[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   31.695653] audit: type=1400 audit(1593446762.405:8): avc:  denied  { execmem } for  pid=6123 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   31.720925] IPVS: ftp: loaded support on port[0] = 21
[   32.197306] can: request_module (can-proto-0) failed.
[   33.151635] can: request_module (can-proto-0) failed.
[   33.177343] audit: type=1400 audit(1593446763.895:9): avc:  denied  { create } for  pid=6102 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts.
2020/06/29 16:06:11 parsed 1 programs
2020/06/29 16:06:12 executed programs: 0
[   41.762785] audit: type=1400 audit(1593446772.479:10): avc:  denied  { execmem } for  pid=6244 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   41.833034] IPVS: ftp: loaded support on port[0] = 21
[   41.833184] IPVS: ftp: loaded support on port[0] = 21
[   41.849506] IPVS: ftp: loaded support on port[0] = 21
[   41.885519] IPVS: ftp: loaded support on port[0] = 21
[   41.893731] IPVS: ftp: loaded support on port[0] = 21
[   41.902059] IPVS: ftp: loaded support on port[0] = 21
[   42.039894] chnl_net:caif_netlink_parms(): no params data found
[   42.105163] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.111882] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.119368] device bridge_slave_0 entered promiscuous mode
[   42.129510] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.135948] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.143901] device bridge_slave_1 entered promiscuous mode
[   42.159825] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   42.210102] chnl_net:caif_netlink_parms(): no params data found
[   42.240740] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   42.310787] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.317664] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.328800] device bridge_slave_0 entered promiscuous mode
[   42.337547] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.346100] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.353727] device bridge_slave_1 entered promiscuous mode
[   42.406868] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   42.416911] team0: Port device team_slave_0 added
[   42.422797] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   42.430060] team0: Port device team_slave_1 added
[   42.467796] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   42.478389] chnl_net:caif_netlink_parms(): no params data found
[   42.489190] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   42.498201] chnl_net:caif_netlink_parms(): no params data found
[   42.513910] chnl_net:caif_netlink_parms(): no params data found
[   42.523708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   42.537475] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   42.547468] chnl_net:caif_netlink_parms(): no params data found
[   42.623740] device hsr_slave_0 entered promiscuous mode
[   42.661137] device hsr_slave_1 entered promiscuous mode
[   42.755242] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   42.764167] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   42.773176] team0: Port device team_slave_0 added
[   42.799523] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.806146] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.814196] device bridge_slave_0 entered promiscuous mode
[   42.822618] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   42.829619] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   42.836952] team0: Port device team_slave_1 added
[   42.843503] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   42.852064] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.859315] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.867125] device bridge_slave_0 entered promiscuous mode
[   42.877168] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.884067] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.891188] device bridge_slave_1 entered promiscuous mode
[   42.901518] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.907893] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.915265] device bridge_slave_1 entered promiscuous mode
[   42.926731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   42.934193] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.940521] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.950899] device bridge_slave_0 entered promiscuous mode
[   42.957347] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.964723] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.972104] device bridge_slave_0 entered promiscuous mode
[   42.994560] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.001770] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.008725] device bridge_slave_1 entered promiscuous mode
[   43.019599] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.027590] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.035188] device bridge_slave_1 entered promiscuous mode
[   43.051498] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.060080] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.074827] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.081354] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.103560] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.152629] device hsr_slave_0 entered promiscuous mode
[   43.200980] device hsr_slave_1 entered promiscuous mode
[   43.261708] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   43.269184] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.278105] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.294142] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.310385] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.319238] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   43.337555] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.346548] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.358934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.366817] team0: Port device team_slave_0 added
[   43.372383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.379573] team0: Port device team_slave_0 added
[   43.401611] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.408909] team0: Port device team_slave_0 added
[   43.417172] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.425296] team0: Port device team_slave_1 added
[   43.436638] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.443989] team0: Port device team_slave_0 added
[   43.449453] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.458607] team0: Port device team_slave_1 added
[   43.465485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.475388] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.483441] team0: Port device team_slave_1 added
[   43.489250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.496772] team0: Port device team_slave_1 added
[   43.502897] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.510037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.517763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.526171] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.538507] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.546458] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.578234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.642526] device hsr_slave_0 entered promiscuous mode
[   43.661126] device hsr_slave_1 entered promiscuous mode
[   43.742355] device hsr_slave_0 entered promiscuous mode
[   43.780917] device hsr_slave_1 entered promiscuous mode
[   43.824361] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   43.832720] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   43.839806] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   43.883188] device hsr_slave_0 entered promiscuous mode
[   43.940800] device hsr_slave_1 entered promiscuous mode
[   43.981159] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   43.988478] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   43.995590] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   44.002692] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   44.062335] device hsr_slave_0 entered promiscuous mode
[   44.101012] device hsr_slave_1 entered promiscuous mode
[   44.141024] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   44.164827] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   44.181276] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   44.189691] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   44.201263] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   44.211079] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.219409] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.229534] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.244046] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.250228] 8021q: adding VLAN 0 to HW filter on device team0
[   44.265213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.272885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.295164] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   44.304758] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   44.312827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.321566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.329095] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.335598] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.344610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.353087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.361743] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.368075] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.377503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   44.412844] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.428621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.439127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   44.450150] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.459922] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.469303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   44.477934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   44.486381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.493910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.504718] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.514586] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.528705] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.536232] 8021q: adding VLAN 0 to HW filter on device team0
[   44.546410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   44.555217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.563535] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   44.573724] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.589798] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.596317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   44.606187] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.616191] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.629644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   44.639729] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.649369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   44.658449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   44.666574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.677183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.685226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.693007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.700708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.708782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.717041] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.725547] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.734089] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.748169] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   44.755324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   44.767372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   44.779120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.787016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.797488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   44.806193] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.813536] 8021q: adding VLAN 0 to HW filter on device team0
[   44.825768] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.833870] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   44.844426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.853981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.861220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.869150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.879102] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.885607] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.894627] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   44.901616] 8021q: adding VLAN 0 to HW filter on device team0
[   44.908705] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   44.917842] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.929938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   44.939774] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   44.949878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.959644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.967842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.975747] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.982423] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.989104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   44.998038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.008684] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.018264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   45.026697] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   45.035570] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   45.043176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.052477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.060522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.068029] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.074607] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.082436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.091233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.098769] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.105337] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.112349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   45.120006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.127774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.134737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   45.143066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.152314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.161088] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.172410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   45.180911] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   45.187028] 8021q: adding VLAN 0 to HW filter on device team0
[   45.195795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.208101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   45.217032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.229213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.244720] ==================================================================
[   45.252975] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x114/0x120
[   45.259455] Read of size 8 at addr ffff88809bf095e0 by task syz-executor.4/7141
[   45.266998] 
[   45.268608] CPU: 1 PID: 7141 Comm: syz-executor.4 Not tainted 4.19.130-syzkaller #0
[   45.279317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.288656] Call Trace:
[   45.291385]  dump_stack+0x123/0x177
[   45.295084]  print_address_description.cold.8+0x9/0x1ff
[   45.305035]  kasan_report.cold.9+0x242/0x309
[   45.309425]  ? v4l2_ctrl_grab+0x114/0x120
[   45.313554]  __asan_report_load8_noabort+0x14/0x20
[   45.318984]  v4l2_ctrl_grab+0x114/0x120
[   45.323147]  vicodec_stop_streaming+0xfc/0x130
[   45.327798]  __vb2_queue_cancel+0x99/0x6f0
[   45.332007]  ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0
[   45.336571]  ? kasan_check_read+0x11/0x20
[   45.341143]  vb2_core_queue_release+0x1e/0x70
[   45.345635]  vb2_queue_release+0x9/0x10
[   45.349674]  v4l2_m2m_ctx_release+0x22/0x30
[   45.354623]  vicodec_release+0xb5/0x120
[   45.358580]  v4l2_release+0xee/0x1a0
[   45.362298]  __fput+0x24c/0x7f0
[   45.365758]  ____fput+0x9/0x10
[   45.368929]  task_work_run+0x10e/0x190
[   45.372793]  exit_to_usermode_loop+0x1a9/0x200
[   45.377355]  do_syscall_64+0x419/0x4e0
[   45.381225]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.386537] RIP: 0033:0x4120b1
[   45.389973] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   45.409465] RSP: 002b:00007fff4e609830 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   45.417152] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1
[   45.425558] RDX: 0000001b32020000 RSI: 0000000000740490 RDI: 0000000000000003
[   45.432853] RBP: 000000000073c900 R08: 000000000000b0ab R09: 000000000000b0ab
[   45.440134] R10: 00007fff4e609900 R11: 0000000000000293 R12: ffffffffffffffff
[   45.447517] R13: 000000000000b0b7 R14: 00000000000003e8 R15: 000000000073bf0c
[   45.455098] 
[   45.456724] Allocated by task 7143:
[   45.460717]  save_stack+0x43/0xd0
[   45.464507]  kasan_kmalloc+0xc7/0xe0
[   45.468206]  __kmalloc_node+0x50/0x70
[   45.472001]  kvmalloc_node+0x68/0x70
[   45.476361]  v4l2_ctrl_new.part.9+0x22a/0x11c0
[   45.481007]  v4l2_ctrl_new_std+0x1c9/0x2d0
[   45.485222]  vicodec_open+0x18d/0xa90
[   45.489124]  v4l2_open+0x17d/0x2d0
[   45.492826]  chrdev_open+0x1f0/0x5c0
[   45.496656]  do_dentry_open+0x3f4/0x1010
[   45.500962]  vfs_open+0x9a/0xc0
[   45.504236]  path_openat+0x6fa/0x3c60
[   45.508199]  do_filp_open+0x177/0x250
[   45.512166]  do_sys_open+0x1dd/0x350
[   45.516133]  __x64_sys_openat+0x98/0xf0
[   45.520285]  do_syscall_64+0xd6/0x4e0
[   45.524070]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.531088] 
[   45.532698] Freed by task 7141:
[   45.535985]  save_stack+0x43/0xd0
[   45.539422]  __kasan_slab_free+0x102/0x150
[   45.543647]  kasan_slab_free+0xe/0x10
[   45.547601]  kfree+0xcf/0x230
[   45.550867]  kvfree+0x2c/0x30
[   45.554184]  v4l2_ctrl_handler_free+0x421/0x7e0
[   45.559908]  vicodec_release+0x61/0x120
[   45.564137]  v4l2_release+0xee/0x1a0
[   45.568051]  __fput+0x24c/0x7f0
[   45.573593]  ____fput+0x9/0x10
[   45.576887]  task_work_run+0x10e/0x190
[   45.580911]  exit_to_usermode_loop+0x1a9/0x200
[   45.585484]  do_syscall_64+0x419/0x4e0
[   45.589374]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.596722] 
[   45.598329] The buggy address belongs to the object at ffff88809bf095c0
[   45.598329]  which belongs to the cache kmalloc-256 of size 256
[   45.610970] The buggy address is located 32 bytes inside of
[   45.610970]  256-byte region [ffff88809bf095c0, ffff88809bf096c0)
[   45.624119] The buggy address belongs to the page:
[   45.629200] page:ffffea00026fc240 count:1 mapcount:0 mapping:ffff88812c31e7c0 index:0x0
[   45.637797] flags: 0x1fffc0000000100(slab)
[   45.642012] raw: 01fffc0000000100 ffffea0002180208 ffff88812c31c648 ffff88812c31e7c0
[   45.649869] raw: 0000000000000000 ffff88809bf090c0 000000010000000c 0000000000000000
[   45.657743] page dumped because: kasan: bad access detected
[   45.663432] 
[   45.665045] Memory state around the buggy address:
[   45.669971]  ffff88809bf09480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.677324]  ffff88809bf09500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.684825] >ffff88809bf09580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   45.692168]                                                        ^
[   45.698647]  ffff88809bf09600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.705984]  ffff88809bf09680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   45.713324] ==================================================================
[   45.720771] Disabling lock debugging due to kernel taint
[   45.731210] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.737575] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.745736] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   45.752292] Kernel panic - not syncing: panic_on_warn set ...
[   45.752292] 
[   45.756392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   45.759660] CPU: 1 PID: 7141 Comm: syz-executor.4 Tainted: G    B             4.19.130-syzkaller #0
[   45.759663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.759665] Call Trace:
[   45.759675]  dump_stack+0x123/0x177
[   45.759683]  panic+0x1cd/0x387
[   45.773141] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.775962]  ? __warn_printk+0xd6/0xd6
[   45.797755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.801788]  ? ___preempt_schedule+0x16/0x18
[   45.801796]  kasan_end_report+0x47/0x4f
[   45.801800]  kasan_report.cold.9+0x76/0x309
[   45.801805]  ? v4l2_ctrl_grab+0x114/0x120
[   45.801811]  __asan_report_load8_noabort+0x14/0x20
[   45.809651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   45.812638]  v4l2_ctrl_grab+0x114/0x120
[   45.812645]  vicodec_stop_streaming+0xfc/0x130
[   45.812650]  __vb2_queue_cancel+0x99/0x6f0
[   45.812656]  ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0
[   45.812662]  ? kasan_check_read+0x11/0x20
[   45.820116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   45.821010]  vb2_core_queue_release+0x1e/0x70
[   45.821016]  vb2_queue_release+0x9/0x10
[   45.826787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   45.829451]  v4l2_m2m_ctx_release+0x22/0x30
[   45.829457]  vicodec_release+0xb5/0x120
[   45.837539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   45.841122]  v4l2_release+0xee/0x1a0
[   45.841127]  __fput+0x24c/0x7f0
[   45.841133]  ____fput+0x9/0x10
[   45.841138]  task_work_run+0x10e/0x190
[   45.841146]  exit_to_usermode_loop+0x1a9/0x200
[   45.841153]  do_syscall_64+0x419/0x4e0
[   45.848479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   45.849680]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.849686] RIP: 0033:0x4120b1
[   45.856838] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   45.858486] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   45.858489] RSP: 002b:00007fff4e609830 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   45.858494] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1
[   45.858498] RDX: 0000001b32020000 RSI: 0000000000740490 RDI: 0000000000000003
[   45.864828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   45.869368] RBP: 000000000073c900 R08: 000000000000b0ab R09: 000000000000b0ab
[   45.869371] R10: 00007fff4e609900 R11: 0000000000000293 R12: ffffffffffffffff
[   45.869373] R13: 000000000000b0b7 R14: 00000000000003e8 R15: 000000000073bf0c
[   45.875454] Kernel Offset: disabled
[   46.021861] Rebooting in 86400 seconds..