INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.303584] sshd (4499) used greatest stack depth: 16248 bytes left
Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
executing program
[   30.758230] ==================================================================
[   30.765697] BUG: KASAN: null-ptr-deref in refcount_inc_not_zero+0x8f/0x2d0
[   30.772692] Read of size 4 at addr 0000000000000004 by task syzkaller266971/4515
[   30.780199] 
[   30.781807] CPU: 0 PID: 4515 Comm: syzkaller266971 Not tainted 4.17.0-rc1+ #10
[   30.789151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.798486] Call Trace:
[   30.801061]  dump_stack+0x1b9/0x294
[   30.804671]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.809843]  ? kasan_check_write+0x14/0x20
[   30.814067]  ? do_raw_spin_lock+0xc1/0x200
[   30.818286]  ? vprintk_func+0x81/0xe7
[   30.822072]  ? refcount_inc_not_zero+0x8f/0x2d0
[   30.826723]  kasan_report.cold.7+0x6d/0x2fe
[   30.831036]  check_memory_region+0x13e/0x1b0
[   30.835431]  kasan_check_read+0x11/0x20
[   30.839384]  refcount_inc_not_zero+0x8f/0x2d0
[   30.843869]  ? refcount_add_not_zero+0x320/0x320
[   30.848608]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.853605]  ? lock_sock_nested+0x9f/0x120
[   30.857829]  refcount_inc+0x15/0x70
[   30.861442]  llc_ui_release+0xba/0x2b0
[   30.865315]  ? fsnotify_first_mark+0x330/0x330
[   30.869887]  sock_release+0x96/0x1b0
[   30.873581]  ? sock_alloc_file+0x4e0/0x4e0
[   30.877795]  sock_close+0x16/0x20
[   30.881228]  __fput+0x34d/0x890
[   30.884489]  ? fput+0x1a0/0x1a0
[   30.887750]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.892237]  ____fput+0x15/0x20
[   30.895498]  task_work_run+0x1e4/0x290
[   30.899367]  ? task_work_cancel+0x240/0x240
[   30.903674]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   30.909194]  ? switch_task_namespaces+0xa2/0xd0
[   30.913844]  do_exit+0x1aee/0x2730
[   30.917373]  ? mm_update_next_owner+0x980/0x980
[   30.922023]  ? kasan_kmalloc+0xc4/0xe0
[   30.925887]  ? kasan_slab_alloc+0x12/0x20
[   30.930013]  ? kmem_cache_alloc+0x12e/0x760
[   30.934311]  ? get_empty_filp+0x125/0x520
[   30.938441]  ? alloc_file+0x24/0x3e0
[   30.942134]  ? sock_alloc_file+0x1f3/0x4e0
[   30.946350]  ? __sys_socket+0x16f/0x250
[   30.950303]  ? __x64_sys_socket+0x73/0xb0
[   30.954430]  ? do_syscall_64+0x1b1/0x800
[   30.958471]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.963823]  ? find_held_lock+0x36/0x1c0
[   30.967865]  ? debug_mutex_init+0x1c/0x60
[   30.972004]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.977013]  ? graph_lock+0x170/0x170
[   30.980799]  ? lockdep_init_map+0x9/0x10
[   30.984841]  ? __mutex_init+0x1ef/0x280
[   30.988795]  ? find_held_lock+0x36/0x1c0
[   30.992842]  ? lock_downgrade+0x8e0/0x8e0
[   30.996972]  ? kasan_check_read+0x11/0x20
[   31.001101]  ? rcu_is_watching+0x85/0x140
[   31.005232]  ? __lock_is_held+0xb5/0x140
[   31.009276]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.014462]  ? __fd_install+0x2de/0x880
[   31.018424]  ? get_unused_fd_flags+0x190/0x190
[   31.022989]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.028506]  ? alloc_file+0x44/0x3e0
[   31.032201]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.037719]  ? sock_alloc_file+0x2a4/0x4e0
[   31.041932]  ? sock_release+0x1b0/0x1b0
[   31.046385]  ? get_unused_fd_flags+0x121/0x190
[   31.050947]  ? __alloc_fd+0x700/0x700
[   31.054726]  ? fd_install+0x4d/0x60
[   31.058333]  do_group_exit+0x16f/0x430
[   31.062202]  ? __ia32_sys_exit+0x50/0x50
[   31.066245]  ? do_syscall_64+0x92/0x800
[   31.070204]  __x64_sys_exit_group+0x3e/0x50
[   31.074510]  do_syscall_64+0x1b1/0x800
[   31.078375]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.083290]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.088201]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.093552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.098377]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.103542] RIP: 0033:0x43e878
[   31.106708] RSP: 002b:00007fff3530b618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   31.114399] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e878
[   31.121646] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   31.128894] RBP: 00000000004be220 R08: 00000000000000e7 R09: ffffffffffffffd0
[   31.136140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   31.143393] R13: 00000000006cc160 R14: 0000000000000000 R15: 0000000000000000
[   31.150647] ==================================================================
[   31.157980] Disabling lock debugging due to kernel taint
[   31.163490] Kernel panic - not syncing: panic_on_warn set ...
[   31.163490] 
[   31.170854] CPU: 0 PID: 4515 Comm: syzkaller266971 Tainted: G    B             4.17.0-rc1+ #10
[   31.179577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.188910] Call Trace:
[   31.191486]  dump_stack+0x1b9/0x294
[   31.195090]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.200262]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.204998]  ? refcount_add_not_zero+0x300/0x320
[   31.209737]  panic+0x22f/0x4de
[   31.212904]  ? add_taint.cold.5+0x16/0x16
[   31.217034]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.221419]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.225806]  ? refcount_inc_not_zero+0x8f/0x2d0
[   31.230452]  kasan_end_report+0x47/0x4f
[   31.234403]  kasan_report.cold.7+0x76/0x2fe
[   31.238701]  check_memory_region+0x13e/0x1b0
[   31.243085]  kasan_check_read+0x11/0x20
[   31.247062]  refcount_inc_not_zero+0x8f/0x2d0
[   31.251535]  ? refcount_add_not_zero+0x320/0x320
[   31.256275]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.261268]  ? lock_sock_nested+0x9f/0x120
[   31.265481]  refcount_inc+0x15/0x70
[   31.269084]  llc_ui_release+0xba/0x2b0
[   31.272949]  ? fsnotify_first_mark+0x330/0x330
[   31.277507]  sock_release+0x96/0x1b0
[   31.281196]  ? sock_alloc_file+0x4e0/0x4e0
[   31.285414]  sock_close+0x16/0x20
[   31.288846]  __fput+0x34d/0x890
[   31.292101]  ? fput+0x1a0/0x1a0
[   31.295357]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.299830]  ____fput+0x15/0x20
[   31.303088]  task_work_run+0x1e4/0x290
[   31.306954]  ? task_work_cancel+0x240/0x240
[   31.311254]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   31.316769]  ? switch_task_namespaces+0xa2/0xd0
[   31.321414]  do_exit+0x1aee/0x2730
[   31.324933]  ? mm_update_next_owner+0x980/0x980
[   31.329576]  ? kasan_kmalloc+0xc4/0xe0
[   31.333438]  ? kasan_slab_alloc+0x12/0x20
[   31.337563]  ? kmem_cache_alloc+0x12e/0x760
[   31.341862]  ? get_empty_filp+0x125/0x520
[   31.345987]  ? alloc_file+0x24/0x3e0
[   31.349679]  ? sock_alloc_file+0x1f3/0x4e0
[   31.353890]  ? __sys_socket+0x16f/0x250
[   31.357840]  ? __x64_sys_socket+0x73/0xb0
[   31.361964]  ? do_syscall_64+0x1b1/0x800
[   31.366006]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.371362]  ? find_held_lock+0x36/0x1c0
[   31.375403]  ? debug_mutex_init+0x1c/0x60
[   31.379539]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.384532]  ? graph_lock+0x170/0x170
[   31.388316]  ? lockdep_init_map+0x9/0x10
[   31.392358]  ? __mutex_init+0x1ef/0x280
[   31.396308]  ? find_held_lock+0x36/0x1c0
[   31.400347]  ? lock_downgrade+0x8e0/0x8e0
[   31.404479]  ? kasan_check_read+0x11/0x20
[   31.408604]  ? rcu_is_watching+0x85/0x140
[   31.412727]  ? __lock_is_held+0xb5/0x140
[   31.416772]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.421941]  ? __fd_install+0x2de/0x880
[   31.425894]  ? get_unused_fd_flags+0x190/0x190
[   31.430455]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.435966]  ? alloc_file+0x44/0x3e0
[   31.439658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.445173]  ? sock_alloc_file+0x2a4/0x4e0
[   31.449382]  ? sock_release+0x1b0/0x1b0
[   31.453335]  ? get_unused_fd_flags+0x121/0x190
[   31.457896]  ? __alloc_fd+0x700/0x700
[   31.461672]  ? fd_install+0x4d/0x60
[   31.465281]  do_group_exit+0x16f/0x430
[   31.469146]  ? __ia32_sys_exit+0x50/0x50
[   31.473184]  ? do_syscall_64+0x92/0x800
[   31.477133]  __x64_sys_exit_group+0x3e/0x50
[   31.481430]  do_syscall_64+0x1b1/0x800
[   31.485296]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.490211]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.495119]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.500465]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.505283]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.510449] RIP: 0033:0x43e878
[   31.513620] RSP: 002b:00007fff3530b618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   31.521304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e878
[   31.528549] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   31.535804] RBP: 00000000004be220 R08: 00000000000000e7 R09: ffffffffffffffd0
[   31.543053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   31.550297] R13: 00000000006cc160 R14: 0000000000000000 R15: 0000000000000000
[   31.558067] Dumping ftrace buffer:
[   31.561588]    (ftrace buffer empty)
[   31.565276] Kernel Offset: disabled
[   31.568879] Rebooting in 86400 seconds..