[  968.832123][T31454] lag2: Mode changed to "loadbalance"
[  968.893679][T31459] lag2: Port device veth3 added
[  969.014443][T31469] lag2: Port device veth5 added
[  969.073135][T31471] 8021q: adding VLAN 0 to HW filter on device lag2
[  969.103481][T31472] 8021q: adding VLAN 0 to HW filter on device lag2
[  969.758744][T31499] lag1: Mode changed to "loadbalance"
[  969.838447][T31502] lag1: Port device veth2 added
[  970.026174][T31505] lag1: Port device veth4 added
[  970.083513][T31507] 8021q: adding VLAN 0 to HW filter on device lag1
[  975.534030][T31539] lag2: Port device veth5 removed
[  979.204511][T31549] lag2: Port device veth3 removed
[  983.282642][T31581] lag2: Mode changed to "loadbalance"
[  983.350922][T31584] lag2: Port device veth3 added
[  983.483800][T31587] lag2: Port device veth5 added
[  983.528452][T31589] 8021q: adding VLAN 0 to HW filter on device lag2
[  983.558911][T31590] 8021q: adding VLAN 0 to HW filter on device lag2
[  989.030547][T31630] lag2: Port device veth3 removed
[  992.694909][T31640] lag2: Port device veth5 removed
[  996.760149][T31672] lag2: Mode changed to "loadbalance"
[  996.854019][T31675] lag2: Port device veth3 added
[  996.952918][T31678] lag2: Port device veth5 added
[  997.007710][T31680] 8021q: adding VLAN 0 to HW filter on device lag2
[  997.031371][T31681] 8021q: adding VLAN 0 to HW filter on device lag2
[ 1002.494675][T31499] lag1: Port device veth4 removed
[ 1002.504168][T31499] lag1: Port device veth2 removed
[ 1002.546772][T31672] ==================================================================
[ 1002.546925][T31672] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600
[ 1002.547050][T31672] Read of size 8 at addr ff1100001287ac50 by task teamd/31672
[ 1002.547162][T31672] 
[ 1002.547202][T31672] CPU: 1 UID: 0 PID: 31672 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[ 1002.547205][T31672] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1002.547207][T31672] Call Trace:
[ 1002.547209][T31672]  <TASK>
[ 1002.547210][T31672]  dump_stack_lvl+0x6f/0xa0
[ 1002.547216][T31672]  print_address_description.constprop.0+0x56/0x2d0
[ 1002.547221][T31672]  print_report+0xfc/0x1fa
[ 1002.547223][T31672]  ? __virt_addr_valid+0x102/0x440
[ 1002.547227][T31672]  ? __virt_addr_valid+0x1da/0x440
[ 1002.547229][T31672]  kasan_report+0x108/0x130
[ 1002.547233][T31672]  ? rtnl_fill_prop_list+0x5ad/0x600
[ 1002.547234][T31672]  ? rtnl_fill_prop_list+0x5ad/0x600
[ 1002.547236][T31672]  rtnl_fill_prop_list+0x5ad/0x600
[ 1002.547238][T31672]  ? __asan_memcpy+0x3c/0x60
[ 1002.547240][T31672]  rtnl_fill_ifinfo.isra.0+0x3d3/0x2b50
[ 1002.547243][T31672]  ? rcu_read_lock_any_held+0x3c/0x90
[ 1002.547246][T31672]  ? validate_chain+0x38b/0xc20
[ 1002.547248][T31672]  ? rtnl_fill_vf+0x450/0x450
[ 1002.547250][T31672]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1002.547251][T31672]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1002.547254][T31672]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[ 1002.547257][T31672]  ? __lock_acquire+0x508/0xc10
[ 1002.547258][T31672]  ? rtnl_fill_vfinfo+0x847/0xf70
[ 1002.547260][T31672]  ? lock_acquire.part.0+0xbc/0x260
[ 1002.547261][T31672]  ? find_held_lock+0x2b/0x80
[ 1002.547264][T31672]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1002.547266][T31672]  ? mark_held_locks+0x40/0x70
[ 1002.547267][T31672]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[ 1002.547268][T31672]  ? lockdep_hardirqs_on+0x8c/0x130
[ 1002.547270][T31672]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[ 1002.547272][T31672]  rtnl_getlink+0xa48/0xe50
[ 1002.547274][T31672]  ? find_held_lock+0x2b/0x80
[ 1002.547276][T31672]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1002.547277][T31672]  ? mark_usage+0x61/0x170
[ 1002.547279][T31672]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1002.547280][T31672]  ? __lock_acquire+0x508/0xc10
[ 1002.547287][T31672]  ? lock_acquire.part.0+0xbc/0x260
[ 1002.547288][T31672]  ? find_held_lock+0x2b/0x80
[ 1002.547290][T31672]  ? mark_usage+0x61/0x170
[ 1002.547291][T31672]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1002.547292][T31672]  ? __lock_acquire+0x508/0xc10
[ 1002.547293][T31672]  ? bpf_address_lookup+0x282/0x290
[ 1002.547297][T31672]  ? lock_acquire.part.0+0xbc/0x260
[ 1002.547298][T31672]  ? find_held_lock+0x2b/0x80
[ 1002.547300][T31672]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1002.547301][T31672]  ? __lock_release.isra.0+0x6b/0x1a0
[ 1002.547303][T31672]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[ 1002.547304][T31672]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1002.547306][T31672]  ? validate_chain+0x38b/0xc20
[ 1002.547307][T31672]  ? rtnl_link_fill+0x900/0x900
[ 1002.547309][T31672]  ? __lock_acquire+0x508/0xc10
[ 1002.547311][T31672]  ? lock_acquire.part.0+0xbc/0x260
[ 1002.547312][T31672]  ? find_held_lock+0x2b/0x80
[ 1002.547314][T31672]  netlink_rcv_skb+0x14e/0x3a0
[ 1002.547317][T31672]  ? rtnl_link_fill+0x900/0x900
[ 1002.547319][T31672]  ? netlink_ack+0xcd0/0xcd0
[ 1002.547321][T31672]  ? netlink_deliver_tap+0xc5/0x330
[ 1002.547323][T31672]  ? netlink_deliver_tap+0x13c/0x330
[ 1002.547325][T31672]  netlink_unicast+0x47c/0x740
[ 1002.547327][T31672]  ? netlink_attachskb+0x800/0x800
[ 1002.547329][T31672]  ? trace_irq_enable.constprop.0+0x9b/0x180
[ 1002.547332][T31672]  ? __lock_acquire+0x508/0xc10
[ 1002.547334][T31672]  netlink_sendmsg+0x735/0xc60
[ 1002.547336][T31672]  ? netlink_unicast+0x740/0x740
[ 1002.547338][T31672]  ? __might_fault+0x97/0x140
[ 1002.547342][T31672]  ____sys_sendmsg+0x419/0x850
[ 1002.547345][T31672]  ? copy_msghdr_from_user+0x2a0/0x460
[ 1002.547351][T31672]  ? get_timestamp.constprop.0+0x3a0/0x3a0
[ 1002.547352][T31672]  ? move_addr_to_kernel+0x40/0x40
[ 1002.547356][T31672]  ___sys_sendmsg+0x14e/0x1d0
[ 1002.547358][T31672]  ? copy_msghdr_from_user+0x460/0x460
[ 1002.547359][T31672]  ? kfree+0x22/0x5a0
[ 1002.547366][T31672]  __sys_sendmsg+0x145/0x1f0
[ 1002.547368][T31672]  ? __sys_sendmsg_sock+0x20/0x20
[ 1002.547371][T31672]  ? rcu_is_watching+0x15/0xd0
[ 1002.547374][T31672]  do_syscall_64+0x117/0xfc0
[ 1002.547375][T31672]  ? irq_exit_rcu+0x1a/0x30
[ 1002.547378][T31672]  ? common_interrupt+0x5a/0xf0
[ 1002.547379][T31672]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1002.547382][T31672] RIP: 0033:0x7fbfac9e308e
[ 1002.547385][T31672] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[ 1002.547387][T31672] RSP: 002b:00007ffe85092660 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 1002.547391][T31672] RAX: ffffffffffffffda RBX: 0000563efe546330 RCX: 00007fbfac9e308e
[ 1002.547392][T31672] RDX: 0000000000000000 RSI: 00007ffe85092700 RDI: 0000000000000005
[ 1002.547393][T31672] RBP: 00007ffe85092670 R08: 0000000000000000 R09: 0000000000000000
[ 1002.547394][T31672] R10: 0000000000000000 R11: 0000000000000202 R12: 0000563efe567030
[ 1002.547394][T31672] R13: 00007ffe85092700 R14: 0000563efe546240 R15: 00007ffe85092840
[ 1002.547397][T31672]  </TASK>
[ 1002.547398][T31672] 
[ 1002.554574][T31672] Allocated by task 31499:
[ 1002.554652][T31672]  kasan_save_stack+0x2f/0x50
[ 1002.554732][T31672]  kasan_save_track+0x14/0x30
[ 1002.554810][T31672]  __kasan_kmalloc+0x7b/0x90
[ 1002.554887][T31672]  register_netdevice+0x48b/0x1980
[ 1002.554963][T31672]  team_newlink+0xa2/0x1a0
[ 1002.555039][T31672]  rtnl_newlink_create+0x2da/0x780
[ 1002.555118][T31672]  __rtnl_newlink+0x22b/0xa50
[ 1002.555192][T31672]  rtnl_newlink+0x8d1/0xee0
[ 1002.555267][T31672]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1002.555341][T31672]  netlink_rcv_skb+0x14e/0x3a0
[ 1002.555420][T31672]  netlink_unicast+0x47c/0x740
[ 1002.555536][T31672]  netlink_sendmsg+0x735/0xc60
[ 1002.555610][T31672]  ____sys_sendmsg+0x419/0x850
[ 1002.555689][T31672]  ___sys_sendmsg+0x14e/0x1d0
[ 1002.555769][T31672]  __sys_sendmsg+0x145/0x1f0
[ 1002.555881][T31672]  do_syscall_64+0x117/0xfc0
[ 1002.555955][T31672]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1002.556048][T31672] 
[ 1002.556086][T31672] Freed by task 31499:
[ 1002.556184][T31672]  kasan_save_stack+0x2f/0x50
[ 1002.556261][T31672]  kasan_save_track+0x14/0x30
[ 1002.556336][T31672]  kasan_save_free_info+0x3b/0x60
[ 1002.556416][T31672]  __kasan_slab_free+0x43/0x70
[ 1002.556530][T31672]  kfree+0x123/0x5a0
[ 1002.556587][T31672]  unregister_netdevice_many_notify+0xe38/0x1d80
[ 1002.556680][T31672]  rtnl_dellink+0x4a0/0xae0
[ 1002.556756][T31672]  rtnetlink_rcv_msg+0x6fd/0xbd0
[ 1002.556877][T31672]  netlink_rcv_skb+0x14e/0x3a0
[ 1002.556956][T31672]  netlink_unicast+0x47c/0x740
[ 1002.557037][T31672]  netlink_sendmsg+0x735/0xc60
[ 1002.557121][T31672]  ____sys_sendmsg+0x419/0x850
[ 1002.557240][T31672]  ___sys_sendmsg+0x14e/0x1d0
[ 1002.557320][T31672]  __sys_sendmsg+0x145/0x1f0
[ 1002.557403][T31672]  do_syscall_64+0x117/0xfc0
[ 1002.557482][T31672]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 1002.557622][T31672] 
[ 1002.557663][T31672] The buggy address belongs to the object at ff1100001287ac40
[ 1002.557663][T31672]  which belongs to the cache kmalloc-64 of size 64
[ 1002.557849][T31672] The buggy address is located 16 bytes inside of
[ 1002.557849][T31672]  freed 64-byte region [ff1100001287ac40, ff1100001287ac80)
[ 1002.558068][T31672] 
[ 1002.558110][T31672] The buggy address belongs to the physical page:
[ 1002.558203][T31672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1287a
[ 1002.558379][T31672] flags: 0x80000000000000(node=0|zone=1)
[ 1002.558458][T31672] page_type: f5(slab)
[ 1002.558518][T31672] raw: 0080000000000000 ff1100000103cac0 ffd4000000231890 ffd4000000124e90
[ 1002.558694][T31672] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1002.558829][T31672] page dumped because: kasan: bad access detected
[ 1002.558961][T31672] 
[ 1002.558999][T31672] Memory state around the buggy address:
[ 1002.559073][T31672]  ff1100001287ab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1002.559184][T31672]  ff1100001287ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1002.559333][T31672] >ff1100001287ac00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1002.559445][T31672]                                                  ^
[ 1002.559536][T31672]  ff1100001287ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1002.559683][T31672]  ff1100001287ad00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1002.559791][T31672] ==================================================================
[ 1002.559962][T31672] Disabling lock debugging due to kernel taint
[ 1002.904640][T31672] lag2: Port device veth5 removed
[ 1002.905755][T31672] lag2: Port device veth3 removed