[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.610080] kauditd_printk_skb: 8 callbacks suppressed [ 28.610091] audit: type=1800 audit(1541811892.019:29): pid=5573 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.643103] audit: type=1800 audit(1541811892.019:30): pid=5573 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. 2018/11/10 01:05:04 parsed 1 programs 2018/11/10 01:05:05 executed programs: 0 syzkaller login: [ 42.581979] IPVS: ftp: loaded support on port[0] = 21 [ 42.839737] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.846521] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.853873] device bridge_slave_0 entered promiscuous mode [ 42.873020] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.879456] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.886346] device bridge_slave_1 entered promiscuous mode [ 42.904208] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.922360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.974220] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.994773] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.074215] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.081714] team0: Port device team_slave_0 added [ 43.098446] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.106951] team0: Port device team_slave_1 added [ 43.125339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.145887] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.166774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.186355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.335645] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.342127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.349117] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.355456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.893727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.947063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.003895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.010136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.017483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.072519] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/10 01:05:11 executed programs: 73 2018/11/10 01:05:16 executed programs: 183 [ 54.394449] vivid-000: kernel_thread() failed [ 55.215560] ================================================================== [ 55.223071] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900 [ 55.229405] Write of size 4 at addr 000000000000001c by task syz-executor0/7092 [ 55.236834] [ 55.238463] CPU: 1 PID: 7092 Comm: syz-executor0 Not tainted 4.20.0-rc1+ #106 [ 55.245737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.255077] Call Trace: [ 55.257663] dump_stack+0x244/0x39d [ 55.261292] ? dump_stack_print_info.cold.1+0x20/0x20 [ 55.266474] ? vprintk_func+0x85/0x181 [ 55.270356] kasan_report.cold.8+0x6d/0x309 [ 55.274679] ? kthread_stop+0x10d/0x900 [ 55.278648] check_memory_region+0x13e/0x1b0 [ 55.283050] kasan_check_write+0x14/0x20 [ 55.287103] kthread_stop+0x10d/0x900 [ 55.290897] ? kthread_unpark+0x160/0x160 [ 55.295040] ? __lock_is_held+0xb5/0x140 [ 55.299105] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 55.304384] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 55.309914] ? _vb2_fop_release+0x3f/0x2b0 [ 55.314144] ? mutex_trylock+0x2b0/0x2b0 [ 55.318196] ? vivid_fop_release+0x66/0x440 [ 55.322525] ? __mutex_lock+0x85e/0x16f0 [ 55.326585] vid_cap_stop_streaming+0x8d/0xe0 [ 55.331073] ? vid_cap_buf_queue+0x310/0x310 [ 55.335470] __vb2_queue_cancel+0x171/0xd20 [ 55.340045] ? lock_downgrade+0x900/0x900 [ 55.344184] ? vb2_buffer_done+0xb90/0xb90 [ 55.348422] ? find_held_lock+0x36/0x1c0 [ 55.352480] ? mark_held_locks+0xc7/0x130 [ 55.356623] ? kasan_check_write+0x14/0x20 [ 55.360868] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 55.365813] ? kasan_check_read+0x11/0x20 [ 55.369954] ? wait_for_completion+0x8a0/0x8a0 [ 55.374525] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.379636] vb2_core_streamoff+0x60/0x140 [ 55.383874] __vb2_cleanup_fileio+0x73/0x160 [ 55.388278] vb2_core_queue_release+0x1e/0x80 [ 55.392766] _vb2_fop_release+0x1d2/0x2b0 [ 55.396908] vb2_fop_release+0x77/0xc0 [ 55.400787] vivid_fop_release+0x18e/0x440 [ 55.405013] ? vivid_remove+0x460/0x460 [ 55.408979] v4l2_release+0x224/0x3a0 [ 55.412772] ? dev_debug_store+0x140/0x140 [ 55.417009] __fput+0x385/0xa30 [ 55.420300] ? get_max_files+0x20/0x20 [ 55.424195] ? trace_hardirqs_on+0xbd/0x310 [ 55.428516] ? kasan_check_read+0x11/0x20 [ 55.432681] ? task_work_run+0x1af/0x2a0 [ 55.436746] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.441845] ? rcu_softirq_qs+0x20/0x20 [ 55.445847] ? unwind_dump+0x190/0x190 [ 55.449763] ____fput+0x15/0x20 [ 55.453038] task_work_run+0x1e8/0x2a0 [ 55.456918] ? task_work_cancel+0x240/0x240 [ 55.461232] ? __fget+0x4aa/0x740 [ 55.464697] get_signal+0x1558/0x1980 [ 55.468524] ? find_held_lock+0x36/0x1c0 [ 55.472589] ? ptrace_notify+0x130/0x130 [ 55.476647] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 55.482444] ? pvclock_read_flags+0x160/0x160 [ 55.486953] ? poll_select_set_timeout+0x19a/0x240 [ 55.491882] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.496982] do_signal+0x9c/0x21c0 [ 55.500515] ? timespec64_add_safe+0x204/0x2f0 [ 55.505088] ? nsec_to_clock_t+0x30/0x30 [ 55.509144] ? setup_sigcontext+0x7d0/0x7d0 [ 55.513464] ? exit_to_usermode_loop+0x8c/0x380 [ 55.518124] ? exit_to_usermode_loop+0x8c/0x380 [ 55.522787] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 55.527389] ? trace_hardirqs_on+0xbd/0x310 [ 55.531702] ? do_syscall_64+0x6be/0x820 [ 55.535756] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.540846] ? do_restart_poll+0x2e0/0x2e0 [ 55.545083] ? nsecs_to_jiffies+0x30/0x30 [ 55.549222] ? do_syscall_64+0x9a/0x820 [ 55.553204] ? do_syscall_64+0x9a/0x820 [ 55.557172] exit_to_usermode_loop+0x2e5/0x380 [ 55.561775] ? __bpf_trace_sys_exit+0x30/0x30 [ 55.566269] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.571805] do_syscall_64+0x6be/0x820 [ 55.575698] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 55.581054] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.585979] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.590812] ? trace_hardirqs_on_caller+0x310/0x310 [ 55.595820] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 55.600845] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.605878] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.610718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.615915] RIP: 0033:0x457569 [ 55.619100] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.638007] RSP: 002b:00007fddabeadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 55.645703] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 55.652960] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0 [ 55.660225] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.667486] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fddabeae6d4 [ 55.674751] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 55.682036] ================================================================== [ 55.689392] Disabling lock debugging due to kernel taint [ 55.695525] Kernel panic - not syncing: panic_on_warn set ... [ 55.701422] CPU: 1 PID: 7092 Comm: syz-executor0 Tainted: G B 4.20.0-rc1+ #106 [ 55.710067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.719405] Call Trace: [ 55.721986] dump_stack+0x244/0x39d [ 55.725623] ? dump_stack_print_info.cold.1+0x20/0x20 [ 55.730806] panic+0x2ad/0x55c [ 55.734008] ? add_taint.cold.5+0x16/0x16 [ 55.738151] ? preempt_schedule+0x4d/0x60 [ 55.742298] ? ___preempt_schedule+0x16/0x18 [ 55.746714] ? trace_hardirqs_on+0xb4/0x310 [ 55.751039] kasan_end_report+0x47/0x4f [ 55.755003] kasan_report.cold.8+0x76/0x309 [ 55.759313] ? kthread_stop+0x10d/0x900 [ 55.763286] check_memory_region+0x13e/0x1b0 [ 55.767726] kasan_check_write+0x14/0x20 [ 55.771792] kthread_stop+0x10d/0x900 [ 55.775582] ? kthread_unpark+0x160/0x160 [ 55.779721] ? __lock_is_held+0xb5/0x140 [ 55.783777] vivid_stop_generating_vid_cap+0x2bb/0x9ae [ 55.789043] ? vivid_start_generating_vid_cap+0x4c0/0x4c0 [ 55.794572] ? _vb2_fop_release+0x3f/0x2b0 [ 55.798799] ? mutex_trylock+0x2b0/0x2b0 [ 55.802849] ? vivid_fop_release+0x66/0x440 [ 55.807171] ? __mutex_lock+0x85e/0x16f0 [ 55.811225] vid_cap_stop_streaming+0x8d/0xe0 [ 55.815709] ? vid_cap_buf_queue+0x310/0x310 [ 55.820106] __vb2_queue_cancel+0x171/0xd20 [ 55.824416] ? lock_downgrade+0x900/0x900 [ 55.828565] ? vb2_buffer_done+0xb90/0xb90 [ 55.832808] ? find_held_lock+0x36/0x1c0 [ 55.836871] ? mark_held_locks+0xc7/0x130 [ 55.841012] ? kasan_check_write+0x14/0x20 [ 55.845247] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 55.850168] ? kasan_check_read+0x11/0x20 [ 55.854311] ? wait_for_completion+0x8a0/0x8a0 [ 55.858891] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.863995] vb2_core_streamoff+0x60/0x140 [ 55.868220] __vb2_cleanup_fileio+0x73/0x160 [ 55.872618] vb2_core_queue_release+0x1e/0x80 [ 55.877107] _vb2_fop_release+0x1d2/0x2b0 [ 55.881245] vb2_fop_release+0x77/0xc0 [ 55.885121] vivid_fop_release+0x18e/0x440 [ 55.889345] ? vivid_remove+0x460/0x460 [ 55.893322] v4l2_release+0x224/0x3a0 [ 55.897149] ? dev_debug_store+0x140/0x140 [ 55.901407] __fput+0x385/0xa30 [ 55.904683] ? get_max_files+0x20/0x20 [ 55.908563] ? trace_hardirqs_on+0xbd/0x310 [ 55.912879] ? kasan_check_read+0x11/0x20 [ 55.917021] ? task_work_run+0x1af/0x2a0 [ 55.921073] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.926164] ? rcu_softirq_qs+0x20/0x20 [ 55.930125] ? unwind_dump+0x190/0x190 [ 55.934003] ____fput+0x15/0x20 [ 55.937272] task_work_run+0x1e8/0x2a0 [ 55.941170] ? task_work_cancel+0x240/0x240 [ 55.945509] ? __fget+0x4aa/0x740 [ 55.948955] get_signal+0x1558/0x1980 [ 55.952747] ? find_held_lock+0x36/0x1c0 [ 55.956797] ? ptrace_notify+0x130/0x130 [ 55.960853] ? compat_poll_select_copy_remaining+0x6c0/0x6c0 [ 55.966947] ? pvclock_read_flags+0x160/0x160 [ 55.971437] ? poll_select_set_timeout+0x19a/0x240 [ 55.976359] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.981463] do_signal+0x9c/0x21c0 [ 55.984997] ? timespec64_add_safe+0x204/0x2f0 [ 55.989567] ? nsec_to_clock_t+0x30/0x30 [ 55.993617] ? setup_sigcontext+0x7d0/0x7d0 [ 55.997932] ? exit_to_usermode_loop+0x8c/0x380 [ 56.002592] ? exit_to_usermode_loop+0x8c/0x380 [ 56.007253] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 56.011827] ? trace_hardirqs_on+0xbd/0x310 [ 56.016139] ? do_syscall_64+0x6be/0x820 [ 56.020188] ? trace_hardirqs_off_caller+0x310/0x310 [ 56.025278] ? do_restart_poll+0x2e0/0x2e0 [ 56.029501] ? nsecs_to_jiffies+0x30/0x30 [ 56.033638] ? do_syscall_64+0x9a/0x820 [ 56.037598] ? do_syscall_64+0x9a/0x820 [ 56.041562] exit_to_usermode_loop+0x2e5/0x380 [ 56.046136] ? __bpf_trace_sys_exit+0x30/0x30 [ 56.050618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.056147] do_syscall_64+0x6be/0x820 [ 56.060026] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 56.065415] ? syscall_return_slowpath+0x5e0/0x5e0 [ 56.070333] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.075165] ? trace_hardirqs_on_caller+0x310/0x310 [ 56.080191] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.085216] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.090223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.095058] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.100252] RIP: 0033:0x457569 [ 56.103433] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.122341] RSP: 002b:00007fddabeadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 56.130061] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569 [ 56.137343] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0 [ 56.144606] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 56.151869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fddabeae6d4 [ 56.159131] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff [ 56.167357] Kernel Offset: disabled [ 56.170993] Rebooting in 86400 seconds..