[ 98.531529][ T27] audit: type=1800 audit(1578562742.107:27): pid=9472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 98.575705][ T27] audit: type=1800 audit(1578562742.107:28): pid=9472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 99.489043][ T27] audit: type=1800 audit(1578562743.107:29): pid=9472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 99.509388][ T27] audit: type=1800 audit(1578562743.117:30): pid=9472 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 109.148552][ T9626] ================================================================== [ 109.148612][ T9626] BUG: KASAN: null-ptr-deref in insert_char+0x206/0x400 [ 109.148624][ T9626] Read of size 4294967294 at addr 0000000000000010 by task syz-executor192/9626 [ 109.148628][ T9626] [ 109.148644][ T9626] CPU: 1 PID: 9626 Comm: syz-executor192 Not tainted 5.5.0-rc5-syzkaller #0 [ 109.148653][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.148658][ T9626] Call Trace: [ 109.148676][ T9626] dump_stack+0x197/0x210 [ 109.148692][ T9626] ? insert_char+0x206/0x400 [ 109.148707][ T9626] ? insert_char+0x206/0x400 [ 109.148724][ T9626] __kasan_report.cold+0x5/0x41 [ 109.148741][ T9626] ? insert_char+0x206/0x400 [ 109.148756][ T9626] kasan_report+0x12/0x20 [ 109.148771][ T9626] check_memory_region+0x134/0x1a0 [ 109.148787][ T9626] memmove+0x24/0x50 [ 109.148803][ T9626] insert_char+0x206/0x400 [ 109.148826][ T9626] do_con_trol+0x41a6/0x61b0 [ 109.148848][ T9626] ? reset_palette+0x190/0x190 [ 109.148864][ T9626] ? __kasan_check_read+0x11/0x20 [ 109.148892][ T9626] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 109.148914][ T9626] do_con_write.part.0+0xfd9/0x1ef0 [ 109.148946][ T9626] ? do_con_trol+0x61b0/0x61b0 [ 109.148958][ T9626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 109.148969][ T9626] ? add_wait_queue+0x112/0x170 [ 109.148982][ T9626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 109.149001][ T9626] ? trace_hardirqs_on+0x67/0x240 [ 109.149019][ T9626] con_write+0x46/0xd0 [ 109.149037][ T9626] n_tty_write+0x40e/0x1080 [ 109.149065][ T9626] ? n_tty_read+0x1bf0/0x1bf0 [ 109.149082][ T9626] ? prepare_to_wait_exclusive+0x320/0x320 [ 109.149103][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.149120][ T9626] ? _copy_from_user+0x12c/0x1a0 [ 109.149140][ T9626] tty_write+0x496/0x7f0 [ 109.149160][ T9626] ? n_tty_read+0x1bf0/0x1bf0 [ 109.149181][ T9626] __vfs_write+0x8a/0x110 [ 109.149195][ T9626] ? put_tty_driver+0x20/0x20 [ 109.149212][ T9626] vfs_write+0x268/0x5d0 [ 109.149230][ T9626] ksys_write+0x14f/0x290 [ 109.149247][ T9626] ? __ia32_sys_read+0xb0/0xb0 [ 109.149264][ T9626] ? do_syscall_64+0x26/0x790 [ 109.149277][ T9626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.149290][ T9626] ? do_syscall_64+0x26/0x790 [ 109.149317][ T9626] __x64_sys_write+0x73/0xb0 [ 109.149335][ T9626] do_syscall_64+0xfa/0x790 [ 109.149354][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.149365][ T9626] RIP: 0033:0x4404f9 [ 109.149381][ T9626] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.149389][ T9626] RSP: 002b:00007ffec3468fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.149404][ T9626] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 109.149413][ T9626] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 109.149422][ T9626] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 109.149431][ T9626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 109.149440][ T9626] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 109.149462][ T9626] ================================================================== [ 109.149468][ T9626] Disabling lock debugging due to kernel taint [ 109.149475][ T9626] Kernel panic - not syncing: panic_on_warn set ... [ 109.149491][ T9626] CPU: 1 PID: 9626 Comm: syz-executor192 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 109.149499][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.149503][ T9626] Call Trace: [ 109.149516][ T9626] dump_stack+0x197/0x210 [ 109.149533][ T9626] panic+0x2e3/0x75c [ 109.149547][ T9626] ? add_taint.cold+0x16/0x16 [ 109.149566][ T9626] ? trace_hardirqs_on+0x67/0x240 [ 109.149580][ T9626] ? trace_hardirqs_on+0x5e/0x240 [ 109.149596][ T9626] ? insert_char+0x206/0x400 [ 109.149609][ T9626] end_report+0x47/0x4f [ 109.149622][ T9626] ? insert_char+0x206/0x400 [ 109.149634][ T9626] __kasan_report.cold+0xe/0x41 [ 109.149649][ T9626] ? insert_char+0x206/0x400 [ 109.149662][ T9626] kasan_report+0x12/0x20 [ 109.149675][ T9626] check_memory_region+0x134/0x1a0 [ 109.149688][ T9626] memmove+0x24/0x50 [ 109.149702][ T9626] insert_char+0x206/0x400 [ 109.149719][ T9626] do_con_trol+0x41a6/0x61b0 [ 109.149736][ T9626] ? reset_palette+0x190/0x190 [ 109.149750][ T9626] ? __kasan_check_read+0x11/0x20 [ 109.149766][ T9626] ? __atomic_notifier_call_chain+0xf8/0x1a0 [ 109.149785][ T9626] do_con_write.part.0+0xfd9/0x1ef0 [ 109.149808][ T9626] ? do_con_trol+0x61b0/0x61b0 [ 109.149821][ T9626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 109.149833][ T9626] ? add_wait_queue+0x112/0x170 [ 109.149845][ T9626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 109.149862][ T9626] ? trace_hardirqs_on+0x67/0x240 [ 109.149877][ T9626] con_write+0x46/0xd0 [ 109.149893][ T9626] n_tty_write+0x40e/0x1080 [ 109.149916][ T9626] ? n_tty_read+0x1bf0/0x1bf0 [ 109.149931][ T9626] ? prepare_to_wait_exclusive+0x320/0x320 [ 109.149948][ T9626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.149963][ T9626] ? _copy_from_user+0x12c/0x1a0 [ 109.149978][ T9626] tty_write+0x496/0x7f0 [ 109.149995][ T9626] ? n_tty_read+0x1bf0/0x1bf0 [ 109.150010][ T9626] __vfs_write+0x8a/0x110 [ 109.150023][ T9626] ? put_tty_driver+0x20/0x20 [ 109.150038][ T9626] vfs_write+0x268/0x5d0 [ 109.150053][ T9626] ksys_write+0x14f/0x290 [ 109.150068][ T9626] ? __ia32_sys_read+0xb0/0xb0 [ 109.150083][ T9626] ? do_syscall_64+0x26/0x790 [ 109.150097][ T9626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.150111][ T9626] ? do_syscall_64+0x26/0x790 [ 109.150127][ T9626] __x64_sys_write+0x73/0xb0 [ 109.150143][ T9626] do_syscall_64+0xfa/0x790 [ 109.150158][ T9626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.150167][ T9626] RIP: 0033:0x4404f9 [ 109.150181][ T9626] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.150188][ T9626] RSP: 002b:00007ffec3468fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.150200][ T9626] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9 [ 109.150207][ T9626] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004 [ 109.150215][ T9626] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 109.150222][ T9626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0 [ 109.150230][ T9626] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 [ 109.151669][ T9626] Kernel Offset: disabled [ 109.782021][ T9626] Rebooting in 86400 seconds..