[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.561891] kauditd_printk_skb: 7 callbacks suppressed [ 29.561903] audit: type=1800 audit(1543958516.721:29): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.595312] audit: type=1800 audit(1543958516.721:30): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.244190] sshd (6083) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. [ 237.507288] kasan: CONFIG_KASAN_INLINE enabled [ 237.507422] ------------[ cut here ]------------ [ 237.507427] DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH) [ 237.507432] ------------[ cut here ]------------ [ 237.507436] kernel BUG at mm/slab.c:4425! [ 237.507441] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 237.507447] CPU: 0 PID: -642842048 Comm: ksoftirqd/0 Not tainted 4.20.0-rc4+ #325 [ 237.507454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.507458] RIP: 0010:__check_heap_object+0xa7/0xb5 [ 237.507470] Code: 48 c7 c7 05 f8 14 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 05 f8 14 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 c0 f8 [ 237.507474] RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 [ 237.507482] RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c [ 237.507503] RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 [ 237.507508] RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 [ 237.507513] R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 [ 237.507518] R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 [ 237.507524] FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 237.507529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 237.507534] CR2: 0000000000000068 CR3: 00000001bb9df000 CR4: 00000000001406f0 [ 237.507555] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 237.507575] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 237.507577] Call Trace: [ 237.507580] Modules linked in: [ 237.507675] ---[ end trace 1452b8ca6a1101fd ]--- [ 237.507679] RIP: 0010:__check_heap_object+0xa7/0xb5 [ 237.507690] Code: 48 c7 c7 05 f8 14 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 05 f8 14 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 c0 f8 [ 237.507694] RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 [ 237.507702] RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c [ 237.507707] RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 [ 237.507712] RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 [ 237.507717] R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 [ 237.507722] R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 [ 237.507727] FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 237.507731] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 237.507736] CR2: 0000000000000068 CR3: 00000001bb9df000 CR4: 00000000001406f0 [ 237.507741] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 237.507746] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 237.507751] Kernel panic - not syncing: Fatal exception in interrupt [ 237.773940] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 237.781304] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 237.787535] CPU: 1 PID: 6102 Comm: syz-executor923 Tainted: G D 4.20.0-rc4+ #325 [ 237.796361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.805750] RIP: 0010:cpuacct_charge+0xb8/0x440 [ 237.810451] Code: 00 00 48 81 ff a8 80 ff ff 74 36 48 8d 9f 58 7f 00 00 48 81 c7 e0 7f 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2c 03 00 00 f6 83 88 00 00 00 03 0f 94 c3 0f b6 [ 237.829353] RSP: 0018:ffff8881bcf0f380 EFLAGS: 00010007 [ 237.834712] RAX: dffffc0000000000 RBX: 0000000000007f5c RCX: 0000000000000000 [ 237.841977] RDX: 0000000000000ffc RSI: 000000361ae5c3a2 RDI: 0000000000007fe4 [ 237.849242] RBP: ffff8881bcf0f418 R08: 0000000000000008 R09: 0000000000000000 [ 237.856507] R10: 0000000000000000 R11: dffffc0000000000 R12: 000000361ae5c3a2 [ 237.863773] R13: ffff8881d9af0240 R14: 1ffff110379e1e72 R15: ffff8881bcf0f3f0 [ 237.871044] FS: 0000000001984940(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 237.879272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 237.885152] CR2: 000000000198d978 CR3: 00000001bcb14000 CR4: 00000000001406e0 [ 237.892417] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 237.899682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 237.906945] Call Trace: [ 237.909541] ? cpuacct_css_alloc+0x160/0x160 [ 237.913949] ? mark_held_locks+0x130/0x130 [ 237.918248] update_curr+0x392/0xbd0 [ 237.921981] ? __account_cfs_rq_runtime+0x790/0x790 [ 237.927106] ? update_cfs_rq_load_avg.part.68+0x2e0/0x2e0 [ 237.932647] ? attach_entity_cfs_rq+0xe2f/0x24c0 [ 237.937941] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 237.942982] ? find_next_bit+0x104/0x130 [ 237.947050] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 237.952595] enqueue_entity+0x3f5/0x20a0 [ 237.956667] ? put_prev_task_fair+0x80/0x80 [ 237.960995] ? switched_from_fair+0x10/0x10 [ 237.965320] ? mark_held_locks+0x130/0x130 [ 237.969559] ? mark_held_locks+0x130/0x130 [ 237.973799] ? mark_held_locks+0x130/0x130 [ 237.978057] ? kasan_check_write+0x14/0x20 [ 237.982355] ? ext4_mark_iloc_dirty+0x199a/0x2f30 [ 237.987208] enqueue_task_fair+0x24d/0xa50 [ 237.991467] ? activate_task+0x1b4/0x470 [ 237.995531] ? enqueue_entity+0x20a0/0x20a0 [ 237.999897] ? kvm_clock_read+0x18/0x30 [ 238.003872] ? kvm_sched_clock_read+0x9/0x20 [ 238.008286] ? sched_clock+0x31/0x50 [ 238.011998] ? sched_clock_cpu+0x1b/0x1b0 [ 238.016148] ? record_times+0x1e/0x590 [ 238.020035] ? psi_task_change+0x370/0x5f0 [ 238.024266] ? kvm_clock_read+0x18/0x30 [ 238.028477] ? sched_clock_cpu+0x1b/0x1b0 [ 238.032640] activate_task+0x208/0x470 [ 238.036739] wake_up_new_task+0x523/0xcf0 [ 238.040891] ? to_ratio+0x20/0x20 [ 238.044347] ? lock_downgrade+0x900/0x900 [ 238.048541] ? get_task_pid+0x211/0x3b0 [ 238.052516] ? find_get_pid+0x270/0x270 [ 238.056494] ? lock_downgrade+0x900/0x900 [ 238.060646] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 238.065688] _do_fork+0x33b/0x11d0 [ 238.069248] ? fork_idle+0x1d0/0x1d0 [ 238.072993] ? dput.part.25+0x26d/0x860 [ 238.076996] ? check_preemption_disabled+0x48/0x280 [ 238.082044] ? mntput+0x74/0xa0 [ 238.085355] ? do_syscall_64+0x9a/0x820 [ 238.089334] ? do_syscall_64+0x9a/0x820 [ 238.093310] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 238.097903] ? trace_hardirqs_on+0xbd/0x310 [ 238.102222] ? __ia32_sys_mknod+0xb0/0xb0 [ 238.106425] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 238.111789] ? trace_hardirqs_off_caller+0x310/0x310 [ 238.116897] __x64_sys_clone+0xbf/0x150 [ 238.120877] do_syscall_64+0x1b9/0x820 [ 238.124761] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 238.130128] ? syscall_return_slowpath+0x5e0/0x5e0 [ 238.135056] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 238.140414] ? trace_hardirqs_on_caller+0x310/0x310 [ 238.145432] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 238.150465] ? prepare_exit_to_usermode+0x291/0x3b0 [ 238.155487] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 238.160333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 238.165517] RIP: 0033:0x44549a [ 238.168712] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 238.188137] RSP: 002b:00007ffe6c26bb90 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 238.195845] RAX: ffffffffffffffda RBX: 00007ffe6c26bb90 RCX: 000000000044549a [ 238.203143] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 238.210424] RBP: 00007ffe6c26bbd0 R08: 00000000000017d6 R09: 0000000001984940 [ 238.217698] R10: 0000000001984c10 R11: 0000000000000246 R12: 00000000000017d6 [ 238.224959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 238.232228] Modules linked in: [ 238.236064] ---[ end trace 1452b8ca6a1101fe ]--- [ 238.240857] RIP: 0010:__check_heap_object+0xa7/0xb5 [ 238.245873] Code: 48 c7 c7 05 f8 14 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 05 f8 14 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 c0 f8 [ 238.264772] RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 [ 238.270126] RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c [ 238.277395] RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 [ 238.284661] RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 [ 238.291959] R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 [ 238.299227] R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 [ 238.306492] FS: 0000000001984940(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 238.314710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 238.320584] CR2: 000000000198d978 CR3: 00000001bcb14000 CR4: 00000000001406e0 [ 238.327852] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 238.335120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 238.690041] Shutting down cpus with NMI [ 238.690044] Kernel Offset: disabled