[ 29.423617] sshd (5691) used greatest stack depth: 15200 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 29.859022] kauditd_printk_skb: 9 callbacks suppressed [ 29.859038] audit: type=1800 audit(1541756491.324:33): pid=5623 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.887073] audit: type=1800 audit(1541756491.324:34): pid=5623 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.568287] audit: type=1400 audit(1541756501.034:35): avc: denied { map } for pid=5800 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. [ 46.218426] audit: type=1400 audit(1541756507.684:36): avc: denied { map } for pid=5813 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/09 09:41:48 parsed 1 programs [ 46.761457] audit: type=1400 audit(1541756508.234:37): avc: denied { map } for pid=5813 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14286 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/11/09 09:41:49 executed programs: 0 [ 48.380108] IPVS: ftp: loaded support on port[0] = 21 [ 48.632956] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.640474] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.647784] device bridge_slave_0 entered promiscuous mode [ 48.668253] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.674974] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.682180] device bridge_slave_1 entered promiscuous mode [ 48.700951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.719344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.770263] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.791087] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.869584] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.877153] team0: Port device team_slave_0 added [ 48.894580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.901725] team0: Port device team_slave_1 added [ 48.920374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.941977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.961443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.982598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.133717] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.140210] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.147139] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.153555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.694299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.748686] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.802390] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.808532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.816348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.866971] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.158275] audit: type=1400 audit(1541756511.624:38): avc: denied { associate } for pid=5826 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/11/09 09:41:54 executed programs: 60 2018/11/09 09:41:59 executed programs: 238 [ 59.919728] vivid-000: kernel_thread() failed [ 60.739364] ================================================================== [ 60.746961] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 60.753271] Write of size 4 at addr 000000000000001c by task syz-executor0/7419 [ 60.760700] [ 60.762322] CPU: 0 PID: 7419 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #106 [ 60.769579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.778933] Call Trace: [ 60.781511] dump_stack+0x244/0x39d [ 60.785128] ? dump_stack_print_info.cold.1+0x20/0x20 [ 60.790309] ? vprintk_func+0x85/0x181 [ 60.794186] kasan_report.cold.8+0x6d/0x309 [ 60.798491] ? kthread_stop+0x10d/0x900 [ 60.802455] check_memory_region+0x13e/0x1b0 [ 60.806846] kasan_check_write+0x14/0x20 [ 60.810992] kthread_stop+0x10d/0x900 [ 60.814778] ? kthread_unpark+0x160/0x160 [ 60.818915] ? __lock_is_held+0xb5/0x140 [ 60.822974] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 60.828243] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 60.833769] ? _vb2_fop_release+0x3f/0x2b0 [ 60.837995] ? mutex_trylock+0x2b0/0x2b0 [ 60.842044] ? vivid_fop_release+0x66/0x440 [ 60.846350] ? __mutex_lock+0x85e/0x16f0 [ 60.850403] vid_cap_stop_streaming+0x8d/0xe0 [ 60.854884] ? vid_cap_buf_queue+0x310/0x310 [ 60.859281] __vb2_queue_cancel+0x171/0xd20 [ 60.863592] ? lock_downgrade+0x900/0x900 [ 60.867740] ? vb2_buffer_done+0xb90/0xb90 [ 60.871963] ? find_held_lock+0x36/0x1c0 [ 60.876013] ? mark_held_locks+0xc7/0x130 [ 60.880159] ? kasan_check_write+0x14/0x20 [ 60.884392] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 60.889306] ? kasan_check_read+0x11/0x20 [ 60.893436] ? wait_for_completion+0x8a0/0x8a0 [ 60.898007] ? trace_hardirqs_off_caller+0x310/0x310 [ 60.903114] vb2_core_streamoff+0x60/0x140 [ 60.907336] __vb2_cleanup_fileio+0x73/0x160 [ 60.911729] vb2_core_queue_release+0x1e/0x80 [ 60.916206] _vb2_fop_release+0x1d2/0x2b0 [ 60.920343] vb2_fop_release+0x77/0xc0 [ 60.924242] vivid_fop_release+0x18e/0x440 [ 60.928459] ? vivid_remove+0x460/0x460 [ 60.932419] v4l2_release+0x224/0x3a0 [ 60.936210] ? dev_debug_store+0x140/0x140 [ 60.940448] __fput+0x385/0xa30 [ 60.943716] ? get_max_files+0x20/0x20 [ 60.947590] ? trace_hardirqs_on+0xbd/0x310 [ 60.951894] ? kasan_check_read+0x11/0x20 [ 60.956038] ? task_work_run+0x1af/0x2a0 [ 60.960086] ? trace_hardirqs_off_caller+0x310/0x310 [ 60.965171] ? rcu_softirq_qs+0x20/0x20 [ 60.969137] ? unwind_dump+0x190/0x190 [ 60.973030] ____fput+0x15/0x20 [ 60.976295] task_work_run+0x1e8/0x2a0 [ 60.980184] ? task_work_cancel+0x240/0x240 [ 60.984500] ? __fget+0x4aa/0x740 [ 60.987948] get_signal+0x1558/0x1980 [ 60.991749] ? find_held_lock+0x36/0x1c0 [ 60.995879] ? ptrace_notify+0x130/0x130 [ 60.999943] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 61.005734] ? pvclock_read_flags+0x160/0x160 [ 61.010211] ? poll_select_set_timeout+0x19a/0x240 [ 61.015124] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.020220] do_signal+0x9c/0x21c0 [ 61.023743] ? timespec64_add_safe+0x204/0x2f0 [ 61.028308] ? nsec_to_clock_t+0x30/0x30 [ 61.032368] ? setup_sigcontext+0x7d0/0x7d0 [ 61.036680] ? exit_to_usermode_loop+0x8c/0x380 [ 61.041349] ? exit_to_usermode_loop+0x8c/0x380 [ 61.046003] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 61.050577] ? trace_hardirqs_on+0xbd/0x310 [ 61.054882] ? do_syscall_64+0x6be/0x820 [ 61.058927] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.064102] ? do_restart_poll+0x2e0/0x2e0 [ 61.068323] ? nsecs_to_jiffies+0x30/0x30 [ 61.072455] ? do_syscall_64+0x9a/0x820 [ 61.076415] ? do_syscall_64+0x9a/0x820 [ 61.080373] exit_to_usermode_loop+0x2e5/0x380 [ 61.084941] ? __bpf_trace_sys_exit+0x30/0x30 [ 61.089423] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.094948] do_syscall_64+0x6be/0x820 [ 61.098823] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.104173] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.109090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.113919] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.118917] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.123916] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.128921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.133752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.138926] RIP: 0033:0x457569 [ 61.142106] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.161029] RSP: 002b:00007f47bb428c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 61.168724] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 61.175983] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0 [ 61.183251] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 61.190515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47bb4296d4 [ 61.197779] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 61.205053] ================================================================== [ 61.212401] Disabling lock debugging due to kernel taint [ 61.218114] Kernel panic - not syncing: panic_on_warn set ... [ 61.224013] CPU: 0 PID: 7419 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #106 [ 61.232654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.241986] Call Trace: [ 61.244563] dump_stack+0x244/0x39d [ 61.248173] ? dump_stack_print_info.cold.1+0x20/0x20 [ 61.253352] panic+0x2ad/0x55c [ 61.256533] ? add_taint.cold.5+0x16/0x16 [ 61.260672] ? preempt_schedule+0x4d/0x60 [ 61.264807] ? ___preempt_schedule+0x16/0x18 [ 61.269216] ? trace_hardirqs_on+0xb4/0x310 [ 61.273524] kasan_end_report+0x47/0x4f [ 61.277479] kasan_report.cold.8+0x76/0x309 [ 61.281781] ? kthread_stop+0x10d/0x900 [ 61.285737] check_memory_region+0x13e/0x1b0 [ 61.290124] kasan_check_write+0x14/0x20 [ 61.294172] kthread_stop+0x10d/0x900 [ 61.297959] ? kthread_unpark+0x160/0x160 [ 61.302091] ? __lock_is_held+0xb5/0x140 [ 61.306145] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 61.311407] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 61.316930] ? _vb2_fop_release+0x3f/0x2b0 [ 61.321150] ? mutex_trylock+0x2b0/0x2b0 [ 61.325195] ? vivid_fop_release+0x66/0x440 [ 61.329599] ? __mutex_lock+0x85e/0x16f0 [ 61.333646] vid_cap_stop_streaming+0x8d/0xe0 [ 61.338126] ? vid_cap_buf_queue+0x310/0x310 [ 61.342516] __vb2_queue_cancel+0x171/0xd20 [ 61.346826] ? lock_downgrade+0x900/0x900 [ 61.350958] ? vb2_buffer_done+0xb90/0xb90 [ 61.355171] ? find_held_lock+0x36/0x1c0 [ 61.359215] ? mark_held_locks+0xc7/0x130 [ 61.363362] ? kasan_check_write+0x14/0x20 [ 61.367667] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 61.372590] ? kasan_check_read+0x11/0x20 [ 61.376722] ? wait_for_completion+0x8a0/0x8a0 [ 61.381288] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.386375] vb2_core_streamoff+0x60/0x140 [ 61.390593] __vb2_cleanup_fileio+0x73/0x160 [ 61.394980] vb2_core_queue_release+0x1e/0x80 [ 61.399463] _vb2_fop_release+0x1d2/0x2b0 [ 61.403596] vb2_fop_release+0x77/0xc0 [ 61.407466] vivid_fop_release+0x18e/0x440 [ 61.411686] ? vivid_remove+0x460/0x460 [ 61.415657] v4l2_release+0x224/0x3a0 [ 61.419441] ? dev_debug_store+0x140/0x140 [ 61.423692] __fput+0x385/0xa30 [ 61.426960] ? get_max_files+0x20/0x20 [ 61.430829] ? trace_hardirqs_on+0xbd/0x310 [ 61.435132] ? kasan_check_read+0x11/0x20 [ 61.439261] ? task_work_run+0x1af/0x2a0 [ 61.443307] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.448392] ? rcu_softirq_qs+0x20/0x20 [ 61.452349] ? unwind_dump+0x190/0x190 [ 61.456237] ____fput+0x15/0x20 [ 61.459501] task_work_run+0x1e8/0x2a0 [ 61.463374] ? task_work_cancel+0x240/0x240 [ 61.467677] ? __fget+0x4aa/0x740 [ 61.471116] get_signal+0x1558/0x1980 [ 61.474906] ? find_held_lock+0x36/0x1c0 [ 61.478955] ? ptrace_notify+0x130/0x130 [ 61.483005] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 61.488784] ? pvclock_read_flags+0x160/0x160 [ 61.493261] ? poll_select_set_timeout+0x19a/0x240 [ 61.498172] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.503277] do_signal+0x9c/0x21c0 [ 61.506804] ? timespec64_add_safe+0x204/0x2f0 [ 61.511376] ? nsec_to_clock_t+0x30/0x30 [ 61.515417] ? setup_sigcontext+0x7d0/0x7d0 [ 61.519721] ? exit_to_usermode_loop+0x8c/0x380 [ 61.524370] ? exit_to_usermode_loop+0x8c/0x380 [ 61.529023] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 61.533606] ? trace_hardirqs_on+0xbd/0x310 [ 61.537912] ? do_syscall_64+0x6be/0x820 [ 61.542062] ? trace_hardirqs_off_caller+0x310/0x310 [ 61.547147] ? do_restart_poll+0x2e0/0x2e0 [ 61.551365] ? nsecs_to_jiffies+0x30/0x30 [ 61.555500] ? do_syscall_64+0x9a/0x820 [ 61.559564] ? do_syscall_64+0x9a/0x820 [ 61.563534] exit_to_usermode_loop+0x2e5/0x380 [ 61.568111] ? __bpf_trace_sys_exit+0x30/0x30 [ 61.572598] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.578121] do_syscall_64+0x6be/0x820 [ 61.582001] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.587347] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.592272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.597104] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.602103] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.607112] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.612110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.616937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.622104] RIP: 0033:0x457569 [ 61.625279] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.644159] RSP: 002b:00007f47bb428c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 61.651847] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 61.659098] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0 [ 61.666349] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 61.673620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47bb4296d4 [ 61.680878] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 61.689314] Kernel Offset: disabled [ 61.692933] Rebooting in 86400 seconds..