[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   56.603863][   T23] audit: type=1800 audit(1573471810.212:25): pid=8778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   56.628971][   T23] audit: type=1800 audit(1573471810.212:26): pid=8778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   56.677466][   T23] audit: type=1800 audit(1573471810.212:27): pid=8778 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts.
2019/11/11 11:30:22 fuzzer started
2019/11/11 11:30:24 dialing manager at 10.128.0.26:36385
2019/11/11 11:30:24 syscalls: 2566
2019/11/11 11:30:24 code coverage: enabled
2019/11/11 11:30:24 comparison tracing: enabled
2019/11/11 11:30:24 extra coverage: enabled
2019/11/11 11:30:24 setuid sandbox: enabled
2019/11/11 11:30:24 namespace sandbox: enabled
2019/11/11 11:30:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/11 11:30:24 fault injection: enabled
2019/11/11 11:30:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/11 11:30:24 net packet injection: enabled
2019/11/11 11:30:24 net device setup: enabled
2019/11/11 11:30:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/11 11:30:24 devlink PCI setup: PCI device 0000:00:10.0 is not available
11:32:51 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000)=0x4c, 0x4)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r2}, 0x8)

11:32:51 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000000)={{0x100000080}, 'port1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f00000001c0)={{0x80}, {0x80}})
close(r0)

syzkaller login: [  218.118283][ T8947] IPVS: ftp: loaded support on port[0] = 21
[  218.241767][ T8947] chnl_net:caif_netlink_parms(): no params data found
[  218.294345][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.302771][ T8947] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.313347][ T8947] device bridge_slave_0 entered promiscuous mode
[  218.322501][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.331125][ T8947] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.345482][ T8947] device bridge_slave_1 entered promiscuous mode
[  218.372863][ T8947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.375030][ T8950] IPVS: ftp: loaded support on port[0] = 21
[  218.388203][ T8947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.416075][ T8947] team0: Port device team_slave_0 added
[  218.427454][ T8947] team0: Port device team_slave_1 added
11:32:52 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0)

[  218.534035][ T8947] device hsr_slave_0 entered promiscuous mode
[  218.589247][ T8947] device hsr_slave_1 entered promiscuous mode
[  218.646317][ T8952] IPVS: ftp: loaded support on port[0] = 21
11:32:52 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a078ab0d51097e5b3c06639d476a0bf", 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00')
sendfile(r1, r2, 0x0, 0x6f0a77bd)

[  218.771155][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.778387][ T8947] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.786326][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.793444][ T8947] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.916952][ T8956] IPVS: ftp: loaded support on port[0] = 21
[  218.930226][ T8950] chnl_net:caif_netlink_parms(): no params data found
[  218.998587][ T8947] 8021q: adding VLAN 0 to HW filter on device bond0
11:32:52 executing program 4:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)="390000001100090468fe0700001b00000700ff0003000000450001070000001419001a0006000000000000000001000800005c14dfb51571a4", 0x39}], 0x1)
r0 = socket(0x4000000000010, 0x1000000000080002, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140), 0x30a, 0x0)

[  219.054138][ T8950] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.064871][ T8950] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.075454][ T8950] device bridge_slave_0 entered promiscuous mode
[  219.124670][ T8950] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.151141][ T8950] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.159569][ T8950] device bridge_slave_1 entered promiscuous mode
[  219.208533][ T8947] 8021q: adding VLAN 0 to HW filter on device team0
[  219.221815][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  219.250844][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.269198][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.290898][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  219.307588][ T8950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.332417][ T8950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.354461][ T8952] chnl_net:caif_netlink_parms(): no params data found
11:32:53 executing program 5:
mmap(&(0x7f0000600000/0x4000)=nil, 0x4000, 0x0, 0x44031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00')
preadv(r2, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0)

[  219.417057][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.431230][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  219.449506][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.457237][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.472223][ T8961] IPVS: ftp: loaded support on port[0] = 21
[  219.526540][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.537785][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.546687][ T8959] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.553831][ T8959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.561985][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  219.570575][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  219.581790][ T8950] team0: Port device team_slave_0 added
[  219.598640][ T8952] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.605937][ T8952] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.614393][ T8952] device bridge_slave_0 entered promiscuous mode
[  219.624156][ T8952] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.632552][ T8952] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.640476][ T8952] device bridge_slave_1 entered promiscuous mode
[  219.653078][ T8950] team0: Port device team_slave_1 added
[  219.661624][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  219.670310][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.711004][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  219.719302][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.727943][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.745456][ T8964] IPVS: ftp: loaded support on port[0] = 21
[  219.801167][ T8950] device hsr_slave_0 entered promiscuous mode
[  219.849349][ T8950] device hsr_slave_1 entered promiscuous mode
[  219.909097][ T8950] debugfs: Directory 'hsr0' with parent '/' already present!
[  219.918290][ T8952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.929282][ T8952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.945183][ T8956] chnl_net:caif_netlink_parms(): no params data found
[  219.985991][ T8952] team0: Port device team_slave_0 added
[  220.014376][ T8947] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  220.025081][ T8947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  220.037772][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  220.046128][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  220.055095][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  220.063408][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  220.073727][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  220.093134][ T8952] team0: Port device team_slave_1 added
[  220.126140][ T8956] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.133471][ T8956] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.143456][ T8956] device bridge_slave_0 entered promiscuous mode
[  220.152989][ T8956] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.161161][ T8956] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.168891][ T8956] device bridge_slave_1 entered promiscuous mode
[  220.190903][ T8956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.230375][ T8956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.342165][ T8952] device hsr_slave_0 entered promiscuous mode
[  220.389260][ T8952] device hsr_slave_1 entered promiscuous mode
[  220.429102][ T8952] debugfs: Directory 'hsr0' with parent '/' already present!
[  220.438642][ T8956] team0: Port device team_slave_0 added
[  220.445080][ T8961] chnl_net:caif_netlink_parms(): no params data found
[  220.475166][ T8956] team0: Port device team_slave_1 added
[  220.541378][ T8956] device hsr_slave_0 entered promiscuous mode
[  220.589238][ T8956] device hsr_slave_1 entered promiscuous mode
[  220.639101][ T8956] debugfs: Directory 'hsr0' with parent '/' already present!
[  220.677796][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  220.685545][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  220.727737][ T8947] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.778023][ T8961] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.786676][ T8961] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.795153][ T8961] device bridge_slave_0 entered promiscuous mode
[  220.803473][ T8961] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.810616][ T8961] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.818458][ T8961] device bridge_slave_1 entered promiscuous mode
[  220.836270][ T8964] chnl_net:caif_netlink_parms(): no params data found
[  220.864455][ T8950] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.884205][ T8961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.900676][ T8961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.938339][ T8950] 8021q: adding VLAN 0 to HW filter on device team0
[  220.965346][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  220.974283][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.006353][ T8961] team0: Port device team_slave_0 added
[  221.014338][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.043465][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
11:32:54 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000)=0x4c, 0x4)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r2}, 0x8)

[  221.057519][ T8955] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.064697][ T8955] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.080044][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
11:32:54 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000)=0x4c, 0x4)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r2}, 0x8)

[  221.127714][ T8961] team0: Port device team_slave_1 added
[  221.162155][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.171796][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.180958][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.188037][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.217251][ T8964] bridge0: port 1(bridge_slave_0) entered blocking state
11:32:54 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000)=0x4c, 0x4)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={r2}, 0x8)

[  221.233687][ T8964] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.242179][ T8964] device bridge_slave_0 entered promiscuous mode
[  221.250543][ T8964] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.257623][ T8964] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.265935][ T8964] device bridge_slave_1 entered promiscuous mode
11:32:54 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000026000500d25a80648c6394f20d31d2001000054002000003053582c137153e37173cbf3858cd4abffeb5", 0x2e}], 0x1}, 0x0)

11:32:54 executing program 0:
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='H'], 0x1)
perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[  221.312379][ T8961] device hsr_slave_0 entered promiscuous mode
[  221.349501][ T8961] device hsr_slave_1 entered promiscuous mode
[  221.379076][ T8961] debugfs: Directory 'hsr0' with parent '/' already present!
[  221.409157][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  221.417991][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  221.429762][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  221.438643][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  221.447419][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  221.456173][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  221.464883][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  221.473642][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  221.482065][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  221.490372][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  221.498542][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  221.541211][ T8950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
11:32:55 executing program 0:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
lsetxattr$security_smack_entry(0x0, &(0x7f0000000580)='security.SMACK64EXEC\x00', 0x0, 0x0, 0x0)
fchdir(r0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(0x0, 0x0, 0x0)
setxattr$trusted_overlay_origin(0x0, 0x0, &(0x7f0000000680)='y\x00', 0x2, 0x5)
fstatfs(0xffffffffffffffff, &(0x7f0000000480)=""/160)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000006c0)={0x0, 0x1000})
io_setup(0x3, 0x0)

[  221.584510][ T8964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.620862][ T8950] 8021q: adding VLAN 0 to HW filter on device batadv0
[  221.648788][ T8956] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.688479][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  221.705127][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  221.714598][ T8964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.744258][ T8956] 8021q: adding VLAN 0 to HW filter on device team0
[  221.791787][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  221.816141][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.835632][ T8964] team0: Port device team_slave_0 added
[  221.844606][ T8964] team0: Port device team_slave_1 added
[  221.863164][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.872286][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
11:32:55 executing program 0:
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
lsetxattr$security_smack_entry(0x0, &(0x7f0000000580)='security.SMACK64EXEC\x00', 0x0, 0x0, 0x0)
fchdir(r0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(0x0, 0x0, 0x0)
setxattr$trusted_overlay_origin(0x0, 0x0, &(0x7f0000000680)='y\x00', 0x2, 0x5)
fstatfs(0xffffffffffffffff, &(0x7f0000000480)=""/160)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000006c0)={0x0, 0x1000})
io_setup(0x3, 0x0)

[  221.889580][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.896683][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.919668][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.928691][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.937605][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.944753][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.952567][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  221.962019][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  221.976207][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  221.985212][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  221.994022][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  222.036393][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  222.067189][ T8956] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  222.079861][ T8956] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  222.107860][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  222.116791][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  222.126051][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  222.136151][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  222.172813][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  222.195510][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  222.217623][ T8952] 8021q: adding VLAN 0 to HW filter on device bond0
11:32:55 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000000)={{0x100000080}, 'port1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f00000001c0)={{0x80}, {0x80}})
close(r0)

[  222.271443][ T8964] device hsr_slave_0 entered promiscuous mode
[  222.309620][ T8964] device hsr_slave_1 entered promiscuous mode
[  222.339234][ T8964] debugfs: Directory 'hsr0' with parent '/' already present!
[  222.348286][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  222.395318][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  222.403378][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  222.416060][ T8952] 8021q: adding VLAN 0 to HW filter on device team0
[  222.432290][ T8961] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.442349][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  222.451167][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  222.463920][ T8956] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.478435][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  222.500970][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  222.509787][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.516898][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.534293][ T8961] 8021q: adding VLAN 0 to HW filter on device team0
[  222.547904][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.556108][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  222.565340][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  222.577896][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.585019][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.593744][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  222.601571][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  222.632473][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  222.641859][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  222.652908][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  222.661624][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  222.670498][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  222.679402][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  222.687672][ T8955] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.694835][ T8955] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.703276][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  222.711910][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  222.720343][ T8955] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.727402][ T8955] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.735084][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  222.743627][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  222.752768][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  222.760718][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.783855][ T8952] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  222.794274][ T8952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  222.835787][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  222.844771][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  222.856669][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  222.865701][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  222.874896][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  222.883516][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  222.892334][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  222.899913][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  222.908981][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  222.916779][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  222.925440][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  222.934889][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  222.990406][ T8952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.025904][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  223.037839][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  223.058366][ T8961] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  223.079414][ T8961] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.091615][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  223.101038][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  223.114629][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  223.132775][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  223.143747][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  223.171344][ T8964] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.194789][ T8961] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.218727][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  223.229510][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  223.237127][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  223.245585][ T8955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  223.257584][ T8964] 8021q: adding VLAN 0 to HW filter on device team0
[  223.298948][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  223.307620][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  223.329739][ T8959] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.336826][ T8959] bridge0: port 1(bridge_slave_0) entered forwarding state
11:32:56 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000000)={{0x100000080}, 'port1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f00000001c0)={{0x80}, {0x80}})
close(r0)

11:32:56 executing program 0:
syz_open_dev$sndtimer(&(0x7f00000001c0)='/dev/snd/timer\x00', 0x0, 0x0)
r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, 0x0)

[  223.346615][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  223.369593][ T8959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  223.383202][ T8959] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.390339][ T8959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.406077][ T9052] ==================================================================
[  223.414412][ T9052] BUG: KASAN: use-after-free in __list_add_valid+0x9a/0xa0
[  223.421622][ T9052] Read of size 8 at addr ffff888094320478 by task syz-executor.0/9052
[  223.428669][ T8964] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  223.429766][ T9052] 
[  223.429794][ T9052] CPU: 0 PID: 9052 Comm: syz-executor.0 Not tainted 5.4.0-rc6-next-20191111 #0
[  223.429802][ T9052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  223.429808][ T9052] Call Trace:
[  223.429825][ T9052]  dump_stack+0x197/0x210
[  223.429854][ T9052]  ? __list_add_valid+0x9a/0xa0
[  223.454959][ T8964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.461499][ T9052]  print_address_description.constprop.0.cold+0xd4/0x30b
[  223.461515][ T9052]  ? __list_add_valid+0x9a/0xa0
[  223.461527][ T9052]  ? __list_add_valid+0x9a/0xa0
[  223.461541][ T9052]  __kasan_report.cold+0x1b/0x41
[  223.461562][ T9052]  ? __list_add_valid+0x9a/0xa0
[  223.483564][ T8964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.484311][ T9052]  kasan_report+0x12/0x20
[  223.496161][ T9052]  __asan_report_load8_noabort+0x14/0x20
[  223.527470][ T9052]  __list_add_valid+0x9a/0xa0
[  223.532176][ T9052]  snd_timer_open+0x245/0x1150
[  223.536964][ T9052]  ? kmem_cache_alloc_trace+0x397/0x790
[  223.542533][ T9052]  ? snd_timer_close_locked+0xbd0/0xbd0
[  223.548086][ T9052]  ? kstrdup+0x5a/0x70
[  223.552170][ T9052]  __snd_timer_user_ioctl.isra.0+0x7ed/0x2070
[  223.558267][ T9052]  ? snd_timer_user_open+0x190/0x190
[  223.563561][ T9052]  ? lock_acquire+0x190/0x410
[  223.568254][ T9052]  ? snd_timer_user_ioctl+0x51/0xa7
[  223.573458][ T9052]  ? __mutex_lock+0x458/0x13c0
[  223.578207][ T9052]  ? snd_timer_user_ioctl+0x51/0xa7
[  223.583407][ T9052]  ? tomoyo_path_number_perm+0x454/0x520
[  223.589041][ T9052]  ? mutex_trylock+0x2f0/0x2f0
[  223.593790][ T9052]  ? tomoyo_path_number_perm+0x25e/0x520
[  223.599408][ T9052]  ? tomoyo_execute_permission+0x4a0/0x4a0
[  223.605260][ T9052]  snd_timer_user_ioctl+0x7a/0xa7
[  223.610264][ T9052]  ? snd_timer_user_ioctl_compat+0x680/0x680
[  223.616264][ T9052]  do_vfs_ioctl+0x977/0x14e0
[  223.620833][ T9052]  ? compat_ioctl_preallocate+0x220/0x220
[  223.626528][ T9052]  ? __fget+0x37f/0x550
[  223.630666][ T9052]  ? ksys_dup3+0x3e0/0x3e0
[  223.635085][ T9052]  ? nsecs_to_jiffies+0x30/0x30
[  223.640044][ T9052]  ? tomoyo_file_ioctl+0x23/0x30
[  223.644964][ T9052]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  223.651194][ T9052]  ? security_file_ioctl+0x8d/0xc0
[  223.656282][ T9052]  ksys_ioctl+0xab/0xd0
[  223.660419][ T9052]  __x64_sys_ioctl+0x73/0xb0
[  223.664988][ T9052]  do_syscall_64+0xfa/0x760
[  223.669487][ T9052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  223.675372][ T9052] RIP: 0033:0x45a219
[  223.679249][ T9052] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  223.698865][ T9052] RSP: 002b:00007f5cb277ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  223.707318][ T9052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
[  223.715290][ T9052] RDX: 0000000020000000 RSI: 0000000040345410 RDI: 0000000000000004
[  223.723240][ T9052] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  223.731201][ T9052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cb277f6d4
[  223.739151][ T9052] R13: 00000000004cf428 R14: 00000000004d9760 R15: 00000000ffffffff
[  223.747123][ T9052] 
[  223.749433][ T9052] Allocated by task 9051:
[  223.753742][ T9052]  save_stack+0x23/0x90
[  223.757877][ T9052]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  223.763489][ T9052]  kasan_kmalloc+0x9/0x10
[  223.767801][ T9052]  kmem_cache_alloc_trace+0x158/0x790
[  223.773150][ T9052]  snd_timer_instance_new+0x4a/0x300
[  223.778482][ T9052]  __snd_timer_user_ioctl.isra.0+0x665/0x2070
[  223.784556][ T9052]  snd_timer_user_ioctl+0x7a/0xa7
[  223.789580][ T9052]  do_vfs_ioctl+0x977/0x14e0
[  223.794152][ T9052]  ksys_ioctl+0xab/0xd0
[  223.798285][ T9052]  __x64_sys_ioctl+0x73/0xb0
[  223.802881][ T9052]  do_syscall_64+0xfa/0x760
[  223.807420][ T9052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  223.813300][ T9052] 
[  223.815607][ T9052] Freed by task 9051:
[  223.819606][ T9052]  save_stack+0x23/0x90
[  223.823753][ T9052]  __kasan_slab_free+0x102/0x150
[  223.828696][ T9052]  kasan_slab_free+0xe/0x10
[  223.833177][ T9052]  kfree+0x10a/0x2c0
[  223.837052][ T9052]  snd_timer_instance_free+0x7c/0xa0
[  223.842326][ T9052]  __snd_timer_user_ioctl.isra.0+0x160d/0x2070
[  223.848453][ T9052]  snd_timer_user_ioctl+0x7a/0xa7
[  223.853454][ T9052]  do_vfs_ioctl+0x977/0x14e0
[  223.858031][ T9052]  ksys_ioctl+0xab/0xd0
[  223.862162][ T9052]  __x64_sys_ioctl+0x73/0xb0
[  223.866730][ T9052]  do_syscall_64+0xfa/0x760
[  223.871659][ T9052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  223.877525][ T9052] 
[  223.879841][ T9052] The buggy address belongs to the object at ffff888094320400
[  223.879841][ T9052]  which belongs to the cache kmalloc-256 of size 256
[  223.893885][ T9052] The buggy address is located 120 bytes inside of
[  223.893885][ T9052]  256-byte region [ffff888094320400, ffff888094320500)
[  223.907142][ T9052] The buggy address belongs to the page:
[  223.912755][ T9052] page:ffffea000250c800 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0
[  223.921851][ T9052] flags: 0x1fffc0000000200(slab)
[  223.926776][ T9052] raw: 01fffc0000000200 ffffea00025e3488 ffffea0002a3d548 ffff8880aa4008c0
[  223.935347][ T9052] raw: 0000000000000000 ffff888094320000 0000000100000008 0000000000000000
[  223.943901][ T9052] page dumped because: kasan: bad access detected
[  223.950384][ T9052] 
[  223.952694][ T9052] Memory state around the buggy address:
[  223.958314][ T9052]  ffff888094320300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  223.966364][ T9052]  ffff888094320380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  223.974400][ T9052] >ffff888094320400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.982434][ T9052]                                                                 ^
[  223.990503][ T9052]  ffff888094320480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  223.998550][ T9052]  ffff888094320500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  224.006593][ T9052] ==================================================================
[  224.014627][ T9052] Disabling lock debugging due to kernel taint
[  224.039069][ T9052] Kernel panic - not syncing: panic_on_warn set ...
[  224.043627][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  224.045712][ T9052] CPU: 0 PID: 9052 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc6-next-20191111 #0
[  224.045719][ T9052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  224.045729][ T9052] Call Trace:
[  224.059681][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  224.063501][ T9052]  dump_stack+0x197/0x210
[  224.063520][ T9052]  panic+0x2e3/0x75c
[  224.076424][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.077370][ T9052]  ? add_taint.cold+0x16/0x16
[  224.077390][ T9052]  ? __list_add_valid+0x9a/0xa0
[  224.087617][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  224.089612][ T9052]  ? preempt_schedule+0x4b/0x60
[  224.089627][ T9052]  ? ___preempt_schedule+0x16/0x18
[  224.089644][ T9052]  ? trace_hardirqs_on+0x5e/0x240
[  224.094453][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  224.101403][ T9052]  ? __list_add_valid+0x9a/0xa0
[  224.101419][ T9052]  end_report+0x47/0x4f
[  224.101429][ T9052]  ? __list_add_valid+0x9a/0xa0
[  224.101446][ T9052]  __kasan_report.cold+0xe/0x41
[  224.107049][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  224.110945][ T9052]  ? __list_add_valid+0x9a/0xa0
[  224.110961][ T9052]  kasan_report+0x12/0x20
[  224.110974][ T9052]  __asan_report_load8_noabort+0x14/0x20
[  224.110991][ T9052]  __list_add_valid+0x9a/0xa0
[  224.119852][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  224.123702][ T9052]  snd_timer_open+0x245/0x1150
[  224.123722][ T9052]  ? kmem_cache_alloc_trace+0x397/0x790
[  224.129630][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  224.133821][ T9052]  ? snd_timer_close_locked+0xbd0/0xbd0
[  224.142302][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  224.146428][ T9052]  ? kstrdup+0x5a/0x70
[  224.146450][ T9052]  __snd_timer_user_ioctl.isra.0+0x7ed/0x2070
[  224.151452][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  224.155418][ T9052]  ? snd_timer_user_open+0x190/0x190
[  224.155436][ T9052]  ? lock_acquire+0x190/0x410
[  224.160957][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  224.168138][ T9052]  ? snd_timer_user_ioctl+0x51/0xa7
[  224.168155][ T9052]  ? __mutex_lock+0x458/0x13c0
[  224.173654][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  224.177290][ T9052]  ? snd_timer_user_ioctl+0x51/0xa7
[  224.177310][ T9052]  ? tomoyo_path_number_perm+0x454/0x520
[  224.183262][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  224.187568][ T9052]  ? mutex_trylock+0x2f0/0x2f0
[  224.187588][ T9052]  ? tomoyo_path_number_perm+0x25e/0x520
[  224.211373][ T4003] kobject: 'loop5' (00000000d5d5ed5e): kobject_uevent_env
[  224.213430][ T9052]  ? tomoyo_execute_permission+0x4a0/0x4a0
[  224.220498][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  224.226657][ T9052]  snd_timer_user_ioctl+0x7a/0xa7
[  224.226677][ T9052]  ? snd_timer_user_ioctl_compat+0x680/0x680
[  224.236881][ T4003] kobject: 'loop5' (00000000d5d5ed5e): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  224.244565][ T9052]  do_vfs_ioctl+0x977/0x14e0
[  224.244581][ T9052]  ? compat_ioctl_preallocate+0x220/0x220
[  224.244592][ T9052]  ? __fget+0x37f/0x550
[  224.244609][ T9052]  ? ksys_dup3+0x3e0/0x3e0
[  224.265790][ T3622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  224.267429][ T9052]  ? nsecs_to_jiffies+0x30/0x30
[  224.267451][ T9052]  ? tomoyo_file_ioctl+0x23/0x30
[  224.283113][ T4003] kobject: 'loop4' (000000001d62fa2d): kobject_uevent_env
[  224.284712][ T9052]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  224.284733][ T9052]  ? security_file_ioctl+0x8d/0xc0
[  224.330112][ T4003] kobject: 'loop4' (000000001d62fa2d): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  224.333098][ T9052]  ksys_ioctl+0xab/0xd0
[  224.333116][ T9052]  __x64_sys_ioctl+0x73/0xb0
[  224.389453][ T4003] kobject: 'loop5' (00000000d5d5ed5e): kobject_uevent_env
[  224.392008][ T9052]  do_syscall_64+0xfa/0x760
[  224.398272][ T4003] kobject: 'loop5' (00000000d5d5ed5e): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  224.403346][ T9052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  224.403355][ T9052] RIP: 0033:0x45a219
[  224.403369][ T9052] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  224.403374][ T9052] RSP: 002b:00007f5cb277ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.481743][ T9052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
[  224.489727][ T9052] RDX: 0000000020000000 RSI: 0000000040345410 RDI: 0000000000000004
[  224.497706][ T9052] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  224.502450][ T4003] kobject: 'loop4' (000000001d62fa2d): kobject_uevent_env
[  224.505680][ T9052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5cb277f6d4
[  224.520733][ T9052] R13: 00000000004cf428 R14: 00000000004d9760 R15: 00000000ffffffff
[  224.530290][ T9052] Kernel Offset: disabled
[  224.534657][ T9052] Rebooting in 86400 seconds..