[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   28.854952] kauditd_printk_skb: 7 callbacks suppressed
[   28.854964] audit: type=1800 audit(1544030674.511:29): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   28.880286] audit: type=1800 audit(1544030674.521:30): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.507976] sshd (5992) used greatest stack depth: 15632 bytes left
Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts.
2018/12/05 17:25:31 parsed 1 programs
2018/12/05 17:25:32 executed programs: 0
[   87.188639] IPVS: ftp: loaded support on port[0] = 21
[   87.443971] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.450915] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.457987] device bridge_slave_0 entered promiscuous mode
[   87.476377] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.482870] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.489833] device bridge_slave_1 entered promiscuous mode
[   87.509286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   87.527164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   87.576918] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   87.597253] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   87.675147] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   87.682760] team0: Port device team_slave_0 added
[   87.701000] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   87.708286] team0: Port device team_slave_1 added
[   87.725481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.746901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.766331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.787861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.938690] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.945429] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.952444] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.958840] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.485615] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.539254] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   88.592090] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   88.598462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.605422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   88.660689] 8021q: adding VLAN 0 to HW filter on device team0
2018/12/05 17:25:37 executed programs: 65
[   94.081757] vivid-000: kernel_thread() failed
[   94.906500] ==================================================================
[   94.914023] BUG: KASAN: null-ptr-deref in kthread_stop+0x108/0x8f0
[   94.920329] Write of size 4 at addr 000000000000001c by task syz-executor0/6800
[   94.927751] 
[   94.929366] CPU: 1 PID: 6800 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181109+ #110
[   94.937834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.947173] Call Trace:
[   94.949745]  dump_stack+0x244/0x39d
[   94.953359]  ? dump_stack_print_info.cold.1+0x20/0x20
[   94.958538]  ? vprintk_func+0x85/0x181
[   94.962415]  kasan_report.cold.8+0x6d/0x309
[   94.966721]  ? kthread_stop+0x108/0x8f0
[   94.970682]  check_memory_region+0x13e/0x1b0
[   94.975075]  kasan_check_write+0x14/0x20
[   94.979122]  kthread_stop+0x108/0x8f0
[   94.982915]  ? kthread_unpark+0x160/0x160
[   94.987055]  ? __lock_is_held+0xb5/0x140
[   94.991111]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   94.996376]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   95.001898]  ? _vb2_fop_release+0x3f/0x2b0
[   95.006134]  ? mutex_trylock+0x2b0/0x2b0
[   95.010181]  ? vivid_fop_release+0x66/0x440
[   95.014488]  ? __mutex_lock+0x85e/0x16f0
[   95.018542]  vid_cap_stop_streaming+0x8d/0xe0
[   95.023020]  ? vid_cap_buf_queue+0x310/0x310
[   95.027418]  __vb2_queue_cancel+0x171/0xd20
[   95.031731]  ? lock_downgrade+0x900/0x900
[   95.035863]  ? vb2_buffer_done+0xb80/0xb80
[   95.040087]  ? find_held_lock+0x36/0x1c0
[   95.044138]  ? mark_held_locks+0xc7/0x130
[   95.048274]  ? kasan_check_write+0x14/0x20
[   95.052494]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   95.057409]  ? kasan_check_read+0x11/0x20
[   95.061546]  ? wait_for_completion+0x8a0/0x8a0
[   95.066114]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.071208]  vb2_core_streamoff+0x60/0x140
[   95.075446]  __vb2_cleanup_fileio+0x73/0x160
[   95.079842]  vb2_core_queue_release+0x1e/0x80
[   95.084337]  _vb2_fop_release+0x1d2/0x2b0
[   95.088473]  vb2_fop_release+0x77/0xc0
[   95.092345]  vivid_fop_release+0x18e/0x440
[   95.096566]  ? vivid_remove+0x460/0x460
[   95.100533]  v4l2_release+0x224/0x3a0
[   95.104322]  __fput+0x3bc/0xa70
[   95.107589]  ? dev_debug_store+0x140/0x140
[   95.111807]  ? get_max_files+0x20/0x20
[   95.115679]  ? trace_hardirqs_on+0xbd/0x310
[   95.119985]  ? kasan_check_read+0x11/0x20
[   95.124118]  ? task_work_run+0x1af/0x2a0
[   95.128166]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.133259]  ? check_preemption_disabled+0x48/0x280
[   95.138265]  ____fput+0x15/0x20
[   95.141529]  task_work_run+0x1e8/0x2a0
[   95.145401]  ? task_work_cancel+0x240/0x240
[   95.149717]  get_signal+0x1550/0x1970
[   95.153504]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   95.159287]  ? save_stack+0x43/0xd0
[   95.162927]  ? ptrace_notify+0x130/0x130
[   95.167006]  ? graph_lock+0x270/0x270
[   95.170802]  ? find_held_lock+0x36/0x1c0
[   95.174851]  ? __might_fault+0x12b/0x1e0
[   95.178898]  ? poll_select_copy_remaining+0x433/0x6a0
[   95.184082]  do_signal+0x9c/0x21c0
[   95.187606]  ? perf_trace_sched_process_exec+0x860/0x860
[   95.193040]  ? posix_ktime_get_ts+0x15/0x20
[   95.197346]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.202438]  ? kasan_check_read+0x11/0x20
[   95.206571]  ? setup_sigcontext+0x7d0/0x7d0
[   95.210888]  ? exit_to_usermode_loop+0x8c/0x380
[   95.215551]  ? exit_to_usermode_loop+0x8c/0x380
[   95.220207]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   95.224775]  ? trace_hardirqs_on+0xbd/0x310
[   95.229083]  ? do_syscall_64+0x6be/0x820
[   95.233131]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.238219]  ? nsecs_to_jiffies+0x30/0x30
[   95.242350]  ? do_syscall_64+0x9a/0x820
[   95.246305]  ? do_syscall_64+0x9a/0x820
[   95.250265]  exit_to_usermode_loop+0x2e5/0x380
[   95.254830]  ? __bpf_trace_sys_exit+0x30/0x30
[   95.259318]  do_syscall_64+0x6be/0x820
[   95.263192]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   95.268543]  ? syscall_return_slowpath+0x5e0/0x5e0
[   95.273456]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   95.278282]  ? trace_hardirqs_on_caller+0x310/0x310
[   95.283282]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   95.288287]  ? prepare_exit_to_usermode+0x291/0x3b0
[   95.293293]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   95.298126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   95.303295] RIP: 0033:0x457569
[   95.306470] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   95.325352] RSP: 002b:00007fc9266b2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   95.333041] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   95.340295] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   95.347546] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   95.354800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc9266b36d4
[   95.362051] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   95.369322] ==================================================================
[   95.376674] Disabling lock debugging due to kernel taint
[   95.384605] Kernel panic - not syncing: panic_on_warn set ...
[   95.390508] CPU: 0 PID: 6800 Comm: syz-executor0 Tainted: G    B             4.20.0-rc1-next-20181109+ #110
[   95.400374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   95.409718] Call Trace:
[   95.412289]  dump_stack+0x244/0x39d
[   95.415899]  ? dump_stack_print_info.cold.1+0x20/0x20
[   95.421114]  panic+0x2ad/0x55c
[   95.424301]  ? add_taint.cold.5+0x16/0x16
[   95.428437]  ? preempt_schedule+0x4d/0x60
[   95.432568]  ? ___preempt_schedule+0x16/0x18
[   95.436960]  ? trace_hardirqs_on+0xb4/0x310
[   95.441269]  kasan_end_report+0x47/0x4f
[   95.445225]  kasan_report.cold.8+0x76/0x309
[   95.449551]  ? kthread_stop+0x108/0x8f0
[   95.453542]  check_memory_region+0x13e/0x1b0
[   95.457939]  kasan_check_write+0x14/0x20
[   95.461984]  kthread_stop+0x108/0x8f0
[   95.465764]  ? kthread_unpark+0x160/0x160
[   95.469896]  ? __lock_is_held+0xb5/0x140
[   95.473963]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   95.479223]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   95.484772]  ? _vb2_fop_release+0x3f/0x2b0
[   95.489003]  ? mutex_trylock+0x2b0/0x2b0
[   95.493046]  ? vivid_fop_release+0x66/0x440
[   95.497349]  ? __mutex_lock+0x85e/0x16f0
[   95.501396]  vid_cap_stop_streaming+0x8d/0xe0
[   95.505877]  ? vid_cap_buf_queue+0x310/0x310
[   95.510269]  __vb2_queue_cancel+0x171/0xd20
[   95.514570]  ? lock_downgrade+0x900/0x900
[   95.518697]  ? vb2_buffer_done+0xb80/0xb80
[   95.522921]  ? find_held_lock+0x36/0x1c0
[   95.526972]  ? mark_held_locks+0xc7/0x130
[   95.531116]  ? kasan_check_write+0x14/0x20
[   95.535360]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   95.540269]  ? kasan_check_read+0x11/0x20
[   95.544399]  ? wait_for_completion+0x8a0/0x8a0
[   95.548965]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.554053]  vb2_core_streamoff+0x60/0x140
[   95.558269]  __vb2_cleanup_fileio+0x73/0x160
[   95.562662]  vb2_core_queue_release+0x1e/0x80
[   95.567137]  _vb2_fop_release+0x1d2/0x2b0
[   95.571266]  vb2_fop_release+0x77/0xc0
[   95.575138]  vivid_fop_release+0x18e/0x440
[   95.579354]  ? vivid_remove+0x460/0x460
[   95.583312]  v4l2_release+0x224/0x3a0
[   95.587109]  __fput+0x3bc/0xa70
[   95.590370]  ? dev_debug_store+0x140/0x140
[   95.594583]  ? get_max_files+0x20/0x20
[   95.598456]  ? trace_hardirqs_on+0xbd/0x310
[   95.602757]  ? kasan_check_read+0x11/0x20
[   95.606884]  ? task_work_run+0x1af/0x2a0
[   95.610938]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.616037]  ? check_preemption_disabled+0x48/0x280
[   95.621037]  ____fput+0x15/0x20
[   95.624297]  task_work_run+0x1e8/0x2a0
[   95.628166]  ? task_work_cancel+0x240/0x240
[   95.632472]  get_signal+0x1550/0x1970
[   95.636253]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   95.642064]  ? save_stack+0x43/0xd0
[   95.645672]  ? ptrace_notify+0x130/0x130
[   95.649709]  ? graph_lock+0x270/0x270
[   95.653492]  ? find_held_lock+0x36/0x1c0
[   95.657537]  ? __might_fault+0x12b/0x1e0
[   95.661581]  ? poll_select_copy_remaining+0x433/0x6a0
[   95.666749]  do_signal+0x9c/0x21c0
[   95.670270]  ? perf_trace_sched_process_exec+0x860/0x860
[   95.675700]  ? posix_ktime_get_ts+0x15/0x20
[   95.680007]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.685090]  ? kasan_check_read+0x11/0x20
[   95.689217]  ? setup_sigcontext+0x7d0/0x7d0
[   95.693527]  ? exit_to_usermode_loop+0x8c/0x380
[   95.698179]  ? exit_to_usermode_loop+0x8c/0x380
[   95.702830]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   95.707396]  ? trace_hardirqs_on+0xbd/0x310
[   95.711702]  ? do_syscall_64+0x6be/0x820
[   95.715742]  ? trace_hardirqs_off_caller+0x300/0x300
[   95.720827]  ? nsecs_to_jiffies+0x30/0x30
[   95.724955]  ? do_syscall_64+0x9a/0x820
[   95.728930]  ? do_syscall_64+0x9a/0x820
[   95.732888]  exit_to_usermode_loop+0x2e5/0x380
[   95.737464]  ? __bpf_trace_sys_exit+0x30/0x30
[   95.741946]  do_syscall_64+0x6be/0x820
[   95.745813]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   95.751157]  ? syscall_return_slowpath+0x5e0/0x5e0
[   95.756069]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   95.760892]  ? trace_hardirqs_on_caller+0x310/0x310
[   95.765900]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   95.770916]  ? prepare_exit_to_usermode+0x291/0x3b0
[   95.775925]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   95.780753]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   95.785926] RIP: 0033:0x457569
[   95.789102] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   95.807983] RSP: 002b:00007fc9266b2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   95.815684] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   95.822934] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   95.830181] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   95.837435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc9266b36d4
[   95.844680] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   95.852883] Kernel Offset: disabled
[   95.856526] Rebooting in 86400 seconds..