[ 2198.875723][ T1160] ==================================================================
[ 2198.875900][ T1160] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5c0/0x620
[ 2198.876041][ T1160] Read of size 8 at addr ff1100000196e450 by task (udev-worker)/1160
[ 2198.876165][ T1160] 
[ 2198.876211][ T1160] CPU: 3 UID: 0 PID: 1160 Comm: (udev-worker) Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[ 2198.876215][ T1160] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2198.876217][ T1160] Call Trace:
[ 2198.876218][ T1160]  <TASK>
[ 2198.876219][ T1160]  dump_stack_lvl+0x6f/0xa0
[ 2198.876226][ T1160]  print_address_description.constprop.0+0x56/0x2d0
[ 2198.876230][ T1160]  print_report+0xfc/0x1fa
[ 2198.876232][ T1160]  ? __virt_addr_valid+0x102/0x440
[ 2198.876236][ T1160]  ? __virt_addr_valid+0x1da/0x440
[ 2198.876238][ T1160]  kasan_report+0x108/0x130
[ 2198.876241][ T1160]  ? rtnl_fill_prop_list+0x5c0/0x620
[ 2198.876243][ T1160]  ? rtnl_fill_prop_list+0x5c0/0x620
[ 2198.876245][ T1160]  rtnl_fill_prop_list+0x5c0/0x620
[ 2198.876246][ T1160]  ? __asan_memcpy+0x3c/0x60
[ 2198.876248][ T1160]  rtnl_fill_ifinfo.isra.0+0x3d6/0x2c90
[ 2198.876250][ T1160]  ? rcu_read_lock_any_held+0x3c/0x90
[ 2198.876253][ T1160]  ? validate_chain+0x38b/0xc20
[ 2198.876256][ T1160]  ? rtnl_fill_vf+0x460/0x460
[ 2198.876257][ T1160]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2198.876259][ T1160]  ? lockdep_hardirqs_on+0x8c/0x130
[ 2198.876262][ T1160]  ? __lock_acquire+0x508/0xc10
[ 2198.876264][ T1160]  ? lock_acquire.part.0+0xbc/0x260
[ 2198.876266][ T1160]  ? find_held_lock+0x2b/0x80
[ 2198.876268][ T1160]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2198.876270][ T1160]  ? mark_held_locks+0x40/0x70
[ 2198.876272][ T1160]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 2198.876273][ T1160]  ? lockdep_hardirqs_on+0x8c/0x130
[ 2198.876274][ T1160]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 2198.876277][ T1160]  rtnl_getlink+0xa48/0xe50
[ 2198.876279][ T1160]  ? find_held_lock+0x2b/0x80
[ 2198.876281][ T1160]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 2198.876282][ T1160]  ? mark_usage+0x61/0x170
[ 2198.876283][ T1160]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2198.876285][ T1160]  ? __lock_acquire+0x508/0xc10
[ 2198.876291][ T1160]  ? lock_acquire.part.0+0xbc/0x260
[ 2198.876293][ T1160]  ? find_held_lock+0x2b/0x80
[ 2198.876295][ T1160]  ? mark_usage+0x61/0x170
[ 2198.876296][ T1160]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2198.876298][ T1160]  ? __lock_acquire+0x508/0xc10
[ 2198.876299][ T1160]  ? bpf_address_lookup+0x232/0x290
[ 2198.876302][ T1160]  ? lock_acquire.part.0+0xbc/0x260
[ 2198.876304][ T1160]  ? find_held_lock+0x2b/0x80
[ 2198.876305][ T1160]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 2198.876307][ T1160]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2198.876309][ T1160]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 2198.876310][ T1160]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 2198.876311][ T1160]  ? validate_chain+0x38b/0xc20
[ 2198.876313][ T1160]  ? rtnl_link_fill+0x920/0x920
[ 2198.876314][ T1160]  ? __lock_acquire+0x508/0xc10
[ 2198.876316][ T1160]  ? lock_acquire.part.0+0xbc/0x260
[ 2198.876317][ T1160]  ? find_held_lock+0x2b/0x80
[ 2198.876320][ T1160]  netlink_rcv_skb+0x14e/0x3a0
[ 2198.876323][ T1160]  ? rtnl_link_fill+0x920/0x920
[ 2198.876324][ T1160]  ? netlink_ack+0xce0/0xce0
[ 2198.876327][ T1160]  ? netlink_deliver_tap+0xc5/0x330
[ 2198.876329][ T1160]  ? netlink_deliver_tap+0x13c/0x330
[ 2198.876331][ T1160]  netlink_unicast+0x47c/0x740
[ 2198.876333][ T1160]  ? netlink_attachskb+0x800/0x800
[ 2198.876335][ T1160]  ? __lock_acquire+0x508/0xc10
[ 2198.876337][ T1160]  netlink_sendmsg+0x735/0xc60
[ 2198.876339][ T1160]  ? netlink_unicast+0x740/0x740
[ 2198.876341][ T1160]  ? __might_fault+0x97/0x140
[ 2198.876344][ T1160]  ? __might_fault+0x97/0x140
[ 2198.876346][ T1160]  __sys_sendto+0x2c9/0x400
[ 2198.876349][ T1160]  ? __ia32_sys_getpeername+0xd0/0xd0
[ 2198.876356][ T1160]  ? fput_close_sync+0xde/0x1b0
[ 2198.876359][ T1160]  ? alloc_file_clone+0xe0/0xe0
[ 2198.876361][ T1160]  __x64_sys_sendto+0xe4/0x1f0
[ 2198.876363][ T1160]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2198.876366][ T1160]  ? lockdep_hardirqs_on+0x8c/0x130
[ 2198.876367][ T1160]  ? do_syscall_64+0x82/0xfc0
[ 2198.876369][ T1160]  do_syscall_64+0x117/0xfc0
[ 2198.876371][ T1160]  ? trace_hardirqs_off+0xd/0x30
[ 2198.876373][ T1160]  ? exc_page_fault+0xee/0x100
[ 2198.876374][ T1160]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2198.876376][ T1160] RIP: 0033:0x7f388614b08e
[ 2198.876379][ T1160] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 2198.876381][ T1160] RSP: 002b:00007ffd17be69c0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 2198.876385][ T1160] RAX: ffffffffffffffda RBX: 00005582b3623050 RCX: 00007f388614b08e
[ 2198.876386][ T1160] RDX: 0000000000000020 RSI: 00005582b34cb030 RDI: 0000000000000016
[ 2198.876387][ T1160] RBP: 00007ffd17be69d0 R08: 00007ffd17be6a20 R09: 0000000000000080
[ 2198.876388][ T1160] R10: 0000000000000000 R11: 0000000000000202 R12: 00005582b363aa40
[ 2198.876389][ T1160] R13: 00007ffd17be6b04 R14: 0000000000000000 R15: 00007ffd17be6ba0
[ 2198.876391][ T1160]  </TASK>
[ 2198.876392][ T1160] 
[ 2198.883704][ T1160] Allocated by task 1170:
[ 2198.883769][ T1160]  kasan_save_stack+0x2f/0x50
[ 2198.883848][ T1160]  kasan_save_track+0x14/0x30
[ 2198.883967][ T1160]  __kasan_kmalloc+0x7b/0x90
[ 2198.884082][ T1160]  register_netdevice+0x48b/0x1bc0
[ 2198.884160][ T1160]  geneve_configure+0x6c3/0xcf0 [geneve]
[ 2198.884236][ T1160]  geneve_newlink+0x189/0x220 [geneve]
[ 2198.884350][ T1160]  rtnl_newlink_create+0x2da/0x8c0
[ 2198.884427][ T1160]  __rtnl_newlink+0x22b/0xa50
[ 2198.884503][ T1160]  rtnl_newlink+0x8d1/0xef0
[ 2198.884580][ T1160]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 2198.884692][ T1160]  netlink_rcv_skb+0x14e/0x3a0
[ 2198.884767][ T1160]  netlink_unicast+0x47c/0x740
[ 2198.884841][ T1160]  netlink_sendmsg+0x735/0xc60
[ 2198.884919][ T1160]  __sys_sendto+0x2c9/0x400
[ 2198.885037][ T1160]  __x64_sys_sendto+0xe4/0x1f0
[ 2198.885115][ T1160]  do_syscall_64+0x117/0xfc0
[ 2198.885191][ T1160]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2198.885284][ T1160] 
[ 2198.885323][ T1160] Freed by task 1170:
[ 2198.885420][ T1160]  kasan_save_stack+0x2f/0x50
[ 2198.885496][ T1160]  kasan_save_track+0x14/0x30
[ 2198.885573][ T1160]  kasan_save_free_info+0x3b/0x60
[ 2198.885650][ T1160]  __kasan_slab_free+0x43/0x70
[ 2198.885766][ T1160]  kfree+0x123/0x5a0
[ 2198.885823][ T1160]  unregister_netdevice_many_notify+0xf0d/0x1f20
[ 2198.885918][ T1160]  rtnl_dellink+0x4a0/0xae0
[ 2198.885997][ T1160]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 2198.886072][ T1160]  netlink_rcv_skb+0x14e/0x3a0
[ 2198.886191][ T1160]  netlink_unicast+0x47c/0x740
[ 2198.886266][ T1160]  netlink_sendmsg+0x735/0xc60
[ 2198.886348][ T1160]  __sys_sendto+0x2c9/0x400
[ 2198.886460][ T1160]  __x64_sys_sendto+0xe4/0x1f0
[ 2198.886535][ T1160]  do_syscall_64+0x117/0xfc0
[ 2198.886653][ T1160]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2198.886748][ T1160] 
[ 2198.886789][ T1160] The buggy address belongs to the object at ff1100000196e440
[ 2198.886789][ T1160]  which belongs to the cache kmalloc-64 of size 64
[ 2198.887019][ T1160] The buggy address is located 16 bytes inside of
[ 2198.887019][ T1160]  freed 64-byte region [ff1100000196e440, ff1100000196e480)
[ 2198.887206][ T1160] 
[ 2198.887248][ T1160] The buggy address belongs to the physical page:
[ 2198.887342][ T1160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x196e
[ 2198.887480][ T1160] flags: 0x80000000000000(node=0|zone=1)
[ 2198.887559][ T1160] page_type: f5(slab)
[ 2198.887621][ T1160] raw: 0080000000000000 ff1100000103cac0 ffd4000000074b10 ffd40000000746d0
[ 2198.887764][ T1160] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 2198.887944][ T1160] page dumped because: kasan: bad access detected
[ 2198.888042][ T1160] 
[ 2198.888081][ T1160] Memory state around the buggy address:
[ 2198.888160][ T1160]  ff1100000196e300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2198.888278][ T1160]  ff1100000196e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2198.888390][ T1160] >ff1100000196e400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2198.888498][ T1160]                                                  ^
[ 2198.888593][ T1160]  ff1100000196e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2198.888742][ T1160]  ff1100000196e500: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 fc
[ 2198.888852][ T1160] ==================================================================
[ 2198.889004][ T1160] Disabling lock debugging due to kernel taint