[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 28.912352] kauditd_printk_skb: 8 callbacks suppressed [ 28.912363] audit: type=1800 audit(1541541888.842:33): pid=5582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.946495] audit: type=1800 audit(1541541888.842:34): pid=5582 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.576633] audit: type=1400 audit(1541541914.502:35): avc: denied { map } for pid=5761 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. [ 61.342260] audit: type=1400 audit(1541541921.272:36): avc: denied { map } for pid=5773 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/06 22:05:21 parsed 1 programs [ 61.884917] audit: type=1400 audit(1541541921.812:37): avc: denied { map } for pid=5773 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=72 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/11/06 22:05:23 executed programs: 0 [ 63.459245] IPVS: ftp: loaded support on port[0] = 21 [ 63.703646] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.710417] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.717780] device bridge_slave_0 entered promiscuous mode [ 63.735937] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.742337] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.749183] device bridge_slave_1 entered promiscuous mode [ 63.767379] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 63.784962] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 63.833677] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.853901] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.927279] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.934752] team0: Port device team_slave_0 added [ 63.951980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.959031] team0: Port device team_slave_1 added [ 63.976276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.998917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.017799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.036675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.178286] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.184739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.191760] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.198100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.694793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.745548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.796197] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.802415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.809684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.860449] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.134737] audit: type=1400 audit(1541541925.062:38): avc: denied { associate } for pid=5786 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 65.193526] audit: type=1800 audit(1541541925.122:39): pid=6044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.219902] audit: type=1800 audit(1541541925.142:40): pid=6046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.262772] audit: type=1800 audit(1541541925.192:41): pid=6048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.286899] audit: type=1800 audit(1541541925.212:42): pid=6051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.324256] audit: type=1800 audit(1541541925.252:43): pid=6054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.347687] audit: type=1800 audit(1541541925.272:44): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 65.386232] audit: type=1800 audit(1541541925.312:45): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.361016] kauditd_printk_skb: 65 callbacks suppressed [ 66.361029] audit: type=1800 audit(1541541926.282:111): pid=6239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.389528] audit: type=1800 audit(1541541926.302:112): pid=6241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.420382] audit: type=1800 audit(1541541926.342:113): pid=6243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.443074] audit: type=1800 audit(1541541926.362:114): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.475122] audit: type=1800 audit(1541541926.402:115): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.497787] audit: type=1800 audit(1541541926.412:116): pid=6251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.531829] audit: type=1800 audit(1541541926.452:117): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.555306] audit: type=1800 audit(1541541926.472:118): pid=6256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.586883] audit: type=1800 audit(1541541926.512:119): pid=6258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 [ 66.609546] audit: type=1800 audit(1541541926.532:120): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor0" name="media0" dev="sda1" ino=16494 res=0 2018/11/06 22:05:28 executed programs: 83 [ 68.667480] vivid-000: kernel_thread() failed [ 68.693290] ================================================================== [ 68.700733] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 68.707031] Write of size 4 at addr 000000000000001c by task syz-executor0/6514 [ 68.714457] [ 68.716073] CPU: 1 PID: 6514 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #102 [ 68.723325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.732656] Call Trace: [ 68.735230] dump_stack+0x244/0x39d [ 68.738841] ? dump_stack_print_info.cold.1+0x20/0x20 [ 68.744020] ? vprintk_func+0x85/0x181 [ 68.747909] kasan_report.cold.8+0x6d/0x309 [ 68.752215] ? kthread_stop+0x10d/0x900 [ 68.756173] check_memory_region+0x13e/0x1b0 [ 68.760563] kasan_check_write+0x14/0x20 [ 68.764607] kthread_stop+0x10d/0x900 [ 68.768393] ? kthread_unpark+0x160/0x160 [ 68.772538] ? __lock_is_held+0xb5/0x140 [ 68.776601] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 68.781866] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 68.787384] ? _vb2_fop_release+0x3f/0x2b0 [ 68.791609] ? mutex_trylock+0x2b0/0x2b0 [ 68.795651] ? vivid_fop_release+0x66/0x440 [ 68.799953] ? __mutex_lock+0x85e/0x16f0 [ 68.804024] vid_cap_stop_streaming+0x8d/0xe0 [ 68.808509] ? vid_cap_buf_queue+0x310/0x310 [ 68.812902] __vb2_queue_cancel+0x171/0xd20 [ 68.817211] ? lock_downgrade+0x900/0x900 [ 68.821345] ? vb2_buffer_done+0xb90/0xb90 [ 68.825571] ? find_held_lock+0x36/0x1c0 [ 68.829708] ? mark_held_locks+0xc7/0x130 [ 68.833844] ? kasan_check_write+0x14/0x20 [ 68.838066] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 68.842977] ? kasan_check_read+0x11/0x20 [ 68.847108] ? wait_for_completion+0x8a0/0x8a0 [ 68.851674] ? trace_hardirqs_off_caller+0x310/0x310 [ 68.856761] ? vfs_lock_file+0xe0/0xe0 [ 68.860636] vb2_core_streamoff+0x60/0x140 [ 68.864857] __vb2_cleanup_fileio+0x73/0x160 [ 68.869248] vb2_core_queue_release+0x1e/0x80 [ 68.873726] _vb2_fop_release+0x1d2/0x2b0 [ 68.877869] vb2_fop_release+0x77/0xc0 [ 68.881739] vivid_fop_release+0x18e/0x440 [ 68.885955] ? vivid_remove+0x460/0x460 [ 68.889913] v4l2_release+0x224/0x3a0 [ 68.893698] ? dev_debug_store+0x140/0x140 [ 68.897916] __fput+0x385/0xa30 [ 68.901183] ? get_max_files+0x20/0x20 [ 68.905059] ? trace_hardirqs_on+0xbd/0x310 [ 68.909360] ? kasan_check_read+0x11/0x20 [ 68.913491] ? task_work_run+0x1af/0x2a0 [ 68.917537] ? trace_hardirqs_off_caller+0x310/0x310 [ 68.922620] ? filp_close+0x1cd/0x250 [ 68.926405] ____fput+0x15/0x20 [ 68.929664] task_work_run+0x1e8/0x2a0 [ 68.933542] ? task_work_cancel+0x240/0x240 [ 68.937853] ? copy_fd_bitmaps+0x210/0x210 [ 68.942070] ? do_syscall_64+0x9a/0x820 [ 68.946027] exit_to_usermode_loop+0x318/0x380 [ 68.950607] ? __bpf_trace_sys_exit+0x30/0x30 [ 68.955090] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.960614] do_syscall_64+0x6be/0x820 [ 68.964485] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 68.969833] ? syscall_return_slowpath+0x5e0/0x5e0 [ 68.974742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 68.979566] ? trace_hardirqs_on_caller+0x310/0x310 [ 68.984564] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 68.989575] ? prepare_exit_to_usermode+0x291/0x3b0 [ 68.994578] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 68.999422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.004593] RIP: 0033:0x411021 [ 69.007768] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 69.026658] RSP: 002b:00007fffb0b148b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 69.034347] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411021 [ 69.041598] RDX: 0000000000000000 RSI: 00000000007313a8 RDI: 0000000000000004 [ 69.048850] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.056102] R10: 00007fffb0b147d0 R11: 0000000000000293 R12: 0000000000000000 [ 69.063355] R13: 0000000000000001 R14: 0000000000000058 R15: 0000000000000000 [ 69.070630] ================================================================== [ 69.077964] Disabling lock debugging due to kernel taint [ 69.083818] Kernel panic - not syncing: panic_on_warn set ... [ 69.089712] CPU: 1 PID: 6514 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #102 [ 69.098370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.107725] Call Trace: [ 69.110305] dump_stack+0x244/0x39d [ 69.113930] ? dump_stack_print_info.cold.1+0x20/0x20 [ 69.119122] panic+0x2ad/0x55c [ 69.122299] ? add_taint.cold.5+0x16/0x16 [ 69.126430] ? preempt_schedule+0x4d/0x60 [ 69.130560] ? ___preempt_schedule+0x16/0x18 [ 69.134959] ? trace_hardirqs_on+0xb4/0x310 [ 69.139273] kasan_end_report+0x47/0x4f [ 69.143230] kasan_report.cold.8+0x76/0x309 [ 69.147534] ? kthread_stop+0x10d/0x900 [ 69.151501] check_memory_region+0x13e/0x1b0 [ 69.155899] kasan_check_write+0x14/0x20 [ 69.159953] kthread_stop+0x10d/0x900 [ 69.163735] ? kthread_unpark+0x160/0x160 [ 69.167874] ? __lock_is_held+0xb5/0x140 [ 69.171925] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 69.177187] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 69.182723] ? _vb2_fop_release+0x3f/0x2b0 [ 69.186945] ? mutex_trylock+0x2b0/0x2b0 [ 69.190987] ? vivid_fop_release+0x66/0x440 [ 69.195290] ? __mutex_lock+0x85e/0x16f0 [ 69.199346] vid_cap_stop_streaming+0x8d/0xe0 [ 69.203827] ? vid_cap_buf_queue+0x310/0x310 [ 69.208218] __vb2_queue_cancel+0x171/0xd20 [ 69.212526] ? lock_downgrade+0x900/0x900 [ 69.216658] ? vb2_buffer_done+0xb90/0xb90 [ 69.220880] ? find_held_lock+0x36/0x1c0 [ 69.224924] ? mark_held_locks+0xc7/0x130 [ 69.229056] ? kasan_check_write+0x14/0x20 [ 69.233276] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 69.238187] ? kasan_check_read+0x11/0x20 [ 69.242318] ? wait_for_completion+0x8a0/0x8a0 [ 69.246880] ? trace_hardirqs_off_caller+0x310/0x310 [ 69.251964] ? vfs_lock_file+0xe0/0xe0 [ 69.255837] vb2_core_streamoff+0x60/0x140 [ 69.260063] __vb2_cleanup_fileio+0x73/0x160 [ 69.264458] vb2_core_queue_release+0x1e/0x80 [ 69.268933] _vb2_fop_release+0x1d2/0x2b0 [ 69.273073] vb2_fop_release+0x77/0xc0 [ 69.276950] vivid_fop_release+0x18e/0x440 [ 69.281169] ? vivid_remove+0x460/0x460 [ 69.285127] v4l2_release+0x224/0x3a0 [ 69.288911] ? dev_debug_store+0x140/0x140 [ 69.293128] __fput+0x385/0xa30 [ 69.296391] ? get_max_files+0x20/0x20 [ 69.300261] ? trace_hardirqs_on+0xbd/0x310 [ 69.304566] ? kasan_check_read+0x11/0x20 [ 69.308707] ? task_work_run+0x1af/0x2a0 [ 69.312752] ? trace_hardirqs_off_caller+0x310/0x310 [ 69.317848] ? filp_close+0x1cd/0x250 [ 69.321631] ____fput+0x15/0x20 [ 69.324891] task_work_run+0x1e8/0x2a0 [ 69.328775] ? task_work_cancel+0x240/0x240 [ 69.333085] ? copy_fd_bitmaps+0x210/0x210 [ 69.337315] ? do_syscall_64+0x9a/0x820 [ 69.341273] exit_to_usermode_loop+0x318/0x380 [ 69.345841] ? __bpf_trace_sys_exit+0x30/0x30 [ 69.350322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.355845] do_syscall_64+0x6be/0x820 [ 69.359717] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 69.365063] ? syscall_return_slowpath+0x5e0/0x5e0 [ 69.369972] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.374797] ? trace_hardirqs_on_caller+0x310/0x310 [ 69.379797] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 69.384793] ? prepare_exit_to_usermode+0x291/0x3b0 [ 69.389793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.394621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.399788] RIP: 0033:0x411021 [ 69.402966] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 69.421846] RSP: 002b:00007fffb0b148b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 69.429537] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411021 [ 69.436788] RDX: 0000000000000000 RSI: 00000000007313a8 RDI: 0000000000000004 [ 69.444049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 69.451304] R10: 00007fffb0b147d0 R11: 0000000000000293 R12: 0000000000000000 [ 69.458552] R13: 0000000000000001 R14: 0000000000000058 R15: 0000000000000000 [ 69.466804] Kernel Offset: disabled [ 69.470426] Rebooting in 86400 seconds..