[  644.026106][T12050] netdevsim netdevsim1337 eni1337np1: renamed from eth0
[  644.052968][T12054] netdevsim netdevsim1057 eni1057np1: renamed from eth1
[  644.060536][T12055] netdevsim netdevsim5417 eni5417np1: renamed from eth2
[  658.718193][T12470] ==================================================================
[  658.718366][T12470] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600
[  658.718502][T12470] Read of size 8 at addr ff11000008164b50 by task (udev-worker)/12470
[  658.718628][T12470] 
[  658.718671][T12470] CPU: 0 UID: 0 PID: 12470 Comm: (udev-worker) Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  658.718674][T12470] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  658.718676][T12470] Call Trace:
[  658.718678][T12470]  <TASK>
[  658.718679][T12470]  dump_stack_lvl+0x6f/0xa0
[  658.718685][T12470]  print_address_description.constprop.0+0x56/0x2d0
[  658.718690][T12470]  print_report+0xfc/0x1fa
[  658.718692][T12470]  ? __virt_addr_valid+0x102/0x440
[  658.718696][T12470]  ? __virt_addr_valid+0x1da/0x440
[  658.718698][T12470]  kasan_report+0x108/0x130
[  658.718702][T12470]  ? rtnl_fill_prop_list+0x5ad/0x600
[  658.718705][T12470]  ? rtnl_fill_prop_list+0x5ad/0x600
[  658.718707][T12470]  rtnl_fill_prop_list+0x5ad/0x600
[  658.718709][T12470]  ? __asan_memcpy+0x3c/0x60
[  658.718712][T12470]  rtnl_fill_ifinfo.isra.0+0x3d3/0x2bc0
[  658.718715][T12470]  ? rcu_read_lock_any_held+0x3c/0x90
[  658.718719][T12470]  ? validate_chain+0x38b/0xc20
[  658.718722][T12470]  ? rtnl_fill_vf+0x450/0x450
[  658.718724][T12470]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  658.718726][T12470]  ? lockdep_hardirqs_on+0x8c/0x130
[  658.718730][T12470]  ? __lock_acquire+0x508/0xc10
[  658.718735][T12470]  ? lock_acquire.part.0+0xbc/0x260
[  658.718737][T12470]  ? find_held_lock+0x2b/0x80
[  658.718739][T12470]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.718741][T12470]  ? mark_held_locks+0x40/0x70
[  658.718743][T12470]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  658.718746][T12470]  ? lockdep_hardirqs_on+0x8c/0x130
[  658.718747][T12470]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  658.718750][T12470]  rtnl_getlink+0xa48/0xe50
[  658.718753][T12470]  ? find_held_lock+0x2b/0x80
[  658.718755][T12470]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.718757][T12470]  ? mark_usage+0x61/0x170
[  658.718759][T12470]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.718761][T12470]  ? __lock_acquire+0x508/0xc10
[  658.718769][T12470]  ? lock_acquire.part.0+0xbc/0x260
[  658.718771][T12470]  ? find_held_lock+0x2b/0x80
[  658.718772][T12470]  ? mark_usage+0x61/0x170
[  658.718774][T12470]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.718776][T12470]  ? __lock_acquire+0x508/0xc10
[  658.718778][T12470]  ? bpf_address_lookup+0x202/0x290
[  658.718782][T12470]  ? lock_acquire.part.0+0xbc/0x260
[  658.718784][T12470]  ? find_held_lock+0x2b/0x80
[  658.718786][T12470]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.718788][T12470]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.718790][T12470]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.718792][T12470]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  658.718794][T12470]  ? validate_chain+0x38b/0xc20
[  658.718800][T12470]  ? rtnl_link_fill+0x900/0x900
[  658.718802][T12470]  ? __lock_acquire+0x508/0xc10
[  658.718805][T12470]  ? lock_acquire.part.0+0xbc/0x260
[  658.718807][T12470]  ? find_held_lock+0x2b/0x80
[  658.718809][T12470]  netlink_rcv_skb+0x14e/0x3a0
[  658.718812][T12470]  ? rtnl_link_fill+0x900/0x900
[  658.718814][T12470]  ? netlink_ack+0xcd0/0xcd0
[  658.718816][T12470]  ? netlink_deliver_tap+0xc5/0x330
[  658.718819][T12470]  ? netlink_deliver_tap+0x13c/0x330
[  658.718822][T12470]  netlink_unicast+0x47c/0x740
[  658.718824][T12470]  ? netlink_attachskb+0x800/0x800
[  658.718825][T12470]  ? __lock_acquire+0x508/0xc10
[  658.718828][T12470]  netlink_sendmsg+0x735/0xc60
[  658.718830][T12470]  ? netlink_unicast+0x740/0x740
[  658.718831][T12470]  ? __might_fault+0x97/0x140
[  658.718835][T12470]  ? __might_fault+0x97/0x140
[  658.718838][T12470]  __sys_sendto+0x2c9/0x400
[  658.718841][T12470]  ? __ia32_sys_getpeername+0xd0/0xd0
[  658.718845][T12470]  ? fput_close_sync+0xde/0x1b0
[  658.718849][T12470]  ? alloc_file_clone+0xe0/0xe0
[  658.718851][T12470]  __x64_sys_sendto+0xe4/0x1f0
[  658.718853][T12470]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  658.718856][T12470]  ? lockdep_hardirqs_on+0x8c/0x130
[  658.718858][T12470]  ? do_syscall_64+0x82/0xfc0
[  658.718859][T12470]  do_syscall_64+0x117/0xfc0
[  658.718861][T12470]  ? trace_hardirqs_off+0xd/0x30
[  658.718862][T12470]  ? exc_page_fault+0xee/0x100
[  658.718864][T12470]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  658.718867][T12470] RIP: 0033:0x7f78febc908e
[  658.718870][T12470] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  658.718872][T12470] RSP: 002b:00007ffc19a43250 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  658.718876][T12470] RAX: ffffffffffffffda RBX: 00005648d379b300 RCX: 00007f78febc908e
[  658.718877][T12470] RDX: 0000000000000020 RSI: 00005648d37af0b0 RDI: 0000000000000016
[  658.718878][T12470] RBP: 00007ffc19a43260 R08: 00007ffc19a432b0 R09: 0000000000000080
[  658.718879][T12470] R10: 0000000000000000 R11: 0000000000000202 R12: 00005648d391b880
[  658.718880][T12470] R13: 00007ffc19a43394 R14: 0000000000000000 R15: 00007ffc19a43430
[  658.718883][T12470]  </TASK>
[  658.718883][T12470] 
[  658.726253][T12470] Allocated by task 12:
[  658.726317][T12470]  kasan_save_stack+0x2f/0x50
[  658.726402][T12470]  kasan_save_track+0x14/0x30
[  658.726481][T12470]  __kasan_kmalloc+0x7b/0x90
[  658.726561][T12470]  register_netdevice+0x48b/0x1bc0
[  658.726642][T12470]  nsim_init_netdevsim+0x892/0xc50 [netdevsim]
[  658.726751][T12470]  nsim_create+0x45b/0x5b0 [netdevsim]
[  658.726836][T12470]  __nsim_dev_port_add+0x30b/0x7a0 [netdevsim]
[  658.726939][T12470]  nsim_dev_reload_create+0x406/0x610 [netdevsim]
[  658.727039][T12470]  devlink_reload+0x264/0x430
[  658.727120][T12470]  devlink_pernet_pre_exit+0x1fd/0x330
[  658.727199][T12470]  ops_undo_list+0x156/0x8f0
[  658.727278][T12470]  cleanup_net+0x431/0x890
[  658.727359][T12470]  process_one_work+0xdf5/0x1410
[  658.727441][T12470]  worker_thread+0x4f1/0xd60
[  658.727519][T12470]  kthread+0x364/0x460
[  658.727588][T12470]  ret_from_fork+0x474/0x6b0
[  658.727670][T12470]  ret_from_fork_asm+0x11/0x20
[  658.727755][T12470] 
[  658.727802][T12470] Freed by task 12020:
[  658.727865][T12470]  kasan_save_stack+0x2f/0x50
[  658.727946][T12470]  kasan_save_track+0x14/0x30
[  658.728026][T12470]  kasan_save_free_info+0x3b/0x60
[  658.728106][T12470]  __kasan_slab_free+0x43/0x70
[  658.728188][T12470]  kfree+0x123/0x5a0
[  658.728249][T12470]  unregister_netdevice_many_notify+0xf0d/0x1f20
[  658.728349][T12470]  unregister_netdevice_queue+0x290/0x470
[  658.728428][T12470]  nsim_destroy+0x1a9/0x7e0 [netdevsim]
[  658.728509][T12470]  __nsim_dev_port_del+0x183/0x300 [netdevsim]
[  658.728613][T12470]  nsim_dev_reload_destroy+0xe3/0x4c0 [netdevsim]
[  658.728712][T12470]  nsim_drv_remove+0x5a/0x1f0 [netdevsim]
[  658.728794][T12470]  device_release_driver_internal+0x3b6/0x570
[  658.728907][T12470]  bus_remove_device+0x2ba/0x550
[  658.728987][T12470]  device_del+0x324/0x8c0
[  658.729048][T12470]  device_unregister+0x17/0xb0
[  658.729128][T12470]  del_device_store+0x2fb/0x580 [netdevsim]
[  658.729227][T12470]  kernfs_fop_write_iter+0x335/0x510
[  658.729307][T12470]  new_sync_write+0x333/0x750
[  658.729390][T12470]  vfs_write+0x6a4/0xc10
[  658.729451][T12470]  ksys_write+0x116/0x250
[  658.729511][T12470]  do_syscall_64+0x117/0xfc0
[  658.729594][T12470]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  658.729692][T12470] 
[  658.729733][T12470] The buggy address belongs to the object at ff11000008164b40
[  658.729733][T12470]  which belongs to the cache kmalloc-64 of size 64
[  658.729935][T12470] The buggy address is located 16 bytes inside of
[  658.729935][T12470]  freed 64-byte region [ff11000008164b40, ff11000008164b80)
[  658.730129][T12470] 
[  658.730170][T12470] The buggy address belongs to the physical page:
[  658.730268][T12470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000008164640 pfn:0x8164
[  658.730431][T12470] flags: 0x80000000000200(workingset|node=0|zone=1)
[  658.730541][T12470] page_type: f5(slab)
[  658.730614][T12470] raw: 0080000000000200 ff1100000103cac0 ffd40000003532d0 ffd40000001232d0
[  658.730760][T12470] raw: ff11000008164640 000000000010000f 00000000f5000000 0000000000000000
[  658.730906][T12470] page dumped because: kasan: bad access detected
[  658.731005][T12470] 
[  658.731047][T12470] Memory state around the buggy address:
[  658.731126][T12470]  ff11000008164a00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  658.731243][T12470]  ff11000008164a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  658.731359][T12470] >ff11000008164b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  658.731474][T12470]                                                  ^
[  658.731575][T12470]  ff11000008164b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  658.731692][T12470]  ff11000008164c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  658.731813][T12470] ==================================================================
[  658.732524][T12470] Disabling lock debugging due to kernel taint