[ 436.833161][T17394] lag1: Mode changed to "loadbalance" [ 436.876712][T17395] 8021q: adding VLAN 0 to HW filter on device lag1 [ 436.996275][T17404] lag1: Port device veth0 added [ 437.031406][T17405] lag1: Port device veth6 added [ 437.263256][T17420] 8021q: adding VLAN 0 to HW filter on device lag1 [ 437.576450][T17431] lag4: Mode changed to "loadbalance" [ 437.612890][T17432] 8021q: adding VLAN 0 to HW filter on device lag4 [ 437.748608][T17439] lag4: Port device veth3 added [ 437.781809][T17440] lag4: Port device veth5 added [ 437.951558][T17446] 8021q: adding VLAN 0 to HW filter on device lag4 [ 438.290872][T17458] lag2: Mode changed to "loadbalance" [ 438.332838][T17459] 8021q: adding VLAN 0 to HW filter on device lag2 [ 438.497214][T17466] lag2: Port device veth1 added [ 438.554761][T17467] lag2: Port device veth7 added [ 438.919965][T17475] br1: port 1(lag2) entered blocking state [ 438.920359][T17475] br1: port 1(lag2) entered disabled state [ 438.920648][T17475] lag2: entered allmulticast mode [ 438.920825][T17475] veth1: entered allmulticast mode [ 438.921012][T17475] veth7: entered allmulticast mode [ 438.931344][T17475] veth1: entered promiscuous mode [ 438.931749][T17475] veth7: entered promiscuous mode [ 439.039884][T17479] br1: port 1(lag2) entered blocking state [ 439.040184][T17479] br1: port 1(lag2) entered forwarding state [ 439.204510][T17486] lag3: Mode changed to "loadbalance" [ 439.252149][T17487] 8021q: adding VLAN 0 to HW filter on device lag3 [ 439.448518][T17494] lag3: Port device veth2 added [ 439.501639][T17495] lag3: Port device veth4 added [ 447.452498][T17566] veth7: left allmulticast mode [ 447.454201][T17566] lag2: Port device veth7 removed [ 447.492753][T17567] veth7: left promiscuous mode [ 459.957375][T17619] veth7: entered allmulticast mode [ 459.957708][T17619] veth7: entered promiscuous mode [ 459.958811][T17619] lag2: Port device veth7 added [ 460.108744][T17630] veth1: left allmulticast mode [ 460.110252][T17630] lag2: Port device veth1 removed [ 460.137181][T17631] veth1: left promiscuous mode [ 472.616774][ T305] br1: port 1(lag2) entered disabled state [ 472.645530][T17683] veth7: left allmulticast mode [ 472.646835][T17683] lag2: Port device veth7 removed [ 472.671537][T17684] veth7: left promiscuous mode [ 472.804516][T17694] veth1: entered allmulticast mode [ 472.804793][T17694] veth1: entered promiscuous mode [ 472.806309][T17694] lag2: Port device veth1 added [ 472.824553][ T262] br1: port 1(lag2) entered blocking state [ 472.825149][ T262] br1: port 1(lag2) entered forwarding state [ 472.955815][T17705] veth7: entered allmulticast mode [ 472.956010][T17705] veth7: entered promiscuous mode [ 472.956995][T17705] lag2: Port device veth7 added [ 485.399460][T17757] lag2: left allmulticast mode [ 485.399711][T17757] veth1: left allmulticast mode [ 485.399929][T17757] veth7: left allmulticast mode [ 485.400259][T17757] br1: port 1(lag2) entered disabled state [ 485.403730][T17757] veth1: left promiscuous mode [ 485.403942][T17757] veth7: left promiscuous mode [ 487.470141][T17759] br1: port 1(lag2) entered blocking state [ 487.470383][T17759] br1: port 1(lag2) entered disabled state [ 487.470589][T17759] lag2: entered allmulticast mode [ 487.470735][T17759] veth1: entered allmulticast mode [ 487.470880][T17759] veth7: entered allmulticast mode [ 487.472962][T17759] br1: port 1(lag2) entered blocking state [ 487.473158][T17759] br1: port 1(lag2) entered forwarding state [ 487.473962][T17759] veth1: entered promiscuous mode [ 487.474477][T17759] veth7: entered promiscuous mode [ 499.878138][T17811] lag3: Port device veth2 removed [ 512.371095][T17864] lag3: Port device veth2 added [ 512.520077][T17875] lag3: Port device veth4 removed [ 524.925220][T17928] lag3: Port device veth2 removed [ 525.038081][T17939] lag3: Port device veth4 added [ 525.157412][T17950] lag3: Port device veth2 added [ 537.499534][T18002] br1: port 2(lag3) entered blocking state [ 537.499767][T18002] br1: port 2(lag3) entered disabled state [ 537.499967][T18002] lag3: entered allmulticast mode [ 537.500098][T18002] veth4: entered allmulticast mode [ 537.500239][T18002] veth2: entered allmulticast mode [ 537.502201][T18002] lag3: entered promiscuous mode [ 537.502358][T18002] veth4: entered promiscuous mode [ 537.502820][T18002] veth2: entered promiscuous mode [ 537.503293][T18002] lag2: entered promiscuous mode [ 537.504890][T18002] br1: port 2(lag3) entered blocking state [ 537.505073][T18002] br1: port 2(lag3) entered forwarding state [ 539.544360][T18004] lag3: left allmulticast mode [ 539.545100][T18004] veth4: left allmulticast mode [ 539.545346][T18004] veth2: left allmulticast mode [ 539.545680][T18004] lag3: left promiscuous mode [ 539.545914][T18004] veth4: left promiscuous mode [ 539.546470][T18004] veth2: left promiscuous mode [ 539.547100][T18004] br1: port 2(lag3) entered disabled state [ 539.548968][T18004] lag2: left promiscuous mode [ 539.549113][T18004] veth1: left promiscuous mode [ 539.549467][T18004] veth7: left promiscuous mode [ 539.549933][T18004] veth1: entered promiscuous mode [ 539.550101][T18004] veth7: entered promiscuous mode [ 552.026252][T18059] lag3: Port device veth4 removed [ 552.057564][T18060] lag3: Port device veth2 removed [ 552.106892][T17431] ================================================================== [ 552.107048][T17431] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600 [ 552.107175][T17431] Read of size 8 at addr ff11000016318350 by task teamd/17431 [ 552.107308][T17431] [ 552.107355][T17431] CPU: 2 UID: 0 PID: 17431 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) [ 552.107359][T17431] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 552.107361][T17431] Call Trace: [ 552.107362][T17431] [ 552.107364][T17431] dump_stack_lvl+0x6f/0xa0 [ 552.107370][T17431] print_address_description.constprop.0+0x56/0x2d0 [ 552.107375][T17431] print_report+0xfc/0x1fa [ 552.107377][T17431] ? __virt_addr_valid+0x102/0x440 [ 552.107381][T17431] ? __virt_addr_valid+0x1da/0x440 [ 552.107383][T17431] kasan_report+0x108/0x130 [ 552.107387][T17431] ? rtnl_fill_prop_list+0x5ad/0x600 [ 552.107389][T17431] ? rtnl_fill_prop_list+0x5ad/0x600 [ 552.107391][T17431] rtnl_fill_prop_list+0x5ad/0x600 [ 552.107392][T17431] ? __asan_memcpy+0x3c/0x60 [ 552.107395][T17431] rtnl_fill_ifinfo.isra.0+0x3d3/0x2b50 [ 552.107397][T17431] ? rcu_read_lock_any_held+0x3c/0x90 [ 552.107400][T17431] ? validate_chain+0x38b/0xc20 [ 552.107403][T17431] ? rtnl_fill_vf+0x450/0x450 [ 552.107404][T17431] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 552.107405][T17431] ? lockdep_hardirqs_on+0x8c/0x130 [ 552.107409][T17431] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 552.107412][T17431] ? __lock_acquire+0x508/0xc10 [ 552.107413][T17431] ? rtnl_fill_vfinfo+0x845/0xf70 [ 552.107415][T17431] ? lock_acquire.part.0+0xbc/0x260 [ 552.107416][T17431] ? find_held_lock+0x2b/0x80 [ 552.107419][T17431] ? __lock_release.isra.0+0x6b/0x1a0 [ 552.107421][T17431] ? mark_held_locks+0x40/0x70 [ 552.107422][T17431] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 552.107424][T17431] ? lockdep_hardirqs_on+0x8c/0x130 [ 552.107425][T17431] ? _raw_spin_unlock_irqrestore+0x53/0x80 [ 552.107427][T17431] rtnl_getlink+0xa48/0xe50 [ 552.107430][T17431] ? find_held_lock+0x2b/0x80 [ 552.107432][T17431] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 552.107433][T17431] ? mark_usage+0x61/0x170 [ 552.107434][T17431] ? __lock_release.isra.0+0x6b/0x1a0 [ 552.107436][T17431] ? __lock_acquire+0x508/0xc10 [ 552.107443][T17431] ? lock_acquire.part.0+0xbc/0x260 [ 552.107444][T17431] ? find_held_lock+0x2b/0x80 [ 552.107446][T17431] ? mark_usage+0x61/0x170 [ 552.107448][T17431] ? __lock_release.isra.0+0x6b/0x1a0 [ 552.107449][T17431] ? __lock_acquire+0x508/0xc10 [ 552.107450][T17431] ? bpf_address_lookup+0x282/0x290 [ 552.107454][T17431] ? lock_acquire.part.0+0xbc/0x260 [ 552.107455][T17431] ? find_held_lock+0x2b/0x80 [ 552.107457][T17431] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 552.107458][T17431] ? __lock_release.isra.0+0x6b/0x1a0 [ 552.107460][T17431] ? rtnl_dump_ifinfo+0xfb0/0xfb0 [ 552.107462][T17431] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 552.107463][T17431] ? validate_chain+0x38b/0xc20 [ 552.107465][T17431] ? rtnl_link_fill+0x900/0x900 [ 552.107466][T17431] ? __lock_acquire+0x508/0xc10 [ 552.107468][T17431] ? lock_acquire.part.0+0xbc/0x260 [ 552.107469][T17431] ? find_held_lock+0x2b/0x80 [ 552.107472][T17431] netlink_rcv_skb+0x14e/0x3a0 [ 552.107475][T17431] ? rtnl_link_fill+0x900/0x900 [ 552.107476][T17431] ? netlink_ack+0xcd0/0xcd0 [ 552.107479][T17431] ? netlink_deliver_tap+0xc5/0x330 [ 552.107481][T17431] ? netlink_deliver_tap+0x13c/0x330 [ 552.107483][T17431] netlink_unicast+0x47c/0x740 [ 552.107486][T17431] ? netlink_attachskb+0x800/0x800 [ 552.107487][T17431] ? trace_irq_enable.constprop.0+0x9b/0x180 [ 552.107490][T17431] ? __lock_acquire+0x508/0xc10 [ 552.107492][T17431] netlink_sendmsg+0x735/0xc60 [ 552.107494][T17431] ? netlink_unicast+0x740/0x740 [ 552.107496][T17431] ? __might_fault+0x97/0x140 [ 552.107500][T17431] ____sys_sendmsg+0x419/0x850 [ 552.107504][T17431] ? copy_msghdr_from_user+0x2a0/0x460 [ 552.107506][T17431] ? get_timestamp.constprop.0+0x3a0/0x3a0 [ 552.107507][T17431] ? move_addr_to_kernel+0x40/0x40 [ 552.107511][T17431] ___sys_sendmsg+0x14e/0x1d0 [ 552.107513][T17431] ? copy_msghdr_from_user+0x460/0x460 [ 552.107514][T17431] ? kfree+0x22/0x5a0 [ 552.107521][T17431] ? kvm_clock_get_cycles+0x18/0x30 [ 552.107524][T17431] __sys_sendmsg+0x145/0x1f0 [ 552.107527][T17431] ? __sys_sendmsg_sock+0x20/0x20 [ 552.107530][T17431] ? rcu_is_watching+0x15/0xd0 [ 552.107533][T17431] do_syscall_64+0x117/0xfc0 [ 552.107535][T17431] ? irq_exit_rcu+0x1a/0x30 [ 552.107537][T17431] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 552.107539][T17431] RIP: 0033:0x7fd29e8d308e [ 552.107542][T17431] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa [ 552.107544][T17431] RSP: 002b:00007ffecbcecab0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 552.107548][T17431] RAX: ffffffffffffffda RBX: 000055ce65b4c330 RCX: 00007fd29e8d308e [ 552.107549][T17431] RDX: 0000000000000000 RSI: 00007ffecbcecb50 RDI: 0000000000000005 [ 552.107551][T17431] RBP: 00007ffecbcecac0 R08: 0000000000000000 R09: 0000000000000000 [ 552.107552][T17431] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ce65b6ee50 [ 552.107552][T17431] R13: 00007ffecbcecb50 R14: 000055ce65b4c240 R15: 00007ffecbcecc90 [ 552.107555][T17431] [ 552.107556][T17431] [ 552.115533][T17431] Allocated by task 17486: [ 552.115661][T17431] kasan_save_stack+0x2f/0x50 [ 552.115749][T17431] kasan_save_track+0x14/0x30 [ 552.115872][T17431] __kasan_kmalloc+0x7b/0x90 [ 552.115957][T17431] register_netdevice+0x48b/0x1980 [ 552.116040][T17431] team_newlink+0xa2/0x1a0 [ 552.116127][T17431] rtnl_newlink_create+0x2da/0x780 [ 552.116209][T17431] __rtnl_newlink+0x22b/0xa50 [ 552.116297][T17431] rtnl_newlink+0x8d1/0xee0 [ 552.116426][T17431] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 552.116511][T17431] netlink_rcv_skb+0x14e/0x3a0 [ 552.116593][T17431] netlink_unicast+0x47c/0x740 [ 552.116676][T17431] netlink_sendmsg+0x735/0xc60 [ 552.116758][T17431] ____sys_sendmsg+0x419/0x850 [ 552.116882][T17431] ___sys_sendmsg+0x14e/0x1d0 [ 552.116965][T17431] __sys_sendmsg+0x145/0x1f0 [ 552.117047][T17431] do_syscall_64+0x117/0xfc0 [ 552.117128][T17431] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 552.117231][T17431] [ 552.117280][T17431] Freed by task 17486: [ 552.117389][T17431] kasan_save_stack+0x2f/0x50 [ 552.117476][T17431] kasan_save_track+0x14/0x30 [ 552.117561][T17431] kasan_save_free_info+0x3b/0x60 [ 552.117686][T17431] __kasan_slab_free+0x43/0x70 [ 552.117769][T17431] kfree+0x123/0x5a0 [ 552.117831][T17431] unregister_netdevice_many_notify+0xe38/0x1d80 [ 552.117934][T17431] rtnl_dellink+0x4a0/0xae0 [ 552.118016][T17431] rtnetlink_rcv_msg+0x6fd/0xbd0 [ 552.118099][T17431] netlink_rcv_skb+0x14e/0x3a0 [ 552.118181][T17431] netlink_unicast+0x47c/0x740 [ 552.118267][T17431] netlink_sendmsg+0x735/0xc60 [ 552.118352][T17431] ____sys_sendmsg+0x419/0x850 [ 552.118475][T17431] ___sys_sendmsg+0x14e/0x1d0 [ 552.118558][T17431] __sys_sendmsg+0x145/0x1f0 [ 552.118683][T17431] do_syscall_64+0x117/0xfc0 [ 552.118765][T17431] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 552.118868][T17431] [ 552.118911][T17431] The buggy address belongs to the object at ff11000016318340 [ 552.118911][T17431] which belongs to the cache kmalloc-64 of size 64 [ 552.119115][T17431] The buggy address is located 16 bytes inside of [ 552.119115][T17431] freed 64-byte region [ff11000016318340, ff11000016318380) [ 552.119360][T17431] [ 552.119440][T17431] The buggy address belongs to the physical page: [ 552.119542][T17431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000016318040 pfn:0x16318 [ 552.119794][T17431] flags: 0x80000000000200(workingset|node=0|zone=1) [ 552.119897][T17431] page_type: f5(slab) [ 552.119961][T17431] raw: 0080000000000200 ff1100000103cac0 ffd4000000784690 ffd400000070ac10 [ 552.120105][T17431] raw: ff11000016318040 000000000010000f 00000000f5000000 0000000000000000 [ 552.120246][T17431] page dumped because: kasan: bad access detected [ 552.120355][T17431] [ 552.120396][T17431] Memory state around the buggy address: [ 552.120512][T17431] ff11000016318200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 552.120629][T17431] ff11000016318280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 552.120745][T17431] >ff11000016318300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 552.120860][T17431] ^ [ 552.120957][T17431] ff11000016318380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 552.121072][T17431] ff11000016318400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 552.121188][T17431] ================================================================== [ 552.121390][T17431] Disabling lock debugging due to kernel taint [ 552.279886][T17290] br1: port 1(lag2) entered disabled state [ 552.314079][T18077] lag2: left allmulticast mode [ 552.314194][T18077] veth1: left allmulticast mode [ 552.314292][T18077] veth7: left allmulticast mode [ 552.314440][T18077] br1: port 1(lag2) entered disabled state [ 552.368985][T18079] lag2: Port device veth7 removed [ 552.386036][T18080] lag2: Port device veth1 removed [ 552.703939][T18093] lag4: Port device veth5 removed [ 552.721544][T18094] lag4: Port device veth3 removed [ 553.045161][T18107] lag1: Port device veth6 removed [ 553.058656][T18108] lag1: Port device veth0 removed