[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.653812] kauditd_printk_skb: 8 callbacks suppressed [ 27.653824] audit: type=1800 audit(1541285194.730:29): pid=5570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.688640] audit: type=1800 audit(1541285194.740:30): pid=5570 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.692362] sshd (5710) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 44.199196] WARNING: CPU: 1 PID: 5734 at drivers/media/common/videobuf2/videobuf2-core.c:1831 __vb2_queue_cancel+0x910/0xd20 [ 44.210728] Kernel panic - not syncing: panic_on_warn set ... [ 44.216624] CPU: 1 PID: 5734 Comm: syz-executor141 Not tainted 4.19.0+ #221 [ 44.223723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.233088] Call Trace: [ 44.235693] dump_stack+0x244/0x39d [ 44.239314] ? dump_stack_print_info.cold.1+0x20/0x20 [ 44.244549] panic+0x2ad/0x55c [ 44.247741] ? add_taint.cold.5+0x16/0x16 [ 44.251898] ? __warn.cold.8+0x5/0x45 [ 44.255693] ? __warn+0xe8/0x1d0 [ 44.259069] ? __vb2_queue_cancel+0x910/0xd20 [ 44.263565] __warn.cold.8+0x20/0x45 [ 44.267279] ? rcu_softirq_qs+0x20/0x20 [ 44.271254] ? __vb2_queue_cancel+0x910/0xd20 [ 44.275757] report_bug+0x254/0x2d0 [ 44.279403] do_error_trap+0x11b/0x200 [ 44.283298] do_invalid_op+0x36/0x40 [ 44.287006] ? __vb2_queue_cancel+0x910/0xd20 [ 44.291503] invalid_op+0x14/0x20 [ 44.294958] RIP: 0010:__vb2_queue_cancel+0x910/0xd20 [ 44.300067] Code: 48 8b 45 d0 65 48 33 04 25 28 00 00 00 0f 85 d8 03 00 00 48 81 c4 b0 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 30 c9 32 fc <0f> 0b 48 8b 85 70 fe ff ff 48 05 28 02 00 00 48 89 85 38 fe ff ff [ 44.318960] RSP: 0018:ffff8801d7027810 EFLAGS: 00010293 [ 44.324326] RAX: ffff8801d50a4600 RBX: ffff8801d70279c0 RCX: ffffffff854ca7c8 [ 44.331594] RDX: 0000000000000000 RSI: ffffffff854caec0 RDI: 0000000000000005 [ 44.338870] RBP: ffff8801d70279e8 R08: ffff8801d50a4600 R09: ffffed0039746cee [ 44.346158] R10: ffffed0039746cee R11: ffff8801cba36777 R12: ffff8801cba36774 [ 44.353436] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8801cba31418 [ 44.360725] ? __vb2_queue_cancel+0x218/0xd20 [ 44.365213] ? __vb2_queue_cancel+0x910/0xd20 [ 44.369712] ? lock_downgrade+0x900/0x900 [ 44.373869] ? vb2_buffer_done+0xb90/0xb90 [ 44.378103] ? find_held_lock+0x36/0x1c0 [ 44.382180] ? mark_held_locks+0xc7/0x130 [ 44.386326] ? kasan_check_write+0x14/0x20 [ 44.390664] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 44.395614] ? kasan_check_read+0x11/0x20 [ 44.399758] ? wait_for_completion+0x8a0/0x8a0 [ 44.404334] ? trace_hardirqs_off_caller+0x310/0x310 [ 44.409435] vb2_core_streamoff+0x60/0x140 [ 44.413694] __vb2_cleanup_fileio+0x73/0x160 [ 44.418098] vb2_core_queue_release+0x1e/0x80 [ 44.422591] _vb2_fop_release+0x1d2/0x2b0 [ 44.426745] vb2_fop_release+0x77/0xc0 [ 44.430648] vivid_fop_release+0x18e/0x440 [ 44.434876] ? vivid_remove+0x460/0x460 [ 44.438842] v4l2_release+0x224/0x3a0 [ 44.442656] ? dev_debug_store+0x140/0x140 [ 44.446890] __fput+0x385/0xa30 [ 44.450192] ? get_max_files+0x20/0x20 [ 44.454156] ? trace_hardirqs_on+0xbd/0x310 [ 44.458476] ? kasan_check_read+0x11/0x20 [ 44.462657] ? task_work_run+0x1af/0x2a0 [ 44.466952] ? trace_hardirqs_off_caller+0x310/0x310 [ 44.472064] ? filp_close+0x1cd/0x250 [ 44.475857] ____fput+0x15/0x20 [ 44.479134] task_work_run+0x1e8/0x2a0 [ 44.483014] ? task_work_cancel+0x240/0x240 [ 44.487343] ? copy_fd_bitmaps+0x210/0x210 [ 44.491583] ? do_fast_syscall_32+0x150/0xfb2 [ 44.496077] exit_to_usermode_loop+0x318/0x380 [ 44.500662] ? __bpf_trace_sys_exit+0x30/0x30 [ 44.505260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.510805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.516360] do_fast_syscall_32+0xcd5/0xfb2 [ 44.520692] ? do_int80_syscall_32+0x890/0x890 [ 44.525267] ? entry_SYSENTER_compat+0x68/0x7f [ 44.529854] ? trace_hardirqs_off_caller+0xbb/0x310 [ 44.534876] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.539724] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.544563] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.549578] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.554604] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.559648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.564518] entry_SYSENTER_compat+0x70/0x7f [ 44.568930] RIP: 0023:0xf7f9ea29 [ 44.572302] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 44.591202] RSP: 002b:00000000ffb4710c EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 44.598920] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000020000100 [ 44.606195] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 000000002000070c [ 44.613457] RBP: 00000000ffb47168 R08: 0000000000000000 R09: 0000000000000000 [ 44.620754] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 44.628013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.636390] Kernel Offset: disabled [ 44.640069] Rebooting in 86400 seconds..