[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 30.189439] kauditd_printk_skb: 7 callbacks suppressed [ 30.189453] audit: type=1800 audit(1542269047.801:29): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 30.222291] audit: type=1800 audit(1542269047.811:30): pid=5975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 60.266526] WARNING: CPU: 0 PID: 6156 at drivers/dma-buf/dma-buf.c:992 dma_buf_vunmap+0x1bb/0x220 [ 60.275633] Kernel panic - not syncing: panic_on_warn set ... [ 60.281504] CPU: 0 PID: 6156 Comm: syz-executor797 Not tainted 4.20.0-rc2+ #334 [ 60.288942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.298274] Call Trace: [ 60.300846] dump_stack+0x244/0x39d [ 60.304474] ? dump_stack_print_info.cold.1+0x20/0x20 [ 60.309658] panic+0x2ad/0x55c [ 60.312860] ? add_taint.cold.5+0x16/0x16 [ 60.316995] ? __warn.cold.8+0x5/0x45 [ 60.320781] ? __warn+0xe8/0x1d0 [ 60.324154] ? dma_buf_vunmap+0x1bb/0x220 [ 60.328295] __warn.cold.8+0x20/0x45 [ 60.332008] ? rcu_softirq_qs+0x20/0x20 [ 60.335974] ? dma_buf_vunmap+0x1bb/0x220 [ 60.340105] report_bug+0x254/0x2d0 [ 60.343717] do_error_trap+0x11b/0x200 [ 60.347609] do_invalid_op+0x36/0x40 [ 60.351310] ? dma_buf_vunmap+0x1bb/0x220 [ 60.355454] invalid_op+0x14/0x20 [ 60.358889] RIP: 0010:dma_buf_vunmap+0x1bb/0x220 [ 60.363680] Code: 00 00 00 00 e8 56 f2 27 fd 4c 89 f7 e8 7e 1f 77 03 e8 49 f2 27 fd 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 35 f2 27 fd <0f> 0b eb e3 e8 2c f2 27 fd 0f 0b e8 25 f2 27 fd 0f 0b e8 1e f2 27 [ 60.382565] RSP: 0018:ffff8881ba9ef948 EFLAGS: 00010293 [ 60.387931] RAX: ffff8881c2cb82c0 RBX: 0000000000000000 RCX: ffffffff854cfa50 [ 60.395199] RDX: 0000000000000000 RSI: ffffffff845795ab RDI: 0000000000000000 [ 60.402453] RBP: ffff8881ba9ef978 R08: ffff8881c2cb82c0 R09: ffffed10375e65c6 [ 60.409704] R10: ffff8881ba9efad0 R11: ffff8881baf32e37 R12: ffffc90007edb000 [ 60.416956] R13: ffff8881c37a2d80 R14: ffff8881c37a2de8 R15: ffff8881ba87e380 [ 60.424236] ? __vb2_plane_dmabuf_put.isra.5+0xc0/0x310 [ 60.429586] ? dma_buf_vunmap+0x1bb/0x220 [ 60.433744] ? dma_buf_vunmap+0x1bb/0x220 [ 60.437876] vb2_vmalloc_detach_dmabuf+0x5a/0x80 [ 60.442622] ? vb2_vmalloc_map_dmabuf+0x80/0x80 [ 60.447277] __vb2_plane_dmabuf_put.isra.5+0x122/0x310 [ 60.452540] __vb2_queue_free+0x7f3/0xa30 [ 60.456692] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 60.461273] ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310 [ 60.466730] ? vidioc_querycap+0xd0/0xd0 [ 60.470777] vb2_core_queue_release+0x62/0x80 [ 60.475269] vb2_queue_release+0x15/0x20 [ 60.479312] v4l2_m2m_ctx_release+0x1e/0x35 [ 60.483616] vim2m_release+0xe6/0x150 [ 60.487400] v4l2_release+0x224/0x3a0 [ 60.491188] ? dev_debug_store+0x140/0x140 [ 60.495418] __fput+0x385/0xa30 [ 60.498693] ? get_max_files+0x20/0x20 [ 60.502578] ? trace_hardirqs_on+0xbd/0x310 [ 60.506881] ? kasan_check_read+0x11/0x20 [ 60.511035] ? task_work_run+0x1af/0x2a0 [ 60.515079] ? trace_hardirqs_off_caller+0x310/0x310 [ 60.520171] ? filp_close+0x1cd/0x250 [ 60.523993] ____fput+0x15/0x20 [ 60.527258] task_work_run+0x1e8/0x2a0 [ 60.531130] ? task_work_cancel+0x240/0x240 [ 60.535439] ? copy_fd_bitmaps+0x210/0x210 [ 60.539660] ? do_syscall_64+0x9a/0x820 [ 60.543655] exit_to_usermode_loop+0x318/0x380 [ 60.548221] ? __bpf_trace_sys_exit+0x30/0x30 [ 60.552707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.558240] do_syscall_64+0x6be/0x820 [ 60.562111] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 60.567462] ? syscall_return_slowpath+0x5e0/0x5e0 [ 60.572374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.577204] ? trace_hardirqs_on_caller+0x310/0x310 [ 60.582224] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 60.587222] ? prepare_exit_to_usermode+0x291/0x3b0 [ 60.592259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.597126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.602336] RIP: 0033:0x405731 [ 60.605551] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 94 17 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 60.624439] RSP: 002b:00007fff94c70980 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 60.632127] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000405731 [ 60.639403] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003 [ 60.646699] RBP: 000000000000eb57 R08: 00000000006dbc3c R09: 000000037ffffa00 [ 60.653978] R10: 00007fff94c709a0 R11: 0000000000000293 R12: 000000000000002d [ 60.661265] R13: 20c49ba5e353f7cf R14: 0000000000000004 R15: 00000000006dbd2c [ 60.669577] Kernel Offset: disabled [ 60.673259] Rebooting in 86400 seconds..