[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.054495] kauditd_printk_skb: 7 callbacks suppressed
[   27.054508] audit: type=1800 audit(1541268740.399:29): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.088909] audit: type=1800 audit(1541268740.409:30): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   48.060009] ==================================================================
[   48.067545] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   48.075271] Read of size 4 at addr 0000000000000020 by task syz-executor387/5683
[   48.082804] 
[   48.084429] CPU: 0 PID: 5683 Comm: syz-executor387 Not tainted 4.19.0+ #317
[   48.091643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.100992] Call Trace:
[   48.103577]  dump_stack+0x244/0x39d
[   48.107198]  ? dump_stack_print_info.cold.1+0x20/0x20
[   48.112384]  ? do_group_exit+0x177/0x440
[   48.116441]  ? __x64_sys_exit_group+0x3e/0x50
[   48.120949]  ? vprintk_func+0x85/0x181
[   48.124830]  kasan_report.cold.8+0x6d/0x309
[   48.129144]  ? refcount_sub_and_test_checked+0x9d/0x310
[   48.134877]  check_memory_region+0x13e/0x1b0
[   48.139296]  kasan_check_read+0x11/0x20
[   48.143278]  refcount_sub_and_test_checked+0x9d/0x310
[   48.148466]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   48.153040]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   48.158481]  ? vb2_vmalloc_put+0x5f/0x80
[   48.162533]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.167631]  ? __kasan_slab_free+0x119/0x150
[   48.172032]  refcount_dec_and_test_checked+0x1a/0x20
[   48.177128]  vb2_vmalloc_put+0x19/0x80
[   48.181003]  __vb2_buf_mem_free+0x112/0x210
[   48.185338]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   48.190180]  __vb2_queue_free+0x830/0xa30
[   48.194335]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   48.198918]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   48.204433]  ? vidioc_querycap+0xd0/0xd0
[   48.208504]  vb2_core_queue_release+0x62/0x80
[   48.212998]  vb2_queue_release+0x15/0x20
[   48.217050]  v4l2_m2m_ctx_release+0x2a/0x35
[   48.221362]  vim2m_release+0xe6/0x150
[   48.225151]  v4l2_release+0x224/0x3a0
[   48.228942]  ? dev_debug_store+0x140/0x140
[   48.233169]  __fput+0x385/0xa30
[   48.236442]  ? get_max_files+0x20/0x20
[   48.240322]  ? trace_hardirqs_on+0xbd/0x310
[   48.244633]  ? kasan_check_read+0x11/0x20
[   48.248772]  ? task_work_run+0x1af/0x2a0
[   48.252830]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.258037]  ____fput+0x15/0x20
[   48.261307]  task_work_run+0x1e8/0x2a0
[   48.265181]  ? task_work_cancel+0x240/0x240
[   48.269615]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   48.275146]  ? switch_task_namespaces+0x9d/0xd0
[   48.279811]  do_exit+0x1ad6/0x26d0
[   48.283345]  ? mm_update_next_owner+0x990/0x990
[   48.288007]  ? kvfree+0x66/0x70
[   48.291281]  ? video_usercopy+0x79b/0x1760
[   48.295768]  ? v4l_s_fmt+0x990/0x990
[   48.299473]  ? v4l_enumstd+0x70/0x70
[   48.303173]  ? rcu_softirq_qs+0x20/0x20
[   48.307142]  ? is_bpf_text_address+0xd3/0x170
[   48.311630]  ? __kernel_text_address+0xd/0x40
[   48.316123]  ? unwind_get_return_address+0x61/0xa0
[   48.321059]  ? __save_stack_trace+0x8d/0xf0
[   48.325413]  ? save_stack+0x43/0xd0
[   48.329041]  ? __kasan_slab_free+0x102/0x150
[   48.333437]  ? kasan_slab_free+0xe/0x10
[   48.337401]  ? kmem_cache_free+0x83/0x290
[   48.341544]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.346901]  ? trace_hardirqs_off+0xb8/0x310
[   48.351300]  ? kasan_check_read+0x11/0x20
[   48.355436]  ? do_raw_spin_unlock+0xa7/0x330
[   48.359838]  ? trace_hardirqs_on+0x310/0x310
[   48.364246]  ? video_usercopy+0x1760/0x1760
[   48.368567]  ? video_ioctl2+0x2c/0x33
[   48.372353]  ? v4l2_ioctl+0x15c/0x1b0
[   48.376145]  ? video_devdata+0xa0/0xa0
[   48.380038]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.385570]  ? do_vfs_ioctl+0x201/0x1790
[   48.389724]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   48.395285]  ? ioctl_preallocate+0x300/0x300
[   48.399700]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.405364]  ? __fget_light+0x2e9/0x430
[   48.409339]  ? fget_raw+0x20/0x20
[   48.412787]  ? rcu_read_lock_sched_held+0x14f/0x180
[   48.417880]  ? kmem_cache_free+0x24f/0x290
[   48.422119]  ? putname+0xf7/0x130
[   48.425572]  do_group_exit+0x177/0x440
[   48.429468]  ? trace_hardirqs_on+0xbd/0x310
[   48.433782]  ? __ia32_sys_exit+0x50/0x50
[   48.437835]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.443090]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.448623]  ? ksys_ioctl+0x81/0xd0
[   48.452250]  __x64_sys_exit_group+0x3e/0x50
[   48.456591]  do_syscall_64+0x1b9/0x820
[   48.460477]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   48.465837]  ? syscall_return_slowpath+0x5e0/0x5e0
[   48.470764]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.475605]  ? trace_hardirqs_on_caller+0x310/0x310
[   48.480619]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   48.485638]  ? prepare_exit_to_usermode+0x291/0x3b0
[   48.490661]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.495669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.500856] RIP: 0033:0x442cc8
[   48.504046] Code: Bad RIP value.
[   48.507396] RSP: 002b:00007fffbca82028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   48.515106] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8
[   48.522388] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   48.529654] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0
[   48.536917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.544182] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   48.551556] ==================================================================
[   48.558909] Disabling lock debugging due to kernel taint
[   48.564546] Kernel panic - not syncing: panic_on_warn set ...
[   48.570440] CPU: 0 PID: 5683 Comm: syz-executor387 Tainted: G    B             4.19.0+ #317
[   48.578919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.588439] Call Trace:
[   48.591077]  dump_stack+0x244/0x39d
[   48.594702]  ? dump_stack_print_info.cold.1+0x20/0x20
[   48.599887]  panic+0x2ad/0x55c
[   48.603073]  ? add_taint.cold.5+0x16/0x16
[   48.607216]  ? preempt_schedule+0x4d/0x60
[   48.611360]  ? ___preempt_schedule+0x16/0x18
[   48.615824]  ? trace_hardirqs_on+0xb4/0x310
[   48.620142]  kasan_end_report+0x47/0x4f
[   48.624104]  kasan_report.cold.8+0x76/0x309
[   48.628415]  ? refcount_sub_and_test_checked+0x9d/0x310
[   48.633784]  check_memory_region+0x13e/0x1b0
[   48.638205]  kasan_check_read+0x11/0x20
[   48.642194]  refcount_sub_and_test_checked+0x9d/0x310
[   48.647394]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   48.651973]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   48.657420]  ? vb2_vmalloc_put+0x5f/0x80
[   48.661477]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.666618]  ? __kasan_slab_free+0x119/0x150
[   48.671026]  refcount_dec_and_test_checked+0x1a/0x20
[   48.676125]  vb2_vmalloc_put+0x19/0x80
[   48.680008]  __vb2_buf_mem_free+0x112/0x210
[   48.684316]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   48.689146]  __vb2_queue_free+0x830/0xa30
[   48.693297]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   48.697866]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   48.703433]  ? vidioc_querycap+0xd0/0xd0
[   48.707507]  vb2_core_queue_release+0x62/0x80
[   48.712000]  vb2_queue_release+0x15/0x20
[   48.716049]  v4l2_m2m_ctx_release+0x2a/0x35
[   48.720357]  vim2m_release+0xe6/0x150
[   48.724139]  v4l2_release+0x224/0x3a0
[   48.727930]  ? dev_debug_store+0x140/0x140
[   48.732157]  __fput+0x385/0xa30
[   48.735427]  ? get_max_files+0x20/0x20
[   48.739308]  ? trace_hardirqs_on+0xbd/0x310
[   48.743618]  ? kasan_check_read+0x11/0x20
[   48.747756]  ? task_work_run+0x1af/0x2a0
[   48.751805]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.756924]  ____fput+0x15/0x20
[   48.760201]  task_work_run+0x1e8/0x2a0
[   48.764078]  ? task_work_cancel+0x240/0x240
[   48.768396]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   48.773927]  ? switch_task_namespaces+0x9d/0xd0
[   48.778593]  do_exit+0x1ad6/0x26d0
[   48.782127]  ? mm_update_next_owner+0x990/0x990
[   48.786789]  ? kvfree+0x66/0x70
[   48.790056]  ? video_usercopy+0x79b/0x1760
[   48.794284]  ? v4l_s_fmt+0x990/0x990
[   48.797990]  ? v4l_enumstd+0x70/0x70
[   48.801699]  ? rcu_softirq_qs+0x20/0x20
[   48.805669]  ? is_bpf_text_address+0xd3/0x170
[   48.810159]  ? __kernel_text_address+0xd/0x40
[   48.814646]  ? unwind_get_return_address+0x61/0xa0
[   48.819575]  ? __save_stack_trace+0x8d/0xf0
[   48.823899]  ? save_stack+0x43/0xd0
[   48.827515]  ? __kasan_slab_free+0x102/0x150
[   48.832050]  ? kasan_slab_free+0xe/0x10
[   48.836112]  ? kmem_cache_free+0x83/0x290
[   48.840260]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.845631]  ? trace_hardirqs_off+0xb8/0x310
[   48.850186]  ? kasan_check_read+0x11/0x20
[   48.854336]  ? do_raw_spin_unlock+0xa7/0x330
[   48.858740]  ? trace_hardirqs_on+0x310/0x310
[   48.863142]  ? video_usercopy+0x1760/0x1760
[   48.867458]  ? video_ioctl2+0x2c/0x33
[   48.871244]  ? v4l2_ioctl+0x15c/0x1b0
[   48.875037]  ? video_devdata+0xa0/0xa0
[   48.878920]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.884453]  ? do_vfs_ioctl+0x201/0x1790
[   48.888577]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   48.894120]  ? ioctl_preallocate+0x300/0x300
[   48.898527]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.904063]  ? __fget_light+0x2e9/0x430
[   48.908026]  ? fget_raw+0x20/0x20
[   48.911473]  ? rcu_read_lock_sched_held+0x14f/0x180
[   48.916479]  ? kmem_cache_free+0x24f/0x290
[   48.920704]  ? putname+0xf7/0x130
[   48.924158]  do_group_exit+0x177/0x440
[   48.928042]  ? trace_hardirqs_on+0xbd/0x310
[   48.932351]  ? __ia32_sys_exit+0x50/0x50
[   48.936524]  ? trace_hardirqs_off_caller+0x310/0x310
[   48.941618]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.947149]  ? ksys_ioctl+0x81/0xd0
[   48.950766]  __x64_sys_exit_group+0x3e/0x50
[   48.955077]  do_syscall_64+0x1b9/0x820
[   48.958964]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   48.964319]  ? syscall_return_slowpath+0x5e0/0x5e0
[   48.969237]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.974078]  ? trace_hardirqs_on_caller+0x310/0x310
[   48.979148]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   48.984159]  ? prepare_exit_to_usermode+0x291/0x3b0
[   48.989165]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.994000]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.999178] RIP: 0033:0x442cc8
[   49.002475] Code: Bad RIP value.
[   49.005828] RSP: 002b:00007fffbca82028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   49.013530] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8
[   49.020793] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   49.028053] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0
[   49.035343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.042734] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   49.051041] Kernel Offset: disabled
[   49.054672] Rebooting in 86400 seconds..