[ 9.234595][ T196] gre: GRE over IPv4 demultiplexer driver
[ 9.754011][ T220] ip_gre: GRE over IPv4 tunneling driver
[ 11.990149][ T322] ip (322) used greatest stack depth: 24384 bytes left
[ 14.474220][ T424] ping (424) used greatest stack depth: 24328 bytes left
[ 15.635615][ T476] ping (476) used greatest stack depth: 24112 bytes left
[ 25.595034][ T759] ping (759) used greatest stack depth: 23568 bytes left
[ 26.203949][ T796] ip6_gre: GRE over IPv6 tunneling driver
[ 26.727788][ T470] ip6_tunnel: tep1 xmit: Local address not yet configured!
[ 31.769432][ T1045] ping (1045) used greatest stack depth: 22704 bytes left
[ 36.766783][ C3] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 38.813807][ C0] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 40.669787][ C0] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 42.717799][ C3] ip6_tunnel: tep0 xmit: Local address not yet configured!
[ 83.188889][ C3] ==================================================================
[ 83.189084][ C3] BUG: KASAN: slab-use-after-free in fib_rules_lookup+0xc66/0xc80
[ 83.189235][ C3] Read of size 8 at addr ff1100000e8698c0 by task kworker/3:1/72
[ 83.189369][ C3]
[ 83.189416][ C3] CPU: 3 UID: 0 PID: 72 Comm: kworker/3:1 Not tainted 7.1.0-rc7-virtme #1 PREEMPT(full)
[ 83.189419][ C3] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 83.189421][ C3] Workqueue: mld mld_ifc_work
[ 83.189427][ C3] Call Trace:
[ 83.189429][ C3]
[ 83.189431][ C3] dump_stack_lvl+0x6f/0xa0
[ 83.189436][ C3] print_address_description.constprop.0+0x56/0x2d0
[ 83.189441][ C3] print_report+0xfc/0x1fa
[ 83.189443][ C3] ? __virt_addr_valid+0x102/0x440
[ 83.189447][ C3] ? __virt_addr_valid+0x1da/0x440
[ 83.189450][ C3] kasan_report+0x108/0x130
[ 83.189453][ C3] ? fib_rules_lookup+0xc66/0xc80
[ 83.189455][ C3] ? fib_rules_lookup+0xc66/0xc80
[ 83.189458][ C3] fib_rules_lookup+0xc66/0xc80
[ 83.189460][ C3] ? fib_nl_delrule+0x80/0x80
[ 83.189461][ C3] ? l3mdev_update_flow+0xf8/0x550
[ 83.189464][ C3] ? dev_get_by_index_rcu+0xe6/0x180
[ 83.189467][ C3] __fib_lookup+0xdb/0x130
[ 83.189470][ C3] ? fib4_rule_nlmsg_payload+0x10/0x10
[ 83.189472][ C3] ? update_sg_lb_stats+0x9fa/0x12d0
[ 83.189476][ C3] ip_route_input_slow+0x5eb/0x2400
[ 83.189480][ C3] ? fib_multipath_hash+0x11b0/0x11b0
[ 83.189484][ C3] ? rcu_is_watching+0x15/0xd0
[ 83.189494][ C3] ? lock_acquire+0x134/0x160
[ 83.189497][ C3] ip_route_input_noref+0x114/0x250
[ 83.189499][ C3] ? ip_route_input_slow+0x2400/0x2400
[ 83.189502][ C3] ? __lock_release.isra.0+0x6b/0x1a0
[ 83.189504][ C3] ip_rcv_finish_core+0x553/0x14c0
[ 83.189507][ C3] ip_rcv_finish+0xee/0x250
[ 83.189509][ C3] ? process_backlog+0x561/0x1490
[ 83.189512][ C3] ip_rcv+0xdc/0x3d0
[ 83.189514][ C3] ? ip_local_deliver+0x4c0/0x4c0
[ 83.189516][ C3] ? validate_chain+0x38b/0xc20
[ 83.189518][ C3] ? __queue_work+0x315/0xc00
[ 83.189521][ C3] ? mark_usage+0x61/0x170
[ 83.189523][ C3] ? __lock_acquire+0x508/0xc10
[ 83.189525][ C3] __netif_receive_skb_one_core+0xfc/0x180
[ 83.189527][ C3] ? lock_acquire.part.0+0xbc/0x260
[ 83.189529][ C3] ? __netif_receive_skb_list_core+0x9e0/0x9e0
[ 83.189531][ C3] ? rcu_is_watching+0x15/0xd0
[ 83.189533][ C3] process_backlog+0x2bc/0x1490
[ 83.189536][ C3] __napi_poll+0xa7/0x3b0
[ 83.189538][ C3] net_rx_action+0x513/0xf50
[ 83.189541][ C3] ? __napi_poll+0x3b0/0x3b0
[ 83.189543][ C3] ? rcu_is_watching+0x15/0xd0
[ 83.189547][ C3] ? __run_timers+0xab0/0xab0
[ 83.189549][ C3] ? rcu_is_watching+0x15/0xd0
[ 83.189551][ C3] ? mark_held_locks+0x40/0x70
[ 83.189553][ C3] handle_softirqs+0x1d8/0x940
[ 83.189556][ C3] ? _local_bh_enable+0xd0/0xd0
[ 83.189558][ C3] ? _local_bh_enable+0xd0/0xd0
[ 83.189560][ C3] do_softirq+0xa9/0xe0
[ 83.189562][ C3]
[ 83.189563][ C3]
[ 83.189563][ C3] ? __dev_queue_xmit+0x956/0x1b70
[ 83.189565][ C3] __local_bh_enable_ip+0x113/0x140
[ 83.189567][ C3] __dev_queue_xmit+0x96b/0x1b70
[ 83.189569][ C3] ? __lock_acquire+0x508/0xc10
[ 83.189572][ C3] ? netdev_core_pick_tx+0x2c0/0x2c0
[ 83.189574][ C3] ? eth_header+0x60/0x180
[ 83.189576][ C3] ? vlan_dev_hard_header+0xf8/0x4d0
[ 83.189578][ C3] ? mark_held_locks+0x40/0x70
[ 83.189580][ C3] ? neigh_connected_output+0x2cf/0x5a0
[ 83.189584][ C3] ip6_finish_output2+0x488/0x1310
[ 83.189588][ C3] ? ip6_xmit+0x2000/0x2000
[ 83.189589][ C3] ? find_held_lock+0x2b/0x80
[ 83.189591][ C3] ? __lock_release.isra.0+0x6b/0x1a0
[ 83.189593][ C3] ? ip6_mtu+0x174/0x410
[ 83.189596][ C3] ip6_finish_output+0x701/0xe80
[ 83.189598][ C3] ip6_output+0x23f/0x7f0
[ 83.189600][ C3] ? ip6_finish_output+0xe80/0xe80
[ 83.189602][ C3] ? __lock_release.isra.0+0x6b/0x1a0
[ 83.189604][ C3] ? xfrm_bundle_lookup.constprop.0+0xba0/0xba0
[ 83.189606][ C3] ? mark_held_locks+0x40/0x70
[ 83.189608][ C3] ? __local_bh_enable_ip+0xa5/0x140
[ 83.189609][ C3] ? __local_bh_enable_ip+0xa5/0x140
[ 83.189610][ C3] ? icmp6_dst_alloc+0x317/0x4d0
[ 83.189613][ C3] mld_sendpack+0x9d6/0xec0
[ 83.189616][ C3] ? nf_hook.constprop.0+0x340/0x340
[ 83.189619][ C3] ? mld_send_cr+0x50f/0x820
[ 83.189621][ C3] mld_ifc_work+0x36/0x190
[ 83.189622][ C3] ? process_one_work+0xdb7/0x1410
[ 83.189624][ C3] process_one_work+0xdf8/0x1410
[ 83.189627][ C3] ? pwq_dec_nr_in_flight+0x710/0x710
[ 83.189629][ C3] ? lock_acquire.part.0+0xbc/0x260
[ 83.189632][ C3] worker_thread+0x4f1/0xd60
[ 83.189634][ C3] ? rescuer_thread+0x1320/0x1320
[ 83.189636][ C3] ? __kthread_parkme+0xbd/0x210
[ 83.189639][ C3] ? rescuer_thread+0x1320/0x1320
[ 83.189641][ C3] kthread+0x367/0x460
[ 83.189642][ C3] ? trace_irq_enable.constprop.0+0x9b/0x180
[ 83.189646][ C3] ? kthread_affine_node+0x330/0x330
[ 83.189648][ C3] ret_from_fork+0x474/0x6b0
[ 83.189651][ C3] ? arch_exit_to_user_mode_prepare.isra.0+0x120/0x120
[ 83.189653][ C3] ? __switch_to+0x5a3/0xe00
[ 83.189656][ C3] ? kthread_affine_node+0x330/0x330
[ 83.189658][ C3] ret_from_fork_asm+0x11/0x20
[ 83.189662][ C3]
[ 83.189662][ C3]
[ 83.198315][ C3] Allocated by task 2815:
[ 83.198386][ C3] kasan_save_stack+0x2f/0x50
[ 83.198479][ C3] kasan_save_track+0x14/0x30
[ 83.198592][ C3] __kasan_kmalloc+0x7b/0x90
[ 83.198709][ C3] __kmalloc_node_track_caller_noprof+0x2d6/0x7b0
[ 83.198824][ C3] kmemdup_noprof+0x25/0x40
[ 83.198914][ C3] fib_rules_register+0x30/0x590
[ 83.199015][ C3] fib4_rules_init+0x21/0x140
[ 83.199140][ C3] fib_net_init+0x165/0x350
[ 83.199266][ C3] ops_init+0x187/0x560
[ 83.199333][ C3] setup_net+0x11b/0x3b0
[ 83.199412][ C3] copy_net_ns+0x383/0x660
[ 83.199528][ C3] create_new_namespaces+0x371/0xa10
[ 83.199651][ C3] unshare_nsproxy_namespaces+0xa5/0x1d0
[ 83.199775][ C3] ksys_unshare+0x353/0x880
[ 83.199901][ C3] __x64_sys_unshare+0x34/0x50
[ 83.200028][ C3] do_syscall_64+0x117/0x590
[ 83.200155][ C3] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 83.200313][ C3]
[ 83.200380][ C3] Freed by task 444:
[ 83.200482][ C3] kasan_save_stack+0x2f/0x50
[ 83.200617][ C3] kasan_save_track+0x14/0x30
[ 83.200743][ C3] kasan_save_free_info+0x3b/0x60
[ 83.200868][ C3] __kasan_slab_free+0x43/0x70
[ 83.200997][ C3] kmem_cache_free_bulk.part.0+0x1e3/0x480
[ 83.201151][ C3] kvfree_rcu_bulk+0x1f1/0x240
[ 83.201276][ C3] kfree_rcu_work+0x130/0x1b0
[ 83.201403][ C3] process_one_work+0xdf8/0x1410
[ 83.201543][ C3] worker_thread+0x4f1/0xd60
[ 83.201667][ C3] kthread+0x367/0x460
[ 83.201762][ C3] ret_from_fork+0x474/0x6b0
[ 83.201888][ C3] ret_from_fork_asm+0x11/0x20
[ 83.202027][ C3]
[ 83.202094][ C3] Last potentially related work creation:
[ 83.202224][ C3] kasan_save_stack+0x2f/0x50
[ 83.202355][ C3] kasan_record_aux_stack+0x9b/0xc0
[ 83.202486][ C3] kvfree_call_rcu+0x7e/0x5b0
[ 83.202624][ C3] ops_undo_list+0x5be/0x8f0
[ 83.202752][ C3] cleanup_net+0x431/0x940
[ 83.202850][ C3] process_one_work+0xdf8/0x1410
[ 83.202940][ C3] worker_thread+0x4f1/0xd60
[ 83.203034][ C3] kthread+0x367/0x460
[ 83.203116][ C3] ret_from_fork+0x474/0x6b0
[ 83.203210][ C3] ret_from_fork_asm+0x11/0x20
[ 83.203338][ C3]
[ 83.203403][ C3] The buggy address belongs to the object at ff1100000e869840
[ 83.203403][ C3] which belongs to the cache kmalloc-192 of size 192
[ 83.203637][ C3] The buggy address is located 128 bytes inside of
[ 83.203637][ C3] freed 192-byte region [ff1100000e869840, ff1100000e869900)
[ 83.203862][ C3]
[ 83.203908][ C3] The buggy address belongs to the physical page:
[ 83.204020][ C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe868
[ 83.204197][ C3] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 83.204333][ C3] flags: 0x80000000000040(head|node=0|zone=1)
[ 83.204451][ C3] page_type: f5(slab)
[ 83.204535][ C3] raw: 0080000000000040 ff1100000103c4c0 ffd400000026aa90 ffd40000002ff410
[ 83.204705][ C3] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 83.204872][ C3] head: 0080000000000040 ff1100000103c4c0 ffd400000026aa90 ffd40000002ff410
[ 83.205041][ C3] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[ 83.205258][ C3] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[ 83.205450][ C3] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 83.205761][ C3] page dumped because: kasan: bad access detected
[ 83.205920][ C3]
[ 83.205988][ C3] Memory state around the buggy address:
[ 83.206112][ C3] ff1100000e869780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 83.206379][ C3] ff1100000e869800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 83.206533][ C3] >ff1100000e869880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.206660][ C3] ^
[ 83.206821][ C3] ff1100000e869900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 83.206953][ C3] ff1100000e869980: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 83.207098][ C3] ==================================================================
[ 83.207292][ C3] Disabling lock debugging due to kernel taint