device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
==================================================================
BUG: KASAN: slab-out-of-bounds in inet_ctl_sock_destroy include/net/inet_common.h:56 [inline]
BUG: KASAN: slab-out-of-bounds in tcp_sk_exit+0x20d/0x240 net/ipv4/tcp_ipv4.c:2603
Read of size 8 at addr ffff88808e639554 by task kworker/u4:0/23593

CPU: 0 PID: 23593 Comm: kworker/u4:0 Not tainted 5.1.0+ #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:188
 __kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
 kasan_report+0x12/0x20 mm/kasan/common.c:614
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132
 inet_ctl_sock_destroy include/net/inet_common.h:56 [inline]
 tcp_sk_exit+0x20d/0x240 net/ipv4/tcp_ipv4.c:2603
 ops_exit_list.isra.0+0xb0/0x160 net/core/net_namespace.c:153
 cleanup_net+0x3fb/0x960 net/core/net_namespace.c:552
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2268
 worker_thread+0x98/0xe40 kernel/workqueue.c:2414
 kthread+0x357/0x430 kernel/kthread.c:253
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

Allocated by task 8986:
 save_stack+0x23/0x90 mm/kasan/common.c:71
 set_track mm/kasan/common.c:79 [inline]
 __kasan_kmalloc mm/kasan/common.c:489 [inline]
 __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:462
 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:503
 __do_kmalloc_node mm/slab.c:3650 [inline]
 __kmalloc_node+0x4e/0x70 mm/slab.c:3657
 kmalloc_node include/linux/slab.h:590 [inline]
 kvmalloc_node+0x68/0x100 mm/util.c:430
 kvmalloc include/linux/mm.h:640 [inline]
 kvzalloc include/linux/mm.h:648 [inline]
 bucket_table_alloc+0x90/0x480 lib/rhashtable.c:178
 rhashtable_init+0x3f4/0x7b0 lib/rhashtable.c:1056
 inet_frags_init_net include/net/inet_frag.h:109 [inline]
 lowpan_frags_init_net+0x143/0x400 net/ieee802154/6lowpan/reassembly.c:462
 ops_init+0xb6/0x410 net/core/net_namespace.c:129
 setup_net+0x2d3/0x740 net/core/net_namespace.c:315
 copy_net_ns+0x1df/0x340 net/core/net_namespace.c:438
 create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:107
 unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:206
 ksys_unshare+0x440/0x980 kernel/fork.c:2664
 __do_sys_unshare kernel/fork.c:2732 [inline]
 __se_sys_unshare kernel/fork.c:2730 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:2730
 do_syscall_64+0x103/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 16:
 save_stack+0x23/0x90 mm/kasan/common.c:71
 set_track mm/kasan/common.c:79 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/common.c:451
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:459
 __cache_free mm/slab.c:3462 [inline]
 kfree+0xcf/0x230 mm/slab.c:3785
 skb_free_head+0x93/0xb0 net/core/skbuff.c:592
 skb_release_data+0x576/0x7a0 net/core/skbuff.c:612
 skb_release_all+0x4d/0x60 net/core/skbuff.c:666
 __kfree_skb net/core/skbuff.c:680 [inline]
 consume_skb net/core/skbuff.c:740 [inline]
 consume_skb+0xe2/0x380 net/core/skbuff.c:734
 __dev_kfree_skb_any+0xa4/0xd0 net/core/dev.c:2827
 dev_consume_skb_any include/linux/netdevice.h:3615 [inline]
 napi_consume_skb+0x3ea/0x550 net/core/skbuff.c:804
 free_old_xmit_skbs+0xee/0x250 drivers/net/virtio_net.c:1378
 start_xmit+0x122/0x15a0 drivers/net/virtio_net.c:1574
 __netdev_start_xmit include/linux/netdevice.h:4410 [inline]
 netdev_start_xmit include/linux/netdevice.h:4424 [inline]
 xmit_one net/core/dev.c:3292 [inline]
 dev_hard_start_xmit+0x18f/0x960 net/core/dev.c:3308
 sch_direct_xmit+0x372/0xc30 net/sched/sch_generic.c:312
 __dev_xmit_skb net/core/dev.c:3489 [inline]
 __dev_queue_xmit+0x2863/0x36f0 net/core/dev.c:3850
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3914
 neigh_hh_output include/net/neighbour.h:500 [inline]
 neigh_output include/net/neighbour.h:509 [inline]
 ip_finish_output2+0x169b/0x24e0 net/ipv4/ip_output.c:227
 ip_finish_output+0x734/0xd50 net/ipv4/ip_output.c:314
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip_output+0x21f/0x670 net/ipv4/ip_output.c:402
 dst_output include/net/dst.h:433 [inline]
 ip_local_out+0xc4/0x1b0 net/ipv4/ip_output.c:124
 __ip_queue_xmit+0x86f/0x1bf0 net/ipv4/ip_output.c:502
 ip_queue_xmit+0x5a/0x70 include/net/ip.h:202
 __tcp_transmit_skb+0x1a32/0x3750 net/ipv4/tcp_output.c:1155
 __tcp_send_ack.part.0+0x3c6/0x5b0 net/ipv4/tcp_output.c:3649
 __tcp_send_ack net/ipv4/tcp_output.c:3655 [inline]
 tcp_send_ack+0x88/0xa0 net/ipv4/tcp_output.c:3655
 __tcp_ack_snd_check+0x165/0x8d0 net/ipv4/tcp_input.c:5177
 tcp_rcv_established+0x175d/0x1fb0 net/ipv4/tcp_input.c:5608
 tcp_v4_do_rcv+0x616/0x8d0 net/ipv4/tcp_ipv4.c:1541
 tcp_v4_rcv+0x2dce/0x3870 net/ipv4/tcp_ipv4.c:1922
 ip_protocol_deliver_rcu+0x72/0x940 net/ipv4/ip_input.c:211
 ip_local_deliver_finish+0x23b/0x390 net/ipv4/ip_input.c:238
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_local_deliver+0x1e9/0x520 net/ipv4/ip_input.c:259
 dst_input include/net/dst.h:439 [inline]
 ip_rcv_finish+0x1e1/0x300 net/ipv4/ip_input.c:420
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_rcv+0xe8/0x3f0 net/ipv4/ip_input.c:530
 __netif_receive_skb_one_core+0x18d/0x1f0 net/core/dev.c:4990
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5104
 netif_receive_skb_internal+0x117/0x5c0 net/core/dev.c:5207
 napi_skb_finish net/core/dev.c:5686 [inline]
 napi_gro_receive+0x532/0x740 net/core/dev.c:5719
 receive_buf+0x14c6/0x58c0 drivers/net/virtio_net.c:1073
 virtnet_receive drivers/net/virtio_net.c:1335 [inline]
 virtnet_poll+0x5f8/0xe82 drivers/net/virtio_net.c:1440
 napi_poll net/core/dev.c:6367 [inline]
 net_rx_action+0x4fa/0x1070 net/core/dev.c:6433
 __do_softirq+0x266/0x95a kernel/softirq.c:293

The buggy address belongs to the object at ffff88808e639200
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 852 bytes inside of
 1024-byte region [ffff88808e639200, ffff88808e639600)
The buggy address belongs to the page:
page:ffffea0002398e00 count:1 mapcount:0 mapping:ffff8880aa400ac0 index:0x0 compound_mapcount: 0
flags: 0x1fffc0000010200(slab|head)
raw: 01fffc0000010200 ffffea00018b9d88 ffffea00022b0b08 ffff8880aa400ac0
raw: 0000000000000000 ffff88808e638000 0000000100000007 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88808e639400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88808e639480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88808e639500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff88808e639580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88808e639600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================