[  580.395400][T25224] ==================================================================
[  580.395562][T25224] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5c0/0x620
[  580.395685][T25224] Read of size 8 at addr ff11000008c96150 by task ip/25224
[  580.395799][T25224] 
[  580.395841][T25224] CPU: 0 UID: 0 PID: 25224 Comm: ip Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  580.395844][T25224] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  580.395846][T25224] Call Trace:
[  580.395848][T25224]  <TASK>
[  580.395849][T25224]  dump_stack_lvl+0x6f/0xa0
[  580.395855][T25224]  print_address_description.constprop.0+0x56/0x2d0
[  580.395859][T25224]  print_report+0xfc/0x1fa
[  580.395861][T25224]  ? __virt_addr_valid+0x102/0x440
[  580.395865][T25224]  ? __virt_addr_valid+0x1da/0x440
[  580.395867][T25224]  kasan_report+0x108/0x130
[  580.395871][T25224]  ? rtnl_fill_prop_list+0x5c0/0x620
[  580.395873][T25224]  ? rtnl_fill_prop_list+0x5c0/0x620
[  580.395876][T25224]  rtnl_fill_prop_list+0x5c0/0x620
[  580.395877][T25224]  ? __asan_memcpy+0x3c/0x60
[  580.395879][T25224]  rtnl_fill_ifinfo.isra.0+0x3ec/0x2b80
[  580.395882][T25224]  ? rcu_read_lock_any_held+0x3c/0x90
[  580.395885][T25224]  ? validate_chain+0x38b/0xc20
[  580.395887][T25224]  ? rtnl_fill_vf+0x460/0x460
[  580.395889][T25224]  ? trace_contention_end+0xb3/0x1a0
[  580.395892][T25224]  ? __lock_acquire+0x508/0xc10
[  580.395894][T25224]  ? if_nlmsg_size+0x6a9/0x7e0
[  580.395896][T25224]  ? lock_acquire.part.0+0xbc/0x260
[  580.395897][T25224]  ? find_held_lock+0x2b/0x80
[  580.395900][T25224]  ? __lock_release.isra.0+0x6b/0x1a0
[  580.395902][T25224]  ? mark_held_locks+0x40/0x70
[  580.395903][T25224]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  580.395905][T25224]  ? lockdep_hardirqs_on+0x8c/0x130
[  580.395908][T25224]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  580.395911][T25224]  rtnl_getlink+0xa48/0xe50
[  580.395913][T25224]  ? find_held_lock+0x2b/0x80
[  580.395915][T25224]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  580.395917][T25224]  ? mark_usage+0x61/0x170
[  580.395918][T25224]  ? __lock_release.isra.0+0x6b/0x1a0
[  580.395920][T25224]  ? __lock_acquire+0x508/0xc10
[  580.395927][T25224]  ? lock_acquire.part.0+0xbc/0x260
[  580.395928][T25224]  ? find_held_lock+0x2b/0x80
[  580.395930][T25224]  ? mark_usage+0x61/0x170
[  580.395936][T25224]  ? __lock_release.isra.0+0x6b/0x1a0
[  580.395938][T25224]  ? __lock_acquire+0x508/0xc10
[  580.395943][T25224]  ? __lock_release.isra.0+0x6b/0x1a0
[  580.395945][T25224]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  580.395948][T25224]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  580.395951][T25224]  ? validate_chain+0x38b/0xc20
[  580.395953][T25224]  ? rtnl_link_fill+0x920/0x920
[  580.395956][T25224]  ? __lock_acquire+0x508/0xc10
[  580.395958][T25224]  ? lock_acquire.part.0+0xbc/0x260
[  580.395959][T25224]  ? find_held_lock+0x2b/0x80
[  580.395961][T25224]  netlink_rcv_skb+0x14e/0x3a0
[  580.395965][T25224]  ? rtnl_link_fill+0x920/0x920
[  580.395967][T25224]  ? netlink_ack+0xce0/0xce0
[  580.395970][T25224]  ? netlink_deliver_tap+0xc5/0x330
[  580.395972][T25224]  ? netlink_deliver_tap+0x13c/0x330
[  580.395975][T25224]  netlink_unicast+0x4af/0x780
[  580.395977][T25224]  ? netlink_attachskb+0x800/0x800
[  580.395980][T25224]  netlink_sendmsg+0x735/0xc60
[  580.395983][T25224]  ? netlink_unicast+0x780/0x780
[  580.395986][T25224]  ____sys_sendmsg+0x419/0x850
[  580.395989][T25224]  ? copy_msghdr_from_user+0x2a0/0x460
[  580.395991][T25224]  ? get_timestamp.constprop.0+0x390/0x390
[  580.395992][T25224]  ? move_addr_to_kernel+0xf0/0xf0
[  580.395994][T25224]  ? folio_add_lru_vma+0x19e/0x240
[  580.395998][T25224]  ___sys_sendmsg+0x14e/0x1d0
[  580.395999][T25224]  ? copy_msghdr_from_user+0x460/0x460
[  580.396001][T25224]  ? __lock_release.isra.0+0x6b/0x1a0
[  580.396005][T25224]  ? lock_vma_under_rcu+0x159/0x410
[  580.396009][T25224]  __sys_sendmsg+0x145/0x1f0
[  580.396011][T25224]  ? __sys_sendmsg_sock+0x20/0x20
[  580.396014][T25224]  ? rcu_is_watching+0x15/0xd0
[  580.396016][T25224]  ? rcu_is_watching+0x15/0xd0
[  580.396018][T25224]  do_syscall_64+0xf3/0xfc0
[  580.396022][T25224]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  580.396024][T25224] RIP: 0033:0x7fdc704b808e
[  580.396028][T25224] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  580.396029][T25224] RSP: 002b:00007ffcb7cd5910 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[  580.396033][T25224] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdc704b808e
[  580.396035][T25224] RDX: 0000000000000000 RSI: 00007ffcb7cd59c0 RDI: 0000000000000006
[  580.396036][T25224] RBP: 00007ffcb7cd5920 R08: 0000000000000000 R09: 0000000000000000
[  580.396037][T25224] R10: 0000000000000000 R11: 0000000000000202 R12: 000000006a0b423c
[  580.396038][T25224] R13: 00007ffcb7cd5a70 R14: 000000000049f620 R15: 0000000000000001
[  580.396040][T25224]  </TASK>
[  580.396041][T25224] 
[  580.402719][T25224] Allocated by task 24952:
[  580.402797][T25224]  kasan_save_stack+0x2f/0x50
[  580.402880][T25224]  kasan_save_track+0x14/0x30
[  580.402968][T25224]  __kasan_kmalloc+0x7b/0x90
[  580.403044][T25224]  register_netdevice+0x48b/0x1980
[  580.403122][T25224]  veth_newlink+0x3a9/0x8d0 [veth]
[  580.403202][T25224]  rtnl_newlink_create+0x2da/0x780
[  580.403281][T25224]  __rtnl_newlink+0x22b/0xa50
[  580.403363][T25224]  rtnl_newlink+0x8d1/0xee0
[  580.403446][T25224]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  580.403527][T25224]  netlink_rcv_skb+0x14e/0x3a0
[  580.403617][T25224]  netlink_unicast+0x4af/0x780
[  580.403694][T25224]  netlink_sendmsg+0x735/0xc60
[  580.403774][T25224]  ____sys_sendmsg+0x419/0x850
[  580.403857][T25224]  ___sys_sendmsg+0x14e/0x1d0
[  580.403937][T25224]  __sys_sendmsg+0x145/0x1f0
[  580.404014][T25224]  do_syscall_64+0xf3/0xfc0
[  580.404094][T25224]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  580.404193][T25224] 
[  580.404234][T25224] Freed by task 25222:
[  580.404300][T25224]  kasan_save_stack+0x2f/0x50
[  580.404383][T25224]  kasan_save_track+0x14/0x30
[  580.404464][T25224]  kasan_save_free_info+0x3b/0x60
[  580.404547][T25224]  __kasan_slab_free+0x43/0x70
[  580.404625][T25224]  kfree+0x123/0x5a0
[  580.404687][T25224]  unregister_netdevice_many_notify+0xe38/0x1d80
[  580.404787][T25224]  rtnl_dellink+0x4a0/0xae0
[  580.404867][T25224]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  580.404954][T25224]  netlink_rcv_skb+0x14e/0x3a0
[  580.405036][T25224]  netlink_unicast+0x4af/0x780
[  580.405114][T25224]  netlink_sendmsg+0x735/0xc60
[  580.405236][T25224]  ____sys_sendmsg+0x419/0x850
[  580.405312][T25224]  ___sys_sendmsg+0x14e/0x1d0
[  580.405392][T25224]  __sys_sendmsg+0x145/0x1f0
[  580.405474][T25224]  do_syscall_64+0xf3/0xfc0
[  580.405600][T25224]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  580.405741][T25224] 
[  580.405785][T25224] The buggy address belongs to the object at ff11000008c96140
[  580.405785][T25224]  which belongs to the cache kmalloc-64 of size 64
[  580.406028][T25224] The buggy address is located 16 bytes inside of
[  580.406028][T25224]  freed 64-byte region [ff11000008c96140, ff11000008c96180)
[  580.406281][T25224] 
[  580.406323][T25224] The buggy address belongs to the physical page:
[  580.406423][T25224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8c96
[  580.406570][T25224] flags: 0x80000000000000(node=0|zone=1)
[  580.406651][T25224] page_type: f5(slab)
[  580.406718][T25224] raw: 0080000000000000 ff1100000103cac0 ffd40000003f7510 ffd4000000239310
[  580.406859][T25224] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  580.407058][T25224] page dumped because: kasan: bad access detected
[  580.407204][T25224] 
[  580.407245][T25224] Memory state around the buggy address:
[  580.407322][T25224]  ff11000008c96000: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  580.407441][T25224]  ff11000008c96080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  580.407552][T25224] >ff11000008c96100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  580.407665][T25224]                                                  ^
[  580.407756][T25224]  ff11000008c96180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  580.407863][T25224]  ff11000008c96200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 fc fc
[  580.407975][T25224] ==================================================================
[  580.408119][T25224] Disabling lock debugging due to kernel taint