[ 1132.979702][T17519] lag1: Mode changed to "loadbalance"
[ 1133.016037][T17520] 8021q: adding VLAN 0 to HW filter on device lag1
[ 1133.118286][T17527] lag1: Port device veth0 added
[ 1133.145689][T17529] lag1: Port device veth6 added
[ 1133.338404][T17544] 8021q: adding VLAN 0 to HW filter on device lag1
[ 1133.581435][T17555] lag4: Mode changed to "loadbalance"
[ 1133.614616][T17556] 8021q: adding VLAN 0 to HW filter on device lag4
[ 1133.775171][T17563] lag4: Port device veth3 added
[ 1133.796884][T17564] lag4: Port device veth5 added
[ 1133.936379][T17570] 8021q: adding VLAN 0 to HW filter on device lag4
[ 1134.194477][T17581] lag2: Mode changed to "loadbalance"
[ 1134.232174][T17584] 8021q: adding VLAN 0 to HW filter on device lag2
[ 1134.376104][T17591] lag2: Port device veth1 added
[ 1134.411546][T17592] lag2: Port device veth7 added
[ 1134.509421][T17598] br1: port 1(lag2) entered blocking state
[ 1134.509611][T17598] br1: port 1(lag2) entered disabled state
[ 1134.509784][T17598] lag2: entered allmulticast mode
[ 1134.509932][T17598] veth1: entered allmulticast mode
[ 1134.510072][T17598] veth7: entered allmulticast mode
[ 1134.513213][T17598] veth1: entered promiscuous mode
[ 1134.513389][T17598] veth7: entered promiscuous mode
[ 1134.600546][T17602] br1: port 1(lag2) entered blocking state
[ 1134.600796][T17602] br1: port 1(lag2) entered forwarding state
[ 1134.738525][T17608] lag3: Mode changed to "loadbalance"
[ 1134.766095][T17609] 8021q: adding VLAN 0 to HW filter on device lag3
[ 1134.921101][T17616] lag3: Port device veth2 added
[ 1134.954566][T17617] lag3: Port device veth4 added
[ 1142.687290][T17688] veth7: left allmulticast mode
[ 1142.688354][T17688] lag2: Port device veth7 removed
[ 1142.711279][T17689] veth7: left promiscuous mode
[ 1155.042333][T17741] veth7: entered allmulticast mode
[ 1155.042874][T17741] veth7: entered promiscuous mode
[ 1155.043753][T17741] lag2: Port device veth7 added
[ 1155.167345][T17752] veth1: left allmulticast mode
[ 1155.168484][T17752] lag2: Port device veth1 removed
[ 1155.189363][T17753] veth1: left promiscuous mode
[ 1167.484030][   T46] br1: port 1(lag2) entered disabled state
[ 1167.502109][T17805] veth7: left allmulticast mode
[ 1167.502987][T17805] lag2: Port device veth7 removed
[ 1167.523033][T17806] veth7: left promiscuous mode
[ 1167.611871][T17816] veth1: entered allmulticast mode
[ 1167.612068][T17816] veth1: entered promiscuous mode
[ 1167.613061][T17816] lag2: Port device veth1 added
[ 1167.620851][   T39] br1: port 1(lag2) entered blocking state
[ 1167.621139][   T39] br1: port 1(lag2) entered forwarding state
[ 1167.731986][T17827] veth7: entered allmulticast mode
[ 1167.732197][T17827] veth7: entered promiscuous mode
[ 1167.733161][T17827] lag2: Port device veth7 added
[ 1180.054376][T17879] lag2: left allmulticast mode
[ 1180.055063][T17879] veth1: left allmulticast mode
[ 1180.055210][T17879] veth7: left allmulticast mode
[ 1180.055548][T17879] br1: port 1(lag2) entered disabled state
[ 1180.057160][T17879] veth1: left promiscuous mode
[ 1180.057326][T17879] veth7: left promiscuous mode
[ 1182.092039][T17882] br1: port 1(lag2) entered blocking state
[ 1182.092219][T17882] br1: port 1(lag2) entered disabled state
[ 1182.092417][T17882] lag2: entered allmulticast mode
[ 1182.092551][T17882] veth1: entered allmulticast mode
[ 1182.092678][T17882] veth7: entered allmulticast mode
[ 1182.094508][T17882] br1: port 1(lag2) entered blocking state
[ 1182.094679][T17882] br1: port 1(lag2) entered forwarding state
[ 1182.096100][T17882] veth1: entered promiscuous mode
[ 1182.096252][T17882] veth7: entered promiscuous mode
[ 1194.405218][T17935] lag3: Port device veth2 removed
[ 1206.754604][T17988] lag3: Port device veth2 added
[ 1206.869294][T17999] lag3: Port device veth4 removed
[ 1219.197538][T18052] lag3: Port device veth2 removed
[ 1219.297771][T18063] lag3: Port device veth4 added
[ 1219.410913][T18074] lag3: Port device veth2 added
[ 1231.722359][T18126] br1: port 2(lag3) entered blocking state
[ 1231.722593][T18126] br1: port 2(lag3) entered disabled state
[ 1231.722804][T18126] lag3: entered allmulticast mode
[ 1231.722934][T18126] veth4: entered allmulticast mode
[ 1231.723065][T18126] veth2: entered allmulticast mode
[ 1231.725278][T18126] lag3: entered promiscuous mode
[ 1231.725429][T18126] veth4: entered promiscuous mode
[ 1231.725727][T18126] veth2: entered promiscuous mode
[ 1231.726147][T18126] lag2: entered promiscuous mode
[ 1231.727051][T18126] br1: port 2(lag3) entered blocking state
[ 1231.727226][T18126] br1: port 2(lag3) entered forwarding state
[ 1233.765099][T18128] lag3: left allmulticast mode
[ 1233.765303][T18128] veth4: left allmulticast mode
[ 1233.765486][T18128] veth2: left allmulticast mode
[ 1233.765755][T18128] lag3: left promiscuous mode
[ 1233.765953][T18128] veth4: left promiscuous mode
[ 1233.766337][T18128] veth2: left promiscuous mode
[ 1233.766904][T18128] br1: port 2(lag3) entered disabled state
[ 1233.767666][T18128] lag2: left promiscuous mode
[ 1233.767844][T18128] veth1: left promiscuous mode
[ 1233.768183][T18128] veth7: left promiscuous mode
[ 1233.769394][T18128] veth1: entered promiscuous mode
[ 1233.769619][T18128] veth7: entered promiscuous mode
[ 1246.194539][T18184] lag3: Port device veth4 removed
[ 1246.224051][T18185] lag3: Port device veth2 removed
[ 1246.272767][T17581] ==================================================================
[ 1246.272903][T17581] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600
[ 1246.273063][T17581] Read of size 8 at addr ff1100000cc7fb50 by task teamd/17581
[ 1246.273175][T17581] 
[ 1246.273217][T17581] CPU: 0 UID: 0 PID: 17581 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[ 1246.273220][T17581] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1246.273222][T17581] Call Trace:
[ 1246.273224][T17581]  <TASK>
[ 1246.273225][T17581]  dump_stack_lvl+0x6f/0xa0
[ 1246.273231][T17581]  print_address_description.constprop.0+0x56/0x2d0
[ 1246.273235][T17581]  print_report+0xfc/0x1fa
[ 1246.273237][T17581]  ? __virt_addr_valid+0x102/0x440
[ 1246.273241][T17581]  ? __virt_addr_valid+0x1da/0x440
[ 1246.273243][T17581]  kasan_report+0x108/0x130
[ 1246.273247][T17581]  ? rtnl_fill_prop_list+0x5ad/0x600
[ 1246.273249][T17581]  ? rtnl_fill_prop_list+0x5ad/0x600
[ 1246.273251][T17581]  rtnl_fill_prop_list+0x5ad/0x600
[ 1246.273252][T17581]  ? __asan_memcpy+0x3c/0x60
[ 1246.273255][T17581]  rtnl_fill_ifinfo.isra.0+0x3d3/0x2b50
[ 1246.273258][T17581]  ? rcu_read_lock_any_held+0x3c/0x90
[ 1246.273260][T17581]  ? validate_chain+0x38b/0xc20
[ 1246.273263][T17581]  ? rtnl_fill_vf+0x450/0x450
[ 1246.273264][T17581]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1246.273266][T17581]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1246.273269][T17581]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 1246.273272][T17581]  ? __lock_acquire+0x508/0xc10
[ 1246.273273][T17581]  ? rtnl_fill_vfinfo+0x844/0xf70
[ 1246.273275][T17581]  ? lock_acquire.part.0+0xbc/0x260
[ 1246.273276][T17581]  ? find_held_lock+0x2b/0x80
[ 1246.273279][T17581]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1246.273280][T17581]  ? mark_held_locks+0x40/0x70
[ 1246.273282][T17581]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1246.273283][T17581]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1246.273285][T17581]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 1246.273287][T17581]  rtnl_getlink+0xa48/0xe50
[ 1246.273289][T17581]  ? find_held_lock+0x2b/0x80
[ 1246.273291][T17581]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1246.273292][T17581]  ? mark_usage+0x61/0x170
[ 1246.273294][T17581]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1246.273295][T17581]  ? __lock_acquire+0x508/0xc10
[ 1246.273303][T17581]  ? lock_acquire.part.0+0xbc/0x260
[ 1246.273304][T17581]  ? find_held_lock+0x2b/0x80
[ 1246.273306][T17581]  ? mark_usage+0x61/0x170
[ 1246.273307][T17581]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1246.273308][T17581]  ? __lock_acquire+0x508/0xc10
[ 1246.273309][T17581]  ? bpf_address_lookup+0x282/0x290
[ 1246.273313][T17581]  ? lock_acquire.part.0+0xbc/0x260
[ 1246.273314][T17581]  ? find_held_lock+0x2b/0x80
[ 1246.273316][T17581]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1246.273317][T17581]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1246.273319][T17581]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1246.273320][T17581]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1246.273322][T17581]  ? validate_chain+0x38b/0xc20
[ 1246.273324][T17581]  ? rtnl_link_fill+0x900/0x900
[ 1246.273325][T17581]  ? __lock_acquire+0x508/0xc10
[ 1246.273327][T17581]  ? lock_acquire.part.0+0xbc/0x260
[ 1246.273328][T17581]  ? find_held_lock+0x2b/0x80
[ 1246.273330][T17581]  netlink_rcv_skb+0x14e/0x3a0
[ 1246.273333][T17581]  ? rtnl_link_fill+0x900/0x900
[ 1246.273335][T17581]  ? netlink_ack+0xcd0/0xcd0
[ 1246.273338][T17581]  ? netlink_deliver_tap+0xc5/0x330
[ 1246.273339][T17581]  ? netlink_deliver_tap+0x13c/0x330
[ 1246.273342][T17581]  netlink_unicast+0x47c/0x740
[ 1246.273344][T17581]  ? netlink_attachskb+0x800/0x800
[ 1246.273345][T17581]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1246.273348][T17581]  ? __lock_acquire+0x508/0xc10
[ 1246.273350][T17581]  netlink_sendmsg+0x735/0xc60
[ 1246.273352][T17581]  ? netlink_unicast+0x740/0x740
[ 1246.273354][T17581]  ? __might_fault+0x97/0x140
[ 1246.273358][T17581]  ____sys_sendmsg+0x419/0x850
[ 1246.273361][T17581]  ? copy_msghdr_from_user+0x2a0/0x460
[ 1246.273363][T17581]  ? get_timestamp.constprop.0+0x3a0/0x3a0
[ 1246.273365][T17581]  ? move_addr_to_kernel+0x40/0x40
[ 1246.273368][T17581]  ___sys_sendmsg+0x14e/0x1d0
[ 1246.273370][T17581]  ? copy_msghdr_from_user+0x460/0x460
[ 1246.273372][T17581]  ? kfree+0x22/0x5a0
[ 1246.273378][T17581]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1246.273380][T17581]  __sys_sendmsg+0x145/0x1f0
[ 1246.273382][T17581]  ? __sys_sendmsg_sock+0x20/0x20
[ 1246.273386][T17581]  ? rcu_is_watching+0x15/0xd0
[ 1246.273388][T17581]  do_syscall_64+0x117/0xfc0
[ 1246.273390][T17581]  ? irq_exit_rcu+0x1a/0x30
[ 1246.273392][T17581]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1246.273395][T17581] RIP: 0033:0x7f311256108e
[ 1246.273398][T17581] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 1246.273399][T17581] RSP: 002b:00007fff448d57a0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 1246.273403][T17581] RAX: ffffffffffffffda RBX: 0000556a42c39330 RCX: 00007f311256108e
[ 1246.273405][T17581] RDX: 0000000000000000 RSI: 00007fff448d5840 RDI: 0000000000000005
[ 1246.273406][T17581] RBP: 00007fff448d57b0 R08: 0000000000000000 R09: 0000000000000000
[ 1246.273406][T17581] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556a42c42560
[ 1246.273407][T17581] R13: 00007fff448d5840 R14: 0000556a42c39240 R15: 00007fff448d5980
[ 1246.273410][T17581]  </TASK>
[ 1246.273411][T17581] 
[ 1246.280295][T17581] Allocated by task 17608:
[ 1246.280362][T17581]  kasan_save_stack+0x2f/0x50
[ 1246.280431][T17581]  kasan_save_track+0x14/0x30
[ 1246.280496][T17581]  __kasan_kmalloc+0x7b/0x90
[ 1246.280560][T17581]  register_netdevice+0x48b/0x1980
[ 1246.280626][T17581]  team_newlink+0xa2/0x1a0
[ 1246.280693][T17581]  rtnl_newlink_create+0x2da/0x780
[ 1246.280758][T17581]  __rtnl_newlink+0x22b/0xa50
[ 1246.280825][T17581]  rtnl_newlink+0x8d1/0xee0
[ 1246.280892][T17581]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1246.280956][T17581]  netlink_rcv_skb+0x14e/0x3a0
[ 1246.281023][T17581]  netlink_unicast+0x47c/0x740
[ 1246.281092][T17581]  netlink_sendmsg+0x735/0xc60
[ 1246.281159][T17581]  ____sys_sendmsg+0x419/0x850
[ 1246.281225][T17581]  ___sys_sendmsg+0x14e/0x1d0
[ 1246.281293][T17581]  __sys_sendmsg+0x145/0x1f0
[ 1246.281357][T17581]  do_syscall_64+0x117/0xfc0
[ 1246.281422][T17581]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1246.281500][T17581] 
[ 1246.281533][T17581] Freed by task 17608:
[ 1246.281583][T17581]  kasan_save_stack+0x2f/0x50
[ 1246.281648][T17581]  kasan_save_track+0x14/0x30
[ 1246.281715][T17581]  kasan_save_free_info+0x3b/0x60
[ 1246.281781][T17581]  __kasan_slab_free+0x43/0x70
[ 1246.281845][T17581]  kfree+0x123/0x5a0
[ 1246.281895][T17581]  unregister_netdevice_many_notify+0xe38/0x1d80
[ 1246.281974][T17581]  rtnl_dellink+0x4a0/0xae0
[ 1246.282038][T17581]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1246.282102][T17581]  netlink_rcv_skb+0x14e/0x3a0
[ 1246.282167][T17581]  netlink_unicast+0x47c/0x740
[ 1246.282230][T17581]  netlink_sendmsg+0x735/0xc60
[ 1246.282295][T17581]  ____sys_sendmsg+0x419/0x850
[ 1246.282358][T17581]  ___sys_sendmsg+0x14e/0x1d0
[ 1246.282423][T17581]  __sys_sendmsg+0x145/0x1f0
[ 1246.282487][T17581]  do_syscall_64+0x117/0xfc0
[ 1246.282552][T17581]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1246.282633][T17581] 
[ 1246.282667][T17581] The buggy address belongs to the object at ff1100000cc7fb40
[ 1246.282667][T17581]  which belongs to the cache kmalloc-64 of size 64
[ 1246.283084][T17581] The buggy address is located 16 bytes inside of
[ 1246.283084][T17581]  freed 64-byte region [ff1100000cc7fb40, ff1100000cc7fb80)
[ 1246.283241][T17581] 
[ 1246.283274][T17581] The buggy address belongs to the physical page:
[ 1246.283358][T17581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100000cc7fe40 pfn:0xcc7f
[ 1246.283500][T17581] flags: 0x80000000000200(workingset|node=0|zone=1)
[ 1246.283623][T17581] page_type: f5(slab)
[ 1246.283676][T17581] raw: 0080000000000200 ff1100000103cac0 ffd4000000093bd0 ffd40000004a58d0
[ 1246.283795][T17581] raw: ff1100000cc7fe40 000000000010000f 00000000f5000000 0000000000000000
[ 1246.283948][T17581] page dumped because: kasan: bad access detected
[ 1246.284030][T17581] 
[ 1246.284064][T17581] Memory state around the buggy address:
[ 1246.284127][T17581]  ff1100000cc7fa00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1246.284258][T17581]  ff1100000cc7fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1246.284352][T17581] >ff1100000cc7fb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1246.284444][T17581]                                                  ^
[ 1246.284562][T17581]  ff1100000cc7fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1246.284655][T17581]  ff1100000cc7fc00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 1246.284787][T17581] ==================================================================
[ 1246.285209][T17581] Disabling lock debugging due to kernel taint
[ 1246.427523][   T36] br1: port 1(lag2) entered disabled state
[ 1246.453826][T18202] lag2: left allmulticast mode
[ 1246.453918][T18202] veth1: left allmulticast mode
[ 1246.453994][T18202] veth7: left allmulticast mode
[ 1246.454102][T18202] br1: port 1(lag2) entered disabled state
[ 1246.500183][T18204] lag2: Port device veth7 removed
[ 1246.513229][T18205] lag2: Port device veth1 removed
[ 1246.822165][T18218] lag4: Port device veth5 removed
[ 1246.835324][T18219] lag4: Port device veth3 removed
[ 1247.148573][T18232] lag1: Port device veth6 removed
[ 1247.164210][T18233] lag1: Port device veth0 removed