
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.587067] audit: type=1800 audit(1541246174.145:21): pid=5519 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   59.074575] ==================================================================
[   59.082063] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   59.089757] Read of size 4 at addr 0000000000000020 by task syz-executor349/5675
[   59.097375] 
[   59.098995] CPU: 1 PID: 5675 Comm: syz-executor349 Not tainted 4.19.0-next-20181102+ #104
[   59.107302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.116643] Call Trace:
[   59.119219]  dump_stack+0x244/0x39d
[   59.122833]  ? dump_stack_print_info.cold.1+0x20/0x20
[   59.128012]  ? do_group_exit+0x177/0x440
[   59.132064]  ? __x64_sys_exit_group+0x3e/0x50
[   59.136549]  ? vprintk_func+0x85/0x181
[   59.140433]  kasan_report.cold.8+0x6d/0x309
[   59.144762]  ? refcount_sub_and_test_checked+0x9d/0x310
[   59.150118]  check_memory_region+0x13e/0x1b0
[   59.154520]  kasan_check_read+0x11/0x20
[   59.158484]  refcount_sub_and_test_checked+0x9d/0x310
[   59.163663]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   59.168232]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   59.173669]  ? vb2_vmalloc_put+0x5f/0x80
[   59.177720]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.182817]  ? __kasan_slab_free+0x119/0x150
[   59.187280]  refcount_dec_and_test_checked+0x1a/0x20
[   59.192381]  vb2_vmalloc_put+0x19/0x80
[   59.196264]  __vb2_buf_mem_free+0x112/0x210
[   59.200581]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   59.205409]  __vb2_queue_free+0x830/0xa30
[   59.209548]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   59.214173]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   59.219627]  ? vidioc_querycap+0xd0/0xd0
[   59.223673]  vb2_core_queue_release+0x62/0x80
[   59.228156]  vb2_queue_release+0x15/0x20
[   59.232199]  v4l2_m2m_ctx_release+0x2a/0x35
[   59.236515]  vim2m_release+0xe6/0x150
[   59.240363]  v4l2_release+0x224/0x3a0
[   59.244162]  __fput+0x3bc/0xa70
[   59.247432]  ? dev_debug_store+0x140/0x140
[   59.251661]  ? get_max_files+0x20/0x20
[   59.255535]  ? trace_hardirqs_on+0xbd/0x310
[   59.259844]  ? kasan_check_read+0x11/0x20
[   59.263976]  ? task_work_run+0x1af/0x2a0
[   59.268025]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.273117]  ____fput+0x15/0x20
[   59.276494]  task_work_run+0x1e8/0x2a0
[   59.280378]  ? task_work_cancel+0x240/0x240
[   59.284694]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   59.290326]  ? switch_task_namespaces+0x9d/0xd0
[   59.295072]  do_exit+0x1ad1/0x26d0
[   59.298614]  ? mm_update_next_owner+0x990/0x990
[   59.303269]  ? kvfree+0x66/0x70
[   59.306543]  ? video_usercopy+0x79b/0x1750
[   59.310771]  ? v4l_s_fmt+0x990/0x990
[   59.314581]  ? v4l_enumstd+0x70/0x70
[   59.318287]  ? rcu_softirq_qs+0x20/0x20
[   59.322254]  ? is_bpf_text_address+0xd3/0x170
[   59.326860]  ? __kernel_text_address+0xd/0x40
[   59.331346]  ? unwind_get_return_address+0x61/0xa0
[   59.336263]  ? __save_stack_trace+0x8d/0xf0
[   59.341104]  ? save_stack+0x43/0xd0
[   59.344723]  ? __kasan_slab_free+0x102/0x150
[   59.349117]  ? kasan_slab_free+0xe/0x10
[   59.353082]  ? kmem_cache_free+0x83/0x290
[   59.357218]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.362576]  ? trace_hardirqs_off+0xb8/0x310
[   59.366974]  ? kasan_check_read+0x11/0x20
[   59.371111]  ? do_raw_spin_unlock+0xa7/0x330
[   59.375505]  ? trace_hardirqs_on+0x310/0x310
[   59.379904]  ? video_usercopy+0x1750/0x1750
[   59.384222]  ? video_ioctl2+0x2c/0x33
[   59.388015]  ? v4l2_ioctl+0x15c/0x1b0
[   59.391805]  ? video_devdata+0xa0/0xa0
[   59.395677]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.401204]  ? do_vfs_ioctl+0x201/0x1790
[   59.405256]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   59.410785]  ? ioctl_preallocate+0x300/0x300
[   59.415265]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.420812]  ? __fget_light+0x2e9/0x430
[   59.424772]  ? fget_raw+0x20/0x20
[   59.428216]  ? rcu_read_lock_sched_held+0x14f/0x180
[   59.433219]  ? kmem_cache_free+0x24f/0x290
[   59.437444]  ? putname+0xf7/0x130
[   59.440897]  do_group_exit+0x177/0x440
[   59.444770]  ? trace_hardirqs_on+0xbd/0x310
[   59.449080]  ? __ia32_sys_exit+0x50/0x50
[   59.453126]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.458214]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.463733]  ? ksys_ioctl+0x81/0xd0
[   59.467353]  __x64_sys_exit_group+0x3e/0x50
[   59.471670]  do_syscall_64+0x1b9/0x820
[   59.475544]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   59.480900]  ? syscall_return_slowpath+0x5e0/0x5e0
[   59.485821]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.490826]  ? trace_hardirqs_on_caller+0x310/0x310
[   59.495830]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   59.500934]  ? prepare_exit_to_usermode+0x291/0x3b0
[   59.505944]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.510781]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.515957] RIP: 0033:0x442cc8
[   59.519150] Code: Bad RIP value.
[   59.522502] RSP: 002b:00007ffd92528518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   59.530210] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8
[   59.537616] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   59.544971] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0
[   59.552229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.559492] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   59.566813] ==================================================================
[   59.574164] Disabling lock debugging due to kernel taint
[   59.580164] Kernel panic - not syncing: panic_on_warn set ...
[   59.586064] CPU: 1 PID: 5675 Comm: syz-executor349 Tainted: G    B             4.19.0-next-20181102+ #104
[   59.595836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.605175] Call Trace:
[   59.607762]  dump_stack+0x244/0x39d
[   59.611387]  ? dump_stack_print_info.cold.1+0x20/0x20
[   59.616564]  panic+0x2ad/0x55c
[   59.619746]  ? add_taint.cold.5+0x16/0x16
[   59.623966]  ? preempt_schedule+0x4d/0x60
[   59.628108]  ? ___preempt_schedule+0x16/0x18
[   59.632517]  ? trace_hardirqs_on+0xb4/0x310
[   59.636828]  kasan_end_report+0x47/0x4f
[   59.640787]  kasan_report.cold.8+0x76/0x309
[   59.645099]  ? refcount_sub_and_test_checked+0x9d/0x310
[   59.650460]  check_memory_region+0x13e/0x1b0
[   59.654854]  kasan_check_read+0x11/0x20
[   59.658816]  refcount_sub_and_test_checked+0x9d/0x310
[   59.664009]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   59.668595]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   59.674027]  ? vb2_vmalloc_put+0x5f/0x80
[   59.678075]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.683161]  ? __kasan_slab_free+0x119/0x150
[   59.687555]  refcount_dec_and_test_checked+0x1a/0x20
[   59.692641]  vb2_vmalloc_put+0x19/0x80
[   59.696512]  __vb2_buf_mem_free+0x112/0x210
[   59.700817]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   59.705648]  __vb2_queue_free+0x830/0xa30
[   59.709788]  ? v4l2_m2m_job_finish+0x4c0/0x4c0
[   59.714359]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   59.719802]  ? vidioc_querycap+0xd0/0xd0
[   59.723960]  vb2_core_queue_release+0x62/0x80
[   59.728456]  vb2_queue_release+0x15/0x20
[   59.732500]  v4l2_m2m_ctx_release+0x2a/0x35
[   59.736811]  vim2m_release+0xe6/0x150
[   59.740654]  v4l2_release+0x224/0x3a0
[   59.746273]  __fput+0x3bc/0xa70
[   59.749538]  ? dev_debug_store+0x140/0x140
[   59.753753]  ? get_max_files+0x20/0x20
[   59.757625]  ? trace_hardirqs_on+0xbd/0x310
[   59.761939]  ? kasan_check_read+0x11/0x20
[   59.766074]  ? task_work_run+0x1af/0x2a0
[   59.770211]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.775325]  ____fput+0x15/0x20
[   59.778595]  task_work_run+0x1e8/0x2a0
[   59.782475]  ? task_work_cancel+0x240/0x240
[   59.786781]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   59.792306]  ? switch_task_namespaces+0x9d/0xd0
[   59.796964]  do_exit+0x1ad1/0x26d0
[   59.800493]  ? mm_update_next_owner+0x990/0x990
[   59.805152]  ? kvfree+0x66/0x70
[   59.808425]  ? video_usercopy+0x79b/0x1750
[   59.812662]  ? v4l_s_fmt+0x990/0x990
[   59.816368]  ? v4l_enumstd+0x70/0x70
[   59.820173]  ? rcu_softirq_qs+0x20/0x20
[   59.824139]  ? is_bpf_text_address+0xd3/0x170
[   59.828624]  ? __kernel_text_address+0xd/0x40
[   59.833103]  ? unwind_get_return_address+0x61/0xa0
[   59.838088]  ? __save_stack_trace+0x8d/0xf0
[   59.842404]  ? save_stack+0x43/0xd0
[   59.846020]  ? __kasan_slab_free+0x102/0x150
[   59.850413]  ? kasan_slab_free+0xe/0x10
[   59.854373]  ? kmem_cache_free+0x83/0x290
[   59.858512]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.863859]  ? trace_hardirqs_off+0xb8/0x310
[   59.868249]  ? kasan_check_read+0x11/0x20
[   59.872386]  ? do_raw_spin_unlock+0xa7/0x330
[   59.876781]  ? trace_hardirqs_on+0x310/0x310
[   59.881180]  ? video_usercopy+0x1750/0x1750
[   59.885491]  ? video_ioctl2+0x2c/0x33
[   59.889280]  ? v4l2_ioctl+0x15c/0x1b0
[   59.893068]  ? video_devdata+0xa0/0xa0
[   59.896945]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.902476]  ? do_vfs_ioctl+0x201/0x1790
[   59.906524]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   59.912050]  ? ioctl_preallocate+0x300/0x300
[   59.916446]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.921977]  ? __fget_light+0x2e9/0x430
[   59.925934]  ? fget_raw+0x20/0x20
[   59.929375]  ? rcu_read_lock_sched_held+0x14f/0x180
[   59.934380]  ? kmem_cache_free+0x24f/0x290
[   59.938606]  ? putname+0xf7/0x130
[   59.942054]  do_group_exit+0x177/0x440
[   59.945960]  ? trace_hardirqs_on+0xbd/0x310
[   59.950305]  ? __ia32_sys_exit+0x50/0x50
[   59.954489]  ? trace_hardirqs_off_caller+0x300/0x300
[   59.959577]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.965137]  ? ksys_ioctl+0x81/0xd0
[   59.968752]  __x64_sys_exit_group+0x3e/0x50
[   59.973057]  do_syscall_64+0x1b9/0x820
[   59.976925]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   59.982279]  ? syscall_return_slowpath+0x5e0/0x5e0
[   59.987191]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.992020]  ? trace_hardirqs_on_caller+0x310/0x310
[   59.997020]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   60.002036]  ? prepare_exit_to_usermode+0x291/0x3b0
[   60.007035]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   60.011866]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.017052] RIP: 0033:0x442cc8
[   60.020236] Code: Bad RIP value.
[   60.023578] RSP: 002b:00007ffd92528518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   60.031267] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8
[   60.038520] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   60.045819] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0
[   60.053141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.060401] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   60.068724] Kernel Offset: disabled
[   60.072346] Rebooting in 86400 seconds..