[  624.829855][T20537] lag2: Mode changed to "loadbalance"
[  624.888993][T20541] lag2: Port device veth3 added
[  624.979366][T20549] lag2: Port device veth5 added
[  625.058658][T20554] 8021q: adding VLAN 0 to HW filter on device lag2
[  625.093859][T20555] 8021q: adding VLAN 0 to HW filter on device lag2
[  625.285430][T20560] gre: GRE over IPv4 demultiplexer driver
[  625.298737][T20560] ip_gre: GRE over IPv4 tunneling driver
[  625.847615][T20588] lag1: Mode changed to "loadbalance"
[  625.903596][T20591] lag1: Port device veth2 added
[  626.033108][T20594] lag1: Port device veth4 added
[  626.084082][T20596] 8021q: adding VLAN 0 to HW filter on device lag1
[  631.477967][T20627] Mirror/redirect action on
[  631.538797][T20629] lag2: Port device veth5 removed
[  635.198848][T20640] lag2: Port device veth3 removed
[  639.273359][T20671] lag2: Mode changed to "loadbalance"
[  639.390757][T20675] lag2: Port device veth3 added
[  639.468399][T20678] lag2: Port device veth5 added
[  639.515762][T20680] 8021q: adding VLAN 0 to HW filter on device lag2
[  639.544121][T20681] 8021q: adding VLAN 0 to HW filter on device lag2
[  645.030819][T20721] lag2: Port device veth3 removed
[  648.695439][T20731] lag2: Port device veth5 removed
[  652.772291][T20763] lag2: Mode changed to "loadbalance"
[  652.894886][T20766] lag2: Port device veth3 added
[  652.978502][T20769] lag2: Port device veth5 added
[  653.035940][T20771] 8021q: adding VLAN 0 to HW filter on device lag2
[  653.066619][T20772] 8021q: adding VLAN 0 to HW filter on device lag2
[  658.535793][T20588] lag1: Port device veth4 removed
[  658.540352][T20588] lag1: Port device veth2 removed
[  658.581766][T20763] ==================================================================
[  658.581914][T20763] BUG: KASAN: slab-use-after-free in rtnl_fill_prop_list+0x5ad/0x600
[  658.582046][T20763] Read of size 8 at addr ff110000087e1950 by task teamd/20763
[  658.582163][T20763] 
[  658.582209][T20763] CPU: 1 UID: 0 PID: 20763 Comm: teamd Not tainted 7.1.0-rc3-virtme #1 PREEMPT(full) 
[  658.582212][T20763] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  658.582214][T20763] Call Trace:
[  658.582215][T20763]  <TASK>
[  658.582217][T20763]  dump_stack_lvl+0x6f/0xa0
[  658.582223][T20763]  print_address_description.constprop.0+0x56/0x2d0
[  658.582227][T20763]  print_report+0xfc/0x1fa
[  658.582230][T20763]  ? __virt_addr_valid+0x102/0x440
[  658.582233][T20763]  ? __virt_addr_valid+0x1da/0x440
[  658.582236][T20763]  kasan_report+0x108/0x130
[  658.582239][T20763]  ? rtnl_fill_prop_list+0x5ad/0x600
[  658.582241][T20763]  ? rtnl_fill_prop_list+0x5ad/0x600
[  658.582244][T20763]  rtnl_fill_prop_list+0x5ad/0x600
[  658.582245][T20763]  ? __asan_memcpy+0x3c/0x60
[  658.582248][T20763]  rtnl_fill_ifinfo.isra.0+0x3d3/0x2b50
[  658.582250][T20763]  ? rcu_read_lock_any_held+0x3c/0x90
[  658.582253][T20763]  ? validate_chain+0x38b/0xc20
[  658.582256][T20763]  ? rtnl_fill_vf+0x450/0x450
[  658.582257][T20763]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  658.582258][T20763]  ? lockdep_hardirqs_on+0x8c/0x130
[  658.582262][T20763]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  658.582265][T20763]  ? __lock_acquire+0x508/0xc10
[  658.582266][T20763]  ? rtnl_fill_vfinfo+0x846/0xf70
[  658.582268][T20763]  ? lock_acquire.part.0+0xbc/0x260
[  658.582269][T20763]  ? find_held_lock+0x2b/0x80
[  658.582272][T20763]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.582274][T20763]  ? mark_held_locks+0x40/0x70
[  658.582276][T20763]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  658.582277][T20763]  ? lockdep_hardirqs_on+0x8c/0x130
[  658.582278][T20763]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  658.582281][T20763]  rtnl_getlink+0xa48/0xe50
[  658.582283][T20763]  ? find_held_lock+0x2b/0x80
[  658.582285][T20763]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.582287][T20763]  ? mark_usage+0x61/0x170
[  658.582288][T20763]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.582289][T20763]  ? __lock_acquire+0x508/0xc10
[  658.582301][T20763]  ? lock_acquire.part.0+0xbc/0x260
[  658.582302][T20763]  ? find_held_lock+0x2b/0x80
[  658.582304][T20763]  ? mark_usage+0x61/0x170
[  658.582306][T20763]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.582307][T20763]  ? __lock_acquire+0x508/0xc10
[  658.582308][T20763]  ? bpf_address_lookup+0x282/0x290
[  658.582312][T20763]  ? lock_acquire.part.0+0xbc/0x260
[  658.582313][T20763]  ? find_held_lock+0x2b/0x80
[  658.582315][T20763]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.582316][T20763]  ? __lock_release.isra.0+0x6b/0x1a0
[  658.582318][T20763]  ? rtnl_dump_ifinfo+0xfb0/0xfb0
[  658.582320][T20763]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  658.582322][T20763]  ? validate_chain+0x38b/0xc20
[  658.582323][T20763]  ? rtnl_link_fill+0x900/0x900
[  658.582325][T20763]  ? __lock_acquire+0x508/0xc10
[  658.582327][T20763]  ? lock_acquire.part.0+0xbc/0x260
[  658.582328][T20763]  ? find_held_lock+0x2b/0x80
[  658.582330][T20763]  netlink_rcv_skb+0x14e/0x3a0
[  658.582333][T20763]  ? rtnl_link_fill+0x900/0x900
[  658.582335][T20763]  ? netlink_ack+0xcd0/0xcd0
[  658.582338][T20763]  ? netlink_deliver_tap+0xc5/0x330
[  658.582340][T20763]  ? netlink_deliver_tap+0x13c/0x330
[  658.582342][T20763]  netlink_unicast+0x47c/0x740
[  658.582344][T20763]  ? netlink_attachskb+0x800/0x800
[  658.582346][T20763]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  658.582349][T20763]  ? __lock_acquire+0x508/0xc10
[  658.582351][T20763]  netlink_sendmsg+0x735/0xc60
[  658.582354][T20763]  ? netlink_unicast+0x740/0x740
[  658.582356][T20763]  ? __might_fault+0x97/0x140
[  658.582360][T20763]  ____sys_sendmsg+0x419/0x850
[  658.582363][T20763]  ? copy_msghdr_from_user+0x2a0/0x460
[  658.582365][T20763]  ? get_timestamp.constprop.0+0x3a0/0x3a0
[  658.582367][T20763]  ? move_addr_to_kernel+0x40/0x40
[  658.582371][T20763]  ___sys_sendmsg+0x14e/0x1d0
[  658.582373][T20763]  ? copy_msghdr_from_user+0x460/0x460
[  658.582374][T20763]  ? kfree+0x22/0x5a0
[  658.582381][T20763]  __sys_sendmsg+0x145/0x1f0
[  658.582384][T20763]  ? __sys_sendmsg_sock+0x20/0x20
[  658.582387][T20763]  ? rcu_is_watching+0x15/0xd0
[  658.582390][T20763]  do_syscall_64+0x117/0xfc0
[  658.582392][T20763]  ? irq_exit_rcu+0x1a/0x30
[  658.582395][T20763]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  658.582397][T20763] RIP: 0033:0x7f2acd3a408e
[  658.582400][T20763] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  658.582402][T20763] RSP: 002b:00007ffecc9fae00 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[  658.582407][T20763] RAX: ffffffffffffffda RBX: 000055702f73f330 RCX: 00007f2acd3a408e
[  658.582408][T20763] RDX: 0000000000000000 RSI: 00007ffecc9faea0 RDI: 0000000000000005
[  658.582409][T20763] RBP: 00007ffecc9fae10 R08: 0000000000000000 R09: 0000000000000000
[  658.582410][T20763] R10: 0000000000000000 R11: 0000000000000202 R12: 000055702f75f5c0
[  658.582411][T20763] R13: 00007ffecc9faea0 R14: 000055702f73f240 R15: 00007ffecc9fafe0
[  658.582414][T20763]  </TASK>
[  658.582414][T20763] 
[  658.589777][T20763] Allocated by task 20588:
[  658.589859][T20763]  kasan_save_stack+0x2f/0x50
[  658.589942][T20763]  kasan_save_track+0x14/0x30
[  658.590022][T20763]  __kasan_kmalloc+0x7b/0x90
[  658.590102][T20763]  register_netdevice+0x48b/0x1980
[  658.590182][T20763]  team_newlink+0xa2/0x1a0
[  658.590263][T20763]  rtnl_newlink_create+0x2da/0x780
[  658.590347][T20763]  __rtnl_newlink+0x22b/0xa50
[  658.590425][T20763]  rtnl_newlink+0x8d1/0xee0
[  658.590508][T20763]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  658.590586][T20763]  netlink_rcv_skb+0x14e/0x3a0
[  658.590665][T20763]  netlink_unicast+0x47c/0x740
[  658.590744][T20763]  netlink_sendmsg+0x735/0xc60
[  658.590823][T20763]  ____sys_sendmsg+0x419/0x850
[  658.590902][T20763]  ___sys_sendmsg+0x14e/0x1d0
[  658.590982][T20763]  __sys_sendmsg+0x145/0x1f0
[  658.591062][T20763]  do_syscall_64+0x117/0xfc0
[  658.591143][T20763]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  658.591241][T20763] 
[  658.591282][T20763] Freed by task 20588:
[  658.591348][T20763]  kasan_save_stack+0x2f/0x50
[  658.591430][T20763]  kasan_save_track+0x14/0x30
[  658.591510][T20763]  kasan_save_free_info+0x3b/0x60
[  658.591593][T20763]  __kasan_slab_free+0x43/0x70
[  658.591673][T20763]  kfree+0x123/0x5a0
[  658.591735][T20763]  unregister_netdevice_many_notify+0xe38/0x1d80
[  658.591839][T20763]  rtnl_dellink+0x4a0/0xae0
[  658.591919][T20763]  rtnetlink_rcv_msg+0x6fd/0xbd0
[  658.592003][T20763]  netlink_rcv_skb+0x14e/0x3a0
[  658.592083][T20763]  netlink_unicast+0x47c/0x740
[  658.592162][T20763]  netlink_sendmsg+0x735/0xc60
[  658.592241][T20763]  ____sys_sendmsg+0x419/0x850
[  658.592323][T20763]  ___sys_sendmsg+0x14e/0x1d0
[  658.592403][T20763]  __sys_sendmsg+0x145/0x1f0
[  658.592482][T20763]  do_syscall_64+0x117/0xfc0
[  658.592561][T20763]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  658.592658][T20763] 
[  658.592698][T20763] The buggy address belongs to the object at ff110000087e1940
[  658.592698][T20763]  which belongs to the cache kmalloc-64 of size 64
[  658.592891][T20763] The buggy address is located 16 bytes inside of
[  658.592891][T20763]  freed 64-byte region [ff110000087e1940, ff110000087e1980)
[  658.593086][T20763] 
[  658.593128][T20763] The buggy address belongs to the physical page:
[  658.593228][T20763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x87e1
[  658.593376][T20763] flags: 0x80000000000000(node=0|zone=1)
[  658.593459][T20763] page_type: f5(slab)
[  658.593525][T20763] raw: 0080000000000000 ff1100000103cac0 ffd40000004009d0 ffd4000000172590
[  658.593669][T20763] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  658.593809][T20763] page dumped because: kasan: bad access detected
[  658.593908][T20763] 
[  658.593953][T20763] Memory state around the buggy address:
[  658.594032][T20763]  ff110000087e1800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 fc fc
[  658.594152][T20763]  ff110000087e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  658.594266][T20763] >ff110000087e1900: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  658.594391][T20763]                                                  ^
[  658.594491][T20763]  ff110000087e1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  658.594609][T20763]  ff110000087e1a00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 fc
[  658.594724][T20763] ==================================================================
[  658.595008][T20763] Disabling lock debugging due to kernel taint
[  658.957334][T20763] lag2: Port device veth5 removed
[  658.958428][T20763] lag2: Port device veth3 removed