[ 1624.881521][ T1484] gre: GRE over IPv4 demultiplexer driver
[ 1625.283888][ T1507] ip_gre: GRE over IPv4 tunneling driver
[ 1640.716196][ T2081] ip6_gre: GRE over IPv6 tunneling driver
[ 1646.063549][ T2330] ping (2330) used greatest stack depth: 22912 bytes left
[ 1650.873300][ C3] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 1652.856276][ C0] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 1654.712273][ C3] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 1656.696280][ C0] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 1659.777169][ C0] ==================================================================
[ 1659.777347][ C0] BUG: KASAN: slab-use-after-free in fib_rules_lookup+0xc66/0xc80
[ 1659.777485][ C0] Read of size 8 at addr ff1100000a3fda40 by task kworker/0:0/18404
[ 1659.777615][ C0]
[ 1659.777662][ C0] CPU: 0 UID: 0 PID: 18404 Comm: kworker/0:0 Not tainted 7.1.0-rc7-virtme #1 PREEMPT(full)
[ 1659.777666][ C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1659.777668][ C0] Workqueue: mld mld_ifc_work
[ 1659.777673][ C0] Call Trace:
[ 1659.777675][ C0]
[ 1659.777676][ C0] dump_stack_lvl+0x6f/0xa0
[ 1659.777681][ C0] print_address_description.constprop.0+0x56/0x2d0
[ 1659.777686][ C0] print_report+0xfc/0x1fa
[ 1659.777688][ C0] ? __virt_addr_valid+0x102/0x440
[ 1659.777692][ C0] ? __virt_addr_valid+0x1da/0x440
[ 1659.777695][ C0] kasan_report+0x108/0x130
[ 1659.777698][ C0] ? fib_rules_lookup+0xc66/0xc80
[ 1659.777700][ C0] ? fib_rules_lookup+0xc66/0xc80
[ 1659.777702][ C0] fib_rules_lookup+0xc66/0xc80
[ 1659.777705][ C0] ? fib_nl_delrule+0x80/0x80
[ 1659.777706][ C0] ? l3mdev_update_flow+0xf8/0x550
[ 1659.777714][ C0] ? dev_get_by_index_rcu+0xe6/0x180
[ 1659.777717][ C0] __fib_lookup+0xdb/0x130
[ 1659.777720][ C0] ? fib4_rule_nlmsg_payload+0x10/0x10
[ 1659.777723][ C0] ip_route_input_slow+0x5eb/0x2400
[ 1659.777726][ C0] ? update_curr_rt+0x70/0xa0
[ 1659.777729][ C0] ? rcu_is_watching+0x15/0xd0
[ 1659.777732][ C0] ? fib_multipath_hash+0x11b0/0x11b0
[ 1659.777736][ C0] ? rcu_is_watching+0x15/0xd0
[ 1659.777738][ C0] ? lock_acquire+0x134/0x160
[ 1659.777741][ C0] ip_route_input_noref+0x114/0x250
[ 1659.777743][ C0] ? ip_route_input_slow+0x2400/0x2400
[ 1659.777746][ C0] ? __lock_release.isra.0+0x6b/0x1a0
[ 1659.777748][ C0] ip_rcv_finish_core+0x553/0x14c0
[ 1659.777751][ C0] ip_rcv_finish+0xee/0x250
[ 1659.777753][ C0] ? process_backlog+0x561/0x1490
[ 1659.777756][ C0] ip_rcv+0xdc/0x3d0
[ 1659.777758][ C0] ? ip_local_deliver+0x4c0/0x4c0
[ 1659.777760][ C0] ? validate_chain+0x38b/0xc20
[ 1659.777761][ C0] ? __queue_work+0x315/0xc00
[ 1659.777765][ C0] ? mark_usage+0x61/0x170
[ 1659.777766][ C0] ? __lock_acquire+0x508/0xc10
[ 1659.777768][ C0] __netif_receive_skb_one_core+0xfc/0x180
[ 1659.777770][ C0] ? lock_acquire.part.0+0xbc/0x260
[ 1659.777772][ C0] ? __netif_receive_skb_list_core+0x9e0/0x9e0
[ 1659.777774][ C0] ? rcu_is_watching+0x15/0xd0
[ 1659.777776][ C0] process_backlog+0x2bc/0x1490
[ 1659.777779][ C0] __napi_poll+0xa7/0x3b0
[ 1659.777781][ C0] net_rx_action+0x513/0xf50
[ 1659.777784][ C0] ? __napi_poll+0x3b0/0x3b0
[ 1659.777786][ C0] ? __lock_release.isra.0+0x6b/0x1a0
[ 1659.777788][ C0] ? __rwlock_init+0x150/0x150
[ 1659.777790][ C0] ? __run_timers+0xab0/0xab0
[ 1659.777793][ C0] ? rcu_is_watching+0x15/0xd0
[ 1659.777794][ C0] ? mark_held_locks+0x40/0x70
[ 1659.777796][ C0] handle_softirqs+0x1d8/0x940
[ 1659.777799][ C0] ? _local_bh_enable+0xd0/0xd0
[ 1659.777801][ C0] ? _local_bh_enable+0xd0/0xd0
[ 1659.777803][ C0] do_softirq+0xa9/0xe0
[ 1659.777805][ C0]
[ 1659.777805][ C0]
[ 1659.777806][ C0] ? __dev_queue_xmit+0x956/0x1b70
[ 1659.777808][ C0] __local_bh_enable_ip+0x113/0x140
[ 1659.777809][ C0] __dev_queue_xmit+0x96b/0x1b70
[ 1659.777811][ C0] ? arch_stack_walk+0xd7/0x130
[ 1659.777814][ C0] ? __lock_acquire+0x508/0xc10
[ 1659.777816][ C0] ? netdev_core_pick_tx+0x2c0/0x2c0
[ 1659.777818][ C0] ? find_held_lock+0x2b/0x80
[ 1659.777820][ C0] ? __lock_release.isra.0+0x6b/0x1a0
[ 1659.777821][ C0] ? rcu_is_watching+0x15/0xd0
[ 1659.777823][ C0] ? mark_held_locks+0x40/0x70
[ 1659.777824][ C0] ? __asan_memcpy+0x3c/0x60
[ 1659.777827][ C0] ? neigh_hh_output+0x152/0x4c0
[ 1659.777830][ C0] ip6_finish_output2+0x986/0x1310
[ 1659.777832][ C0] ? ip6_xmit+0x2000/0x2000
[ 1659.777834][ C0] ? find_held_lock+0x2b/0x80
[ 1659.777835][ C0] ? __lock_release.isra.0+0x6b/0x1a0
[ 1659.777837][ C0] ? ip6_mtu+0x174/0x410
[ 1659.777840][ C0] ip6_finish_output+0x701/0xe80
[ 1659.777842][ C0] ip6_output+0x23f/0x7f0
[ 1659.777844][ C0] ? ip6_finish_output+0xe80/0xe80
[ 1659.777845][ C0] ? __lock_release.isra.0+0x6b/0x1a0
[ 1659.777847][ C0] ? xfrm_bundle_lookup.constprop.0+0xba0/0xba0
[ 1659.777849][ C0] ? mark_held_locks+0x40/0x70
[ 1659.777851][ C0] ? __local_bh_enable_ip+0xa5/0x140
[ 1659.777852][ C0] ? __local_bh_enable_ip+0xa5/0x140
[ 1659.777854][ C0] ? icmp6_dst_alloc+0x317/0x4d0
[ 1659.777856][ C0] mld_sendpack+0x9d6/0xec0
[ 1659.777859][ C0] ? find_held_lock+0x2b/0x80
[ 1659.777860][ C0] ? nf_hook.constprop.0+0x340/0x340
[ 1659.777863][ C0] ? mld_send_cr+0x50f/0x820
[ 1659.777865][ C0] mld_ifc_work+0x36/0x190
[ 1659.777866][ C0] ? process_one_work+0xdb7/0x1410
[ 1659.777868][ C0] process_one_work+0xdf8/0x1410
[ 1659.777871][ C0] ? pwq_dec_nr_in_flight+0x710/0x710
[ 1659.777873][ C0] ? lock_acquire.part.0+0xbc/0x260
[ 1659.777876][ C0] worker_thread+0x4f1/0xd60
[ 1659.777878][ C0] ? rescuer_thread+0x1320/0x1320
[ 1659.777879][ C0] ? __kthread_parkme+0xbd/0x210
[ 1659.777882][ C0] ? rescuer_thread+0x1320/0x1320
[ 1659.777884][ C0] kthread+0x367/0x460
[ 1659.777886][ C0] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1659.777889][ C0] ? kthread_affine_node+0x330/0x330
[ 1659.777891][ C0] ret_from_fork+0x474/0x6b0
[ 1659.777893][ C0] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 1659.777895][ C0] ? __switch_to+0x5a3/0xe00
[ 1659.777898][ C0] ? kthread_affine_node+0x330/0x330
[ 1659.777900][ C0] ret_from_fork_asm+0x11/0x20
[ 1659.777904][ C0]
[ 1659.777904][ C0]
[ 1659.786793][ C0] Allocated by task 2786:
[ 1659.786861][ C0] kasan_save_stack+0x2f/0x50
[ 1659.786954][ C0] kasan_save_track+0x14/0x30
[ 1659.787043][ C0] __kasan_kmalloc+0x7b/0x90
[ 1659.787132][ C0] __kmalloc_node_track_caller_noprof+0x2d6/0x7b0
[ 1659.787241][ C0] kmemdup_noprof+0x25/0x40
[ 1659.787330][ C0] fib_rules_register+0x30/0x590
[ 1659.787418][ C0] fib4_rules_init+0x21/0x140
[ 1659.787506][ C0] fib_net_init+0x165/0x350
[ 1659.787593][ C0] ops_init+0x187/0x560
[ 1659.787659][ C0] setup_net+0x11b/0x3b0
[ 1659.787728][ C0] copy_net_ns+0x383/0x660
[ 1659.787816][ C0] create_new_namespaces+0x371/0xa10
[ 1659.787903][ C0] unshare_nsproxy_namespaces+0xa5/0x1d0
[ 1659.787990][ C0] ksys_unshare+0x353/0x880
[ 1659.788077][ C0] __x64_sys_unshare+0x34/0x50
[ 1659.788164][ C0] do_syscall_64+0x117/0x590
[ 1659.788258][ C0] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1659.788372][ C0]
[ 1659.788416][ C0] Freed by task 6332:
[ 1659.788484][ C0] kasan_save_stack+0x2f/0x50
[ 1659.788573][ C0] kasan_save_track+0x14/0x30
[ 1659.788659][ C0] kasan_save_free_info+0x3b/0x60
[ 1659.788755][ C0] __kasan_slab_free+0x43/0x70
[ 1659.788843][ C0] kmem_cache_free_bulk.part.0+0x1e3/0x480
[ 1659.788951][ C0] kvfree_rcu_bulk+0x1f1/0x240
[ 1659.789042][ C0] kfree_rcu_work+0x130/0x1b0
[ 1659.789131][ C0] process_one_work+0xdf8/0x1410
[ 1659.789219][ C0] worker_thread+0x4f1/0xd60
[ 1659.789306][ C0] kthread+0x367/0x460
[ 1659.789371][ C0] ret_from_fork+0x474/0x6b0
[ 1659.789457][ C0] ret_from_fork_asm+0x11/0x20
[ 1659.789544][ C0]
[ 1659.789589][ C0] Last potentially related work creation:
[ 1659.789676][ C0] kasan_save_stack+0x2f/0x50
[ 1659.789767][ C0] kasan_record_aux_stack+0x9b/0xc0
[ 1659.789856][ C0] kvfree_call_rcu+0x7e/0x5b0
[ 1659.789944][ C0] ops_undo_list+0x5be/0x8f0
[ 1659.790034][ C0] cleanup_net+0x431/0x940
[ 1659.790122][ C0] process_one_work+0xdf8/0x1410
[ 1659.790210][ C0] worker_thread+0x4f1/0xd60
[ 1659.790299][ C0] kthread+0x367/0x460
[ 1659.790365][ C0] ret_from_fork+0x474/0x6b0
[ 1659.790453][ C0] ret_from_fork_asm+0x11/0x20
[ 1659.790541][ C0]
[ 1659.790587][ C0] The buggy address belongs to the object at ff1100000a3fd9c0
[ 1659.790587][ C0] which belongs to the cache kmalloc-192 of size 192
[ 1659.790803][ C0] The buggy address is located 128 bytes inside of
[ 1659.790803][ C0] freed 192-byte region [ff1100000a3fd9c0, ff1100000a3fda80)
[ 1659.791018][ C0]
[ 1659.791065][ C0] The buggy address belongs to the physical page:
[ 1659.791174][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000a3fde40 pfn:0xa3fc
[ 1659.791352][ C0] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1659.791487][ C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1659.791601][ C0] page_type: f5(slab)
[ 1659.791672][ C0] raw: 0080000000000240 ff1100000103c4c0 ffd4000000141c90 ffd40000006abf10
[ 1659.791832][ C0] raw: ff1100000a3fde40 0000000000150010 00000000f5000000 0000000000000000
[ 1659.791991][ C0] head: 0080000000000240 ff1100000103c4c0 ffd4000000141c90 ffd40000006abf10
[ 1659.792201][ C0] head: ff1100000a3fde40 0000000000150010 00000000f5000000 0000000000000000
[ 1659.792356][ C0] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 1659.792511][ C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1659.792718][ C0] page dumped because: kasan: bad access detected
[ 1659.792827][ C0]
[ 1659.792871][ C0] Memory state around the buggy address:
[ 1659.793003][ C0] ff1100000a3fd900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1659.793134][ C0] ff1100000a3fd980: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1659.793265][ C0] >ff1100000a3fda00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.793440][ C0] ^
[ 1659.793545][ C0] ff1100000a3fda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1659.793672][ C0] ff1100000a3fdb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1659.793852][ C0] ==================================================================
[ 1659.793985][ C0] Disabling lock debugging due to kernel taint
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr