[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   25.147805] audit: type=1800 audit(1541101530.819:21): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   25.176096] audit: type=1800 audit(1541101530.819:22): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.015864] ==================================================================
[   35.023415] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   35.031107] Read of size 4 at addr 0000000000000020 by task syz-executor124/5648
[   35.038883] 
[   35.040499] CPU: 1 PID: 5648 Comm: syz-executor124 Not tainted 4.19.0+ #217
[   35.047601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.056951] Call Trace:
[   35.059532]  dump_stack+0x244/0x39d
[   35.063144]  ? dump_stack_print_info.cold.1+0x20/0x20
[   35.069102]  ? __ia32_sys_exit_group+0x3e/0x50
[   35.073668]  ? do_fast_syscall_32+0x34d/0xfb2
[   35.078156]  ? vprintk_func+0x85/0x181
[   35.082046]  kasan_report.cold.8+0x6d/0x309
[   35.086353]  ? refcount_sub_and_test_checked+0x9d/0x310
[   35.091704]  check_memory_region+0x13e/0x1b0
[   35.096097]  kasan_check_read+0x11/0x20
[   35.100077]  refcount_sub_and_test_checked+0x9d/0x310
[   35.105252]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   35.109818]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   35.115261]  ? vb2_vmalloc_put+0x5f/0x80
[   35.119307]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.124397]  ? __kasan_slab_free+0x119/0x150
[   35.128794]  refcount_dec_and_test_checked+0x1a/0x20
[   35.133884]  vb2_vmalloc_put+0x19/0x80
[   35.137846]  __vb2_buf_mem_free+0x112/0x210
[   35.142392]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   35.147222]  __vb2_queue_free+0x830/0xa30
[   35.151367]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.156893]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   35.162345]  ? locks_remove_file+0x3c6/0x5c0
[   35.166775]  vb2_core_queue_release+0x62/0x80
[   35.171256]  _vb2_fop_release+0x1d2/0x2b0
[   35.175391]  ? _vb2_fop_release+0x2b0/0x2b0
[   35.179695]  vb2_fop_release+0x77/0xc0
[   35.183575]  v4l2_release+0x2f2/0x3a0
[   35.187372]  ? dev_debug_store+0x140/0x140
[   35.191592]  __fput+0x385/0xa30
[   35.194857]  ? get_max_files+0x20/0x20
[   35.198730]  ? trace_hardirqs_on+0xbd/0x310
[   35.203032]  ? kasan_check_read+0x11/0x20
[   35.207178]  ? task_work_run+0x1af/0x2a0
[   35.211226]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.216320]  ____fput+0x15/0x20
[   35.219584]  task_work_run+0x1e8/0x2a0
[   35.223460]  ? task_work_cancel+0x240/0x240
[   35.227790]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.233312]  ? switch_task_namespaces+0x9d/0xd0
[   35.237968]  do_exit+0x1ad6/0x26d0
[   35.241578]  ? mm_update_next_owner+0x990/0x990
[   35.246764]  ? find_held_lock+0x36/0x1c0
[   35.250813]  ? __handle_mm_fault+0x4729/0x5be0
[   35.255382]  ? lock_downgrade+0x900/0x900
[   35.259524]  ? kasan_check_read+0x11/0x20
[   35.263654]  ? do_raw_spin_unlock+0xa7/0x330
[   35.268132]  ? do_raw_spin_trylock+0x270/0x270
[   35.272698]  ? v4l_enumstd+0x70/0x70
[   35.276394]  ? do_raw_spin_unlock+0xa7/0x330
[   35.280790]  ? _raw_spin_unlock+0x2c/0x50
[   35.284924]  ? __handle_mm_fault+0xa57/0x5be0
[   35.289407]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   35.294236]  ? find_held_lock+0x36/0x1c0
[   35.298290]  ? zap_class+0x640/0x640
[   35.301990]  ? zap_class+0x640/0x640
[   35.305691]  ? zap_class+0x640/0x640
[   35.309394]  ? find_held_lock+0x36/0x1c0
[   35.313444]  ? __do_page_fault+0x620/0xe60
[   35.317688]  ? lock_downgrade+0x900/0x900
[   35.321822]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   35.326733]  ? kasan_check_read+0x11/0x20
[   35.330864]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   35.336121]  ? rcu_softirq_qs+0x20/0x20
[   35.340078]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.345312]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   35.351065]  ? check_preemption_disabled+0x48/0x280
[   35.356091]  ? kasan_check_write+0x14/0x20
[   35.360322]  ? up_read+0x225/0x2c0
[   35.363852]  do_group_exit+0x177/0x440
[   35.367728]  ? trace_hardirqs_on+0xbd/0x310
[   35.372050]  ? __ia32_sys_exit+0x50/0x50
[   35.376098]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.381186]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.386708]  ? __do_page_fault+0x491/0xe60
[   35.390937]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   35.395853]  __ia32_sys_exit_group+0x3e/0x50
[   35.400247]  do_fast_syscall_32+0x34d/0xfb2
[   35.404643]  ? do_int80_syscall_32+0x890/0x890
[   35.409210]  ? entry_SYSENTER_compat+0x68/0x7f
[   35.413778]  ? trace_hardirqs_off_caller+0xbb/0x310
[   35.418779]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.423698]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.428527]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.433352]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.438356]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.443358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.448879]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.453883]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.458717]  entry_SYSENTER_compat+0x70/0x7f
[   35.463661] RIP: 0023:0xf7fb5a29
[   35.467026] Code: Bad RIP value.
[   35.470369] RSP: 002b:00000000ffc971bc EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   35.478057] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   35.485313] RDX: 0000000000000000 RSI: 00000000080d9c18 RDI: 00000000080f02a0
[   35.492567] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   35.499819] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   35.507079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.514340] ==================================================================
[   35.521680] Disabling lock debugging due to kernel taint
[   35.527650] Kernel panic - not syncing: panic_on_warn set ...
[   35.533540] CPU: 1 PID: 5648 Comm: syz-executor124 Tainted: G    B             4.19.0+ #217
[   35.542012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.551349] Call Trace:
[   35.553920]  dump_stack+0x244/0x39d
[   35.557532]  ? dump_stack_print_info.cold.1+0x20/0x20
[   35.562707]  panic+0x2ad/0x55c
[   35.565882]  ? add_taint.cold.5+0x16/0x16
[   35.570016]  ? preempt_schedule+0x4d/0x60
[   35.574147]  ? ___preempt_schedule+0x16/0x18
[   35.578536]  ? trace_hardirqs_on+0xb4/0x310
[   35.583149]  kasan_end_report+0x47/0x4f
[   35.587108]  kasan_report.cold.8+0x76/0x309
[   35.591412]  ? refcount_sub_and_test_checked+0x9d/0x310
[   35.596759]  check_memory_region+0x13e/0x1b0
[   35.601148]  kasan_check_read+0x11/0x20
[   35.605109]  refcount_sub_and_test_checked+0x9d/0x310
[   35.610284]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   35.614850]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   35.620386]  ? vb2_vmalloc_put+0x5f/0x80
[   35.624430]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.629518]  ? __kasan_slab_free+0x119/0x150
[   35.633908]  refcount_dec_and_test_checked+0x1a/0x20
[   35.639002]  vb2_vmalloc_put+0x19/0x80
[   35.642870]  __vb2_buf_mem_free+0x112/0x210
[   35.647173]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   35.652006]  __vb2_queue_free+0x830/0xa30
[   35.656160]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.661679]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   35.667109]  ? locks_remove_file+0x3c6/0x5c0
[   35.671508]  vb2_core_queue_release+0x62/0x80
[   35.675989]  _vb2_fop_release+0x1d2/0x2b0
[   35.680167]  ? _vb2_fop_release+0x2b0/0x2b0
[   35.684468]  vb2_fop_release+0x77/0xc0
[   35.688364]  v4l2_release+0x2f2/0x3a0
[   35.692171]  ? dev_debug_store+0x140/0x140
[   35.696386]  __fput+0x385/0xa30
[   35.699822]  ? get_max_files+0x20/0x20
[   35.703692]  ? trace_hardirqs_on+0xbd/0x310
[   35.708001]  ? kasan_check_read+0x11/0x20
[   35.712164]  ? task_work_run+0x1af/0x2a0
[   35.716226]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.721315]  ____fput+0x15/0x20
[   35.724590]  task_work_run+0x1e8/0x2a0
[   35.728458]  ? task_work_cancel+0x240/0x240
[   35.732767]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.738283]  ? switch_task_namespaces+0x9d/0xd0
[   35.742944]  do_exit+0x1ad6/0x26d0
[   35.746468]  ? mm_update_next_owner+0x990/0x990
[   35.751124]  ? find_held_lock+0x36/0x1c0
[   35.755182]  ? __handle_mm_fault+0x4729/0x5be0
[   35.759748]  ? lock_downgrade+0x900/0x900
[   35.763881]  ? kasan_check_read+0x11/0x20
[   35.768026]  ? do_raw_spin_unlock+0xa7/0x330
[   35.772414]  ? do_raw_spin_trylock+0x270/0x270
[   35.776982]  ? v4l_enumstd+0x70/0x70
[   35.780680]  ? do_raw_spin_unlock+0xa7/0x330
[   35.785074]  ? _raw_spin_unlock+0x2c/0x50
[   35.789211]  ? __handle_mm_fault+0xa57/0x5be0
[   35.793690]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   35.798533]  ? find_held_lock+0x36/0x1c0
[   35.802585]  ? zap_class+0x640/0x640
[   35.806287]  ? zap_class+0x640/0x640
[   35.809983]  ? zap_class+0x640/0x640
[   35.813681]  ? find_held_lock+0x36/0x1c0
[   35.817725]  ? __do_page_fault+0x620/0xe60
[   35.822191]  ? lock_downgrade+0x900/0x900
[   35.826443]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   35.831353]  ? kasan_check_read+0x11/0x20
[   35.835486]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   35.840756]  ? rcu_softirq_qs+0x20/0x20
[   35.844724]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.849811]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   35.855342]  ? check_preemption_disabled+0x48/0x280
[   35.860342]  ? kasan_check_write+0x14/0x20
[   35.864557]  ? up_read+0x225/0x2c0
[   35.868113]  do_group_exit+0x177/0x440
[   35.871981]  ? trace_hardirqs_on+0xbd/0x310
[   35.876308]  ? __ia32_sys_exit+0x50/0x50
[   35.880354]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.885441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.890962]  ? __do_page_fault+0x491/0xe60
[   35.895181]  ? __ia32_compat_sys_ioctl+0x17a/0x630
[   35.900189]  __ia32_sys_exit_group+0x3e/0x50
[   35.904605]  do_fast_syscall_32+0x34d/0xfb2
[   35.908910]  ? do_int80_syscall_32+0x890/0x890
[   35.913483]  ? entry_SYSENTER_compat+0x68/0x7f
[   35.918052]  ? trace_hardirqs_off_caller+0xbb/0x310
[   35.923053]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.928369]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.933204]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.938031]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.943041]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.948057]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.953575]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.958577]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.963404]  entry_SYSENTER_compat+0x70/0x7f
[   35.967812] RIP: 0023:0xf7fb5a29
[   35.971170] Code: Bad RIP value.
[   35.974520] RSP: 002b:00000000ffc971bc EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   35.982308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000080f0298
[   35.989664] RDX: 0000000000000000 RSI: 00000000080d9c18 RDI: 00000000080f02a0
[   35.996926] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   36.004267] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.011654] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.020171] Kernel Offset: disabled
[   36.023794] Rebooting in 86400 seconds..