[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 49.231420][ T26] audit: type=1800 audit(1566086640.050:25): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 49.267574][ T26] audit: type=1800 audit(1566086640.050:26): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 49.295386][ T26] audit: type=1800 audit(1566086640.050:27): pid=8797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.647233][ T8958] ================================================================== [ 59.655954][ T8958] BUG: KASAN: null-ptr-deref in queue_work_on+0xa6/0x1b0 [ 59.662956][ T8958] Write of size 8 at addr 0000000000000050 by task syz-executor618/8958 [ 59.671757][ T8958] [ 59.674071][ T8958] CPU: 1 PID: 8958 Comm: syz-executor618 Not tainted 5.3.0-rc4+ #79 [ 59.682018][ T8958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.692060][ T8958] Call Trace: [ 59.695330][ T8958] dump_stack+0x1d8/0x2f8 [ 59.699668][ T8958] __kasan_report+0x169/0x1c0 [ 59.704332][ T8958] ? queue_work_on+0xa6/0x1b0 [ 59.708993][ T8958] kasan_report+0x26/0x50 [ 59.713307][ T8958] check_memory_region+0x2cf/0x2e0 [ 59.718406][ T8958] __kasan_check_write+0x14/0x20 [ 59.723326][ T8958] queue_work_on+0xa6/0x1b0 [ 59.727816][ T8958] slcan_write_wakeup+0x6f/0x80 [ 59.732647][ T8958] ? slcan_receive_buf+0xe80/0xe80 [ 59.737754][ T8958] tty_wakeup+0xb7/0x100 [ 59.741980][ T8958] pty_unthrottle+0x3c/0x60 [ 59.746461][ T8958] ? pty_bsd_compat_ioctl+0x30/0x30 [ 59.751673][ T8958] n_tty_ioctl_helper+0x47c/0x670 [ 59.756684][ T8958] n_tty_ioctl+0x176/0x330 [ 59.761088][ T8958] ? n_tty_write+0x1270/0x1270 [ 59.765840][ T8958] tty_ioctl+0xf83/0x15c0 [ 59.770630][ T8958] ? tty_do_resize+0x180/0x180 [ 59.775460][ T8958] do_vfs_ioctl+0x744/0x1730 [ 59.780030][ T8958] ? __fget+0x431/0x510 [ 59.784174][ T8958] ? tomoyo_file_ioctl+0x23/0x30 [ 59.789092][ T8958] ? security_file_ioctl+0xa1/0xd0 [ 59.794288][ T8958] __x64_sys_ioctl+0xe3/0x120 [ 59.798955][ T8958] do_syscall_64+0xfe/0x140 [ 59.803443][ T8958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.809318][ T8958] RIP: 0033:0x446859 [ 59.813199][ T8958] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.832787][ T8958] RSP: 002b:00007fafebc91d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.836348][ T8948] kobject: 'slcan0' (000000003eab5728): kobject_cleanup, parent 00000000c873a480 [ 59.841174][ T8958] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446859 [ 59.841179][ T8958] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 59.841183][ T8958] RBP: 00000000006dbc30 R08: 00007fafebc92700 R09: 0000000000000000 [ 59.841187][ T8958] R10: 00007fafebc92700 R11: 0000000000000246 R12: 00000000006dbc3c [ 59.841190][ T8958] R13: 00007ffd75b65dcf R14: 00007fafebc929c0 R15: 20c49ba5e353f7cf [ 59.841200][ T8958] ================================================================== [ 59.841205][ T8958] Kernel panic - not syncing: panic_on_warn set ... [ 59.841215][ T8958] CPU: 1 PID: 8958 Comm: syz-executor618 Tainted: G B 5.3.0-rc4+ #79 [ 59.850316][ T8948] kobject: 'slcan0' (000000003eab5728): calling ktype release [ 59.858411][ T8958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.867250][ T8948] kobject: 'slcan0': free name [ 59.874854][ T8958] Call Trace: [ 59.874868][ T8958] dump_stack+0x1d8/0x2f8 [ 59.874878][ T8958] panic+0x25c/0x799 [ 59.874887][ T8958] ? trace_hardirqs_off+0x1a/0x80 [ 59.874899][ T8958] __kasan_report+0x1bb/0x1c0 [ 59.957907][ T8958] ? queue_work_on+0xa6/0x1b0 [ 59.962550][ T8958] kasan_report+0x26/0x50 [ 59.966841][ T8958] check_memory_region+0x2cf/0x2e0 [ 59.971917][ T8958] __kasan_check_write+0x14/0x20 [ 59.976823][ T8958] queue_work_on+0xa6/0x1b0 [ 59.981338][ T8958] slcan_write_wakeup+0x6f/0x80 [ 59.986151][ T8958] ? slcan_receive_buf+0xe80/0xe80 [ 59.991507][ T8958] tty_wakeup+0xb7/0x100 [ 59.995717][ T8958] pty_unthrottle+0x3c/0x60 [ 60.000188][ T8958] ? pty_bsd_compat_ioctl+0x30/0x30 [ 60.005352][ T8958] n_tty_ioctl_helper+0x47c/0x670 [ 60.010343][ T8958] n_tty_ioctl+0x176/0x330 [ 60.014722][ T8958] ? n_tty_write+0x1270/0x1270 [ 60.019464][ T8958] tty_ioctl+0xf83/0x15c0 [ 60.023759][ T8958] ? tty_do_resize+0x180/0x180 [ 60.028514][ T8958] do_vfs_ioctl+0x744/0x1730 [ 60.033069][ T8958] ? __fget+0x431/0x510 [ 60.037195][ T8958] ? tomoyo_file_ioctl+0x23/0x30 [ 60.042206][ T8958] ? security_file_ioctl+0xa1/0xd0 [ 60.047285][ T8958] __x64_sys_ioctl+0xe3/0x120 [ 60.051929][ T8958] do_syscall_64+0xfe/0x140 [ 60.056404][ T8958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.062259][ T8958] RIP: 0033:0x446859 [ 60.066119][ T8958] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.085725][ T8958] RSP: 002b:00007fafebc91d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.094108][ T8958] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446859 [ 60.102046][ T8958] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 60.110478][ T8958] RBP: 00000000006dbc30 R08: 00007fafebc92700 R09: 0000000000000000 [ 60.118437][ T8958] R10: 00007fafebc92700 R11: 0000000000000246 R12: 00000000006dbc3c [ 60.126374][ T8958] R13: 00007ffd75b65dcf R14: 00007fafebc929c0 R15: 20c49ba5e353f7cf [ 60.135613][ T8958] Kernel Offset: disabled [ 60.139925][ T8958] Rebooting in 86400 seconds..