[   29.984777] audit: type=1800 audit(1544034167.753:27): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   30.013489] audit: type=1800 audit(1544034167.753:28): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.669804] audit: type=1800 audit(1544034168.493:29): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   30.688404] audit: type=1800 audit(1544034168.503:30): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.868911] sshd (6071) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
2018/12/05 18:23:29 parsed 1 programs
2018/12/05 18:23:31 executed programs: 0
[   73.424520] IPVS: ftp: loaded support on port[0] = 21
[   73.679972] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.686823] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.694241] device bridge_slave_0 entered promiscuous mode
[   73.712651] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.719179] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.727060] device bridge_slave_1 entered promiscuous mode
[   73.744739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.762546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.814016] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.834578] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.911218] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   73.918755] team0: Port device team_slave_0 added
[   73.935902] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   73.943182] team0: Port device team_slave_1 added
[   73.960411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   73.979442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   73.998685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   74.017898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   74.166082] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.172543] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.179597] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.186019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.703409] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.755252] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.806449] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   74.812827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   74.819963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.873485] 8021q: adding VLAN 0 to HW filter on device team0
2018/12/05 18:23:36 executed programs: 70
2018/12/05 18:23:41 executed programs: 185
[   85.018158] vivid-000: kernel_thread() failed
[   85.839631] ==================================================================
[   85.847149] BUG: KASAN: null-ptr-deref in kthread_stop+0x10d/0x900
[   85.853458] Write of size 4 at addr 000000000000001c by task syz-executor0/7397
[   85.860882] 
[   85.862498] CPU: 1 PID: 7397 Comm: syz-executor0 Not tainted 4.20.0-rc5+ #141
[   85.869752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.879088] Call Trace:
[   85.881669]  dump_stack+0x244/0x39d
[   85.885288]  ? dump_stack_print_info.cold.1+0x20/0x20
[   85.890469]  ? vprintk_func+0x85/0x181
[   85.894363]  kasan_report.cold.8+0x6d/0x309
[   85.898691]  ? kthread_stop+0x10d/0x900
[   85.902655]  check_memory_region+0x13e/0x1b0
[   85.907050]  kasan_check_write+0x14/0x20
[   85.911102]  kthread_stop+0x10d/0x900
[   85.914915]  ? kthread_unpark+0x160/0x160
[   85.919059]  ? __lock_is_held+0xb5/0x140
[   85.923123]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   85.928392]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   85.933919]  ? _vb2_fop_release+0x3f/0x2b0
[   85.938146]  ? mutex_trylock+0x2b0/0x2b0
[   85.942193]  ? vivid_fop_release+0x66/0x440
[   85.946504]  ? __mutex_lock+0x85e/0x16f0
[   85.950561]  vid_cap_stop_streaming+0x8d/0xe0
[   85.955043]  ? vid_cap_buf_queue+0x310/0x310
[   85.959437]  __vb2_queue_cancel+0x171/0xd20
[   85.963776]  ? lock_downgrade+0x900/0x900
[   85.967925]  ? vb2_buffer_done+0xb90/0xb90
[   85.972145]  ? find_held_lock+0x36/0x1c0
[   85.976199]  ? mark_held_locks+0xc7/0x130
[   85.980348]  ? kasan_check_write+0x14/0x20
[   85.984572]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   85.989488]  ? kasan_check_read+0x11/0x20
[   85.993628]  ? wait_for_completion+0x8a0/0x8a0
[   85.998198]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.003293]  vb2_core_streamoff+0x60/0x140
[   86.007523]  __vb2_cleanup_fileio+0x73/0x160
[   86.011936]  vb2_core_queue_release+0x1e/0x80
[   86.016443]  _vb2_fop_release+0x1d2/0x2b0
[   86.020589]  vb2_fop_release+0x77/0xc0
[   86.024468]  vivid_fop_release+0x18e/0x440
[   86.028690]  ? vivid_remove+0x460/0x460
[   86.032659]  v4l2_release+0x224/0x3a0
[   86.036494]  ? dev_debug_store+0x140/0x140
[   86.040716]  __fput+0x385/0xa30
[   86.043988]  ? get_max_files+0x20/0x20
[   86.047888]  ? trace_hardirqs_on+0xbd/0x310
[   86.052221]  ? kasan_check_read+0x11/0x20
[   86.056377]  ? task_work_run+0x1af/0x2a0
[   86.060466]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.065554]  ? check_preemption_disabled+0x48/0x280
[   86.070565]  ____fput+0x15/0x20
[   86.073843]  task_work_run+0x1e8/0x2a0
[   86.077720]  ? task_work_cancel+0x240/0x240
[   86.082046]  get_signal+0x1558/0x1980
[   86.085845]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   86.091642]  ? save_stack+0x43/0xd0
[   86.095258]  ? ptrace_notify+0x130/0x130
[   86.099303]  ? zap_class+0x640/0x640
[   86.103008]  ? find_held_lock+0x36/0x1c0
[   86.107058]  ? __might_fault+0x12b/0x1e0
[   86.111110]  ? poll_select_copy_remaining+0x433/0x6a0
[   86.116292]  do_signal+0x9c/0x21c0
[   86.119820]  ? perf_trace_sched_process_exec+0x860/0x860
[   86.125255]  ? posix_ktime_get_ts+0x15/0x20
[   86.129563]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.134678]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   86.139593]  ? kasan_check_read+0x11/0x20
[   86.143731]  ? setup_sigcontext+0x7d0/0x7d0
[   86.148040]  ? exit_to_usermode_loop+0x8c/0x380
[   86.152694]  ? exit_to_usermode_loop+0x8c/0x380
[   86.157382]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   86.162005]  ? trace_hardirqs_on+0xbd/0x310
[   86.166329]  ? do_syscall_64+0x6be/0x820
[   86.170401]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.175491]  ? nsecs_to_jiffies+0x30/0x30
[   86.179630]  ? do_syscall_64+0x9a/0x820
[   86.183589]  ? do_syscall_64+0x9a/0x820
[   86.187555]  exit_to_usermode_loop+0x2e5/0x380
[   86.192130]  ? __bpf_trace_sys_exit+0x30/0x30
[   86.196635]  do_syscall_64+0x6be/0x820
[   86.200512]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   86.205871]  ? syscall_return_slowpath+0x5e0/0x5e0
[   86.210789]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   86.215623]  ? trace_hardirqs_on_caller+0x310/0x310
[   86.220631]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   86.225635]  ? prepare_exit_to_usermode+0x291/0x3b0
[   86.230645]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   86.235525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.240702] RIP: 0033:0x457569
[   86.243882] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.262769] RSP: 002b:00007f3dc53edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   86.270461] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   86.277718] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   86.284972] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   86.292225] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dc53ee6d4
[   86.299507] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   86.306787] ==================================================================
[   86.314129] Disabling lock debugging due to kernel taint
[   86.320046] Kernel panic - not syncing: panic_on_warn set ...
[   86.325961] CPU: 1 PID: 7397 Comm: syz-executor0 Tainted: G    B             4.20.0-rc5+ #141
[   86.334620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.343952] Call Trace:
[   86.346551]  dump_stack+0x244/0x39d
[   86.350171]  ? dump_stack_print_info.cold.1+0x20/0x20
[   86.355395]  panic+0x2ad/0x55c
[   86.358603]  ? add_taint.cold.5+0x16/0x16
[   86.362741]  ? preempt_schedule+0x4d/0x60
[   86.366876]  ? ___preempt_schedule+0x16/0x18
[   86.371274]  ? trace_hardirqs_on+0xb4/0x310
[   86.375590]  kasan_end_report+0x47/0x4f
[   86.379560]  kasan_report.cold.8+0x76/0x309
[   86.383866]  ? kthread_stop+0x10d/0x900
[   86.387826]  check_memory_region+0x13e/0x1b0
[   86.392219]  kasan_check_write+0x14/0x20
[   86.396264]  kthread_stop+0x10d/0x900
[   86.400048]  ? kthread_unpark+0x160/0x160
[   86.404182]  ? __lock_is_held+0xb5/0x140
[   86.408234]  vivid_stop_generating_vid_cap+0x2bb/0x9ae
[   86.413500]  ? vivid_start_generating_vid_cap+0x4c0/0x4c0
[   86.419037]  ? _vb2_fop_release+0x3f/0x2b0
[   86.423256]  ? mutex_trylock+0x2b0/0x2b0
[   86.427320]  ? vivid_fop_release+0x66/0x440
[   86.431635]  ? __mutex_lock+0x85e/0x16f0
[   86.435694]  vid_cap_stop_streaming+0x8d/0xe0
[   86.440173]  ? vid_cap_buf_queue+0x310/0x310
[   86.444570]  __vb2_queue_cancel+0x171/0xd20
[   86.448880]  ? lock_downgrade+0x900/0x900
[   86.453017]  ? vb2_buffer_done+0xb90/0xb90
[   86.457250]  ? find_held_lock+0x36/0x1c0
[   86.461320]  ? mark_held_locks+0xc7/0x130
[   86.465478]  ? kasan_check_write+0x14/0x20
[   86.469697]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   86.474611]  ? kasan_check_read+0x11/0x20
[   86.478743]  ? wait_for_completion+0x8a0/0x8a0
[   86.483313]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.488439]  vb2_core_streamoff+0x60/0x140
[   86.492661]  __vb2_cleanup_fileio+0x73/0x160
[   86.497057]  vb2_core_queue_release+0x1e/0x80
[   86.501535]  _vb2_fop_release+0x1d2/0x2b0
[   86.505674]  vb2_fop_release+0x77/0xc0
[   86.509582]  vivid_fop_release+0x18e/0x440
[   86.513815]  ? vivid_remove+0x460/0x460
[   86.517789]  v4l2_release+0x224/0x3a0
[   86.521574]  ? dev_debug_store+0x140/0x140
[   86.525795]  __fput+0x385/0xa30
[   86.529075]  ? get_max_files+0x20/0x20
[   86.532945]  ? trace_hardirqs_on+0xbd/0x310
[   86.537266]  ? kasan_check_read+0x11/0x20
[   86.541404]  ? task_work_run+0x1af/0x2a0
[   86.545453]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.550543]  ? check_preemption_disabled+0x48/0x280
[   86.555544]  ____fput+0x15/0x20
[   86.558808]  task_work_run+0x1e8/0x2a0
[   86.562680]  ? task_work_cancel+0x240/0x240
[   86.566987]  get_signal+0x1558/0x1980
[   86.570779]  ? compat_poll_select_copy_remaining+0x6c0/0x6c0
[   86.576579]  ? save_stack+0x43/0xd0
[   86.580197]  ? ptrace_notify+0x130/0x130
[   86.584242]  ? zap_class+0x640/0x640
[   86.587964]  ? find_held_lock+0x36/0x1c0
[   86.592022]  ? __might_fault+0x12b/0x1e0
[   86.596083]  ? poll_select_copy_remaining+0x433/0x6a0
[   86.601265]  do_signal+0x9c/0x21c0
[   86.604788]  ? perf_trace_sched_process_exec+0x860/0x860
[   86.610223]  ? posix_ktime_get_ts+0x15/0x20
[   86.614532]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.619629]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   86.624554]  ? kasan_check_read+0x11/0x20
[   86.628688]  ? setup_sigcontext+0x7d0/0x7d0
[   86.633018]  ? exit_to_usermode_loop+0x8c/0x380
[   86.637680]  ? exit_to_usermode_loop+0x8c/0x380
[   86.642331]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   86.646910]  ? trace_hardirqs_on+0xbd/0x310
[   86.651214]  ? do_syscall_64+0x6be/0x820
[   86.655279]  ? trace_hardirqs_off_caller+0x310/0x310
[   86.660368]  ? nsecs_to_jiffies+0x30/0x30
[   86.664532]  ? do_syscall_64+0x9a/0x820
[   86.668492]  ? do_syscall_64+0x9a/0x820
[   86.672469]  exit_to_usermode_loop+0x2e5/0x380
[   86.677036]  ? __bpf_trace_sys_exit+0x30/0x30
[   86.681536]  do_syscall_64+0x6be/0x820
[   86.685410]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   86.690775]  ? syscall_return_slowpath+0x5e0/0x5e0
[   86.696222]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   86.701047]  ? trace_hardirqs_on_caller+0x310/0x310
[   86.706048]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   86.711070]  ? prepare_exit_to_usermode+0x291/0x3b0
[   86.716077]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   86.720932]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.726118] RIP: 0033:0x457569
[   86.729310] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.748217] RSP: 002b:00007f3dc53edc78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[   86.755935] RAX: 0000000000000003 RBX: 0000000000000005 RCX: 0000000000457569
[   86.763202] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000000
[   86.770455] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[   86.777712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dc53ee6d4
[   86.784974] R13: 00000000004c33a8 R14: 00000000004d54c8 R15: 00000000ffffffff
[   86.793192] Kernel Offset: disabled
[   86.796818] Rebooting in 86400 seconds..