[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.042430][ T27] audit: type=1800 audit(1578562770.339:25): pid=9478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 66.069053][ T27] audit: type=1800 audit(1578562770.339:26): pid=9478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 66.099925][ T27] audit: type=1800 audit(1578562770.339:27): pid=9478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.642945][ T9629] ================================================================== [ 76.643002][ T9629] BUG: KASAN: null-ptr-deref in insert_char+0x206/0x400 [ 76.643014][ T9629] Read of size 4294967294 at addr 0000000000000010 by task syz-executor425/9629 [ 76.643018][ T9629] [ 76.643032][ T9629] CPU: 0 PID: 9629 Comm: syz-executor425 Not tainted 5.5.0-rc5-syzkaller #0 [ 76.643041][ T9629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.643046][ T9629] Call Trace: [ 76.643063][ T9629] dump_stack+0x197/0x210 [ 76.643079][ T9629] ? insert_char+0x206/0x400 [ 76.643094][ T9629] ? insert_char+0x206/0x400 [ 76.643113][ T9629] __kasan_report.cold+0x5/0x41 [ 76.643130][ T9629] ? insert_char+0x206/0x400 [ 76.643148][ T9629] kasan_report+0x12/0x20 [ 76.643162][ T9629] check_memory_region+0x134/0x1a0 [ 76.643176][ T9629] memmove+0x24/0x50 [ 76.643191][ T9629] insert_char+0x206/0x400 [ 76.643214][ T9629] do_con_trol+0x41a6/0x61b0 [ 76.643236][ T9629] ? reset_palette+0x190/0x190 [ 76.643253][ T9629] ? __kasan_check_read+0x11/0x20 [ 76.643275][ T9629] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 76.643297][ T9629] do_con_write.part.0+0xfd9/0x1ef0 [ 76.643330][ T9629] ? do_con_trol+0x61b0/0x61b0 [ 76.643343][ T9629] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 76.643355][ T9629] ? add_wait_queue+0x112/0x170 [ 76.643367][ T9629] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 76.643395][ T9629] ? trace_hardirqs_on+0x67/0x240 [ 76.643413][ T9629] con_write+0x46/0xd0 [ 76.643431][ T9629] n_tty_write+0x40e/0x1080 [ 76.643461][ T9629] ? n_tty_read+0x1bf0/0x1bf0 [ 76.643477][ T9629] ? prepare_to_wait_exclusive+0x320/0x320 [ 76.643498][ T9629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 76.643515][ T9629] ? _copy_from_user+0x12c/0x1a0 [ 76.643534][ T9629] tty_write+0x496/0x7f0 [ 76.643554][ T9629] ? n_tty_read+0x1bf0/0x1bf0 [ 76.643574][ T9629] __vfs_write+0x8a/0x110 [ 76.643588][ T9629] ? put_tty_driver+0x20/0x20 [ 76.643606][ T9629] vfs_write+0x268/0x5d0 [ 76.643623][ T9629] ksys_write+0x14f/0x290 [ 76.643637][ T9629] ? __ia32_sys_read+0xb0/0xb0 [ 76.643654][ T9629] ? do_fast_syscall_32+0xd1/0xe16 [ 76.643666][ T9629] ? entry_SYSENTER_compat+0x70/0x7f [ 76.643679][ T9629] ? do_fast_syscall_32+0xd1/0xe16 [ 76.643696][ T9629] __ia32_sys_write+0x71/0xb0 [ 76.643710][ T9629] do_fast_syscall_32+0x27b/0xe16 [ 76.643728][ T9629] entry_SYSENTER_compat+0x70/0x7f [ 76.643739][ T9629] RIP: 0023:0xf7faba39 [ 76.643755][ T9629] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 76.643764][ T9629] RSP: 002b:00000000ff804b4c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 76.643779][ T9629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 76.643788][ T9629] RDX: 0000000000000078 RSI: 00000000080eb080 RDI: 00000000ff804ba0 [ 76.643797][ T9629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 76.643806][ T9629] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 76.643814][ T9629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.643837][ T9629] ================================================================== [ 76.643842][ T9629] Disabling lock debugging due to kernel taint [ 76.643850][ T9629] Kernel panic - not syncing: panic_on_warn set ... [ 76.643866][ T9629] CPU: 0 PID: 9629 Comm: syz-executor425 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 76.643872][ T9629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.643876][ T9629] Call Trace: [ 76.643889][ T9629] dump_stack+0x197/0x210 [ 76.643905][ T9629] panic+0x2e3/0x75c [ 76.643919][ T9629] ? add_taint.cold+0x16/0x16 [ 76.643939][ T9629] ? trace_hardirqs_on+0x67/0x240 [ 76.643953][ T9629] ? trace_hardirqs_on+0x5e/0x240 [ 76.643969][ T9629] ? insert_char+0x206/0x400 [ 76.643982][ T9629] end_report+0x47/0x4f [ 76.643996][ T9629] ? insert_char+0x206/0x400 [ 76.644009][ T9629] __kasan_report.cold+0xe/0x41 [ 76.644025][ T9629] ? insert_char+0x206/0x400 [ 76.644039][ T9629] kasan_report+0x12/0x20 [ 76.644053][ T9629] check_memory_region+0x134/0x1a0 [ 76.644065][ T9629] memmove+0x24/0x50 [ 76.644079][ T9629] insert_char+0x206/0x400 [ 76.644095][ T9629] do_con_trol+0x41a6/0x61b0 [ 76.644113][ T9629] ? reset_palette+0x190/0x190 [ 76.644127][ T9629] ? __kasan_check_read+0x11/0x20 [ 76.644144][ T9629] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 76.644164][ T9629] do_con_write.part.0+0xfd9/0x1ef0 [ 76.644187][ T9629] ? do_con_trol+0x61b0/0x61b0 [ 76.644199][ T9629] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 76.644211][ T9629] ? add_wait_queue+0x112/0x170 [ 76.644223][ T9629] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 76.644240][ T9629] ? trace_hardirqs_on+0x67/0x240 [ 76.644255][ T9629] con_write+0x46/0xd0 [ 76.644272][ T9629] n_tty_write+0x40e/0x1080 [ 76.644294][ T9629] ? n_tty_read+0x1bf0/0x1bf0 [ 76.644309][ T9629] ? prepare_to_wait_exclusive+0x320/0x320 [ 76.644327][ T9629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 76.644342][ T9629] ? _copy_from_user+0x12c/0x1a0 [ 76.644357][ T9629] tty_write+0x496/0x7f0 [ 76.644379][ T9629] ? n_tty_read+0x1bf0/0x1bf0 [ 76.644395][ T9629] __vfs_write+0x8a/0x110 [ 76.644409][ T9629] ? put_tty_driver+0x20/0x20 [ 76.644423][ T9629] vfs_write+0x268/0x5d0 [ 76.644439][ T9629] ksys_write+0x14f/0x290 [ 76.644454][ T9629] ? __ia32_sys_read+0xb0/0xb0 [ 76.644470][ T9629] ? do_fast_syscall_32+0xd1/0xe16 [ 76.644483][ T9629] ? entry_SYSENTER_compat+0x70/0x7f [ 76.644498][ T9629] ? do_fast_syscall_32+0xd1/0xe16 [ 76.644514][ T9629] __ia32_sys_write+0x71/0xb0 [ 76.644528][ T9629] do_fast_syscall_32+0x27b/0xe16 [ 76.644544][ T9629] entry_SYSENTER_compat+0x70/0x7f [ 76.644553][ T9629] RIP: 0023:0xf7faba39 [ 76.644566][ T9629] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 76.644573][ T9629] RSP: 002b:00000000ff804b4c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 76.644585][ T9629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 76.644592][ T9629] RDX: 0000000000000078 RSI: 00000000080eb080 RDI: 00000000ff804ba0 [ 76.644600][ T9629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 76.644608][ T9629] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 76.644615][ T9629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.646090][ T9629] Kernel Offset: disabled [ 77.284608][ T9629] Rebooting in 86400 seconds..