[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   28.824376] kauditd_printk_skb: 7 callbacks suppressed
[   28.824388] audit: type=1800 audit(1542255497.629:29): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   28.851340] audit: type=1800 audit(1542255497.629:30): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
syzkaller login: [  122.266022] ------------[ cut here ]------------
[  122.266071] DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH)
[  122.266076] ------------[ cut here ]------------
[  122.266080] kernel BUG at mm/slab.c:4425!
[  122.266099] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  122.266105] CPU: 0 PID: -642842048 Comm: ksoftirqd/0 Not tainted 4.20.0-rc2+ #295
[  122.266112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  122.266117] RIP: 0010:__check_heap_object+0xa7/0xb5
[  122.266129] Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73
[  122.266134] RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093
[  122.266141] RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c
[  122.266146] RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8
[  122.266152] RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180
[  122.266158] R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8
[  122.266163] R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001
[  122.266169] FS:  0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[  122.266174] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.266180] CR2: 0000000000000068 CR3: 00000001cdaf4000 CR4: 00000000001406f0
[  122.266186] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  122.266191] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  122.266194] Call Trace:
[  122.266197] Modules linked in:
[  122.269189] ==================================================================
[  122.271167] ---[ end trace 97e5870738366f72 ]---
[  122.271172] RIP: 0010:__check_heap_object+0xa7/0xb5
[  122.271184] Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73
[  122.271188] RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093
[  122.271197] RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c
[  122.271202] RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8
[  122.271207] RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180
[  122.271213] R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8
[  122.271218] R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001
[  122.271224] FS:  0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[  122.271228] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.271234] CR2: 0000000000000068 CR3: 00000001cdaf4000 CR4: 00000000001406f0
[  122.271239] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  122.271244] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  122.271249] Kernel panic - not syncing: Fatal exception in interrupt
[  122.534957] BUG: KASAN: stack-out-of-bounds in mm_update_next_owner+0x89b/0x990
[  122.542399] Read of size 8 at addr ffff8881d9af0610 by task syz-executor489/11833
[  122.550001] 
[  122.551640] CPU: 1 PID: 11833 Comm: syz-executor489 Tainted: G      D           4.20.0-rc2+ #295
[  122.560566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  122.569909] Call Trace:
[  122.572494]  dump_stack+0x244/0x39d
[  122.576135]  ? dump_stack_print_info.cold.1+0x20/0x20
[  122.581330]  ? printk+0xa7/0xcf
[  122.584621]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  122.589373]  print_address_description.cold.7+0x9/0x1ff
[  122.594729]  kasan_report.cold.8+0x242/0x309
[  122.599133]  ? mm_update_next_owner+0x89b/0x990
[  122.603802]  __asan_report_load8_noabort+0x14/0x20
[  122.608729]  mm_update_next_owner+0x89b/0x990
[  122.613230]  ? is_current_pgrp_orphaned+0xa0/0xa0
[  122.618076]  ? do_exit+0xe64/0x26d0
[  122.621702]  ? lock_downgrade+0x900/0x900
[  122.625854]  ? kasan_check_read+0x11/0x20
[  122.630038]  ? do_raw_spin_trylock+0x270/0x270
[  122.634615]  ? up_read_non_owner+0x100/0x100
[  122.639031]  ? __down_interruptible+0x700/0x700
[  122.643720]  do_exit+0xe6c/0x26d0
[  122.647191]  ? mm_update_next_owner+0x990/0x990
[  122.651859]  ? __handle_mm_fault+0x4723/0x5be0
[  122.656437]  ? lock_downgrade+0x900/0x900
[  122.660596]  ? kasan_check_read+0x11/0x20
[  122.664746]  ? kasan_check_read+0x11/0x20
[  122.668897]  ? try_to_wake_up+0x11c/0x1490
[  122.673145]  ? lock_downgrade+0x900/0x900
[  122.677311]  ? trace_hardirqs_off+0xb8/0x310
[  122.681715]  ? kasan_check_read+0x11/0x20
[  122.685861]  ? do_raw_spin_unlock+0xa7/0x330
[  122.690282]  ? trace_hardirqs_on+0x310/0x310
[  122.694688]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  122.699527]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  122.704632]  ? try_to_wake_up+0x11c/0x1490
[  122.708861]  ? rcu_is_watching+0x30/0x30
[  122.712951]  ? __kasan_slab_free+0x119/0x150
[  122.717360]  ? migrate_swap_stop+0x8a0/0x8a0
[  122.721770]  ? blkcg_maybe_throttle_current+0xa38/0x1080
[  122.727216]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.732747]  ? check_preemption_disabled+0x48/0x280
[  122.737762]  ? blkg_prfill_rwstat_field_recursive+0x170/0x170
[  122.743644]  ? percpu_counter_add_batch+0x141/0x190
[  122.748672]  ? handle_mm_fault+0x42a/0xc70
[  122.752954]  ? __do_page_fault+0x620/0xe60
[  122.757184]  ? lock_downgrade+0x900/0x900
[  122.761328]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.766862]  ? do_group_exit+0x35f/0x440
[  122.770922]  ? lock_downgrade+0x900/0x900
[  122.775065]  ? kick_process+0xed/0x170
[  122.778950]  ? trace_hardirqs_on+0xbd/0x310
[  122.783265]  ? kasan_check_read+0x11/0x20
[  122.787427]  ? do_group_exit+0x35f/0x440
[  122.791514]  ? trace_hardirqs_off_caller+0x310/0x310
[  122.796634]  ? force_sig+0x30/0x30
[  122.800181]  do_group_exit+0x177/0x440
[  122.804071]  ? __ia32_sys_exit+0x50/0x50
[  122.808135]  ? trace_hardirqs_off_caller+0x310/0x310
[  122.813243]  __x64_sys_exit_group+0x3e/0x50
[  122.817566]  do_syscall_64+0x1b9/0x820
[  122.821450]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  122.826818]  ? syscall_return_slowpath+0x5e0/0x5e0
[  122.831743]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  122.836585]  ? trace_hardirqs_on_caller+0x310/0x310
[  122.841645]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  122.846658]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  122.852195]  ? prepare_exit_to_usermode+0x291/0x3b0
[  122.857210]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  122.862070]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  122.867269] RIP: 0033:0x4452f8
[  122.870461] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00
[  122.889354] RSP: 002b:00007ffeb473c638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  122.897056] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004452f8
[  122.904338] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[  122.911601] RBP: 00000000004cd490 R08: 00000000000000e7 R09: ffffffffffffffd0
[  122.918863] R10: 00007ffeb473c680 R11: 0000000000000246 R12: 0000000000000001
[  122.926130] R13: 00000000006e0320 R14: 0000000000000003 R15: 00000000006dbd2c
[  122.933397] 
[  122.935017] Allocated by task 993387363:
[  122.939109] BUG: unable to handle kernel paging request at ffffffff8cabe280
[  122.946198] PGD 946d067 P4D 946d067 PUD 946e063 PMD 0 
[  122.951480] Oops: 0000 [#2] PREEMPT SMP KASAN
[  122.955990] CPU: 1 PID: 11833 Comm: syz-executor489 Tainted: G      D           4.20.0-rc2+ #295
[  122.964902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  122.974253] RIP: 0010:depot_fetch_stack+0x10/0x30
[  122.979089] Code: 89 e8 44 96 1c fe e9 87 fd ff ff e8 8a b0 a2 fd 90 90 90 90 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 00 7a ac 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00
[  122.997983] RSP: 0018:ffff8881c025f530 EFLAGS: 00010006
[  123.003350] RAX: 00000000001fed10 RBX: ffff8881d9af1a04 RCX: 0000000000000000
[  123.010612] RDX: 0000000000000000 RSI: ffff8881c025f538 RDI: 0000000000003ff0
[  123.017877] RBP: ffff8881c025f560 R08: ffff8881bf7c2640 R09: ffffed103b5e3ef8
[  123.025154] R10: ffffed103b5e3ef8 R11: ffff8881daf1f7c7 R12: ffffea000766bc00
[  123.032416] R13: ffff8881d9af0240 R14: ffff8881da970180 R15: ffff8881d9af1a00
[  123.039702] FS:  0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[  123.047925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.053799] CR2: ffffffff8cabe280 CR3: 00000001be688000 CR4: 00000000001406e0
[  123.061083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  123.068375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  123.075634] Call Trace:
[  123.078220]  ? print_track.isra.4+0x3b/0x6f
[  123.082564]  print_address_description.cold.7+0x15b/0x1ff
[  123.088104]  kasan_report.cold.8+0x242/0x309
[  123.092511]  ? mm_update_next_owner+0x89b/0x990
[  123.097180]  __asan_report_load8_noabort+0x14/0x20
[  123.102109]  mm_update_next_owner+0x89b/0x990
[  123.106612]  ? is_current_pgrp_orphaned+0xa0/0xa0
[  123.111470]  ? do_exit+0xe64/0x26d0
[  123.115099]  ? lock_downgrade+0x900/0x900
[  123.119254]  ? kasan_check_read+0x11/0x20
[  123.123401]  ? do_raw_spin_trylock+0x270/0x270
[  123.127979]  ? up_read_non_owner+0x100/0x100
[  123.132409]  ? __down_interruptible+0x700/0x700
[  123.137085]  do_exit+0xe6c/0x26d0
[  123.140540]  ? mm_update_next_owner+0x990/0x990
[  123.145233]  ? __handle_mm_fault+0x4723/0x5be0
[  123.149814]  ? lock_downgrade+0x900/0x900
[  123.153961]  ? kasan_check_read+0x11/0x20
[  123.158113]  ? kasan_check_read+0x11/0x20
[  123.162265]  ? try_to_wake_up+0x11c/0x1490
[  123.166514]  ? lock_downgrade+0x900/0x900
[  123.170692]  ? trace_hardirqs_off+0xb8/0x310
[  123.175093]  ? kasan_check_read+0x11/0x20
[  123.179237]  ? do_raw_spin_unlock+0xa7/0x330
[  123.183645]  ? trace_hardirqs_on+0x310/0x310
[  123.188064]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  123.192920]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  123.198021]  ? try_to_wake_up+0x11c/0x1490
[  123.202258]  ? rcu_is_watching+0x30/0x30
[  123.206320]  ? __kasan_slab_free+0x119/0x150
[  123.210742]  ? migrate_swap_stop+0x8a0/0x8a0
[  123.215154]  ? blkcg_maybe_throttle_current+0xa38/0x1080
[  123.220603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  123.226141]  ? check_preemption_disabled+0x48/0x280
[  123.231188]  ? blkg_prfill_rwstat_field_recursive+0x170/0x170
[  123.237071]  ? percpu_counter_add_batch+0x141/0x190
[  123.242096]  ? handle_mm_fault+0x42a/0xc70
[  123.246334]  ? __do_page_fault+0x620/0xe60
[  123.250568]  ? lock_downgrade+0x900/0x900
[  123.254713]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  123.260253]  ? do_group_exit+0x35f/0x440
[  123.264316]  ? lock_downgrade+0x900/0x900
[  123.268474]  ? kick_process+0xed/0x170
[  123.272386]  ? trace_hardirqs_on+0xbd/0x310
[  123.276704]  ? kasan_check_read+0x11/0x20
[  123.280851]  ? do_group_exit+0x35f/0x440
[  123.284911]  ? trace_hardirqs_off_caller+0x310/0x310
[  123.290015]  ? force_sig+0x30/0x30
[  123.293583]  do_group_exit+0x177/0x440
[  123.297488]  ? __ia32_sys_exit+0x50/0x50
[  123.301563]  ? trace_hardirqs_off_caller+0x310/0x310
[  123.306674]  __x64_sys_exit_group+0x3e/0x50
[  123.310999]  do_syscall_64+0x1b9/0x820
[  123.314907]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  123.320272]  ? syscall_return_slowpath+0x5e0/0x5e0
[  123.325197]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  123.330047]  ? trace_hardirqs_on_caller+0x310/0x310
[  123.335065]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  123.340093]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  123.345627]  ? prepare_exit_to_usermode+0x291/0x3b0
[  123.350646]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  123.355494]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  123.360675] RIP: 0033:0x4452f8
[  123.363870] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00
[  123.383231] RSP: 002b:00007ffeb473c638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  123.390936] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004452f8
[  123.398202] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[  123.405466] RBP: 00000000004cd490 R08: 00000000000000e7 R09: ffffffffffffffd0
[  123.412741] R10: 00007ffeb473c680 R11: 0000000000000246 R12: 0000000000000001
[  123.420031] R13: 00000000006e0320 R14: 0000000000000003 R15: 00000000006dbd2c
[  123.427301] Modules linked in:
[  123.430505] CR2: ffffffff8cabe280
[  123.433972] ---[ end trace 97e5870738366f73 ]---
[  123.438729] RIP: 0010:__check_heap_object+0xa7/0xb5