[info] Using makefile-style concurrent boot in runlevel 2. [ 23.828450] audit: type=1800 audit(1541649667.689:21): pid=5498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.860097] audit: type=1800 audit(1541649667.699:22): pid=5498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.301024] sshd (5640) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. 2018/11/08 04:01:31 fuzzer started 2018/11/08 04:01:33 dialing manager at 10.128.0.26:34255 2018/11/08 04:01:33 syscalls: 1 2018/11/08 04:01:33 code coverage: enabled 2018/11/08 04:01:33 comparison tracing: enabled 2018/11/08 04:01:33 setuid sandbox: enabled 2018/11/08 04:01:33 namespace sandbox: enabled 2018/11/08 04:01:33 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/08 04:01:33 fault injection: enabled 2018/11/08 04:01:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/08 04:01:33 net packed injection: enabled 2018/11/08 04:01:33 net device setup: enabled 04:04:33 executing program 0: [ 229.503212] IPVS: ftp: loaded support on port[0] = 21 04:04:33 executing program 1: [ 229.769356] IPVS: ftp: loaded support on port[0] = 21 04:04:33 executing program 2: [ 230.029474] IPVS: ftp: loaded support on port[0] = 21 04:04:34 executing program 3: [ 230.468215] IPVS: ftp: loaded support on port[0] = 21 04:04:34 executing program 4: [ 230.850815] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.857898] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.866112] device bridge_slave_0 entered promiscuous mode [ 230.974506] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.990558] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.001139] device bridge_slave_1 entered promiscuous mode [ 231.157175] IPVS: ftp: loaded support on port[0] = 21 [ 231.172647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 04:04:35 executing program 5: [ 231.310770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 231.531049] IPVS: ftp: loaded support on port[0] = 21 [ 231.700606] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.758169] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.783894] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.809688] device bridge_slave_0 entered promiscuous mode [ 231.828340] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.931105] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.939066] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.951038] device bridge_slave_1 entered promiscuous mode [ 231.962918] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.979594] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.003662] device bridge_slave_0 entered promiscuous mode [ 232.072705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.141255] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.147762] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.161259] device bridge_slave_1 entered promiscuous mode [ 232.200784] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.330629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.430379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.454706] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.480114] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.487443] device bridge_slave_0 entered promiscuous mode [ 232.502265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.518850] team0: Port device team_slave_0 added [ 232.546338] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.630210] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.639169] team0: Port device team_slave_1 added [ 232.646741] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.655407] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.669294] device bridge_slave_1 entered promiscuous mode [ 232.688738] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.759930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.767174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.789006] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.815647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 232.825469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.842859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 232.859853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.925473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.935937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.947843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.964159] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.988871] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 233.008493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.026512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.041216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.114960] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.146515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.171483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.397542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 233.411260] team0: Port device team_slave_0 added [ 233.446034] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.542112] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 233.557317] team0: Port device team_slave_1 added [ 233.567116] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.599998] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 233.607391] team0: Port device team_slave_0 added [ 233.642687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.650614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.659089] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.678230] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.684809] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.700972] device bridge_slave_0 entered promiscuous mode [ 233.708923] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.716938] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.725593] device bridge_slave_0 entered promiscuous mode [ 233.737081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 233.746556] team0: Port device team_slave_1 added [ 233.754095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 233.777460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.790811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.802402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.821043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.840636] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.847006] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.860750] device bridge_slave_1 entered promiscuous mode [ 233.872559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.881587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.890336] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.896756] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.911387] device bridge_slave_1 entered promiscuous mode [ 233.918781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.950615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.958202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.972611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.980776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.000504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.021129] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.030884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.061932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.115928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.123839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.133776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.145912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.157817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.169818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.178788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.202500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.291344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.299223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.314749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.355630] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.370680] team0: Port device team_slave_0 added [ 234.530337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.546483] team0: Port device team_slave_1 added [ 234.578808] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.603721] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.610216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.617359] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.623795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.633216] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.647005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 234.655800] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.681039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.696294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.754997] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.770052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 234.790806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.798685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.824313] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.892982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.911321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.931640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.942075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.973354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.990554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.000642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.132687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.142363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.165374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.305352] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.321298] team0: Port device team_slave_0 added [ 235.417369] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.431094] team0: Port device team_slave_1 added [ 235.439057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.472548] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.496396] team0: Port device team_slave_0 added [ 235.513851] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.520290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.526960] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.533395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.567654] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.577309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.604439] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.640842] team0: Port device team_slave_1 added [ 235.646046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.655739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.705606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.720301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.734371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.753703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.781168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.789037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.817326] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.832430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.851170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.881962] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.888359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.895107] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.901521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.918075] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.935635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.956920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.970565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.992111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.010654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.042214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.146366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.177747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.193579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.283350] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.297927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.307718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.440443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.454760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.591756] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.598176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.604875] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.611267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.655837] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.313236] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.319629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.326329] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.332748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.370821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.480944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.492858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.515958] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.522408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.529093] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.535522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.544712] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 238.521203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.510206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.868012] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.301327] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.307536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.321074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.443524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.480521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.727073] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.888676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.947610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.319516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.331154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.345310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.376780] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.394534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.414003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.705315] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.718496] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.874646] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.102385] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.168353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.262708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.568398] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.580080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.595281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.623768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.647500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.972620] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.014281] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.030774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.045320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.128580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.137502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.146558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.500935] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.510426] 8021q: adding VLAN 0 to HW filter on device team0 04:04:47 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:47 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:48 executing program 1: 04:04:48 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:48 executing program 1: 04:04:48 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:48 executing program 1: 04:04:48 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:48 executing program 2: 04:04:49 executing program 3: 04:04:49 executing program 4: 04:04:49 executing program 1: 04:04:49 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:49 executing program 2: 04:04:49 executing program 3: 04:04:49 executing program 5: 04:04:49 executing program 3: 04:04:49 executing program 1: 04:04:49 executing program 5: r0 = inotify_init1(0x0) close(r0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000000)) 04:04:49 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) wait4(r1, 0x0, 0x60000000, 0x0) 04:04:49 executing program 2: r0 = socket$inet6(0xa, 0x4000004, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000380)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000080)=0x54) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000a00)={0x0, 0xb54}, &(0x7f0000000ec0)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={r3, 0x7ff, 0x3, 0x0, 0x2}, &(0x7f0000000640)=0x14) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000980)={r4, 0x88}, 0x8) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000009c0)={r5}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r6, 0x114, 0xa, &(0x7f0000000180)={0x1, "81"}, 0x2) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) accept4$nfc_llcp(r1, &(0x7f0000001280), &(0x7f0000001300)=0x60, 0x800) setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r5, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r5, &(0x7f0000a88f88), 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r7, &(0x7f0000000740)=[{&(0x7f0000000580)=""/8, 0x8}, {&(0x7f0000000d40)=""/189, 0xbd}, {&(0x7f0000000e00)=""/159, 0x9f}], 0x3) sendto$inet(r5, &(0x7f0000000380)="771d5314acf68d1a25bc579d58d6247542c4ac05d35a2c6a32b764260774e40be0307934b0ddccab70d63fe6adaef284eea1497689aca6b76064d435615a44ab1ce5d37972c7cad596a18dec76b62945d3ca3c996aea4848df6ff66c3699dc4b2f68e30401dc1c21df444f42e979cbc8769ebba0b0c12c971b951fb58730dad562378755c7219ead359d1866775ca9b6a7b10f7eb68b655e7b9b37909f946d7e6e1a9e6ce7e8ba9b10104d9b1eae59b2894b9918f84b958966deaf7523b13b40713950924399715e7886b781f80248d70f9c5c432bbc799eb5e7a5b35176", 0xde, 0x4000, 0x0, 0x0) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000100), 0x4) 04:04:49 executing program 0: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:49 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) 04:04:49 executing program 1: 04:04:49 executing program 5: 04:04:49 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r1, 0x1) flock(r0, 0x2) 04:04:49 executing program 1: openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000280), &(0x7f0000000380)=0x4) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) request_key(&(0x7f0000000040)='big_key\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000100)='\x00', 0x0) close(r0) socket(0x0, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) 04:04:49 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 04:04:49 executing program 2: capset(&(0x7f00000003c0), &(0x7f0000000400)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000280), &(0x7f0000000380)=0x4) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) close(r0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000300)) socket(0x0, 0x0, 0x0) keyctl$update(0x2, 0x0, &(0x7f0000000440), 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) 04:04:49 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:49 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x3, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0xb8, 0xb8, 0x108, [@limit={'limit\x00', 0x20, {{0x7fffffff}}}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 245.922200] kasan: CONFIG_KASAN_INLINE enabled [ 245.945754] ================================================================== [ 245.953368] BUG: KASAN: use-after-free in locks_remove_flock+0x33c/0x350 [ 245.960224] Read of size 8 at addr ffff8801d8730d50 by task syz-executor3/7285 [ 245.967583] [ 245.969236] CPU: 1 PID: 7285 Comm: syz-executor3 Not tainted 4.20.0-rc1-next-20181107+ #107 [ 245.973089] kernel msg: ebtables bug: please report to author: Total nentries is wrong [ 245.977727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.977737] Call Trace: [ 245.977821] dump_stack+0x244/0x39d [ 245.977842] ? dump_stack_print_info.cold.1+0x20/0x20 [ 245.988076] kernel msg: ebtables bug: please report to author: Total nentries is wrong [ 245.995319] ? printk+0xa7/0xcf [ 245.995337] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 246.018123] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 246.022854] print_address_description.cold.7+0x9/0x1ff [ 246.022873] kasan_report.cold.8+0x242/0x309 [ 246.035597] ? locks_remove_flock+0x33c/0x350 [ 246.044584] __asan_report_load8_noabort+0x14/0x20 [ 246.049536] locks_remove_flock+0x33c/0x350 [ 246.053882] ? flock_lock_inode+0x11c0/0x11c0 [ 246.058475] ? is_bpf_text_address+0xd3/0x170 [ 246.061312] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 246.063483] ? kernel_text_address+0x79/0xf0 [ 246.069637] CPU: 0 PID: 7284 Comm: syz-executor3 Not tainted 4.20.0-rc1-next-20181107+ #107 [ 246.074029] ? __kernel_text_address+0xd/0x40 [ 246.082511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.087021] ? unwind_get_return_address+0x61/0xa0 [ 246.096328] RIP: 0010:locks_remove_flock+0x216/0x350 [ 246.101270] ? save_stack+0xa9/0xd0 [ 246.106338] Code: 00 0f 85 3a 01 00 00 48 8b 5b 98 48 85 db 74 3a e8 1f 41 92 ff 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 17 01 00 00 48 8b 5b 08 48 85 db 74 0d e8 f2 40 [ 246.109945] ? save_stack+0x43/0xd0 [ 246.128835] RSP: 0018:ffff88018c797880 EFLAGS: 00010202 [ 246.132455] ? __kasan_slab_free+0x102/0x150 [ 246.137809] RAX: dffffc0000000000 RBX: 0000000041b58ab3 RCX: ffffffff81ed555d [ 246.142227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.149447] RDX: 000000000836b157 RSI: ffffffff81ed5c71 RDI: 0000000041b58abb [ 246.154973] locks_remove_file+0x148/0x5c0 [ 246.162223] RBP: ffff88018c797a60 R08: ffff880187460180 R09: ffffed003b5e5b67 [ 246.166441] ? fcntl_setlk+0xfc0/0xfc0 [ 246.173691] R10: ffffed003b5e5b67 R11: ffff8801daf2db3b R12: ffff8801d1fc6000 [ 246.177617] ? fsnotify_first_mark+0x350/0x350 [ 246.184815] R13: ffff88018c7978f8 R14: 1ffff100318f2f13 R15: dffffc0000000000 [ 246.189382] ? __fsnotify_parent+0xcc/0x420 [ 246.196647] FS: 0000000002141940(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 246.200977] ? perf_trace_sched_process_exec+0x860/0x860 [ 246.209157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 246.214596] ? fsnotify+0xf20/0xf20 [ 246.220458] CR2: 00000000017b4ac0 CR3: 00000001b7b3a000 CR4: 00000000001406f0 [ 246.224067] ? __might_sleep+0x95/0x190 [ 246.231319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 246.235336] __fput+0x2f0/0xa70 [ 246.242527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 246.245797] ? get_max_files+0x20/0x20 [ 246.253048] Call Trace: [ 246.256937] ? trace_hardirqs_on+0xbd/0x310 [ 246.259489] ? flock_lock_inode+0x11c0/0x11c0 [ 246.263790] ? kasan_check_read+0x11/0x20 [ 246.268315] ? mark_held_locks+0x130/0x130 [ 246.272405] ? task_work_run+0x1af/0x2a0 [ 246.276621] ? wake_up_new_task+0x6f7/0xcf0 [ 246.280662] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.285005] ? exit_robust_list+0x280/0x280 [ 246.290056] ? kmem_cache_free+0x24f/0x290 [ 246.294359] ? trace_hardirqs_on+0xbd/0x310 [ 246.298577] ____fput+0x15/0x20 [ 246.302874] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 246.306137] task_work_run+0x1e8/0x2a0 [ 246.311653] ? locks_remove_posix+0x486/0x850 [ 246.315519] ? task_work_cancel+0x240/0x240 [ 246.319996] ? vfs_lock_file+0xe0/0xe0 [ 246.324296] ? task_work_add+0x123/0x1e0 [ 246.328164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.332204] ? cpumask_weight.constprop.5+0x3f/0x3f [ 246.337820] locks_remove_file+0x148/0x5c0 [ 246.342854] exit_to_usermode_loop+0x318/0x380 [ 246.347042] ? fcntl_setlk+0xfc0/0xfc0 [ 246.351605] ? __bpf_trace_sys_exit+0x30/0x30 [ 246.355474] ? fsnotify_first_mark+0x350/0x350 [ 246.359952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.364512] ? __fsnotify_parent+0xcc/0x420 [ 246.370039] ? fput+0x130/0x1a0 [ 246.374339] ? perf_trace_sched_process_exec+0x860/0x860 [ 246.377598] ? __x64_sys_flock+0x2bd/0x350 [ 246.383033] ? fsnotify+0xf20/0xf20 [ 246.387248] do_syscall_64+0x6be/0x820 [ 246.390854] ? __might_sleep+0x95/0x190 [ 246.394770] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 246.394788] ? syscall_return_slowpath+0x5e0/0x5e0 [ 246.398742] __fput+0x2f0/0xa70 [ 246.404089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.409002] ? get_max_files+0x20/0x20 [ 246.412269] ? trace_hardirqs_on_caller+0x310/0x310 [ 246.417089] ? trace_hardirqs_on+0xbd/0x310 [ 246.420960] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 246.425957] ? kasan_check_read+0x11/0x20 [ 246.430256] ? prepare_exit_to_usermode+0x291/0x3b0 [ 246.435249] ? task_work_run+0x1af/0x2a0 [ 246.439380] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.444374] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.448415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.453238] ? filp_close+0x1cd/0x250 [ 246.458333] RIP: 0033:0x457569 [ 246.463622] ____fput+0x15/0x20 [ 246.467419] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.470596] task_work_run+0x1e8/0x2a0 [ 246.473849] RSP: 002b:00007f75dd781c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 246.492740] ? task_work_cancel+0x240/0x240 [ 246.496605] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000457569 [ 246.504348] ? copy_fd_bitmaps+0x210/0x210 [ 246.508593] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000003 [ 246.515849] ? do_syscall_64+0x9a/0x820 [ 246.520053] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.520065] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75dd7826d4 [ 246.527583] exit_to_usermode_loop+0x318/0x380 [ 246.531531] R13: 00000000004bdd9e R14: 00000000004ccdb8 R15: 00000000ffffffff [ 246.538801] ? __bpf_trace_sys_exit+0x30/0x30 [ 246.546053] [ 246.550624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.557883] Allocated by task 7285: [ 246.562367] do_syscall_64+0x6be/0x820 [ 246.563993] save_stack+0x43/0xd0 [ 246.569530] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 246.573151] kasan_kmalloc+0xc7/0xe0 [ 246.577028] ? syscall_return_slowpath+0x5e0/0x5e0 [ 246.580459] kasan_slab_alloc+0x12/0x20 [ 246.585805] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.589496] kmem_cache_alloc+0x12e/0x730 [ 246.594419] ? trace_hardirqs_on_caller+0x310/0x310 [ 246.598384] locks_alloc_lock+0x9e/0x300 [ 246.603207] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 246.607335] flock_make_lock+0x22c/0x2a0 [ 246.612330] ? prepare_exit_to_usermode+0x291/0x3b0 [ 246.616379] __x64_sys_flock+0x12b/0x350 [ 246.621378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.625423] do_syscall_64+0x1b9/0x820 [ 246.630419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.634470] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.639288] RIP: 0033:0x411021 [ 246.643147] [ 246.648323] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 246.653484] Freed by task 7285: [ 246.656660] RSP: 002b:00007ffc87b7e8a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 246.658278] save_stack+0x43/0xd0 [ 246.677155] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411021 [ 246.680416] __kasan_slab_free+0x102/0x150 [ 246.688098] RDX: 0000000000000000 RSI: 00000000007301c8 RDI: 0000000000000004 [ 246.691546] kasan_slab_free+0xe/0x10 [ 246.698794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 246.703030] kmem_cache_free+0x83/0x290 [ 246.710284] R10: 00007ffc87b7e7c0 R11: 0000000000000293 R12: 0000000000000000 [ 246.714065] locks_free_lock+0x295/0x420 [ 246.721313] R13: 0000000000000001 R14: 0000000000000005 R15: 0000000000000003 [ 246.725269] __x64_sys_flock+0x289/0x350 [ 246.732517] Modules linked in: [ 246.736566] do_syscall_64+0x1b9/0x820 [ 246.746895] ---[ end trace e63a15928f12d175 ]--- [ 246.747873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.747877] [ 246.747887] The buggy address belongs to the object at ffff8801d8730d10 [ 246.747887] which belongs to the cache file_lock_cache of size 264 [ 246.747901] The buggy address is located 64 bytes inside of [ 246.747901] 264-byte region [ffff8801d8730d10, ffff8801d8730e18) [ 246.751350] RIP: 0010:locks_remove_flock+0x216/0x350 04:04:50 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise}) 04:04:50 executing program 5: r0 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0 ppp0(proc#vboxnet'], 0x1c) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0', [], 0xa, "bcd254f02e0eadcd428200e7c1783289f501d43eb9e0ef676ffa6c184e4e6e2a0dab3a24e8fc5a04ad"}, 0x34) [ 246.755002] The buggy address belongs to the page: [ 246.755016] page:ffffea000761cc00 count:1 mapcount:0 mapping:ffff8801d9bf1900 index:0x0 [ 246.759813] Code: 00 0f 85 3a 01 00 00 48 8b 5b 98 48 85 db 74 3a e8 1f 41 92 ff 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 17 01 00 00 48 8b 5b 08 48 85 db 74 0d e8 f2 40 [ 246.764938] flags: 0x2fffc0000000200(slab) [ 246.764956] raw: 02fffc0000000200 ffff8801d9bf5a48 ffffea0006dc5d88 ffff8801d9bf1900 [ 246.764976] raw: 0000000000000000 ffff8801d8730040 000000010000000c 0000000000000000 [ 246.768909] RSP: 0018:ffff88018c797880 EFLAGS: 00010202 [ 246.779584] page dumped because: kasan: bad access detected [ 246.779588] [ 246.779592] Memory state around the buggy address: [ 246.779605] ffff8801d8730c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 246.779616] ffff8801d8730c80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 246.779635] >ffff8801d8730d00: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 246.791728] RAX: dffffc0000000000 RBX: 0000000041b58ab3 RCX: ffffffff81ed555d [ 246.796508] ^ [ 246.796520] ffff8801d8730d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 246.796535] ffff8801d8730e00: fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb [ 246.801708] RDX: 000000000836b157 RSI: ffffffff81ed5c71 RDI: 0000000041b58abb [ 246.809561] ================================================================== [ 246.823890] Kernel panic - not syncing: panic_on_warn set ... [ 246.878395] RBP: ffff88018c797a60 R08: ffff880187460180 R09: ffffed003b5e5b67 [ 246.882171] Kernel Offset: disabled [ 246.949622] Rebooting in 86400 seconds..