bisecting fixing commit since 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e building syzkaller on 4f7e1d0f5e1c44e2298738f690dde25c486cc65a testing commit 43598c571e7ed29e4c81e35b4a870fe6b9f8d58e with gcc (GCC) 8.1.0 kernel signature: 5b2eccdf40ffbe6ef51d290abf4bd5e98c2950ab125c2ae7e2751eddc4f1bed5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in vb2_vmalloc_put testing current HEAD 1752938529c614a8ed4432ecce6ebc95d3b87207 testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.1.0 kernel signature: 634a592ca940f43f5a2a7d45a8bb29a4b927471fed94cef49a6e80418b38c4ec all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in vb2_vmalloc_put revisions tested: 2, total time: 22m0.861664771s (build: 15m59.829785444s, test: 5m19.528625255s) the crash still happens on HEAD commit msg: Linux 4.14.213 crash: BUG: unable to handle kernel NULL pointer dereference in vb2_vmalloc_put bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 IP: refcount_dec_and_test arch/x86/include/asm/refcount.h:75 [inline] IP: vb2_vmalloc_put+0x5/0x50 drivers/media/v4l2-core/videobuf2-vmalloc.c:68 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready PGD 1e1674067 P4D 1e1674067 PUD 1e158d067 PMD 0 Oops: 0002 [#1] PREEMPT SMP KASAN Modules linked in: 8021q: adding VLAN 0 to HW filter on device bond0 CPU: 1 PID: 6596 Comm: syz-executor.2 Not tainted 4.14.213-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8881e053c680 task.stack: ffff8881e0468000 RIP: 0010:refcount_dec_and_test arch/x86/include/asm/refcount.h:75 [inline] RIP: 0010:vb2_vmalloc_put+0x5/0x50 drivers/media/v4l2-core/videobuf2-vmalloc.c:68 RSP: 0018:ffff8881e046fc00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff1103c0a79ea RDX: ffffffff843469c0 RSI: ffff8881e053cf30 RDI: 0000000000000000 RBP: ffff8881e046fc08 R08: ffff8881e053cf50 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881e03490c0 R13: dffffc0000000000 R14: ffff8881e03490d4 R15: 0000000000000000 FS: 0000000000fa9940(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready CR2: 0000000000000020 CR3: 00000001e090c001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __vb2_buf_mem_free+0xf0/0x1c0 drivers/media/v4l2-core/videobuf2-core.c:240 __vb2_free_mem drivers/media/v4l2-core/videobuf2-core.c:409 [inline] __vb2_queue_free+0x57a/0x770 drivers/media/v4l2-core/videobuf2-core.c:454 vb2_core_queue_release+0x57/0x70 drivers/media/v4l2-core/videobuf2-core.c:2043 vb2_queue_release drivers/media/v4l2-core/videobuf2-v4l2.c:669 [inline] _vb2_fop_release+0x1ac/0x280 drivers/media/v4l2-core/videobuf2-v4l2.c:840 vb2_fop_release+0x66/0xd0 drivers/media/v4l2-core/videobuf2-v4l2.c:854 vivid_fop_release+0x15f/0x3a0 drivers/media/platform/vivid/vivid-core.c:486 v4l2_release+0xeb/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:446 __fput+0x232/0x750 fs/file_table.c:210 ____fput+0x9/0x10 fs/file_table.c:244 task_work_run+0xe5/0x170 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x16a/0x1b0 arch/x86/entry/common.c:164 IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x416/0x5b0 arch/x86/entry/common.c:297 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x414211 RSP: 002b:00007fffc8cc7cd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414211 RDX: 0000001b30120000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007fffc8cc7db0 R11: 0000000000000293 R12: 000000000075bf20 R13: 000000000000a36e R14: 0000000000760810 R15: 000000000075bf2c Code: e8 31 08 50 fd e9 ec fc ff ff e8 a7 08 50 fd e9 f1 fe ff ff e8 bd 08 50 fd e9 11 ff ff ff 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 ff 4f 20 0f 88 a6 64 fc 01 74 03 5b 5d c3 48 b8 00 00 00 00 RIP: refcount_dec_and_test arch/x86/include/asm/refcount.h:75 [inline] RSP: ffff8881e046fc00 RIP: vb2_vmalloc_put+0x5/0x50 drivers/media/v4l2-core/videobuf2-vmalloc.c:68 RSP: ffff8881e046fc00 CR2: 0000000000000020 ---[ end trace c838d1d62e1ffd4d ]--- 8021q: adding VLAN 0 to HW filter on device team0