[ 70.143913][ T23] audit: type=1800 audit(1565566509.411:30): pid=10053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 79.032440][T10205] ================================================================== [ 79.040690][T10205] BUG: KASAN: null-ptr-deref in rxrpc_unuse_local+0x23/0x70 [ 79.047964][T10205] Write of size 4 at addr 0000000000000010 by task syz-executor012/10205 [ 79.056352][T10205] [ 79.058666][T10205] CPU: 0 PID: 10205 Comm: syz-executor012 Not tainted 5.3.0-rc3+ #157 [ 79.066788][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.077011][T10205] Call Trace: [ 79.082837][T10205] dump_stack+0x172/0x1f0 [ 79.087252][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.092239][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.097160][T10205] __kasan_report.cold+0x5/0x36 [ 79.102122][T10205] ? _raw_read_unlock_irqrestore+0xc1/0xe0 [ 79.107911][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.112842][T10205] kasan_report+0x12/0x17 [ 79.117167][T10205] check_memory_region+0x134/0x1a0 [ 79.122282][T10205] __kasan_check_write+0x14/0x20 [ 79.127207][T10205] rxrpc_unuse_local+0x23/0x70 [ 79.131949][T10205] rxrpc_release+0x47d/0x840 [ 79.136523][T10205] __sock_release+0xce/0x280 [ 79.141096][T10205] sock_close+0x1e/0x30 [ 79.145254][T10205] __fput+0x2ff/0x890 [ 79.149220][T10205] ? __sock_release+0x280/0x280 [ 79.154057][T10205] ____fput+0x16/0x20 [ 79.158021][T10205] task_work_run+0x145/0x1c0 [ 79.162593][T10205] do_exit+0x92f/0x2e50 [ 79.166750][T10205] ? __sanitizer_cov_trace_const_cmp4+0x1/0x20 [ 79.172890][T10205] ? mm_update_next_owner+0x640/0x640 [ 79.178270][T10205] ? fd_install+0x4d/0x60 [ 79.182582][T10205] ? __sys_socket+0x180/0x220 [ 79.187236][T10205] ? move_addr_to_kernel+0x80/0x80 [ 79.192328][T10205] ? __ia32_sys_fallocate+0xf0/0xf0 [ 79.197526][T10205] do_group_exit+0x135/0x360 [ 79.202136][T10205] __x64_sys_exit_group+0x44/0x50 [ 79.207165][T10205] do_syscall_64+0xfd/0x6a0 [ 79.211659][T10205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.217526][T10205] RIP: 0033:0x43ed68 [ 79.221410][T10205] Code: Bad RIP value. [ 79.225448][T10205] RSP: 002b:00007ffdbf30d728 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 79.233836][T10205] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68 [ 79.241792][T10205] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 79.249743][T10205] RBP: 00000000004be568 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 79.257694][T10205] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 79.265645][T10205] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 79.273914][T10205] ================================================================== [ 79.282089][T10205] Kernel panic - not syncing: panic_on_warn set ... [ 79.288939][T10205] CPU: 0 PID: 10205 Comm: syz-executor012 Tainted: G B 5.3.0-rc3+ #157 [ 79.298456][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.308948][T10205] Call Trace: [ 79.312276][T10205] dump_stack+0x172/0x1f0 [ 79.316601][T10205] panic+0x2dc/0x755 [ 79.320479][T10205] ? add_taint.cold+0x16/0x16 [ 79.325138][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.330061][T10205] ? preempt_schedule+0x4b/0x60 [ 79.334895][T10205] ? ___preempt_schedule+0x16/0x20 [ 79.340083][T10205] ? trace_hardirqs_on+0x5e/0x240 [ 79.345094][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.350026][T10205] end_report+0x47/0x4f [ 79.354182][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.359098][T10205] __kasan_report.cold+0xe/0x36 [ 79.364124][T10205] ? _raw_read_unlock_irqrestore+0xc1/0xe0 [ 79.369919][T10205] ? rxrpc_unuse_local+0x23/0x70 [ 79.374859][T10205] kasan_report+0x12/0x17 [ 79.379171][T10205] check_memory_region+0x134/0x1a0 [ 79.384260][T10205] __kasan_check_write+0x14/0x20 [ 79.389177][T10205] rxrpc_unuse_local+0x23/0x70 [ 79.393939][T10205] rxrpc_release+0x47d/0x840 [ 79.398511][T10205] __sock_release+0xce/0x280 [ 79.403082][T10205] sock_close+0x1e/0x30 [ 79.407228][T10205] __fput+0x2ff/0x890 [ 79.411205][T10205] ? __sock_release+0x280/0x280 [ 79.416040][T10205] ____fput+0x16/0x20 [ 79.420003][T10205] task_work_run+0x145/0x1c0 [ 79.424596][T10205] do_exit+0x92f/0x2e50 [ 79.428738][T10205] ? __sanitizer_cov_trace_const_cmp4+0x1/0x20 [ 79.435501][T10205] ? mm_update_next_owner+0x640/0x640 [ 79.440861][T10205] ? fd_install+0x4d/0x60 [ 79.445179][T10205] ? __sys_socket+0x180/0x220 [ 79.449835][T10205] ? move_addr_to_kernel+0x80/0x80 [ 79.454924][T10205] ? __ia32_sys_fallocate+0xf0/0xf0 [ 79.460100][T10205] do_group_exit+0x135/0x360 [ 79.464672][T10205] __x64_sys_exit_group+0x44/0x50 [ 79.469689][T10205] do_syscall_64+0xfd/0x6a0 [ 79.474178][T10205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.480070][T10205] RIP: 0033:0x43ed68 [ 79.483957][T10205] Code: Bad RIP value. [ 79.488002][T10205] RSP: 002b:00007ffdbf30d728 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 79.496569][T10205] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ed68 [ 79.504522][T10205] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 79.512472][T10205] RBP: 00000000004be568 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 79.520424][T10205] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 79.528401][T10205] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 79.538104][T10205] Kernel Offset: disabled [ 79.542437][T10205] Rebooting in 86400 seconds..