[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.082942][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 60.082952][ T27] audit: type=1800 audit(1566080449.136:29): pid=9488 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 60.109105][ T27] audit: type=1800 audit(1566080449.136:30): pid=9488 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program syzkaller login: [ 70.793177][ T9691] ================================================================== [ 70.801309][ T9691] BUG: KASAN: null-ptr-deref in queue_work_on+0xa6/0x210 [ 70.808326][ T9691] Write of size 8 at addr 0000000000000050 by task syz-executor935/9691 [ 70.816638][ T9691] [ 70.818968][ T9691] CPU: 0 PID: 9691 Comm: syz-executor935 Not tainted 5.3.0-rc4+ #113 [ 70.827020][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.837061][ T9691] Call Trace: [ 70.840349][ T9691] dump_stack+0x172/0x1f0 [ 70.844676][ T9691] ? queue_work_on+0xa6/0x210 [ 70.849350][ T9691] ? queue_work_on+0xa6/0x210 [ 70.854024][ T9691] __kasan_report.cold+0x5/0x36 [ 70.858870][ T9691] ? queue_work_on+0xa6/0x210 [ 70.863542][ T9691] ? slc_setup+0x260/0x260 [ 70.867980][ T9691] kasan_report+0x12/0x17 [ 70.872303][ T9691] check_memory_region+0x134/0x1a0 [ 70.877408][ T9691] ? slc_setup+0x260/0x260 [ 70.881817][ T9691] __kasan_check_write+0x14/0x20 [ 70.886748][ T9691] queue_work_on+0xa6/0x210 [ 70.891242][ T9691] ? slc_setup+0x260/0x260 [ 70.895652][ T9691] slcan_write_wakeup+0x66/0x90 [ 70.900496][ T9691] ? pty_write_room+0xf0/0xf0 [ 70.905171][ T9691] tty_wakeup+0xe9/0x120 [ 70.909407][ T9691] ? pty_write_room+0xf0/0xf0 [ 70.914229][ T9691] pty_unthrottle+0x37/0x60 [ 70.918728][ T9691] tty_unthrottle+0xab/0x110 [ 70.923310][ T9691] ? n_tty_kick_worker+0x240/0x240 [ 70.928418][ T9691] __tty_perform_flush+0x1b3/0x200 [ 70.933527][ T9691] n_tty_ioctl_helper+0x1cc/0x3b0 [ 70.938545][ T9691] n_tty_ioctl+0x59/0x370 [ 70.942872][ T9691] ? ldsem_down_read+0x33/0x40 [ 70.947637][ T9691] tty_ioctl+0xaf9/0x14f0 [ 70.951961][ T9691] ? n_tty_receive_signal_char+0x120/0x120 [ 70.957758][ T9691] ? do_tty_hangup+0x30/0x30 [ 70.962345][ T9691] ? tomoyo_path_number_perm+0x459/0x520 [ 70.967975][ T9691] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.974210][ T9691] ? tomoyo_path_number_perm+0x263/0x520 [ 70.979837][ T9691] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 70.986108][ T9691] ? __kasan_check_read+0x11/0x20 [ 70.991131][ T9691] ? do_tty_hangup+0x30/0x30 [ 70.995719][ T9691] do_vfs_ioctl+0xdb6/0x13e0 [ 71.000304][ T9691] ? ioctl_preallocate+0x210/0x210 [ 71.005412][ T9691] ? __fget+0x384/0x560 [ 71.009578][ T9691] ? ksys_dup3+0x3e0/0x3e0 [ 71.013988][ T9691] ? calculate_sigpending+0x86/0xa0 [ 71.020212][ T9691] ? __kasan_check_read+0x11/0x20 [ 71.025247][ T9691] ? tomoyo_file_ioctl+0x23/0x30 [ 71.030178][ T9691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 71.036421][ T9691] ? security_file_ioctl+0x8d/0xc0 [ 71.041526][ T9691] ksys_ioctl+0xab/0xd0 [ 71.045686][ T9691] __x64_sys_ioctl+0x73/0xb0 [ 71.050267][ T9691] do_syscall_64+0xfd/0x6a0 [ 71.054768][ T9691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.060653][ T9691] RIP: 0033:0x446859 [ 71.064541][ T9691] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.084145][ T9691] RSP: 002b:00007f17a0a3fd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.092560][ T9691] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446859 [ 71.100521][ T9691] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 71.108487][ T9691] RBP: 00000000006dbc30 R08: 00007f17a0a40700 R09: 0000000000000000 [ 71.116452][ T9691] R10: 00007f17a0a40700 R11: 0000000000000246 R12: 00000000006dbc3c [ 71.124416][ T9691] R13: 00007ffdfd0bdb5f R14: 00007f17a0a409c0 R15: 20c49ba5e353f7cf [ 71.133263][ T9691] ================================================================== [ 71.141321][ T9691] Kernel panic - not syncing: panic_on_warn set ... [ 71.147904][ T9691] CPU: 0 PID: 9691 Comm: syz-executor935 Tainted: G B 5.3.0-rc4+ #113 [ 71.157340][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.167391][ T9691] Call Trace: [ 71.170682][ T9691] dump_stack+0x172/0x1f0 [ 71.175007][ T9691] panic+0x2dc/0x755 [ 71.178910][ T9691] ? add_taint.cold+0x16/0x16 [ 71.183607][ T9691] ? queue_work_on+0xa6/0x210 [ 71.188275][ T9691] ? trace_hardirqs_off+0x62/0x240 [ 71.193380][ T9691] ? trace_hardirqs_off+0x59/0x240 [ 71.198487][ T9691] ? queue_work_on+0xa6/0x210 [ 71.203162][ T9691] end_report+0x47/0x4f [ 71.207315][ T9691] ? queue_work_on+0xa6/0x210 [ 71.211990][ T9691] __kasan_report.cold+0xe/0x36 [ 71.216836][ T9691] ? queue_work_on+0xa6/0x210 [ 71.221508][ T9691] ? slc_setup+0x260/0x260 [ 71.225922][ T9691] kasan_report+0x12/0x17 [ 71.230337][ T9691] check_memory_region+0x134/0x1a0 [ 71.235447][ T9691] ? slc_setup+0x260/0x260 [ 71.239857][ T9691] __kasan_check_write+0x14/0x20 [ 71.244792][ T9691] queue_work_on+0xa6/0x210 [ 71.249292][ T9691] ? slc_setup+0x260/0x260 [ 71.253698][ T9691] slcan_write_wakeup+0x66/0x90 [ 71.258540][ T9691] ? pty_write_room+0xf0/0xf0 [ 71.263217][ T9691] tty_wakeup+0xe9/0x120 [ 71.267456][ T9691] ? pty_write_room+0xf0/0xf0 [ 71.272123][ T9691] pty_unthrottle+0x37/0x60 [ 71.276626][ T9691] tty_unthrottle+0xab/0x110 [ 71.281208][ T9691] ? n_tty_kick_worker+0x240/0x240 [ 71.286312][ T9691] __tty_perform_flush+0x1b3/0x200 [ 71.291417][ T9691] n_tty_ioctl_helper+0x1cc/0x3b0 [ 71.296434][ T9691] n_tty_ioctl+0x59/0x370 [ 71.300758][ T9691] ? ldsem_down_read+0x33/0x40 [ 71.305519][ T9691] tty_ioctl+0xaf9/0x14f0 [ 71.309847][ T9691] ? n_tty_receive_signal_char+0x120/0x120 [ 71.315646][ T9691] ? do_tty_hangup+0x30/0x30 [ 71.320234][ T9691] ? tomoyo_path_number_perm+0x459/0x520 [ 71.325863][ T9691] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 71.332098][ T9691] ? tomoyo_path_number_perm+0x263/0x520 [ 71.337817][ T9691] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 71.343624][ T9691] ? __kasan_check_read+0x11/0x20 [ 71.348644][ T9691] ? do_tty_hangup+0x30/0x30 [ 71.353229][ T9691] do_vfs_ioctl+0xdb6/0x13e0 [ 71.357815][ T9691] ? ioctl_preallocate+0x210/0x210 [ 71.362917][ T9691] ? __fget+0x384/0x560 [ 71.367069][ T9691] ? ksys_dup3+0x3e0/0x3e0 [ 71.371479][ T9691] ? calculate_sigpending+0x86/0xa0 [ 71.376672][ T9691] ? __kasan_check_read+0x11/0x20 [ 71.381695][ T9691] ? tomoyo_file_ioctl+0x23/0x30 [ 71.386628][ T9691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 71.392862][ T9691] ? security_file_ioctl+0x8d/0xc0 [ 71.397964][ T9691] ksys_ioctl+0xab/0xd0 [ 71.402114][ T9691] __x64_sys_ioctl+0x73/0xb0 [ 71.406699][ T9691] do_syscall_64+0xfd/0x6a0 [ 71.411204][ T9691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.417088][ T9691] RIP: 0033:0x446859 [ 71.420975][ T9691] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.440582][ T9691] RSP: 002b:00007f17a0a3fd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.448983][ T9691] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446859 [ 71.456944][ T9691] RDX: 0000000000000000 RSI: 000000000000540b RDI: 0000000000000003 [ 71.464910][ T9691] RBP: 00000000006dbc30 R08: 00007f17a0a40700 R09: 0000000000000000 [ 71.472873][ T9691] R10: 00007f17a0a40700 R11: 0000000000000246 R12: 00000000006dbc3c [ 71.480832][ T9691] R13: 00007ffdfd0bdb5f R14: 00007f17a0a409c0 R15: 20c49ba5e353f7cf [ 71.489983][ T9691] Kernel Offset: disabled [ 71.494301][ T9691] Rebooting in 86400 seconds..