[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.103786] kauditd_printk_skb: 8 callbacks suppressed
[   29.103803] audit: type=1800 audit(1544030881.715:29): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.133350] audit: type=1800 audit(1544030881.715:30): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.669387] sshd (6070) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
2018/12/05 17:28:20 parsed 1 programs
2018/12/05 17:28:22 executed programs: 0
[   49.426493] IPVS: ftp: loaded support on port[0] = 21
[   49.684405] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.692154] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.699282] device bridge_slave_0 entered promiscuous mode
[   49.718273] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.724714] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.731771] device bridge_slave_1 entered promiscuous mode
[   49.748676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   49.766209] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   49.817452] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   49.838062] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   49.914417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   49.921709] team0: Port device team_slave_0 added
[   49.938357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   49.945559] team0: Port device team_slave_1 added
[   49.963150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   49.982619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   50.002812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.023230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.170365] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.176909] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.183900] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.190302] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.712572] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.763941] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   50.814272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   50.820773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   50.829116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.882007] 8021q: adding VLAN 0 to HW filter on device team0
2018/12/05 17:28:27 executed programs: 61
2018/12/05 17:28:32 executed programs: 165
2018/12/05 17:28:37 executed programs: 248
2018/12/05 17:28:42 executed programs: 379
[   71.307437] vivid-000: kernel_thread() failed
[   72.128660] ==================================================================
[   72.136176] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900
[   72.142493] Write of size 4 at addr 000000000000001c by task syz-executor0/8325
[   72.149931] 
[   72.151549] CPU: 1 PID: 8325 Comm: syz-executor0 Not tainted 4.20.0-rc5+ #362
[   72.158799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.168136] Call Trace:
[   72.170712]  dump_stack+0x244/0x39d
[   72.174330]  ? dump_stack_print_info.cold.1+0x20/0x20
[   72.179512]  ? vprintk_func+0x85/0x181
[   72.183392]  kasan_report.cold.8+0x6d/0x309
[   72.187715]  ? kthread_stop+0x10d/0x900
[   72.191679]  check_memory_region+0x13e/0x1b0
[   72.196073]  kasan_check_write+0x14/0x20
[   72.200136]  kthread_stop+0x10d/0x900
[   72.203922]  ? kthread_unpark+0x160/0x160
[   72.208062]  ? __lock_is_held+0xb5/0x140
[   72.212118]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   72.217386]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   72.222934]  ? _vb2_fop_release+0x3f/0x2b0
[   72.227159]  ? mutex_trylock+0x2b0/0x2b0
[   72.231205]  ? vivid_fop_release+0x66/0x440
[   72.235515]  ? __mutex_lock+0x85e/0x16f0
[   72.239568]  vid_cap_stop_streaming+0x8d/0xe0
[   72.244052]  ? vid_cap_buf_queue+0x310/0x310
[   72.248445]  __vb2_queue_cancel+0x171/0xd20
[   72.252752]  ? lock_downgrade+0x900/0x900
[   72.256896]  ? vb2_buffer_done+0xb90/0xb90
[   72.261123]  ? find_held_lock+0x36/0x1c0
[   72.265186]  ? mark_held_locks+0xc7/0x130
[   72.269320]  ? kasan_check_write+0x14/0x20
[   72.273551]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   72.278491]  ? kasan_check_read+0x11/0x20
[   72.282622]  ? wait_for_completion+0x8a0/0x8a0
[   72.287188]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.292305]  vb2_core_streamoff+0x60/0x140
[   72.296542]  __vb2_cleanup_fileio+0x73/0x160
[   72.300938]  vb2_core_queue_release+0x1e/0x80
[   72.305418]  _vb2_fop_release+0x1d2/0x2b0
[   72.309558]  vb2_fop_release+0x77/0xc0
[   72.313431]  vivid_fop_release+0x18e/0x440
[   72.317653]  ? vivid_remove+0x460/0x460
[   72.321616]  v4l2_release+0x224/0x3a0
[   72.325405]  ? dev_debug_store+0x140/0x140
[   72.329626]  __fput+0x385/0xa30
[   72.332894]  ? get_max_files+0x20/0x20
[   72.336769]  ? trace_hardirqs_on+0xbd/0x310
[   72.341076]  ? kasan_check_read+0x11/0x20
[   72.345209]  ? task_work_run+0x1af/0x2a0
[   72.349254]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.354347]  ? check_preemption_disabled+0x48/0x280
[   72.359354]  ____fput+0x15/0x20
[   72.362621]  task_work_run+0x1e8/0x2a0
[   72.366493]  ? task_work_cancel+0x240/0x240
[   72.370804]  get_signal+0x1558/0x1980
[   72.374593]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   72.380391]  ? save_stack+0x43/0xd0
[   72.384016]  ? ptrace_notify+0x130/0x130
[   72.388075]  ? zap_class+0x640/0x640
[   72.391795]  ? find_held_lock+0x36/0x1c0
[   72.395847]  ? __might_fault+0x12b/0x1e0
[   72.399904]  ? poll_select_copy_remaining+0x433/0x6a0
[   72.405098]  do_signal+0x9c/0x21c0
[   72.408678]  ? perf_trace_sched_process_exec+0x860/0x860
[   72.414115]  ? posix_ktime_get_ts+0x15/0x20
[   72.418421]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.423511]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   72.428440]  ? kasan_check_read+0x11/0x20
[   72.432577]  ? setup_sigcontext+0x7d0/0x7d0
[   72.436892]  ? exit_to_usermode_loop+0x8c/0x380
[   72.441546]  ? exit_to_usermode_loop+0x8c/0x380
[   72.446201]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   72.450784]  ? trace_hardirqs_on+0xbd/0x310
[   72.455108]  ? do_syscall_64+0x6be/0x820
[   72.459167]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.464258]  ? nsecs_to_jiffies+0x30/0x30
[   72.468392]  ? do_syscall_64+0x9a/0x820
[   72.472350]  ? do_syscall_64+0x9a/0x820
[   72.476316]  exit_to_usermode_loop+0x2e5/0x380
[   72.480898]  ? __bpf_trace_sys_exit+0x30/0x30
[   72.485394]  do_syscall_64+0x6be/0x820
[   72.489269]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   72.494620]  ? syscall_return_slowpath+0x5e0/0x5e0
[   72.499533]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   72.504359]  ? trace_hardirqs_on_caller+0x310/0x310
[   72.509370]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   72.514378]  ? prepare_exit_to_usermode+0x291/0x3b0
[   72.519386]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   72.524216]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   72.529387] RIP: 0033:0x457569
[   72.532570] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.551456] RSP: 002b:00007f7567938c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   72.559146] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   72.566415] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   72.573680] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   72.580946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75679396d4
[   72.588206] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   72.595490] ==================================================================
[   72.602829] Disabling lock debugging due to kernel taint
[   72.608971] Kernel panic - not syncing: panic_on_warn set ...
[   72.614877] CPU: 0 PID: 8325 Comm: syz-executor0 Tainted: G    B             4.20.0-rc5+ #362
[   72.623519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.632855] Call Trace:
[   72.635430]  dump_stack+0x244/0x39d
[   72.639038]  ? dump_stack_print_info.cold.1+0x20/0x20
[   72.644215]  panic+0x2ad/0x55c
[   72.647388]  ? add_taint.cold.5+0x16/0x16
[   72.651519]  ? preempt_schedule+0x4d/0x60
[   72.655653]  ? ___preempt_schedule+0x16/0x18
[   72.660042]  ? trace_hardirqs_on+0xb4/0x310
[   72.664347]  kasan_end_report+0x47/0x4f
[   72.668315]  kasan_report.cold.8+0x76/0x309
[   72.672644]  ? kthread_stop+0x10d/0x900
[   72.676603]  check_memory_region+0x13e/0x1b0
[   72.680992]  kasan_check_write+0x14/0x20
[   72.685034]  kthread_stop+0x10d/0x900
[   72.688814]  ? kthread_unpark+0x160/0x160
[   72.692945]  ? __lock_is_held+0xb5/0x140
[   72.696997]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   72.702287]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   72.707806]  ? _vb2_fop_release+0x3f/0x2b0
[   72.712026]  ? mutex_trylock+0x2b0/0x2b0
[   72.716070]  ? vivid_fop_release+0x66/0x440
[   72.720375]  ? __mutex_lock+0x85e/0x16f0
[   72.724426]  vid_cap_stop_streaming+0x8d/0xe0
[   72.728901]  ? vid_cap_buf_queue+0x310/0x310
[   72.733292]  __vb2_queue_cancel+0x171/0xd20
[   72.737595]  ? lock_downgrade+0x900/0x900
[   72.741730]  ? vb2_buffer_done+0xb90/0xb90
[   72.745946]  ? find_held_lock+0x36/0x1c0
[   72.749988]  ? mark_held_locks+0xc7/0x130
[   72.754119]  ? kasan_check_write+0x14/0x20
[   72.758382]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   72.763307]  ? kasan_check_read+0x11/0x20
[   72.767439]  ? wait_for_completion+0x8a0/0x8a0
[   72.772006]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.777094]  vb2_core_streamoff+0x60/0x140
[   72.781324]  __vb2_cleanup_fileio+0x73/0x160
[   72.785712]  vb2_core_queue_release+0x1e/0x80
[   72.790189]  _vb2_fop_release+0x1d2/0x2b0
[   72.794368]  vb2_fop_release+0x77/0xc0
[   72.798238]  vivid_fop_release+0x18e/0x440
[   72.802457]  ? vivid_remove+0x460/0x460
[   72.806414]  v4l2_release+0x224/0x3a0
[   72.810198]  ? dev_debug_store+0x140/0x140
[   72.814427]  __fput+0x385/0xa30
[   72.817690]  ? get_max_files+0x20/0x20
[   72.821559]  ? trace_hardirqs_on+0xbd/0x310
[   72.825872]  ? kasan_check_read+0x11/0x20
[   72.830001]  ? task_work_run+0x1af/0x2a0
[   72.834047]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.839136]  ? check_preemption_disabled+0x48/0x280
[   72.844136]  ____fput+0x15/0x20
[   72.847395]  task_work_run+0x1e8/0x2a0
[   72.851262]  ? task_work_cancel+0x240/0x240
[   72.855566]  get_signal+0x1558/0x1980
[   72.859368]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   72.865163]  ? save_stack+0x43/0xd0
[   72.868770]  ? ptrace_notify+0x130/0x130
[   72.873019]  ? zap_class+0x640/0x640
[   72.876724]  ? find_held_lock+0x36/0x1c0
[   72.880781]  ? __might_fault+0x12b/0x1e0
[   72.884823]  ? poll_select_copy_remaining+0x433/0x6a0
[   72.889995]  do_signal+0x9c/0x21c0
[   72.893518]  ? perf_trace_sched_process_exec+0x860/0x860
[   72.898950]  ? posix_ktime_get_ts+0x15/0x20
[   72.903254]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.908349]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   72.913259]  ? kasan_check_read+0x11/0x20
[   72.917386]  ? setup_sigcontext+0x7d0/0x7d0
[   72.921688]  ? exit_to_usermode_loop+0x8c/0x380
[   72.926338]  ? exit_to_usermode_loop+0x8c/0x380
[   72.930989]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   72.935553]  ? trace_hardirqs_on+0xbd/0x310
[   72.939860]  ? do_syscall_64+0x6be/0x820
[   72.943910]  ? trace_hardirqs_off_caller+0x310/0x310
[   72.948992]  ? nsecs_to_jiffies+0x30/0x30
[   72.953123]  ? do_syscall_64+0x9a/0x820
[   72.957075]  ? do_syscall_64+0x9a/0x820
[   72.961039]  exit_to_usermode_loop+0x2e5/0x380
[   72.965602]  ? __bpf_trace_sys_exit+0x30/0x30
[   72.970079]  do_syscall_64+0x6be/0x820
[   72.973948]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   72.979291]  ? syscall_return_slowpath+0x5e0/0x5e0
[   72.984202]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   72.989040]  ? trace_hardirqs_on_caller+0x310/0x310
[   72.994040]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   72.999037]  ? prepare_exit_to_usermode+0x291/0x3b0
[   73.004049]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   73.008882]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   73.014051] RIP: 0033:0x457569
[   73.017253] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   73.036150] RSP: 002b:00007f7567938c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   73.043836] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   73.051092] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   73.058342] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   73.065592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75679396d4
[   73.072840] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   73.081011] Kernel Offset: disabled
[   73.084635] Rebooting in 86400 seconds..