[info] Using makefile-style concurrent boot in runlevel 2. [ 25.132356] audit: type=1800 audit(1541575124.323:21): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 25.151981] audit: type=1800 audit(1541575124.323:22): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. 2018/11/07 07:18:55 parsed 1 programs 2018/11/07 07:18:56 executed programs: 0 syzkaller login: [ 37.607535] IPVS: ftp: loaded support on port[0] = 21 [ 37.858608] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.865831] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.873801] device bridge_slave_0 entered promiscuous mode [ 37.892787] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.899313] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.906233] device bridge_slave_1 entered promiscuous mode [ 37.925723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.945163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.994448] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.015078] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.090993] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.098370] team0: Port device team_slave_0 added [ 38.115290] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.122895] team0: Port device team_slave_1 added [ 38.142442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.165344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.184481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.204116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.351009] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.357510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.364652] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.371030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.892103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.942838] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.994049] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.001523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.008953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.063049] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.381039] kauditd_printk_skb: 8 callbacks suppressed [ 39.381051] audit: type=1800 audit(1541575138.573:31): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.407354] audit: type=1800 audit(1541575138.593:32): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.437781] audit: type=1800 audit(1541575138.623:33): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.460277] audit: type=1800 audit(1541575138.653:34): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.496365] audit: type=1800 audit(1541575138.683:35): pid=5967 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.517967] audit: type=1800 audit(1541575138.703:36): pid=5969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.551583] audit: type=1800 audit(1541575138.733:37): pid=5972 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.570952] audit: type=1800 audit(1541575138.763:38): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.603004] audit: type=1800 audit(1541575138.793:39): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 39.622815] audit: type=1800 audit(1541575138.813:40): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16496 res=0 [ 40.131431] vivid-000: kernel_thread() failed [ 40.952445] ================================================================== [ 40.959960] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 40.966377] Write of size 4 at addr 000000000000001c by task syz-executor0/6097 [ 40.973853] [ 40.975481] CPU: 1 PID: 6097 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #101 [ 40.982788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.992171] Call Trace: [ 40.994750] dump_stack+0x244/0x39d [ 40.998370] ? dump_stack_print_info.cold.1+0x20/0x20 [ 41.003552] ? vprintk_func+0x85/0x181 [ 41.007444] kasan_report.cold.8+0x6d/0x309 [ 41.011812] ? kthread_stop+0x10d/0x900 [ 41.015785] check_memory_region+0x13e/0x1b0 [ 41.020184] kasan_check_write+0x14/0x20 [ 41.024234] kthread_stop+0x10d/0x900 [ 41.028021] ? kthread_unpark+0x160/0x160 [ 41.032163] ? __lock_is_held+0xb5/0x140 [ 41.036227] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 41.041501] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 41.047046] ? _vb2_fop_release+0x3f/0x2b0 [ 41.051303] ? mutex_trylock+0x2b0/0x2b0 [ 41.055351] ? vivid_fop_release+0x66/0x440 [ 41.059662] ? __mutex_lock+0x85e/0x16f0 [ 41.063732] vid_cap_stop_streaming+0x8d/0xe0 [ 41.068235] ? vid_cap_buf_queue+0x310/0x310 [ 41.072894] __vb2_queue_cancel+0x171/0xd20 [ 41.077208] ? lock_downgrade+0x900/0x900 [ 41.081346] ? vb2_buffer_done+0xb90/0xb90 [ 41.085569] ? find_held_lock+0x36/0x1c0 [ 41.089622] ? mark_held_locks+0xc7/0x130 [ 41.093774] ? kasan_check_write+0x14/0x20 [ 41.097996] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 41.102931] ? kasan_check_read+0x11/0x20 [ 41.107079] ? wait_for_completion+0x8a0/0x8a0 [ 41.111654] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.116750] vb2_core_streamoff+0x60/0x140 [ 41.120978] __vb2_cleanup_fileio+0x73/0x160 [ 41.125376] vb2_core_queue_release+0x1e/0x80 [ 41.129867] _vb2_fop_release+0x1d2/0x2b0 [ 41.134009] vb2_fop_release+0x77/0xc0 [ 41.137891] vivid_fop_release+0x18e/0x440 [ 41.142117] ? vivid_remove+0x460/0x460 [ 41.146077] v4l2_release+0x224/0x3a0 [ 41.149869] ? dev_debug_store+0x140/0x140 [ 41.154095] __fput+0x385/0xa30 [ 41.157365] ? get_max_files+0x20/0x20 [ 41.161249] ? trace_hardirqs_on+0xbd/0x310 [ 41.165559] ? kasan_check_read+0x11/0x20 [ 41.169693] ? task_work_run+0x1af/0x2a0 [ 41.173743] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.178835] ? rcu_softirq_qs+0x20/0x20 [ 41.182814] ? unwind_dump+0x190/0x190 [ 41.186699] ____fput+0x15/0x20 [ 41.189987] task_work_run+0x1e8/0x2a0 [ 41.193866] ? task_work_cancel+0x240/0x240 [ 41.198182] get_signal+0x1558/0x1980 [ 41.201974] ? find_held_lock+0x36/0x1c0 [ 41.206020] ? ptrace_notify+0x130/0x130 [ 41.210074] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 41.215861] ? pvclock_read_flags+0x160/0x160 [ 41.220357] ? poll_select_set_timeout+0x19a/0x240 [ 41.225293] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.230401] do_signal+0x9c/0x21c0 [ 41.233951] ? timespec64_add_safe+0x204/0x2f0 [ 41.238528] ? nsec_to_clock_t+0x30/0x30 [ 41.242583] ? setup_sigcontext+0x7d0/0x7d0 [ 41.246904] ? exit_to_usermode_loop+0x8c/0x380 [ 41.251561] ? exit_to_usermode_loop+0x8c/0x380 [ 41.256233] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.260804] ? trace_hardirqs_on+0xbd/0x310 [ 41.265123] ? do_syscall_64+0x6be/0x820 [ 41.269172] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.274261] ? do_restart_poll+0x2e0/0x2e0 [ 41.278501] ? nsecs_to_jiffies+0x30/0x30 [ 41.282649] ? do_syscall_64+0x9a/0x820 [ 41.286609] ? do_syscall_64+0x9a/0x820 [ 41.290573] exit_to_usermode_loop+0x2e5/0x380 [ 41.295145] ? __bpf_trace_sys_exit+0x30/0x30 [ 41.299630] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.305160] do_syscall_64+0x6be/0x820 [ 41.309039] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.314412] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.319331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.324166] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.330213] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.335238] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.340247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.345085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.350262] RIP: 0033:0x457569 [ 41.353456] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.372362] RSP: 002b:00007f21cdf99c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 41.380073] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 41.387345] RDX: 000000000000eb7c RSI: 0000000000000006 RDI: 0000000020000040 [ 41.394608] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 41.401866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21cdf9a6d4 [ 41.409134] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 41.416404] ================================================================== [ 41.423749] Disabling lock debugging due to kernel taint [ 41.430340] Kernel panic - not syncing: panic_on_warn set ... [ 41.436253] CPU: 1 PID: 6097 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #101 [ 41.444902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.454238] Call Trace: [ 41.456820] dump_stack+0x244/0x39d [ 41.460441] ? dump_stack_print_info.cold.1+0x20/0x20 [ 41.465624] panic+0x2ad/0x55c [ 41.468800] ? add_taint.cold.5+0x16/0x16 [ 41.472933] ? preempt_schedule+0x4d/0x60 [ 41.477066] ? ___preempt_schedule+0x16/0x18 [ 41.481460] ? trace_hardirqs_on+0xb4/0x310 [ 41.485853] kasan_end_report+0x47/0x4f [ 41.489820] kasan_report.cold.8+0x76/0x309 [ 41.494133] ? kthread_stop+0x10d/0x900 [ 41.498104] check_memory_region+0x13e/0x1b0 [ 41.502500] kasan_check_write+0x14/0x20 [ 41.506545] kthread_stop+0x10d/0x900 [ 41.510346] ? kthread_unpark+0x160/0x160 [ 41.514505] ? __lock_is_held+0xb5/0x140 [ 41.518556] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 41.523824] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 41.529372] ? _vb2_fop_release+0x3f/0x2b0 [ 41.533613] ? mutex_trylock+0x2b0/0x2b0 [ 41.537665] ? vivid_fop_release+0x66/0x440 [ 41.541979] ? __mutex_lock+0x85e/0x16f0 [ 41.546036] vid_cap_stop_streaming+0x8d/0xe0 [ 41.550519] ? vid_cap_buf_queue+0x310/0x310 [ 41.554911] __vb2_queue_cancel+0x171/0xd20 [ 41.559218] ? lock_downgrade+0x900/0x900 [ 41.563350] ? vb2_buffer_done+0xb90/0xb90 [ 41.567591] ? find_held_lock+0x36/0x1c0 [ 41.572557] ? mark_held_locks+0xc7/0x130 [ 41.576695] ? kasan_check_write+0x14/0x20 [ 41.580919] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 41.585851] ? kasan_check_read+0x11/0x20 [ 41.590007] ? wait_for_completion+0x8a0/0x8a0 [ 41.594576] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.599682] vb2_core_streamoff+0x60/0x140 [ 41.603909] __vb2_cleanup_fileio+0x73/0x160 [ 41.608313] vb2_core_queue_release+0x1e/0x80 [ 41.612823] _vb2_fop_release+0x1d2/0x2b0 [ 41.616965] vb2_fop_release+0x77/0xc0 [ 41.620847] vivid_fop_release+0x18e/0x440 [ 41.625083] ? vivid_remove+0x460/0x460 [ 41.629042] v4l2_release+0x224/0x3a0 [ 41.632837] ? dev_debug_store+0x140/0x140 [ 41.637058] __fput+0x385/0xa30 [ 41.640324] ? get_max_files+0x20/0x20 [ 41.644223] ? trace_hardirqs_on+0xbd/0x310 [ 41.648531] ? kasan_check_read+0x11/0x20 [ 41.652664] ? task_work_run+0x1af/0x2a0 [ 41.656726] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.661816] ? rcu_softirq_qs+0x20/0x20 [ 41.665794] ? unwind_dump+0x190/0x190 [ 41.669668] ____fput+0x15/0x20 [ 41.672933] task_work_run+0x1e8/0x2a0 [ 41.676806] ? task_work_cancel+0x240/0x240 [ 41.681113] get_signal+0x1558/0x1980 [ 41.684901] ? find_held_lock+0x36/0x1c0 [ 41.688945] ? ptrace_notify+0x130/0x130 [ 41.692999] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 41.698795] ? pvclock_read_flags+0x160/0x160 [ 41.703272] ? poll_select_set_timeout+0x19a/0x240 [ 41.708207] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.713304] do_signal+0x9c/0x21c0 [ 41.716833] ? timespec64_add_safe+0x204/0x2f0 [ 41.721402] ? nsec_to_clock_t+0x30/0x30 [ 41.725449] ? setup_sigcontext+0x7d0/0x7d0 [ 41.729755] ? exit_to_usermode_loop+0x8c/0x380 [ 41.734422] ? exit_to_usermode_loop+0x8c/0x380 [ 41.739086] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.743666] ? trace_hardirqs_on+0xbd/0x310 [ 41.747975] ? do_syscall_64+0x6be/0x820 [ 41.752019] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.757214] ? do_restart_poll+0x2e0/0x2e0 [ 41.761434] ? nsecs_to_jiffies+0x30/0x30 [ 41.765568] ? do_syscall_64+0x9a/0x820 [ 41.769527] ? do_syscall_64+0x9a/0x820 [ 41.773500] exit_to_usermode_loop+0x2e5/0x380 [ 41.778069] ? __bpf_trace_sys_exit+0x30/0x30 [ 41.782549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.788075] do_syscall_64+0x6be/0x820 [ 41.791951] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.797318] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.802244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.807074] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.812079] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.817100] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.822113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.826949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.832571] RIP: 0033:0x457569 [ 41.835755] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.854740] RSP: 002b:00007f21cdf99c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 41.862436] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 41.869695] RDX: 000000000000eb7c RSI: 0000000000000006 RDI: 0000000020000040 [ 41.876952] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 41.884207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21cdf9a6d4 [ 41.891481] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 41.899914] Kernel Offset: disabled [ 41.903542] Rebooting in 86400 seconds..