|zone=1) [ 15.454464][ T241] page_type: f5(slab) [ 15.454584][ T241] raw: 0080000000000040 ff1100000103d540 ffd4000000319610 ff11000001033228 [ 15.454729][ T241] raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 [ 15.454873][ T241] head: 0080000000000040 ff1100000103d540 ffd4000000319610 ff11000001033228 [ 15.455061][ T241] head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 [ 15.455211][ T241] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 15.455397][ T241] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 15.455550][ T241] page dumped because: kasan: bad access detected [ 15.455692][ T241] [ 15.455734][ T241] Memory state around the buggy address: [ 15.455812][ T241] ff11000013832780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.455933][ T241] ff11000013832800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.456092][ T241] >ff11000013832880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.456214][ T241] ^ [ 15.456314][ T241] ff11000013832900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.456470][ T241] ff11000013832980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.456590][ T241] ================================================================== [ 15.456854][ T241] Disabling lock debugging due to kernel taint [ 15.888630][ T269] veth1: entered promiscuous mode [ 19.811526][ T241] (udev-worker) (241) used greatest stack depth: 24112 bytes left [ 40.017168][ T362] veth1: entered allmulticast mode [ 45.253676][ T377] veth1: left allmulticast mode [ 53.708615][ T572] veth1: left promiscuous mode [ 54.297821][ T613] br0: port 1(veth1) entered blocking state [ 54.298010][ T613] br0: port 1(veth1) entered disabled state [ 54.298190][ T613] veth1: entered allmulticast mode [ 54.299127][ T613] veth1: entered promiscuous mode [ 54.314366][ T36] br0: port 1(veth1) entered blocking state [ 54.314513][ T36] br0: port 1(veth1) entered forwarding state [ 54.407145][ T620] br0: port 1(veth1) entered disabled state [ 54.407854][ T620] br0: port 1(veth1) entered blocking state [ 54.408025][ T620] br0: port 1(veth1) entered forwarding state [ 54.515444][ T64] br0: entered promiscuous mode [ 78.555541][ T720] br0: entered allmulticast mode [ 83.757540][ T735] br0: left allmulticast mode [ 86.682512][ T10] br0: left promiscuous mode [ 86.745016][ T818] br0: port 1(veth1) entered disabled state [ 86.837198][ T825] veth1: left allmulticast mode [ 86.837374][ T825] veth1: left promiscuous mode [ 86.837592][ T825] br0: port 1(veth1) entered disabled state [ 87.214963][ T855] br0: port 1(veth1) entered blocking state [ 87.215126][ T855] br0: port 1(veth1) entered disabled state [ 87.215255][ T855] veth1: entered allmulticast mode [ 87.216539][ T855] veth1: entered promiscuous mode [ 87.216918][ T855] br0: port 1(veth1) entered blocking state [ 87.217037][ T855] br0: port 1(veth1) entered forwarding state [ 87.320360][ T863] br0: port 1(veth1) entered disabled state [ 87.321251][ T863] br0: port 1(veth1) entered blocking state [ 87.321393][ T863] br0: port 1(veth1) entered forwarding state [ 87.423920][ T51] br0: entered promiscuous mode [ 111.521537][ T964] br0: entered allmulticast mode [ 116.738354][ T979] br0: left allmulticast mode [ 119.853696][ T51] br0: left promiscuous mode [ 119.921335][ T1062] br0: port 1(veth1) entered disabled state [ 120.026632][ T1068] veth1: left allmulticast mode [ 120.026796][ T1068] veth1: left promiscuous mode [ 120.027016][ T1068] br0: port 1(veth1) entered disabled state [ 120.311102][ T1095] veth1: entered promiscuous mode [ 120.345960][ T1100] veth1: left promiscuous mode [ 120.509950][ T1109] 8021q: 802.1Q VLAN Support v1.8 [ 120.901450][ T51] veth1: entered promiscuous mode [ 137.500192][ T1182] veth1.100: entered promiscuous mode [ 142.751765][ T1197] veth1.100: left promiscuous mode [ 145.067306][ T1224] veth1.100: entered allmulticast mode [ 145.067446][ T1224] veth1: entered allmulticast mode [ 150.313329][ T1239] veth1.100: left allmulticast mode [ 150.313465][ T1239] veth1: left allmulticast mode [ 158.728149][ T51] veth1: left promiscuous mode [ 159.134966][ T1468] veth1: entered promiscuous mode [ 159.171404][ T1472] veth1: left promiscuous mode [ 159.664001][ T1503] br0: port 1(veth1) entered blocking state [ 159.664155][ T1503] br0: port 1(veth1) entered disabled state [ 159.664285][ T1503] veth1: entered allmulticast mode [ 159.665124][ T1503] veth1: entered promiscuous mode [ 159.665499][ T1503] br0: port 1(veth1) entered blocking state [ 159.665621][ T1503] br0: port 1(veth1) entered forwarding state [ 176.329894][ T1559] veth1.100: entered promiscuous mode [ 181.526197][ T1574] veth1.100: left promiscuous mode [ 183.822307][ T1601] veth1.100: entered allmulticast mode [ 189.024270][ T1616] veth1.100: left allmulticast mode [ 197.446026][ T1812] veth1: left allmulticast mode [ 197.446158][ T1812] veth1: left promiscuous mode [ 197.446320][ T1812] br0: port 1(veth1) entered disabled state [ 197.834052][ T1847] veth1: entered promiscuous mode [ 197.876156][ T1851] veth1: left promiscuous mode [ 198.365092][ T1882] br0: port 1(veth1) entered blocking state [ 198.365253][ T1882] br0: port 1(veth1) entered disabled state [ 198.365374][ T1882] veth1: entered allmulticast mode [ 198.366576][ T1882] veth1: entered promiscuous mode [ 198.366944][ T1882] br0: port 1(veth1) entered blocking state [ 198.367054][ T1882] br0: port 1(veth1) entered forwarding state [ 214.984888][ T1938] veth1.100: entered promiscuous mode [ 220.207550][ T1953] veth1.100: left promiscuous mode [ 222.492184][ T1980] veth1.100: entered allmulticast mode [ 227.686512][ T1995] veth1.100: left allmulticast mode [ 236.182650][ T2191] veth1: left allmulticast mode [ 236.182822][ T2191] veth1: left promiscuous mode [ 236.183077][ T2191] br0: port 1(veth1) entered disabled state [ 236.858308][ T2232] br0: port 1(veth1) entered blocking state [ 236.858560][ T2232] br0: port 1(veth1) entered disabled state [ 236.859145][ T2232] veth1: entered allmulticast mode [ 236.860645][ T2232] veth1: entered promiscuous mode [ 236.877588][ T39] br0: port 1(veth1) entered blocking state [ 236.877719][ T39] br0: port 1(veth1) entered forwarding state [ 236.998340][ T2239] br0: port 1(veth1) entered disabled state [ 236.999030][ T2239] br0: port 1(veth1) entered blocking state [ 236.999220][ T2239] br0: port 1(veth1) entered forwarding state [ 237.179425][ T64] br0: entered promiscuous mode [ 253.803196][ T2303] br0.100: entered promiscuous mode [ 259.066866][ T2318] br0.100: left promiscuous mode [ 261.366947][ T2345] br0.100: entered allmulticast mode [ 261.367136][ T2345] br0: entered allmulticast mode [ 266.591534][ T2360] br0.100: left allmulticast mode [ 266.591682][ T2360] br0: left allmulticast mode [ 269.562276][ T10] br0: left promiscuous mode [ 269.636348][ T2441] br0: port 1(veth1) entered disabled state [ 269.734523][ T2449] veth1: left allmulticast mode [ 269.734653][ T2449] veth1: left promiscuous mode [ 269.734801][ T2449] br0: port 1(veth1) entered disabled state [ 270.174716][ T2481] br0: port 1(veth1) entered blocking state [ 270.174870][ T2481] br0: port 1(veth1) entered disabled state [ 270.174998][ T2481] veth1: entered allmulticast mode [ 270.175840][ T2481] veth1: entered promiscuous mode [ 270.176219][ T2481] br0: port 1(veth1) entered blocking state [ 270.176334][ T2481] br0: port 1(veth1) entered forwarding state [ 270.282055][ T2488] br0: port 1(veth1) entered disabled state [ 270.282520][ T2488] br0: port 1(veth1) entered blocking state [ 270.282650][ T2488] br0: port 1(veth1) entered forwarding state [ 270.452493][ T51] br0: entered promiscuous mode [ 287.065641][ T2552] br0.100: entered promiscuous mode [ 292.276447][ T2567] br0.100: left promiscuous mode [ 294.580343][ T2594] br0.100: entered allmulticast mode [ 294.580480][ T2594] br0: entered allmulticast mode [ 299.809743][ T2609] br0.100: left allmulticast mode [ 299.809866][ T2609] br0: left allmulticast mode [ 302.855396][ T64] br0: left promiscuous mode [ 302.921134][ T2692] br0: port 1(veth1) entered disabled state [ 303.021644][ T2700] veth1: left allmulticast mode [ 303.021779][ T2700] veth1: left promiscuous mode [ 303.021934][ T2700] br0: port 1(veth1) entered disabled state