[....] Starting file context maintaining daemon: restorecond[?2[   31.672028] kauditd_printk_skb: 9 callbacks suppressed
5l[?1c7[1G[[[   31.672041] audit: type=1800 audit(1541806301.916:33): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
32m ok [39;49m[   31.701152] audit: type=1800 audit(1541806301.926:34): pid=5667 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   49.177166] audit: type=1400 audit(1541806319.426:35): avc:  denied  { map } for  pid=5845 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   49.215798] sshd (5843) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts.
[   65.988105] audit: type=1400 audit(1541806336.236:36): avc:  denied  { map } for  pid=5857 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/11/09 23:32:16 parsed 1 programs
[   66.560059] audit: type=1400 audit(1541806336.806:37): avc:  denied  { map } for  pid=5857 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=61 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2018/11/09 23:32:18 executed programs: 0
[   68.137462] IPVS: ftp: loaded support on port[0] = 21
[   68.400199] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.407365] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.415129] device bridge_slave_0 entered promiscuous mode
[   68.434342] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.440722] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.447739] device bridge_slave_1 entered promiscuous mode
[   68.466942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   68.486543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   68.536769] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   68.559352] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   68.641844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   68.649614] team0: Port device team_slave_0 added
[   68.668080] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   68.675234] team0: Port device team_slave_1 added
[   68.694867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.717200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.737893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.758512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.912820] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.919371] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.926476] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.932819] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.495764] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.553317] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   69.607952] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   69.614075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.622991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.676164] 8021q: adding VLAN 0 to HW filter on device team0
[   69.981473] audit: type=1400 audit(1541806340.226:38): avc:  denied  { associate } for  pid=5872 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2018/11/09 23:32:23 executed programs: 15
2018/11/09 23:32:28 executed programs: 40
2018/11/09 23:32:33 executed programs: 63
2018/11/09 23:32:38 executed programs: 88
2018/11/09 23:32:43 executed programs: 111
2018/11/09 23:32:48 executed programs: 136
2018/11/09 23:32:53 executed programs: 159
2018/11/09 23:32:59 executed programs: 182
2018/11/09 23:33:04 executed programs: 205
2018/11/09 23:33:09 executed programs: 228
2018/11/09 23:33:14 executed programs: 251
2018/11/09 23:33:19 executed programs: 274
2018/11/09 23:33:24 executed programs: 297
2018/11/09 23:33:29 executed programs: 324
2018/11/09 23:33:34 executed programs: 347
2018/11/09 23:33:39 executed programs: 373
[  154.016877] vivid-000: kernel_thread() failed
[  154.061773] ==================================================================
[  154.069251] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900
[  154.075556] Write of size 4 at addr 000000000000001c by task syz-executor0/7741
[  154.083121] 
[  154.084748] CPU: 0 PID: 7741 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #107
[  154.092003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  154.101352] Call Trace:
[  154.103941]  dump_stack+0x244/0x39d
[  154.107566]  ? dump_stack_print_info.cold.1+0x20/0x20
[  154.112750]  ? vprintk_func+0x85/0x181
[  154.116697]  kasan_report.cold.8+0x6d/0x309
[  154.121016]  ? kthread_stop+0x10d/0x900
[  154.124987]  check_memory_region+0x13e/0x1b0
[  154.129384]  kasan_check_write+0x14/0x20
[  154.133488]  kthread_stop+0x10d/0x900
[  154.137398]  ? kthread_unpark+0x160/0x160
[  154.141541]  ? __lock_is_held+0xb5/0x140
[  154.145597]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[  154.150877]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[  154.156409]  ? _vb2_fop_release+0x3f/0x2b0
[  154.160645]  ? mutex_trylock+0x2b0/0x2b0
[  154.164711]  ? vivid_fop_release+0x66/0x440
[  154.169026]  ? __mutex_lock+0x85e/0x16f0
[  154.173098]  vid_cap_stop_streaming+0x8d/0xe0
[  154.177580]  ? vid_cap_buf_queue+0x310/0x310
[  154.181972]  __vb2_queue_cancel+0x171/0xd20
[  154.186289]  ? lock_downgrade+0x900/0x900
[  154.190423]  ? vb2_buffer_done+0xb90/0xb90
[  154.194642]  ? find_held_lock+0x36/0x1c0
[  154.198693]  ? mark_held_locks+0xc7/0x130
[  154.202831]  ? kasan_check_write+0x14/0x20
[  154.207060]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  154.211974]  ? kasan_check_read+0x11/0x20
[  154.216125]  ? wait_for_completion+0x8a0/0x8a0
[  154.220767]  ? trace_hardirqs_off_caller+0x310/0x310
[  154.225867]  ? vfs_lock_file+0xe0/0xe0
[  154.229750]  vb2_core_streamoff+0x60/0x140
[  154.234033]  __vb2_cleanup_fileio+0x73/0x160
[  154.238436]  vb2_core_queue_release+0x1e/0x80
[  154.242935]  _vb2_fop_release+0x1d2/0x2b0
[  154.247085]  vb2_fop_release+0x77/0xc0
[  154.250968]  vivid_fop_release+0x18e/0x440
[  154.255189]  ? vivid_remove+0x460/0x460
[  154.259172]  v4l2_release+0x224/0x3a0
[  154.262964]  ? dev_debug_store+0x140/0x140
[  154.267287]  __fput+0x385/0xa30
[  154.270562]  ? get_max_files+0x20/0x20
[  154.274443]  ? trace_hardirqs_on+0xbd/0x310
[  154.278753]  ? kasan_check_read+0x11/0x20
[  154.282943]  ? task_work_run+0x1af/0x2a0
[  154.286999]  ? trace_hardirqs_off_caller+0x310/0x310
[  154.292152]  ? filp_close+0x1cd/0x250
[  154.295958]  ____fput+0x15/0x20
[  154.299417]  task_work_run+0x1e8/0x2a0
[  154.303410]  ? task_work_cancel+0x240/0x240
[  154.307719]  ? copy_fd_bitmaps+0x210/0x210
[  154.311944]  ? do_syscall_64+0x9a/0x820
[  154.315924]  exit_to_usermode_loop+0x318/0x380
[  154.320536]  ? __bpf_trace_sys_exit+0x30/0x30
[  154.325019]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.330546]  do_syscall_64+0x6be/0x820
[  154.334430]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  154.339787]  ? syscall_return_slowpath+0x5e0/0x5e0
[  154.344787]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  154.349628]  ? trace_hardirqs_on_caller+0x310/0x310
[  154.354648]  ? prepare_exit_to_usermode+0x291/0x3b0
[  154.359665]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  154.364502]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  154.369678] RIP: 0033:0x411021
[  154.372865] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  154.391811] RSP: 002b:00007fff01d11340 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  154.399546] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021
[  154.406807] RDX: 0000000000000000 RSI: 0000000000730230 RDI: 0000000000000003
[  154.414061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  154.421319] R10: 00007fff01d11260 R11: 0000000000000293 R12: 0000000000000000
[  154.428639] R13: 0000000000000001 R14: 0000000000000196 R15: 0000000000000000
[  154.435927] ==================================================================
[  154.443332] Disabling lock debugging due to kernel taint
[  154.449156] Kernel panic - not syncing: panic_on_warn set ...
[  154.455044] CPU: 0 PID: 7741 Comm: syz-executor0 Tainted: G    B             4.20.0-rc1+ #107
[  154.463687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  154.473024] Call Trace:
[  154.475607]  dump_stack+0x244/0x39d
[  154.479221]  ? dump_stack_print_info.cold.1+0x20/0x20
[  154.484406]  panic+0x2ad/0x55c
[  154.487583]  ? add_taint.cold.5+0x16/0x16
[  154.491714]  ? preempt_schedule+0x4d/0x60
[  154.495862]  ? ___preempt_schedule+0x16/0x18
[  154.500258]  ? trace_hardirqs_on+0xb4/0x310
[  154.504566]  kasan_end_report+0x47/0x4f
[  154.508526]  kasan_report.cold.8+0x76/0x309
[  154.512836]  ? kthread_stop+0x10d/0x900
[  154.516795]  check_memory_region+0x13e/0x1b0
[  154.521185]  kasan_check_write+0x14/0x20
[  154.525229]  kthread_stop+0x10d/0x900
[  154.529029]  ? kthread_unpark+0x160/0x160
[  154.533169]  ? __lock_is_held+0xb5/0x140
[  154.537224]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[  154.542485]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[  154.548189]  ? _vb2_fop_release+0x3f/0x2b0
[  154.552429]  ? mutex_trylock+0x2b0/0x2b0
[  154.556546]  ? vivid_fop_release+0x66/0x440
[  154.560871]  ? __mutex_lock+0x85e/0x16f0
[  154.564943]  vid_cap_stop_streaming+0x8d/0xe0
[  154.569431]  ? vid_cap_buf_queue+0x310/0x310
[  154.573842]  __vb2_queue_cancel+0x171/0xd20
[  154.578242]  ? lock_downgrade+0x900/0x900
[  154.582386]  ? vb2_buffer_done+0xb90/0xb90
[  154.586615]  ? find_held_lock+0x36/0x1c0
[  154.590805]  ? mark_held_locks+0xc7/0x130
[  154.594947]  ? kasan_check_write+0x14/0x20
[  154.599175]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  154.604115]  ? kasan_check_read+0x11/0x20
[  154.608311]  ? wait_for_completion+0x8a0/0x8a0
[  154.612942]  ? trace_hardirqs_off_caller+0x310/0x310
[  154.618055]  ? vfs_lock_file+0xe0/0xe0
[  154.621936]  vb2_core_streamoff+0x60/0x140
[  154.626163]  __vb2_cleanup_fileio+0x73/0x160
[  154.630569]  vb2_core_queue_release+0x1e/0x80
[  154.635147]  _vb2_fop_release+0x1d2/0x2b0
[  154.639294]  vb2_fop_release+0x77/0xc0
[  154.643172]  vivid_fop_release+0x18e/0x440
[  154.647390]  ? vivid_remove+0x460/0x460
[  154.651348]  v4l2_release+0x224/0x3a0
[  154.655141]  ? dev_debug_store+0x140/0x140
[  154.659367]  __fput+0x385/0xa30
[  154.662682]  ? get_max_files+0x20/0x20
[  154.666574]  ? trace_hardirqs_on+0xbd/0x310
[  154.671109]  ? kasan_check_read+0x11/0x20
[  154.675252]  ? task_work_run+0x1af/0x2a0
[  154.679361]  ? trace_hardirqs_off_caller+0x310/0x310
[  154.684466]  ? filp_close+0x1cd/0x250
[  154.688270]  ____fput+0x15/0x20
[  154.691545]  task_work_run+0x1e8/0x2a0
[  154.695546]  ? task_work_cancel+0x240/0x240
[  154.699884]  ? copy_fd_bitmaps+0x210/0x210
[  154.704109]  ? do_syscall_64+0x9a/0x820
[  154.708083]  exit_to_usermode_loop+0x318/0x380
[  154.712656]  ? __bpf_trace_sys_exit+0x30/0x30
[  154.717144]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.722667]  do_syscall_64+0x6be/0x820
[  154.726546]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  154.732015]  ? syscall_return_slowpath+0x5e0/0x5e0
[  154.736961]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  154.741814]  ? trace_hardirqs_on_caller+0x310/0x310
[  154.746855]  ? prepare_exit_to_usermode+0x291/0x3b0
[  154.751982]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  154.756822]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  154.762003] RIP: 0033:0x411021
[  154.765191] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  154.784090] RSP: 002b:00007fff01d11340 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  154.791913] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021
[  154.799217] RDX: 0000000000000000 RSI: 0000000000730230 RDI: 0000000000000003
[  154.806547] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  154.813804] R10: 00007fff01d11260 R11: 0000000000000293 R12: 0000000000000000
[  154.821070] R13: 0000000000000001 R14: 0000000000000196 R15: 0000000000000000
[  154.829453] Kernel Offset: disabled
[  154.833085] Rebooting in 86400 seconds..