[ 1840.483516][    C0] clocksource: Watchdog remote CPU 3 read timed out
[ 1869.443479][T23565] ==================================================================
[ 1869.443669][T23565] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5c0/0x620
[ 1869.443801][T23565] Read of size 8 at addr ff1100000274b550 by task (udev-worker)/23565
[ 1869.443924][T23565] 
[ 1869.443975][T23565] CPU: 1 UID: 0 PID: 23565 Comm: (udev-worker) Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[ 1869.443979][T23565] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1869.443980][T23565] Call Trace:
[ 1869.443982][T23565]  <TASK>
[ 1869.443983][T23565]  dump_stack_lvl+0x6f/0xa0
[ 1869.443990][T23565]  print_address_description.constprop.0+0x56/0x2d0
[ 1869.443995][T23565]  print_report+0xfc/0x1fa
[ 1869.443997][T23565]  ? __virt_addr_valid+0x102/0x440
[ 1869.444000][T23565]  ? __virt_addr_valid+0x1da/0x440
[ 1869.444002][T23565]  kasan_report+0x108/0x130
[ 1869.444006][T23565]  ? rtnl_fill_prop_list+0x5c0/0x620
[ 1869.444007][T23565]  ? rtnl_fill_prop_list+0x5c0/0x620
[ 1869.444009][T23565]  rtnl_fill_prop_list+0x5c0/0x620
[ 1869.444011][T23565]  ? __asan_memcpy+0x3c/0x60
[ 1869.444013][T23565]  rtnl_fill_ifinfo.isra.0+0x3ec/0x2bf0
[ 1869.444015][T23565]  ? rcu_read_lock_any_held+0x3c/0x90
[ 1869.444018][T23565]  ? validate_chain+0x38b/0xc20
[ 1869.444021][T23565]  ? rtnl_fill_vf+0x460/0x460
[ 1869.444022][T23565]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1869.444023][T23565]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1869.444026][T23565]  ? __lock_acquire+0x508/0xc10
[ 1869.444028][T23565]  ? lock_acquire.part.0+0xbc/0x260
[ 1869.444030][T23565]  ? find_held_lock+0x2b/0x80
[ 1869.444033][T23565]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1869.444034][T23565]  ? mark_held_locks+0x40/0x70
[ 1869.444036][T23565]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1869.444037][T23565]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1869.444038][T23565]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 1869.444041][T23565]  rtnl_getlink+0xa48/0xe50
[ 1869.444043][T23565]  ? find_held_lock+0x2b/0x80
[ 1869.444045][T23565]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1869.444046][T23565]  ? mark_usage+0x61/0x170
[ 1869.444047][T23565]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1869.444049][T23565]  ? __lock_acquire+0x508/0xc10
[ 1869.444055][T23565]  ? lock_acquire.part.0+0xbc/0x260
[ 1869.444057][T23565]  ? find_held_lock+0x2b/0x80
[ 1869.444059][T23565]  ? mark_usage+0x61/0x170
[ 1869.444060][T23565]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1869.444061][T23565]  ? __lock_acquire+0x508/0xc10
[ 1869.444062][T23565]  ? bpf_address_lookup+0x232/0x290
[ 1869.444066][T23565]  ? lock_acquire.part.0+0xbc/0x260
[ 1869.444067][T23565]  ? find_held_lock+0x2b/0x80
[ 1869.444069][T23565]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1869.444070][T23565]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1869.444072][T23565]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1869.444073][T23565]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1869.444075][T23565]  ? validate_chain+0x38b/0xc20
[ 1869.444076][T23565]  ? rtnl_link_fill+0x920/0x920
[ 1869.444077][T23565]  ? __lock_acquire+0x508/0xc10
[ 1869.444080][T23565]  ? lock_acquire.part.0+0xbc/0x260
[ 1869.444081][T23565]  ? find_held_lock+0x2b/0x80
[ 1869.444083][T23565]  netlink_rcv_skb+0x14e/0x3a0
[ 1869.444086][T23565]  ? rtnl_link_fill+0x920/0x920
[ 1869.444087][T23565]  ? netlink_ack+0xce0/0xce0
[ 1869.444090][T23565]  ? netlink_deliver_tap+0xc5/0x330
[ 1869.444092][T23565]  ? netlink_deliver_tap+0x13c/0x330
[ 1869.444094][T23565]  netlink_unicast+0x4af/0x780
[ 1869.444096][T23565]  ? netlink_attachskb+0x800/0x800
[ 1869.444098][T23565]  ? __lock_acquire+0x508/0xc10
[ 1869.444100][T23565]  netlink_sendmsg+0x735/0xc60
[ 1869.444102][T23565]  ? netlink_unicast+0x780/0x780
[ 1869.444104][T23565]  ? __might_fault+0x97/0x140
[ 1869.444107][T23565]  ? __might_fault+0x97/0x140
[ 1869.444109][T23565]  __sys_sendto+0x2c9/0x400
[ 1869.444112][T23565]  ? __ia32_sys_getpeername+0xd0/0xd0
[ 1869.444116][T23565]  ? fput_close_sync+0xde/0x1b0
[ 1869.444119][T23565]  ? alloc_file_clone+0xe0/0xe0
[ 1869.444121][T23565]  __x64_sys_sendto+0xe4/0x1f0
[ 1869.444122][T23565]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1869.444125][T23565]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1869.444127][T23565]  ? do_syscall_64+0x82/0xfc0
[ 1869.444129][T23565]  do_syscall_64+0x117/0xfc0
[ 1869.444130][T23565]  ? trace_hardirqs_off+0xd/0x30
[ 1869.444132][T23565]  ? exc_page_fault+0xee/0x100
[ 1869.444133][T23565]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1869.444136][T23565] RIP: 0033:0x7f2cd50fa08e
[ 1869.444139][T23565] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 1869.444141][T23565] RSP: 002b:00007ffe540030f0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 1869.444145][T23565] RAX: ffffffffffffffda RBX: 000055b878b54c60 RCX: 00007f2cd50fa08e
[ 1869.444146][T23565] RDX: 0000000000000020 RSI: 000055b8789f9dc0 RDI: 0000000000000012
[ 1869.444147][T23565] RBP: 00007ffe54003100 R08: 00007ffe54003150 R09: 0000000000000080
[ 1869.444148][T23565] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b878b78c60
[ 1869.444149][T23565] R13: 00007ffe54003234 R14: 0000000000000000 R15: 00007ffe540032d0
[ 1869.444151][T23565]  </TASK>
[ 1869.444152][T23565] 
[ 1869.451193][T23565] Allocated by task 23612:
[ 1869.451269][T23565]  kasan_save_stack+0x2f/0x50
[ 1869.451345][T23565]  kasan_save_track+0x14/0x30
[ 1869.451423][T23565]  __kasan_kmalloc+0x7b/0x90
[ 1869.451498][T23565]  register_netdevice+0x48b/0x1bc0
[ 1869.451575][T23565]  tun_set_iff.constprop.0+0xc61/0x1850
[ 1869.451652][T23565]  __tun_chr_ioctl+0x4b0/0x2690
[ 1869.451726][T23565]  __x64_sys_ioctl+0x11a/0x190
[ 1869.451801][T23565]  do_syscall_64+0x117/0xfc0
[ 1869.451877][T23565]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1869.451972][T23565] 
[ 1869.452011][T23565] Freed by task 23612:
[ 1869.452068][T23565]  kasan_save_stack+0x2f/0x50
[ 1869.452145][T23565]  kasan_save_track+0x14/0x30
[ 1869.452220][T23565]  kasan_save_free_info+0x3b/0x60
[ 1869.452297][T23565]  __kasan_slab_free+0x43/0x70
[ 1869.452370][T23565]  kfree+0x123/0x5a0
[ 1869.452430][T23565]  unregister_netdevice_many_notify+0xf0d/0x1f20
[ 1869.452521][T23565]  rtnl_dellink+0x4a0/0xae0
[ 1869.452599][T23565]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1869.452674][T23565]  netlink_rcv_skb+0x14e/0x3a0
[ 1869.452748][T23565]  netlink_unicast+0x4af/0x780
[ 1869.452823][T23565]  netlink_sendmsg+0x735/0xc60
[ 1869.452896][T23565]  __sys_sendto+0x2c9/0x400
[ 1869.452971][T23565]  __x64_sys_sendto+0xe4/0x1f0
[ 1869.453048][T23565]  do_syscall_64+0x117/0xfc0
[ 1869.453123][T23565]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1869.453217][T23565] 
[ 1869.453256][T23565] The buggy address belongs to the object at ff1100000274b540
[ 1869.453256][T23565]  which belongs to the cache kmalloc-64 of size 64
[ 1869.453449][T23565] The buggy address is located 16 bytes inside of
[ 1869.453449][T23565]  freed 64-byte region [ff1100000274b540, ff1100000274b580)
[ 1869.453636][T23565] 
[ 1869.453675][T23565] The buggy address belongs to the physical page:
[ 1869.453772][T23565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x274b
[ 1869.453913][T23565] flags: 0x80000000000000(node=0|zone=1)
[ 1869.453995][T23565] page_type: f5(slab)
[ 1869.454056][T23565] raw: 0080000000000000 ff1100000103cac0 ffd4000000085190 ffd400000024d810
[ 1869.454193][T23565] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1869.454330][T23565] page dumped because: kasan: bad access detected
[ 1869.454429][T23565] 
[ 1869.454468][T23565] Memory state around the buggy address:
[ 1869.454546][T23565]  ff1100000274b400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1869.454658][T23565]  ff1100000274b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1869.454770][T23565] >ff1100000274b500: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1869.454884][T23565]                                                  ^
[ 1869.454978][T23565]  ff1100000274b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1869.455087][T23565]  ff1100000274b600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 fc
[ 1869.455199][T23565] ==================================================================
[ 1869.455319][T23565] Disabling lock debugging due to kernel taint