Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program [ 55.447683] ================================================================== [ 55.455313] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310 [ 55.463012] Read of size 4 at addr 0000000000000020 by task syz-executor801/5703 [ 55.470535] [ 55.472182] CPU: 1 PID: 5703 Comm: syz-executor801 Not tainted 4.19.0+ #98 [ 55.479181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.488518] Call Trace: [ 55.491095] dump_stack+0x244/0x39d [ 55.494710] ? dump_stack_print_info.cold.1+0x20/0x20 [ 55.499891] ? do_group_exit+0x177/0x440 [ 55.503935] ? __x64_sys_exit_group+0x3e/0x50 [ 55.508488] ? vprintk_func+0x85/0x181 [ 55.512386] kasan_report.cold.8+0x6d/0x309 [ 55.516693] ? refcount_sub_and_test_checked+0x9d/0x310 [ 55.522056] check_memory_region+0x13e/0x1b0 [ 55.526457] kasan_check_read+0x11/0x20 [ 55.530416] refcount_sub_and_test_checked+0x9d/0x310 [ 55.535613] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 55.540181] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 55.545620] ? vb2_vmalloc_put+0x5f/0x80 [ 55.549792] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.554906] ? __kasan_slab_free+0x119/0x150 [ 55.559313] refcount_dec_and_test_checked+0x1a/0x20 [ 55.564420] vb2_vmalloc_put+0x19/0x80 [ 55.568332] __vb2_buf_mem_free+0x112/0x210 [ 55.572686] ? vb2_vmalloc_get_dmabuf+0x300/0x300 [ 55.577527] __vb2_queue_free+0x830/0xa30 [ 55.581690] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 55.586387] ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310 [ 55.591836] ? vidioc_querycap+0xd0/0xd0 [ 55.595885] vb2_core_queue_release+0x62/0x80 [ 55.600367] vb2_queue_release+0x15/0x20 [ 55.604420] v4l2_m2m_ctx_release+0x2a/0x35 [ 55.608733] vim2m_release+0xe6/0x150 [ 55.612527] v4l2_release+0x224/0x3a0 [ 55.616316] ? dev_debug_store+0x140/0x140 [ 55.620537] __fput+0x385/0xa30 [ 55.623817] ? get_max_files+0x20/0x20 [ 55.627692] ? trace_hardirqs_on+0xbd/0x310 [ 55.632051] ? kasan_check_read+0x11/0x20 [ 55.636249] ? task_work_run+0x1af/0x2a0 [ 55.640321] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.645471] ____fput+0x15/0x20 [ 55.648838] task_work_run+0x1e8/0x2a0 [ 55.652781] ? task_work_cancel+0x240/0x240 [ 55.657118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.662671] ? switch_task_namespaces+0x9d/0xd0 [ 55.667353] do_exit+0x1ad6/0x26d0 [ 55.670940] ? mm_update_next_owner+0x990/0x990 [ 55.675606] ? kvfree+0x66/0x70 [ 55.678871] ? video_usercopy+0x79b/0x1760 [ 55.683089] ? v4l_s_fmt+0x990/0x990 [ 55.686836] ? v4l_enumstd+0x70/0x70 [ 55.690541] ? rcu_softirq_qs+0x20/0x20 [ 55.694508] ? is_bpf_text_address+0xd3/0x170 [ 55.698999] ? __kernel_text_address+0xd/0x40 [ 55.703513] ? unwind_get_return_address+0x61/0xa0 [ 55.708431] ? __save_stack_trace+0x8d/0xf0 [ 55.712746] ? smk_access+0x53b/0x700 [ 55.716537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.722060] ? smack_log+0x423/0x590 [ 55.725762] ? smk_access_entry+0x310/0x310 [ 55.730073] ? trace_hardirqs_off+0xb8/0x310 [ 55.734499] ? smk_tskacc+0x3dd/0x520 [ 55.738292] ? video_usercopy+0x1760/0x1760 [ 55.742600] ? video_ioctl2+0x2c/0x33 [ 55.746389] ? v4l2_ioctl+0x15c/0x1b0 [ 55.750180] ? video_devdata+0xa0/0xa0 [ 55.754056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.759583] ? do_vfs_ioctl+0x201/0x1790 [ 55.763635] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 55.769159] ? ioctl_preallocate+0x300/0x300 [ 55.773552] ? smk_curacc+0x7f/0xa0 [ 55.777176] ? smack_file_ioctl+0x210/0x3c0 [ 55.781485] ? fget_raw+0x20/0x20 [ 55.784928] ? smack_file_lock+0x2e0/0x2e0 [ 55.789152] ? rcu_read_lock_sched_held+0x14f/0x180 [ 55.794159] do_group_exit+0x177/0x440 [ 55.798044] ? trace_hardirqs_on+0xbd/0x310 [ 55.802359] ? __ia32_sys_exit+0x50/0x50 [ 55.806413] ? trace_hardirqs_off_caller+0x310/0x310 [ 55.811503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.817032] ? ksys_ioctl+0x81/0xd0 [ 55.820654] __x64_sys_exit_group+0x3e/0x50 [ 55.824967] do_syscall_64+0x1b9/0x820 [ 55.828845] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 55.834193] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.839114] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.843943] ? trace_hardirqs_on_caller+0x310/0x310 [ 55.848952] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 55.853955] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.858957] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.863786] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.868965] RIP: 0033:0x442cc8 [ 55.872160] Code: Bad RIP value. [ 55.875508] RSP: 002b:00007ffc01263628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.883203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 55.890460] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 55.897714] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 55.904972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.912231] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 55.919498] ================================================================== [ 55.926948] Disabling lock debugging due to kernel taint [ 55.933072] Kernel panic - not syncing: panic_on_warn set ... [ 55.938955] CPU: 1 PID: 5703 Comm: syz-executor801 Tainted: G B 4.19.0+ #98 [ 55.947336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.956671] Call Trace: [ 55.959249] dump_stack+0x244/0x39d [ 55.962866] ? dump_stack_print_info.cold.1+0x20/0x20 [ 55.968051] panic+0x2ad/0x55c [ 55.971234] ? add_taint.cold.5+0x16/0x16 [ 55.975370] ? preempt_schedule+0x4d/0x60 [ 55.979502] ? ___preempt_schedule+0x16/0x18 [ 55.983935] ? trace_hardirqs_on+0xb4/0x310 [ 55.988250] kasan_end_report+0x47/0x4f [ 55.992273] kasan_report.cold.8+0x76/0x309 [ 55.996590] ? refcount_sub_and_test_checked+0x9d/0x310 [ 56.001946] check_memory_region+0x13e/0x1b0 [ 56.006349] kasan_check_read+0x11/0x20 [ 56.010310] refcount_sub_and_test_checked+0x9d/0x310 [ 56.015490] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 56.020073] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 56.025516] ? vb2_vmalloc_put+0x5f/0x80 [ 56.029585] ? trace_hardirqs_off_caller+0x310/0x310 [ 56.034692] ? __kasan_slab_free+0x119/0x150 [ 56.039127] refcount_dec_and_test_checked+0x1a/0x20 [ 56.044221] vb2_vmalloc_put+0x19/0x80 [ 56.048108] __vb2_buf_mem_free+0x112/0x210 [ 56.052542] ? vb2_vmalloc_get_dmabuf+0x300/0x300 [ 56.057377] __vb2_queue_free+0x830/0xa30 [ 56.061512] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 56.066086] ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310 [ 56.071530] ? vidioc_querycap+0xd0/0xd0 [ 56.075579] vb2_core_queue_release+0x62/0x80 [ 56.080062] vb2_queue_release+0x15/0x20 [ 56.084113] v4l2_m2m_ctx_release+0x2a/0x35 [ 56.088439] vim2m_release+0xe6/0x150 [ 56.092266] v4l2_release+0x224/0x3a0 [ 56.096060] ? dev_debug_store+0x140/0x140 [ 56.100279] __fput+0x385/0xa30 [ 56.103572] ? get_max_files+0x20/0x20 [ 56.107444] ? trace_hardirqs_on+0xbd/0x310 [ 56.111759] ? kasan_check_read+0x11/0x20 [ 56.115911] ? task_work_run+0x1af/0x2a0 [ 56.119954] ? trace_hardirqs_off_caller+0x310/0x310 [ 56.125060] ____fput+0x15/0x20 [ 56.128328] task_work_run+0x1e8/0x2a0 [ 56.132202] ? task_work_cancel+0x240/0x240 [ 56.136543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.142080] ? switch_task_namespaces+0x9d/0xd0 [ 56.146736] do_exit+0x1ad6/0x26d0 [ 56.150269] ? mm_update_next_owner+0x990/0x990 [ 56.154948] ? kvfree+0x66/0x70 [ 56.158212] ? video_usercopy+0x79b/0x1760 [ 56.162432] ? v4l_s_fmt+0x990/0x990 [ 56.166135] ? v4l_enumstd+0x70/0x70 [ 56.169832] ? rcu_softirq_qs+0x20/0x20 [ 56.173795] ? is_bpf_text_address+0xd3/0x170 [ 56.178278] ? __kernel_text_address+0xd/0x40 [ 56.182755] ? unwind_get_return_address+0x61/0xa0 [ 56.187706] ? __save_stack_trace+0x8d/0xf0 [ 56.192056] ? smk_access+0x53b/0x700 [ 56.195844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.201361] ? smack_log+0x423/0x590 [ 56.205072] ? smk_access_entry+0x310/0x310 [ 56.209398] ? trace_hardirqs_off+0xb8/0x310 [ 56.213803] ? smk_tskacc+0x3dd/0x520 [ 56.217595] ? video_usercopy+0x1760/0x1760 [ 56.221904] ? video_ioctl2+0x2c/0x33 [ 56.225750] ? v4l2_ioctl+0x15c/0x1b0 [ 56.229538] ? video_devdata+0xa0/0xa0 [ 56.233409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.238930] ? do_vfs_ioctl+0x201/0x1790 [ 56.242976] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 56.248504] ? ioctl_preallocate+0x300/0x300 [ 56.252895] ? smk_curacc+0x7f/0xa0 [ 56.256523] ? smack_file_ioctl+0x210/0x3c0 [ 56.260827] ? fget_raw+0x20/0x20 [ 56.264277] ? smack_file_lock+0x2e0/0x2e0 [ 56.268522] ? rcu_read_lock_sched_held+0x14f/0x180 [ 56.273540] do_group_exit+0x177/0x440 [ 56.277416] ? trace_hardirqs_on+0xbd/0x310 [ 56.281734] ? __ia32_sys_exit+0x50/0x50 [ 56.285782] ? trace_hardirqs_off_caller+0x310/0x310 [ 56.290868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.296388] ? ksys_ioctl+0x81/0xd0 [ 56.300003] __x64_sys_exit_group+0x3e/0x50 [ 56.304334] do_syscall_64+0x1b9/0x820 [ 56.308211] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 56.313558] ? syscall_return_slowpath+0x5e0/0x5e0 [ 56.318469] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.323296] ? trace_hardirqs_on_caller+0x310/0x310 [ 56.328294] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.333306] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.338337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.343182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.348373] RIP: 0033:0x442cc8 [ 56.351560] Code: Bad RIP value. [ 56.354905] RSP: 002b:00007ffc01263628 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 56.362594] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 56.369847] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 56.377099] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 56.384430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.391815] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 56.399975] Kernel Offset: disabled [ 56.403597] Rebooting in 86400 seconds..