[ 2038.336499][T29549] veth0: renamed from veth-hv-1
[ 2038.608602][T29575] br0: port 1(vxlan0) entered blocking state
[ 2038.608791][T29575] br0: port 1(vxlan0) entered disabled state
[ 2038.608958][T29575] vxlan0: entered allmulticast mode
[ 2038.610774][T29575] vxlan0: entered promiscuous mode
[ 2038.650996][T29576] br0: port 1(vxlan0) entered blocking state
[ 2038.651184][T29576] br0: port 1(vxlan0) entered forwarding state
[ 2038.717966][T29578] veth0: renamed from veth-hv-2
[ 2038.948364][T29586] br0: port 1(vxlan0) entered blocking state
[ 2038.948594][T29586] br0: port 1(vxlan0) entered disabled state
[ 2038.948810][T29586] vxlan0: entered allmulticast mode
[ 2038.949713][T29586] vxlan0: entered promiscuous mode
[ 2038.972488][T29587] br0: port 1(vxlan0) entered blocking state
[ 2038.972680][T29587] br0: port 1(vxlan0) entered forwarding state
[ 2039.114802][T29593] br0: port 2(veth-tap) entered blocking state
[ 2039.114996][T29593] br0: port 2(veth-tap) entered disabled state
[ 2039.115161][T29593] veth-tap: entered allmulticast mode
[ 2039.120925][T29593] veth-tap: entered promiscuous mode
[ 2039.187216][T29594] br0: port 2(veth-tap) entered blocking state
[ 2039.187411][T29594] br0: port 2(veth-tap) entered forwarding state
[ 2039.263436][T16894] br0: port 2(veth-tap) entered disabled state
[ 2039.298274][T16894] br0: port 2(veth-tap) entered blocking state
[ 2039.298487][T16894] br0: port 2(veth-tap) entered forwarding state
[ 2039.413157][T29604] br0: port 2(veth-tap) entered blocking state
[ 2039.413351][T29604] br0: port 2(veth-tap) entered disabled state
[ 2039.413511][T29604] veth-tap: entered allmulticast mode
[ 2039.414474][T29604] veth-tap: entered promiscuous mode
[ 2039.590170][T16894] br0: port 2(veth-tap) entered blocking state
[ 2039.590789][T16894] br0: port 2(veth-tap) entered forwarding state
[ 2039.748677][T29615] br0: port 1(vxlan0) entered disabled state
[ 2039.779386][T29616] br0: port 1(vxlan0) entered blocking state
[ 2039.779567][T29616] br0: port 1(vxlan0) entered forwarding state
[ 2039.841139][T29618] br0: port 1(vxlan0) entered disabled state
[ 2039.870405][T29619] br0: port 1(vxlan0) entered blocking state
[ 2039.870588][T29619] br0: port 1(vxlan0) entered forwarding state
[ 2040.101776][   T12] veth-tap: left allmulticast mode
[ 2040.101934][   T12] veth-tap: left promiscuous mode
[ 2040.102120][   T12] br0: port 2(veth-tap) entered disabled state
[ 2040.103068][   T12] vxlan0: left allmulticast mode
[ 2040.103200][   T12] vxlan0: left promiscuous mode
[ 2040.105777][   T12] br0: port 1(vxlan0) entered disabled state
[ 2040.126984][    C3] ==================================================================
[ 2040.127140][    C3] BUG: KASAN: slab-use-after-free in fib_rules_lookup+0xc66/0xc80
[ 2040.127289][    C3] Read of size 8 at addr ff1100000934e540 by task kworker/u16:2/22800
[ 2040.127417][    C3] 
[ 2040.127465][    C3] CPU: 3 UID: 0 PID: 22800 Comm: kworker/u16:2 Not tainted 7.1.0-rc7-virtme #1 PREEMPT(full) 
[ 2040.127468][    C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 2040.127471][    C3] Workqueue: ipv6_addrconf addrconf_dad_work
[ 2040.127476][    C3] Call Trace:
[ 2040.127478][    C3]  <IRQ>
[ 2040.127479][    C3]  dump_stack_lvl+0x6f/0xa0
[ 2040.127485][    C3]  print_address_description.constprop.0+0x56/0x2d0
[ 2040.127489][    C3]  print_report+0xfc/0x1fa
[ 2040.127491][    C3]  ? __virt_addr_valid+0x102/0x440
[ 2040.127496][    C3]  ? __virt_addr_valid+0x1da/0x440
[ 2040.127498][    C3]  kasan_report+0x108/0x130
[ 2040.127501][    C3]  ? fib_rules_lookup+0xc66/0xc80
[ 2040.127504][    C3]  ? fib_rules_lookup+0xc66/0xc80
[ 2040.127506][    C3]  fib_rules_lookup+0xc66/0xc80
[ 2040.127508][    C3]  ? fib_nl_delrule+0x80/0x80
[ 2040.127509][    C3]  ? l3mdev_update_flow+0xf8/0x550
[ 2040.127513][    C3]  __fib_lookup+0xdb/0x130
[ 2040.127516][    C3]  ? fib4_rule_nlmsg_payload+0x10/0x10
[ 2040.127517][    C3]  ? update_sg_lb_stats+0xc69/0x12d0
[ 2040.127521][    C3]  ip_route_input_slow+0x5eb/0x2400
[ 2040.127525][    C3]  ? fib_multipath_hash+0x11b0/0x11b0
[ 2040.127529][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127532][    C3]  ? lock_acquire+0x134/0x160
[ 2040.127536][    C3]  ip_route_input_noref+0x114/0x250
[ 2040.127538][    C3]  ? ip_route_input_slow+0x2400/0x2400
[ 2040.127540][    C3]  ? vrf_ip6_rcv+0xcb0/0xcb0
[ 2040.127545][    C3]  ip_rcv_finish_core+0x553/0x14c0
[ 2040.127548][    C3]  ip_rcv_finish+0xee/0x250
[ 2040.127550][    C3]  ? process_backlog+0x561/0x1490
[ 2040.127553][    C3]  ip_rcv+0xdc/0x3d0
[ 2040.127555][    C3]  ? ip_local_deliver+0x4c0/0x4c0
[ 2040.127556][    C3]  ? validate_chain+0x38b/0xc20
[ 2040.127559][    C3]  ? try_to_wake_up+0x14a/0xfb0
[ 2040.127561][    C3]  ? mark_usage+0x61/0x170
[ 2040.127562][    C3]  ? __lock_acquire+0x508/0xc10
[ 2040.127564][    C3]  __netif_receive_skb_one_core+0xfc/0x180
[ 2040.127566][    C3]  ? lock_acquire.part.0+0xbc/0x260
[ 2040.127568][    C3]  ? __netif_receive_skb_list_core+0x9e0/0x9e0
[ 2040.127570][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127572][    C3]  process_backlog+0x2bc/0x1490
[ 2040.127575][    C3]  __napi_poll+0xa7/0x3b0
[ 2040.127577][    C3]  net_rx_action+0x513/0xf50
[ 2040.127580][    C3]  ? __napi_poll+0x3b0/0x3b0
[ 2040.127582][    C3]  ? find_held_lock+0x2b/0x80
[ 2040.127585][    C3]  ? __run_timers+0xab0/0xab0
[ 2040.127587][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127589][    C3]  ? mark_held_locks+0x40/0x70
[ 2040.127591][    C3]  handle_softirqs+0x1d8/0x940
[ 2040.127594][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127596][    C3]  ? _local_bh_enable+0xd0/0xd0
[ 2040.127597][    C3]  ? trace_csd_function_exit+0xb3/0x1a0
[ 2040.127600][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127601][    C3]  do_softirq+0xa9/0xe0
[ 2040.127603][    C3]  </IRQ>
[ 2040.127604][    C3]  <TASK>
[ 2040.127604][    C3]  ? __dev_queue_xmit+0x956/0x1b70
[ 2040.127606][    C3]  __local_bh_enable_ip+0x113/0x140
[ 2040.127608][    C3]  __dev_queue_xmit+0x96b/0x1b70
[ 2040.127610][    C3]  ? __lock_acquire+0x508/0xc10
[ 2040.127612][    C3]  ? find_held_lock+0x2b/0x80
[ 2040.127613][    C3]  ? netdev_core_pick_tx+0x2c0/0x2c0
[ 2040.127615][    C3]  ? __asan_memcpy+0x3c/0x60
[ 2040.127618][    C3]  ? eth_header+0x14c/0x180
[ 2040.127620][    C3]  ? neigh_resolve_output.part.0+0x344/0x740
[ 2040.127624][    C3]  ip6_finish_output2+0x488/0x1310
[ 2040.127627][    C3]  ? ip6_xmit+0x2000/0x2000
[ 2040.127628][    C3]  ? find_held_lock+0x2b/0x80
[ 2040.127630][    C3]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2040.127632][    C3]  ? ip6_mtu+0x174/0x410
[ 2040.127634][    C3]  ip6_finish_output+0x701/0xe80
[ 2040.127636][    C3]  ip6_output+0x23f/0x7f0
[ 2040.127638][    C3]  ? ip6_finish_output+0xe80/0xe80
[ 2040.127640][    C3]  ? lock_acquire.part.0+0xbc/0x260
[ 2040.127641][    C3]  ? find_held_lock+0x2b/0x80
[ 2040.127643][    C3]  ? __lock_release.isra.0+0x6b/0x1a0
[ 2040.127644][    C3]  ? __local_bh_enable_ip+0xa5/0x140
[ 2040.127646][    C3]  ndisc_send_skb+0xba3/0x1520
[ 2040.127650][    C3]  ? ndisc_recv_na+0xf20/0xf20
[ 2040.127652][    C3]  ? trace_hardirqs_off+0xd/0x30
[ 2040.127655][    C3]  ? try_to_grab_pending+0x77/0x840
[ 2040.127658][    C3]  ? mark_held_locks+0x40/0x70
[ 2040.127660][    C3]  ndisc_send_ns+0xa9/0x120
[ 2040.127661][    C3]  ? find_held_lock+0x2b/0x80
[ 2040.127663][    C3]  ? ndisc_parse_options+0x30/0x30
[ 2040.127664][    C3]  ? __rwlock_init+0x150/0x150
[ 2040.127666][    C3]  ? mark_held_locks+0x40/0x70
[ 2040.127668][    C3]  ? lockdep_hardirqs_on+0x8c/0x130
[ 2040.127670][    C3]  addrconf_dad_work+0x6c2/0x930
[ 2040.127672][    C3]  ? addrconf_dad_begin+0x540/0x540
[ 2040.127673][    C3]  ? process_one_work+0xdb7/0x1410
[ 2040.127676][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127677][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127679][    C3]  ? lock_acquire+0x134/0x160
[ 2040.127680][    C3]  ? rcu_is_watching+0x15/0xd0
[ 2040.127682][    C3]  process_one_work+0xdf8/0x1410
[ 2040.127685][    C3]  ? pwq_dec_nr_in_flight+0x710/0x710
[ 2040.127687][    C3]  ? lock_acquire.part.0+0xbc/0x260
[ 2040.127690][    C3]  worker_thread+0x4f1/0xd60
[ 2040.127693][    C3]  ? rescuer_thread+0x1320/0x1320
[ 2040.127694][    C3]  kthread+0x367/0x460
[ 2040.127696][    C3]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 2040.127698][    C3]  ? kthread_affine_node+0x330/0x330
[ 2040.127700][    C3]  ret_from_fork+0x474/0x6b0
[ 2040.127703][    C3]  ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 2040.127705][    C3]  ? __switch_to+0x5a3/0xe00
[ 2040.127708][    C3]  ? kthread_affine_node+0x330/0x330
[ 2040.127710][    C3]  ret_from_fork_asm+0x11/0x20
[ 2040.127713][    C3]  </TASK>
[ 2040.127714][    C3] 
[ 2040.137019][    C3] Allocated by task 29528:
[ 2040.137108][    C3]  kasan_save_stack+0x2f/0x50
[ 2040.137202][    C3]  kasan_save_track+0x14/0x30
[ 2040.137293][    C3]  __kasan_kmalloc+0x7b/0x90
[ 2040.137380][    C3]  __kmalloc_node_track_caller_noprof+0x2d6/0x7b0
[ 2040.137488][    C3]  kmemdup_noprof+0x25/0x40
[ 2040.137576][    C3]  fib_rules_register+0x30/0x590
[ 2040.137662][    C3]  fib4_rules_init+0x21/0x140
[ 2040.137748][    C3]  fib_net_init+0x165/0x350
[ 2040.137835][    C3]  ops_init+0x187/0x560
[ 2040.137901][    C3]  setup_net+0x11b/0x3b0
[ 2040.137966][    C3]  copy_net_ns+0x383/0x660
[ 2040.138051][    C3]  create_new_namespaces+0x371/0xa10
[ 2040.138138][    C3]  unshare_nsproxy_namespaces+0xa5/0x1d0
[ 2040.138229][    C3]  ksys_unshare+0x353/0x880
[ 2040.138316][    C3]  __x64_sys_unshare+0x34/0x50
[ 2040.138402][    C3]  do_syscall_64+0x117/0x590
[ 2040.138489][    C3]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 2040.138602][    C3] 
[ 2040.138647][    C3] Freed by task 333:
[ 2040.138713][    C3]  kasan_save_stack+0x2f/0x50
[ 2040.138802][    C3]  kasan_save_track+0x14/0x30
[ 2040.138888][    C3]  kasan_save_free_info+0x3b/0x60
[ 2040.138974][    C3]  __kasan_slab_free+0x43/0x70
[ 2040.139060][    C3]  kmem_cache_free_bulk.part.0+0x1e3/0x480
[ 2040.139167][    C3]  kvfree_rcu_bulk+0x1f1/0x240
[ 2040.139257][    C3]  kfree_rcu_monitor+0x211/0x3f0
[ 2040.139348][    C3]  process_one_work+0xdf8/0x1410
[ 2040.139435][    C3]  worker_thread+0x4f1/0xd60
[ 2040.139526][    C3]  kthread+0x367/0x460
[ 2040.139590][    C3]  ret_from_fork+0x474/0x6b0
[ 2040.139675][    C3]  ret_from_fork_asm+0x11/0x20
[ 2040.139765][    C3] 
[ 2040.139809][    C3] Last potentially related work creation:
[ 2040.139895][    C3]  kasan_save_stack+0x2f/0x50
[ 2040.139983][    C3]  kasan_record_aux_stack+0x9b/0xc0
[ 2040.140069][    C3]  kvfree_call_rcu+0x7e/0x5b0
[ 2040.140157][    C3]  ops_undo_list+0x5be/0x8f0
[ 2040.140247][    C3]  cleanup_net+0x431/0x940
[ 2040.140333][    C3]  process_one_work+0xdf8/0x1410
[ 2040.140419][    C3]  worker_thread+0x4f1/0xd60
[ 2040.140507][    C3]  kthread+0x367/0x460
[ 2040.140572][    C3]  ret_from_fork+0x474/0x6b0
[ 2040.140658][    C3]  ret_from_fork_asm+0x11/0x20
[ 2040.140744][    C3] 
[ 2040.140790][    C3] The buggy address belongs to the object at ff1100000934e4c0
[ 2040.140790][    C3]  which belongs to the cache kmalloc-192 of size 192
[ 2040.141012][    C3] The buggy address is located 128 bytes inside of
[ 2040.141012][    C3]  freed 192-byte region [ff1100000934e4c0, ff1100000934e580)
[ 2040.141240][    C3] 
[ 2040.141285][    C3] The buggy address belongs to the physical page:
[ 2040.141395][    C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x934e
[ 2040.141550][    C3] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2040.141682][    C3] flags: 0x80000000000040(head|node=0|zone=1)
[ 2040.141794][    C3] page_type: f5(slab)
[ 2040.141862][    C3] raw: 0080000000000040 ff1100000103c4c0 ffd4000000340210 ffd400000036b690
[ 2040.142021][    C3] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 2040.142175][    C3] head: 0080000000000040 ff1100000103c4c0 ffd4000000340210 ffd400000036b690
[ 2040.142335][    C3] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 2040.142488][    C3] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 2040.142644][    C3] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2040.142797][    C3] page dumped because: kasan: bad access detected
[ 2040.142906][    C3] 
[ 2040.142952][    C3] Memory state around the buggy address:
[ 2040.143037][    C3]  ff1100000934e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2040.143167][    C3]  ff1100000934e480: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2040.143303][    C3] >ff1100000934e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2040.143434][    C3]                                            ^
[ 2040.143540][    C3]  ff1100000934e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2040.143670][    C3]  ff1100000934e600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2040.143802][    C3] ==================================================================
[ 2040.143937][    C3] Disabling lock debugging due to kernel taint
[ 2040.160032][   T12] br0: port 1(vxlan0) entered disabled state
[ 2040.160557][   T12] vxlan0 (unregistering): left allmulticast mode
[ 2040.160661][   T12] vxlan0 (unregistering): left promiscuous mode
[ 2040.160760][   T12] br0: port 1(vxlan0) entered disabled state
[ 2040.215388][   T12] veth-tap: left allmulticast mode
[ 2040.215482][   T12] veth-tap: left promiscuous mode
[ 2040.215610][   T12] br0: port 2(veth-tap) entered disabled state