[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.206756] kauditd_printk_skb: 7 callbacks suppressed
[   27.206766] audit: type=1800 audit(1541097953.184:29): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.232406] audit: type=1800 audit(1541097953.184:30): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.873609] sshd (5647) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
executing program
[   43.856814] ==================================================================
[   43.864418] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   43.872131] Read of size 4 at addr 0000000000000020 by task syz-executor830/5663
[   43.879752] 
[   43.881374] CPU: 1 PID: 5663 Comm: syz-executor830 Not tainted 4.19.0-next-20181101+ #103
[   43.889832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.899175] Call Trace:
[   43.901753]  dump_stack+0x244/0x39d
[   43.905368]  ? dump_stack_print_info.cold.1+0x20/0x20
[   43.910545]  ? __x64_sys_exit_group+0x3e/0x50
[   43.915138]  ? do_syscall_64+0x1b9/0x820
[   43.919191]  ? vprintk_func+0x85/0x181
[   43.923068]  kasan_report.cold.8+0x6d/0x309
[   43.927677]  ? refcount_sub_and_test_checked+0x9d/0x310
[   43.933051]  check_memory_region+0x13e/0x1b0
[   43.937453]  kasan_check_read+0x11/0x20
[   43.941424]  refcount_sub_and_test_checked+0x9d/0x310
[   43.946692]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   43.951289]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   43.956733]  ? vb2_vmalloc_put+0x5f/0x80
[   43.960783]  ? trace_hardirqs_off_caller+0x300/0x300
[   43.965934]  ? __kasan_slab_free+0x119/0x150
[   43.970361]  refcount_dec_and_test_checked+0x1a/0x20
[   43.975469]  vb2_vmalloc_put+0x19/0x80
[   43.979479]  __vb2_buf_mem_free+0x112/0x210
[   43.984047]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   43.988885]  __vb2_queue_free+0x830/0xa30
[   43.993026]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.998553]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   44.003997]  vb2_core_queue_release+0x62/0x80
[   44.008490]  _vb2_fop_release+0x1d2/0x2b0
[   44.012627]  ? _vb2_fop_release+0x2b0/0x2b0
[   44.016932]  vb2_fop_release+0x77/0xc0
[   44.020807]  v4l2_release+0x2f2/0x3a0
[   44.024619]  __fput+0x3bc/0xa70
[   44.027892]  ? dev_debug_store+0x140/0x140
[   44.032117]  ? get_max_files+0x20/0x20
[   44.035995]  ? trace_hardirqs_on+0xbd/0x310
[   44.040307]  ? kasan_check_read+0x11/0x20
[   44.044444]  ? task_work_run+0x1af/0x2a0
[   44.048511]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.053616]  ____fput+0x15/0x20
[   44.056891]  task_work_run+0x1e8/0x2a0
[   44.060781]  ? task_work_cancel+0x240/0x240
[   44.065113]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   44.070658]  ? switch_task_namespaces+0x9d/0xd0
[   44.075322]  do_exit+0x1ad1/0x26d0
[   44.078856]  ? mm_update_next_owner+0x990/0x990
[   44.083622]  ? kvfree+0x66/0x70
[   44.086901]  ? video_usercopy+0x79b/0x1750
[   44.091129]  ? v4l_s_fmt+0x990/0x990
[   44.094836]  ? v4l_enumstd+0x70/0x70
[   44.098535]  ? rcu_softirq_qs+0x20/0x20
[   44.102498]  ? is_bpf_text_address+0xd3/0x170
[   44.106982]  ? __kernel_text_address+0xd/0x40
[   44.111567]  ? unwind_get_return_address+0x61/0xa0
[   44.116501]  ? __save_stack_trace+0x8d/0xf0
[   44.120826]  ? save_stack+0x43/0xd0
[   44.124436]  ? __kasan_slab_free+0x102/0x150
[   44.128826]  ? kasan_slab_free+0xe/0x10
[   44.132781]  ? kmem_cache_free+0x83/0x290
[   44.136927]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.142290]  ? trace_hardirqs_off+0xb8/0x310
[   44.146785]  ? kasan_check_read+0x11/0x20
[   44.150934]  ? do_raw_spin_unlock+0xa7/0x330
[   44.155337]  ? trace_hardirqs_on+0x310/0x310
[   44.159860]  ? video_usercopy+0x1750/0x1750
[   44.164193]  ? video_ioctl2+0x2c/0x33
[   44.168256]  ? v4l2_ioctl+0x15c/0x1b0
[   44.172554]  ? video_devdata+0xa0/0xa0
[   44.176432]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.181959]  ? do_vfs_ioctl+0x201/0x1790
[   44.186012]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   44.191544]  ? ioctl_preallocate+0x300/0x300
[   44.195949]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.201733]  ? __fget_light+0x2e9/0x430
[   44.205715]  ? fget_raw+0x20/0x20
[   44.209166]  ? rcu_read_lock_sched_held+0x14f/0x180
[   44.214186]  ? kmem_cache_free+0x24f/0x290
[   44.218415]  ? putname+0xf7/0x130
[   44.221860]  do_group_exit+0x177/0x440
[   44.225749]  ? trace_hardirqs_on+0xbd/0x310
[   44.230079]  ? __ia32_sys_exit+0x50/0x50
[   44.234136]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.239368]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.244908]  ? ksys_ioctl+0x81/0xd0
[   44.248540]  __x64_sys_exit_group+0x3e/0x50
[   44.252851]  do_syscall_64+0x1b9/0x820
[   44.256728]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   44.262101]  ? syscall_return_slowpath+0x5e0/0x5e0
[   44.267031]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.271873]  ? trace_hardirqs_on_caller+0x310/0x310
[   44.277152]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   44.282156]  ? prepare_exit_to_usermode+0x291/0x3b0
[   44.287165]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.292002]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.297271] RIP: 0033:0x442ad8
[   44.300469] Code: Bad RIP value.
[   44.303827] RSP: 002b:00007ffce1a2b7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.311520] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   44.318935] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   44.326310] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   44.333641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.340908] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   44.348182] ==================================================================
[   44.355583] Disabling lock debugging due to kernel taint
[   44.361476] Kernel panic - not syncing: panic_on_warn set ...
[   44.367374] CPU: 1 PID: 5663 Comm: syz-executor830 Tainted: G    B             4.19.0-next-20181101+ #103
[   44.377064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.386507] Call Trace:
[   44.389089]  dump_stack+0x244/0x39d
[   44.392786]  ? dump_stack_print_info.cold.1+0x20/0x20
[   44.398098]  panic+0x2ad/0x55c
[   44.401277]  ? add_taint.cold.5+0x16/0x16
[   44.405418]  ? preempt_schedule+0x4d/0x60
[   44.409551]  ? ___preempt_schedule+0x16/0x18
[   44.413944]  ? trace_hardirqs_on+0xb4/0x310
[   44.418268]  kasan_end_report+0x47/0x4f
[   44.422226]  kasan_report.cold.8+0x76/0x309
[   44.426531]  ? refcount_sub_and_test_checked+0x9d/0x310
[   44.431894]  check_memory_region+0x13e/0x1b0
[   44.436308]  kasan_check_read+0x11/0x20
[   44.440275]  refcount_sub_and_test_checked+0x9d/0x310
[   44.445453]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   44.450031]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   44.455583]  ? vb2_vmalloc_put+0x5f/0x80
[   44.459961]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.465234]  ? __kasan_slab_free+0x119/0x150
[   44.469641]  refcount_dec_and_test_checked+0x1a/0x20
[   44.475297]  vb2_vmalloc_put+0x19/0x80
[   44.479314]  __vb2_buf_mem_free+0x112/0x210
[   44.483621]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   44.488449]  __vb2_queue_free+0x830/0xa30
[   44.492591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.498119]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   44.503617]  vb2_core_queue_release+0x62/0x80
[   44.508119]  _vb2_fop_release+0x1d2/0x2b0
[   44.512264]  ? _vb2_fop_release+0x2b0/0x2b0
[   44.516580]  vb2_fop_release+0x77/0xc0
[   44.520659]  v4l2_release+0x2f2/0x3a0
[   44.524471]  __fput+0x3bc/0xa70
[   44.527924]  ? dev_debug_store+0x140/0x140
[   44.532163]  ? get_max_files+0x20/0x20
[   44.536055]  ? trace_hardirqs_on+0xbd/0x310
[   44.540363]  ? kasan_check_read+0x11/0x20
[   44.544505]  ? task_work_run+0x1af/0x2a0
[   44.548565]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.553809]  ____fput+0x15/0x20
[   44.557086]  task_work_run+0x1e8/0x2a0
[   44.560975]  ? task_work_cancel+0x240/0x240
[   44.565284]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   44.570805]  ? switch_task_namespaces+0x9d/0xd0
[   44.575464]  do_exit+0x1ad1/0x26d0
[   44.579005]  ? mm_update_next_owner+0x990/0x990
[   44.583821]  ? kvfree+0x66/0x70
[   44.587096]  ? video_usercopy+0x79b/0x1750
[   44.591423]  ? v4l_s_fmt+0x990/0x990
[   44.595180]  ? v4l_enumstd+0x70/0x70
[   44.598882]  ? rcu_softirq_qs+0x20/0x20
[   44.602847]  ? is_bpf_text_address+0xd3/0x170
[   44.607333]  ? __kernel_text_address+0xd/0x40
[   44.612018]  ? unwind_get_return_address+0x61/0xa0
[   44.616949]  ? __save_stack_trace+0x8d/0xf0
[   44.621272]  ? save_stack+0x43/0xd0
[   44.624891]  ? __kasan_slab_free+0x102/0x150
[   44.629286]  ? kasan_slab_free+0xe/0x10
[   44.633254]  ? kmem_cache_free+0x83/0x290
[   44.637585]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.643071]  ? trace_hardirqs_off+0xb8/0x310
[   44.647469]  ? kasan_check_read+0x11/0x20
[   44.651613]  ? do_raw_spin_unlock+0xa7/0x330
[   44.656014]  ? trace_hardirqs_on+0x310/0x310
[   44.660423]  ? video_usercopy+0x1750/0x1750
[   44.664841]  ? video_ioctl2+0x2c/0x33
[   44.668643]  ? v4l2_ioctl+0x15c/0x1b0
[   44.672432]  ? video_devdata+0xa0/0xa0
[   44.676311]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.681835]  ? do_vfs_ioctl+0x201/0x1790
[   44.685886]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   44.691407]  ? ioctl_preallocate+0x300/0x300
[   44.695798]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.701317]  ? __fget_light+0x2e9/0x430
[   44.705274]  ? fget_raw+0x20/0x20
[   44.708708]  ? rcu_read_lock_sched_held+0x14f/0x180
[   44.713717]  ? kmem_cache_free+0x24f/0x290
[   44.717951]  ? putname+0xf7/0x130
[   44.721398]  do_group_exit+0x177/0x440
[   44.725278]  ? trace_hardirqs_on+0xbd/0x310
[   44.729675]  ? __ia32_sys_exit+0x50/0x50
[   44.733798]  ? trace_hardirqs_off_caller+0x300/0x300
[   44.739090]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   44.744613]  ? ksys_ioctl+0x81/0xd0
[   44.748245]  __x64_sys_exit_group+0x3e/0x50
[   44.752562]  do_syscall_64+0x1b9/0x820
[   44.756447]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   44.761792]  ? syscall_return_slowpath+0x5e0/0x5e0
[   44.766703]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.771528]  ? trace_hardirqs_on_caller+0x310/0x310
[   44.776531]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   44.781543]  ? prepare_exit_to_usermode+0x291/0x3b0
[   44.786824]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.791675]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.796860] RIP: 0033:0x442ad8
[   44.800125] Code: Bad RIP value.
[   44.803480] RSP: 002b:00007ffce1a2b7e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   44.811176] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   44.818548] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   44.825807] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   44.833091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.840360] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   44.848814] Kernel Offset: disabled
[   44.852500] Rebooting in 86400 seconds..