[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.975591] kauditd_printk_skb: 8 callbacks suppressed [ 27.975603] audit: type=1800 audit(1541668924.677:29): pid=5571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.003286] audit: type=1800 audit(1541668924.677:30): pid=5571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. 2018/11/08 09:22:16 parsed 1 programs 2018/11/08 09:22:18 executed programs: 0 syzkaller login: [ 41.971764] IPVS: ftp: loaded support on port[0] = 21 [ 42.232303] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.239143] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.246467] device bridge_slave_0 entered promiscuous mode [ 42.263843] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.270475] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.277774] device bridge_slave_1 entered promiscuous mode [ 42.295761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.313062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.361628] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.381453] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.456768] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.464012] team0: Port device team_slave_0 added [ 42.480530] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.487685] team0: Port device team_slave_1 added [ 42.505190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.524725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.543632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.563464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.705057] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.711479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.718504] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.724873] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.243437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.295454] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.350163] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.356490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.363905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.417918] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.848258] vivid-000: kernel_thread() failed [ 47.668828] ================================================================== [ 47.676321] BUG: KASAN: null-ptr-deref in kthread_stop+0x108/0x8f0 [ 47.682655] Write of size 4 at addr 000000000000001c by task syz-executor0/6702 [ 47.690100] [ 47.691738] CPU: 0 PID: 6702 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181108+ #108 [ 47.700215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.709552] Call Trace: [ 47.712125] dump_stack+0x244/0x39d [ 47.715740] ? dump_stack_print_info.cold.1+0x20/0x20 [ 47.720919] ? vprintk_func+0x85/0x181 [ 47.724815] kasan_report.cold.8+0x6d/0x309 [ 47.729140] ? kthread_stop+0x108/0x8f0 [ 47.733104] check_memory_region+0x13e/0x1b0 [ 47.737502] kasan_check_write+0x14/0x20 [ 47.741547] kthread_stop+0x108/0x8f0 [ 47.745335] ? kthread_unpark+0x160/0x160 [ 47.749477] ? __lock_is_held+0xb5/0x140 [ 47.753536] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 47.758807] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 47.764339] ? _vb2_fop_release+0x3f/0x2b0 [ 47.768573] ? mutex_trylock+0x2b0/0x2b0 [ 47.772617] ? vivid_fop_release+0x66/0x440 [ 47.776924] ? __mutex_lock+0x85e/0x16f0 [ 47.780982] vid_cap_stop_streaming+0x8d/0xe0 [ 47.785464] ? vid_cap_buf_queue+0x310/0x310 [ 47.789856] __vb2_queue_cancel+0x171/0xd20 [ 47.794182] ? lock_downgrade+0x900/0x900 [ 47.798327] ? vb2_buffer_done+0xb80/0xb80 [ 47.802547] ? find_held_lock+0x36/0x1c0 [ 47.806597] ? mark_held_locks+0xc7/0x130 [ 47.810738] ? kasan_check_write+0x14/0x20 [ 47.814972] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 47.819895] ? kasan_check_read+0x11/0x20 [ 47.824030] ? wait_for_completion+0x8a0/0x8a0 [ 47.828598] ? trace_hardirqs_off_caller+0x300/0x300 [ 47.833690] vb2_core_streamoff+0x60/0x140 [ 47.837909] __vb2_cleanup_fileio+0x73/0x160 [ 47.842305] vb2_core_queue_release+0x1e/0x80 [ 47.846786] _vb2_fop_release+0x1d2/0x2b0 [ 47.850920] vb2_fop_release+0x77/0xc0 [ 47.854792] vivid_fop_release+0x18e/0x440 [ 47.859012] ? vivid_remove+0x460/0x460 [ 47.862977] v4l2_release+0x224/0x3a0 [ 47.866770] __fput+0x3bc/0xa70 [ 47.870035] ? dev_debug_store+0x140/0x140 [ 47.874256] ? get_max_files+0x20/0x20 [ 47.878127] ? trace_hardirqs_on+0xbd/0x310 [ 47.882430] ? kasan_check_read+0x11/0x20 [ 47.886564] ? task_work_run+0x1af/0x2a0 [ 47.890608] ? trace_hardirqs_off_caller+0x300/0x300 [ 47.895717] ? rcu_read_unlock_special+0x370/0x370 [ 47.900648] ? rcu_softirq_qs+0x20/0x20 [ 47.904608] ? unwind_dump+0x190/0x190 [ 47.908487] ____fput+0x15/0x20 [ 47.911749] task_work_run+0x1e8/0x2a0 [ 47.915622] ? task_work_cancel+0x240/0x240 [ 47.919936] get_signal+0x1550/0x1970 [ 47.923721] ? find_held_lock+0x36/0x1c0 [ 47.927768] ? ptrace_notify+0x130/0x130 [ 47.931821] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 47.937614] ? pvclock_read_flags+0x160/0x160 [ 47.942095] ? poll_select_set_timeout+0x19a/0x240 [ 47.947011] ? trace_hardirqs_off_caller+0x300/0x300 [ 47.952106] do_signal+0x9c/0x21c0 [ 47.955638] ? timespec64_add_safe+0x204/0x2f0 [ 47.960212] ? nsec_to_clock_t+0x30/0x30 [ 47.964264] ? setup_sigcontext+0x7d0/0x7d0 [ 47.968748] ? exit_to_usermode_loop+0x8c/0x380 [ 47.973401] ? exit_to_usermode_loop+0x8c/0x380 [ 47.978060] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 47.982631] ? trace_hardirqs_on+0xbd/0x310 [ 47.986938] ? do_syscall_64+0x6be/0x820 [ 47.990984] ? trace_hardirqs_off_caller+0x300/0x300 [ 47.996089] ? do_restart_poll+0x2e0/0x2e0 [ 48.000310] ? nsecs_to_jiffies+0x30/0x30 [ 48.004448] ? do_syscall_64+0x9a/0x820 [ 48.008415] ? do_syscall_64+0x9a/0x820 [ 48.012402] exit_to_usermode_loop+0x2e5/0x380 [ 48.016972] ? __bpf_trace_sys_exit+0x30/0x30 [ 48.021464] do_syscall_64+0x6be/0x820 [ 48.025348] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.030698] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.035613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.040462] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.045466] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.050468] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.055473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.060308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.065485] RIP: 0033:0x457569 [ 48.068686] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.087595] RSP: 002b:00007f3a081fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 48.095291] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 48.102595] RDX: 000000000000eb7c RSI: 0000000000000006 RDI: 0000000020000040 [ 48.109854] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 48.117114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a081ff6d4 [ 48.124369] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 48.131629] ================================================================== [ 48.138965] Disabling lock debugging due to kernel taint [ 48.145417] Kernel panic - not syncing: panic_on_warn set ... [ 48.151332] CPU: 0 PID: 6702 Comm: syz-executor0 Tainted: G B 4.20.0-rc1-next-20181108+ #108 [ 48.161214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.170561] Call Trace: [ 48.173154] dump_stack+0x244/0x39d [ 48.176772] ? dump_stack_print_info.cold.1+0x20/0x20 [ 48.181953] panic+0x2ad/0x55c [ 48.185133] ? add_taint.cold.5+0x16/0x16 [ 48.189270] ? preempt_schedule+0x4d/0x60 [ 48.193407] ? ___preempt_schedule+0x16/0x18 [ 48.197805] ? trace_hardirqs_on+0xb4/0x310 [ 48.202114] kasan_end_report+0x47/0x4f [ 48.206071] kasan_report.cold.8+0x76/0x309 [ 48.210378] ? kthread_stop+0x108/0x8f0 [ 48.214347] check_memory_region+0x13e/0x1b0 [ 48.218742] kasan_check_write+0x14/0x20 [ 48.222792] kthread_stop+0x108/0x8f0 [ 48.226579] ? kthread_unpark+0x160/0x160 [ 48.230721] ? __lock_is_held+0xb5/0x140 [ 48.234794] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 48.240061] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 48.245584] ? _vb2_fop_release+0x3f/0x2b0 [ 48.249805] ? mutex_trylock+0x2b0/0x2b0 [ 48.253863] ? vivid_fop_release+0x66/0x440 [ 48.258182] ? __mutex_lock+0x85e/0x16f0 [ 48.262234] vid_cap_stop_streaming+0x8d/0xe0 [ 48.266715] ? vid_cap_buf_queue+0x310/0x310 [ 48.271108] __vb2_queue_cancel+0x171/0xd20 [ 48.275415] ? lock_downgrade+0x900/0x900 [ 48.279567] ? vb2_buffer_done+0xb80/0xb80 [ 48.283786] ? find_held_lock+0x36/0x1c0 [ 48.287835] ? mark_held_locks+0xc7/0x130 [ 48.291971] ? kasan_check_write+0x14/0x20 [ 48.296191] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 48.301107] ? kasan_check_read+0x11/0x20 [ 48.305248] ? wait_for_completion+0x8a0/0x8a0 [ 48.309817] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.314909] vb2_core_streamoff+0x60/0x140 [ 48.319127] __vb2_cleanup_fileio+0x73/0x160 [ 48.323521] vb2_core_queue_release+0x1e/0x80 [ 48.328003] _vb2_fop_release+0x1d2/0x2b0 [ 48.332141] vb2_fop_release+0x77/0xc0 [ 48.336012] vivid_fop_release+0x18e/0x440 [ 48.340232] ? vivid_remove+0x460/0x460 [ 48.344193] v4l2_release+0x224/0x3a0 [ 48.347982] __fput+0x3bc/0xa70 [ 48.351251] ? dev_debug_store+0x140/0x140 [ 48.355472] ? get_max_files+0x20/0x20 [ 48.359349] ? trace_hardirqs_on+0xbd/0x310 [ 48.363655] ? kasan_check_read+0x11/0x20 [ 48.367790] ? task_work_run+0x1af/0x2a0 [ 48.371836] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.376929] ? rcu_read_unlock_special+0x370/0x370 [ 48.381861] ? rcu_softirq_qs+0x20/0x20 [ 48.385820] ? unwind_dump+0x190/0x190 [ 48.389697] ____fput+0x15/0x20 [ 48.392960] task_work_run+0x1e8/0x2a0 [ 48.396832] ? task_work_cancel+0x240/0x240 [ 48.401144] get_signal+0x1550/0x1970 [ 48.404930] ? find_held_lock+0x36/0x1c0 [ 48.408977] ? ptrace_notify+0x130/0x130 [ 48.413028] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 48.418812] ? pvclock_read_flags+0x160/0x160 [ 48.423291] ? poll_select_set_timeout+0x19a/0x240 [ 48.428209] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.433310] do_signal+0x9c/0x21c0 [ 48.436859] ? timespec64_add_safe+0x204/0x2f0 [ 48.441427] ? nsec_to_clock_t+0x30/0x30 [ 48.445473] ? setup_sigcontext+0x7d0/0x7d0 [ 48.449793] ? exit_to_usermode_loop+0x8c/0x380 [ 48.454469] ? exit_to_usermode_loop+0x8c/0x380 [ 48.459130] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 48.463696] ? trace_hardirqs_on+0xbd/0x310 [ 48.468004] ? do_syscall_64+0x6be/0x820 [ 48.472052] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.477139] ? do_restart_poll+0x2e0/0x2e0 [ 48.481364] ? nsecs_to_jiffies+0x30/0x30 [ 48.485497] ? do_syscall_64+0x9a/0x820 [ 48.489456] ? do_syscall_64+0x9a/0x820 [ 48.493419] exit_to_usermode_loop+0x2e5/0x380 [ 48.497987] ? __bpf_trace_sys_exit+0x30/0x30 [ 48.502474] do_syscall_64+0x6be/0x820 [ 48.506366] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.511726] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.516639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.521483] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.526483] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.531483] ? prepare_exit_to_usermode+0x291/0x3b0 [ 48.536487] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.541337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.546521] RIP: 0033:0x457569 [ 48.549702] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.568588] RSP: 002b:00007f3a081fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 48.576280] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 48.583537] RDX: 000000000000eb7c RSI: 0000000000000006 RDI: 0000000020000040 [ 48.590789] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 48.598127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a081ff6d4 [ 48.605380] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 48.613296] Kernel Offset: disabled [ 48.616942] Rebooting in 86400 seconds..