[info] Using makefile-style concurrent boot in runlevel 2. [ 25.176634] audit: type=1800 audit(1540797382.958:21): pid=5532 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. 2018/10/29 07:16:51 parsed 1 programs 2018/10/29 07:16:53 executed programs: 0 syzkaller login: [ 55.347063] IPVS: ftp: loaded support on port[0] = 21 [ 55.352776] IPVS: ftp: loaded support on port[0] = 21 [ 55.353160] IPVS: ftp: loaded support on port[0] = 21 [ 55.361867] IPVS: ftp: loaded support on port[0] = 21 [ 55.370273] IPVS: ftp: loaded support on port[0] = 21 [ 55.373046] IPVS: ftp: loaded support on port[0] = 21 [ 56.180084] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.187345] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.195487] device bridge_slave_0 entered promiscuous mode [ 56.211993] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.218454] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.225368] device bridge_slave_0 entered promiscuous mode [ 56.237029] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.244579] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.252199] device bridge_slave_1 entered promiscuous mode [ 56.276529] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.290800] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.299258] device bridge_slave_1 entered promiscuous mode [ 56.307037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.318204] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.324541] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.333355] device bridge_slave_0 entered promiscuous mode [ 56.342105] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.351653] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.358875] device bridge_slave_0 entered promiscuous mode [ 56.365714] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.373565] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.380644] device bridge_slave_0 entered promiscuous mode [ 56.389599] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.395959] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.403138] device bridge_slave_0 entered promiscuous mode [ 56.411388] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.421655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.431560] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.441917] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.449703] device bridge_slave_1 entered promiscuous mode [ 56.455954] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.462918] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.473505] device bridge_slave_1 entered promiscuous mode [ 56.480017] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.486362] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.493584] device bridge_slave_1 entered promiscuous mode [ 56.507250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.518461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.527718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.535212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.554641] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.561741] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.569045] device bridge_slave_1 entered promiscuous mode [ 56.576548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.587070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.602907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.636432] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.652227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.694204] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.750828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.792583] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.834283] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.875235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.885551] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.906081] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.942916] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.954855] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.968462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.998933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.025367] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.035866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.049197] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.057936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.066933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.077560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.097096] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.105643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.127551] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.141863] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.153509] team0: Port device team_slave_0 added [ 57.161230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.177162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.189194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.197331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.208187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.215359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.226092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.237422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.248545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.265633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.274636] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.281862] team0: Port device team_slave_1 added [ 57.362712] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.376316] team0: Port device team_slave_0 added [ 57.413019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.447946] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.455340] team0: Port device team_slave_1 added [ 57.476363] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.498704] team0: Port device team_slave_0 added [ 57.505431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.528402] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.535799] team0: Port device team_slave_0 added [ 57.556394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.573287] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.581128] team0: Port device team_slave_1 added [ 57.586650] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.595134] team0: Port device team_slave_0 added [ 57.601020] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.611227] team0: Port device team_slave_0 added [ 57.617028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.635639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.644031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.659883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.668788] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.675903] team0: Port device team_slave_1 added [ 57.684658] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.696112] team0: Port device team_slave_1 added [ 57.712107] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.721307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.730268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.739137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.751030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.760192] team0: Port device team_slave_1 added [ 57.768428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.786968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.805003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.820991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.831348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.854216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.864490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.879028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.896477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.906835] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.916736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.924745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.937055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.945803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.954588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.963574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.971757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.982175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.992691] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.010825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.023714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.039795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.048826] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.066532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.074611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.082662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.092733] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.102402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.112620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.131566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.146404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.155026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.166840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.184393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.192812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.212377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.228377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.236320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.302365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.315697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.326423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.737734] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.744233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.751230] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.757634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.770011] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.849651] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.856043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.862753] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.869172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.885080] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.897877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.905354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.973380] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.979831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.986491] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.992916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.005819] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.020321] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.026696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.033412] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.039844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.048948] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.062115] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.068522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.075197] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.081628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.090377] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.102114] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.108522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.115168] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.121681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.151787] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.948670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.955925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.968644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.975844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.644499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.754097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.805795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.829036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.873278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.895790] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.948204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.037041] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.062786] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.120988] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.170193] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.185371] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.194643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.207271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.225509] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.324386] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.337766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.346755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.379699] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.385890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.403127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.418549] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.429345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.436482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.457314] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.465051] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.488573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.495701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.539219] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 62.549876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.556984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.593432] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.699068] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.764411] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.796615] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.817896] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/29 07:17:02 executed programs: 6 [ 64.378648] vivid-000: kernel_thread() failed [ 64.685572] ================================================================== [ 64.693170] BUG: KASAN: null-ptr-deref in kthread_stop+0x108/0x8f0 [ 64.699506] Write of size 4 at addr 000000000000001c by task syz-executor3/7274 [ 64.706950] [ 64.708568] CPU: 1 PID: 7274 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181019+ #99 [ 64.716957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.726311] Call Trace: [ 64.728893] dump_stack+0x244/0x39d [ 64.732514] ? dump_stack_print_info.cold.1+0x20/0x20 [ 64.737705] ? vprintk_func+0x85/0x181 [ 64.741596] kasan_report.cold.8+0x6d/0x309 [ 64.745913] ? kthread_stop+0x108/0x8f0 [ 64.749883] check_memory_region+0x13e/0x1b0 [ 64.754320] kasan_check_write+0x14/0x20 [ 64.758387] kthread_stop+0x108/0x8f0 [ 64.762196] ? kthread_unpark+0x160/0x160 [ 64.766350] ? __lock_is_held+0xb5/0x140 [ 64.770419] vivid_stop_generating_vid_cap+0x2bc/0x93b [ 64.775714] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 64.781259] ? _vb2_fop_release+0x3f/0x2b0 [ 64.785491] ? mutex_trylock+0x2b0/0x2b0 [ 64.789550] ? vivid_fop_release+0x66/0x440 [ 64.793885] vid_cap_stop_streaming+0x8d/0xe0 [ 64.798368] ? vid_cap_buf_queue+0x310/0x310 [ 64.802766] __vb2_queue_cancel+0x171/0xca0 [ 64.807086] ? lock_downgrade+0x900/0x900 [ 64.811233] ? __vb2_dqbuf.part.5+0x260/0x260 [ 64.815739] ? find_held_lock+0x36/0x1c0 [ 64.819818] ? mark_held_locks+0xc7/0x130 [ 64.823955] ? kasan_check_write+0x14/0x20 [ 64.828179] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 64.833095] ? kasan_check_read+0x11/0x20 [ 64.837231] ? wait_for_completion+0x8a0/0x8a0 [ 64.841845] ? trace_hardirqs_off_caller+0x300/0x300 [ 64.846951] ? trace_hardirqs_off_caller+0x300/0x300 [ 64.852059] vb2_core_streamoff+0x60/0x140 [ 64.856294] __vb2_cleanup_fileio+0x73/0x160 [ 64.860693] vb2_core_queue_release+0x1e/0x80 [ 64.865183] _vb2_fop_release+0x1d2/0x2b0 [ 64.869319] vb2_fop_release+0x77/0xc0 [ 64.873204] vivid_fop_release+0x18e/0x440 [ 64.877442] ? vivid_remove+0x460/0x460 [ 64.881405] v4l2_release+0xfb/0x1a0 [ 64.885111] __fput+0x3bc/0xa70 [ 64.888379] ? dev_debug_store+0x140/0x140 [ 64.892615] ? get_max_files+0x20/0x20 [ 64.896499] ? trace_hardirqs_off_caller+0x300/0x300 [ 64.901606] ? perf_trace_sched_process_exec+0x860/0x860 [ 64.907063] ____fput+0x15/0x20 [ 64.910341] task_work_run+0x1e8/0x2a0 [ 64.914221] ? task_work_cancel+0x240/0x240 [ 64.918532] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 64.924061] ? switch_task_namespaces+0x9d/0xd0 [ 64.928724] do_exit+0x1ad1/0x26d0 [ 64.932255] ? mm_update_next_owner+0x990/0x990 [ 64.936926] ? print_usage_bug+0xc0/0xc0 [ 64.940991] ? zap_class+0x640/0x640 [ 64.944710] ? zap_class+0x640/0x640 [ 64.948434] ? run_rebalance_domains+0x500/0x500 [ 64.953193] ? __lock_acquire+0x62f/0x4c20 [ 64.957425] ? find_held_lock+0x36/0x1c0 [ 64.961497] ? mark_held_locks+0x130/0x130 [ 64.965736] ? __lock_acquire+0x62f/0x4c20 [ 64.969972] ? trace_hardirqs_on+0xbd/0x310 [ 64.974327] ? remove_entity_load_avg+0x228/0x2e0 [ 64.979189] ? __free_pages+0x149/0x190 [ 64.983162] ? mark_held_locks+0x130/0x130 [ 64.987400] ? __lock_acquire+0x62f/0x4c20 [ 64.991645] ? kasan_check_write+0x14/0x20 [ 64.995900] ? finish_task_switch+0x658/0x920 [ 65.000385] ? __switch_to_asm+0x40/0x70 [ 65.004436] ? zap_class+0x640/0x640 [ 65.008137] ? mark_held_locks+0x130/0x130 [ 65.012359] ? __switch_to_asm+0x34/0x70 [ 65.016407] ? __switch_to_asm+0x40/0x70 [ 65.020452] ? __switch_to_asm+0x34/0x70 [ 65.024504] ? __switch_to_asm+0x40/0x70 [ 65.028553] ? __switch_to_asm+0x34/0x70 [ 65.032606] ? __switch_to_asm+0x40/0x70 [ 65.036668] ? memset+0x31/0x40 [ 65.039942] ? find_held_lock+0x36/0x1c0 [ 65.044010] ? get_signal+0x953/0x1970 [ 65.047894] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.052392] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.056880] do_group_exit+0x177/0x440 [ 65.060759] ? trace_hardirqs_off_caller+0x300/0x300 [ 65.065859] ? __ia32_sys_exit+0x50/0x50 [ 65.069911] get_signal+0x8a8/0x1970 [ 65.073619] ? ptrace_notify+0x130/0x130 [ 65.077698] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 65.082810] ? __free_object+0x173/0x340 [ 65.086859] ? __list_add_valid.cold.2+0x2a/0x2a [ 65.091599] ? debug_object_free+0x325/0x690 [ 65.096103] do_signal+0x9c/0x21c0 [ 65.099642] ? debug_object_free+0x32d/0x690 [ 65.104063] ? debug_object_destroy+0x2b0/0x2b0 [ 65.108735] ? setup_sigcontext+0x7d0/0x7d0 [ 65.113062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.118588] ? __hrtimer_init+0xdb/0x240 [ 65.122648] ? exit_to_usermode_loop+0x8c/0x380 [ 65.127320] ? exit_to_usermode_loop+0x8c/0x380 [ 65.131984] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 65.136559] ? trace_hardirqs_on+0xbd/0x310 [ 65.140867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.146400] ? do_syscall_64+0x6be/0x820 [ 65.150453] ? do_syscall_64+0x9a/0x820 [ 65.154415] ? do_syscall_64+0x9a/0x820 [ 65.158380] exit_to_usermode_loop+0x2e5/0x380 [ 65.162978] ? __bpf_trace_sys_exit+0x30/0x30 [ 65.167514] do_syscall_64+0x6be/0x820 [ 65.171407] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 65.176785] ? syscall_return_slowpath+0x5e0/0x5e0 [ 65.181717] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.186551] ? trace_hardirqs_on_caller+0x310/0x310 [ 65.191565] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 65.196577] ? prepare_exit_to_usermode+0x291/0x3b0 [ 65.201595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.206445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.211622] RIP: 0033:0x483081 [ 65.214820] Code: 75 14 b8 23 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 d4 f8 f8 ff c3 48 83 ec 08 e8 ba 70 fd ff 48 89 04 24 b8 23 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 03 71 fd ff 48 89 d0 48 83 c4 08 48 3d 01 [ 65.233720] RSP: 002b:00007ffc69ddaf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000023 [ 65.241412] RAX: 0000000000000000 RBX: 000000000000fef5 RCX: 0000000000483081 [ 65.248675] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc69ddaf20 [ 65.255937] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 65.263193] R10: 00007ffc69ddb000 R11: 0000000000000293 R12: 000000000072c900 [ 65.270446] R13: 00000000000003e8 R14: 000000000000fc39 R15: 000000000000fc0c [ 65.277722] ================================================================== [ 65.285068] Disabling lock debugging due to kernel taint [ 65.294645] Kernel panic - not syncing: panic_on_warn set ... [ 65.300541] CPU: 1 PID: 7274 Comm: syz-executor3 Tainted: G B 4.19.0-rc8-next-20181019+ #99 [ 65.310327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.319661] Call Trace: [ 65.322237] dump_stack+0x244/0x39d [ 65.325857] ? dump_stack_print_info.cold.1+0x20/0x20 [ 65.331054] panic+0x2ad/0x55c [ 65.334232] ? add_taint.cold.5+0x16/0x16 [ 65.338382] ? preempt_schedule+0x4d/0x60 [ 65.344431] ? ___preempt_schedule+0x16/0x18 [ 65.348829] ? trace_hardirqs_on+0xb4/0x310 [ 65.353135] kasan_end_report+0x47/0x4f [ 65.357094] kasan_report.cold.8+0x76/0x309 [ 65.361405] ? kthread_stop+0x108/0x8f0 [ 65.365421] check_memory_region+0x13e/0x1b0 [ 65.369816] kasan_check_write+0x14/0x20 [ 65.373866] kthread_stop+0x108/0x8f0 [ 65.377660] ? kthread_unpark+0x160/0x160 [ 65.381818] ? __lock_is_held+0xb5/0x140 [ 65.385893] vivid_stop_generating_vid_cap+0x2bc/0x93b [ 65.391158] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 65.396686] ? _vb2_fop_release+0x3f/0x2b0 [ 65.400913] ? mutex_trylock+0x2b0/0x2b0 [ 65.404960] ? vivid_fop_release+0x66/0x440 [ 65.409301] vid_cap_stop_streaming+0x8d/0xe0 [ 65.413797] ? vid_cap_buf_queue+0x310/0x310 [ 65.418194] __vb2_queue_cancel+0x171/0xca0 [ 65.422502] ? lock_downgrade+0x900/0x900 [ 65.426635] ? __vb2_dqbuf.part.5+0x260/0x260 [ 65.431122] ? find_held_lock+0x36/0x1c0 [ 65.435173] ? mark_held_locks+0xc7/0x130 [ 65.439318] ? kasan_check_write+0x14/0x20 [ 65.443562] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 65.448487] ? kasan_check_read+0x11/0x20 [ 65.452618] ? wait_for_completion+0x8a0/0x8a0 [ 65.457186] ? trace_hardirqs_off_caller+0x300/0x300 [ 65.462275] ? trace_hardirqs_off_caller+0x300/0x300 [ 65.467371] vb2_core_streamoff+0x60/0x140 [ 65.471594] __vb2_cleanup_fileio+0x73/0x160 [ 65.475987] vb2_core_queue_release+0x1e/0x80 [ 65.480467] _vb2_fop_release+0x1d2/0x2b0 [ 65.484750] vb2_fop_release+0x77/0xc0 [ 65.488644] vivid_fop_release+0x18e/0x440 [ 65.492871] ? vivid_remove+0x460/0x460 [ 65.496830] v4l2_release+0xfb/0x1a0 [ 65.500531] __fput+0x3bc/0xa70 [ 65.503807] ? dev_debug_store+0x140/0x140 [ 65.508043] ? get_max_files+0x20/0x20 [ 65.511941] ? trace_hardirqs_off_caller+0x300/0x300 [ 65.517049] ? perf_trace_sched_process_exec+0x860/0x860 [ 65.522492] ____fput+0x15/0x20 [ 65.525762] task_work_run+0x1e8/0x2a0 [ 65.529664] ? task_work_cancel+0x240/0x240 [ 65.533979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 65.539499] ? switch_task_namespaces+0x9d/0xd0 [ 65.544157] do_exit+0x1ad1/0x26d0 [ 65.547703] ? mm_update_next_owner+0x990/0x990 [ 65.552382] ? print_usage_bug+0xc0/0xc0 [ 65.556592] ? zap_class+0x640/0x640 [ 65.560308] ? zap_class+0x640/0x640 [ 65.564024] ? run_rebalance_domains+0x500/0x500 [ 65.568770] ? __lock_acquire+0x62f/0x4c20 [ 65.573002] ? find_held_lock+0x36/0x1c0 [ 65.577051] ? mark_held_locks+0x130/0x130 [ 65.581282] ? __lock_acquire+0x62f/0x4c20 [ 65.585523] ? trace_hardirqs_on+0xbd/0x310 [ 65.589829] ? remove_entity_load_avg+0x228/0x2e0 [ 65.594671] ? __free_pages+0x149/0x190 [ 65.598645] ? mark_held_locks+0x130/0x130 [ 65.602864] ? __lock_acquire+0x62f/0x4c20 [ 65.607103] ? kasan_check_write+0x14/0x20 [ 65.611329] ? finish_task_switch+0x658/0x920 [ 65.615834] ? __switch_to_asm+0x40/0x70 [ 65.619897] ? zap_class+0x640/0x640 [ 65.623604] ? mark_held_locks+0x130/0x130 [ 65.627837] ? __switch_to_asm+0x34/0x70 [ 65.631880] ? __switch_to_asm+0x40/0x70 [ 65.635934] ? __switch_to_asm+0x34/0x70 [ 65.639992] ? __switch_to_asm+0x40/0x70 [ 65.644035] ? __switch_to_asm+0x34/0x70 [ 65.648078] ? __switch_to_asm+0x40/0x70 [ 65.652151] ? memset+0x31/0x40 [ 65.655418] ? find_held_lock+0x36/0x1c0 [ 65.659467] ? get_signal+0x953/0x1970 [ 65.663340] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.667818] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.672306] do_group_exit+0x177/0x440 [ 65.676210] ? trace_hardirqs_off_caller+0x300/0x300 [ 65.681303] ? __ia32_sys_exit+0x50/0x50 [ 65.685353] get_signal+0x8a8/0x1970 [ 65.689054] ? ptrace_notify+0x130/0x130 [ 65.693106] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 65.698195] ? __free_object+0x173/0x340 [ 65.702240] ? __list_add_valid.cold.2+0x2a/0x2a [ 65.706977] ? debug_object_free+0x325/0x690 [ 65.711374] do_signal+0x9c/0x21c0 [ 65.714902] ? debug_object_free+0x32d/0x690 [ 65.719299] ? debug_object_destroy+0x2b0/0x2b0 [ 65.723953] ? setup_sigcontext+0x7d0/0x7d0 [ 65.728267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.733801] ? __hrtimer_init+0xdb/0x240 [ 65.737850] ? exit_to_usermode_loop+0x8c/0x380 [ 65.742505] ? exit_to_usermode_loop+0x8c/0x380 [ 65.747159] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 65.751726] ? trace_hardirqs_on+0xbd/0x310 [ 65.756035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.761560] ? do_syscall_64+0x6be/0x820 [ 65.765608] ? do_syscall_64+0x9a/0x820 [ 65.769565] ? do_syscall_64+0x9a/0x820 [ 65.773544] exit_to_usermode_loop+0x2e5/0x380 [ 65.778112] ? __bpf_trace_sys_exit+0x30/0x30 [ 65.782596] do_syscall_64+0x6be/0x820 [ 65.786485] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 65.791852] ? syscall_return_slowpath+0x5e0/0x5e0 [ 65.796783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.801648] ? trace_hardirqs_on_caller+0x310/0x310 [ 65.806667] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 65.811671] ? prepare_exit_to_usermode+0x291/0x3b0 [ 65.816676] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.821506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.826698] RIP: 0033:0x483081 [ 65.829884] Code: 75 14 b8 23 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 d4 f8 f8 ff c3 48 83 ec 08 e8 ba 70 fd ff 48 89 04 24 b8 23 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 03 71 fd ff 48 89 d0 48 83 c4 08 48 3d 01 [ 65.848794] RSP: 002b:00007ffc69ddaf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000023 [ 65.856496] RAX: 0000000000000000 RBX: 000000000000fef5 RCX: 0000000000483081 [ 65.863758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc69ddaf20 [ 65.871023] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 65.878275] R10: 00007ffc69ddb000 R11: 0000000000000293 R12: 000000000072c900 [ 65.885531] R13: 00000000000003e8 R14: 000000000000fc39 R15: 000000000000fc0c [ 65.893655] Kernel Offset: disabled [ 65.897276] Rebooting in 86400 seconds..