[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   28.054107] kauditd_printk_skb: 7 callbacks suppressed
[   28.054119] audit: type=1800 audit(1543413007.374:29): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   28.080930] audit: type=1800 audit(1543413007.384:30): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.061259] sshd (5974) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts.
2018/11/28 14:00:43 parsed 1 programs
[  665.364702] ld (6001) used greatest stack depth: 15296 bytes left
2018/11/28 14:00:44 executed programs: 0
[  665.525832] IPVS: ftp: loaded support on port[0] = 21
[  665.779718] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.787051] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.794348] device bridge_slave_0 entered promiscuous mode
[  665.812782] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.819405] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.826346] device bridge_slave_1 entered promiscuous mode
[  665.844151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  665.861851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  665.910841] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  665.932338] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  666.008840] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  666.016106] team0: Port device team_slave_0 added
[  666.034343] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  666.042039] team0: Port device team_slave_1 added
[  666.059407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  666.079483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  666.099329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  666.120147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  666.272248] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.278828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.285798] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.292218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.821499] 8021q: adding VLAN 0 to HW filter on device bond0
[  666.874272] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  666.927520] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  666.933841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  666.942622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  666.990238] 8021q: adding VLAN 0 to HW filter on device team0
2018/11/28 14:00:49 executed programs: 160
2018/11/28 14:00:54 executed programs: 397
2018/11/28 14:00:59 executed programs: 645
2018/11/28 14:01:04 executed programs: 886
2018/11/28 14:01:09 executed programs: 1135
2018/11/28 14:01:14 executed programs: 1381
2018/11/28 14:01:19 executed programs: 1629
[  703.627976] ==================================================================
[  703.635513] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[  703.642602] Write of size 512 at addr 0000000000001060 by task syz-executor0/13293
[  703.650288] 
[  703.651898] CPU: 1 PID: 13293 Comm: syz-executor0 Not tainted 4.20.0-rc4+ #352
[  703.659239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  703.668572] Call Trace:
[  703.671175]  dump_stack+0x244/0x39d
[  703.674789]  ? dump_stack_print_info.cold.1+0x20/0x20
[  703.679965]  ? vprintk_func+0x85/0x181
[  703.683841]  kasan_report.cold.8+0x6d/0x309
[  703.688166]  ? n_tty_set_termios+0x106/0xe80
[  703.692592]  check_memory_region+0x13e/0x1b0
[  703.696999]  memset+0x23/0x40
[  703.700091]  n_tty_set_termios+0x106/0xe80
[  703.704312]  ? n_tty_receive_signal_char+0x120/0x120
[  703.709403]  tty_set_termios+0x7a0/0xac0
[  703.713457]  ? tty_wait_until_sent+0x5d0/0x5d0
[  703.718045]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  703.723581]  set_termios+0x41e/0x7d0
[  703.727281]  ? tty_perform_flush+0x80/0x80
[  703.731509]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  703.736619]  tty_mode_ioctl+0x857/0xb40
[  703.740579]  ? set_termios+0x7d0/0x7d0
[  703.744460]  ? perf_trace_sched_process_exec+0x860/0x860
[  703.749901]  n_tty_ioctl_helper+0x54/0x3b0
[  703.754124]  n_tty_ioctl+0x54/0x360
[  703.757734]  ? ldsem_down_read+0x32/0x40
[  703.761776]  ? ldsem_down_read+0x32/0x40
[  703.765820]  tty_ioctl+0x5c6/0x17d0
[  703.769428]  ? commit_echoes+0x1c0/0x1c0
[  703.773472]  ? tty_vhangup+0x30/0x30
[  703.777167]  ? find_held_lock+0x36/0x1c0
[  703.781214]  ? __fget+0x4aa/0x740
[  703.784650]  ? lock_downgrade+0x900/0x900
[  703.788803]  ? check_preemption_disabled+0x48/0x280
[  703.793802]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  703.798713]  ? kasan_check_read+0x11/0x20
[  703.802859]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  703.808119]  ? rcu_softirq_qs+0x20/0x20
[  703.812081]  ? __fget+0x4d1/0x740
[  703.815541]  ? ksys_dup3+0x680/0x680
[  703.819244]  ? __might_fault+0x12b/0x1e0
[  703.823289]  ? lock_downgrade+0x900/0x900
[  703.827420]  ? lock_release+0xa00/0xa00
[  703.831393]  ? perf_trace_sched_process_exec+0x860/0x860
[  703.836823]  ? tty_vhangup+0x30/0x30
[  703.840549]  do_vfs_ioctl+0x1de/0x1790
[  703.844424]  ? ioctl_preallocate+0x300/0x300
[  703.848813]  ? __fget_light+0x2e9/0x430
[  703.852769]  ? fget_raw+0x20/0x20
[  703.856205]  ? _copy_to_user+0xc8/0x110
[  703.860186]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  703.865723]  ? put_timespec64+0x10f/0x1b0
[  703.869853]  ? nsecs_to_jiffies+0x30/0x30
[  703.873987]  ? do_syscall_64+0x9a/0x820
[  703.877951]  ? do_syscall_64+0x9a/0x820
[  703.881926]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  703.886493]  ? security_file_ioctl+0x94/0xc0
[  703.890887]  ksys_ioctl+0xa9/0xd0
[  703.894321]  __x64_sys_ioctl+0x73/0xb0
[  703.898244]  do_syscall_64+0x1b9/0x820
[  703.902140]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  703.907484]  ? syscall_return_slowpath+0x5e0/0x5e0
[  703.912395]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  703.917234]  ? trace_hardirqs_on_caller+0x310/0x310
[  703.922232]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  703.927233]  ? prepare_exit_to_usermode+0x291/0x3b0
[  703.932239]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  703.937067]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  703.942242] RIP: 0033:0x457569
[  703.945420] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  703.964318] RSP: 002b:00007f865269bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  703.972011] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  703.979278] RDX: 0000000020000140 RSI: 0000000000005402 RDI: 0000000000000005
[  703.986530] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  703.993778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f865269c6d4
[  704.001028] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  704.008288] ==================================================================
[  704.015622] Disabling lock debugging due to kernel taint
[  704.021818] Kernel panic - not syncing: panic_on_warn set ...
[  704.027758] CPU: 1 PID: 13293 Comm: syz-executor0 Tainted: G    B             4.20.0-rc4+ #352
[  704.036485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  704.045835] Call Trace:
[  704.048414]  dump_stack+0x244/0x39d
[  704.052027]  ? dump_stack_print_info.cold.1+0x20/0x20
[  704.057204]  panic+0x2ad/0x55c
[  704.060420]  ? add_taint.cold.5+0x16/0x16
[  704.064549]  ? preempt_schedule+0x4d/0x60
[  704.068693]  ? ___preempt_schedule+0x16/0x18
[  704.073081]  ? trace_hardirqs_on+0xb4/0x310
[  704.077388]  kasan_end_report+0x47/0x4f
[  704.081356]  kasan_report.cold.8+0x76/0x309
[  704.085658]  ? n_tty_set_termios+0x106/0xe80
[  704.090047]  check_memory_region+0x13e/0x1b0
[  704.094434]  memset+0x23/0x40
[  704.097519]  n_tty_set_termios+0x106/0xe80
[  704.101735]  ? n_tty_receive_signal_char+0x120/0x120
[  704.106818]  tty_set_termios+0x7a0/0xac0
[  704.110861]  ? tty_wait_until_sent+0x5d0/0x5d0
[  704.115428]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  704.120946]  set_termios+0x41e/0x7d0
[  704.124640]  ? tty_perform_flush+0x80/0x80
[  704.128862]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  704.133962]  tty_mode_ioctl+0x857/0xb40
[  704.137920]  ? set_termios+0x7d0/0x7d0
[  704.141795]  ? perf_trace_sched_process_exec+0x860/0x860
[  704.147241]  n_tty_ioctl_helper+0x54/0x3b0
[  704.151469]  n_tty_ioctl+0x54/0x360
[  704.155076]  ? ldsem_down_read+0x32/0x40
[  704.159120]  ? ldsem_down_read+0x32/0x40
[  704.163163]  tty_ioctl+0x5c6/0x17d0
[  704.166770]  ? commit_echoes+0x1c0/0x1c0
[  704.170811]  ? tty_vhangup+0x30/0x30
[  704.174504]  ? find_held_lock+0x36/0x1c0
[  704.178547]  ? __fget+0x4aa/0x740
[  704.181984]  ? lock_downgrade+0x900/0x900
[  704.186119]  ? check_preemption_disabled+0x48/0x280
[  704.191119]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  704.196029]  ? kasan_check_read+0x11/0x20
[  704.200154]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  704.205410]  ? rcu_softirq_qs+0x20/0x20
[  704.209370]  ? __fget+0x4d1/0x740
[  704.212805]  ? ksys_dup3+0x680/0x680
[  704.216498]  ? __might_fault+0x12b/0x1e0
[  704.220541]  ? lock_downgrade+0x900/0x900
[  704.224674]  ? lock_release+0xa00/0xa00
[  704.228630]  ? perf_trace_sched_process_exec+0x860/0x860
[  704.234061]  ? tty_vhangup+0x30/0x30
[  704.237754]  do_vfs_ioctl+0x1de/0x1790
[  704.241626]  ? ioctl_preallocate+0x300/0x300
[  704.246031]  ? __fget_light+0x2e9/0x430
[  704.249983]  ? fget_raw+0x20/0x20
[  704.253415]  ? _copy_to_user+0xc8/0x110
[  704.257389]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  704.262912]  ? put_timespec64+0x10f/0x1b0
[  704.267041]  ? nsecs_to_jiffies+0x30/0x30
[  704.271175]  ? do_syscall_64+0x9a/0x820
[  704.275128]  ? do_syscall_64+0x9a/0x820
[  704.279085]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  704.283651]  ? security_file_ioctl+0x94/0xc0
[  704.288049]  ksys_ioctl+0xa9/0xd0
[  704.291496]  __x64_sys_ioctl+0x73/0xb0
[  704.295378]  do_syscall_64+0x1b9/0x820
[  704.299245]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  704.304588]  ? syscall_return_slowpath+0x5e0/0x5e0
[  704.309499]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  704.314325]  ? trace_hardirqs_on_caller+0x310/0x310
[  704.319330]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  704.324338]  ? prepare_exit_to_usermode+0x291/0x3b0
[  704.329346]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  704.334170]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  704.339343] RIP: 0033:0x457569
[  704.342532] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  704.361428] RSP: 002b:00007f865269bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  704.369134] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  704.376383] RDX: 0000000020000140 RSI: 0000000000005402 RDI: 0000000000000005
[  704.383632] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  704.390885] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f865269c6d4
[  704.398149] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  704.406364] Kernel Offset: disabled
[  704.409989] Rebooting in 86400 seconds..