[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   25.904378] audit: type=1800 audit(1542126348.642:21): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   25.930949] audit: type=1800 audit(1542126348.642:22): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.958364] ==================================================================
[   39.965833] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   39.973569] Read of size 4 at addr 0000000000000020 by task syz-executor085/5965
[   39.981105] 
[   39.982717] CPU: 0 PID: 5965 Comm: syz-executor085 Not tainted 4.20.0-rc2+ #236
[   39.990141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.999506] Call Trace:
[   40.002084]  dump_stack+0x244/0x39d
[   40.005696]  ? dump_stack_print_info.cold.1+0x20/0x20
[   40.010872]  ? do_group_exit+0x177/0x440
[   40.014917]  ? __ia32_sys_exit_group+0x3e/0x50
[   40.019496]  ? vprintk_func+0x85/0x181
[   40.023373]  kasan_report.cold.8+0x6d/0x309
[   40.027679]  ? refcount_sub_and_test_checked+0x9d/0x310
[   40.033029]  check_memory_region+0x13e/0x1b0
[   40.037430]  kasan_check_read+0x11/0x20
[   40.041390]  refcount_sub_and_test_checked+0x9d/0x310
[   40.046577]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   40.051149]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   40.056588]  ? vb2_vmalloc_put+0x5f/0x80
[   40.060638]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.065728]  ? __kasan_slab_free+0x119/0x150
[   40.070125]  refcount_dec_and_test_checked+0x1a/0x20
[   40.075209]  vb2_vmalloc_put+0x19/0x80
[   40.079082]  __vb2_buf_mem_free+0x112/0x210
[   40.083386]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   40.088213]  __vb2_queue_free+0x830/0xa30
[   40.092379]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.097468]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   40.102907]  vb2_core_queue_release+0x62/0x80
[   40.107388]  _vb2_fop_release+0x1d2/0x2b0
[   40.111525]  vb2_fop_release+0x77/0xc0
[   40.115398]  vivid_fop_release+0x18e/0x440
[   40.119617]  ? vivid_remove+0x460/0x460
[   40.123576]  v4l2_release+0x224/0x3a0
[   40.127368]  ? dev_debug_store+0x140/0x140
[   40.131586]  __fput+0x385/0xa30
[   40.134851]  ? get_max_files+0x20/0x20
[   40.138750]  ? trace_hardirqs_on+0xbd/0x310
[   40.143065]  ? kasan_check_read+0x11/0x20
[   40.147199]  ? task_work_run+0x1af/0x2a0
[   40.151246]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.156343]  ____fput+0x15/0x20
[   40.159611]  task_work_run+0x1e8/0x2a0
[   40.163501]  ? task_work_cancel+0x240/0x240
[   40.167812]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.173335]  ? switch_task_namespaces+0x9d/0xd0
[   40.177993]  do_exit+0x1ad6/0x26d0
[   40.181524]  ? mm_update_next_owner+0x990/0x990
[   40.186176]  ? find_held_lock+0x36/0x1c0
[   40.190229]  ? __handle_mm_fault+0x4723/0x5be0
[   40.194795]  ? lock_downgrade+0x900/0x900
[   40.198929]  ? kasan_check_read+0x11/0x20
[   40.203064]  ? do_raw_spin_unlock+0xa7/0x330
[   40.207456]  ? do_raw_spin_trylock+0x270/0x270
[   40.212023]  ? v4l_enumstd+0x70/0x70
[   40.215729]  ? do_raw_spin_unlock+0xa7/0x330
[   40.220128]  ? _raw_spin_unlock+0x2c/0x50
[   40.224259]  ? __handle_mm_fault+0xa57/0x5be0
[   40.228742]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   40.233571]  ? find_held_lock+0x36/0x1c0
[   40.237614]  ? zap_class+0x640/0x640
[   40.241316]  ? zap_class+0x640/0x640
[   40.245011]  ? zap_class+0x640/0x640
[   40.248717]  ? find_held_lock+0x36/0x1c0
[   40.252767]  ? __do_page_fault+0x620/0xe60
[   40.257406]  ? lock_downgrade+0x900/0x900
[   40.261539]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   40.266470]  ? kasan_check_read+0x11/0x20
[   40.270615]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   40.275874]  ? rcu_softirq_qs+0x20/0x20
[   40.279831]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.284927]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.290464]  ? check_preemption_disabled+0x48/0x280
[   40.295470]  ? kasan_check_write+0x14/0x20
[   40.299686]  ? up_read+0x225/0x2c0
[   40.303231]  do_group_exit+0x177/0x440
[   40.307102]  ? trace_hardirqs_on+0xbd/0x310
[   40.311406]  ? __ia32_sys_exit+0x50/0x50
[   40.315448]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.320536]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.326060]  ? __do_page_fault+0x491/0xe60
[   40.330279]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   40.335197]  __ia32_sys_exit_group+0x3e/0x50
[   40.339589]  do_fast_syscall_32+0x34d/0xfb2
[   40.343897]  ? do_int80_syscall_32+0x890/0x890
[   40.348480]  ? entry_SYSENTER_compat+0x68/0x7f
[   40.353063]  ? trace_hardirqs_off_caller+0xbb/0x310
[   40.358149]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.363066]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.367898]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.372737]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.377737]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.382751]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.388271]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.393291]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.398126]  entry_SYSENTER_compat+0x70/0x7f
[   40.402519] RIP: 0023:0xf7feda29
[   40.405879] Code: Bad RIP value.
[   40.409223] RSP: 002b:00000000fff52c8c EFLAGS: 00000292 ORIG_RAX: 00000000000000fc
[   40.416914] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   40.424672] RDX: 0000000000000000 RSI: 00000000080d9c98 RDI: 00000000080f02a0
[   40.431924] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   40.439178] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   40.446428] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   40.453689] ==================================================================
[   40.461029] Disabling lock debugging due to kernel taint
[   40.466922] Kernel panic - not syncing: panic_on_warn set ...
[   40.472810] CPU: 0 PID: 5965 Comm: syz-executor085 Tainted: G    B             4.20.0-rc2+ #236
[   40.481628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.490975] Call Trace:
[   40.493549]  dump_stack+0x244/0x39d
[   40.497173]  ? dump_stack_print_info.cold.1+0x20/0x20
[   40.502355]  panic+0x2ad/0x55c
[   40.505533]  ? add_taint.cold.5+0x16/0x16
[   40.509666]  ? preempt_schedule+0x4d/0x60
[   40.513796]  ? ___preempt_schedule+0x16/0x18
[   40.518209]  ? trace_hardirqs_on+0xb4/0x310
[   40.522518]  kasan_end_report+0x47/0x4f
[   40.526483]  kasan_report.cold.8+0x76/0x309
[   40.530788]  ? refcount_sub_and_test_checked+0x9d/0x310
[   40.536137]  check_memory_region+0x13e/0x1b0
[   40.540535]  kasan_check_read+0x11/0x20
[   40.544493]  refcount_sub_and_test_checked+0x9d/0x310
[   40.549664]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   40.554226]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   40.559655]  ? vb2_vmalloc_put+0x5f/0x80
[   40.563699]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.568786]  ? __kasan_slab_free+0x119/0x150
[   40.573179]  refcount_dec_and_test_checked+0x1a/0x20
[   40.578263]  vb2_vmalloc_put+0x19/0x80
[   40.582132]  __vb2_buf_mem_free+0x112/0x210
[   40.586434]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   40.591262]  __vb2_queue_free+0x830/0xa30
[   40.595394]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.600490]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   40.605924]  vb2_core_queue_release+0x62/0x80
[   40.610401]  _vb2_fop_release+0x1d2/0x2b0
[   40.614533]  vb2_fop_release+0x77/0xc0
[   40.618406]  vivid_fop_release+0x18e/0x440
[   40.619976] kobject: 'regulatory.0' (000000005f19a5d3): kobject_uevent_env
[   40.622636]  ? vivid_remove+0x460/0x460
[   40.629645] kobject: 'regulatory.0' (000000005f19a5d3): fill_kobj_path: path = '/devices/platform/regulatory.0'
[   40.633586]  v4l2_release+0x224/0x3a0
[   40.633599]  ? dev_debug_store+0x140/0x140
[   40.633613]  __fput+0x385/0xa30
[   40.633630]  ? get_max_files+0x20/0x20
[   40.658977]  ? trace_hardirqs_on+0xbd/0x310
[   40.663282]  ? kasan_check_read+0x11/0x20
[   40.667414]  ? task_work_run+0x1af/0x2a0
[   40.671458]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.676546]  ____fput+0x15/0x20
[   40.679807]  task_work_run+0x1e8/0x2a0
[   40.683692]  ? task_work_cancel+0x240/0x240
[   40.687995]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   40.693520]  ? switch_task_namespaces+0x9d/0xd0
[   40.698172]  do_exit+0x1ad6/0x26d0
[   40.701696]  ? mm_update_next_owner+0x990/0x990
[   40.706346]  ? find_held_lock+0x36/0x1c0
[   40.710394]  ? __handle_mm_fault+0x4723/0x5be0
[   40.714959]  ? lock_downgrade+0x900/0x900
[   40.719095]  ? kasan_check_read+0x11/0x20
[   40.723325]  ? do_raw_spin_unlock+0xa7/0x330
[   40.727716]  ? do_raw_spin_trylock+0x270/0x270
[   40.732281]  ? v4l_enumstd+0x70/0x70
[   40.735974]  ? do_raw_spin_unlock+0xa7/0x330
[   40.740370]  ? _raw_spin_unlock+0x2c/0x50
[   40.744500]  ? __handle_mm_fault+0xa57/0x5be0
[   40.748978]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   40.753803]  ? find_held_lock+0x36/0x1c0
[   40.757845]  ? zap_class+0x640/0x640
[   40.761544]  ? zap_class+0x640/0x640
[   40.765256]  ? zap_class+0x640/0x640
[   40.768951]  ? find_held_lock+0x36/0x1c0
[   40.772998]  ? __do_page_fault+0x620/0xe60
[   40.777222]  ? lock_downgrade+0x900/0x900
[   40.781360]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   40.786281]  ? kasan_check_read+0x11/0x20
[   40.790508]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   40.795854]  ? rcu_softirq_qs+0x20/0x20
[   40.799811]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.804899]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.810421]  ? check_preemption_disabled+0x48/0x280
[   40.815420]  ? kasan_check_write+0x14/0x20
[   40.819650]  ? up_read+0x225/0x2c0
[   40.823176]  do_group_exit+0x177/0x440
[   40.827052]  ? trace_hardirqs_on+0xbd/0x310
[   40.831366]  ? __ia32_sys_exit+0x50/0x50
[   40.835410]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.840497]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.846027]  ? __do_page_fault+0x491/0xe60
[   40.850243]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   40.855156]  __ia32_sys_exit_group+0x3e/0x50
[   40.859548]  do_fast_syscall_32+0x34d/0xfb2
[   40.863856]  ? do_int80_syscall_32+0x890/0x890
[   40.868440]  ? entry_SYSENTER_compat+0x68/0x7f
[   40.873004]  ? trace_hardirqs_off_caller+0xbb/0x310
[   40.878038]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.882954]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.887782]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.892607]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.897624]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.902628]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.908146]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.913144]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.917972]  entry_SYSENTER_compat+0x70/0x7f
[   40.922361] RIP: 0023:0xf7feda29
[   40.925747] Code: Bad RIP value.
[   40.929090] RSP: 002b:00000000fff52c8c EFLAGS: 00000292 ORIG_RAX: 00000000000000fc
[   40.936778] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   40.944034] RDX: 0000000000000000 RSI: 00000000080d9c98 RDI: 00000000080f02a0
[   40.951285] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   40.958535] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   40.965785] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   40.974210] Kernel Offset: disabled
[   40.977835] Rebooting in 86400 seconds..