[ 143.473312][ T1977] lag2: Mode changed to "loadbalance" [ 143.547881][ T1982] lag2: Port device veth3 added [ 143.673264][ T1992] lag2: Port device veth5 added [ 143.717260][ T1994] 8021q: adding VLAN 0 to HW filter on device lag2 [ 143.749180][ T1995] 8021q: adding VLAN 0 to HW filter on device lag2 [ 144.332175][ T2022] lag1: Mode changed to "loadbalance" [ 144.406895][ T2025] lag1: Port device veth2 added [ 144.529879][ T2028] lag1: Port device veth4 added [ 144.577166][ T2030] 8021q: adding VLAN 0 to HW filter on device lag1 [ 150.029250][ T2062] lag2: Port device veth5 removed [ 153.698522][ T2072] lag2: Port device veth3 removed [ 157.759350][ T2104] lag2: Mode changed to "loadbalance" [ 157.846966][ T2107] lag2: Port device veth3 added [ 157.958768][ T2110] lag2: Port device veth5 added [ 158.022635][ T2112] 8021q: adding VLAN 0 to HW filter on device lag2 [ 158.053238][ T2113] 8021q: adding VLAN 0 to HW filter on device lag2 [ 163.552233][ T2153] lag2: Port device veth3 removed [ 167.218458][ T2163] lag2: Port device veth5 removed [ 171.302359][ T2195] lag2: Mode changed to "loadbalance" [ 171.371849][ T2198] lag2: Port device veth3 added [ 171.486848][ T2201] lag2: Port device veth5 added [ 171.539935][ T2203] 8021q: adding VLAN 0 to HW filter on device lag2 [ 171.574886][ T2204] 8021q: adding VLAN 0 to HW filter on device lag2 [ 177.048538][ T2022] lag1: Port device veth4 removed [ 177.052515][ T2022] lag1: Port device veth2 removed [ 177.088288][ T2195] ================================================================== [ 177.088458][ T2195] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600 [ 177.088594][ T2195] Read of size 8 at addr ff1100000d692450 by task teamd/2195 [ 177.088725][ T2195] [ 177.088772][ T2195] CPU: 3 UID: 0 PID: 2195 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) [ 177.088776][ T2195] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 177.088778][ T2195] Call Trace: [ 177.088779][ T2195] [ 177.088781][ T2195] dump_stack_lvl+0x6f/0xa0 [ 177.088787][ T2195] print_address_description.constprop.0+0x56/0x2d0 [ 177.088794][ T2195] print_report+0xfc/0x1fa [ 177.088797][ T2195] ? __virt_addr_valid+0x102/0x440 [ 177.088802][ T2195] ? __virt_addr_valid+0x1da/0x440 [ 177.088804][ T2195] kasan_report+0x108/0x130 [ 177.088807][ T2195] ? rtnl_fill_prop_list+0x5ad/0x600 [ 177.088809][ T2195] ? rtnl_fill_prop_list+0x5ad/0x600 [ 177.088811][ T2195] rtnl_fill_prop_list+0x5ad/0x600 [ 177.088813][ T2195] ? __asan_memcpy+0x3c/0x60 [ 177.088816][ T2195] rtnl_fill_ifinfo.isra.0+0x3dc/0x2a80 [ 177.088818][ T2195] ? rcu_read_lock_any_held+0x3c/0x90 [ 177.088821][ T2195] ? validate_chain+0x38b/0xc20 [ 177.088824][ T2195] ? rtnl_fill_vf+0x450/0x450 [ 177.088825][ T2195] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 177.088827][ T2195] ? lockdep_hardirqs_on+0x8c/0x130 [ 177.088830][ T2195] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 177.088833][ T2195] ? __lock_acquire+0x508/0xc10 [ 177.088834][ T2195] ? rtnl_fill_vfinfo+0x607/0xf70 [ 177.088836][ T2195] ? lock_acquire.part.0+0xbc/0x260 [ 177.088838][ T2195] ? find_held_lock+0x2b/0x80 [ 177.088841][ T2195] ? __lock_release.isra.0+0x6b/0x1a0 [ 177.088842][ T2195] ? mark_held_locks+0x40/0x70 [ 177.088844][ T2195] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 177.088845][ T2195] ? lockdep_hardirqs_on+0x8c/0x130 [ 177.088847][ T2195] ? _raw_spin_unlock_irqrestore+0x53/0x80 [ 177.088849][ T2195] rtnl_getlink+0xa48/0xe50 [ 177.088852][ T2195] ? find_held_lock+0x2b/0x80 [ 177.088854][ T2195] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 177.088855][ T2195] ? mark_usage+0x61/0x170 [ 177.088857][ T2195] ? __lock_release.isra.0+0x6b/0x1a0 [ 177.088858][ T2195] ? __lock_acquire+0x508/0xc10 [ 177.088865][ T2195] ? lock_acquire.part.0+0xbc/0x260 [ 177.088867][ T2195] ? find_held_lock+0x2b/0x80 [ 177.088869][ T2195] ? mark_usage+0x61/0x170 [ 177.088870][ T2195] ? __lock_release.isra.0+0x6b/0x1a0 [ 177.088871][ T2195] ? __lock_acquire+0x508/0xc10 [ 177.088873][ T2195] ? bpf_address_lookup+0x282/0x290 [ 177.088876][ T2195] ? lock_acquire.part.0+0xbc/0x260 [ 177.088877][ T2195] ? find_held_lock+0x2b/0x80 [ 177.088879][ T2195] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 177.088881][ T2195] ? __lock_release.isra.0+0x6b/0x1a0 [ 177.088883][ T2195] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 177.088884][ T2195] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 177.088886][ T2195] ? validate_chain+0x38b/0xc20 [ 177.088888][ T2195] ? rtnl_link_fill+0x900/0x900 [ 177.088889][ T2195] ? __lock_acquire+0x508/0xc10 [ 177.088891][ T2195] ? lock_acquire.part.0+0xbc/0x260 [ 177.088892][ T2195] ? find_held_lock+0x2b/0x80 [ 177.088895][ T2195] netlink_rcv_skb+0x14e/0x3a0 [ 177.088900][ T2195] ? rtnl_link_fill+0x900/0x900 [ 177.088902][ T2195] ? netlink_ack+0xcd0/0xcd0 [ 177.088905][ T2195] ? netlink_deliver_tap+0xc5/0x330 [ 177.088907][ T2195] ? netlink_deliver_tap+0x13c/0x330 [ 177.088909][ T2195] netlink_unicast+0x4af/0x780 [ 177.088911][ T2195] ? netlink_attachskb+0x800/0x800 [ 177.088913][ T2195] ? trace_irq_enable.constprop.0+0x9b/0x180 [ 177.088916][ T2195] ? __lock_acquire+0x508/0xc10 [ 177.088918][ T2195] netlink_sendmsg+0x735/0xc60 [ 177.088921][ T2195] ? netlink_unicast+0x780/0x780 [ 177.088923][ T2195] ? __might_fault+0x97/0x140 [ 177.088927][ T2195] ____sys_sendmsg+0x419/0x850 [ 177.088930][ T2195] ? copy_msghdr_from_user+0x2a0/0x460 [ 177.088932][ T2195] ? get_timestamp.constprop.0+0x3a0/0x3a0 [ 177.088934][ T2195] ? move_addr_to_kernel+0x40/0x40 [ 177.088938][ T2195] ___sys_sendmsg+0x14e/0x1d0 [ 177.088940][ T2195] ? copy_msghdr_from_user+0x460/0x460 [ 177.088941][ T2195] ? kfree+0x22/0x5a0 [ 177.088949][ T2195] __sys_sendmsg+0x145/0x1f0 [ 177.088951][ T2195] ? __sys_sendmsg_sock+0x20/0x20 [ 177.088955][ T2195] ? rcu_is_watching+0x15/0xd0 [ 177.088957][ T2195] do_syscall_64+0x117/0xfc0 [ 177.088959][ T2195] ? trace_hardirqs_off+0xd/0x30 [ 177.088961][ T2195] ? exc_page_fault+0xee/0x100 [ 177.088963][ T2195] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 177.088966][ T2195] RIP: 0033:0x7f36974bb08e [ 177.088969][ T2195] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa [ 177.088970][ T2195] RSP: 002b:00007ffdfdcf00d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 177.088975][ T2195] RAX: ffffffffffffffda RBX: 0000558185858330 RCX: 00007f36974bb08e [ 177.088976][ T2195] RDX: 0000000000000000 RSI: 00007ffdfdcf0170 RDI: 0000000000000005 [ 177.088977][ T2195] RBP: 00007ffdfdcf00e0 R08: 0000000000000000 R09: 0000000000000000 [ 177.088978][ T2195] R10: 0000000000000000 R11: 0000000000000202 R12: 000055818587de60 [ 177.088979][ T2195] R13: 00007ffdfdcf0170 R14: 0000558185858240 R15: 00007ffdfdcf02b0 [ 177.088982][ T2195] [ 177.088983][ T2195] [ 177.097196][ T2195] Allocated by task 2022: [ 177.097265][ T2195] kasan_save_stack+0x2f/0x50 [ 177.097366][ T2195] kasan_save_track+0x14/0x30 [ 177.097454][ T2195] __kasan_kmalloc+0x7b/0x90 [ 177.097540][ T2195] register_netdevice+0x48b/0x1980 [ 177.097626][ T2195] team_newlink+0xa2/0x1a0 [ 177.097715][ T2195] rtnl_newlink_create+0x2da/0x780 [ 177.097803][ T2195] __rtnl_newlink+0x22b/0xa50 [ 177.097930][ T2195] rtnl_newlink+0x8d1/0xee0 [ 177.098015][ T2195] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 177.098104][ T2195] netlink_rcv_skb+0x14e/0x3a0 [ 177.098190][ T2195] netlink_unicast+0x4af/0x780 [ 177.098283][ T2195] netlink_sendmsg+0x735/0xc60 [ 177.098369][ T2195] ____sys_sendmsg+0x419/0x850 [ 177.098496][ T2195] ___sys_sendmsg+0x14e/0x1d0 [ 177.098583][ T2195] __sys_sendmsg+0x145/0x1f0 [ 177.098669][ T2195] do_syscall_64+0x117/0xfc0 [ 177.098756][ T2195] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 177.098868][ T2195] [ 177.098913][ T2195] Freed by task 2022: [ 177.099017][ T2195] kasan_save_stack+0x2f/0x50 [ 177.099105][ T2195] kasan_save_track+0x14/0x30 [ 177.099192][ T2195] kasan_save_free_info+0x3b/0x60 [ 177.099293][ T2195] __kasan_slab_free+0x43/0x70 [ 177.099381][ T2195] kfree+0x123/0x5a0 [ 177.099488][ T2195] unregister_netdevice_many_notify+0xe38/0x1d80 [ 177.099597][ T2195] rtnl_dellink+0x4a0/0xae0 [ 177.099688][ T2195] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 177.099775][ T2195] netlink_rcv_skb+0x14e/0x3a0 [ 177.099867][ T2195] netlink_unicast+0x4af/0x780 [ 177.099953][ T2195] netlink_sendmsg+0x735/0xc60 [ 177.100040][ T2195] ____sys_sendmsg+0x419/0x850 [ 177.100126][ T2195] ___sys_sendmsg+0x14e/0x1d0 [ 177.100214][ T2195] __sys_sendmsg+0x145/0x1f0 [ 177.100347][ T2195] do_syscall_64+0x117/0xfc0 [ 177.100434][ T2195] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 177.100581][ T2195] [ 177.100626][ T2195] The buggy address belongs to the object at ff1100000d692440 [ 177.100626][ T2195] which belongs to the cache kmalloc-64 of size 64 [ 177.100882][ T2195] The buggy address is located 16 bytes inside of [ 177.100882][ T2195] freed 64-byte region [ff1100000d692440, ff1100000d692480) [ 177.101137][ T2195] [ 177.101182][ T2195] The buggy address belongs to the physical page: [ 177.101333][ T2195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd692 [ 177.101527][ T2195] flags: 0x80000000000000(node=0|zone=1) [ 177.101618][ T2195] page_type: f5(slab) [ 177.101686][ T2195] raw: 0080000000000000 ff1100000103cac0 ffd4000000074150 ffd4000000133e50 [ 177.101853][ T2195] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 177.102004][ T2195] page dumped because: kasan: bad access detected [ 177.102152][ T2195] [ 177.102196][ T2195] Memory state around the buggy address: [ 177.102285][ T2195] ff1100000d692300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 177.102414][ T2195] ff1100000d692380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.102578][ T2195] >ff1100000d692400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 177.102702][ T2195] ^ [ 177.102814][ T2195] ff1100000d692480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.102940][ T2195] ff1100000d692500: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 177.103067][ T2195] ================================================================== [ 177.103257][ T2195] Disabling lock debugging due to kernel taint [ 177.470932][ T2195] lag2: Port device veth5 removed [ 177.472081][ T2195] lag2: Port device veth3 removed