[  119.255339][ T1420] lag2: Mode changed to "loadbalance"
[  119.327452][ T1423] lag2: Port device veth3 added
[  119.474803][ T1433] lag2: Port device veth5 added
[  119.527593][ T1435] 8021q: adding VLAN 0 to HW filter on device lag2
[  119.554105][ T1436] 8021q: adding VLAN 0 to HW filter on device lag2
[  119.730349][ T1441] gre: GRE over IPv4 demultiplexer driver
[  119.741727][ T1441] ip_gre: GRE over IPv4 tunneling driver
[  120.447634][ T1467] lag1: Mode changed to "loadbalance"
[  120.511528][ T1470] lag1: Port device veth2 added
[  120.655256][ T1473] lag1: Port device veth4 added
[  120.726737][ T1475] 8021q: adding VLAN 0 to HW filter on device lag1
[  126.219005][ T1507] lag2: Port device veth5 removed
[  129.920933][ T1517] lag2: Port device veth3 removed
[  134.012740][ T1547] lag2: Mode changed to "loadbalance"
[  134.099406][ T1551] lag2: Port device veth3 added
[  134.241684][ T1555] lag2: Port device veth5 added
[  134.308473][ T1557] 8021q: adding VLAN 0 to HW filter on device lag2
[  134.347551][ T1558] 8021q: adding VLAN 0 to HW filter on device lag2
[  139.872496][ T1598] lag2: Port device veth3 removed
[  143.567614][ T1608] lag2: Port device veth5 removed
[  147.653711][ T1634] lag2: Mode changed to "loadbalance"
[  147.772177][ T1642] lag2: Port device veth3 added
[  147.920345][ T1646] lag2: Port device veth5 added
[  147.983865][ T1648] 8021q: adding VLAN 0 to HW filter on device lag2
[  148.017452][ T1649] 8021q: adding VLAN 0 to HW filter on device lag2
[  153.574478][ T1467] lag1: Port device veth4 removed
[  153.579652][ T1467] lag1: Port device veth2 removed
[  153.645216][ T1634] ==================================================================
[  153.645378][ T1634] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600
[  153.645510][ T1634] Read of size 8 at addr ff11000004ab7750 by task teamd/1634
[  153.645638][ T1634] 
[  153.645684][ T1634] CPU: 2 UID: 0 PID: 1634 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  153.645687][ T1634] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  153.645688][ T1634] Call Trace:
[  153.645690][ T1634]  <TASK>
[  153.645691][ T1634]  dump_stack_lvl+0x6f/0xa0
[  153.645697][ T1634]  print_address_description.constprop.0+0x56/0x2d0
[  153.645702][ T1634]  print_report+0xfc/0x1fa
[  153.645704][ T1634]  ? __virt_addr_valid+0x102/0x440
[  153.645708][ T1634]  ? __virt_addr_valid+0x1da/0x440
[  153.645710][ T1634]  kasan_report+0x108/0x130
[  153.645713][ T1634]  ? rtnl_fill_prop_list+0x5ad/0x600
[  153.645715][ T1634]  ? rtnl_fill_prop_list+0x5ad/0x600
[  153.645717][ T1634]  rtnl_fill_prop_list+0x5ad/0x600
[  153.645719][ T1634]  ? __asan_memcpy+0x3c/0x60
[  153.645721][ T1634]  rtnl_fill_ifinfo.isra.0+0x3dc/0x2a80
[  153.645724][ T1634]  ? rcu_read_lock_any_held+0x3c/0x90
[  153.645727][ T1634]  ? validate_chain+0x38b/0xc20
[  153.645729][ T1634]  ? rtnl_fill_vf+0x450/0x450
[  153.645731][ T1634]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  153.645732][ T1634]  ? lockdep_hardirqs_on+0x8c/0x130
[  153.645736][ T1634]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  153.645738][ T1634]  ? __lock_acquire+0x508/0xc10
[  153.645740][ T1634]  ? rtnl_fill_vfinfo+0x606/0xf70
[  153.645742][ T1634]  ? lock_acquire.part.0+0xbc/0x260
[  153.645743][ T1634]  ? find_held_lock+0x2b/0x80
[  153.645746][ T1634]  ? __lock_release.isra.0+0x6b/0x1a0
[  153.645748][ T1634]  ? mark_held_locks+0x40/0x70
[  153.645749][ T1634]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  153.645750][ T1634]  ? lockdep_hardirqs_on+0x8c/0x130
[  153.645752][ T1634]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  153.645754][ T1634]  rtnl_getlink+0xa48/0xe50
[  153.645757][ T1634]  ? find_held_lock+0x2b/0x80
[  153.645759][ T1634]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  153.645760][ T1634]  ? mark_usage+0x61/0x170
[  153.645761][ T1634]  ? __lock_release.isra.0+0x6b/0x1a0
[  153.645763][ T1634]  ? __lock_acquire+0x508/0xc10
[  153.645770][ T1634]  ? lock_acquire.part.0+0xbc/0x260
[  153.645772][ T1634]  ? find_held_lock+0x2b/0x80
[  153.645774][ T1634]  ? mark_usage+0x61/0x170
[  153.645775][ T1634]  ? __lock_release.isra.0+0x6b/0x1a0
[  153.645776][ T1634]  ? __lock_acquire+0x508/0xc10
[  153.645778][ T1634]  ? bpf_address_lookup+0x282/0x290
[  153.645781][ T1634]  ? lock_acquire.part.0+0xbc/0x260
[  153.645782][ T1634]  ? find_held_lock+0x2b/0x80
[  153.645784][ T1634]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  153.645786][ T1634]  ? __lock_release.isra.0+0x6b/0x1a0
[  153.645788][ T1634]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  153.645789][ T1634]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  153.645791][ T1634]  ? validate_chain+0x38b/0xc20
[  153.645793][ T1634]  ? rtnl_link_fill+0x900/0x900
[  153.645794][ T1634]  ? __lock_acquire+0x508/0xc10
[  153.645796][ T1634]  ? lock_acquire.part.0+0xbc/0x260
[  153.645797][ T1634]  ? find_held_lock+0x2b/0x80
[  153.645800][ T1634]  netlink_rcv_skb+0x14e/0x3a0
[  153.645803][ T1634]  ? rtnl_link_fill+0x900/0x900
[  153.645805][ T1634]  ? netlink_ack+0xcd0/0xcd0
[  153.645808][ T1634]  ? netlink_deliver_tap+0xc5/0x330
[  153.645809][ T1634]  ? netlink_deliver_tap+0x13c/0x330
[  153.645812][ T1634]  netlink_unicast+0x4af/0x780
[  153.645814][ T1634]  ? netlink_attachskb+0x800/0x800
[  153.645815][ T1634]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  153.645819][ T1634]  ? __lock_acquire+0x508/0xc10
[  153.645821][ T1634]  netlink_sendmsg+0x735/0xc60
[  153.645823][ T1634]  ? netlink_unicast+0x780/0x780
[  153.645825][ T1634]  ? __might_fault+0x97/0x140
[  153.645829][ T1634]  ____sys_sendmsg+0x419/0x850
[  153.645832][ T1634]  ? copy_msghdr_from_user+0x2a0/0x460
[  153.645835][ T1634]  ? get_timestamp.constprop.0+0x3a0/0x3a0
[  153.645836][ T1634]  ? move_addr_to_kernel+0x40/0x40
[  153.645840][ T1634]  ___sys_sendmsg+0x14e/0x1d0
[  153.645842][ T1634]  ? copy_msghdr_from_user+0x460/0x460
[  153.645843][ T1634]  ? kfree+0x22/0x5a0
[  153.645850][ T1634]  __sys_sendmsg+0x145/0x1f0
[  153.645853][ T1634]  ? __sys_sendmsg_sock+0x20/0x20
[  153.645857][ T1634]  ? rcu_is_watching+0x15/0xd0
[  153.645859][ T1634]  do_syscall_64+0x117/0xfc0
[  153.645861][ T1634]  ? irq_exit_rcu+0x1a/0x30
[  153.645864][ T1634]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  153.645866][ T1634] RIP: 0033:0x7f7eab61308e
[  153.645869][ T1634] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  153.645871][ T1634] RSP: 002b:00007fffb3d337b0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[  153.645875][ T1634] RAX: ffffffffffffffda RBX: 000055cb9a8aa330 RCX: 00007f7eab61308e
[  153.645876][ T1634] RDX: 0000000000000000 RSI: 00007fffb3d33850 RDI: 0000000000000005
[  153.645878][ T1634] RBP: 00007fffb3d337c0 R08: 0000000000000000 R09: 0000000000000000
[  153.645878][ T1634] R10: 0000000000000000 R11: 0000000000000202 R12: 000055cb9a8ca5c0
[  153.645879][ T1634] R13: 00007fffb3d33850 R14: 000055cb9a8aa240 R15: 00007fffb3d33990
[  153.645882][ T1634]  </TASK>
[  153.645883][ T1634] 
[  153.653759][ T1634] Allocated by task 1467:
[  153.653827][ T1634]  kasan_save_stack+0x2f/0x50
[  153.653916][ T1634]  kasan_save_track+0x14/0x30
[  153.654002][ T1634]  __kasan_kmalloc+0x7b/0x90
[  153.654087][ T1634]  register_netdevice+0x48b/0x1980
[  153.654172][ T1634]  team_newlink+0xa2/0x1a0
[  153.654257][ T1634]  rtnl_newlink_create+0x2da/0x780
[  153.654343][ T1634]  __rtnl_newlink+0x22b/0xa50
[  153.654429][ T1634]  rtnl_newlink+0x8d1/0xee0
[  153.654513][ T1634]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  153.654597][ T1634]  netlink_rcv_skb+0x14e/0x3a0
[  153.654682][ T1634]  netlink_unicast+0x4af/0x780
[  153.654768][ T1634]  netlink_sendmsg+0x735/0xc60
[  153.654850][ T1634]  ____sys_sendmsg+0x419/0x850
[  153.654934][ T1634]  ___sys_sendmsg+0x14e/0x1d0
[  153.655019][ T1634]  __sys_sendmsg+0x145/0x1f0
[  153.655105][ T1634]  do_syscall_64+0x117/0xfc0
[  153.655191][ T1634]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  153.655297][ T1634] 
[  153.655340][ T1634] Freed by task 1467:
[  153.655406][ T1634]  kasan_save_stack+0x2f/0x50
[  153.655494][ T1634]  kasan_save_track+0x14/0x30
[  153.655580][ T1634]  kasan_save_free_info+0x3b/0x60
[  153.655661][ T1634]  __kasan_slab_free+0x43/0x70
[  153.655744][ T1634]  kfree+0x123/0x5a0
[  153.655812][ T1634]  unregister_netdevice_many_notify+0xe38/0x1d80
[  153.655916][ T1634]  rtnl_dellink+0x4a0/0xae0
[  153.656001][ T1634]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  153.656083][ T1634]  netlink_rcv_skb+0x14e/0x3a0
[  153.656169][ T1634]  netlink_unicast+0x4af/0x780
[  153.656256][ T1634]  netlink_sendmsg+0x735/0xc60
[  153.656340][ T1634]  ____sys_sendmsg+0x419/0x850
[  153.656421][ T1634]  ___sys_sendmsg+0x14e/0x1d0
[  153.656507][ T1634]  __sys_sendmsg+0x145/0x1f0
[  153.656593][ T1634]  do_syscall_64+0x117/0xfc0
[  153.656676][ T1634]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  153.656781][ T1634] 
[  153.656825][ T1634] The buggy address belongs to the object at ff11000004ab7740
[  153.656825][ T1634]  which belongs to the cache kmalloc-64 of size 64
[  153.657119][ T1634] The buggy address is located 16 bytes inside of
[  153.657119][ T1634]  freed 64-byte region [ff11000004ab7740, ff11000004ab7780)
[  153.657363][ T1634] 
[  153.657406][ T1634] The buggy address belongs to the physical page:
[  153.657512][ T1634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ab7
[  153.657707][ T1634] flags: 0x80000000000000(node=0|zone=1)
[  153.657795][ T1634] page_type: f5(slab)
[  153.657864][ T1634] raw: 0080000000000000 ff1100000103cac0 ffd40000003cf750 ffd4000000082dd0
[  153.658015][ T1634] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  153.658169][ T1634] page dumped because: kasan: bad access detected
[  153.658317][ T1634] 
[  153.658359][ T1634] Memory state around the buggy address:
[  153.658442][ T1634]  ff11000004ab7600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  153.658565][ T1634]  ff11000004ab7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.658686][ T1634] >ff11000004ab7700: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  153.658811][ T1634]                                                  ^
[  153.658913][ T1634]  ff11000004ab7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.659035][ T1634]  ff11000004ab7800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  153.659160][ T1634] ==================================================================
[  153.659337][ T1634] Disabling lock debugging due to kernel taint
[  154.095649][ T1634] lag2: Port device veth5 removed
[  154.096738][ T1634] lag2: Port device veth3 removed