[ 36.718933] audit: type=1800 audit(1560706534.156:33): pid=6984 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 36.752456] audit: type=1800 audit(1560706534.156:34): pid=6984 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.532059] random: sshd: uninitialized urandom read (32 bytes read) [ 42.874958] audit: type=1400 audit(1560706540.316:35): avc: denied { map } for pid=7155 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.927913] random: sshd: uninitialized urandom read (32 bytes read) [ 43.568282] random: sshd: uninitialized urandom read (32 bytes read) [ 43.783061] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. [ 49.280903] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 49.409735] audit: type=1400 audit(1560706546.846:36): avc: denied { map } for pid=7167 comm="syz-executor616" path="/root/syz-executor616305185" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.090372] hrtimer: interrupt took 26389 ns executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 65.016797] oom_reaper: reaped process 7175 (syz-executor616), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 65.038193] rsyslogd invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 65.051303] rsyslogd cpuset=/ mems_allowed=0-1 [ 65.056689] CPU: 0 PID: 7022 Comm: rsyslogd Not tainted 4.14.126 #20 [ 65.063209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.072695] Call Trace: [ 65.075363] dump_stack+0x138/0x19c [ 65.079043] dump_header+0x177/0x5e8 [ 65.082829] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 65.088056] ? ___ratelimit+0x55/0x537 [ 65.091970] oom_kill_process.cold+0x10/0x9fa [ 65.096486] ? oom_unkillable_task+0x294/0x390 [ 65.101105] ? lock_downgrade+0x6e0/0x6e0 [ 65.105290] out_of_memory+0x7f4/0x1150 [ 65.109288] ? lock_acquire+0x16f/0x430 [ 65.113345] ? oom_killer_disable+0x1d0/0x1d0 [ 65.117837] ? __alloc_pages_slowpath+0xca4/0x2930 [ 65.122779] __alloc_pages_slowpath+0x2251/0x2930 [ 65.127635] ? __alloc_pages_nodemask+0x639/0x7a0 [ 65.132472] ? warn_alloc+0xf0/0xf0 [ 65.136130] ? __might_sleep+0x93/0xb0 [ 65.140013] __alloc_pages_nodemask+0x62c/0x7a0 [ 65.144713] ? __alloc_pages_slowpath+0x2930/0x2930 [ 65.149728] ? lock_downgrade+0x6e0/0x6e0 [ 65.153879] ? find_get_entry+0x23c/0x520 [ 65.158036] alloc_pages_current+0xec/0x1e0 [ 65.162382] __page_cache_alloc+0x248/0x3e0 [ 65.166702] filemap_fault+0xcc9/0x19a0 [ 65.170663] ? radix_tree_next_chunk+0x43e/0x9a0 [ 65.175448] ? __lock_page_or_retry+0x8d0/0x8d0 [ 65.180172] ? lock_acquire+0x16f/0x430 [ 65.184179] ? ext4_filemap_fault+0x7b/0xb0 [ 65.188518] ext4_filemap_fault+0x83/0xb0 [ 65.192659] __do_fault+0x104/0x390 [ 65.196271] __handle_mm_fault+0x2460/0x3470 [ 65.200762] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 65.205511] ? find_held_lock+0x35/0x130 [ 65.209565] ? handle_mm_fault+0x1b6/0x7c0 [ 65.213822] handle_mm_fault+0x293/0x7c0 [ 65.217907] __do_page_fault+0x4c1/0xb80 [ 65.221972] ? vmalloc_fault+0xe30/0xe30 [ 65.226058] ? page_fault+0x2f/0x50 [ 65.229679] do_page_fault+0x71/0x511 [ 65.233464] ? page_fault+0x2f/0x50 [ 65.237072] page_fault+0x45/0x50 [ 65.240524] RIP: 0033:0x7f44c5ac71fd [ 65.244225] RSP: 002b:00007f44c3066e30 EFLAGS: 00010293 [ 65.249592] RAX: 0000000000000073 RBX: 0000000001782170 RCX: 00007f44c5ac71fd [ 65.256854] RDX: 0000000000000fff RSI: 00007f44c489b5a0 RDI: 0000000000000004 [ 65.264151] RBP: 0000000000000000 R08: 000000000176d260 R09: 0000000004000001 [ 65.271411] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 65.278675] R13: 00007f44c30679c0 R14: 00007f44c610c040 R15: 0000000000000003 [ 65.294729] Mem-Info: [ 65.297217] active_anon:3995 inactive_anon:194 isolated_anon:0 [ 65.297217] active_file:41 inactive_file:0 isolated_file:0 [ 65.297217] unevictable:0 dirty:0 writeback:0 unstable:0 [ 65.297217] slab_reclaimable:11889 slab_unreclaimable:93127 [ 65.297217] mapped:2 shmem:242 pagetables:361 bounce:0 [ 65.297217] free:13839 free_pcp:60 free_cma:0 [ 65.332593] Node 0 active_anon:15948kB inactive_anon:776kB active_file:160kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 65.354692] syz-executor616: vmalloc: allocation failure, allocated 1449553920 of 1512972288 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 65.362373] Node 1 active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 65.377906] syz-executor616 cpuset= [ 65.402705] Node 0 [ 65.404853] / [ 65.406380] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 65.406386] lowmem_reserve[]: 0 2580 2580 [ 65.408739] mems_allowed=0-1 [ 65.408754] CPU: 1 PID: 7175 Comm: syz-executor616 Not tainted 4.14.126 #20 [ 65.410504] 2580 [ 65.436076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.436082] Call Trace: [ 65.436108] dump_stack+0x138/0x19c [ 65.436121] warn_alloc.cold+0x96/0x1af [ 65.436135] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 65.436142] ? __alloc_pages_slowpath+0x2930/0x2930 [ 65.436163] __vmalloc_node_range+0x465/0x6a0 [ 65.443508] ? vb2_vmalloc_attach_dmabuf+0x150/0x150 [ 65.450620] Node 0 [ 65.452636] vmalloc_user+0x47/0x110 [ 65.462056] DMA32 free:18232kB min:36468kB low:45584kB high:54700kB active_anon:15948kB inactive_anon:776kB active_file:76kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2644912kB mlocked:0kB kernel_stack:6080kB pagetables:1444kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 65.464588] ? vb2_vmalloc_alloc+0xce/0x270 [ 65.468194] lowmem_reserve[]: [ 65.472184] vb2_vmalloc_alloc+0xce/0x270 [ 65.472196] __vb2_queue_alloc+0x48d/0xdb0 [ 65.472213] vb2_core_create_bufs+0x2c3/0x640 [ 65.472236] ? vim2m_start_streaming+0xe0/0xe0 [ 65.472247] ? __vb2_queue_alloc+0xdb0/0xdb0 [ 65.477098] 0 [ 65.482154] ? trace_hardirqs_on+0x10/0x10 [ 65.482161] ? save_trace+0x290/0x290 [ 65.482168] ? __lock_acquire+0x5f9/0x45e0 [ 65.482177] ? __kmalloc_node+0x51/0x80 [ 65.482184] ? kvmalloc_node+0x4e/0xe0 [ 65.482197] vb2_create_bufs+0x33d/0x640 [ 65.482211] ? vb2_thread_start.cold+0x27/0x27 [ 65.486721] 0 [ 65.491853] ? trace_hardirqs_on+0x10/0x10 [ 65.491861] ? save_trace+0x290/0x290 [ 65.491874] v4l2_m2m_create_bufs+0x5d/0x90 [ 65.491884] v4l2_m2m_ioctl_create_bufs+0x6b/0x80 [ 65.491893] v4l_create_bufs+0x11e/0x1f0 [ 65.491903] ? __might_fault+0x110/0x1d0 [ 65.491913] __video_do_ioctl+0x6eb/0x740 [ 65.494158] 0 [ 65.497901] ? video_ioctl2+0x40/0x40 [ 65.525809] 0 [ 65.530219] ? kasan_check_write+0x14/0x20 [ 65.530254] ? _copy_from_user+0x99/0x110 [ 65.530268] video_usercopy+0x3d3/0xf20 [ 65.537755] ? video_ioctl2+0x40/0x40 [ 65.542087] Node 0 [ 65.546728] ? v4l_g_priority+0xa0/0xa0 [ 65.551660] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 65.556040] ? mutex_trylock+0x1c0/0x1c0 [ 65.557845] lowmem_reserve[]: [ 65.562105] video_ioctl2+0x2d/0x40 [ 65.562116] v4l2_ioctl+0x1c0/0x300 [ 65.562123] ? v4l2_open+0x300/0x300 [ 65.562147] do_vfs_ioctl+0x7ae/0x1060 [ 65.562174] ? selinux_file_mprotect+0x5d0/0x5d0 [ 65.565970] 0 [ 65.570242] ? ioctl_preallocate+0x1c0/0x1c0 [ 65.570252] ? lock_downgrade+0x6e0/0x6e0 [ 65.570283] ? security_file_ioctl+0x7d/0xb0 [ 65.570293] ? security_file_ioctl+0x89/0xb0 [ 65.574272] 0 [ 65.578176] SyS_ioctl+0x8f/0xc0 [ 65.582297] 0 [ 65.586827] ? do_vfs_ioctl+0x1060/0x1060 [ 65.588610] 0 [ 65.588621] Node 1 [ 65.592879] do_syscall_64+0x1e8/0x640 [ 65.592888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 65.592903] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 65.592913] RIP: 0033:0x442b19 [ 65.596722] Normal free:26696kB min:53420kB low:66772kB high:80124kB active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 65.601028] RSP: 002b:00007ffce8a4b288 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.601038] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442b19 [ 65.601043] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 65.601047] RBP: 0000000000000000 R08: 0000000000403920 R09: 0000000000403920 [ 65.601051] R10: 0000000000403920 R11: 0000000000000246 R12: 0000000000403890 [ 65.601056] R13: 0000000000403920 R14: 0000000000000000 R15: 0000000000000000 [ 65.606490] Mem-Info: [ 65.609959] lowmem_reserve[]: [ 65.614096] active_anon:3995 inactive_anon:194 isolated_anon:0 [ 65.614096] active_file:20 inactive_file:24 isolated_file:0 [ 65.614096] unevictable:0 dirty:0 writeback:0 unstable:0 [ 65.614096] slab_reclaimable:11889 slab_unreclaimable:93127 [ 65.614096] mapped:2 shmem:242 pagetables:361 bounce:0 [ 65.614096] free:13839 free_pcp:60 free_cma:0 [ 65.614111] Node 0 active_anon:15948kB inactive_anon:776kB active_file:76kB inactive_file:92kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 65.614123] Node 1 active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 65.614127] Node 0 DMA free:10428kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 65.614144] lowmem_reserve[]: 0 2580 2580 2580 [ 65.614160] Node 0 DMA32 free:18232kB min:36468kB low:45584kB high:54700kB active_anon:15948kB inactive_anon:776kB active_file:76kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2644912kB mlocked:0kB kernel_stack:6080kB pagetables:1444kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 65.614178] lowmem_reserve[]: [ 65.621584] 0 [ 65.628562] 0 [ 65.631745] 0 [ 65.634478] 0 [ 65.638448] 0 0 [ 65.646678] 0 [ 65.648521] Node 0 [ 65.677925] 0 [ 65.683830] DMA: [ 65.688421] 1*4kB [ 65.696506] Node 0 [ 65.703798] (U) [ 65.707199] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 65.711585] 1*8kB (U) 1*16kB (U) 1*32kB (U) 0*64kB 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) [ 65.720696] lowmem_reserve[]: [ 65.725057] 2*4096kB [ 65.725710] 0 [ 65.727507] (M) = 10428kB [ 65.735302] 0 [ 65.735766] Node 0 [ 65.739655] 0 [ 65.747637] DMA32: [ 65.753840] 0 [ 65.783365] 558*4kB [ 65.795690] (UME) [ 65.804709] Node 1 [ 65.813252] 444*8kB [ 65.819491] Normal free:26696kB min:53420kB low:66772kB high:80124kB active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 65.825223] (UME) 212*16kB [ 65.832630] lowmem_reserve[]: [ 65.872700] (UME) [ 65.904326] 0 [ 65.925367] 115*32kB [ 65.956097] 0 [ 65.984997] (UME) [ 65.992518] 0 [ 65.993833] 56*64kB [ 65.995801] 0 [ 65.997589] (UME) [ 66.001667] 14*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB [ 66.006853] Node 0 [ 66.008122] 0*4096kB = 18232kB [ 66.013022] DMA: [ 66.036494] Node 0 [ 66.050670] 1*4kB [ 66.053225] Normal: [ 66.054534] (U) [ 66.056333] 0*4kB [ 66.058568] 1*8kB (U) [ 66.060416] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 66.060455] Node 1 Normal: 8*4kB (UME) 5*8kB [ 66.068428] 1*16kB [ 66.069132] (ME) [ 66.071408] (U) 1*32kB (U) 0*64kB 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) [ 66.075445] 4*16kB [ 66.106690] 2*4096kB [ 66.108555] (ME) [ 66.109289] (M) [ 66.111130] 4*32kB [ 66.113531] = 10428kB [ 66.115321] (ME) [ 66.117465] Node 0 [ 66.119253] 3*64kB (UME) [ 66.127225] DMA32: [ 66.133270] 1*128kB [ 66.134066] 558*4kB [ 66.137252] (E) 2*256kB [ 66.139318] (UME) [ 66.141627] (UM) 2*512kB (UE) 2*1024kB (ME) 5*2048kB (UME) 3*4096kB (M) = 26696kB [ 66.141666] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 66.141673] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 66.141679] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 66.141685] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 66.141689] 274 total pagecache pages [ 66.141702] 0 pages in swap cache [ 66.149794] 444*8kB [ 66.151737] Swap cache stats: add 0, delete 0, find 0/0 [ 66.152826] (UME) [ 66.161769] Free swap = 0kB [ 66.161775] Total swap = 0kB [ 66.161782] 1965979 pages RAM [ 66.161785] 0 pages HighMem/MovableOnly [ 66.161789] 333222 pages reserved [ 66.161793] 0 pages cma reserved [ 66.161802] Out of memory: Kill process 7190 (syz-executor616) score 999 or sacrifice child [ 66.162344] Killed process 7190 (syz-executor616) total-vm:17532kB, anon-rss:44kB, file-rss:0kB, shmem-rss:0kB [ 66.172366] 212*16kB [ 66.230699] syz-executor616 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask= [ 66.240455] (UME) [ 66.275184] (null) [ 66.280656] 115*32kB [ 66.283611] , order=0, oom_score_adj=0 [ 66.284728] (UME) [ 66.288184] syz-executor616 cpuset= [ 66.293133] 56*64kB [ 66.304349] / [ 66.313323] (UME) [ 66.327707] mems_allowed=0-1 [ 66.327844] 14*128kB [ 66.330548] CPU: 0 PID: 7169 Comm: syz-executor616 Not tainted 4.14.126 #20 [ 66.337646] (UM) [ 66.340212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.340217] Call Trace: [ 66.340242] dump_stack+0x138/0x19c [ 66.340256] dump_header+0x177/0x5e8 [ 66.340265] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 66.340274] ? ___ratelimit+0x55/0x537 [ 66.340284] oom_kill_process.cold+0x10/0x9fa [ 66.340294] ? oom_unkillable_task+0x294/0x390 [ 66.342632] 0*256kB [ 66.344358] ? lock_downgrade+0x6e0/0x6e0 [ 66.346488] 0*512kB [ 66.349606] out_of_memory+0x7f4/0x1150 [ 66.355062] 0*1024kB [ 66.359146] ? lock_acquire+0x16f/0x430 [ 66.361993] 0*2048kB [ 66.371024] ? oom_killer_disable+0x1d0/0x1d0 [ 66.371033] ? __alloc_pages_slowpath+0xca4/0x2930 [ 66.371041] __alloc_pages_slowpath+0x2251/0x2930 [ 66.371055] ? __alloc_pages_nodemask+0x639/0x7a0 [ 66.371068] ? warn_alloc+0xf0/0xf0 [ 66.371084] ? __might_sleep+0x93/0xb0 [ 66.371093] __alloc_pages_nodemask+0x62c/0x7a0 [ 66.371102] ? __alloc_pages_slowpath+0x2930/0x2930 [ 66.371118] ? lock_downgrade+0x6e0/0x6e0 [ 66.371129] ? find_get_entry+0x23c/0x520 [ 66.371140] alloc_pages_current+0xec/0x1e0 [ 66.371151] __page_cache_alloc+0x248/0x3e0 [ 66.377102] 0*4096kB [ 66.377566] filemap_fault+0xcc9/0x19a0 [ 66.381794] = 18232kB [ 66.386851] ? __lock_page_or_retry+0x8d0/0x8d0 [ 66.393932] Node 0 [ 66.395246] ? lock_acquire+0x16f/0x430 [ 66.399829] Normal: [ 66.402160] ? ext4_filemap_fault+0x7b/0xb0 [ 66.402174] ext4_filemap_fault+0x83/0xb0 [ 66.402186] __do_fault+0x104/0x390 [ 66.402194] __handle_mm_fault+0x2460/0x3470 [ 66.402204] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 66.402214] ? find_held_lock+0x35/0x130 [ 66.402221] ? handle_mm_fault+0x1b6/0x7c0 [ 66.402239] handle_mm_fault+0x293/0x7c0 [ 66.406382] 0*4kB [ 66.408712] __do_page_fault+0x4c1/0xb80 [ 66.415855] 0*8kB [ 66.419161] ? vmalloc_fault+0xe30/0xe30 [ 66.421652] 0*16kB [ 66.426095] ? page_fault+0x2f/0x50 [ 66.434392] 0*32kB [ 66.436258] do_page_fault+0x71/0x511 [ 66.441193] 0*64kB [ 66.444898] ? page_fault+0x2f/0x50 [ 66.448792] 0*128kB [ 66.453505] page_fault+0x45/0x50 [ 66.453515] RIP: 0033:0x4413b0 [ 66.453519] RSP: 002b:00007ffce8a4b278 EFLAGS: 00010246 [ 66.453526] RAX: 0000000000000000 RBX: 0000000000001c1a RCX: 00000000004413b0 [ 66.453530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffce8a4b280 [ 66.453534] RBP: 000000000000fca7 R08: 0000000000001c01 R09: 00000000017dd940 [ 66.453538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403890 [ 66.453541] R13: 0000000000403920 R14: 0000000000000000 R15: 0000000000000000 [ 66.459241] Mem-Info: [ 66.464551] 0*256kB [ 66.467225] active_anon:3995 inactive_anon:194 isolated_anon:0 [ 66.467225] active_file:16 inactive_file:16 isolated_file:0 [ 66.467225] unevictable:0 dirty:0 writeback:0 unstable:0 [ 66.467225] slab_reclaimable:11889 slab_unreclaimable:93127 [ 66.467225] mapped:2 shmem:242 pagetables:361 bounce:0 [ 66.467225] free:13839 free_pcp:76 free_cma:0 [ 66.471701] 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 66.471728] Node 1 Normal: 8*4kB (UME) 5*8kB (ME) 4*16kB (ME) 4*32kB (ME) 3*64kB (UME) [ 66.481875] Node 0 active_anon:15948kB inactive_anon:776kB active_file:60kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 66.483999] 1*128kB [ 66.484917] Node 1 active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 66.489575] (E) 2*256kB [ 66.497512] Node 0 [ 66.498932] (UM) [ 66.502669] DMA free:10428kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 66.502673] lowmem_reserve[]: 0 2580 2580 2580 [ 66.502690] Node 0 DMA32 free:18232kB min:36468kB low:45584kB high:54700kB active_anon:15948kB inactive_anon:776kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2644912kB mlocked:0kB kernel_stack:6048kB pagetables:1444kB bounce:0kB free_pcp:184kB local_pcp:64kB free_cma:0kB [ 66.508429] 2*512kB [ 66.510527] lowmem_reserve[]: 0 0 [ 66.514952] (UE) [ 66.519720] 0 [ 66.525442] 2*1024kB [ 66.533819] 0 [ 66.534440] (ME) [ 66.542251] 5*2048kB [ 66.547794] Node 0 [ 66.550885] (UME) 3*4096kB (M) = 26696kB [ 66.550906] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 66.550912] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 66.550920] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 66.556049] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 66.556954] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 66.559182] lowmem_reserve[]: 0 [ 66.564354] 274 total pagecache pages [ 66.568120] 0 [ 66.568692] 0 pages in swap cache [ 66.574673] 0 [ 66.577299] Swap cache stats: add 0, delete 0, find 0/0 [ 66.587546] 0 [ 66.593578] Free swap = 0kB [ 66.606709] Total swap = 0kB [ 66.619900] Node 1 [ 66.653629] 1965979 pages RAM [ 66.661907] Normal free:26696kB min:53420kB low:66772kB high:80124kB active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 66.664817] 0 pages HighMem/MovableOnly [ 66.696087] lowmem_reserve[]: [ 66.721378] 333222 pages reserved [ 66.727961] 0 [ 66.753988] 0 pages cma reserved [ 66.762689] 0 0 0 [ 66.953965] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 0*64kB 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10428kB [ 66.967409] Node 0 DMA32: 558*4kB (UME) 444*8kB (UME) 212*16kB (UME) 116*32kB (UME) 56*64kB (UME) 14*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18264kB [ 66.983895] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 66.994703] Node 1 Normal: 8*4kB (UME) 5*8kB (ME) 4*16kB (ME) 4*32kB (ME) 3*64kB (UME) 1*128kB (E) 2*256kB (UM) 2*512kB (UE) 2*1024kB (ME) 5*2048kB (UME) 3*4096kB (M) = 26696kB [ 67.012232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 67.021160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 67.029849] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 67.040275] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 67.048874] 274 total pagecache pages [ 67.052871] 0 pages in swap cache [ 67.056329] Swap cache stats: add 0, delete 0, find 0/0 [ 67.064624] Free swap = 0kB [ 67.067649] Total swap = 0kB [ 67.070729] 1965979 pages RAM [ 67.073836] 0 pages HighMem/MovableOnly [ 67.077802] 333222 pages reserved [ 67.084186] 0 pages cma reserved [ 67.087564] Out of memory: Kill process 7191 (syz-executor616) score 999 or sacrifice child [ 67.096177] Killed process 7191 (syz-executor616) total-vm:17532kB, anon-rss:44kB, file-rss:0kB, shmem-rss:0kB [ 67.125350] syz-executor616 invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 67.141609] syz-executor616 cpuset=/ mems_allowed=0-1 [ 67.146866] CPU: 0 PID: 7169 Comm: syz-executor616 Not tainted 4.14.126 #20 [ 67.153993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.163363] Call Trace: [ 67.165972] dump_stack+0x138/0x19c [ 67.169619] dump_header+0x177/0x5e8 [ 67.173344] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 67.178825] ? ___ratelimit+0x55/0x537 [ 67.182734] oom_kill_process.cold+0x10/0x9fa [ 67.187267] ? oom_unkillable_task+0x294/0x390 [ 67.191872] ? lock_downgrade+0x6e0/0x6e0 [ 67.196433] out_of_memory+0x7f4/0x1150 [ 67.200668] ? lock_acquire+0x16f/0x430 [ 67.204650] ? oom_killer_disable+0x1d0/0x1d0 [ 67.209154] ? __alloc_pages_slowpath+0xca4/0x2930 [ 67.214095] __alloc_pages_slowpath+0x2251/0x2930 [ 67.218953] ? __alloc_pages_nodemask+0x639/0x7a0 [ 67.223795] ? warn_alloc+0xf0/0xf0 [ 67.227424] ? __might_sleep+0x93/0xb0 [ 67.231355] __alloc_pages_nodemask+0x62c/0x7a0 [ 67.236025] ? __alloc_pages_slowpath+0x2930/0x2930 [ 67.241047] ? lock_downgrade+0x6e0/0x6e0 [ 67.245201] ? find_get_entry+0x23c/0x520 [ 67.249348] alloc_pages_current+0xec/0x1e0 [ 67.253673] __page_cache_alloc+0x248/0x3e0 [ 67.257994] filemap_fault+0xcc9/0x19a0 [ 67.261984] ? __lock_page_or_retry+0x8d0/0x8d0 [ 67.266654] ? lock_acquire+0x16f/0x430 [ 67.270628] ? ext4_filemap_fault+0x7b/0xb0 [ 67.275388] ext4_filemap_fault+0x83/0xb0 [ 67.279532] __do_fault+0x104/0x390 [ 67.283162] __handle_mm_fault+0x2460/0x3470 [ 67.287578] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 67.292349] ? find_held_lock+0x35/0x130 [ 67.296499] ? handle_mm_fault+0x1b6/0x7c0 [ 67.300754] handle_mm_fault+0x293/0x7c0 [ 67.304818] __do_page_fault+0x4c1/0xb80 [ 67.308882] ? vmalloc_fault+0xe30/0xe30 [ 67.312949] ? page_fault+0x2f/0x50 [ 67.316577] do_page_fault+0x71/0x511 [ 67.320397] ? page_fault+0x2f/0x50 [ 67.324040] page_fault+0x45/0x50 [ 67.327490] RIP: 0033:0x4413b0 [ 67.330675] RSP: 002b:00007ffce8a4b278 EFLAGS: 00010246 [ 67.336059] RAX: 0000000000000000 RBX: 0000000000001c1a RCX: 00000000004413b0 [ 67.343436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffce8a4b280 [ 67.350707] RBP: 000000000000fca7 R08: 0000000000001c01 R09: 00000000017dd940 [ 67.358073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403890 [ 67.365344] R13: 0000000000403920 R14: 0000000000000000 R15: 0000000000000000 [ 67.379032] Mem-Info: [ 67.381611] active_anon:3988 inactive_anon:194 isolated_anon:0 [ 67.381611] active_file:28 inactive_file:0 isolated_file:0 [ 67.381611] unevictable:0 dirty:0 writeback:0 unstable:0 [ 67.381611] slab_reclaimable:11887 slab_unreclaimable:93125 [ 67.381611] mapped:2 shmem:242 pagetables:356 bounce:0 [ 67.381611] free:15099 free_pcp:226 free_cma:0 [ 67.415766] Node 0 active_anon:15920kB inactive_anon:776kB active_file:108kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 67.444386] Node 1 active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:204kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 67.471406] Node 0 DMA free:10428kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 67.500197] lowmem_reserve[]: 0 2580 2580 2580 [ 67.505415] Node 0 DMA32 free:22564kB min:36468kB low:45584kB high:54700kB active_anon:15920kB inactive_anon:776kB active_file:108kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2644912kB mlocked:0kB kernel_stack:6016kB pagetables:1424kB bounce:0kB free_pcp:876kB local_pcp:180kB free_cma:0kB [ 67.535716] lowmem_reserve[]: 0 0 0 0 [ 67.540513] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 67.566836] lowmem_reserve[]: 0 0 0 0 [ 67.570859] Node 1 Normal free:350416kB min:53420kB low:66772kB high:80124kB active_anon:32kB inactive_anon:0kB active_file:4kB inactive_file:1204kB unevictable:0kB writepending:0kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:768kB local_pcp:100kB free_cma:0kB [ 67.601278] lowmem_reserve[]: 0 0 0 0 [ 67.606311] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 0*64kB 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10428kB [ 67.619989] Node 0 DMA32: 758*4kB (UME) 522*8kB (UME) 228*16kB (UME) 135*32kB (UME) 61*64kB (UME) 17*128kB (UM) 3*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 22536kB [ 67.637192] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 67.649005] Node 1 Normal: 19*4kB (UE) 18*8kB (UME) 14*16kB (UE) 18*32kB (UME) 15*64kB (UE) 14*128kB (UE) 13*256kB (U) 13*512kB (UE) 12*1024kB (UME) 14*2048kB (UME) 104*4096kB (UM) = 480700kB [ 67.666962] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB executing program executing program [ 67.676836] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 67.689390] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 67.698647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 67.707718] 940 total pagecache pages [ 67.711762] 0 pages in swap cache [ 67.715345] Swap cache stats: add 0, delete 0, find 0/0 [ 67.720959] Free swap = 0kB [ 67.724136] Total swap = 0kB [ 67.727278] 1965979 pages RAM [ 67.730724] 0 pages HighMem/MovableOnly [ 67.734843] 333222 pages reserved [ 67.738417] 0 pages cma reserved [ 67.742084] Out of memory: Kill process 7192 (syz-executor616) score 999 or sacrifice child [ 67.750862] Killed process 7192 (syz-executor616) total-vm:17532kB, anon-rss:44kB, file-rss:0kB, shmem-rss:0kB executing program [ 67.780286] oom_reaper: reaped process 7192 (syz-executor616), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 68.055676] kasan: CONFIG_KASAN_INLINE enabled [ 68.061052] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 68.068446] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 68.074679] Modules linked in: [ 68.077967] CPU: 1 PID: 7175 Comm: syz-executor616 Not tainted 4.14.126 #20 [ 68.085068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.094429] task: ffff8880928b21c0 task.stack: ffff888093af8000 [ 68.100502] RIP: 0010:vb2_vmalloc_put_userptr+0x6e/0x210 [ 68.105947] RSP: 0018:ffff888093aff870 EFLAGS: 00010202 [ 68.111333] RAX: dffffc0000000000 RBX: ffffc90005e2d000 RCX: 1ffffffff0da7224 [ 68.118597] RDX: 0000000000000001 RSI: ffff8880a5d86d54 RDI: 0000000000000009 [ 68.125872] RBP: ffff888093aff898 R08: dffffc0000000000 R09: ffffffff88c94d58 [ 68.133231] R10: ffff888093aff928 R11: ffff8880928b21c0 R12: ffff888092c83a00 [ 68.140507] R13: 0000000000000000 R14: ffff888092c83a00 R15: ffff888092c83a08 [ 68.147784] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 68.156020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.161904] CR2: 00000000200001c0 CR3: 000000000766a000 CR4: 00000000001406e0 [ 68.169186] Call Trace: [ 68.171792] __vb2_queue_free+0x3a8/0x7d0 [ 68.175962] ? vb2_vmalloc_detach_dmabuf+0x90/0x90 [ 68.181002] ? vidioc_querycap+0xd0/0xd0 [ 68.185072] ? dev_debug_store+0xe0/0xe0 [ 68.189147] vb2_core_queue_release+0x64/0x80 [ 68.193663] vb2_queue_release+0x16/0x20 [ 68.197743] v4l2_m2m_ctx_release+0x2d/0x40 [ 68.202083] vim2m_release+0xde/0x130 [ 68.205898] v4l2_release+0xf9/0x190 [ 68.209731] __fput+0x275/0x7a0 [ 68.213044] ____fput+0x16/0x20 [ 68.216335] task_work_run+0x114/0x190 [ 68.220263] do_exit+0x7df/0x2c10 [ 68.223736] ? find_held_lock+0x35/0x130 [ 68.227812] ? mm_update_next_owner+0x5d0/0x5d0 [ 68.232499] do_group_exit+0x111/0x330 [ 68.236424] get_signal+0x381/0x1cd0 [ 68.240158] ? wake_up_q+0x95/0xf0 [ 68.243747] do_signal+0x86/0x19a0 [ 68.247299] ? mutex_unlock+0xd/0x10 [ 68.251018] ? setup_sigcontext+0x7d0/0x7d0 [ 68.255347] ? v4l2_open+0x300/0x300 [ 68.259067] ? do_vfs_ioctl+0xef/0x1060 [ 68.263398] ? selinux_file_mprotect+0x5d0/0x5d0 [ 68.268163] ? ioctl_preallocate+0x1c0/0x1c0 [ 68.272584] ? lock_downgrade+0x6e0/0x6e0 [ 68.276755] ? exit_to_usermode_loop+0x3d/0x220 [ 68.281439] exit_to_usermode_loop+0x15c/0x220 [ 68.286033] do_syscall_64+0x4bc/0x640 [ 68.289951] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 68.294808] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 68.299999] RIP: 0033:0x442b19 [ 68.303210] RSP: 002b:00007ffce8a4b288 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.310916] RAX: fffffffffffffff2 RBX: 0000000000000000 RCX: 0000000000442b19 [ 68.318191] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000004 [ 68.325477] RBP: 0000000000000000 R08: 0000000000403920 R09: 0000000000403920 [ 68.332754] R10: 0000000000403920 R11: 0000000000000246 R12: 0000000000403890 [ 68.340048] R13: 0000000000403920 R14: 0000000000000000 R15: 0000000000000000 [ 68.347375] Code: 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 8d 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 6c 24 08 49 8d 7d 09 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 3c 01 00 [ 68.367131] RIP: vb2_vmalloc_put_userptr+0x6e/0x210 RSP: ffff888093aff870 [ 68.374477] ---[ end trace 94464bb8bd2b03b2 ]--- [ 68.379252] Kernel panic - not syncing: Fatal exception [ 68.385801] Kernel Offset: disabled [ 68.389476] Rebooting in 86400 seconds..