[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   41.949705][   T21] kauditd_printk_skb: 8 callbacks suppressed
[   41.949714][   T21] audit: type=1800 audit(1556653827.621:29): pid=4854 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   41.975953][   T21] audit: type=1800 audit(1556653827.631:30): pid=4854 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   56.501622][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   56.871638][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   56.879919][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   56.890190][   T12] usb 1-1: config 0 has no interface number 0
[   56.896298][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   56.906314][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   56.915371][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.925041][   T12] usb 1-1: config 0 descriptor??
[   56.983544][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   56.990888][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   56.997341][   T12] usb 1-1: 320x240 mode selected
[   57.002483][   T12] zr364xx: start read pipe failed
executing program
[   57.203444][   T12] usb 1-1: Zoran 364xx controlling device video32
[   57.212212][   T12] usb 1-1: USB disconnect, device number 2
[   57.312676][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   57.671575][   T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   58.031643][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   58.039823][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   58.050144][   T12] usb 1-1: config 0 has no interface number 0
[   58.056288][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   58.066491][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   58.075624][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.091229][   T12] usb 1-1: config 0 descriptor??
[   58.133049][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   58.140293][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   58.146680][   T12] usb 1-1: 320x240 mode selected
[   58.151809][   T12] zr364xx: start read pipe failed
executing program
[   58.352369][   T12] usb 1-1: Zoran 364xx controlling device video32
[   58.360210][   T12] usb 1-1: USB disconnect, device number 3
[   58.461161][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   58.811600][   T12] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   59.181610][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   59.189861][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   59.200013][   T12] usb 1-1: config 0 has no interface number 0
[   59.206217][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   59.216159][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   59.225197][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.233981][   T12] usb 1-1: config 0 descriptor??
[   59.273026][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   59.280261][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   59.286640][   T12] usb 1-1: 320x240 mode selected
[   59.291779][   T12] zr364xx: start read pipe failed
executing program
[   59.492397][   T12] usb 1-1: Zoran 364xx controlling device video32
[   59.500818][   T12] usb 1-1: USB disconnect, device number 4
[   59.604029][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   59.971550][   T12] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   60.351636][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   60.359837][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   60.369945][   T12] usb 1-1: config 0 has no interface number 0
[   60.376074][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   60.386018][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   60.395054][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.404081][   T12] usb 1-1: config 0 descriptor??
[   60.442922][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   60.450168][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   60.456695][   T12] usb 1-1: 320x240 mode selected
[   60.461830][   T12] zr364xx: start read pipe failed
executing program
[   60.662186][   T12] usb 1-1: Zoran 364xx controlling device video32
[   60.669781][   T12] usb 1-1: USB disconnect, device number 5
[   60.770777][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   61.151580][   T12] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   61.511623][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   61.519798][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   61.529914][   T12] usb 1-1: config 0 has no interface number 0
[   61.536018][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   61.545939][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   61.554979][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.564258][   T12] usb 1-1: config 0 descriptor??
[   61.602918][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   61.610143][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   61.616484][   T12] usb 1-1: 320x240 mode selected
[   61.621741][   T12] zr364xx: start read pipe failed
executing program
[   61.822320][   T12] usb 1-1: Zoran 364xx controlling device video32
[   61.830036][   T12] usb 1-1: USB disconnect, device number 6
[   61.930936][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   62.281619][   T12] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   62.701637][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   62.709816][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   62.719945][   T12] usb 1-1: config 0 has no interface number 0
[   62.726101][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   62.736045][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   62.745069][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.754250][   T12] usb 1-1: config 0 descriptor??
[   62.793092][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   62.800352][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   62.806746][   T12] usb 1-1: 320x240 mode selected
[   62.811977][   T12] zr364xx: start read pipe failed
executing program
[   63.012348][   T12] usb 1-1: Zoran 364xx controlling device video32
[   63.020014][   T12] usb 1-1: USB disconnect, device number 7
[   63.121186][   T12] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged
[   63.501557][   T12] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   63.921625][   T12] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[   63.929892][   T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   63.940046][   T12] usb 1-1: config 0 has no interface number 0
[   63.946149][   T12] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0
[   63.956079][   T12] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91
[   63.965138][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.974006][   T12] usb 1-1: config 0 descriptor??
[   64.023078][   T12] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged
[   64.030340][   T12] zr364xx 1-1:0.107: model 052b:1a18 detected
[   64.036571][   T12] usb 1-1: 320x240 mode selected
[   64.041717][   T12] zr364xx: start read pipe failed
executing program
[   64.222167][   T12] usb 1-1: Zoran 364xx controlling device video32
[   64.229927][   T12] usb 1-1: USB disconnect, device number 8
[   64.330692][ T5029] ==================================================================
[   64.338897][ T5029] BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20
[   64.346321][ T5029] Read of size 1 at addr 0000000000000000 by task v4l_id/5029
[   64.353758][ T5029] 
[   64.356069][ T5029] CPU: 0 PID: 5029 Comm: v4l_id Not tainted 5.1.0-rc3-319004-g43151d6 #6
[   64.364445][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.374474][ T5029] Call Trace:
[   64.377755][ T5029]  dump_stack+0xe8/0x16e
[   64.381972][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.387086][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.392086][ T5029]  kasan_report.cold+0x5/0x3c
[   64.396736][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.401734][ T5029]  read_word_at_a_time+0xe/0x20
[   64.406564][ T5029]  strscpy+0x8a/0x280
[   64.410529][ T5029]  zr364xx_vidioc_querycap+0xb5/0x210
[   64.415965][ T5029]  v4l_querycap+0x12b/0x340
[   64.420451][ T5029]  __video_do_ioctl+0x5bb/0xb40
[   64.425281][ T5029]  ? copy_overflow+0x30/0x30
[   64.429852][ T5029]  ? save_stack+0x89/0xa0
[   64.434159][ T5029]  ? __kasan_slab_free+0x130/0x180
[   64.439246][ T5029]  video_usercopy+0x44e/0xf00
[   64.443898][ T5029]  ? copy_overflow+0x30/0x30
[   64.448460][ T5029]  ? v4l_enumstd+0x70/0x70
[   64.452857][ T5029]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   64.458634][ T5029]  ? video_usercopy+0xf00/0xf00
[   64.463602][ T5029]  v4l2_ioctl+0x14e/0x1a0
[   64.467916][ T5029]  ? video_devdata+0xa0/0xa0
[   64.472488][ T5029]  do_vfs_ioctl+0xced/0x12f0
[   64.477052][ T5029]  ? ioctl_preallocate+0x200/0x200
[   64.482136][ T5029]  ? putname+0xe6/0x120
[   64.486270][ T5029]  ? rcu_read_lock_sched_held+0x10f/0x130
[   64.491963][ T5029]  ? putname+0xe6/0x120
[   64.496098][ T5029]  ? kmem_cache_free+0x25c/0x2b0
[   64.501011][ T5029]  ? putname+0xe6/0x120
[   64.505152][ T5029]  ? do_sys_open+0x2ec/0x590
[   64.509723][ T5029]  ksys_ioctl+0xa0/0xc0
[   64.513854][ T5029]  __x64_sys_ioctl+0x74/0xb0
[   64.518415][ T5029]  ? lockdep_hardirqs_on+0x37e/0x580
[   64.523679][ T5029]  do_syscall_64+0xcf/0x4f0
[   64.528260][ T5029]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.534142][ T5029] RIP: 0033:0x7f949488e347
[   64.538655][ T5029] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64
[   64.558286][ T5029] RSP: 002b:00007fff560e2d38 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   64.566677][ T5029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f949488e347
[   64.574628][ T5029] RDX: 00007fff560e2d40 RSI: 0000000080685600 RDI: 0000000000000003
[   64.582581][ T5029] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   64.590527][ T5029] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884
[   64.598527][ T5029] R13: 00007fff560e2e90 R14: 0000000000000000 R15: 0000000000000000
[   64.606495][ T5029] ==================================================================
[   64.614533][ T5029] Disabling lock debugging due to kernel taint
[   64.620769][ T5029] Kernel panic - not syncing: panic_on_warn set ...
[   64.627340][ T5029] CPU: 0 PID: 5029 Comm: v4l_id Tainted: G    B             5.1.0-rc3-319004-g43151d6 #6
[   64.637108][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.647300][ T5029] Call Trace:
[   64.650642][ T5029]  dump_stack+0xe8/0x16e
[   64.662201][ T5029]  panic+0x29d/0x5f2
[   64.666080][ T5029]  ? __warn_printk+0xf8/0xf8
[   64.670647][ T5029]  ? retint_kernel+0x10/0x10
[   64.675211][ T5029]  ? trace_hardirqs_on+0x55/0x1c0
[   64.680217][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.685219][ T5029]  end_report+0x48/0x4e
[   64.689463][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.694587][ T5029]  kasan_report.cold+0xd/0x3c
[   64.699247][ T5029]  ? read_word_at_a_time+0xe/0x20
[   64.704251][ T5029]  read_word_at_a_time+0xe/0x20
[   64.709078][ T5029]  strscpy+0x8a/0x280
[   64.713039][ T5029]  zr364xx_vidioc_querycap+0xb5/0x210
[   64.718392][ T5029]  v4l_querycap+0x12b/0x340
[   64.722886][ T5029]  __video_do_ioctl+0x5bb/0xb40
[   64.727724][ T5029]  ? copy_overflow+0x30/0x30
[   64.732297][ T5029]  ? save_stack+0x89/0xa0
[   64.736603][ T5029]  ? __kasan_slab_free+0x130/0x180
[   64.741691][ T5029]  video_usercopy+0x44e/0xf00
[   64.746343][ T5029]  ? copy_overflow+0x30/0x30
[   64.750907][ T5029]  ? v4l_enumstd+0x70/0x70
[   64.755301][ T5029]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   64.761079][ T5029]  ? video_usercopy+0xf00/0xf00
[   64.765904][ T5029]  v4l2_ioctl+0x14e/0x1a0
[   64.770207][ T5029]  ? video_devdata+0xa0/0xa0
[   64.774786][ T5029]  do_vfs_ioctl+0xced/0x12f0
[   64.779363][ T5029]  ? ioctl_preallocate+0x200/0x200
[   64.784456][ T5029]  ? putname+0xe6/0x120
[   64.788599][ T5029]  ? rcu_read_lock_sched_held+0x10f/0x130
[   64.794298][ T5029]  ? putname+0xe6/0x120
[   64.798430][ T5029]  ? kmem_cache_free+0x25c/0x2b0
[   64.803349][ T5029]  ? putname+0xe6/0x120
[   64.807488][ T5029]  ? do_sys_open+0x2ec/0x590
[   64.812061][ T5029]  ksys_ioctl+0xa0/0xc0
[   64.816200][ T5029]  __x64_sys_ioctl+0x74/0xb0
[   64.820766][ T5029]  ? lockdep_hardirqs_on+0x37e/0x580
[   64.826027][ T5029]  do_syscall_64+0xcf/0x4f0
[   64.830509][ T5029]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.836381][ T5029] RIP: 0033:0x7f949488e347
[   64.840773][ T5029] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64
[   64.860361][ T5029] RSP: 002b:00007fff560e2d38 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   64.868748][ T5029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f949488e347
[   64.876696][ T5029] RDX: 00007fff560e2d40 RSI: 0000000080685600 RDI: 0000000000000003
[   64.884643][ T5029] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   64.892676][ T5029] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884
[   64.900621][ T5029] R13: 00007fff560e2e90 R14: 0000000000000000 R15: 0000000000000000
[   64.909876][ T5029] Kernel Offset: disabled
[   64.914203][ T5029] Rebooting in 86400 seconds..