[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.415910] kauditd_printk_skb: 8 callbacks suppressed [ 28.415922] audit: type=1800 audit(1541550892.347:29): pid=5567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.439928] audit: type=1800 audit(1541550892.347:30): pid=5567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.503787] sshd (5708) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. 2018/11/07 00:35:17 parsed 1 programs 2018/11/07 00:35:18 executed programs: 0 [ 55.034287] IPVS: ftp: loaded support on port[0] = 21 [ 55.291573] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.298553] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.305867] device bridge_slave_0 entered promiscuous mode [ 55.324633] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.331033] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.337989] device bridge_slave_1 entered promiscuous mode [ 55.356168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.374569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.425219] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.445552] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.521919] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.529510] team0: Port device team_slave_0 added [ 55.546179] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.553358] team0: Port device team_slave_1 added [ 55.571629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.590616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.609706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.628599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.776606] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.783134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.789967] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.796346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.325202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.378426] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.433306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.439432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.447345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.501107] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/07 00:35:24 executed programs: 15 2018/11/07 00:35:29 executed programs: 39 2018/11/07 00:35:34 executed programs: 64 2018/11/07 00:35:39 executed programs: 87 2018/11/07 00:35:44 executed programs: 113 2018/11/07 00:35:49 executed programs: 144 2018/11/07 00:35:54 executed programs: 173 2018/11/07 00:35:59 executed programs: 198 2018/11/07 00:36:05 executed programs: 224 2018/11/07 00:36:10 executed programs: 257 2018/11/07 00:36:15 executed programs: 283 2018/11/07 00:36:20 executed programs: 306 2018/11/07 00:36:25 executed programs: 329 [ 121.536495] vivid-000: kernel_thread() failed [ 121.561703] ================================================================== [ 121.569202] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 121.575523] Write of size 4 at addr 000000000000001c by task syz-executor0/7313 [ 121.582951] [ 121.584565] CPU: 0 PID: 7313 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #101 [ 121.591883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.601249] Call Trace: [ 121.603873] dump_stack+0x244/0x39d [ 121.607517] ? dump_stack_print_info.cold.1+0x20/0x20 [ 121.612711] ? vprintk_func+0x85/0x181 [ 121.616625] kasan_report.cold.8+0x6d/0x309 [ 121.620956] ? kthread_stop+0x10d/0x900 [ 121.624945] check_memory_region+0x13e/0x1b0 [ 121.629342] kasan_check_write+0x14/0x20 [ 121.633390] kthread_stop+0x10d/0x900 [ 121.637183] ? kthread_unpark+0x160/0x160 [ 121.641325] ? __lock_is_held+0xb5/0x140 [ 121.645382] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 121.650666] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 121.656418] ? _vb2_fop_release+0x3f/0x2b0 [ 121.660645] ? mutex_trylock+0x2b0/0x2b0 [ 121.664703] ? vivid_fop_release+0x66/0x440 [ 121.669023] ? __mutex_lock+0x85e/0x16f0 [ 121.673081] vid_cap_stop_streaming+0x8d/0xe0 [ 121.677669] ? vid_cap_buf_queue+0x310/0x310 [ 121.682065] __vb2_queue_cancel+0x171/0xd20 [ 121.686390] ? lock_downgrade+0x900/0x900 [ 121.690529] ? vb2_buffer_done+0xb90/0xb90 [ 121.694821] ? find_held_lock+0x36/0x1c0 [ 121.698877] ? mark_held_locks+0xc7/0x130 [ 121.703121] ? kasan_check_write+0x14/0x20 [ 121.707349] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 121.712269] ? kasan_check_read+0x11/0x20 [ 121.716406] ? wait_for_completion+0x8a0/0x8a0 [ 121.720979] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.726080] ? vfs_lock_file+0xe0/0xe0 [ 121.729960] vb2_core_streamoff+0x60/0x140 [ 121.734186] __vb2_cleanup_fileio+0x73/0x160 [ 121.738585] vb2_core_queue_release+0x1e/0x80 [ 121.743069] _vb2_fop_release+0x1d2/0x2b0 [ 121.747217] vb2_fop_release+0x77/0xc0 [ 121.751098] vivid_fop_release+0x18e/0x440 [ 121.755319] ? vivid_remove+0x460/0x460 [ 121.759279] v4l2_release+0x224/0x3a0 [ 121.763074] ? dev_debug_store+0x140/0x140 [ 121.767297] __fput+0x385/0xa30 [ 121.770566] ? get_max_files+0x20/0x20 [ 121.774440] ? trace_hardirqs_on+0xbd/0x310 [ 121.778746] ? kasan_check_read+0x11/0x20 [ 121.782941] ? task_work_run+0x1af/0x2a0 [ 121.787046] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.792142] ? filp_close+0x1cd/0x250 [ 121.795931] ____fput+0x15/0x20 [ 121.799196] task_work_run+0x1e8/0x2a0 [ 121.803076] ? task_work_cancel+0x240/0x240 [ 121.807414] ? copy_fd_bitmaps+0x210/0x210 [ 121.811637] ? do_syscall_64+0x9a/0x820 [ 121.815605] exit_to_usermode_loop+0x318/0x380 [ 121.820173] ? __bpf_trace_sys_exit+0x30/0x30 [ 121.824670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.830205] do_syscall_64+0x6be/0x820 [ 121.834086] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 121.839495] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.844424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.849253] ? trace_hardirqs_on_caller+0x310/0x310 [ 121.854303] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.859313] ? prepare_exit_to_usermode+0x291/0x3b0 [ 121.864318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.869152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.874325] RIP: 0033:0x411021 [ 121.877517] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 121.896421] RSP: 002b:00007ffde01e8f70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 121.904159] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021 [ 121.911469] RDX: 0000000000000000 RSI: 0000000000730200 RDI: 0000000000000003 [ 121.918792] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 121.926098] R10: 00007ffde01e8e90 R11: 0000000000000293 R12: 0000000000000000 [ 121.933364] R13: 0000000000000001 R14: 000000000000014d R15: 0000000000000000 [ 121.940639] ================================================================== [ 121.948022] Disabling lock debugging due to kernel taint [ 121.954322] Kernel panic - not syncing: panic_on_warn set ... [ 121.960205] CPU: 0 PID: 7313 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #101 [ 121.968850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.978243] Call Trace: [ 121.980848] dump_stack+0x244/0x39d [ 121.984460] ? dump_stack_print_info.cold.1+0x20/0x20 [ 121.989754] panic+0x2ad/0x55c [ 121.992933] ? add_taint.cold.5+0x16/0x16 [ 121.997067] ? preempt_schedule+0x4d/0x60 [ 122.001198] ? ___preempt_schedule+0x16/0x18 [ 122.005604] ? trace_hardirqs_on+0xb4/0x310 [ 122.010155] kasan_end_report+0x47/0x4f [ 122.014173] kasan_report.cold.8+0x76/0x309 [ 122.018484] ? kthread_stop+0x10d/0x900 [ 122.022454] check_memory_region+0x13e/0x1b0 [ 122.026858] kasan_check_write+0x14/0x20 [ 122.030905] kthread_stop+0x10d/0x900 [ 122.034713] ? kthread_unpark+0x160/0x160 [ 122.038854] ? __lock_is_held+0xb5/0x140 [ 122.042911] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 122.048354] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 122.053886] ? _vb2_fop_release+0x3f/0x2b0 [ 122.058120] ? mutex_trylock+0x2b0/0x2b0 [ 122.062173] ? vivid_fop_release+0x66/0x440 [ 122.066484] ? __mutex_lock+0x85e/0x16f0 [ 122.070545] vid_cap_stop_streaming+0x8d/0xe0 [ 122.075038] ? vid_cap_buf_queue+0x310/0x310 [ 122.079546] __vb2_queue_cancel+0x171/0xd20 [ 122.083864] ? lock_downgrade+0x900/0x900 [ 122.088007] ? vb2_buffer_done+0xb90/0xb90 [ 122.092291] ? find_held_lock+0x36/0x1c0 [ 122.096357] ? mark_held_locks+0xc7/0x130 [ 122.100503] ? kasan_check_write+0x14/0x20 [ 122.104739] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 122.109675] ? kasan_check_read+0x11/0x20 [ 122.113816] ? wait_for_completion+0x8a0/0x8a0 [ 122.118400] ? trace_hardirqs_off_caller+0x310/0x310 [ 122.123649] ? vfs_lock_file+0xe0/0xe0 [ 122.127557] vb2_core_streamoff+0x60/0x140 [ 122.131796] __vb2_cleanup_fileio+0x73/0x160 [ 122.136260] vb2_core_queue_release+0x1e/0x80 [ 122.140759] _vb2_fop_release+0x1d2/0x2b0 [ 122.144892] vb2_fop_release+0x77/0xc0 [ 122.148765] vivid_fop_release+0x18e/0x440 [ 122.152986] ? vivid_remove+0x460/0x460 [ 122.157074] v4l2_release+0x224/0x3a0 [ 122.160860] ? dev_debug_store+0x140/0x140 [ 122.165084] __fput+0x385/0xa30 [ 122.168360] ? get_max_files+0x20/0x20 [ 122.172241] ? trace_hardirqs_on+0xbd/0x310 [ 122.176559] ? kasan_check_read+0x11/0x20 [ 122.180701] ? task_work_run+0x1af/0x2a0 [ 122.184752] ? trace_hardirqs_off_caller+0x310/0x310 [ 122.189851] ? filp_close+0x1cd/0x250 [ 122.193646] ____fput+0x15/0x20 [ 122.196917] task_work_run+0x1e8/0x2a0 [ 122.200791] ? task_work_cancel+0x240/0x240 [ 122.205107] ? copy_fd_bitmaps+0x210/0x210 [ 122.209334] ? do_syscall_64+0x9a/0x820 [ 122.213304] exit_to_usermode_loop+0x318/0x380 [ 122.217877] ? __bpf_trace_sys_exit+0x30/0x30 [ 122.222358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.227989] do_syscall_64+0x6be/0x820 [ 122.231891] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 122.237257] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.242183] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.247125] ? trace_hardirqs_on_caller+0x310/0x310 [ 122.252131] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 122.257138] ? prepare_exit_to_usermode+0x291/0x3b0 [ 122.262149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.266983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.272161] RIP: 0033:0x411021 [ 122.275345] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 122.294403] RSP: 002b:00007ffde01e8f70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 122.302109] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000411021 [ 122.309384] RDX: 0000000000000000 RSI: 0000000000730200 RDI: 0000000000000003 [ 122.316686] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 122.323946] R10: 00007ffde01e8e90 R11: 0000000000000293 R12: 0000000000000000 [ 122.331274] R13: 0000000000000001 R14: 000000000000014d R15: 0000000000000000 [ 122.339419] Kernel Offset: disabled [ 122.343046] Rebooting in 86400 seconds..