[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 30.202379] kauditd_printk_skb: 7 callbacks suppressed [ 30.202392] audit: type=1800 audit(1544113442.958:29): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 30.228256] audit: type=1800 audit(1544113442.968:30): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.577390] sshd (6039) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program [ 53.327770] ------------[ cut here ]------------ [ 53.335267] memory commitment underflow [ 53.335385] WARNING: CPU: 1 PID: 6064 at mm/util.c:645 __vm_enough_memory+0x734/0x960 [ 53.347312] Kernel panic - not syncing: panic_on_warn set ... [ 53.353179] CPU: 1 PID: 6064 Comm: syz-executor831 Not tainted 4.20.0-rc5+ #143 [ 53.360601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.369938] Call Trace: [ 53.372633] dump_stack+0x244/0x39d [ 53.376247] ? dump_stack_print_info.cold.1+0x20/0x20 [ 53.381425] panic+0x2ad/0x55c [ 53.384603] ? add_taint.cold.5+0x16/0x16 [ 53.388742] ? __warn.cold.8+0x5/0x45 [ 53.392539] ? __warn+0xe8/0x1d0 [ 53.395895] ? __vm_enough_memory+0x734/0x960 [ 53.400432] __warn.cold.8+0x20/0x45 [ 53.404138] ? rcu_softirq_qs+0x20/0x20 [ 53.408121] ? __vm_enough_memory+0x734/0x960 [ 53.412719] report_bug+0x254/0x2d0 [ 53.416338] do_error_trap+0x11b/0x200 [ 53.420243] do_invalid_op+0x36/0x40 [ 53.423943] ? __vm_enough_memory+0x734/0x960 [ 53.428489] invalid_op+0x14/0x20 [ 53.431945] RIP: 0010:__vm_enough_memory+0x734/0x960 [ 53.437035] Code: 60 d3 ff 0f b6 85 28 fe ff ff 84 c0 0f 85 4e fa ff ff e8 ff 5f d3 ff 48 c7 c7 60 99 32 88 c6 05 0c 8a 66 08 01 e8 fc bf 9c ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 0f b6 14 [ 53.455925] RSP: 0018:ffff8881b2c175a0 EFLAGS: 00010282 [ 53.461326] RAX: 0000000000000000 RBX: 1ffff11036582eb8 RCX: 0000000000000000 [ 53.468635] RDX: 0000000000000000 RSI: ffffffff8165fbe5 RDI: 0000000000000006 [ 53.475900] RBP: ffff8881b2c17788 R08: ffff8881bff6a140 R09: 0000000000000006 [ 53.483163] R10: 0000000000000000 R11: ffff8881bff6a140 R12: ffff8881b2c17760 [ 53.490421] R13: 0000000000000c60 R14: ffffffff8961c660 R15: 0000000000000001 [ 53.497690] ? vprintk_func+0x85/0x181 [ 53.501616] ? vm_commit_limit+0xd0/0xd0 [ 53.505687] ? find_held_lock+0x36/0x1c0 [ 53.509739] ? zap_class+0x640/0x640 [ 53.513453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.518984] ? check_preemption_disabled+0x48/0x280 [ 53.523992] ? __lock_is_held+0xb5/0x140 [ 53.528044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.533564] ? cap_capable+0x1f9/0x260 [ 53.537441] security_vm_enough_memory_mm+0x9d/0xc0 [ 53.542548] __shmem_file_setup.part.50+0x19c/0x2a0 [ 53.547552] ? memset+0x31/0x40 [ 53.550818] shmem_file_setup+0x65/0x90 [ 53.554828] ashmem_mmap+0x362/0x520 [ 53.558536] mmap_region+0xe85/0x1cd0 [ 53.562326] ? __x64_sys_brk+0x8b0/0x8b0 [ 53.566378] ? smack_task_getsecid+0x1e6/0x3c0 [ 53.571005] ? lock_downgrade+0x900/0x900 [ 53.575153] ? check_preemption_disabled+0x48/0x280 [ 53.580160] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 53.585075] ? kasan_check_read+0x11/0x20 [ 53.589209] ? mpx_unmapped_area_check+0xd8/0x108 [ 53.594052] ? arch_get_unmapped_area+0x750/0x750 [ 53.599000] ? lock_acquire+0x1ed/0x520 [ 53.602963] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 53.607964] ? cap_mmap_addr+0x52/0x130 [ 53.611951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.617567] ? security_mmap_addr+0x80/0xa0 [ 53.621878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.627400] ? get_unmapped_area+0x292/0x3b0 [ 53.631790] do_mmap+0xa22/0x1230 [ 53.635224] ? mmap_region+0x1cd0/0x1cd0 [ 53.639264] ? vm_mmap_pgoff+0x1b5/0x2c0 [ 53.643309] ? down_read_killable+0x150/0x150 [ 53.647787] ? security_mmap_file+0x174/0x1b0 [ 53.652300] vm_mmap_pgoff+0x213/0x2c0 [ 53.656200] ? vma_is_stack_for_current+0xd0/0xd0 [ 53.661033] ? smk_curacc+0x7f/0xa0 [ 53.664642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.670159] ? fget_raw+0x20/0x20 [ 53.673591] ? up_read+0x151/0x2c0 [ 53.677117] ksys_mmap_pgoff+0x4da/0x660 [ 53.681189] ? do_syscall_64+0x9a/0x820 [ 53.685180] ? find_mergeable_anon_vma+0xd0/0xd0 [ 53.690046] ? trace_hardirqs_on+0xbd/0x310 [ 53.694366] ? security_file_ioctl+0x94/0xc0 [ 53.698761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.704112] ? trace_hardirqs_off_caller+0x310/0x310 [ 53.709199] __x64_sys_mmap+0xe9/0x1b0 [ 53.713237] do_syscall_64+0x1b9/0x820 [ 53.717126] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 53.722478] ? syscall_return_slowpath+0x5e0/0x5e0 [ 53.727390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.732223] ? trace_hardirqs_on_caller+0x310/0x310 [ 53.737226] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 53.742230] ? prepare_exit_to_usermode+0x291/0x3b0 [ 53.747236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.752076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.757250] RIP: 0033:0x440e79 [ 53.760431] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.779324] RSP: 002b:00007ffc6d03c178 EFLAGS: 00000216 ORIG_RAX: 0000000000000009 [ 53.787074] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440e79 [ 53.794364] RDX: 0000000020fffffc RSI: 0000000000004000 RDI: 00000000206fd000 [ 53.801619] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000 [ 53.808883] R10: 0000000000000012 R11: 0000000000000216 R12: 0000000000401d10 [ 53.816154] R13: 0000000000401da0 R14: 0000000000000000 R15: 0000000000000000 [ 53.824513] Kernel Offset: disabled [ 53.828194] Rebooting in 86400 seconds..