device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
audit: type=1804 audit(1569393210.146:107): pid=22359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir856972253/syzkaller.zscK1T/113/file0/file0" dev="loop2" ino=10 res=1
------------[ cut here ]------------
kernel BUG at fs/buffer.c:553!
team0 (unregistering): Port device team_slave_0 removed
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
kobject: 'batman_adv' (00000000a30501b0): kobject_uevent_env
CPU: 1 PID: 22359 Comm: syz-executor.2 Not tainted 4.19.75 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:mark_buffer_dirty_inode fs/buffer.c:553 [inline]
RIP: 0010:mark_buffer_dirty_inode+0x30f/0x410 fs/buffer.c:544
kobject: 'batman_adv' (00000000a30501b0): kobject_uevent_env: filter function caused the event to drop!
Code: 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 4d 4c 89 63 58 4c 89 ef e8 2b 4d 3b 05 e9 ee fd ff ff e8 61 7b b2 ff <0f> 0b 4c 89 ff e8 d7 0e e9 ff e9 d3 fd ff ff e8 cd 0e e9 ff e9 5b
RSP: 0018:ffff888045fff5c0 EFLAGS: 00010212
RAX: 0000000000040000 RBX: ffff888040d4e000 RCX: ffffc90006078000
RDX: 00000000000228f3 RSI: ffffffff81b8e71f RDI: ffff888040d61470
RBP: ffff888045fff600 R08: ffff888056f24340 R09: 0000000000000004
kobject: 'batman_adv' (00000000a30501b0): kobject_cleanup, parent           (null)
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: ffff888040d61310
R13: 0000000000000000 R14: ffff8880a6d61a58 R15: ffff88807d5ac300
FS:  00007fb74a82a700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
kobject: 'batman_adv' (00000000a30501b0): calling ktype release
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2d891c5518 CR3: 0000000085373000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
kobject: (00000000a30501b0): dynamic_kobj_release
 fat16_ent_put+0xd2/0x110 fs/fat/fatent.c:182
kobject: 'batman_adv': free name
 fat_free_clusters+0x3de/0x990 fs/fat/fatent.c:594
kobject: 'rx-0' (0000000088ed71d5): kobject_cleanup, parent 000000003f8de65c
kobject: 'rx-0' (0000000088ed71d5): auto cleanup 'remove' event
 fat_free fs/fat/file.c:384 [inline]
 fat_truncate_blocks+0x763/0xc10 fs/fat/file.c:402
kobject: 'rx-0' (0000000088ed71d5): kobject_uevent_env
kobject: 'rx-0' (0000000088ed71d5): kobject_uevent_env: uevent_suppress caused the event to drop!
 fat_setattr+0x806/0xc80 fs/fat/file.c:546
kobject: 'rx-0' (0000000088ed71d5): auto cleanup kobject_del
 notify_change+0xad7/0xfb0 fs/attr.c:334
 do_truncate+0x158/0x220 fs/open.c:63
kobject: 'rx-0' (0000000088ed71d5): calling ktype release
kobject: 'rx-0': free name
 handle_truncate fs/namei.c:3008 [inline]
 do_last fs/namei.c:3424 [inline]
 path_openat+0x2c27/0x45e0 fs/namei.c:3534
kobject: 'tx-0' (00000000908ae3f7): kobject_cleanup, parent 000000003f8de65c
kobject: 'tx-0' (00000000908ae3f7): auto cleanup 'remove' event
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
kobject: 'tx-0' (00000000908ae3f7): kobject_uevent_env
kobject: 'tx-0' (00000000908ae3f7): kobject_uevent_env: uevent_suppress caused the event to drop!
 do_sys_open+0x3fe/0x550 fs/open.c:1088
kobject: 'tx-0' (00000000908ae3f7): auto cleanup kobject_del
kobject: 'tx-0' (00000000908ae3f7): calling ktype release
kobject: 'tx-0': free name
 ksys_open include/linux/syscalls.h:1276 [inline]
 __do_sys_creat fs/open.c:1146 [inline]
 __se_sys_creat fs/open.c:1144 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1144
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
kobject: 'queues' (000000003f8de65c): kobject_cleanup, parent           (null)
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459a29
kobject: 'queues' (000000003f8de65c): calling ktype release
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb74a829c78 EFLAGS: 00000246
kobject: 'queues' (000000003f8de65c): kset_release
 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459a29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
kobject: 'queues': free name
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb74a82a6d4
R13: 00000000004c0089 R14: 00000000004d2098 R15: 00000000ffffffff
kobject: 'veth0_to_team' (00000000fdb8a76d): kobject_uevent_env
Modules linked in:
---[ end trace aa5153f2916cce7f ]---
kobject: 'veth0_to_team' (00000000fdb8a76d): kobject_uevent_env: uevent_suppress caused the event to drop!
RIP: 0010:mark_buffer_dirty_inode fs/buffer.c:553 [inline]
RIP: 0010:mark_buffer_dirty_inode+0x30f/0x410 fs/buffer.c:544
kobject: 'bonding_slave' (0000000007d91c52): kobject_cleanup, parent 00000000496e13a4
Code: 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 4d 4c 89 63 58 4c 89 ef e8 2b 4d 3b 05 e9 ee fd ff ff e8 61 7b b2 ff <0f> 0b 4c 89 ff e8 d7 0e e9 ff e9 d3 fd ff ff e8 cd 0e e9 ff e9 5b
kobject: 'bonding_slave' (0000000007d91c52): does not have a release() function, it is broken and must be fixed.
RSP: 0018:ffff888045fff5c0 EFLAGS: 00010212
kobject: 'bonding_slave' (0000000007d91c52): auto cleanup kobject_del
kobject: 'bonding_slave': free name
RAX: 0000000000040000 RBX: ffff888040d4e000 RCX: ffffc90006078000
bond0 (unregistering): Releasing backup interface bond_slave_1
kobject: 'batman_adv' (00000000ca34ac38): kobject_uevent_env
RDX: 00000000000228f3 RSI: ffffffff81b8e71f RDI: ffff888040d61470
kobject: 'batman_adv' (00000000ca34ac38): kobject_uevent_env: filter function caused the event to drop!
RBP: ffff888045fff600 R08: ffff888056f24340 R09: 0000000000000004
kobject: 'batman_adv' (00000000ca34ac38): kobject_cleanup, parent           (null)
R10: ffffed1015d24732 R11: ffff8880ae923993 R12: ffff888040d61310
kobject: 'batman_adv' (00000000ca34ac38): calling ktype release
R13: 0000000000000000 R14: ffff8880a6d61a58 R15: ffff88807d5ac300
kobject: (00000000ca34ac38): dynamic_kobj_release
FS:  00007fb74a82a700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000022f8f40 CR3: 0000000085373000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400