[ 1768.489754][    C1] ==================================================================
[ 1768.489932][    C1] BUG: KASAN: slab-use-after-free in fib_rules_lookup+0xc66/0xc80
[ 1768.490072][    C1] Read of size 8 at addr ff110000104afa40 by task kworker/u16:2/29896
[ 1768.490211][    C1] 
[ 1768.490262][    C1] CPU: 1 UID: 0 PID: 29896 Comm: kworker/u16:2 Not tainted 7.1.0-rc7-virtme #1 PREEMPT(full) 
[ 1768.490265][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1768.490267][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1768.490273][    C1] Call Trace:
[ 1768.490275][    C1]  <IRQ>
[ 1768.490277][    C1]  dump_stack_lvl+0x6f/0xa0
[ 1768.490282][    C1]  print_address_description.constprop.0+0x56/0x2d0
[ 1768.490287][    C1]  print_report+0xfc/0x1fa
[ 1768.490289][    C1]  ? __virt_addr_valid+0x102/0x440
[ 1768.490293][    C1]  ? __virt_addr_valid+0x1da/0x440
[ 1768.490295][    C1]  kasan_report+0x108/0x130
[ 1768.490299][    C1]  ? fib_rules_lookup+0xc66/0xc80
[ 1768.490301][    C1]  ? fib_rules_lookup+0xc66/0xc80
[ 1768.490303][    C1]  fib_rules_lookup+0xc66/0xc80
[ 1768.490305][    C1]  ? fib_nl_delrule+0x80/0x80
[ 1768.490307][    C1]  ? l3mdev_update_flow+0xf8/0x550
[ 1768.490309][    C1]  ? dev_get_by_index_rcu+0xe6/0x180
[ 1768.490312][    C1]  __fib_lookup+0xdb/0x130
[ 1768.490315][    C1]  ? fib4_rule_nlmsg_payload+0x10/0x10
[ 1768.490317][    C1]  ? update_sg_lb_stats+0x9fa/0x12d0
[ 1768.490321][    C1]  ip_route_input_slow+0x5eb/0x2400
[ 1768.490324][    C1]  ? mark_usage+0x61/0x170
[ 1768.490327][    C1]  ? fib_multipath_hash+0x11b0/0x11b0
[ 1768.490331][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490334][    C1]  ? common_startup_64+0x13e/0x148
[ 1768.490338][    C1]  ? lock_acquire+0x134/0x160
[ 1768.490340][    C1]  ip_route_input_noref+0x114/0x250
[ 1768.490342][    C1]  ? ip_route_input_slow+0x2400/0x2400
[ 1768.490344][    C1]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1768.490347][    C1]  ip_rcv_finish_core+0x553/0x14c0
[ 1768.490349][    C1]  ip_rcv_finish+0xee/0x250
[ 1768.490352][    C1]  ? process_backlog+0x561/0x1490
[ 1768.490354][    C1]  ip_rcv+0xdc/0x3d0
[ 1768.490356][    C1]  ? ip_local_deliver+0x4c0/0x4c0
[ 1768.490358][    C1]  ? validate_chain+0x38b/0xc20
[ 1768.490360][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490362][    C1]  ? mark_usage+0x61/0x170
[ 1768.490363][    C1]  ? __lock_acquire+0x508/0xc10
[ 1768.490365][    C1]  __netif_receive_skb_one_core+0xfc/0x180
[ 1768.490367][    C1]  ? lock_acquire.part.0+0xbc/0x260
[ 1768.490369][    C1]  ? __netif_receive_skb_list_core+0x9e0/0x9e0
[ 1768.490371][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490373][    C1]  process_backlog+0x2bc/0x1490
[ 1768.490376][    C1]  __napi_poll+0xa7/0x3b0
[ 1768.490378][    C1]  net_rx_action+0x513/0xf50
[ 1768.490381][    C1]  ? wakeup_preempt_fair+0xdc/0x1150
[ 1768.490383][    C1]  ? __napi_poll+0x3b0/0x3b0
[ 1768.490385][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490388][    C1]  ? rcu_barrier_entrain+0x270/0x270
[ 1768.490389][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490390][    C1]  ? mark_held_locks+0x40/0x70
[ 1768.490392][    C1]  handle_softirqs+0x1d8/0x940
[ 1768.490395][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490397][    C1]  ? _local_bh_enable+0xd0/0xd0
[ 1768.490398][    C1]  ? trace_csd_function_exit+0xb3/0x1a0
[ 1768.490401][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490403][    C1]  do_softirq+0xa9/0xe0
[ 1768.490405][    C1]  </IRQ>
[ 1768.490405][    C1]  <TASK>
[ 1768.490406][    C1]  ? __dev_queue_xmit+0x956/0x1b70
[ 1768.490408][    C1]  __local_bh_enable_ip+0x113/0x140
[ 1768.490409][    C1]  __dev_queue_xmit+0x96b/0x1b70
[ 1768.490411][    C1]  ? __lock_acquire+0x508/0xc10
[ 1768.490413][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490415][    C1]  ? netdev_core_pick_tx+0x2c0/0x2c0
[ 1768.490417][    C1]  ? __asan_memcpy+0x3c/0x60
[ 1768.490419][    C1]  ? eth_header+0x14c/0x180
[ 1768.490421][    C1]  ? neigh_resolve_output.part.0+0x344/0x740
[ 1768.490425][    C1]  ip6_finish_output2+0x488/0x1310
[ 1768.490428][    C1]  ? ip6_xmit+0x2000/0x2000
[ 1768.490429][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490431][    C1]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1768.490433][    C1]  ? ip6_mtu+0x174/0x410
[ 1768.490435][    C1]  ip6_finish_output+0x701/0xe80
[ 1768.490437][    C1]  ip6_output+0x23f/0x7f0
[ 1768.490439][    C1]  ? ip6_finish_output+0xe80/0xe80
[ 1768.490441][    C1]  ? lock_acquire.part.0+0xbc/0x260
[ 1768.490442][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490444][    C1]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1768.490445][    C1]  ? __local_bh_enable_ip+0xa5/0x140
[ 1768.490447][    C1]  ndisc_send_skb+0xba3/0x1520
[ 1768.490451][    C1]  ? ndisc_recv_na+0xf20/0xf20
[ 1768.490453][    C1]  ? trace_hardirqs_off+0xd/0x30
[ 1768.490457][    C1]  ? try_to_grab_pending+0x77/0x840
[ 1768.490460][    C1]  ? mark_held_locks+0x40/0x70
[ 1768.490462][    C1]  ndisc_send_ns+0xa9/0x120
[ 1768.490463][    C1]  ? find_held_lock+0x2b/0x80
[ 1768.490465][    C1]  ? ndisc_parse_options+0x30/0x30
[ 1768.490466][    C1]  ? __rwlock_init+0x150/0x150
[ 1768.490468][    C1]  ? mark_held_locks+0x40/0x70
[ 1768.490469][    C1]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1768.490472][    C1]  addrconf_dad_work+0x6c2/0x930
[ 1768.490474][    C1]  ? addrconf_dad_begin+0x540/0x540
[ 1768.490475][    C1]  ? process_one_work+0xdb7/0x1410
[ 1768.490477][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490479][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490480][    C1]  ? lock_acquire+0x134/0x160
[ 1768.490482][    C1]  ? rcu_is_watching+0x15/0xd0
[ 1768.490484][    C1]  process_one_work+0xdf8/0x1410
[ 1768.490487][    C1]  ? pwq_dec_nr_in_flight+0x710/0x710
[ 1768.490488][    C1]  ? lock_acquire.part.0+0xbc/0x260
[ 1768.490491][    C1]  worker_thread+0x4f1/0xd60
[ 1768.490493][    C1]  ? rescuer_thread+0x1320/0x1320
[ 1768.490495][    C1]  ? __kthread_parkme+0xbd/0x210
[ 1768.490498][    C1]  ? rescuer_thread+0x1320/0x1320
[ 1768.490499][    C1]  kthread+0x367/0x460
[ 1768.490501][    C1]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1768.490503][    C1]  ? kthread_affine_node+0x330/0x330
[ 1768.490505][    C1]  ret_from_fork+0x474/0x6b0
[ 1768.490507][    C1]  ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 1768.490509][    C1]  ? __switch_to+0x5a3/0xe00
[ 1768.490511][    C1]  ? kthread_affine_node+0x330/0x330
[ 1768.490513][    C1]  ret_from_fork_asm+0x11/0x20
[ 1768.490516][    C1]  </TASK>
[ 1768.490517][    C1] 
[ 1768.500202][    C1] Allocated by task 4291:
[ 1768.500270][    C1]  kasan_save_stack+0x2f/0x50
[ 1768.500358][    C1]  kasan_save_track+0x14/0x30
[ 1768.500443][    C1]  __kasan_kmalloc+0x7b/0x90
[ 1768.500528][    C1]  __kmalloc_node_track_caller_noprof+0x2d6/0x7b0
[ 1768.500641][    C1]  kmemdup_noprof+0x25/0x40
[ 1768.500727][    C1]  fib_rules_register+0x30/0x590
[ 1768.500812][    C1]  fib4_rules_init+0x21/0x140
[ 1768.500897][    C1]  fib_net_init+0x165/0x350
[ 1768.500996][    C1]  ops_init+0x187/0x560
[ 1768.501062][    C1]  setup_net+0x11b/0x3b0
[ 1768.501126][    C1]  copy_net_ns+0x383/0x660
[ 1768.501211][    C1]  create_new_namespaces+0x371/0xa10
[ 1768.501303][    C1]  unshare_nsproxy_namespaces+0xa5/0x1d0
[ 1768.501393][    C1]  ksys_unshare+0x353/0x880
[ 1768.501486][    C1]  __x64_sys_unshare+0x34/0x50
[ 1768.501580][    C1]  do_syscall_64+0x117/0x590
[ 1768.501671][    C1]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1768.501787][    C1] 
[ 1768.501835][    C1] Freed by task 37:
[ 1768.501901][    C1]  kasan_save_stack+0x2f/0x50
[ 1768.501992][    C1]  kasan_save_track+0x14/0x30
[ 1768.502082][    C1]  kasan_save_free_info+0x3b/0x60
[ 1768.502168][    C1]  __kasan_slab_free+0x43/0x70
[ 1768.502257][    C1]  kmem_cache_free_bulk.part.0+0x1e3/0x480
[ 1768.502367][    C1]  kvfree_rcu_bulk+0x1f1/0x240
[ 1768.502454][    C1]  kfree_rcu_work+0x130/0x1b0
[ 1768.502539][    C1]  process_one_work+0xdf8/0x1410
[ 1768.502630][    C1]  worker_thread+0x4f1/0xd60
[ 1768.502717][    C1]  kthread+0x367/0x460
[ 1768.502785][    C1]  ret_from_fork+0x474/0x6b0
[ 1768.502873][    C1]  ret_from_fork_asm+0x11/0x20
[ 1768.502964][    C1] 
[ 1768.503009][    C1] Last potentially related work creation:
[ 1768.503099][    C1]  kasan_save_stack+0x2f/0x50
[ 1768.503191][    C1]  kasan_record_aux_stack+0x9b/0xc0
[ 1768.503286][    C1]  kvfree_call_rcu+0x7e/0x5b0
[ 1768.503377][    C1]  ops_undo_list+0x5be/0x8f0
[ 1768.503468][    C1]  cleanup_net+0x431/0x940
[ 1768.503560][    C1]  process_one_work+0xdf8/0x1410
[ 1768.503654][    C1]  worker_thread+0x4f1/0xd60
[ 1768.503740][    C1]  kthread+0x367/0x460
[ 1768.503808][    C1]  ret_from_fork+0x474/0x6b0
[ 1768.503895][    C1]  ret_from_fork_asm+0x11/0x20
[ 1768.503984][    C1] 
[ 1768.504029][    C1] The buggy address belongs to the object at ff110000104af9c0
[ 1768.504029][    C1]  which belongs to the cache kmalloc-192 of size 192
[ 1768.504240][    C1] The buggy address is located 128 bytes inside of
[ 1768.504240][    C1]  freed 192-byte region [ff110000104af9c0, ff110000104afa80)
[ 1768.504452][    C1] 
[ 1768.504495][    C1] The buggy address belongs to the physical page:
[ 1768.504614][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ae
[ 1768.504768][    C1] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1768.504902][    C1] flags: 0x80000000000040(head|node=0|zone=1)
[ 1768.505017][    C1] page_type: f5(slab)
[ 1768.505086][    C1] raw: 0080000000000040 ff1100000103c4c0 ffd400000052e810 ffd4000000263710
[ 1768.505252][    C1] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 1768.505406][    C1] head: 0080000000000040 ff1100000103c4c0 ffd400000052e810 ffd4000000263710
[ 1768.505563][    C1] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 1768.505716][    C1] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 1768.505869][    C1] head: ff110000104aff08 0000000000000000 00000000ffffffff 0000000000000000
[ 1768.506033][    C1] page dumped because: kasan: bad access detected
[ 1768.506144][    C1] 
[ 1768.506189][    C1] Memory state around the buggy address:
[ 1768.506274][    C1]  ff110000104af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1768.506409][    C1]  ff110000104af980: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1768.506536][    C1] >ff110000104afa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1768.506662][    C1]                                            ^
[ 1768.506767][    C1]  ff110000104afa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1768.506893][    C1]  ff110000104afb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1768.507024][    C1] ==================================================================
[ 1768.507170][    C1] Disabling lock debugging due to kernel taint
[ 1769.445734][ T4406] udpgso_bench_tx (4406) used greatest stack depth: 22592 bytes left
[ 1793.530361][ T5262] udpgso_bench_tx (5262) used greatest stack depth: 22064 bytes left
[ 1794.582513][ T5332] udpgso_bench_tx (5332) used greatest stack depth: 21504 bytes left