[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.315451] kauditd_printk_skb: 7 callbacks suppressed [ 28.315463] audit: type=1800 audit(1543701040.755:29): pid=5855 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.340464] audit: type=1800 audit(1543701040.765:30): pid=5855 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. syzkaller login: [ 55.577533] IPVS: ftp: loaded support on port[0] = 21 executing program [ 55.689710] WARNING: CPU: 0 PID: 6011 at fs/userfaultfd.c:1569 userfaultfd_ioctl+0x3d30/0x5610 [ 55.698554] Kernel panic - not syncing: panic_on_warn set ... [ 55.704432] CPU: 0 PID: 6011 Comm: syz-executor622 Not tainted 4.20.0-rc4+ #261 [ 55.711866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.721205] Call Trace: [ 55.723786] dump_stack+0x244/0x39d [ 55.727406] ? dump_stack_print_info.cold.1+0x20/0x20 [ 55.732598] panic+0x2ad/0x55c [ 55.735785] ? add_taint.cold.5+0x16/0x16 [ 55.739929] ? __warn.cold.8+0x5/0x45 [ 55.743719] ? __warn+0xe8/0x1d0 [ 55.747085] ? userfaultfd_ioctl+0x3d30/0x5610 [ 55.751657] __warn.cold.8+0x20/0x45 [ 55.755361] ? rcu_softirq_qs+0x20/0x20 [ 55.759329] ? userfaultfd_ioctl+0x3d30/0x5610 [ 55.763978] report_bug+0x254/0x2d0 [ 55.767710] do_error_trap+0x11b/0x200 [ 55.771602] do_invalid_op+0x36/0x40 [ 55.775304] ? userfaultfd_ioctl+0x3d30/0x5610 [ 55.779885] invalid_op+0x14/0x20 [ 55.783515] RIP: 0010:userfaultfd_ioctl+0x3d30/0x5610 [ 55.788699] Code: 85 c0 f6 ff ff 48 c1 e8 03 42 80 3c 30 00 0f 84 a3 fa ff ff 48 8b bd c0 f6 ff ff e8 4a 60 db ff e9 92 fa ff ff e8 20 07 98 ff <0f> 0b e9 cd f7 ff ff e8 14 07 98 ff 48 8b 95 f0 f6 ff ff b9 01 00 [ 55.807591] RSP: 0018:ffff8881b6fd73d0 EFLAGS: 00010293 [ 55.812943] RAX: ffff8881b3888700 RBX: 00000000080000d0 RCX: ffffffff81e77b7b [ 55.820202] RDX: 0000000000000000 RSI: ffffffff81e783b0 RDI: 0000000000000007 [ 55.827463] RBP: ffff8881b6fd7d60 R08: ffff8881b3888700 R09: 0000000000000008 [ 55.834729] R10: 0000000000007845 R11: ffff8881b3888700 R12: 0000000020011000 [ 55.841991] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881c1de3108 [ 55.849264] ? userfaultfd_ioctl+0x34fb/0x5610 [ 55.853840] ? userfaultfd_ioctl+0x3d30/0x5610 [ 55.858420] ? lru_cache_add+0xa50/0xa50 [ 55.862480] ? userfaultfd_read+0x2c0/0x2c0 [ 55.866796] ? do_huge_pmd_anonymous_page+0x14a3/0x2150 [ 55.872149] ? lock_downgrade+0x900/0x900 [ 55.876293] ? pudp_huge_clear_flush+0x390/0x390 [ 55.881067] ? kasan_check_read+0x11/0x20 [ 55.885210] ? do_raw_spin_unlock+0xa7/0x330 [ 55.889611] ? do_raw_spin_trylock+0x270/0x270 [ 55.894190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.899716] ? clear_subpage+0xdc/0x100 [ 55.903685] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 55.908704] ? _raw_spin_unlock+0x2c/0x50 [ 55.912851] ? __thp_get_unmapped_area+0x180/0x180 [ 55.917892] ? uprobe_apply+0x140/0x140 [ 55.921932] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.927471] ? print_usage_bug+0xc0/0xc0 [ 55.931526] ? print_usage_bug+0xc0/0xc0 [ 55.935580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.941122] ? vma_set_page_prot+0x243/0x320 [ 55.945529] ? __lock_acquire+0x62f/0x4c20 [ 55.949759] ? __lock_acquire+0x62f/0x4c20 [ 55.953982] ? mmap_region+0x62f/0x1cd0 [ 55.957952] ? mark_held_locks+0x130/0x130 [ 55.962185] ? mark_held_locks+0x130/0x130 [ 55.966411] ? zap_class+0x640/0x640 [ 55.970125] ? mpx_unmapped_area_check+0xd8/0x108 [ 55.974967] ? __handle_mm_fault+0xa57/0x5be0 [ 55.979452] ? find_held_lock+0x36/0x1c0 [ 55.983513] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 55.988353] ? vm_mmap_pgoff+0x222/0x2c0 [ 55.992416] ? lock_downgrade+0x900/0x900 [ 55.996557] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 56.001566] ? cap_mmap_addr+0x52/0x130 [ 56.005594] ? userfaultfd_unmap_complete+0x32a/0x510 [ 56.010969] ? security_mmap_addr+0x80/0xa0 [ 56.015291] ? zap_class+0x640/0x640 [ 56.019012] ? zap_class+0x640/0x640 [ 56.022751] ? zap_class+0x640/0x640 [ 56.026464] ? find_held_lock+0x36/0x1c0 [ 56.030533] ? __do_page_fault+0x620/0xe60 [ 56.034760] ? lock_downgrade+0x900/0x900 [ 56.038899] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 56.043821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.049349] ? __fget_light+0x2e9/0x430 [ 56.053312] ? fget_raw+0x20/0x20 [ 56.056757] ? check_preemption_disabled+0x48/0x280 [ 56.061776] ? kasan_check_write+0x14/0x20 [ 56.066005] ? up_read+0x225/0x2c0 [ 56.069547] ? do_fast_syscall_32+0x150/0xfb2 [ 56.074049] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 56.078758] ? userfaultfd_read+0x2c0/0x2c0 [ 56.083084] __ia32_compat_sys_ioctl+0x20e/0x630 [ 56.087831] ? userfaultfd_read+0x2c0/0x2c0 [ 56.092143] ? __ia32_compat_sys_ioctl+0x20e/0x630 [ 56.097079] do_fast_syscall_32+0x34d/0xfb2 [ 56.101393] ? do_int80_syscall_32+0x890/0x890 [ 56.106030] ? entry_SYSENTER_compat+0x68/0x7f [ 56.110632] ? trace_hardirqs_off_caller+0xbb/0x310 [ 56.115638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.120471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.125304] ? trace_hardirqs_on_caller+0x310/0x310 [ 56.130311] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.135324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.140856] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.145874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.150716] entry_SYSENTER_compat+0x70/0x7f [ 56.155115] RIP: 0023:0xf7ff7a29 [ 56.158474] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 56.177459] RSP: 002b:00000000081fff3c EFLAGS: 00000202 ORIG_RAX: 0000000000000036 [ 56.185165] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008010aa01 [ 56.192426] RDX: 0000000020d62fe0 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.199682] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.206938] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 56.214194] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.222534] Kernel Offset: disabled [ 56.226240] Rebooting in 86400 seconds..