[  656.221266][T16768] ==================================================================
[  656.221423][T16768] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5c0/0x620
[  656.221545][T16768] Read of size 8 at addr ff110000020d2850 by task ip/16768
[  656.221662][T16768] 
[  656.221705][T16768] CPU: 2 UID: 0 PID: 16768 Comm: ip Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  656.221708][T16768] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  656.221710][T16768] Call Trace:
[  656.221712][T16768]  <TASK>
[  656.221713][T16768]  dump_stack_lvl+0x6f/0xa0
[  656.221718][T16768]  print_address_description.constprop.0+0x56/0x2d0
[  656.221723][T16768]  print_report+0xfc/0x1fa
[  656.221724][T16768]  ? __virt_addr_valid+0x102/0x440
[  656.221728][T16768]  ? __virt_addr_valid+0x1da/0x440
[  656.221730][T16768]  kasan_report+0x108/0x130
[  656.221733][T16768]  ? rtnl_fill_prop_list+0x5c0/0x620
[  656.221735][T16768]  ? rtnl_fill_prop_list+0x5c0/0x620
[  656.221738][T16768]  rtnl_fill_prop_list+0x5c0/0x620
[  656.221739][T16768]  ? __asan_memcpy+0x3c/0x60
[  656.221741][T16768]  rtnl_fill_ifinfo.isra.0+0x3ec/0x2b80
[  656.221744][T16768]  ? rcu_read_lock_any_held+0x3c/0x90
[  656.221746][T16768]  ? validate_chain+0x38b/0xc20
[  656.221749][T16768]  ? rtnl_fill_vf+0x460/0x460
[  656.221750][T16768]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  656.221751][T16768]  ? lockdep_hardirqs_on+0x8c/0x130
[  656.221755][T16768]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  656.221757][T16768]  ? __lock_acquire+0x508/0xc10
[  656.221759][T16768]  ? if_nlmsg_size+0x6a6/0x7e0
[  656.221761][T16768]  ? lock_acquire.part.0+0xbc/0x260
[  656.221762][T16768]  ? find_held_lock+0x2b/0x80
[  656.221765][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221766][T16768]  ? mark_held_locks+0x40/0x70
[  656.221768][T16768]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  656.221769][T16768]  ? lockdep_hardirqs_on+0x8c/0x130
[  656.221770][T16768]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  656.221772][T16768]  rtnl_getlink+0xa48/0xe50
[  656.221775][T16768]  ? find_held_lock+0x2b/0x80
[  656.221776][T16768]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  656.221778][T16768]  ? mark_usage+0x61/0x170
[  656.221779][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221780][T16768]  ? __lock_acquire+0x508/0xc10
[  656.221787][T16768]  ? lock_acquire.part.0+0xbc/0x260
[  656.221789][T16768]  ? find_held_lock+0x2b/0x80
[  656.221790][T16768]  ? mark_usage+0x61/0x170
[  656.221792][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221793][T16768]  ? __lock_acquire+0x508/0xc10
[  656.221795][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221797][T16768]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  656.221799][T16768]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  656.221801][T16768]  ? validate_chain+0x38b/0xc20
[  656.221802][T16768]  ? rtnl_link_fill+0x920/0x920
[  656.221804][T16768]  ? __lock_acquire+0x508/0xc10
[  656.221805][T16768]  ? lock_acquire.part.0+0xbc/0x260
[  656.221807][T16768]  ? find_held_lock+0x2b/0x80
[  656.221809][T16768]  netlink_rcv_skb+0x14e/0x3a0
[  656.221812][T16768]  ? rtnl_link_fill+0x920/0x920
[  656.221814][T16768]  ? netlink_ack+0xce0/0xce0
[  656.221817][T16768]  ? netlink_deliver_tap+0xc5/0x330
[  656.221819][T16768]  ? netlink_deliver_tap+0x13c/0x330
[  656.221821][T16768]  netlink_unicast+0x4af/0x780
[  656.221823][T16768]  ? netlink_attachskb+0x800/0x800
[  656.221825][T16768]  ? __lock_acquire+0x508/0xc10
[  656.221827][T16768]  ? __lock_acquire+0x431/0xc10
[  656.221828][T16768]  netlink_sendmsg+0x735/0xc60
[  656.221831][T16768]  ? netlink_unicast+0x780/0x780
[  656.221832][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221834][T16768]  ? __might_fault+0x97/0x140
[  656.221837][T16768]  ? __might_fault+0x97/0x140
[  656.221839][T16768]  ____sys_sendmsg+0x419/0x850
[  656.221842][T16768]  ? copy_msghdr_from_user+0x2a0/0x460
[  656.221844][T16768]  ? get_timestamp.constprop.0+0x390/0x390
[  656.221845][T16768]  ? move_addr_to_kernel+0xf0/0xf0
[  656.221847][T16768]  ? folio_add_lru_vma+0x19e/0x240
[  656.221850][T16768]  ___sys_sendmsg+0x14e/0x1d0
[  656.221851][T16768]  ? copy_msghdr_from_user+0x460/0x460
[  656.221852][T16768]  ? __lock_release.isra.0+0x6b/0x1a0
[  656.221857][T16768]  ? lock_vma_under_rcu+0x159/0x410
[  656.221859][T16768]  __sys_sendmsg+0x145/0x1f0
[  656.221861][T16768]  ? __sys_sendmsg_sock+0x20/0x20
[  656.221864][T16768]  ? rcu_is_watching+0x15/0xd0
[  656.221866][T16768]  ? rcu_is_watching+0x15/0xd0
[  656.221868][T16768]  do_syscall_64+0xf3/0xfc0
[  656.221871][T16768]  ? trace_hardirqs_off+0xd/0x30
[  656.221873][T16768]  ? exc_page_fault+0xee/0x100
[  656.221875][T16768]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  656.221877][T16768] RIP: 0033:0x7fc2f9be508e
[  656.221880][T16768] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  656.221881][T16768] RSP: 002b:00007ffd83b10730 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[  656.221885][T16768] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc2f9be508e
[  656.221887][T16768] RDX: 0000000000000000 RSI: 00007ffd83b107e0 RDI: 0000000000000006
[  656.221888][T16768] RBP: 00007ffd83b10740 R08: 0000000000000000 R09: 0000000000000000
[  656.221888][T16768] R10: 0000000000000000 R11: 0000000000000202 R12: 000000006a0b45b5
[  656.221889][T16768] R13: 00007ffd83b10890 R14: 000000000049f620 R15: 0000000000000001
[  656.221892][T16768]  </TASK>
[  656.221893][T16768] 
[  656.229618][T16768] Allocated by task 16582:
[  656.229696][T16768]  kasan_save_stack+0x2f/0x50
[  656.229775][T16768]  kasan_save_track+0x14/0x30
[  656.229892][T16768]  __kasan_kmalloc+0x7b/0x90
[  656.229967][T16768]  register_netdevice+0x48b/0x1980
[  656.230045][T16768]  veth_newlink+0x3a9/0x8d0 [veth]
[  656.230121][T16768]  rtnl_newlink_create+0x2da/0x780
[  656.230234][T16768]  __rtnl_newlink+0x22b/0xa50
[  656.230309][T16768]  rtnl_newlink+0x8d1/0xee0
[  656.230384][T16768]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  656.230461][T16768]  netlink_rcv_skb+0x14e/0x3a0
[  656.230576][T16768]  netlink_unicast+0x4af/0x780
[  656.230652][T16768]  netlink_sendmsg+0x735/0xc60
[  656.230727][T16768]  ____sys_sendmsg+0x419/0x850
[  656.230803][T16768]  ___sys_sendmsg+0x14e/0x1d0
[  656.230918][T16768]  __sys_sendmsg+0x145/0x1f0
[  656.230999][T16768]  do_syscall_64+0xf3/0xfc0
[  656.231075][T16768]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  656.231169][T16768] 
[  656.231209][T16768] Freed by task 12:
[  656.231306][T16768]  kasan_save_stack+0x2f/0x50
[  656.231385][T16768]  kasan_save_track+0x14/0x30
[  656.231461][T16768]  kasan_save_free_info+0x3b/0x60
[  656.231537][T16768]  __kasan_slab_free+0x43/0x70
[  656.231652][T16768]  kfree+0x123/0x5a0
[  656.231710][T16768]  unregister_netdevice_many_notify+0xe38/0x1d80
[  656.231805][T16768]  default_device_exit_batch+0x38b/0x600
[  656.231879][T16768]  ops_undo_list+0x2ce/0x8f0
[  656.231998][T16768]  cleanup_net+0x431/0x890
[  656.232072][T16768]  process_one_work+0xdf5/0x1410
[  656.232149][T16768]  worker_thread+0x4f1/0xd60
[  656.232224][T16768]  kthread+0x364/0x460
[  656.232322][T16768]  ret_from_fork+0x4a4/0x720
[  656.232399][T16768]  ret_from_fork_asm+0x11/0x20
[  656.232476][T16768] 
[  656.232514][T16768] The buggy address belongs to the object at ff110000020d2840
[  656.232514][T16768]  which belongs to the cache kmalloc-64 of size 64
[  656.232736][T16768] The buggy address is located 16 bytes inside of
[  656.232736][T16768]  freed 64-byte region [ff110000020d2840, ff110000020d2880)
[  656.232920][T16768] 
[  656.233004][T16768] The buggy address belongs to the physical page:
[  656.233101][T16768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff110000020d2c40 pfn:0x20d2
[  656.233256][T16768] flags: 0x80000000000200(workingset|node=0|zone=1)
[  656.233397][T16768] page_type: f5(slab)
[  656.233457][T16768] raw: 0080000000000200 ff1100000103cac0 ffd4000000126290 ffd40000001ec710
[  656.233597][T16768] raw: ff110000020d2c40 0000000000100008 00000000f5000000 0000000000000000
[  656.233734][T16768] page dumped because: kasan: bad access detected
[  656.233829][T16768] 
[  656.233868][T16768] Memory state around the buggy address:
[  656.233945][T16768]  ff110000020d2700: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 fc fc
[  656.234095][T16768]  ff110000020d2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  656.234205][T16768] >ff110000020d2800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  656.234352][T16768]                                                  ^
[  656.234443][T16768]  ff110000020d2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  656.234551][T16768]  ff110000020d2900: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  656.234701][T16768] ==================================================================
[  656.234869][T16768] Disabling lock debugging due to kernel taint