[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.753472] kauditd_printk_skb: 7 callbacks suppressed
[   26.753485] audit: type=1800 audit(1541221091.661:29): pid=5546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.786394] audit: type=1800 audit(1541221091.661:30): pid=5546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   49.338476] ==================================================================
[   49.346108] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   49.353804] Read of size 4 at addr 0000000000000020 by task syz-executor183/5702
[   49.361314] 
[   49.362934] CPU: 0 PID: 5702 Comm: syz-executor183 Not tainted 4.19.0+ #219
[   49.370020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.379355] Call Trace:
[   49.381932]  dump_stack+0x244/0x39d
[   49.385555]  ? dump_stack_print_info.cold.1+0x20/0x20
[   49.390730]  ? do_group_exit+0x177/0x440
[   49.394786]  ? __ia32_sys_exit_group+0x3e/0x50
[   49.399355]  ? vprintk_func+0x85/0x181
[   49.403230]  kasan_report.cold.8+0x6d/0x309
[   49.407533]  ? refcount_sub_and_test_checked+0x9d/0x310
[   49.412884]  check_memory_region+0x13e/0x1b0
[   49.417286]  kasan_check_read+0x11/0x20
[   49.421279]  refcount_sub_and_test_checked+0x9d/0x310
[   49.426456]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   49.431020]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   49.436456]  ? vb2_vmalloc_put+0x5f/0x80
[   49.440500]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.445587]  ? __kasan_slab_free+0x119/0x150
[   49.449987]  refcount_dec_and_test_checked+0x1a/0x20
[   49.455126]  vb2_vmalloc_put+0x19/0x80
[   49.459011]  __vb2_buf_mem_free+0x112/0x210
[   49.463315]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   49.468141]  __vb2_queue_free+0x830/0xa30
[   49.472284]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   49.476857]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   49.482295]  ? vidioc_querycap+0xd0/0xd0
[   49.486340]  vb2_core_queue_release+0x62/0x80
[   49.490819]  vb2_queue_release+0x15/0x20
[   49.494871]  v4l2_m2m_ctx_release+0x2a/0x35
[   49.499177]  vim2m_release+0xe6/0x150
[   49.502966]  v4l2_release+0x224/0x3a0
[   49.506750]  ? dev_debug_store+0x140/0x140
[   49.510973]  __fput+0x385/0xa30
[   49.514238]  ? get_max_files+0x20/0x20
[   49.518111]  ? trace_hardirqs_on+0xbd/0x310
[   49.522419]  ? kasan_check_read+0x11/0x20
[   49.526550]  ? task_work_run+0x1af/0x2a0
[   49.530594]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.535687]  ____fput+0x15/0x20
[   49.538951]  task_work_run+0x1e8/0x2a0
[   49.542918]  ? task_work_cancel+0x240/0x240
[   49.547236]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   49.552756]  ? switch_task_namespaces+0x9d/0xd0
[   49.557424]  do_exit+0x1ad6/0x26d0
[   49.560967]  ? mm_update_next_owner+0x990/0x990
[   49.565621]  ? find_held_lock+0x36/0x1c0
[   49.569673]  ? __handle_mm_fault+0x4729/0x5be0
[   49.574304]  ? lock_downgrade+0x900/0x900
[   49.578449]  ? kasan_check_read+0x11/0x20
[   49.582580]  ? do_raw_spin_unlock+0xa7/0x330
[   49.586977]  ? do_raw_spin_trylock+0x270/0x270
[   49.591543]  ? v4l_enumstd+0x70/0x70
[   49.595239]  ? do_raw_spin_unlock+0xa7/0x330
[   49.599632]  ? _raw_spin_unlock+0x2c/0x50
[   49.603761]  ? __handle_mm_fault+0xa57/0x5be0
[   49.608243]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   49.613072]  ? find_held_lock+0x36/0x1c0
[   49.617118]  ? zap_class+0x640/0x640
[   49.620815]  ? zap_class+0x640/0x640
[   49.624511]  ? zap_class+0x640/0x640
[   49.628214]  ? find_held_lock+0x36/0x1c0
[   49.632265]  ? __do_page_fault+0x620/0xe60
[   49.636484]  ? lock_downgrade+0x900/0x900
[   49.640622]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   49.645536]  ? kasan_check_read+0x11/0x20
[   49.649668]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   49.654928]  ? rcu_softirq_qs+0x20/0x20
[   49.658889]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.663983]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   49.669505]  ? check_preemption_disabled+0x48/0x280
[   49.674507]  ? kasan_check_write+0x14/0x20
[   49.678726]  ? up_read+0x225/0x2c0
[   49.682328]  do_group_exit+0x177/0x440
[   49.686216]  ? trace_hardirqs_on+0xbd/0x310
[   49.690518]  ? __ia32_sys_exit+0x50/0x50
[   49.694561]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.699647]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.705185]  ? __do_page_fault+0x491/0xe60
[   49.709401]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   49.714312]  __ia32_sys_exit_group+0x3e/0x50
[   49.718724]  do_fast_syscall_32+0x34d/0xfb2
[   49.723030]  ? do_int80_syscall_32+0x890/0x890
[   49.727595]  ? entry_SYSENTER_compat+0x68/0x7f
[   49.732160]  ? trace_hardirqs_off_caller+0xbb/0x310
[   49.737159]  ? syscall_return_slowpath+0x5e0/0x5e0
[   49.742069]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.746894]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.751722]  ? trace_hardirqs_on_caller+0x310/0x310
[   49.756723]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   49.761722]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.767241]  ? prepare_exit_to_usermode+0x291/0x3b0
[   49.772242]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.777071]  entry_SYSENTER_compat+0x70/0x7f
[   49.781458] RIP: 0023:0xf7f48a29
[   49.784838] Code: Bad RIP value.
[   49.788336] RSP: 002b:00000000ffd072fc EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   49.796028] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   49.803277] RDX: 0000000000000000 RSI: 00000000080d9cf8 RDI: 00000000080f02a0
[   49.810527] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   49.817779] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   49.825029] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   49.832287] ==================================================================
[   49.839623] Disabling lock debugging due to kernel taint
[   49.845247] Kernel panic - not syncing: panic_on_warn set ...
[   49.851140] CPU: 0 PID: 5702 Comm: syz-executor183 Tainted: G    B             4.19.0+ #219
[   49.859608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.868939] Call Trace:
[   49.871510]  dump_stack+0x244/0x39d
[   49.875123]  ? dump_stack_print_info.cold.1+0x20/0x20
[   49.880294]  panic+0x2ad/0x55c
[   49.883469]  ? add_taint.cold.5+0x16/0x16
[   49.887601]  ? preempt_schedule+0x4d/0x60
[   49.891728]  ? ___preempt_schedule+0x16/0x18
[   49.896117]  ? trace_hardirqs_on+0xb4/0x310
[   49.900423]  kasan_end_report+0x47/0x4f
[   49.904374]  kasan_report.cold.8+0x76/0x309
[   49.908678]  ? refcount_sub_and_test_checked+0x9d/0x310
[   49.914026]  check_memory_region+0x13e/0x1b0
[   49.918414]  kasan_check_read+0x11/0x20
[   49.922364]  refcount_sub_and_test_checked+0x9d/0x310
[   49.927537]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   49.932099]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   49.937530]  ? vb2_vmalloc_put+0x5f/0x80
[   49.941581]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.946672]  ? __kasan_slab_free+0x119/0x150
[   49.951067]  refcount_dec_and_test_checked+0x1a/0x20
[   49.956154]  vb2_vmalloc_put+0x19/0x80
[   49.960041]  __vb2_buf_mem_free+0x112/0x210
[   49.964345]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   49.969172]  __vb2_queue_free+0x830/0xa30
[   49.973306]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   49.977872]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   49.983327]  ? vidioc_querycap+0xd0/0xd0
[   49.987378]  vb2_core_queue_release+0x62/0x80
[   49.991854]  vb2_queue_release+0x15/0x20
[   49.995909]  v4l2_m2m_ctx_release+0x2a/0x35
[   50.000246]  vim2m_release+0xe6/0x150
[   50.004030]  v4l2_release+0x224/0x3a0
[   50.007813]  ? dev_debug_store+0x140/0x140
[   50.012031]  __fput+0x385/0xa30
[   50.015300]  ? get_max_files+0x20/0x20
[   50.019223]  ? trace_hardirqs_on+0xbd/0x310
[   50.023531]  ? kasan_check_read+0x11/0x20
[   50.027661]  ? task_work_run+0x1af/0x2a0
[   50.031705]  ? trace_hardirqs_off_caller+0x310/0x310
[   50.036794]  ____fput+0x15/0x20
[   50.040056]  task_work_run+0x1e8/0x2a0
[   50.043923]  ? task_work_cancel+0x240/0x240
[   50.048282]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   50.053805]  ? switch_task_namespaces+0x9d/0xd0
[   50.058459]  do_exit+0x1ad6/0x26d0
[   50.061985]  ? mm_update_next_owner+0x990/0x990
[   50.066637]  ? find_held_lock+0x36/0x1c0
[   50.070681]  ? __handle_mm_fault+0x4729/0x5be0
[   50.075243]  ? lock_downgrade+0x900/0x900
[   50.079378]  ? kasan_check_read+0x11/0x20
[   50.083503]  ? do_raw_spin_unlock+0xa7/0x330
[   50.087890]  ? do_raw_spin_trylock+0x270/0x270
[   50.092455]  ? v4l_enumstd+0x70/0x70
[   50.096148]  ? do_raw_spin_unlock+0xa7/0x330
[   50.100540]  ? _raw_spin_unlock+0x2c/0x50
[   50.104678]  ? __handle_mm_fault+0xa57/0x5be0
[   50.109246]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   50.114147]  ? find_held_lock+0x36/0x1c0
[   50.118196]  ? zap_class+0x640/0x640
[   50.121902]  ? zap_class+0x640/0x640
[   50.125600]  ? zap_class+0x640/0x640
[   50.129295]  ? find_held_lock+0x36/0x1c0
[   50.133450]  ? __do_page_fault+0x620/0xe60
[   50.137676]  ? lock_downgrade+0x900/0x900
[   50.141937]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   50.146928]  ? kasan_check_read+0x11/0x20
[   50.151196]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   50.156462]  ? rcu_softirq_qs+0x20/0x20
[   50.160421]  ? trace_hardirqs_off_caller+0x310/0x310
[   50.165559]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.171092]  ? check_preemption_disabled+0x48/0x280
[   50.176097]  ? kasan_check_write+0x14/0x20
[   50.180316]  ? up_read+0x225/0x2c0
[   50.183841]  do_group_exit+0x177/0x440
[   50.187713]  ? trace_hardirqs_on+0xbd/0x310
[   50.192027]  ? __ia32_sys_exit+0x50/0x50
[   50.196072]  ? trace_hardirqs_off_caller+0x310/0x310
[   50.201159]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.206686]  ? __do_page_fault+0x491/0xe60
[   50.211023]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   50.215947]  __ia32_sys_exit_group+0x3e/0x50
[   50.220355]  do_fast_syscall_32+0x34d/0xfb2
[   50.224662]  ? do_int80_syscall_32+0x890/0x890
[   50.229227]  ? entry_SYSENTER_compat+0x68/0x7f
[   50.233793]  ? trace_hardirqs_off_caller+0xbb/0x310
[   50.238788]  ? syscall_return_slowpath+0x5e0/0x5e0
[   50.243697]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.248519]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.253411]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.258415]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   50.263421]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.268944]  ? prepare_exit_to_usermode+0x291/0x3b0
[   50.273966]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.278798]  entry_SYSENTER_compat+0x70/0x7f
[   50.283235] RIP: 0023:0xf7f48a29
[   50.286601] Code: Bad RIP value.
[   50.289951] RSP: 002b:00000000ffd072fc EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   50.297751] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   50.305003] RDX: 0000000000000000 RSI: 00000000080d9cf8 RDI: 00000000080f02a0
[   50.312255] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   50.319515] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   50.326886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.335135] Kernel Offset: disabled
[   50.338764] Rebooting in 86400 seconds..