[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.130264] kauditd_printk_skb: 8 callbacks suppressed [ 28.130276] audit: type=1800 audit(1541804959.986:29): pid=5575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.157367] audit: type=1800 audit(1541804959.996:30): pid=5575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.096115] sshd (5716) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. 2018/11/09 23:09:49 parsed 1 programs 2018/11/09 23:09:51 executed programs: 0 [ 59.612583] IPVS: ftp: loaded support on port[0] = 21 [ 59.874011] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.880861] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.888276] device bridge_slave_0 entered promiscuous mode [ 59.906934] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.913785] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.920667] device bridge_slave_1 entered promiscuous mode [ 59.937981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.955932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.007828] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.027900] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.108244] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.115768] team0: Port device team_slave_0 added [ 60.133239] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.140378] team0: Port device team_slave_1 added [ 60.158951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.178796] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.198384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.217650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.368238] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.374701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.381476] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.387883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.919861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.971212] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.025646] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 61.031787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.039963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.090383] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/09 23:09:56 executed programs: 20 2018/11/09 23:10:01 executed programs: 44 2018/11/09 23:10:06 executed programs: 72 2018/11/09 23:10:11 executed programs: 95 2018/11/09 23:10:16 executed programs: 121 2018/11/09 23:10:21 executed programs: 145 2018/11/09 23:10:27 executed programs: 172 2018/11/09 23:10:32 executed programs: 196 2018/11/09 23:10:37 executed programs: 219 2018/11/09 23:10:42 executed programs: 245 2018/11/09 23:10:47 executed programs: 271 2018/11/09 23:10:52 executed programs: 296 2018/11/09 23:10:57 executed programs: 319 2018/11/09 23:11:02 executed programs: 342 [ 132.197032] vivid-000: kernel_thread() failed [ 132.240491] ================================================================== [ 132.247928] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 132.254229] Write of size 4 at addr 000000000000001c by task syz-executor0/7400 [ 132.261661] [ 132.263292] CPU: 1 PID: 7400 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #231 [ 132.270551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.279885] Call Trace: [ 132.282462] dump_stack+0x244/0x39d [ 132.286078] ? dump_stack_print_info.cold.1+0x20/0x20 [ 132.291255] ? vprintk_func+0x85/0x181 [ 132.295137] kasan_report.cold.8+0x6d/0x309 [ 132.299442] ? kthread_stop+0x10d/0x900 [ 132.303418] check_memory_region+0x13e/0x1b0 [ 132.307871] kasan_check_write+0x14/0x20 [ 132.311924] kthread_stop+0x10d/0x900 [ 132.315721] ? kthread_unpark+0x160/0x160 [ 132.319857] ? __lock_is_held+0xb5/0x140 [ 132.323910] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 132.329173] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 132.334694] ? _vb2_fop_release+0x3f/0x2b0 [ 132.339027] ? mutex_trylock+0x2b0/0x2b0 [ 132.343076] ? vivid_fop_release+0x66/0x440 [ 132.347382] ? __mutex_lock+0x85e/0x16f0 [ 132.351552] vid_cap_stop_streaming+0x8d/0xe0 [ 132.356033] ? vid_cap_buf_queue+0x310/0x310 [ 132.360439] __vb2_queue_cancel+0x171/0xd20 [ 132.364758] ? lock_downgrade+0x900/0x900 [ 132.368891] ? vb2_buffer_done+0xb90/0xb90 [ 132.373115] ? find_held_lock+0x36/0x1c0 [ 132.377168] ? mark_held_locks+0xc7/0x130 [ 132.381308] ? kasan_check_write+0x14/0x20 [ 132.385528] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 132.390456] ? kasan_check_read+0x11/0x20 [ 132.394591] ? wait_for_completion+0x8a0/0x8a0 [ 132.399157] ? trace_hardirqs_off_caller+0x310/0x310 [ 132.404244] ? vfs_lock_file+0xe0/0xe0 [ 132.408117] vb2_core_streamoff+0x60/0x140 [ 132.412332] __vb2_cleanup_fileio+0x73/0x160 [ 132.416726] vb2_core_queue_release+0x1e/0x80 [ 132.421213] _vb2_fop_release+0x1d2/0x2b0 [ 132.425349] vb2_fop_release+0x77/0xc0 [ 132.429224] vivid_fop_release+0x18e/0x440 [ 132.433444] ? vivid_remove+0x460/0x460 [ 132.437397] v4l2_release+0x224/0x3a0 [ 132.441182] ? dev_debug_store+0x140/0x140 [ 132.445400] __fput+0x385/0xa30 [ 132.448685] ? get_max_files+0x20/0x20 [ 132.452707] ? trace_hardirqs_on+0xbd/0x310 [ 132.457014] ? kasan_check_read+0x11/0x20 [ 132.461256] ? task_work_run+0x1af/0x2a0 [ 132.465406] ? trace_hardirqs_off_caller+0x310/0x310 [ 132.470505] ? filp_close+0x1cd/0x250 [ 132.474298] ____fput+0x15/0x20 [ 132.477564] task_work_run+0x1e8/0x2a0 [ 132.481436] ? task_work_cancel+0x240/0x240 [ 132.485742] ? copy_fd_bitmaps+0x210/0x210 [ 132.490043] ? do_fast_syscall_32+0x150/0xfb2 [ 132.494544] exit_to_usermode_loop+0x318/0x380 [ 132.499112] ? __bpf_trace_sys_exit+0x30/0x30 [ 132.503592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.509112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.514678] do_fast_syscall_32+0xcd5/0xfb2 [ 132.519048] ? do_int80_syscall_32+0x890/0x890 [ 132.523625] ? entry_SYSENTER_compat+0x68/0x7f [ 132.528194] ? trace_hardirqs_off_caller+0xbb/0x310 [ 132.533199] ? do_syscall_64+0x820/0x820 [ 132.537243] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.542068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.546894] ? trace_hardirqs_on_caller+0x310/0x310 [ 132.551894] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 132.556963] ? prepare_exit_to_usermode+0x291/0x3b0 [ 132.561977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.566809] entry_SYSENTER_compat+0x70/0x7f [ 132.571204] RIP: 0023:0xf7f33a29 [ 132.574597] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 132.593525] RSP: 002b:000000000845fdac EFLAGS: 00000216 ORIG_RAX: 0000000000000006 [ 132.601333] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 132.608587] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.615910] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 132.623187] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 132.630440] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.637699] ================================================================== [ 132.645091] Disabling lock debugging due to kernel taint [ 132.651639] Kernel panic - not syncing: panic_on_warn set ... [ 132.657521] CPU: 1 PID: 7400 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #231 [ 132.666159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.675494] Call Trace: [ 132.678081] dump_stack+0x244/0x39d [ 132.681690] ? dump_stack_print_info.cold.1+0x20/0x20 [ 132.686877] panic+0x2ad/0x55c [ 132.690049] ? add_taint.cold.5+0x16/0x16 [ 132.694183] ? preempt_schedule+0x4d/0x60 [ 132.698315] ? ___preempt_schedule+0x16/0x18 [ 132.702724] ? trace_hardirqs_on+0xb4/0x310 [ 132.707209] kasan_end_report+0x47/0x4f [ 132.711190] kasan_report.cold.8+0x76/0x309 [ 132.715505] ? kthread_stop+0x10d/0x900 [ 132.719473] check_memory_region+0x13e/0x1b0 [ 132.723872] kasan_check_write+0x14/0x20 [ 132.727923] kthread_stop+0x10d/0x900 [ 132.731712] ? kthread_unpark+0x160/0x160 [ 132.735960] ? __lock_is_held+0xb5/0x140 [ 132.740044] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 132.745320] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 132.750847] ? _vb2_fop_release+0x3f/0x2b0 [ 132.755094] ? mutex_trylock+0x2b0/0x2b0 [ 132.759158] ? vivid_fop_release+0x66/0x440 [ 132.763566] ? __mutex_lock+0x85e/0x16f0 [ 132.767675] vid_cap_stop_streaming+0x8d/0xe0 [ 132.772171] ? vid_cap_buf_queue+0x310/0x310 [ 132.776574] __vb2_queue_cancel+0x171/0xd20 [ 132.780886] ? lock_downgrade+0x900/0x900 [ 132.785023] ? vb2_buffer_done+0xb90/0xb90 [ 132.789248] ? find_held_lock+0x36/0x1c0 [ 132.793315] ? mark_held_locks+0xc7/0x130 [ 132.797480] ? kasan_check_write+0x14/0x20 [ 132.801766] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 132.806685] ? kasan_check_read+0x11/0x20 [ 132.810815] ? wait_for_completion+0x8a0/0x8a0 [ 132.815384] ? trace_hardirqs_off_caller+0x310/0x310 [ 132.820474] ? vfs_lock_file+0xe0/0xe0 [ 132.824351] vb2_core_streamoff+0x60/0x140 [ 132.828572] __vb2_cleanup_fileio+0x73/0x160 [ 132.832965] vb2_core_queue_release+0x1e/0x80 [ 132.837445] _vb2_fop_release+0x1d2/0x2b0 [ 132.841578] vb2_fop_release+0x77/0xc0 [ 132.845457] vivid_fop_release+0x18e/0x440 [ 132.849682] ? vivid_remove+0x460/0x460 [ 132.853645] v4l2_release+0x224/0x3a0 [ 132.857533] ? dev_debug_store+0x140/0x140 [ 132.861758] __fput+0x385/0xa30 [ 132.865035] ? get_max_files+0x20/0x20 [ 132.868908] ? trace_hardirqs_on+0xbd/0x310 [ 132.873218] ? kasan_check_read+0x11/0x20 [ 132.877353] ? task_work_run+0x1af/0x2a0 [ 132.881404] ? trace_hardirqs_off_caller+0x310/0x310 [ 132.886500] ? filp_close+0x1cd/0x250 [ 132.890305] ____fput+0x15/0x20 [ 132.893578] task_work_run+0x1e8/0x2a0 [ 132.897467] ? task_work_cancel+0x240/0x240 [ 132.901781] ? copy_fd_bitmaps+0x210/0x210 [ 132.906009] ? do_fast_syscall_32+0x150/0xfb2 [ 132.910602] exit_to_usermode_loop+0x318/0x380 [ 132.915175] ? __bpf_trace_sys_exit+0x30/0x30 [ 132.919658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.925181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.930704] do_fast_syscall_32+0xcd5/0xfb2 [ 132.935024] ? do_int80_syscall_32+0x890/0x890 [ 132.939591] ? entry_SYSENTER_compat+0x68/0x7f [ 132.944160] ? trace_hardirqs_off_caller+0xbb/0x310 [ 132.949163] ? do_syscall_64+0x820/0x820 [ 132.953208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.958033] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.962865] ? trace_hardirqs_on_caller+0x310/0x310 [ 132.967867] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 132.972874] ? prepare_exit_to_usermode+0x291/0x3b0 [ 132.977880] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.982717] entry_SYSENTER_compat+0x70/0x7f [ 132.987110] RIP: 0023:0xf7f33a29 [ 132.990468] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 133.009357] RSP: 002b:000000000845fdac EFLAGS: 00000216 ORIG_RAX: 0000000000000006 [ 133.017063] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 133.024314] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.031577] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 133.038837] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 133.046090] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.054300] Kernel Offset: disabled [ 133.057924] Rebooting in 86400 seconds..