[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.650531][ T26] audit: type=1800 audit(1572169529.381:25): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.684193][ T26] audit: type=1800 audit(1572169529.391:26): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.745243][ T26] audit: type=1800 audit(1572169529.391:27): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. 2019/10/27 09:45:42 parsed 1 programs 2019/10/27 09:45:44 executed programs: 0 syzkaller login: [ 75.707025][ T9029] IPVS: ftp: loaded support on port[0] = 21 [ 75.771583][ T9029] chnl_net:caif_netlink_parms(): no params data found [ 75.801137][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.809061][ T9029] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.817051][ T9029] device bridge_slave_0 entered promiscuous mode [ 75.825638][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.832745][ T9029] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.840606][ T9029] device bridge_slave_1 entered promiscuous mode [ 75.858439][ T9029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.869968][ T9029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.889724][ T9029] team0: Port device team_slave_0 added [ 75.897746][ T9029] team0: Port device team_slave_1 added [ 75.945978][ T9029] device hsr_slave_0 entered promiscuous mode [ 76.013780][ T9029] device hsr_slave_1 entered promiscuous mode [ 76.096016][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.103716][ T9029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.111451][ T9029] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.118606][ T9029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.151500][ T9029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.166432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.187519][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.206955][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.215311][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.227896][ T9029] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.238210][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.248223][ T2856] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.255342][ T2856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.266706][ T9031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.275774][ T9031] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.282855][ T9031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.304999][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.313991][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.322824][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.332589][ T9031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.345357][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.355389][ T9029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.373019][ T9029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.557703][ T9040] ================================================================== [ 76.565948][ T9040] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 76.573238][ T9040] Write of size 8 at addr 0000000000000004 by task syz-executor.0/9040 [ 76.581630][ T9040] [ 76.583964][ T9040] CPU: 1 PID: 9040 Comm: syz-executor.0 Not tainted 5.4.0-rc4-next-20191025 #0 [ 76.592888][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.603101][ T9040] Call Trace: [ 76.606383][ T9040] dump_stack+0x172/0x1f0 [ 76.610700][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.615621][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.620543][ T9040] __kasan_report.cold+0x5/0x41 [ 76.625812][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.630756][ T9040] kasan_report+0x12/0x20 [ 76.635108][ T9040] check_memory_region+0x134/0x1a0 [ 76.640228][ T9040] __kasan_check_write+0x14/0x20 [ 76.645157][ T9040] io_wq_cancel_all+0x28/0x2a0 [ 76.650130][ T9040] io_ring_ctx_wait_and_kill+0x1e2/0x710 [ 76.655769][ T9040] io_uring_release+0x42/0x50 [ 76.660563][ T9040] __fput+0x2ff/0x890 [ 76.664665][ T9040] ? io_ring_ctx_wait_and_kill+0x710/0x710 [ 76.670609][ T9040] ____fput+0x16/0x20 [ 76.674584][ T9040] task_work_run+0x145/0x1c0 [ 76.679164][ T9040] do_exit+0x904/0x2e60 [ 76.683320][ T9040] ? mm_update_next_owner+0x640/0x640 [ 76.688825][ T9040] ? lock_downgrade+0x920/0x920 [ 76.693685][ T9040] ? _raw_spin_unlock_irq+0x23/0x80 [ 76.698912][ T9040] ? get_signal+0x392/0x24f0 [ 76.703518][ T9040] ? _raw_spin_unlock_irq+0x23/0x80 [ 76.708736][ T9040] do_group_exit+0x135/0x360 [ 76.713327][ T9040] get_signal+0x47c/0x24f0 [ 76.717849][ T9040] do_signal+0x87/0x1700 [ 76.722086][ T9040] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 76.728313][ T9040] ? io_uring_setup+0xe88/0x1b80 [ 76.733249][ T9040] ? setup_sigcontext+0x7d0/0x7d0 [ 76.738263][ T9040] ? io_uring_release+0x50/0x50 [ 76.743111][ T9040] ? nsecs_to_jiffies+0x30/0x30 [ 76.747953][ T9040] ? exit_to_usermode_loop+0x43/0x380 [ 76.753317][ T9040] ? do_syscall_64+0x65f/0x760 [ 76.758073][ T9040] ? exit_to_usermode_loop+0x43/0x380 [ 76.763451][ T9040] ? lockdep_hardirqs_on+0x421/0x5e0 [ 76.768738][ T9040] ? trace_hardirqs_on+0x67/0x240 [ 76.773777][ T9040] exit_to_usermode_loop+0x286/0x380 [ 76.779058][ T9040] do_syscall_64+0x65f/0x760 [ 76.783644][ T9040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.789552][ T9040] RIP: 0033:0x459f39 [ 76.793458][ T9040] Code: Bad RIP value. [ 76.797512][ T9040] RSP: 002b:00007f1a63830c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 76.805922][ T9040] RAX: 0000000000000003 RBX: 0000000000000002 RCX: 0000000000459f39 [ 76.813888][ T9040] RDX: 0000000000000000 RSI: 0000000020002740 RDI: 0000000000000f2a [ 76.821875][ T9040] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 76.829848][ T9040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1a638316d4 [ 76.837821][ T9040] R13: 00000000004c1512 R14: 00000000004d4da8 R15: 00000000ffffffff [ 76.845802][ T9040] ================================================================== [ 76.853864][ T9040] Disabling lock debugging due to kernel taint [ 76.862049][ T9040] Kernel panic - not syncing: panic_on_warn set ... [ 76.868658][ T9040] CPU: 1 PID: 9040 Comm: syz-executor.0 Tainted: G B 5.4.0-rc4-next-20191025 #0 [ 76.878954][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.888992][ T9040] Call Trace: [ 76.892269][ T9040] dump_stack+0x172/0x1f0 [ 76.896584][ T9040] panic+0x2e3/0x75c [ 76.900459][ T9040] ? add_taint.cold+0x16/0x16 [ 76.905121][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.910039][ T9040] ? preempt_schedule+0x4b/0x60 [ 76.914886][ T9040] ? ___preempt_schedule+0x16/0x18 [ 76.920331][ T9040] ? trace_hardirqs_on+0x5e/0x240 [ 76.925357][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.930281][ T9040] end_report+0x47/0x4f [ 76.934423][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.939352][ T9040] __kasan_report.cold+0xe/0x41 [ 76.944182][ T9040] ? io_wq_cancel_all+0x28/0x2a0 [ 76.949099][ T9040] kasan_report+0x12/0x20 [ 76.953409][ T9040] check_memory_region+0x134/0x1a0 [ 76.958513][ T9040] __kasan_check_write+0x14/0x20 [ 76.963434][ T9040] io_wq_cancel_all+0x28/0x2a0 [ 76.968273][ T9040] io_ring_ctx_wait_and_kill+0x1e2/0x710 [ 76.973884][ T9040] io_uring_release+0x42/0x50 [ 76.978606][ T9040] __fput+0x2ff/0x890 [ 76.982690][ T9040] ? io_ring_ctx_wait_and_kill+0x710/0x710 [ 76.988504][ T9040] ____fput+0x16/0x20 [ 76.992471][ T9040] task_work_run+0x145/0x1c0 [ 76.997043][ T9040] do_exit+0x904/0x2e60 [ 77.001184][ T9040] ? mm_update_next_owner+0x640/0x640 [ 77.006537][ T9040] ? lock_downgrade+0x920/0x920 [ 77.011379][ T9040] ? _raw_spin_unlock_irq+0x23/0x80 [ 77.016573][ T9040] ? get_signal+0x392/0x24f0 [ 77.021144][ T9040] ? _raw_spin_unlock_irq+0x23/0x80 [ 77.026411][ T9040] do_group_exit+0x135/0x360 [ 77.031220][ T9040] get_signal+0x47c/0x24f0 [ 77.035646][ T9040] do_signal+0x87/0x1700 [ 77.039881][ T9040] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 77.046104][ T9040] ? io_uring_setup+0xe88/0x1b80 [ 77.051024][ T9040] ? setup_sigcontext+0x7d0/0x7d0 [ 77.056041][ T9040] ? io_uring_release+0x50/0x50 [ 77.060888][ T9040] ? nsecs_to_jiffies+0x30/0x30 [ 77.065730][ T9040] ? exit_to_usermode_loop+0x43/0x380 [ 77.071277][ T9040] ? do_syscall_64+0x65f/0x760 [ 77.076031][ T9040] ? exit_to_usermode_loop+0x43/0x380 [ 77.081446][ T9040] ? lockdep_hardirqs_on+0x421/0x5e0 [ 77.086718][ T9040] ? trace_hardirqs_on+0x67/0x240 [ 77.091730][ T9040] exit_to_usermode_loop+0x286/0x380 [ 77.097022][ T9040] do_syscall_64+0x65f/0x760 [ 77.101601][ T9040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.107476][ T9040] RIP: 0033:0x459f39 [ 77.111372][ T9040] Code: Bad RIP value. [ 77.115421][ T9040] RSP: 002b:00007f1a63830c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 77.123811][ T9040] RAX: 0000000000000003 RBX: 0000000000000002 RCX: 0000000000459f39 [ 77.131919][ T9040] RDX: 0000000000000000 RSI: 0000000020002740 RDI: 0000000000000f2a [ 77.139991][ T9040] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 77.147946][ T9040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1a638316d4 [ 77.155899][ T9040] R13: 00000000004c1512 R14: 00000000004d4da8 R15: 00000000ffffffff [ 77.165453][ T9040] Kernel Offset: disabled [ 77.169801][ T9040] Rebooting in 86400 seconds..