
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   26.064582] audit: type=1800 audit(1541254685.297:21): pid=5542 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.057893] ==================================================================
[   39.065388] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310
[   39.073082] Read of size 4 at addr 0000000000000020 by task syz-executor117/5697
[   39.080640] 
[   39.082256] CPU: 0 PID: 5697 Comm: syz-executor117 Not tainted 4.19.0+ #95
[   39.089263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.098605] Call Trace:
[   39.101180]  dump_stack+0x244/0x39d
[   39.104797]  ? dump_stack_print_info.cold.1+0x20/0x20
[   39.109973]  ? __x64_sys_exit_group+0x3e/0x50
[   39.114451]  ? do_syscall_64+0x1b9/0x820
[   39.118496]  ? vprintk_func+0x85/0x181
[   39.122369]  kasan_report.cold.8+0x6d/0x309
[   39.126695]  ? refcount_sub_and_test_checked+0x9d/0x310
[   39.132050]  check_memory_region+0x13e/0x1b0
[   39.136465]  kasan_check_read+0x11/0x20
[   39.140426]  refcount_sub_and_test_checked+0x9d/0x310
[   39.145605]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   39.150180]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   39.155625]  ? vb2_vmalloc_put+0x5f/0x80
[   39.159673]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.164769]  ? __kasan_slab_free+0x119/0x150
[   39.169168]  refcount_dec_and_test_checked+0x1a/0x20
[   39.174258]  vb2_vmalloc_put+0x19/0x80
[   39.178134]  __vb2_buf_mem_free+0x112/0x210
[   39.182440]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   39.187271]  __vb2_queue_free+0x830/0xa30
[   39.191408]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.196934]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   39.202374]  ? locks_remove_file+0x3c6/0x5c0
[   39.206782]  vb2_core_queue_release+0x62/0x80
[   39.211266]  _vb2_fop_release+0x1d2/0x2b0
[   39.215400]  ? _vb2_fop_release+0x2b0/0x2b0
[   39.219707]  vb2_fop_release+0x77/0xc0
[   39.223586]  v4l2_release+0x2f2/0x3a0
[   39.227372]  ? dev_debug_store+0x140/0x140
[   39.231592]  __fput+0x385/0xa30
[   39.234862]  ? get_max_files+0x20/0x20
[   39.238739]  ? trace_hardirqs_on+0xbd/0x310
[   39.243045]  ? kasan_check_read+0x11/0x20
[   39.247180]  ? task_work_run+0x1af/0x2a0
[   39.251241]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.256335]  ____fput+0x15/0x20
[   39.259603]  task_work_run+0x1e8/0x2a0
[   39.263479]  ? task_work_cancel+0x240/0x240
[   39.267794]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.273317]  ? switch_task_namespaces+0x9d/0xd0
[   39.277973]  do_exit+0x1ad6/0x26d0
[   39.281518]  ? mm_update_next_owner+0x990/0x990
[   39.286194]  ? kvfree+0x66/0x70
[   39.289458]  ? video_usercopy+0x79b/0x1760
[   39.293690]  ? v4l_s_fmt+0x990/0x990
[   39.297393]  ? v4l_enumstd+0x70/0x70
[   39.301102]  ? rcu_softirq_qs+0x20/0x20
[   39.305085]  ? is_bpf_text_address+0xd3/0x170
[   39.309574]  ? __kernel_text_address+0xd/0x40
[   39.314054]  ? unwind_get_return_address+0x61/0xa0
[   39.318972]  ? __save_stack_trace+0x8d/0xf0
[   39.323292]  ? smk_access+0x53b/0x700
[   39.327094]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.332624]  ? smack_log+0x423/0x590
[   39.336336]  ? smk_access_entry+0x310/0x310
[   39.340648]  ? trace_hardirqs_off+0xb8/0x310
[   39.345045]  ? smk_tskacc+0x3dd/0x520
[   39.348843]  ? video_usercopy+0x1760/0x1760
[   39.353152]  ? video_ioctl2+0x2c/0x33
[   39.356936]  ? v4l2_ioctl+0x15c/0x1b0
[   39.360722]  ? video_devdata+0xa0/0xa0
[   39.364611]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.370136]  ? do_vfs_ioctl+0x201/0x1790
[   39.374187]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   39.379707]  ? ioctl_preallocate+0x300/0x300
[   39.384099]  ? smk_curacc+0x7f/0xa0
[   39.387715]  ? smack_file_ioctl+0x210/0x3c0
[   39.392023]  ? fget_raw+0x20/0x20
[   39.395462]  ? smack_file_lock+0x2e0/0x2e0
[   39.399685]  ? rcu_read_lock_sched_held+0x14f/0x180
[   39.404719]  do_group_exit+0x177/0x440
[   39.408595]  ? trace_hardirqs_on+0xbd/0x310
[   39.412903]  ? __ia32_sys_exit+0x50/0x50
[   39.416954]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.422046]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.427572]  ? ksys_ioctl+0x81/0xd0
[   39.431188]  __x64_sys_exit_group+0x3e/0x50
[   39.435498]  do_syscall_64+0x1b9/0x820
[   39.439377]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.444726]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.449641]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.454473]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.459478]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.464479]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.469482]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.474313]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.479485] RIP: 0033:0x442ad8
[   39.482673] Code: Bad RIP value.
[   39.486023] RSP: 002b:00007ffc853fc3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   39.493718] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   39.500975] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   39.508238] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   39.515492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   39.522749] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   39.530027] ==================================================================
[   39.537370] Disabling lock debugging due to kernel taint
[   39.542874] Kernel panic - not syncing: panic_on_warn set ...
[   39.548760] CPU: 0 PID: 5697 Comm: syz-executor117 Tainted: G    B             4.19.0+ #95
[   39.557144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.566478] Call Trace:
[   39.569051]  dump_stack+0x244/0x39d
[   39.572675]  ? dump_stack_print_info.cold.1+0x20/0x20
[   39.577856]  panic+0x2ad/0x55c
[   39.581033]  ? add_taint.cold.5+0x16/0x16
[   39.585168]  ? preempt_schedule+0x4d/0x60
[   39.589297]  ? ___preempt_schedule+0x16/0x18
[   39.593702]  ? trace_hardirqs_on+0xb4/0x310
[   39.598012]  kasan_end_report+0x47/0x4f
[   39.601970]  kasan_report.cold.8+0x76/0x309
[   39.606276]  ? refcount_sub_and_test_checked+0x9d/0x310
[   39.611622]  check_memory_region+0x13e/0x1b0
[   39.616016]  kasan_check_read+0x11/0x20
[   39.619973]  refcount_sub_and_test_checked+0x9d/0x310
[   39.625148]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   39.629716]  ? refcount_inc_not_zero_checked+0x2f0/0x2f0
[   39.635150]  ? vb2_vmalloc_put+0x5f/0x80
[   39.639199]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.644287]  ? __kasan_slab_free+0x119/0x150
[   39.648679]  refcount_dec_and_test_checked+0x1a/0x20
[   39.653780]  vb2_vmalloc_put+0x19/0x80
[   39.657662]  __vb2_buf_mem_free+0x112/0x210
[   39.661966]  ? vb2_vmalloc_get_dmabuf+0x300/0x300
[   39.666793]  __vb2_queue_free+0x830/0xa30
[   39.670937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.676460]  ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310
[   39.681895]  ? locks_remove_file+0x3c6/0x5c0
[   39.686303]  vb2_core_queue_release+0x62/0x80
[   39.690799]  _vb2_fop_release+0x1d2/0x2b0
[   39.694930]  ? _vb2_fop_release+0x2b0/0x2b0
[   39.699234]  vb2_fop_release+0x77/0xc0
[   39.703105]  v4l2_release+0x2f2/0x3a0
[   39.706890]  ? dev_debug_store+0x140/0x140
[   39.711109]  __fput+0x385/0xa30
[   39.714374]  ? get_max_files+0x20/0x20
[   39.718243]  ? trace_hardirqs_on+0xbd/0x310
[   39.722548]  ? kasan_check_read+0x11/0x20
[   39.726681]  ? task_work_run+0x1af/0x2a0
[   39.730724]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.735828]  ____fput+0x15/0x20
[   39.739096]  task_work_run+0x1e8/0x2a0
[   39.742976]  ? task_work_cancel+0x240/0x240
[   39.747286]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.752805]  ? switch_task_namespaces+0x9d/0xd0
[   39.757462]  do_exit+0x1ad6/0x26d0
[   39.760992]  ? mm_update_next_owner+0x990/0x990
[   39.765666]  ? kvfree+0x66/0x70
[   39.768931]  ? video_usercopy+0x79b/0x1760
[   39.773153]  ? v4l_s_fmt+0x990/0x990
[   39.776858]  ? v4l_enumstd+0x70/0x70
[   39.780561]  ? rcu_softirq_qs+0x20/0x20
[   39.784533]  ? is_bpf_text_address+0xd3/0x170
[   39.789016]  ? __kernel_text_address+0xd/0x40
[   39.793503]  ? unwind_get_return_address+0x61/0xa0
[   39.798423]  ? __save_stack_trace+0x8d/0xf0
[   39.802743]  ? smk_access+0x53b/0x700
[   39.806542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.812070]  ? smack_log+0x423/0x590
[   39.815768]  ? smk_access_entry+0x310/0x310
[   39.820077]  ? trace_hardirqs_off+0xb8/0x310
[   39.824471]  ? smk_tskacc+0x3dd/0x520
[   39.828381]  ? video_usercopy+0x1760/0x1760
[   39.832684]  ? video_ioctl2+0x2c/0x33
[   39.836468]  ? v4l2_ioctl+0x15c/0x1b0
[   39.840253]  ? video_devdata+0xa0/0xa0
[   39.844125]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.849646]  ? do_vfs_ioctl+0x201/0x1790
[   39.853692]  ? rcu_lockdep_current_cpu_online+0x1a4/0x210
[   39.859212]  ? ioctl_preallocate+0x300/0x300
[   39.863604]  ? smk_curacc+0x7f/0xa0
[   39.867215]  ? smack_file_ioctl+0x210/0x3c0
[   39.871522]  ? fget_raw+0x20/0x20
[   39.874972]  ? smack_file_lock+0x2e0/0x2e0
[   39.879196]  ? rcu_read_lock_sched_held+0x14f/0x180
[   39.884203]  do_group_exit+0x177/0x440
[   39.888079]  ? trace_hardirqs_on+0xbd/0x310
[   39.892385]  ? __ia32_sys_exit+0x50/0x50
[   39.896444]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.901528]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.907049]  ? ksys_ioctl+0x81/0xd0
[   39.910667]  __x64_sys_exit_group+0x3e/0x50
[   39.914981]  do_syscall_64+0x1b9/0x820
[   39.918854]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.924204]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.929122]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.933963]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.938966]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.943965]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.948967]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.953797]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.958970] RIP: 0033:0x442ad8
[   39.962154] Code: Bad RIP value.
[   39.965673] RSP: 002b:00007ffc853fc3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   39.973370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442ad8
[   39.980631] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   39.987883] RBP: 00000000004c2788 R08: 00000000000000e7 R09: ffffffffffffffd0
[   39.995136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.002386] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000
[   40.010824] Kernel Offset: disabled
[   40.014447] Rebooting in 86400 seconds..