[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 31.249469] kauditd_printk_skb: 8 callbacks suppressed [ 31.249481] audit: type=1800 audit(1541995470.317:29): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 31.283594] audit: type=1800 audit(1541995470.317:30): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 32.084083] sshd (6081) used greatest stack depth: 15744 bytes left Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 38.760847] kasan: CONFIG_KASAN_INLINE enabled [ 38.777234] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 38.789573] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 38.795852] CPU: 0 PID: 6154 Comm: syz-executor218 Not tainted 4.20.0-rc1+ #110 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.803321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.812709] RIP: 0010:vb2_mmap+0x23c/0x6f0 [ 38.816956] Code: 80 3c 10 00 0f 85 1b 04 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 45 b8 48 8b 00 48 8d 78 14 48 89 45 d0 48 89 f8 48 c1 e8 03 <0f> b6 14 08 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 fa [ 38.835874] RSP: 0018:ffff8881d1cd77d0 EFLAGS: 00010203 [ 38.841259] RAX: 0000000000000002 RBX: 000000000000000a RCX: dffffc0000000000 [ 38.848537] RDX: dffffc0000000000 RSI: ffffffff854ccb60 RDI: 0000000000000014 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.855819] RBP: ffff8881d1cd7820 R08: ffff8881bc6766c0 R09: ffffed1039710b5e [ 38.863106] R10: ffffed1039710b5e R11: ffff8881cb885af7 R12: 0000000000000000 [ 38.870384] R13: 0000000000000001 R14: 0000000020a00000 R15: ffff8881cac67268 [ 38.877671] FS: 000000000172e880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 38.885906] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.891803] CR2: 00000000006cf090 CR3: 00000001bcb2b000 CR4: 00000000001406f0 [ 38.899083] Call Trace: [ 38.901692] ? vb2_poll+0x1d0/0x1d0 [ 38.905338] vb2_fop_mmap+0x4b/0x70 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.908990] v4l2_mmap+0x153/0x200 [ 38.912551] mmap_region+0xe85/0x1cd0 [ 38.916420] ? __x64_sys_brk+0x8b0/0x8b0 [ 38.920518] ? smack_task_getsecid+0x1e6/0x3c0 [ 38.925125] ? lock_downgrade+0x900/0x900 [ 38.929285] ? check_preemption_disabled+0x48/0x280 [ 38.934315] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 38.939257] ? kasan_check_read+0x11/0x20 [ 38.943414] ? mpx_unmapped_area_check+0xd8/0x108 [ 38.948275] ? arch_get_unmapped_area+0x750/0x750 [ 38.953131] ? lock_acquire+0x1ed/0x520 [ 38.957120] ? __sanitizer_cov_trace_cmp8+0x18/0x20 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 38.962155] ? cap_mmap_addr+0x52/0x130 [ 38.966148] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.971724] ? security_mmap_addr+0x80/0xa0 [ 38.976074] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.981625] ? get_unmapped_area+0x292/0x3b0 [ 38.986071] do_mmap+0xa22/0x1230 [ 38.989587] ? mmap_region+0x1cd0/0x1cd0 [ 38.993669] ? vm_mmap_pgoff+0x1b5/0x2c0 [ 38.997747] ? down_read_killable+0x150/0x150 [ 39.002257] ? security_mmap_file+0x174/0x1b0 [ 39.006765] vm_mmap_pgoff+0x213/0x2c0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.010674] ? vma_is_stack_for_current+0xd0/0xd0 [ 39.015553] ? smk_curacc+0x7f/0xa0 [ 39.019192] ? fget_raw+0x20/0x20 [ 39.022694] ? up_read+0x151/0x2c0 [ 39.026264] ksys_mmap_pgoff+0x4da/0x660 [ 39.030817] ? do_syscall_64+0x9a/0x820 [ 39.034804] ? find_mergeable_anon_vma+0xd0/0xd0 [ 39.039569] ? trace_hardirqs_on+0xbd/0x310 [ 39.043921] ? security_file_ioctl+0x94/0xc0 [ 39.048345] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.053724] ? trace_hardirqs_off_caller+0x310/0x310 [ 39.058842] __x64_sys_mmap+0xe9/0x1b0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.062745] do_syscall_64+0x1b9/0x820 [ 39.066667] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.072044] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.077021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.081884] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.086923] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.091967] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.097008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.101868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.107065] RIP: 0033:0x444c09 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.110266] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b ce fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.129189] RSP: 002b:00007ffd3a69c658 EFLAGS: 00000212 ORIG_RAX: 0000000000000009 [ 39.136903] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444c09 [ 39.144186] RDX: 00000000ffffffff RSI: 0000000000600000 RDI: 0000000020a00000 [ 39.151469] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000020a00000 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.158746] R10: 0000000000000011 R11: 0000000000000212 R12: 0000000000009731 [ 39.166024] R13: 0000000000401f50 R14: 0000000000000000 R15: 0000000000000000 [ 39.173305] Modules linked in: [ 39.178682] ---[ end trace bfc3e2da4c27a944 ]--- [ 39.193494] RIP: 0010:vb2_mmap+0x23c/0x6f0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.204100] Code: 80 3c 10 00 0f 85 1b 04 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 45 b8 48 8b 00 48 8d 78 14 48 89 45 d0 48 89 f8 48 c1 e8 03 <0f> b6 14 08 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 fa [ 39.224450] RSP: 0018:ffff8881d1cd77d0 EFLAGS: 00010203 [ 39.235124] RAX: 0000000000000002 RBX: 000000000000000a RCX: dffffc0000000000 [ 39.252565] RDX: dffffc0000000000 RSI: ffffffff854ccb60 RDI: 0000000000000014 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 39.270313] RBP: ffff8881d1cd7820 R08: ffff8881bc6766c0 R09: ffffed1039710b5e [ 39.281375] R10: ffffed1039710b5e R11: ffff8881cb885af7 R12: 0000000000000000 [ 39.289206] R13: 0000000000000001 R14: 0000000020a00000 R15: ffff8881cac67268 [ 39.296594] FS: 000000000172e880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 39.310466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.318514] CR2: 00000000006cf090 CR3: 00000001bcb2b000 CR4: 00000000001406f0 [ 39.325918] Kernel panic - not syncing: Fatal exception [ 39.332159] Kernel Offset: disabled [ 39.335783] Rebooting in 86400 seconds..