[info] Using makefile-style concurrent boot in runlevel 2. [ 25.727031] audit: type=1800 audit(1541224118.011:21): pid=5552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.064037] ================================================================== [ 42.071487] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x9d/0x310 [ 42.079188] Read of size 4 at addr 0000000000000020 by task syz-executor506/5708 [ 42.086726] [ 42.088346] CPU: 0 PID: 5708 Comm: syz-executor506 Not tainted 4.19.0+ #316 [ 42.095424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.104774] Call Trace: [ 42.107354] dump_stack+0x244/0x39d [ 42.110977] ? dump_stack_print_info.cold.1+0x20/0x20 [ 42.116160] ? do_group_exit+0x177/0x440 [ 42.120209] ? __x64_sys_exit_group+0x3e/0x50 [ 42.124693] ? vprintk_func+0x85/0x181 [ 42.128572] kasan_report.cold.8+0x6d/0x309 [ 42.132901] ? refcount_sub_and_test_checked+0x9d/0x310 [ 42.138269] check_memory_region+0x13e/0x1b0 [ 42.142674] kasan_check_read+0x11/0x20 [ 42.146639] refcount_sub_and_test_checked+0x9d/0x310 [ 42.151824] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 42.156397] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 42.161835] ? vb2_vmalloc_put+0x5f/0x80 [ 42.165880] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.170973] ? __kasan_slab_free+0x119/0x150 [ 42.175372] refcount_dec_and_test_checked+0x1a/0x20 [ 42.180463] vb2_vmalloc_put+0x19/0x80 [ 42.184333] __vb2_buf_mem_free+0x112/0x210 [ 42.188639] ? vb2_vmalloc_get_dmabuf+0x300/0x300 [ 42.193466] __vb2_queue_free+0x830/0xa30 [ 42.197610] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 42.202180] ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310 [ 42.207620] ? vidioc_querycap+0xd0/0xd0 [ 42.211664] vb2_core_queue_release+0x62/0x80 [ 42.216150] vb2_queue_release+0x15/0x20 [ 42.220198] v4l2_m2m_ctx_release+0x2a/0x35 [ 42.224507] vim2m_release+0xe6/0x150 [ 42.228295] v4l2_release+0x224/0x3a0 [ 42.232080] ? dev_debug_store+0x140/0x140 [ 42.236301] __fput+0x385/0xa30 [ 42.239580] ? get_max_files+0x20/0x20 [ 42.243452] ? trace_hardirqs_on+0xbd/0x310 [ 42.247762] ? kasan_check_read+0x11/0x20 [ 42.251894] ? task_work_run+0x1af/0x2a0 [ 42.255945] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.261044] ____fput+0x15/0x20 [ 42.264332] task_work_run+0x1e8/0x2a0 [ 42.268210] ? task_work_cancel+0x240/0x240 [ 42.272518] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.278051] ? switch_task_namespaces+0x9d/0xd0 [ 42.282727] do_exit+0x1ad6/0x26d0 [ 42.286258] ? mm_update_next_owner+0x990/0x990 [ 42.290916] ? kvfree+0x66/0x70 [ 42.294182] ? video_usercopy+0x79b/0x1760 [ 42.298403] ? v4l_s_fmt+0x990/0x990 [ 42.302103] ? v4l_enumstd+0x70/0x70 [ 42.305798] ? rcu_softirq_qs+0x20/0x20 [ 42.309763] ? is_bpf_text_address+0xd3/0x170 [ 42.314246] ? __kernel_text_address+0xd/0x40 [ 42.318728] ? unwind_get_return_address+0x61/0xa0 [ 42.323644] ? __save_stack_trace+0x8d/0xf0 [ 42.327977] ? save_stack+0x43/0xd0 [ 42.331591] ? __kasan_slab_free+0x102/0x150 [ 42.335982] ? kasan_slab_free+0xe/0x10 [ 42.339939] ? kmem_cache_free+0x83/0x290 [ 42.344076] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.349429] ? trace_hardirqs_off+0xb8/0x310 [ 42.353820] ? kasan_check_read+0x11/0x20 [ 42.357954] ? do_raw_spin_unlock+0xa7/0x330 [ 42.362348] ? trace_hardirqs_on+0x310/0x310 [ 42.366746] ? video_usercopy+0x1760/0x1760 [ 42.371067] ? video_ioctl2+0x2c/0x33 [ 42.374854] ? v4l2_ioctl+0x15c/0x1b0 [ 42.378639] ? video_devdata+0xa0/0xa0 [ 42.382514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.388034] ? do_vfs_ioctl+0x201/0x1790 [ 42.392081] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 42.397604] ? ioctl_preallocate+0x300/0x300 [ 42.401994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.407525] ? __fget_light+0x2e9/0x430 [ 42.411492] ? fget_raw+0x20/0x20 [ 42.414936] ? rcu_read_lock_sched_held+0x14f/0x180 [ 42.419960] ? kmem_cache_free+0x24f/0x290 [ 42.424202] ? putname+0xf7/0x130 [ 42.427655] do_group_exit+0x177/0x440 [ 42.431539] ? trace_hardirqs_on+0xbd/0x310 [ 42.435847] ? __ia32_sys_exit+0x50/0x50 [ 42.439894] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.444981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.450503] ? ksys_ioctl+0x81/0xd0 [ 42.454120] __x64_sys_exit_group+0x3e/0x50 [ 42.458428] do_syscall_64+0x1b9/0x820 [ 42.462301] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.467653] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.472576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.477416] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.482438] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.487463] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.492487] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.497323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.502584] RIP: 0033:0x442cc8 [ 42.505767] Code: Bad RIP value. [ 42.509116] RSP: 002b:00007fff79aa43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 42.516802] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 42.524055] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 42.531311] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 42.538567] R10: 0000f80000000000 R11: 0000000000000246 R12: 0000000000000001 [ 42.545836] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 42.553101] ================================================================== [ 42.560440] Disabling lock debugging due to kernel taint [ 42.566811] Kernel panic - not syncing: panic_on_warn set ... [ 42.572724] CPU: 0 PID: 5708 Comm: syz-executor506 Tainted: G B 4.19.0+ #316 [ 42.581192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.590526] Call Trace: [ 42.593099] dump_stack+0x244/0x39d [ 42.596714] ? dump_stack_print_info.cold.1+0x20/0x20 [ 42.601893] panic+0x2ad/0x55c [ 42.605076] ? add_taint.cold.5+0x16/0x16 [ 42.609212] ? preempt_schedule+0x4d/0x60 [ 42.613345] ? ___preempt_schedule+0x16/0x18 [ 42.617737] ? trace_hardirqs_on+0xb4/0x310 [ 42.622040] kasan_end_report+0x47/0x4f [ 42.625996] kasan_report.cold.8+0x76/0x309 [ 42.630300] ? refcount_sub_and_test_checked+0x9d/0x310 [ 42.635645] check_memory_region+0x13e/0x1b0 [ 42.640042] kasan_check_read+0x11/0x20 [ 42.643999] refcount_sub_and_test_checked+0x9d/0x310 [ 42.649176] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 42.653742] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 42.659175] ? vb2_vmalloc_put+0x5f/0x80 [ 42.663224] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.668311] ? __kasan_slab_free+0x119/0x150 [ 42.672708] refcount_dec_and_test_checked+0x1a/0x20 [ 42.677797] vb2_vmalloc_put+0x19/0x80 [ 42.681674] __vb2_buf_mem_free+0x112/0x210 [ 42.686003] ? vb2_vmalloc_get_dmabuf+0x300/0x300 [ 42.690836] __vb2_queue_free+0x830/0xa30 [ 42.694968] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 42.699535] ? __vb2_plane_dmabuf_put.isra.5+0x310/0x310 [ 42.704969] ? vidioc_querycap+0xd0/0xd0 [ 42.709012] vb2_core_queue_release+0x62/0x80 [ 42.713491] vb2_queue_release+0x15/0x20 [ 42.717535] v4l2_m2m_ctx_release+0x2a/0x35 [ 42.721842] vim2m_release+0xe6/0x150 [ 42.725622] v4l2_release+0x224/0x3a0 [ 42.729405] ? dev_debug_store+0x140/0x140 [ 42.733629] __fput+0x385/0xa30 [ 42.736944] ? get_max_files+0x20/0x20 [ 42.740830] ? trace_hardirqs_on+0xbd/0x310 [ 42.745135] ? kasan_check_read+0x11/0x20 [ 42.749270] ? task_work_run+0x1af/0x2a0 [ 42.753313] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.758400] ____fput+0x15/0x20 [ 42.761664] task_work_run+0x1e8/0x2a0 [ 42.765537] ? task_work_cancel+0x240/0x240 [ 42.769842] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 42.775376] ? switch_task_namespaces+0x9d/0xd0 [ 42.780030] do_exit+0x1ad6/0x26d0 [ 42.783557] ? mm_update_next_owner+0x990/0x990 [ 42.788213] ? kvfree+0x66/0x70 [ 42.791475] ? video_usercopy+0x79b/0x1760 [ 42.795693] ? v4l_s_fmt+0x990/0x990 [ 42.799393] ? v4l_enumstd+0x70/0x70 [ 42.803085] ? rcu_softirq_qs+0x20/0x20 [ 42.807043] ? is_bpf_text_address+0xd3/0x170 [ 42.811523] ? __kernel_text_address+0xd/0x40 [ 42.815999] ? unwind_get_return_address+0x61/0xa0 [ 42.820910] ? __save_stack_trace+0x8d/0xf0 [ 42.825220] ? save_stack+0x43/0xd0 [ 42.828829] ? __kasan_slab_free+0x102/0x150 [ 42.833217] ? kasan_slab_free+0xe/0x10 [ 42.837171] ? kmem_cache_free+0x83/0x290 [ 42.841303] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.846649] ? trace_hardirqs_off+0xb8/0x310 [ 42.851045] ? kasan_check_read+0x11/0x20 [ 42.855183] ? do_raw_spin_unlock+0xa7/0x330 [ 42.859925] ? trace_hardirqs_on+0x310/0x310 [ 42.864316] ? video_usercopy+0x1760/0x1760 [ 42.868621] ? video_ioctl2+0x2c/0x33 [ 42.872402] ? v4l2_ioctl+0x15c/0x1b0 [ 42.876200] ? video_devdata+0xa0/0xa0 [ 42.880077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.885601] ? do_vfs_ioctl+0x201/0x1790 [ 42.889648] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 42.895176] ? ioctl_preallocate+0x300/0x300 [ 42.899570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.905088] ? __fget_light+0x2e9/0x430 [ 42.909043] ? fget_raw+0x20/0x20 [ 42.912486] ? rcu_read_lock_sched_held+0x14f/0x180 [ 42.917492] ? kmem_cache_free+0x24f/0x290 [ 42.921723] ? putname+0xf7/0x130 [ 42.925174] do_group_exit+0x177/0x440 [ 42.929056] ? trace_hardirqs_on+0xbd/0x310 [ 42.933359] ? __ia32_sys_exit+0x50/0x50 [ 42.937403] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.942511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.948051] ? ksys_ioctl+0x81/0xd0 [ 42.951675] __x64_sys_exit_group+0x3e/0x50 [ 42.955982] do_syscall_64+0x1b9/0x820 [ 42.959853] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.965204] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.970120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.974947] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.979951] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.984949] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.989952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.994784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.999959] RIP: 0033:0x442cc8 [ 43.003143] Code: Bad RIP value. [ 43.006498] RSP: 002b:00007fff79aa43e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.014192] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442cc8 [ 43.021450] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 43.028708] RBP: 00000000004c2888 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 43.035982] R10: 0000f80000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.043241] R13: 00000000006d4180 R14: 0000000000000000 R15: 0000000000000000 [ 43.051432] Kernel Offset: disabled [ 43.055064] Rebooting in 86400 seconds..