[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.801379] kauditd_printk_skb: 7 callbacks suppressed [ 28.801392] audit: type=1800 audit(1543692860.969:29): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.828598] audit: type=1800 audit(1543692860.969:30): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. syzkaller login: [ 49.826538] IPVS: ftp: loaded support on port[0] = 21 executing program [ 49.946287] WARNING: CPU: 1 PID: 6019 at fs/userfaultfd.c:1569 userfaultfd_ioctl+0x3d30/0x5610 [ 49.955128] Kernel panic - not syncing: panic_on_warn set ... [ 49.961014] CPU: 1 PID: 6019 Comm: syz-executor263 Not tainted 4.20.0-rc4+ #358 [ 49.968444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.977776] Call Trace: [ 49.980350] dump_stack+0x244/0x39d [ 49.983974] ? dump_stack_print_info.cold.1+0x20/0x20 [ 49.989168] panic+0x2ad/0x55c [ 49.992358] ? add_taint.cold.5+0x16/0x16 [ 49.996508] ? __warn.cold.8+0x5/0x45 [ 50.000291] ? __warn+0xe8/0x1d0 [ 50.003644] ? userfaultfd_ioctl+0x3d30/0x5610 [ 50.008210] __warn.cold.8+0x20/0x45 [ 50.011917] ? rcu_softirq_qs+0x20/0x20 [ 50.015874] ? userfaultfd_ioctl+0x3d30/0x5610 [ 50.020442] report_bug+0x254/0x2d0 [ 50.024054] do_error_trap+0x11b/0x200 [ 50.027927] do_invalid_op+0x36/0x40 [ 50.031634] ? userfaultfd_ioctl+0x3d30/0x5610 [ 50.036200] invalid_op+0x14/0x20 [ 50.039640] RIP: 0010:userfaultfd_ioctl+0x3d30/0x5610 [ 50.044817] Code: 85 c0 f6 ff ff 48 c1 e8 03 42 80 3c 30 00 0f 84 a3 fa ff ff 48 8b bd c0 f6 ff ff e8 4a 60 db ff e9 92 fa ff ff e8 20 07 98 ff <0f> 0b e9 cd f7 ff ff e8 14 07 98 ff 48 8b 95 f0 f6 ff ff b9 01 00 [ 50.063706] RSP: 0018:ffff8881c1417270 EFLAGS: 00010293 [ 50.069069] RAX: ffff8881c1e32300 RBX: 00000000080000d0 RCX: ffffffff81e77b7b [ 50.076321] RDX: 0000000000000000 RSI: ffffffff81e783b0 RDI: 0000000000000007 [ 50.083575] RBP: ffff8881c1417c00 R08: ffff8881c1e32300 R09: 0000000000000008 [ 50.090828] R10: 0000000000003cb4 R11: ffff8881c1e32300 R12: 0000000020011000 [ 50.098098] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881c2b6e460 [ 50.105374] ? userfaultfd_ioctl+0x34fb/0x5610 [ 50.109935] ? userfaultfd_ioctl+0x3d30/0x5610 [ 50.114525] ? check_preemption_disabled+0x48/0x280 [ 50.119536] ? userfaultfd_read+0x2c0/0x2c0 [ 50.123843] ? mark_held_locks+0xc7/0x130 [ 50.127974] ? mem_cgroup_commit_charge+0x2c1/0xa50 [ 50.132973] ? mem_cgroup_commit_charge+0x2c1/0xa50 [ 50.137975] ? zap_class+0x640/0x640 [ 50.141674] ? lru_cache_add+0xa50/0xa50 [ 50.145735] ? zap_class+0x640/0x640 [ 50.149487] ? do_huge_pmd_anonymous_page+0x14a3/0x2150 [ 50.154838] ? lock_downgrade+0x900/0x900 [ 50.158969] ? pudp_huge_clear_flush+0x390/0x390 [ 50.163710] ? kasan_check_read+0x11/0x20 [ 50.167840] ? do_raw_spin_unlock+0xa7/0x330 [ 50.172232] ? do_raw_spin_trylock+0x270/0x270 [ 50.176797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.182318] ? clear_subpage+0xdc/0x100 [ 50.186273] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 50.191274] ? _raw_spin_unlock+0x2c/0x50 [ 50.195482] ? do_huge_pmd_anonymous_page+0xcbe/0x2150 [ 50.200762] ? __thp_get_unmapped_area+0x180/0x180 [ 50.205687] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 50.211221] ? uprobe_mmap+0x19f/0x1130 [ 50.215176] ? validate_mm+0x386/0x630 [ 50.219048] ? print_usage_bug+0xc0/0xc0 [ 50.223094] ? print_usage_bug+0xc0/0xc0 [ 50.227136] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 50.232655] ? vma_wants_writenotify+0x22c/0x510 [ 50.237393] ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0 [ 50.242142] ? __lock_acquire+0x62f/0x4c20 [ 50.246362] ? __lock_acquire+0x62f/0x4c20 [ 50.250581] ? vma_link+0x116/0x180 [ 50.254195] ? mark_held_locks+0x130/0x130 [ 50.258518] ? mark_held_locks+0x130/0x130 [ 50.262749] ? zap_class+0x640/0x640 [ 50.266444] ? zap_class+0x640/0x640 [ 50.270175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.275701] ? __handle_mm_fault+0xa57/0x5be0 [ 50.280187] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 50.285018] ? vm_mmap_pgoff+0x222/0x2c0 [ 50.289195] ? lock_downgrade+0x900/0x900 [ 50.293333] ? zap_class+0x640/0x640 [ 50.297050] ? zap_class+0x640/0x640 [ 50.300747] ? zap_class+0x640/0x640 [ 50.304448] ? userfaultfd_unmap_prep+0x660/0x660 [ 50.309308] ? find_held_lock+0x36/0x1c0 [ 50.313376] ? __do_page_fault+0x620/0xe60 [ 50.317595] ? userfaultfd_read+0x2c0/0x2c0 [ 50.321900] do_vfs_ioctl+0x1de/0x1790 [ 50.325771] ? do_vfs_ioctl+0x1de/0x1790 [ 50.329823] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 50.335082] ? rcu_softirq_qs+0x20/0x20 [ 50.339056] ? ioctl_preallocate+0x300/0x300 [ 50.343448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.348968] ? __fget_light+0x2e9/0x430 [ 50.352924] ? fget_raw+0x20/0x20 [ 50.356365] ? kasan_check_write+0x14/0x20 [ 50.360579] ? up_read+0x225/0x2c0 [ 50.364113] ? up_read_non_owner+0x100/0x100 [ 50.368504] ? do_syscall_64+0x9a/0x820 [ 50.372458] ? do_syscall_64+0x9a/0x820 [ 50.376412] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 50.380985] ? security_file_ioctl+0x94/0xc0 [ 50.385377] ksys_ioctl+0xa9/0xd0 [ 50.388814] __x64_sys_ioctl+0x73/0xb0 [ 50.392687] do_syscall_64+0x1b9/0x820 [ 50.396555] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 50.401898] ? syscall_return_slowpath+0x5e0/0x5e0 [ 50.406893] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.411729] ? trace_hardirqs_on_caller+0x310/0x310 [ 50.416733] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 50.421736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.427257] ? prepare_exit_to_usermode+0x291/0x3b0 [ 50.432259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.437087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.442258] RIP: 0033:0x440ad9 [ 50.445451] Code: 23 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 50.464334] RSP: 002b:00000000007dff68 EFLAGS: 00000217 ORIG_RAX: 0000000000000010 [ 50.472022] RAX: ffffffffffffffda RBX: 00007ffc8f046ee0 RCX: 0000000000440ad9 [ 50.479276] RDX: 0000000020d62fe0 RSI: 000000008010aa01 RDI: 0000000000000003 [ 50.486530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 50.493784] R10: 0000000000000004 R11: 0000000000000217 R12: 0000000000402270 [ 50.501043] R13: 0000000000402300 R14: 0000000000000000 R15: 0000000000000000 [ 50.509389] Kernel Offset: disabled [ 50.513086] Rebooting in 86400 seconds..