[   23.680832] audit: type=1800 audit(1541859246.004:21): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   23.707208] audit: type=1800 audit(1541859246.004:22): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   24.893154] startpar (5497) used greatest stack depth: 15632 bytes left

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
2018/11/10 14:15:15 parsed 1 programs
2018/11/10 14:15:16 executed programs: 0
syzkaller login: [   94.665082] IPVS: ftp: loaded support on port[0] = 21
[   94.914266] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.921544] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.929223] device bridge_slave_0 entered promiscuous mode
[   94.949246] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.955869] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.963031] device bridge_slave_1 entered promiscuous mode
[   94.981030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   94.999070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   95.048876] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   95.069568] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   95.149890] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   95.157590] team0: Port device team_slave_0 added
[   95.174555] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   95.181747] team0: Port device team_slave_1 added
[   95.200326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.221518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   95.241207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   95.261659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   95.408117] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.414632] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.421911] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.428280] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.943167] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.997485] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   96.049411] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   96.055577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   96.064076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   96.109967] 8021q: adding VLAN 0 to HW filter on device team0
2018/11/10 14:15:22 executed programs: 49
2018/11/10 14:15:27 executed programs: 159
2018/11/10 14:15:32 executed programs: 275
2018/11/10 14:15:37 executed programs: 357
2018/11/10 14:15:42 executed programs: 462
2018/11/10 14:15:47 executed programs: 550
2018/11/10 14:15:52 executed programs: 665
2018/11/10 14:15:57 executed programs: 780
[  135.550681] vivid-000: kernel_thread() failed
[  136.365337] ==================================================================
[  136.372882] BUG: KASAN: null-ptr-deref in kthread_stop+0x108/0x8f0
[  136.379199] Write of size 4 at addr 000000000000001c by task syz-executor0/9802
[  136.386631] 
[  136.388247] CPU: 0 PID: 9802 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181109+ #109
[  136.396717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.406064] Call Trace:
[  136.408640]  dump_stack+0x244/0x39d
[  136.412256]  ? dump_stack_print_info.cold.1+0x20/0x20
[  136.417434]  ? vprintk_func+0x85/0x181
[  136.421310]  kasan_report.cold.8+0x6d/0x309
[  136.425618]  ? kthread_stop+0x108/0x8f0
[  136.429582]  check_memory_region+0x13e/0x1b0
[  136.433979]  kasan_check_write+0x14/0x20
[  136.438030]  kthread_stop+0x108/0x8f0
[  136.441942]  ? kthread_unpark+0x160/0x160
[  136.446090]  ? __lock_is_held+0xb5/0x140
[  136.450154]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[  136.455424]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[  136.460949]  ? _vb2_fop_release+0x3f/0x2b0
[  136.465174]  ? mutex_trylock+0x2b0/0x2b0
[  136.469281]  ? vivid_fop_release+0x66/0x440
[  136.473602]  ? __mutex_lock+0x85e/0x16f0
[  136.477660]  vid_cap_stop_streaming+0x8d/0xe0
[  136.482142]  ? vid_cap_buf_queue+0x310/0x310
[  136.486535]  __vb2_queue_cancel+0x171/0xd20
[  136.490848]  ? lock_downgrade+0x900/0x900
[  136.494983]  ? vb2_buffer_done+0xb80/0xb80
[  136.499313]  ? find_held_lock+0x36/0x1c0
[  136.503377]  ? mark_held_locks+0xc7/0x130
[  136.507572]  ? kasan_check_write+0x14/0x20
[  136.511805]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  136.517078]  ? kasan_check_read+0x11/0x20
[  136.521223]  ? wait_for_completion+0x8a0/0x8a0
[  136.525794]  ? trace_hardirqs_off_caller+0x300/0x300
[  136.530893]  vb2_core_streamoff+0x60/0x140
[  136.535183]  __vb2_cleanup_fileio+0x73/0x160
[  136.539628]  vb2_core_queue_release+0x1e/0x80
[  136.544114]  _vb2_fop_release+0x1d2/0x2b0
[  136.548249]  vb2_fop_release+0x77/0xc0
[  136.552121]  vivid_fop_release+0x18e/0x440
[  136.556480]  ? vivid_remove+0x460/0x460
[  136.560448]  v4l2_release+0x224/0x3a0
[  136.564241]  __fput+0x3bc/0xa70
[  136.567508]  ? dev_debug_store+0x140/0x140
[  136.571821]  ? get_max_files+0x20/0x20
[  136.575718]  ? trace_hardirqs_on+0xbd/0x310
[  136.580028]  ? kasan_check_read+0x11/0x20
[  136.584172]  ? task_work_run+0x1af/0x2a0
[  136.588231]  ? trace_hardirqs_off_caller+0x300/0x300
[  136.593319]  ? rcu_read_unlock_special+0x370/0x370
[  136.598237]  ? rcu_softirq_qs+0x20/0x20
[  136.602197]  ? unwind_dump+0x190/0x190
[  136.606077]  ____fput+0x15/0x20
[  136.609354]  task_work_run+0x1e8/0x2a0
[  136.613232]  ? task_work_cancel+0x240/0x240
[  136.617540]  ? __fget+0x4aa/0x740
[  136.620984]  get_signal+0x1550/0x1970
[  136.624778]  ? find_held_lock+0x36/0x1c0
[  136.628830]  ? ptrace_notify+0x130/0x130
[  136.632888]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[  136.638688]  ? pvclock_read_flags+0x160/0x160
[  136.643178]  ? poll_select_set_timeout+0x19a/0x240
[  136.648109]  ? trace_hardirqs_off_caller+0x300/0x300
[  136.653271]  do_signal+0x9c/0x21c0
[  136.656887]  ? timespec64_add_safe+0x204/0x2f0
[  136.661472]  ? nsec_to_clock_t+0x30/0x30
[  136.665539]  ? setup_sigcontext+0x7d0/0x7d0
[  136.669943]  ? exit_to_usermode_loop+0x8c/0x380
[  136.674601]  ? exit_to_usermode_loop+0x8c/0x380
[  136.679267]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  136.683851]  ? trace_hardirqs_on+0xbd/0x310
[  136.688163]  ? do_syscall_64+0x6be/0x820
[  136.692225]  ? trace_hardirqs_off_caller+0x300/0x300
[  136.697316]  ? do_restart_poll+0x2e0/0x2e0
[  136.701559]  ? nsecs_to_jiffies+0x30/0x30
[  136.705708]  ? do_syscall_64+0x9a/0x820
[  136.709668]  ? do_syscall_64+0x9a/0x820
[  136.713634]  exit_to_usermode_loop+0x2e5/0x380
[  136.718205]  ? __bpf_trace_sys_exit+0x30/0x30
[  136.722685]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  136.728227]  do_syscall_64+0x6be/0x820
[  136.732111]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  136.737466]  ? syscall_return_slowpath+0x5e0/0x5e0
[  136.742382]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  136.747214]  ? trace_hardirqs_on_caller+0x310/0x310
[  136.752215]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  136.757322]  ? prepare_exit_to_usermode+0x291/0x3b0
[  136.762418]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  136.767266]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  136.772443] RIP: 0033:0x457569
[  136.775756] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  136.794734] RSP: 002b:00007fa0f07ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  136.802455] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569
[  136.809779] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0
[  136.817307] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  136.824573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0f07ec6d4
[  136.831839] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff
[  136.839248] ==================================================================
[  136.846648] Disabling lock debugging due to kernel taint
[  136.852550] Kernel panic - not syncing: panic_on_warn set ...
[  136.858448] CPU: 0 PID: 9802 Comm: syz-executor0 Tainted: G    B             4.20.0-rc1-next-20181109+ #109
[  136.868314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.877647] Call Trace:
[  136.880225]  dump_stack+0x244/0x39d
[  136.883838]  ? dump_stack_print_info.cold.1+0x20/0x20
[  136.889045]  panic+0x2ad/0x55c
[  136.892226]  ? add_taint.cold.5+0x16/0x16
[  136.896360]  ? preempt_schedule+0x4d/0x60
[  136.900499]  ? ___preempt_schedule+0x16/0x18
[  136.904905]  ? trace_hardirqs_on+0xb4/0x310
[  136.909216]  kasan_end_report+0x47/0x4f
[  136.913181]  kasan_report.cold.8+0x76/0x309
[  136.917489]  ? kthread_stop+0x108/0x8f0
[  136.921453]  check_memory_region+0x13e/0x1b0
[  136.925941]  kasan_check_write+0x14/0x20
[  136.930019]  kthread_stop+0x108/0x8f0
[  136.933873]  ? kthread_unpark+0x160/0x160
[  136.938031]  ? __lock_is_held+0xb5/0x140
[  136.942088]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[  136.947427]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[  136.952961]  ? _vb2_fop_release+0x3f/0x2b0
[  136.957189]  ? mutex_trylock+0x2b0/0x2b0
[  136.961234]  ? vivid_fop_release+0x66/0x440
[  136.965542]  ? __mutex_lock+0x85e/0x16f0
[  136.969593]  vid_cap_stop_streaming+0x8d/0xe0
[  136.974081]  ? vid_cap_buf_queue+0x310/0x310
[  136.978475]  __vb2_queue_cancel+0x171/0xd20
[  136.982783]  ? lock_downgrade+0x900/0x900
[  136.986915]  ? vb2_buffer_done+0xb80/0xb80
[  136.991132]  ? find_held_lock+0x36/0x1c0
[  136.995179]  ? mark_held_locks+0xc7/0x130
[  136.999313]  ? kasan_check_write+0x14/0x20
[  137.003530]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  137.008441]  ? kasan_check_read+0x11/0x20
[  137.012572]  ? wait_for_completion+0x8a0/0x8a0
[  137.017137]  ? trace_hardirqs_off_caller+0x300/0x300
[  137.022253]  vb2_core_streamoff+0x60/0x140
[  137.026487]  __vb2_cleanup_fileio+0x73/0x160
[  137.030889]  vb2_core_queue_release+0x1e/0x80
[  137.035381]  _vb2_fop_release+0x1d2/0x2b0
[  137.039520]  vb2_fop_release+0x77/0xc0
[  137.043396]  vivid_fop_release+0x18e/0x440
[  137.047614]  ? vivid_remove+0x460/0x460
[  137.051577]  v4l2_release+0x224/0x3a0
[  137.055365]  __fput+0x3bc/0xa70
[  137.058639]  ? dev_debug_store+0x140/0x140
[  137.062958]  ? get_max_files+0x20/0x20
[  137.066843]  ? trace_hardirqs_on+0xbd/0x310
[  137.071155]  ? kasan_check_read+0x11/0x20
[  137.075289]  ? task_work_run+0x1af/0x2a0
[  137.079334]  ? trace_hardirqs_off_caller+0x300/0x300
[  137.084424]  ? rcu_read_unlock_special+0x370/0x370
[  137.089340]  ? rcu_softirq_qs+0x20/0x20
[  137.093307]  ? unwind_dump+0x190/0x190
[  137.097189]  ____fput+0x15/0x20
[  137.100458]  task_work_run+0x1e8/0x2a0
[  137.104331]  ? task_work_cancel+0x240/0x240
[  137.108798]  ? __fget+0x4aa/0x740
[  137.112249]  get_signal+0x1550/0x1970
[  137.116106]  ? find_held_lock+0x36/0x1c0
[  137.120163]  ? ptrace_notify+0x130/0x130
[  137.124214]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[  137.130000]  ? pvclock_read_flags+0x160/0x160
[  137.134480]  ? poll_select_set_timeout+0x19a/0x240
[  137.139393]  ? trace_hardirqs_off_caller+0x300/0x300
[  137.144554]  do_signal+0x9c/0x21c0
[  137.148101]  ? timespec64_add_safe+0x204/0x2f0
[  137.152676]  ? nsec_to_clock_t+0x30/0x30
[  137.156727]  ? setup_sigcontext+0x7d0/0x7d0
[  137.161043]  ? exit_to_usermode_loop+0x8c/0x380
[  137.165710]  ? exit_to_usermode_loop+0x8c/0x380
[  137.170366]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  137.174933]  ? trace_hardirqs_on+0xbd/0x310
[  137.179238]  ? do_syscall_64+0x6be/0x820
[  137.183548]  ? trace_hardirqs_off_caller+0x300/0x300
[  137.188646]  ? do_restart_poll+0x2e0/0x2e0
[  137.192879]  ? nsecs_to_jiffies+0x30/0x30
[  137.197012]  ? do_syscall_64+0x9a/0x820
[  137.200985]  ? do_syscall_64+0x9a/0x820
[  137.204945]  exit_to_usermode_loop+0x2e5/0x380
[  137.209516]  ? __bpf_trace_sys_exit+0x30/0x30
[  137.214076]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  137.219616]  do_syscall_64+0x6be/0x820
[  137.223494]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  137.228855]  ? syscall_return_slowpath+0x5e0/0x5e0
[  137.233775]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  137.238616]  ? trace_hardirqs_on_caller+0x310/0x310
[  137.243622]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  137.248632]  ? prepare_exit_to_usermode+0x291/0x3b0
[  137.253654]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  137.258488]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  137.263666] RIP: 0033:0x457569
[  137.266846] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  137.285745] RSP: 002b:00007fa0f07ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  137.293437] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000457569
[  137.300697] RDX: 0000000000010001 RSI: 0000000000000001 RDI: 00000000200003c0
[  137.307957] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  137.315211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0f07ec6d4
[  137.322464] R13: 00000000004c325e R14: 00000000004d4e10 R15: 00000000ffffffff
[  137.330921] Kernel Offset: disabled
[  137.334551] Rebooting in 86400 seconds..