[ 28.076960] audit: type=1800 audit(1541535053.493:27): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 28.136735] audit: type=1800 audit(1541535053.593:28): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.024441] audit: type=1800 audit(1541535054.483:29): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.052558] audit: type=1800 audit(1541535054.483:30): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. 2018/11/06 20:11:24 parsed 1 programs 2018/11/06 20:11:26 executed programs: 0 syzkaller login: [ 61.159910] IPVS: ftp: loaded support on port[0] = 21 [ 61.409475] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.416581] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.423843] device bridge_slave_0 entered promiscuous mode [ 61.443293] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.449694] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.457186] device bridge_slave_1 entered promiscuous mode [ 61.476097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 61.494131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 61.544128] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 61.565316] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.641901] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 61.649248] team0: Port device team_slave_0 added [ 61.666776] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 61.674016] team0: Port device team_slave_1 added [ 61.692215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.712358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.731848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.752231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.900854] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.907334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.914266] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.920602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.453854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.507009] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.563837] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.570027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.578650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.625199] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/06 20:11:31 executed programs: 15 2018/11/06 20:11:36 executed programs: 39 2018/11/06 20:11:41 executed programs: 63 2018/11/06 20:11:46 executed programs: 88 2018/11/06 20:11:52 executed programs: 112 2018/11/06 20:11:57 executed programs: 141 2018/11/06 20:12:02 executed programs: 164 2018/11/06 20:12:07 executed programs: 189 2018/11/06 20:12:12 executed programs: 212 2018/11/06 20:12:17 executed programs: 237 [ 114.577921] vivid-000: kernel_thread() failed [ 114.595981] ================================================================== [ 114.603515] BUG: KASAN: null-ptr-deref in kthread_stop+0x108/0x8f0 [ 114.609822] Write of size 4 at addr 000000000000001c by task syz-executor0/7008 [ 114.617248] [ 114.618867] CPU: 1 PID: 7008 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181106+ #106 [ 114.627441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.636808] Call Trace: [ 114.639490] dump_stack+0x244/0x39d [ 114.643115] ? dump_stack_print_info.cold.1+0x20/0x20 [ 114.648306] ? vprintk_func+0x85/0x181 [ 114.652189] kasan_report.cold.8+0x6d/0x309 [ 114.656502] ? kthread_stop+0x108/0x8f0 [ 114.660476] check_memory_region+0x13e/0x1b0 [ 114.664884] kasan_check_write+0x14/0x20 [ 114.668938] kthread_stop+0x108/0x8f0 [ 114.672728] ? kthread_unpark+0x160/0x160 [ 114.676967] ? __lock_is_held+0xb5/0x140 [ 114.681033] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 114.686308] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 114.691838] ? _vb2_fop_release+0x3f/0x2b0 [ 114.696113] ? mutex_trylock+0x2b0/0x2b0 [ 114.700169] ? vivid_fop_release+0x66/0x440 [ 114.704487] ? __mutex_lock+0x85e/0x16f0 [ 114.708538] vid_cap_stop_streaming+0x8d/0xe0 [ 114.713039] ? vid_cap_buf_queue+0x310/0x310 [ 114.717431] __vb2_queue_cancel+0x171/0xd20 [ 114.721742] ? lock_downgrade+0x900/0x900 [ 114.725878] ? vb2_buffer_done+0xb80/0xb80 [ 114.730141] ? find_held_lock+0x36/0x1c0 [ 114.734198] ? mark_held_locks+0xc7/0x130 [ 114.738336] ? kasan_check_write+0x14/0x20 [ 114.742586] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 114.747512] ? kasan_check_read+0x11/0x20 [ 114.751659] ? wait_for_completion+0x8a0/0x8a0 [ 114.756251] ? trace_hardirqs_off_caller+0x300/0x300 [ 114.761346] vb2_core_streamoff+0x60/0x140 [ 114.765568] __vb2_cleanup_fileio+0x73/0x160 [ 114.769972] vb2_core_queue_release+0x1e/0x80 [ 114.774461] _vb2_fop_release+0x1d2/0x2b0 [ 114.778708] vb2_fop_release+0x77/0xc0 [ 114.782587] vivid_fop_release+0x18e/0x440 [ 114.786809] ? vivid_remove+0x460/0x460 [ 114.790879] v4l2_release+0x224/0x3a0 [ 114.794675] __fput+0x3bc/0xa70 [ 114.797944] ? dev_debug_store+0x140/0x140 [ 114.802166] ? get_max_files+0x20/0x20 [ 114.806041] ? trace_hardirqs_on+0xbd/0x310 [ 114.810377] ? kasan_check_read+0x11/0x20 [ 114.814531] ? task_work_run+0x1af/0x2a0 [ 114.818591] ? trace_hardirqs_off_caller+0x300/0x300 [ 114.823681] ? filp_close+0x1cd/0x250 [ 114.827470] ____fput+0x15/0x20 [ 114.830735] task_work_run+0x1e8/0x2a0 [ 114.834613] ? task_work_cancel+0x240/0x240 [ 114.838922] ? copy_fd_bitmaps+0x210/0x210 [ 114.843169] ? do_syscall_64+0x9a/0x820 [ 114.847137] exit_to_usermode_loop+0x318/0x380 [ 114.851716] ? __bpf_trace_sys_exit+0x30/0x30 [ 114.856207] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.861734] do_syscall_64+0x6be/0x820 [ 114.865610] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 114.870975] ? syscall_return_slowpath+0x5e0/0x5e0 [ 114.875891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.880719] ? trace_hardirqs_on_caller+0x310/0x310 [ 114.885720] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 114.890720] ? prepare_exit_to_usermode+0x291/0x3b0 [ 114.895737] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.900636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.905830] RIP: 0033:0x411021 [ 114.909017] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 114.927912] RSP: 002b:00007ffcd4809eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 114.935610] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021 [ 114.942957] RDX: 0000000000000000 RSI: 0000000000730188 RDI: 0000000000000003 [ 114.950212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 114.957471] R10: 00007ffcd4809dd0 R11: 0000000000000293 R12: 0000000000000000 [ 114.964729] R13: 0000000000000001 R14: 00000000000000fd R15: 0000000000000000 [ 114.971996] ================================================================== [ 114.979339] Disabling lock debugging due to kernel taint [ 114.985506] Kernel panic - not syncing: panic_on_warn set ... [ 114.991387] CPU: 1 PID: 7008 Comm: syz-executor0 Tainted: G B 4.20.0-rc1-next-20181106+ #106 [ 115.001289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.010687] Call Trace: [ 115.013284] dump_stack+0x244/0x39d [ 115.016898] ? dump_stack_print_info.cold.1+0x20/0x20 [ 115.022080] panic+0x2ad/0x55c [ 115.025261] ? add_taint.cold.5+0x16/0x16 [ 115.029397] ? preempt_schedule+0x4d/0x60 [ 115.033542] ? ___preempt_schedule+0x16/0x18 [ 115.037944] ? trace_hardirqs_on+0xb4/0x310 [ 115.042256] kasan_end_report+0x47/0x4f [ 115.046217] kasan_report.cold.8+0x76/0x309 [ 115.050528] ? kthread_stop+0x108/0x8f0 [ 115.054491] check_memory_region+0x13e/0x1b0 [ 115.058888] kasan_check_write+0x14/0x20 [ 115.063036] kthread_stop+0x108/0x8f0 [ 115.066828] ? kthread_unpark+0x160/0x160 [ 115.071071] ? __lock_is_held+0xb5/0x140 [ 115.075169] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 115.080483] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 115.086182] ? _vb2_fop_release+0x3f/0x2b0 [ 115.090419] ? mutex_trylock+0x2b0/0x2b0 [ 115.094537] ? vivid_fop_release+0x66/0x440 [ 115.098852] ? __mutex_lock+0x85e/0x16f0 [ 115.102908] vid_cap_stop_streaming+0x8d/0xe0 [ 115.107396] ? vid_cap_buf_queue+0x310/0x310 [ 115.111794] __vb2_queue_cancel+0x171/0xd20 [ 115.116112] ? lock_downgrade+0x900/0x900 [ 115.120307] ? vb2_buffer_done+0xb80/0xb80 [ 115.124546] ? find_held_lock+0x36/0x1c0 [ 115.128595] ? mark_held_locks+0xc7/0x130 [ 115.132845] ? kasan_check_write+0x14/0x20 [ 115.137068] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 115.141982] ? kasan_check_read+0x11/0x20 [ 115.146111] ? wait_for_completion+0x8a0/0x8a0 [ 115.150676] ? trace_hardirqs_off_caller+0x300/0x300 [ 115.155770] vb2_core_streamoff+0x60/0x140 [ 115.159991] __vb2_cleanup_fileio+0x73/0x160 [ 115.164402] vb2_core_queue_release+0x1e/0x80 [ 115.168888] _vb2_fop_release+0x1d2/0x2b0 [ 115.173021] vb2_fop_release+0x77/0xc0 [ 115.176900] vivid_fop_release+0x18e/0x440 [ 115.181127] ? vivid_remove+0x460/0x460 [ 115.185085] v4l2_release+0x224/0x3a0 [ 115.188872] __fput+0x3bc/0xa70 [ 115.192141] ? dev_debug_store+0x140/0x140 [ 115.196364] ? get_max_files+0x20/0x20 [ 115.200236] ? trace_hardirqs_on+0xbd/0x310 [ 115.204628] ? kasan_check_read+0x11/0x20 [ 115.208781] ? task_work_run+0x1af/0x2a0 [ 115.212832] ? trace_hardirqs_off_caller+0x300/0x300 [ 115.217925] ? filp_close+0x1cd/0x250 [ 115.221713] ____fput+0x15/0x20 [ 115.224975] task_work_run+0x1e8/0x2a0 [ 115.228892] ? task_work_cancel+0x240/0x240 [ 115.233207] ? copy_fd_bitmaps+0x210/0x210 [ 115.237431] ? do_syscall_64+0x9a/0x820 [ 115.241393] exit_to_usermode_loop+0x318/0x380 [ 115.245965] ? __bpf_trace_sys_exit+0x30/0x30 [ 115.250446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.255968] do_syscall_64+0x6be/0x820 [ 115.259844] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 115.265190] ? syscall_return_slowpath+0x5e0/0x5e0 [ 115.270100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.274927] ? trace_hardirqs_on_caller+0x310/0x310 [ 115.279929] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 115.284983] ? prepare_exit_to_usermode+0x291/0x3b0 [ 115.290055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.294890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.300061] RIP: 0033:0x411021 [ 115.303237] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 115.322129] RSP: 002b:00007ffcd4809eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 115.329824] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021 [ 115.337076] RDX: 0000000000000000 RSI: 0000000000730188 RDI: 0000000000000003 [ 115.344327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 115.351692] R10: 00007ffcd4809dd0 R11: 0000000000000293 R12: 0000000000000000 [ 115.359068] R13: 0000000000000001 R14: 00000000000000fd R15: 0000000000000000 [ 115.367289] Kernel Offset: disabled [ 115.370926] Rebooting in 86400 seconds..