[  121.753701][ T1568] ==================================================================
[  121.753868][ T1568] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5c0/0x620
[  121.754016][ T1568] Read of size 8 at addr ff11000001bc5c50 by task (udev-worker)/1568
[  121.754170][ T1568] 
[  121.754241][ T1568] CPU: 0 UID: 0 PID: 1568 Comm: (udev-worker) Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  121.754244][ T1568] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  121.754247][ T1568] Call Trace:
[  121.754248][ T1568]  <TASK>
[  121.754250][ T1568]  dump_stack_lvl+0x6f/0xa0
[  121.754256][ T1568]  print_address_description.constprop.0+0x56/0x2d0
[  121.754261][ T1568]  print_report+0xfc/0x1fa
[  121.754263][ T1568]  ? __virt_addr_valid+0x102/0x440
[  121.754266][ T1568]  ? __virt_addr_valid+0x1da/0x440
[  121.754268][ T1568]  kasan_report+0x108/0x130
[  121.754272][ T1568]  ? rtnl_fill_prop_list+0x5c0/0x620
[  121.754273][ T1568]  ? rtnl_fill_prop_list+0x5c0/0x620
[  121.754275][ T1568]  rtnl_fill_prop_list+0x5c0/0x620
[  121.754277][ T1568]  ? __asan_memcpy+0x3c/0x60
[  121.754279][ T1568]  rtnl_fill_ifinfo.isra.0+0x3ec/0x2bf0
[  121.754281][ T1568]  ? rcu_read_lock_any_held+0x3c/0x90
[  121.754284][ T1568]  ? validate_chain+0x38b/0xc20
[  121.754287][ T1568]  ? rtnl_fill_vf+0x460/0x460
[  121.754288][ T1568]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  121.754289][ T1568]  ? lockdep_hardirqs_on+0x8c/0x130
[  121.754293][ T1568]  ? __lock_acquire+0x508/0xc10
[  121.754295][ T1568]  ? lock_acquire.part.0+0xbc/0x260
[  121.754296][ T1568]  ? find_held_lock+0x2b/0x80
[  121.754299][ T1568]  ? __lock_release.isra.0+0x6b/0x1a0
[  121.754301][ T1568]  ? mark_held_locks+0x40/0x70
[  121.754302][ T1568]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  121.754304][ T1568]  ? lockdep_hardirqs_on+0x8c/0x130
[  121.754305][ T1568]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  121.754308][ T1568]  rtnl_getlink+0xa48/0xe50
[  121.754310][ T1568]  ? find_held_lock+0x2b/0x80
[  121.754312][ T1568]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  121.754313][ T1568]  ? mark_usage+0x61/0x170
[  121.754314][ T1568]  ? __lock_release.isra.0+0x6b/0x1a0
[  121.754316][ T1568]  ? __lock_acquire+0x508/0xc10
[  121.754323][ T1568]  ? lock_acquire.part.0+0xbc/0x260
[  121.754324][ T1568]  ? find_held_lock+0x2b/0x80
[  121.754326][ T1568]  ? mark_usage+0x61/0x170
[  121.754327][ T1568]  ? __lock_release.isra.0+0x6b/0x1a0
[  121.754328][ T1568]  ? __lock_acquire+0x508/0xc10
[  121.754330][ T1568]  ? bpf_address_lookup+0x232/0x290
[  121.754333][ T1568]  ? lock_acquire.part.0+0xbc/0x260
[  121.754334][ T1568]  ? find_held_lock+0x2b/0x80
[  121.754336][ T1568]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  121.754337][ T1568]  ? __lock_release.isra.0+0x6b/0x1a0
[  121.754339][ T1568]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  121.754340][ T1568]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  121.754342][ T1568]  ? validate_chain+0x38b/0xc20
[  121.754343][ T1568]  ? rtnl_link_fill+0x920/0x920
[  121.754348][ T1568]  ? __lock_acquire+0x508/0xc10
[  121.754350][ T1568]  ? lock_acquire.part.0+0xbc/0x260
[  121.754352][ T1568]  ? find_held_lock+0x2b/0x80
[  121.754354][ T1568]  netlink_rcv_skb+0x14e/0x3a0
[  121.754357][ T1568]  ? rtnl_link_fill+0x920/0x920
[  121.754359][ T1568]  ? netlink_ack+0xce0/0xce0
[  121.754362][ T1568]  ? netlink_deliver_tap+0xc5/0x330
[  121.754363][ T1568]  ? netlink_deliver_tap+0x13c/0x330
[  121.754365][ T1568]  netlink_unicast+0x4af/0x780
[  121.754368][ T1568]  ? netlink_attachskb+0x800/0x800
[  121.754369][ T1568]  ? __lock_acquire+0x508/0xc10
[  121.754371][ T1568]  netlink_sendmsg+0x735/0xc60
[  121.754373][ T1568]  ? netlink_unicast+0x780/0x780
[  121.754375][ T1568]  ? __might_fault+0x97/0x140
[  121.754378][ T1568]  ? __might_fault+0x97/0x140
[  121.754380][ T1568]  __sys_sendto+0x2c9/0x400
[  121.754383][ T1568]  ? __ia32_sys_getpeername+0xd0/0xd0
[  121.754388][ T1568]  ? exc_page_fault+0x87/0x100
[  121.754390][ T1568]  __x64_sys_sendto+0xe4/0x1f0
[  121.754392][ T1568]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  121.754395][ T1568]  ? lockdep_hardirqs_on+0x8c/0x130
[  121.754396][ T1568]  ? do_syscall_64+0x82/0xfc0
[  121.754398][ T1568]  do_syscall_64+0x117/0xfc0
[  121.754400][ T1568]  ? trace_hardirqs_off+0xd/0x30
[  121.754402][ T1568]  ? exc_page_fault+0xee/0x100
[  121.754403][ T1568]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  121.754406][ T1568] RIP: 0033:0x7f2a684fa08e
[  121.754409][ T1568] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  121.754411][ T1568] RSP: 002b:00007fffa45c0da0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  121.754414][ T1568] RAX: ffffffffffffffda RBX: 000055bc48a55710 RCX: 00007f2a684fa08e
[  121.754416][ T1568] RDX: 0000000000000020 RSI: 000055bc488fff80 RDI: 0000000000000014
[  121.754417][ T1568] RBP: 00007fffa45c0db0 R08: 00007fffa45c0e00 R09: 0000000000000080
[  121.754417][ T1568] R10: 0000000000000000 R11: 0000000000000202 R12: 000055bc48a71050
[  121.754418][ T1568] R13: 00007fffa45c0ee4 R14: 0000000000000000 R15: 00007fffa45c0f80
[  121.754421][ T1568]  </TASK>
[  121.754422][ T1568] 
[  121.761940][ T1568] Allocated by task 1570:
[  121.762029][ T1568]  kasan_save_stack+0x2f/0x50
[  121.762180][ T1568]  kasan_save_track+0x14/0x30
[  121.762261][ T1568]  __kasan_kmalloc+0x7b/0x90
[  121.762352][ T1568]  register_netdevice+0x48b/0x1bc0
[  121.762448][ T1568]  geneve_configure+0x6c3/0xcf0 [geneve]
[  121.762555][ T1568]  geneve_newlink+0x189/0x220 [geneve]
[  121.762637][ T1568]  rtnl_newlink_create+0x2da/0x8c0
[  121.762745][ T1568]  __rtnl_newlink+0x22b/0xa50
[  121.762878][ T1568]  rtnl_newlink+0x8d1/0xef0
[  121.763037][ T1568]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  121.763144][ T1568]  netlink_rcv_skb+0x14e/0x3a0
[  121.763245][ T1568]  netlink_unicast+0x4af/0x780
[  121.763351][ T1568]  netlink_sendmsg+0x735/0xc60
[  121.763457][ T1568]  __sys_sendto+0x2c9/0x400
[  121.763541][ T1568]  __x64_sys_sendto+0xe4/0x1f0
[  121.763624][ T1568]  do_syscall_64+0x117/0xfc0
[  121.763782][ T1568]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  121.763955][ T1568] 
[  121.764000][ T1568] Freed by task 1570:
[  121.764101][ T1568]  kasan_save_stack+0x2f/0x50
[  121.764210][ T1568]  kasan_save_track+0x14/0x30
[  121.764329][ T1568]  kasan_save_free_info+0x3b/0x60
[  121.764462][ T1568]  __kasan_slab_free+0x43/0x70
[  121.764540][ T1568]  kfree+0x123/0x5a0
[  121.764621][ T1568]  unregister_netdevice_many_notify+0xf0d/0x1f20
[  121.764793][ T1568]  rtnl_dellink+0x4a0/0xae0
[  121.764901][ T1568]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  121.764982][ T1568]  netlink_rcv_skb+0x14e/0x3a0
[  121.765127][ T1568]  netlink_unicast+0x4af/0x780
[  121.765248][ T1568]  netlink_sendmsg+0x735/0xc60
[  121.765355][ T1568]  __sys_sendto+0x2c9/0x400
[  121.765440][ T1568]  __x64_sys_sendto+0xe4/0x1f0
[  121.765545][ T1568]  do_syscall_64+0x117/0xfc0
[  121.765670][ T1568]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  121.765795][ T1568] 
[  121.765836][ T1568] The buggy address belongs to the object at ff11000001bc5c40
[  121.765836][ T1568]  which belongs to the cache kmalloc-64 of size 64
[  121.766116][ T1568] The buggy address is located 16 bytes inside of
[  121.766116][ T1568]  freed 64-byte region [ff11000001bc5c40, ff11000001bc5c80)
[  121.766336][ T1568] 
[  121.766375][ T1568] The buggy address belongs to the physical page:
[  121.766521][ T1568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bc5
[  121.766692][ T1568] flags: 0x80000000000000(node=0|zone=1)
[  121.766775][ T1568] page_type: f5(slab)
[  121.766904][ T1568] raw: 0080000000000000 ff1100000103cac0 ffd400000017a9d0 ffd4000000227210
[  121.767084][ T1568] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  121.767249][ T1568] page dumped because: kasan: bad access detected
[  121.767413][ T1568] 
[  121.767458][ T1568] Memory state around the buggy address:
[  121.767536][ T1568]  ff11000001bc5b00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  121.767652][ T1568]  ff11000001bc5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  121.767795][ T1568] >ff11000001bc5c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  121.767926][ T1568]                                                  ^
[  121.768097][ T1568]  ff11000001bc5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  121.768256][ T1568]  ff11000001bc5d00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  121.768400][ T1568] ==================================================================
[  121.768521][ T1568] Disabling lock debugging due to kernel taint