[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   61.485524][   T26] audit: type=1800 audit(1573469183.323:25): pid=8582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   61.511660][   T26] audit: type=1800 audit(1573469183.323:26): pid=8582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   61.543663][   T26] audit: type=1800 audit(1573469183.323:27): pid=8582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts.
2019/11/11 10:46:31 fuzzer started
2019/11/11 10:46:32 dialing manager at 10.128.0.26:36385
2019/11/11 10:46:42 syscalls: 2566
2019/11/11 10:46:42 code coverage: enabled
2019/11/11 10:46:42 comparison tracing: enabled
2019/11/11 10:46:42 extra coverage: enabled
2019/11/11 10:46:42 setuid sandbox: enabled
2019/11/11 10:46:42 namespace sandbox: enabled
2019/11/11 10:46:42 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/11 10:46:42 fault injection: enabled
2019/11/11 10:46:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/11 10:46:42 net packet injection: enabled
2019/11/11 10:46:42 net device setup: enabled
2019/11/11 10:46:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/11 10:46:42 devlink PCI setup: PCI device 0000:00:10.0 is not available
10:48:38 executing program 0:
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x100800000000002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
sendfile(r0, r1, 0x0, 0x88001)

10:48:39 executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1}}]}}, &(0x7f0000000080)=""/235, 0x32, 0xeb, 0x1}, 0x20)

syzkaller login: [  197.348631][ T8748] IPVS: ftp: loaded support on port[0] = 21
10:48:39 executing program 2:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000002, 0x0)
r0 = gettid()
tkill(r0, 0x1000000000015)
rt_sigqueueinfo(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x80000001})

[  197.533421][ T8750] IPVS: ftp: loaded support on port[0] = 21
[  197.572043][ T8748] chnl_net:caif_netlink_parms(): no params data found
[  197.734802][ T8748] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.751525][ T8748] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.759697][ T8748] device bridge_slave_0 entered promiscuous mode
[  197.771269][ T8748] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.779187][ T8748] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.787575][ T8748] device bridge_slave_1 entered promiscuous mode
[  197.800163][ T8750] chnl_net:caif_netlink_parms(): no params data found
[  197.823899][ T8748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.835309][ T8748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.873764][ T8754] IPVS: ftp: loaded support on port[0] = 21
[  197.883181][ T8748] team0: Port device team_slave_0 added
[  197.890729][ T8748] team0: Port device team_slave_1 added
10:48:39 executing program 3:
mknod$loop(&(0x7f00000004c0)='./file1\x00', 0x0, 0xffffffffffffffff)
linkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1400)
mount$bpf(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='bpf\x00', 0x100001, &(0x7f0000000500)=ANY=[@ANYBLOB="6d6f64653d30303030303030303030303030303030303030303040332c6d6f64653d30303030303030303030303030303030303030303137372c736d61636b66737472616e736d7574653d626465762c726f6f74636f6e746578743d737461666650752c736d61636b66737472616e736d7574653d242d6d643573756d7365637572697479252c74727573746564275d766d6e657431707070306e6f6465766c6f6370757365742c61756469742c00a547a1c1a8296d60c6b9932f414fa12d9e1a714c003f9c6285da38153d02dad5d82b382b08d43d188b31610b225386e3a9a06eb9ba30a5b21ed1f250d1cded35662e9d82b55f0e63ef7806ee833815155069d8939538c08f34c17c840c687867de09a79c2f5e8aaf89ae40ee00"/294])
r0 = fanotify_init(0x0, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000280))
r1 = fanotify_init(0x0, 0x0)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000280))
fcntl$getflags(r1, 0x1)
r2 = dup3(0xffffffffffffffff, r0, 0x80000)
ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000000)=0x4)

[  198.015554][ T8748] device hsr_slave_0 entered promiscuous mode
[  198.071770][ T8748] device hsr_slave_1 entered promiscuous mode
[  198.114316][ T8750] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.121566][ T8750] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.129648][ T8750] device bridge_slave_0 entered promiscuous mode
10:48:40 executing program 4:
openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0)
ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f00000001c0)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$NBD_SET_TIMEOUT(r1, 0xab09, 0x2)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000280)=0x8, 0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
keyctl$get_persistent(0x16, 0x0, 0x0)
keyctl$reject(0x13, 0x0, 0xffffffff80000001, 0x0, 0xfffffffffffffffa)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x10)
r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r2)
add_key$keyring(&(0x7f0000000300)='\xff\x03\x00\x00\x11\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)
keyctl$get_keyring_id(0x0, r2, 0x7)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r3 = memfd_create(0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, r3)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
dup3(r4, 0xffffffffffffffff, 0x0)
r5 = accept(r4, 0x0, &(0x7f0000000000))
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f0000000100), 0x1)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000002c0)=@ipx, 0xffffffffffffff60, 0x0}}], 0x40000000000007c, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
getpgrp(0xffffffffffffffff)

[  198.156375][ T8756] IPVS: ftp: loaded support on port[0] = 21
[  198.165793][ T8750] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.177728][ T8750] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.186201][ T8750] device bridge_slave_1 entered promiscuous mode
[  198.234728][ T8750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.259926][ T8750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.402035][ T8750] team0: Port device team_slave_0 added
[  198.429057][ T8748] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.436318][ T8748] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.444234][ T8748] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.451299][ T8748] bridge0: port 1(bridge_slave_0) entered forwarding state
[  198.465059][ T8750] team0: Port device team_slave_1 added
[  198.486361][ T8754] chnl_net:caif_netlink_parms(): no params data found
10:48:40 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x2de, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0xc4b, 0x0, 0x800, 0x0, 0x0, 0x9, 0x4ce]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  198.589610][ T3610] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.609862][ T3610] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.694536][ T8750] device hsr_slave_0 entered promiscuous mode
[  198.731867][ T8750] device hsr_slave_1 entered promiscuous mode
[  198.761552][ T8750] debugfs: Directory 'hsr0' with parent '/' already present!
[  198.794340][ T8748] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.795909][ T8759] IPVS: ftp: loaded support on port[0] = 21
[  198.836218][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  198.846739][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  198.856208][ T8756] chnl_net:caif_netlink_parms(): no params data found
[  198.879872][ T8754] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.887500][ T8754] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.896050][ T8754] device bridge_slave_0 entered promiscuous mode
[  198.904527][ T8754] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.911640][ T8754] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.919434][ T8754] device bridge_slave_1 entered promiscuous mode
[  198.940649][ T8763] IPVS: ftp: loaded support on port[0] = 21
[  198.969232][ T8748] 8021q: adding VLAN 0 to HW filter on device team0
[  198.980153][ T8754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.992697][ T8754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.085135][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  199.094367][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  199.103471][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.110544][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.120369][ T8754] team0: Port device team_slave_0 added
[  199.128872][ T8756] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.136111][ T8756] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.144411][ T8756] device bridge_slave_0 entered promiscuous mode
[  199.157892][ T8756] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.165136][ T8756] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.174384][ T8756] device bridge_slave_1 entered promiscuous mode
[  199.202641][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.212479][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  199.221107][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.228357][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.236348][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  199.246409][ T8754] team0: Port device team_slave_1 added
[  199.284358][ T8756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.299463][ T8756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.327273][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  199.336964][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  199.345983][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  199.355095][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  199.378715][ T8759] chnl_net:caif_netlink_parms(): no params data found
[  199.434491][ T8754] device hsr_slave_0 entered promiscuous mode
[  199.471836][ T8754] device hsr_slave_1 entered promiscuous mode
[  199.541506][ T8754] debugfs: Directory 'hsr0' with parent '/' already present!
[  199.574895][ T8756] team0: Port device team_slave_0 added
[  199.587095][ T8756] team0: Port device team_slave_1 added
[  199.598585][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  199.609969][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  199.618504][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  199.627639][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  199.636683][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  199.645420][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  199.661743][ T8748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  199.754933][ T8756] device hsr_slave_0 entered promiscuous mode
[  199.791730][ T8756] device hsr_slave_1 entered promiscuous mode
[  199.841575][ T8756] debugfs: Directory 'hsr0' with parent '/' already present!
[  199.876201][ T8750] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.948908][ T8748] 8021q: adding VLAN 0 to HW filter on device batadv0
[  199.963416][ T8759] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.970501][ T8759] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.984751][ T8759] device bridge_slave_0 entered promiscuous mode
[  200.007080][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  200.018234][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  200.044403][ T8759] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.052639][ T8759] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.060478][ T8759] device bridge_slave_1 entered promiscuous mode
[  200.083674][ T8759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.100162][ T8750] 8021q: adding VLAN 0 to HW filter on device team0
[  200.113961][ T8763] chnl_net:caif_netlink_parms(): no params data found
[  200.136060][ T8759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.150335][ T3060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  200.158646][ T3060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.173907][ T3060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.186637][ T3060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.196413][ T3060] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.203664][ T3060] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.239844][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  200.305977][ T8759] team0: Port device team_slave_0 added
[  200.322756][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  200.337978][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  200.348443][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
10:48:42 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000014c0)='TIPCv2\x00')
sendmsg$nl_generic(r2, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000080)={0x14, r3, 0x1, 0x0, 0x0, {0xb}}, 0x14}}, 0x0)

[  200.355600][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.369424][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  200.378642][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.423831][ T8763] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.431099][ T8763] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.440712][ T8763] device bridge_slave_0 entered promiscuous mode
[  200.449763][ T8759] team0: Port device team_slave_1 added
[  200.487337][ T8750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  200.498522][ T8750] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  200.513495][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.522594][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.532472][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  200.541263][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.550132][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  200.558713][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  200.567918][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  200.576607][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  200.585126][ T8763] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.592731][ T8763] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.600608][ T8763] device bridge_slave_1 entered promiscuous mode
[  200.676086][ T8759] device hsr_slave_0 entered promiscuous mode
[  200.712389][ T8759] device hsr_slave_1 entered promiscuous mode
[  200.751525][ T8759] debugfs: Directory 'hsr0' with parent '/' already present!
[  200.764605][ T8754] 8021q: adding VLAN 0 to HW filter on device bond0
10:48:42 executing program 0:
r0 = epoll_create1(0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))

[  200.792565][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  200.802639][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  200.820309][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  200.832721][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
10:48:42 executing program 0:
r0 = epoll_create1(0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))

[  200.869413][ T8754] 8021q: adding VLAN 0 to HW filter on device team0
[  200.892701][ T8763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.907313][ T8763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
10:48:42 executing program 0:
r0 = epoll_create1(0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))

[  200.923527][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  200.932636][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.957820][ T8750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.003886][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.013869][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.022621][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.029697][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.037960][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  201.047123][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.055953][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.063091][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.093471][ T8756] 8021q: adding VLAN 0 to HW filter on device bond0
10:48:42 executing program 0:
r0 = epoll_create1(0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))

[  201.109527][ T8763] team0: Port device team_slave_0 added
[  201.120840][ T8763] team0: Port device team_slave_1 added
[  201.152141][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  201.169603][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
10:48:43 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000001280)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000004ffc)=0x7fffffff)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

[  201.193653][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  201.209870][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  201.219588][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  201.234434][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.246904][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  201.264726][ T8756] 8021q: adding VLAN 0 to HW filter on device team0
[  201.297890][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  201.306457][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  201.317168][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  201.374685][ T8763] device hsr_slave_0 entered promiscuous mode
[  201.411876][ T8763] device hsr_slave_1 entered promiscuous mode
[  201.451547][ T8763] debugfs: Directory 'hsr0' with parent '/' already present!
[  201.481105][ T8754] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  201.497238][ T8754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  201.527023][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  201.537654][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
10:48:43 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370)
lseek(r1, 0x203ffffd, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, 0x0)
ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, 0x0)
write$P9_RXATTRWALK(r1, &(0x7f0000000080)={0xf, 0x1f, 0x0, 0xd0}, 0x20000357)
mremap(&(0x7f0000433000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f000007f000/0x1000)=nil)
madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8)

[  201.547027][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.565222][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.577011][ T8772] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.584250][ T8772] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.598558][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  201.608659][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  201.620943][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  201.629846][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.642029][ T8772] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.643132][    C0] hrtimer: interrupt took 67691 ns
[  201.649220][ T8772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.706931][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  201.718474][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  201.731995][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  201.767388][ T8754] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.775939][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  201.802484][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  201.833328][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  201.840875][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  201.850234][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  201.890916][ T8759] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.909910][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  201.918976][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.938631][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  201.947793][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  201.956754][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  201.965301][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  201.974293][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
10:48:43 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370)
lseek(r1, 0x203ffffd, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, 0x0)
ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, 0x0)
write$P9_RXATTRWALK(r1, &(0x7f0000000080)={0xf, 0x1f, 0x0, 0xd0}, 0x20000357)
mremap(&(0x7f0000433000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f000007f000/0x1000)=nil)
madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8)

[  201.988958][ T8756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  202.030148][ T8759] 8021q: adding VLAN 0 to HW filter on device team0
[  202.048199][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  202.058894][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  202.070434][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  202.086644][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  202.099790][ T8756] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.159275][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  202.170961][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  202.198090][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.205256][ T8764] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.237118][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  202.247487][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  202.256274][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.263602][ T8764] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.272741][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  202.311168][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  202.319945][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  202.338890][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  202.360938][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  202.380026][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  202.397704][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  202.418556][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  202.428170][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  202.451073][ T8759] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  202.479821][ T8759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  202.513257][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  202.522714][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  202.543591][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  202.594797][ T8763] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.652059][ T8759] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.659303][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  202.681641][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  202.714913][ T8763] 8021q: adding VLAN 0 to HW filter on device team0
[  202.755770][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  202.767417][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  202.824764][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  202.840524][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  202.859165][ T8772] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.866444][ T8772] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.880637][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  202.899139][ T8772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  202.909479][ T8772] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.916631][ T8772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.954101][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  202.963611][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  202.989852][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  203.009418][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  203.025319][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  203.037714][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  203.048306][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  203.058860][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  203.075902][ T8763] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  203.086917][ T8763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  203.109370][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  203.118304][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  203.127549][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  203.137415][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  203.162246][ T8763] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.177558][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  203.185992][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  203.203178][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  203.371729][ T8849] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  203.662275][ T8854] kvm: pic: non byte read
[  203.666915][ T8854] kvm: pic: non byte read
[  203.671795][ T8854] kvm: pic: non byte read
10:48:47 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x2de, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0xc4b, 0x0, 0x800, 0x0, 0x0, 0x9, 0x4ce]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

10:48:47 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000001280)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000004ffc)=0x7fffffff)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

10:48:47 executing program 3:
r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0)

10:48:47 executing program 4:
openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0)
ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f00000001c0)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$NBD_SET_TIMEOUT(r1, 0xab09, 0x2)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000280)=0x8, 0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
keyctl$get_persistent(0x16, 0x0, 0x0)
keyctl$reject(0x13, 0x0, 0xffffffff80000001, 0x0, 0xfffffffffffffffa)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x10)
r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r2)
add_key$keyring(&(0x7f0000000300)='\xff\x03\x00\x00\x11\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)
keyctl$get_keyring_id(0x0, r2, 0x7)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r3 = memfd_create(0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, r3)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
dup3(r4, 0xffffffffffffffff, 0x0)
r5 = accept(r4, 0x0, &(0x7f0000000000))
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f0000000100), 0x1)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000002c0)=@ipx, 0xffffffffffffff60, 0x0}}], 0x40000000000007c, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
getpgrp(0xffffffffffffffff)

10:48:47 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370)
lseek(r1, 0x203ffffd, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, 0x0)
ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, 0x0)
write$P9_RXATTRWALK(r1, &(0x7f0000000080)={0xf, 0x1f, 0x0, 0xd0}, 0x20000357)
mremap(&(0x7f0000433000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f000007f000/0x1000)=nil)
madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8)

10:48:47 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x2de, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0xc4b, 0x0, 0x800, 0x0, 0x0, 0x9, 0x4ce]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  205.274292][ T8862] ==================================================================
[  205.282619][ T8862] BUG: KASAN: use-after-free in snd_timer_open+0x100a/0x1150
[  205.290008][ T8862] Read of size 8 at addr ffff888098972c78 by task syz-executor.3/8862
[  205.298163][ T8862] 
[  205.300514][ T8862] CPU: 1 PID: 8862 Comm: syz-executor.3 Not tainted 5.4.0-rc6-next-20191111 #0
[  205.309463][ T8862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.319526][ T8862] Call Trace:
[  205.322831][ T8862]  dump_stack+0x197/0x210
[  205.327169][ T8862]  ? snd_timer_open+0x100a/0x1150
[  205.332192][ T8862]  print_address_description.constprop.0.cold+0xd4/0x30b
[  205.339206][ T8862]  ? snd_timer_open+0x100a/0x1150
[  205.344320][ T8862]  ? snd_timer_open+0x100a/0x1150
[  205.349337][ T8862]  __kasan_report.cold+0x1b/0x41
[  205.356958][ T8862]  ? snd_timer_open+0x100a/0x1150
[  205.361987][ T8862]  kasan_report+0x12/0x20
[  205.366299][ T8862]  __asan_report_load8_noabort+0x14/0x20
[  205.371924][ T8862]  snd_timer_open+0x100a/0x1150
[  205.376759][ T8862]  ? snd_timer_close_locked+0xbd0/0xbd0
[  205.382286][ T8862]  ? kstrdup+0x5a/0x70
[  205.386344][ T8862]  snd_seq_timer_open+0x27f/0x590
[  205.391380][ T8862]  ? snd_seq_timer_set_skew+0xc0/0xc0
[  205.396748][ T8862]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  205.402546][ T8862]  ? snd_seq_timer_defaults+0x389/0x470
[  205.408695][ T8862]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  205.414497][ T8862]  ? lockdep_hardirqs_on+0x421/0x5e0
[  205.419888][ T8862]  ? _raw_spin_unlock_irqrestore+0x9f/0xe0
[  205.425687][ T8862]  queue_use+0xf1/0x270
[  205.429838][ T8862]  snd_seq_queue_alloc+0x2c5/0x4d0
[  205.435025][ T8862]  snd_seq_ioctl_create_queue+0xb0/0x330
[  205.440744][ T8862]  snd_seq_kernel_client_ctl+0xf8/0x140
[  205.446736][ T8862]  alloc_seq_queue.isra.0+0xdc/0x180
[  205.452882][ T8862]  ? delete_port+0xd0/0xd0
[  205.457329][ T8862]  snd_seq_oss_open+0x2ff/0x960
[  205.462172][ T8862]  odev_open+0x70/0x90
[  205.466239][ T8862]  ? odev_release+0x80/0x80
[  205.470821][ T8862]  soundcore_open+0x453/0x610
[  205.475492][ T8862]  ? sound_devnode+0x100/0x100
[  205.480259][ T8862]  chrdev_open+0x245/0x6b0
[  205.486241][ T8862]  ? cdev_put.part.0+0x50/0x50
[  205.491000][ T8862]  ? security_file_open+0x87/0x300
[  205.497021][ T8862]  do_dentry_open+0x4e6/0x1380
[  205.501972][ T8862]  ? __kasan_check_read+0x11/0x20
[  205.506993][ T8862]  ? cdev_put.part.0+0x50/0x50
[  205.511874][ T8862]  ? chown_common+0x5c0/0x5c0
[  205.516544][ T8862]  ? inode_permission+0xb4/0x520
[  205.521488][ T8862]  vfs_open+0xa0/0xd0
[  205.525587][ T8862]  path_openat+0x10e4/0x4710
[  205.530157][ T8862]  ? save_stack+0x23/0x90
[  205.534472][ T8862]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  205.540259][ T8862]  ? kasan_slab_alloc+0xf/0x20
[  205.545027][ T8862]  ? kmem_cache_alloc+0x121/0x710
[  205.550058][ T8862]  ? getname_flags+0xd6/0x5b0
[  205.554726][ T8862]  ? getname+0x1a/0x20
[  205.559056][ T8862]  ? path_lookupat.isra.0+0x8d0/0x8d0
[  205.564415][ T8862]  ? __lock_acquire+0x16f2/0x4a00
[  205.569692][ T8862]  ? __alloc_fd+0x487/0x620
[  205.574177][ T8862]  do_filp_open+0x1a1/0x280
[  205.578836][ T8862]  ? may_open_dev+0x100/0x100
[  205.583591][ T8862]  ? __kasan_check_read+0x11/0x20
[  205.588612][ T8862]  ? do_raw_spin_unlock+0x57/0x270
[  205.593718][ T8862]  do_sys_open+0x3fe/0x5d0
[  205.598125][ T8862]  ? filp_open+0x80/0x80
[  205.602354][ T8862]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.607794][ T8862]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  205.613992][ T8862]  ? do_syscall_64+0x26/0x760
[  205.618659][ T8862]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.624716][ T8862]  ? do_syscall_64+0x26/0x760
[  205.629389][ T8862]  __x64_sys_openat+0x9d/0x100
[  205.634147][ T8862]  do_syscall_64+0xfa/0x760
[  205.638640][ T8862]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.644793][ T8862] RIP: 0033:0x45a219
[  205.648688][ T8862] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  205.668382][ T8862] RSP: 002b:00007f8d3d391c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  205.677517][ T8862] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
[  205.685479][ T8862] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  205.693445][ T8862] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  205.703158][ T8862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d3d3926d4
[  205.711125][ T8862] R13: 00000000004c735b R14: 00000000004dcfa0 R15: 00000000ffffffff
[  205.719093][ T8862] 
[  205.721403][ T8862] Allocated by task 8862:
[  205.726356][ T8862]  save_stack+0x23/0x90
[  205.730500][ T8862]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  205.736122][ T8862]  kasan_kmalloc+0x9/0x10
[  205.740442][ T8862]  kmem_cache_alloc_trace+0x158/0x790
[  205.745857][ T8862]  snd_timer_instance_new+0x4a/0x300
[  205.751132][ T8862]  __snd_timer_user_ioctl.isra.0+0x665/0x2070
[  205.757184][ T8862]  snd_timer_user_ioctl+0x7a/0xa7
[  205.762189][ T8862]  do_vfs_ioctl+0x977/0x14e0
[  205.766759][ T8862]  ksys_ioctl+0xab/0xd0
[  205.770893][ T8862]  __x64_sys_ioctl+0x73/0xb0
[  205.775640][ T8862]  do_syscall_64+0xfa/0x760
[  205.780127][ T8862]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.785993][ T8862] 
[  205.788305][ T8862] Freed by task 8862:
[  205.792282][ T8862]  save_stack+0x23/0x90
[  205.796417][ T8862]  __kasan_slab_free+0x102/0x150
[  205.801361][ T8862]  kasan_slab_free+0xe/0x10
[  205.806289][ T8862]  kfree+0x10a/0x2c0
[  205.810166][ T8862]  snd_timer_instance_free+0x7c/0xa0
[  205.815434][ T8862]  __snd_timer_user_ioctl.isra.0+0x160d/0x2070
[  205.821566][ T8862]  snd_timer_user_ioctl+0x7a/0xa7
[  205.826576][ T8862]  do_vfs_ioctl+0x977/0x14e0
[  205.831405][ T8862]  ksys_ioctl+0xab/0xd0
[  205.835542][ T8862]  __x64_sys_ioctl+0x73/0xb0
[  205.840130][ T8862]  do_syscall_64+0xfa/0x760
[  205.848789][ T8862]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.854745][ T8862] 
[  205.857159][ T8862] The buggy address belongs to the object at ffff888098972c00
[  205.857159][ T8862]  which belongs to the cache kmalloc-256 of size 256
[  205.871206][ T8862] The buggy address is located 120 bytes inside of
[  205.871206][ T8862]  256-byte region [ffff888098972c00, ffff888098972d00)
[  205.885075][ T8862] The buggy address belongs to the page:
[  205.890711][ T8862] page:ffffea0002625c80 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0
[  205.899805][ T8862] flags: 0x1fffc0000000200(slab)
[  205.904834][ T8862] raw: 01fffc0000000200 ffffea00023bdac8 ffff8880aa401648 ffff8880aa4008c0
[  205.913663][ T8862] raw: 0000000000000000 ffff888098972000 0000000100000008 0000000000000000
[  205.922223][ T8862] page dumped because: kasan: bad access detected
[  205.928693][ T8862] 
[  205.930999][ T8862] Memory state around the buggy address:
[  205.936612][ T8862]  ffff888098972b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  205.944665][ T8862]  ffff888098972b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  205.952708][ T8862] >ffff888098972c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.960755][ T8862]                                                                 ^
[  205.968720][ T8862]  ffff888098972c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.976761][ T8862]  ffff888098972d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  205.984799][ T8862] ==================================================================
[  205.992846][ T8862] Disabling lock debugging due to kernel taint
[  206.041444][ T8862] Kernel panic - not syncing: panic_on_warn set ...
[  206.048967][ T8862] CPU: 1 PID: 8862 Comm: syz-executor.3 Tainted: G    B             5.4.0-rc6-next-20191111 #0
[  206.059462][ T8862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  206.069699][ T8862] Call Trace:
[  206.072997][ T8862]  dump_stack+0x197/0x210
[  206.077328][ T8862]  panic+0x2e3/0x75c
[  206.081229][ T8862]  ? add_taint.cold+0x16/0x16
[  206.086020][ T8862]  ? snd_timer_open+0x100a/0x1150
10:48:47 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000001280)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000004ffc)=0x7fffffff)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001840)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

[  206.091055][ T8862]  ? preempt_schedule+0x4b/0x60
[  206.096021][ T8862]  ? ___preempt_schedule+0x16/0x18
[  206.101225][ T8862]  ? trace_hardirqs_on+0x5e/0x240
[  206.106303][ T8862]  ? snd_timer_open+0x100a/0x1150
[  206.111340][ T8862]  end_report+0x47/0x4f
[  206.115497][ T8862]  ? snd_timer_open+0x100a/0x1150
[  206.120524][ T8862]  __kasan_report.cold+0xe/0x41
[  206.126344][ T8862]  ? snd_timer_open+0x100a/0x1150
[  206.131377][ T8862]  kasan_report+0x12/0x20
[  206.135718][ T8862]  __asan_report_load8_noabort+0x14/0x20
[  206.141362][ T8862]  snd_timer_open+0x100a/0x1150
[  206.146238][ T8862]  ? snd_timer_close_locked+0xbd0/0xbd0
[  206.146563][ T4001] kobject: 'loop0' (00000000238834c5): kobject_uevent_env
[  206.151781][ T8862]  ? kstrdup+0x5a/0x70
[  206.151801][ T8862]  snd_seq_timer_open+0x27f/0x590
[  206.151812][ T8862]  ? snd_seq_timer_set_skew+0xc0/0xc0
[  206.151831][ T8862]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  206.159671][ T4001] kobject: 'loop0' (00000000238834c5): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  206.163684][ T8862]  ? snd_seq_timer_defaults+0x389/0x470
[  206.163698][ T8862]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  206.163714][ T8862]  ? lockdep_hardirqs_on+0x421/0x5e0
[  206.163727][ T8862]  ? _raw_spin_unlock_irqrestore+0x9f/0xe0
[  206.163742][ T8862]  queue_use+0xf1/0x270
[  206.217278][ T8862]  snd_seq_queue_alloc+0x2c5/0x4d0
[  206.222408][ T8862]  snd_seq_ioctl_create_queue+0xb0/0x330
[  206.228068][ T8862]  snd_seq_kernel_client_ctl+0xf8/0x140
[  206.233718][ T8862]  alloc_seq_queue.isra.0+0xdc/0x180
[  206.239013][ T8862]  ? delete_port+0xd0/0xd0
[  206.243806][ T8862]  snd_seq_oss_open+0x2ff/0x960
[  206.248667][ T8862]  odev_open+0x70/0x90
[  206.253951][ T8862]  ? odev_release+0x80/0x80
[  206.258451][ T8862]  soundcore_open+0x453/0x610
[  206.263130][ T8862]  ? sound_devnode+0x100/0x100
[  206.267880][ T8862]  chrdev_open+0x245/0x6b0
[  206.272365][ T8862]  ? cdev_put.part.0+0x50/0x50
[  206.277113][ T8862]  ? security_file_open+0x87/0x300
[  206.282741][ T8862]  do_dentry_open+0x4e6/0x1380
[  206.287497][ T8862]  ? __kasan_check_read+0x11/0x20
[  206.292512][ T8862]  ? cdev_put.part.0+0x50/0x50
[  206.297270][ T8862]  ? chown_common+0x5c0/0x5c0
[  206.302128][ T8862]  ? inode_permission+0xb4/0x520
[  206.307046][ T8862]  vfs_open+0xa0/0xd0
[  206.311008][ T8862]  path_openat+0x10e4/0x4710
[  206.316381][ T8862]  ? save_stack+0x23/0x90
[  206.320704][ T8862]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  206.326607][ T8862]  ? kasan_slab_alloc+0xf/0x20
[  206.331356][ T8862]  ? kmem_cache_alloc+0x121/0x710
[  206.336361][ T8862]  ? getname_flags+0xd6/0x5b0
[  206.341462][ T8862]  ? getname+0x1a/0x20
[  206.345517][ T8862]  ? path_lookupat.isra.0+0x8d0/0x8d0
[  206.350875][ T8862]  ? __lock_acquire+0x16f2/0x4a00
[  206.356056][ T8862]  ? __alloc_fd+0x487/0x620
[  206.360538][ T8862]  do_filp_open+0x1a1/0x280
[  206.365018][ T8862]  ? may_open_dev+0x100/0x100
[  206.369678][ T8862]  ? __kasan_check_read+0x11/0x20
[  206.374677][ T8862]  ? do_raw_spin_unlock+0x57/0x270
[  206.379774][ T8862]  do_sys_open+0x3fe/0x5d0
[  206.384174][ T8862]  ? filp_open+0x80/0x80
[  206.388848][ T8862]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  206.394298][ T8862]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  206.399752][ T8862]  ? do_syscall_64+0x26/0x760
[  206.404433][ T8862]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  206.410481][ T8862]  ? do_syscall_64+0x26/0x760
[  206.415144][ T8862]  __x64_sys_openat+0x9d/0x100
[  206.419891][ T8862]  do_syscall_64+0xfa/0x760
[  206.424393][ T8862]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  206.430618][ T8862] RIP: 0033:0x45a219
[  206.434495][ T8862] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  206.454806][ T8862] RSP: 002b:00007f8d3d391c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  206.463472][ T8862] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
[  206.471698][ T8862] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c
[  206.479676][ T8862] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  206.487636][ T8862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d3d3926d4
[  206.495595][ T8862] R13: 00000000004c735b R14: 00000000004dcfa0 R15: 00000000ffffffff
[  206.505761][ T8862] Kernel Offset: disabled
[  206.510235][ T8862] Rebooting in 86400 seconds..