[info] Using makefile-style concurrent boot in runlevel 2.
[   23.828450] audit: type=1800 audit(1541649667.689:21): pid=5498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   23.860097] audit: type=1800 audit(1541649667.699:22): pid=5498 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.301024] sshd (5640) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts.
2018/11/08 04:01:31 fuzzer started
2018/11/08 04:01:33 dialing manager at 10.128.0.26:34255
2018/11/08 04:01:33 syscalls: 1
2018/11/08 04:01:33 code coverage: enabled
2018/11/08 04:01:33 comparison tracing: enabled
2018/11/08 04:01:33 setuid sandbox: enabled
2018/11/08 04:01:33 namespace sandbox: enabled
2018/11/08 04:01:33 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/08 04:01:33 fault injection: enabled
2018/11/08 04:01:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/08 04:01:33 net packed injection: enabled
2018/11/08 04:01:33 net device setup: enabled
04:04:33 executing program 0:

[  229.503212] IPVS: ftp: loaded support on port[0] = 21
04:04:33 executing program 1:

[  229.769356] IPVS: ftp: loaded support on port[0] = 21
04:04:33 executing program 2:

[  230.029474] IPVS: ftp: loaded support on port[0] = 21
04:04:34 executing program 3:

[  230.468215] IPVS: ftp: loaded support on port[0] = 21
04:04:34 executing program 4:

[  230.850815] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.857898] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.866112] device bridge_slave_0 entered promiscuous mode
[  230.974506] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.990558] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.001139] device bridge_slave_1 entered promiscuous mode
[  231.157175] IPVS: ftp: loaded support on port[0] = 21
[  231.172647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
04:04:35 executing program 5:

[  231.310770] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  231.531049] IPVS: ftp: loaded support on port[0] = 21
[  231.700606] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  231.758169] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.783894] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.809688] device bridge_slave_0 entered promiscuous mode
[  231.828340] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  231.931105] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.939066] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.951038] device bridge_slave_1 entered promiscuous mode
[  231.962918] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.979594] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.003662] device bridge_slave_0 entered promiscuous mode
[  232.072705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  232.141255] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.147762] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.161259] device bridge_slave_1 entered promiscuous mode
[  232.200784] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  232.330629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  232.430379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  232.454706] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.480114] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.487443] device bridge_slave_0 entered promiscuous mode
[  232.502265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  232.518850] team0: Port device team_slave_0 added
[  232.546338] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  232.630210] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  232.639169] team0: Port device team_slave_1 added
[  232.646741] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.655407] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.669294] device bridge_slave_1 entered promiscuous mode
[  232.688738] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  232.759930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  232.767174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  232.789006] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  232.815647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  232.825469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  232.842859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  232.859853] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  232.925473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  232.935937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  232.947843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  232.964159] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  232.988871] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  233.008493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  233.026512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  233.041216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  233.114960] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  233.146515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  233.171483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  233.397542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  233.411260] team0: Port device team_slave_0 added
[  233.446034] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  233.542112] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  233.557317] team0: Port device team_slave_1 added
[  233.567116] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  233.599998] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  233.607391] team0: Port device team_slave_0 added
[  233.642687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  233.650614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  233.659089] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  233.678230] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.684809] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.700972] device bridge_slave_0 entered promiscuous mode
[  233.708923] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.716938] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.725593] device bridge_slave_0 entered promiscuous mode
[  233.737081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  233.746556] team0: Port device team_slave_1 added
[  233.754095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  233.777460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  233.790811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  233.802402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  233.821043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  233.840636] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.847006] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.860750] device bridge_slave_1 entered promiscuous mode
[  233.872559] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  233.881587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  233.890336] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.896756] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.911387] device bridge_slave_1 entered promiscuous mode
[  233.918781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  233.950615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  233.958202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  233.972611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  233.980776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  234.000504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  234.021129] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  234.030884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  234.061932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  234.115928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  234.123839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  234.133776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  234.145912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  234.157817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  234.169818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  234.178788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  234.202500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  234.291344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  234.299223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  234.314749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  234.355630] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  234.370680] team0: Port device team_slave_0 added
[  234.530337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  234.546483] team0: Port device team_slave_1 added
[  234.578808] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  234.603721] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.610216] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.617359] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.623795] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.633216] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  234.647005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  234.655800] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  234.681039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  234.696294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  234.754997] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  234.770052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  234.790806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  234.798685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  234.824313] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  234.892982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  234.911321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  234.931640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  234.942075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  234.973354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  234.990554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.000642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.132687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  235.142363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.165374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  235.305352] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  235.321298] team0: Port device team_slave_0 added
[  235.417369] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  235.431094] team0: Port device team_slave_1 added
[  235.439057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  235.472548] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  235.496396] team0: Port device team_slave_0 added
[  235.513851] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.520290] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.526960] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.533395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.567654] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  235.577309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  235.604439] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  235.640842] team0: Port device team_slave_1 added
[  235.646046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  235.655739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  235.705606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  235.720301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  235.734371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  235.753703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  235.781168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  235.789037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  235.817326] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  235.832430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.851170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.881962] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.888359] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.895107] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.901521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.918075] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  235.935635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  235.956920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.970565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  235.992111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  236.010654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  236.042214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  236.146366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  236.177747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  236.193579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  236.283350] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  236.297927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  236.307718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  236.440443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  236.454760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  236.591756] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.598176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.604875] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.611267] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.655837] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  237.313236] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.319629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.326329] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.332748] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.370821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  237.480944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  237.492858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  237.515958] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.522408] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.529093] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.535522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.544712] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  238.521203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  239.510206] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.868012] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  240.301327] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  240.307536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  240.321074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  240.443524] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.480521] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.727073] 8021q: adding VLAN 0 to HW filter on device team0
[  240.888676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  240.947610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  241.319516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  241.331154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  241.345310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  241.376780] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  241.394534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  241.414003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  241.705315] 8021q: adding VLAN 0 to HW filter on device team0
[  241.718496] 8021q: adding VLAN 0 to HW filter on device bond0
[  241.874646] 8021q: adding VLAN 0 to HW filter on device team0
[  242.102385] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  242.168353] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.262708] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.568398] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  242.580080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  242.595281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  242.623768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  242.647500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  242.972620] 8021q: adding VLAN 0 to HW filter on device team0
[  243.014281] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  243.030774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  243.045320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  243.128580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  243.137502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  243.146558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  243.500935] 8021q: adding VLAN 0 to HW filter on device team0
[  243.510426] 8021q: adding VLAN 0 to HW filter on device team0
04:04:47 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:47 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:48 executing program 1:

04:04:48 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:48 executing program 1:

04:04:48 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:48 executing program 1:

04:04:48 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:48 executing program 2:

04:04:49 executing program 3:

04:04:49 executing program 4:

04:04:49 executing program 1:

04:04:49 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:49 executing program 2:

04:04:49 executing program 3:

04:04:49 executing program 5:

04:04:49 executing program 3:

04:04:49 executing program 1:

04:04:49 executing program 5:
r0 = inotify_init1(0x0)
close(r0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000000))

04:04:49 executing program 4:
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = inotify_init1(0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r1=>0x0})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
ptrace(0x4207, r1)
wait4(r1, 0x0, 0x60000000, 0x0)

04:04:49 executing program 2:
r0 = socket$inet6(0xa, 0x4000004, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000380)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000080)=0x54)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000a00)={<r3=>0x0, 0xb54}, &(0x7f0000000ec0)=0x8)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={<r4=>r3, 0x7ff, 0x3, 0x0, 0x2}, &(0x7f0000000640)=0x14)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000980)={r4, 0x88}, 0x8)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000009c0)={<r6=>r5})
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r6, 0x114, 0xa, &(0x7f0000000180)={0x1, "81"}, 0x2)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4)
accept4$nfc_llcp(r1, &(0x7f0000001280), &(0x7f0000001300)=0x60, 0x800)
setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8)
bind$inet(r5, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r5, &(0x7f0000a88f88), 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10)
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
readv(r7, &(0x7f0000000740)=[{&(0x7f0000000580)=""/8, 0x8}, {&(0x7f0000000d40)=""/189, 0xbd}, {&(0x7f0000000e00)=""/159, 0x9f}], 0x3)
sendto$inet(r5, &(0x7f0000000380)="771d5314acf68d1a25bc579d58d6247542c4ac05d35a2c6a32b764260774e40be0307934b0ddccab70d63fe6adaef284eea1497689aca6b76064d435615a44ab1ce5d37972c7cad596a18dec76b62945d3ca3c996aea4848df6ff66c3699dc4b2f68e30401dc1c21df444f42e979cbc8769ebba0b0c12c971b951fb58730dad562378755c7219ead359d1866775ca9b6a7b10f7eb68b655e7b9b37909f946d7e6e1a9e6ce7e8ba9b10104d9b1eae59b2894b9918f84b958966deaf7523b13b40713950924399715e7886b781f80248d70f9c5c432bbc799eb5e7a5b35176", 0xde, 0x4000, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000100), 0x4)

04:04:49 executing program 0:
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000651000)=""/240, &(0x7f0000ca5ffc)=0x4)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:49 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0)

04:04:49 executing program 1:

04:04:49 executing program 5:

04:04:49 executing program 3:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
flock(r1, 0x1)
flock(r0, 0x2)

04:04:49 executing program 1:
openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000280), &(0x7f0000000380)=0x4)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140))
request_key(&(0x7f0000000040)='big_key\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000100)='\x00', 0x0)
close(r0)
socket(0x0, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0)

04:04:49 executing program 4:
r0 = socket$key(0xf, 0x3, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100))
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

04:04:49 executing program 2:
capset(&(0x7f00000003c0), &(0x7f0000000400))
openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000280), &(0x7f0000000380)=0x4)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140))
close(r0)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000300))
socket(0x0, 0x0, 0x0)
keyctl$update(0x2, 0x0, &(0x7f0000000440), 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0)

04:04:49 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:49 executing program 5:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000700)=@broute={'broute\x00', 0x20, 0x3, 0x198, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'bcsh0\x00', 'ip6_vti0\x00', 'nr0\x00', 'veth1_to_bridge\x00', @dev, [], @broadcast, [], 0xb8, 0xb8, 0x108, [@limit={'limit\x00', 0x20, {{0x7fffffff}}}]}}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x210)
fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)

[  245.922200] kasan: CONFIG_KASAN_INLINE enabled
[  245.945754] ==================================================================
[  245.953368] BUG: KASAN: use-after-free in locks_remove_flock+0x33c/0x350
[  245.960224] Read of size 8 at addr ffff8801d8730d50 by task syz-executor3/7285
[  245.967583] 
[  245.969236] CPU: 1 PID: 7285 Comm: syz-executor3 Not tainted 4.20.0-rc1-next-20181107+ #107
[  245.973089] kernel msg: ebtables bug: please report to author: Total nentries is wrong
[  245.977727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.977737] Call Trace:
[  245.977821]  dump_stack+0x244/0x39d
[  245.977842]  ? dump_stack_print_info.cold.1+0x20/0x20
[  245.988076] kernel msg: ebtables bug: please report to author: Total nentries is wrong
[  245.995319]  ? printk+0xa7/0xcf
[  245.995337]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  246.018123] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  246.022854]  print_address_description.cold.7+0x9/0x1ff
[  246.022873]  kasan_report.cold.8+0x242/0x309
[  246.035597]  ? locks_remove_flock+0x33c/0x350
[  246.044584]  __asan_report_load8_noabort+0x14/0x20
[  246.049536]  locks_remove_flock+0x33c/0x350
[  246.053882]  ? flock_lock_inode+0x11c0/0x11c0
[  246.058475]  ? is_bpf_text_address+0xd3/0x170
[  246.061312] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  246.063483]  ? kernel_text_address+0x79/0xf0
[  246.069637] CPU: 0 PID: 7284 Comm: syz-executor3 Not tainted 4.20.0-rc1-next-20181107+ #107
[  246.074029]  ? __kernel_text_address+0xd/0x40
[  246.082511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.087021]  ? unwind_get_return_address+0x61/0xa0
[  246.096328] RIP: 0010:locks_remove_flock+0x216/0x350
[  246.101270]  ? save_stack+0xa9/0xd0
[  246.106338] Code: 00 0f 85 3a 01 00 00 48 8b 5b 98 48 85 db 74 3a e8 1f 41 92 ff 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 17 01 00 00 48 8b 5b 08 48 85 db 74 0d e8 f2 40
[  246.109945]  ? save_stack+0x43/0xd0
[  246.128835] RSP: 0018:ffff88018c797880 EFLAGS: 00010202
[  246.132455]  ? __kasan_slab_free+0x102/0x150
[  246.137809] RAX: dffffc0000000000 RBX: 0000000041b58ab3 RCX: ffffffff81ed555d
[  246.142227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  246.149447] RDX: 000000000836b157 RSI: ffffffff81ed5c71 RDI: 0000000041b58abb
[  246.154973]  locks_remove_file+0x148/0x5c0
[  246.162223] RBP: ffff88018c797a60 R08: ffff880187460180 R09: ffffed003b5e5b67
[  246.166441]  ? fcntl_setlk+0xfc0/0xfc0
[  246.173691] R10: ffffed003b5e5b67 R11: ffff8801daf2db3b R12: ffff8801d1fc6000
[  246.177617]  ? fsnotify_first_mark+0x350/0x350
[  246.184815] R13: ffff88018c7978f8 R14: 1ffff100318f2f13 R15: dffffc0000000000
[  246.189382]  ? __fsnotify_parent+0xcc/0x420
[  246.196647] FS:  0000000002141940(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  246.200977]  ? perf_trace_sched_process_exec+0x860/0x860
[  246.209157] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  246.214596]  ? fsnotify+0xf20/0xf20
[  246.220458] CR2: 00000000017b4ac0 CR3: 00000001b7b3a000 CR4: 00000000001406f0
[  246.224067]  ? __might_sleep+0x95/0x190
[  246.231319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  246.235336]  __fput+0x2f0/0xa70
[  246.242527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  246.245797]  ? get_max_files+0x20/0x20
[  246.253048] Call Trace:
[  246.256937]  ? trace_hardirqs_on+0xbd/0x310
[  246.259489]  ? flock_lock_inode+0x11c0/0x11c0
[  246.263790]  ? kasan_check_read+0x11/0x20
[  246.268315]  ? mark_held_locks+0x130/0x130
[  246.272405]  ? task_work_run+0x1af/0x2a0
[  246.276621]  ? wake_up_new_task+0x6f7/0xcf0
[  246.280662]  ? trace_hardirqs_off_caller+0x300/0x300
[  246.285005]  ? exit_robust_list+0x280/0x280
[  246.290056]  ? kmem_cache_free+0x24f/0x290
[  246.294359]  ? trace_hardirqs_on+0xbd/0x310
[  246.298577]  ____fput+0x15/0x20
[  246.302874]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  246.306137]  task_work_run+0x1e8/0x2a0
[  246.311653]  ? locks_remove_posix+0x486/0x850
[  246.315519]  ? task_work_cancel+0x240/0x240
[  246.319996]  ? vfs_lock_file+0xe0/0xe0
[  246.324296]  ? task_work_add+0x123/0x1e0
[  246.328164]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  246.332204]  ? cpumask_weight.constprop.5+0x3f/0x3f
[  246.337820]  locks_remove_file+0x148/0x5c0
[  246.342854]  exit_to_usermode_loop+0x318/0x380
[  246.347042]  ? fcntl_setlk+0xfc0/0xfc0
[  246.351605]  ? __bpf_trace_sys_exit+0x30/0x30
[  246.355474]  ? fsnotify_first_mark+0x350/0x350
[  246.359952]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  246.364512]  ? __fsnotify_parent+0xcc/0x420
[  246.370039]  ? fput+0x130/0x1a0
[  246.374339]  ? perf_trace_sched_process_exec+0x860/0x860
[  246.377598]  ? __x64_sys_flock+0x2bd/0x350
[  246.383033]  ? fsnotify+0xf20/0xf20
[  246.387248]  do_syscall_64+0x6be/0x820
[  246.390854]  ? __might_sleep+0x95/0x190
[  246.394770]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  246.394788]  ? syscall_return_slowpath+0x5e0/0x5e0
[  246.398742]  __fput+0x2f0/0xa70
[  246.404089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  246.409002]  ? get_max_files+0x20/0x20
[  246.412269]  ? trace_hardirqs_on_caller+0x310/0x310
[  246.417089]  ? trace_hardirqs_on+0xbd/0x310
[  246.420960]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  246.425957]  ? kasan_check_read+0x11/0x20
[  246.430256]  ? prepare_exit_to_usermode+0x291/0x3b0
[  246.435249]  ? task_work_run+0x1af/0x2a0
[  246.439380]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  246.444374]  ? trace_hardirqs_off_caller+0x300/0x300
[  246.448415]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.453238]  ? filp_close+0x1cd/0x250
[  246.458333] RIP: 0033:0x457569
[  246.463622]  ____fput+0x15/0x20
[  246.467419] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  246.470596]  task_work_run+0x1e8/0x2a0
[  246.473849] RSP: 002b:00007f75dd781c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  246.492740]  ? task_work_cancel+0x240/0x240
[  246.496605] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000457569
[  246.504348]  ? copy_fd_bitmaps+0x210/0x210
[  246.508593] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000003
[  246.515849]  ? do_syscall_64+0x9a/0x820
[  246.520053] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  246.520065] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75dd7826d4
[  246.527583]  exit_to_usermode_loop+0x318/0x380
[  246.531531] R13: 00000000004bdd9e R14: 00000000004ccdb8 R15: 00000000ffffffff
[  246.538801]  ? __bpf_trace_sys_exit+0x30/0x30
[  246.546053] 
[  246.550624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  246.557883] Allocated by task 7285:
[  246.562367]  do_syscall_64+0x6be/0x820
[  246.563993]  save_stack+0x43/0xd0
[  246.569530]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  246.573151]  kasan_kmalloc+0xc7/0xe0
[  246.577028]  ? syscall_return_slowpath+0x5e0/0x5e0
[  246.580459]  kasan_slab_alloc+0x12/0x20
[  246.585805]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  246.589496]  kmem_cache_alloc+0x12e/0x730
[  246.594419]  ? trace_hardirqs_on_caller+0x310/0x310
[  246.598384]  locks_alloc_lock+0x9e/0x300
[  246.603207]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  246.607335]  flock_make_lock+0x22c/0x2a0
[  246.612330]  ? prepare_exit_to_usermode+0x291/0x3b0
[  246.616379]  __x64_sys_flock+0x12b/0x350
[  246.621378]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  246.625423]  do_syscall_64+0x1b9/0x820
[  246.630419]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.634470]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.639288] RIP: 0033:0x411021
[  246.643147] 
[  246.648323] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  246.653484] Freed by task 7285:
[  246.656660] RSP: 002b:00007ffc87b7e8a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  246.658278]  save_stack+0x43/0xd0
[  246.677155] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411021
[  246.680416]  __kasan_slab_free+0x102/0x150
[  246.688098] RDX: 0000000000000000 RSI: 00000000007301c8 RDI: 0000000000000004
[  246.691546]  kasan_slab_free+0xe/0x10
[  246.698794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.703030]  kmem_cache_free+0x83/0x290
[  246.710284] R10: 00007ffc87b7e7c0 R11: 0000000000000293 R12: 0000000000000000
[  246.714065]  locks_free_lock+0x295/0x420
[  246.721313] R13: 0000000000000001 R14: 0000000000000005 R15: 0000000000000003
[  246.725269]  __x64_sys_flock+0x289/0x350
[  246.732517] Modules linked in:
[  246.736566]  do_syscall_64+0x1b9/0x820
[  246.746895] ---[ end trace e63a15928f12d175 ]---
[  246.747873]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.747877] 
[  246.747887] The buggy address belongs to the object at ffff8801d8730d10
[  246.747887]  which belongs to the cache file_lock_cache of size 264
[  246.747901] The buggy address is located 64 bytes inside of
[  246.747901]  264-byte region [ffff8801d8730d10, ffff8801d8730e18)
[  246.751350] RIP: 0010:locks_remove_flock+0x216/0x350
04:04:50 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xac, 0x0, 0x0, @stepwise})

04:04:50 executing program 5:
r0 = socket$inet_tcp(0x2, 0x3, 0x6)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
write$binfmt_script(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='#! ./file0 ppp0(proc#vboxnet'], 0x1c)
write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0', [], 0xa, "bcd254f02e0eadcd428200e7c1783289f501d43eb9e0ef676ffa6c184e4e6e2a0dab3a24e8fc5a04ad"}, 0x34)

[  246.755002] The buggy address belongs to the page:
[  246.755016] page:ffffea000761cc00 count:1 mapcount:0 mapping:ffff8801d9bf1900 index:0x0
[  246.759813] Code: 00 0f 85 3a 01 00 00 48 8b 5b 98 48 85 db 74 3a e8 1f 41 92 ff 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 17 01 00 00 48 8b 5b 08 48 85 db 74 0d e8 f2 40
[  246.764938] flags: 0x2fffc0000000200(slab)
[  246.764956] raw: 02fffc0000000200 ffff8801d9bf5a48 ffffea0006dc5d88 ffff8801d9bf1900
[  246.764976] raw: 0000000000000000 ffff8801d8730040 000000010000000c 0000000000000000
[  246.768909] RSP: 0018:ffff88018c797880 EFLAGS: 00010202
[  246.779584] page dumped because: kasan: bad access detected
[  246.779588] 
[  246.779592] Memory state around the buggy address:
[  246.779605]  ffff8801d8730c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  246.779616]  ffff8801d8730c80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[  246.779635] >ffff8801d8730d00: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  246.791728] RAX: dffffc0000000000 RBX: 0000000041b58ab3 RCX: ffffffff81ed555d
[  246.796508]                                                  ^
[  246.796520]  ffff8801d8730d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  246.796535]  ffff8801d8730e00: fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb
[  246.801708] RDX: 000000000836b157 RSI: ffffffff81ed5c71 RDI: 0000000041b58abb
[  246.809561] ==================================================================
[  246.823890] Kernel panic - not syncing: panic_on_warn set ...
[  246.878395] RBP: ffff88018c797a60 R08: ffff880187460180 R09: ffffed003b5e5b67
[  246.882171] Kernel Offset: disabled
[  246.949622] Rebooting in 86400 seconds..