[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.390919] kauditd_printk_skb: 8 callbacks suppressed
[   27.390931] audit: type=1800 audit(1541121405.575:29): pid=5558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.419207] audit: type=1800 audit(1541121405.585:30): pid=5558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   70.130648] ==================================================================
[   70.138337] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   70.146035] Read of size 4 at addr 0000000000000020 by task syz-executor889/5718
[   70.153543] 
[   70.155158] CPU: 1 PID: 5718 Comm: syz-executor889 Not tainted 4.19.0+ #314
[   70.162237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.171575] Call Trace:
[   70.174191]  dump_stack+0x244/0x39d
[   70.177812]  ? dump_stack_print_info.cold.1+0x20/0x20
[   70.182988]  ? __x64_sys_exit_group+0x3e/0x50
[   70.187467]  ? do_syscall_64+0x1b9/0x820
[   70.191515]  ? vprintk_func+0x85/0x181
[   70.195390]  kasan_report.cold.8+0x6d/0x309
[   70.199695]  ? refcount_sub_and_test_checked+0x9d/0x310
[   70.205046]  check_memory_region+0x13e/0x1b0
[   70.209439]  kasan_check_read+0x11/0x20
[   70.213409]  refcount_sub_and_test_checked+0x9d/0x310
[   70.218583]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   70.223148]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   70.228604]  ? vb2_vmalloc_put+0x5f/0x80
[   70.232787]  ? trace_hardirqs_off_caller+0x310/0x310
[   70.237889]  ? __kasan_slab_free+0x119/0x150
[   70.242297]  refcount_dec_and_test_checked+0x1a/0x20
[   70.247390]  vb2_vmalloc_put+0x19/0x80
[   70.251270]  __vb2_buf_mem_free+0x112/0x210
[   70.255661]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   70.260519]  __vb2_queue_free+0x830/0xa30
[   70.264686]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.270237]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   70.275709]  ? locks_remove_file+0x3c6/0x5c0
[   70.280207]  vb2_core_queue_release+0x62/0x80
[   70.284709]  _vb2_fop_release+0x1d2/0x2b0
[   70.289112]  ? _vb2_fop_release+0x2b0/0x2b0
[   70.293418]  vb2_fop_release+0x77/0xc0
[   70.297291]  v4l2_release+0x2f2/0x3a0
[   70.301144]  ? dev_debug_store+0x140/0x140
[   70.305389]  __fput+0x385/0xa30
[   70.308663]  ? get_max_files+0x20/0x20
[   70.312543]  ? trace_hardirqs_on+0xbd/0x310
[   70.316856]  ? kasan_check_read+0x11/0x20
[   70.320990]  ? task_work_run+0x1af/0x2a0
[   70.325040]  ? trace_hardirqs_off_caller+0x310/0x310
[   70.330156]  ____fput+0x15/0x20
[   70.333533]  task_work_run+0x1e8/0x2a0
[   70.337415]  ? task_work_cancel+0x240/0x240
[   70.341720]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   70.347430]  ? switch_task_namespaces+0x9d/0xd0
[   70.352094]  do_exit+0x1ad6/0x26d0
[   70.355625]  ? mm_update_next_owner+0x990/0x990
[   70.360414]  ? kvfree+0x66/0x70
[   70.363721]  ? video_usercopy+0x79b/0x1760
[   70.367950]  ? v4l_s_fmt+0x990/0x990
[   70.371669]  ? v4l_enumstd+0x70/0x70
[   70.375494]  ? rcu_softirq_qs+0x20/0x20
[   70.379466]  ? is_bpf_text_address+0xd3/0x170
[   70.383994]  ? __kernel_text_address+0xd/0x40
[   70.388484]  ? unwind_get_return_address+0x61/0xa0
[   70.393400]  ? __save_stack_trace+0x8d/0xf0
[   70.397720]  ? save_stack+0x43/0xd0
[   70.401454]  ? __kasan_slab_free+0x102/0x150
[   70.405870]  ? kasan_slab_free+0xe/0x10
[   70.409830]  ? kmem_cache_free+0x83/0x290
[   70.413964]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.419321]  ? trace_hardirqs_off+0xb8/0x310
[   70.423723]  ? kasan_check_read+0x11/0x20
[   70.427856]  ? do_raw_spin_unlock+0xa7/0x330
[   70.432250]  ? trace_hardirqs_on+0x310/0x310
[   70.436650]  ? video_usercopy+0x1760/0x1760
[   70.440954]  ? video_ioctl2+0x2c/0x33
[   70.444740]  ? v4l2_ioctl+0x15c/0x1b0
[   70.448535]  ? video_devdata+0xa0/0xa0
[   70.452523]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.458048]  ? do_vfs_ioctl+0x201/0x1720
[   70.462204]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   70.467752]  ? ioctl_preallocate+0x300/0x300
[   70.472163]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.477802]  ? __fget_light+0x2e9/0x430
[   70.481762]  ? fget_raw+0x20/0x20
[   70.485209]  ? rcu_read_lock_sched_held+0x14f/0x180
[   70.490215]  ? kmem_cache_free+0x24f/0x290
[   70.494564]  ? putname+0xf7/0x130
[   70.498019]  do_group_exit+0x177/0x440
[   70.501905]  ? trace_hardirqs_on+0xbd/0x310
[   70.506323]  ? __ia32_sys_exit+0x50/0x50
[   70.510393]  ? trace_hardirqs_off_caller+0x310/0x310
[   70.515480]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.521029]  ? ksys_ioctl+0x81/0xd0
[   70.524682]  __x64_sys_exit_group+0x3e/0x50
[   70.529094]  do_syscall_64+0x1b9/0x820
[   70.532969]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   70.538318]  ? syscall_return_slowpath+0x5e0/0x5e0
[   70.543243]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   70.548078]  ? trace_hardirqs_on_caller+0x310/0x310
[   70.553214]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   70.558223]  ? prepare_exit_to_usermode+0x291/0x3b0
[   70.563228]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   70.568096]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.573292] RIP: 0033:0x442ad8
[   70.576502] Code: Bad RIP value.
[   70.579851] RSP: 002b:00007ffd781dfa78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   70.587556] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   70.594828] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   70.602081] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   70.609340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.616598] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   70.623861] ==================================================================
[   70.631200] Disabling lock debugging due to kernel taint
[   70.637032] Kernel panic - not syncing: panic_on_warn set ...
[   70.642956] CPU: 1 PID: 5718 Comm: syz-executor889 Tainted: G    B             4.19.0+ #314
[   70.651693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.661027] Call Trace:
[   70.663614]  dump_stack+0x244/0x39d
[   70.667307]  ? dump_stack_print_info.cold.1+0x20/0x20
[   70.672500]  panic+0x2ad/0x55c
[   70.675675]  ? add_taint.cold.5+0x16/0x16
[   70.679810]  ? preempt_schedule+0x4d/0x60
[   70.683945]  ? ___preempt_schedule+0x16/0x18
[   70.688459]  ? trace_hardirqs_on+0xb4/0x310
[   70.692764]  kasan_end_report+0x47/0x4f
[   70.696809]  kasan_report.cold.8+0x76/0x309
[   70.701127]  ? refcount_sub_and_test_checked+0x9d/0x310
[   70.706475]  check_memory_region+0x13e/0x1b0
[   70.710886]  kasan_check_read+0x11/0x20
[   70.714848]  refcount_sub_and_test_checked+0x9d/0x310
[   70.720087]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   70.724696]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   70.730148]  ? vb2_vmalloc_put+0x5f/0x80
[   70.734234]  ? trace_hardirqs_off_caller+0x310/0x310
[   70.739333]  ? __kasan_slab_free+0x119/0x150
[   70.743770]  refcount_dec_and_test_checked+0x1a/0x20
[   70.748869]  vb2_vmalloc_put+0x19/0x80
[   70.752743]  __vb2_buf_mem_free+0x112/0x210
[   70.757046]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   70.761892]  __vb2_queue_free+0x830/0xa30
[   70.766031]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.771667]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   70.777104]  ? locks_remove_file+0x3c6/0x5c0
[   70.781706]  vb2_core_queue_release+0x62/0x80
[   70.786193]  _vb2_fop_release+0x1d2/0x2b0
[   70.790331]  ? _vb2_fop_release+0x2b0/0x2b0
[   70.794635]  vb2_fop_release+0x77/0xc0
[   70.798501]  v4l2_release+0x2f2/0x3a0
[   70.802290]  ? dev_debug_store+0x140/0x140
[   70.806515]  __fput+0x385/0xa30
[   70.809870]  ? get_max_files+0x20/0x20
[   70.813776]  ? trace_hardirqs_on+0xbd/0x310
[   70.818103]  ? kasan_check_read+0x11/0x20
[   70.822239]  ? task_work_run+0x1af/0x2a0
[   70.826287]  ? trace_hardirqs_off_caller+0x310/0x310
[   70.831531]  ____fput+0x15/0x20
[   70.834796]  task_work_run+0x1e8/0x2a0
[   70.838668]  ? task_work_cancel+0x240/0x240
[   70.843029]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   70.848554]  ? switch_task_namespaces+0x9d/0xd0
[   70.853208]  do_exit+0x1ad6/0x26d0
[   70.856739]  ? mm_update_next_owner+0x990/0x990
[   70.861396]  ? kvfree+0x66/0x70
[   70.864689]  ? video_usercopy+0x79b/0x1760
[   70.868926]  ? v4l_s_fmt+0x990/0x990
[   70.872628]  ? v4l_enumstd+0x70/0x70
[   70.876332]  ? rcu_softirq_qs+0x20/0x20
[   70.880291]  ? is_bpf_text_address+0xd3/0x170
[   70.884768]  ? __kernel_text_address+0xd/0x40
[   70.889363]  ? unwind_get_return_address+0x61/0xa0
[   70.894302]  ? __save_stack_trace+0x8d/0xf0
[   70.898619]  ? save_stack+0x43/0xd0
[   70.902234]  ? __kasan_slab_free+0x102/0x150
[   70.906627]  ? kasan_slab_free+0xe/0x10
[   70.910586]  ? kmem_cache_free+0x83/0x290
[   70.914740]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.920104]  ? trace_hardirqs_off+0xb8/0x310
[   70.924497]  ? kasan_check_read+0x11/0x20
[   70.928644]  ? do_raw_spin_unlock+0xa7/0x330
[   70.933032]  ? trace_hardirqs_on+0x310/0x310
[   70.937423]  ? video_usercopy+0x1760/0x1760
[   70.941723]  ? video_ioctl2+0x2c/0x33
[   70.945621]  ? v4l2_ioctl+0x15c/0x1b0
[   70.949413]  ? video_devdata+0xa0/0xa0
[   70.953280]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.958921]  ? do_vfs_ioctl+0x201/0x1720
[   70.962967]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   70.968493]  ? ioctl_preallocate+0x300/0x300
[   70.972893]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.978417]  ? __fget_light+0x2e9/0x430
[   70.982378]  ? fget_raw+0x20/0x20
[   70.985839]  ? rcu_read_lock_sched_held+0x14f/0x180
[   70.990835]  ? kmem_cache_free+0x24f/0x290
[   70.995062]  ? putname+0xf7/0x130
[   70.998501]  do_group_exit+0x177/0x440
[   71.002376]  ? trace_hardirqs_on+0xbd/0x310
[   71.006680]  ? __ia32_sys_exit+0x50/0x50
[   71.010825]  ? trace_hardirqs_off_caller+0x310/0x310
[   71.016017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   71.021547]  ? ksys_ioctl+0x81/0xd0
[   71.025160]  __x64_sys_exit_group+0x3e/0x50
[   71.029472]  do_syscall_64+0x1b9/0x820
[   71.033353]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   71.038714]  ? syscall_return_slowpath+0x5e0/0x5e0
[   71.043633]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   71.048463]  ? trace_hardirqs_on_caller+0x310/0x310
[   71.053458]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   71.058458]  ? prepare_exit_to_usermode+0x291/0x3b0
[   71.063472]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   71.068303]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.073479] RIP: 0033:0x442ad8
[   71.076662] Code: Bad RIP value.
[   71.080005] RSP: 002b:00007ffd781dfa78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   71.087705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   71.094963] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   71.102225] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   71.109503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.116854] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   71.125028] Kernel Offset: disabled
[   71.128650] Rebooting in 86400 seconds..