[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.687595] kauditd_printk_skb: 7 callbacks suppressed
[   29.687607] audit: type=1800 audit(1542494039.285:29): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.713357] audit: type=1800 audit(1542494039.285:30): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts.
2018/11/17 22:35:15 parsed 1 programs
2018/11/17 22:35:16 executed programs: 0
syzkaller login: [  106.682129] IPVS: ftp: loaded support on port[0] = 21
[  106.931054] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.937886] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.945398] device bridge_slave_0 entered promiscuous mode
[  106.963627] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.970340] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.977691] device bridge_slave_1 entered promiscuous mode
[  106.995116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  107.014076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  107.062367] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  107.083161] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  107.157641] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  107.165246] team0: Port device team_slave_0 added
[  107.184267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  107.191503] team0: Port device team_slave_1 added
[  107.208746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.228787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.248823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.269974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.418978] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.425577] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.432367] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.438725] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.969305] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.021763] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  108.075934] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  108.082564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  108.092327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.135534] 8021q: adding VLAN 0 to HW filter on device team0
2018/11/17 22:35:21 executed programs: 102
2018/11/17 22:35:26 executed programs: 254
2018/11/17 22:35:31 executed programs: 406
2018/11/17 22:35:36 executed programs: 560
2018/11/17 22:35:41 executed programs: 715
2018/11/17 22:35:46 executed programs: 866
[  139.257126] ==================================================================
[  139.264692] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[  139.271791] Write of size 512 at addr 0000000000001060 by task syz-executor0/11989
[  139.279499] 
[  139.281143] CPU: 0 PID: 11989 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #117
[  139.288494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  139.297856] Call Trace:
[  139.300448]  dump_stack+0x244/0x39d
[  139.304092]  ? dump_stack_print_info.cold.1+0x20/0x20
[  139.309268]  ? vprintk_func+0x85/0x181
[  139.313142]  kasan_report.cold.8+0x6d/0x309
[  139.317449]  ? n_tty_set_termios+0x106/0xe80
[  139.321847]  check_memory_region+0x13e/0x1b0
[  139.326254]  memset+0x23/0x40
[  139.329347]  n_tty_set_termios+0x106/0xe80
[  139.333568]  ? n_tty_receive_signal_char+0x120/0x120
[  139.338654]  tty_set_termios+0x7a0/0xac0
[  139.342702]  ? tty_wait_until_sent+0x5d0/0x5d0
[  139.347287]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  139.352826]  set_termios+0x41e/0x7d0
[  139.356593]  ? tty_perform_flush+0x80/0x80
[  139.360822]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  139.365907]  tty_mode_ioctl+0x857/0xb40
[  139.369867]  ? set_termios+0x7d0/0x7d0
[  139.373743]  ? perf_trace_sched_process_exec+0x860/0x860
[  139.379179]  n_tty_ioctl_helper+0x54/0x3b0
[  139.383397]  n_tty_ioctl+0x54/0x360
[  139.387040]  ? ldsem_down_read+0x32/0x40
[  139.391084]  ? ldsem_down_read+0x32/0x40
[  139.395131]  tty_ioctl+0x5c6/0x17d0
[  139.398743]  ? commit_echoes+0x1c0/0x1c0
[  139.402816]  ? tty_vhangup+0x30/0x30
[  139.406526]  ? find_held_lock+0x36/0x1c0
[  139.410577]  ? __fget+0x4aa/0x740
[  139.414038]  ? lock_downgrade+0x900/0x900
[  139.418172]  ? check_preemption_disabled+0x48/0x280
[  139.423170]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  139.428082]  ? kasan_check_read+0x11/0x20
[  139.432214]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  139.437488]  ? rcu_softirq_qs+0x20/0x20
[  139.441450]  ? __fget+0x4d1/0x740
[  139.444886]  ? ksys_dup3+0x680/0x680
[  139.448586]  ? __might_fault+0x12b/0x1e0
[  139.452644]  ? lock_downgrade+0x900/0x900
[  139.456791]  ? lock_release+0xa00/0xa00
[  139.460766]  ? perf_trace_sched_process_exec+0x860/0x860
[  139.466198]  ? tty_vhangup+0x30/0x30
[  139.469898]  do_vfs_ioctl+0x1de/0x1790
[  139.473772]  ? ioctl_preallocate+0x300/0x300
[  139.478165]  ? memset+0x31/0x40
[  139.481428]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  139.486966]  ? smack_file_ioctl+0x210/0x3c0
[  139.491268]  ? fget_raw+0x20/0x20
[  139.494714]  ? smack_file_lock+0x2e0/0x2e0
[  139.498936]  ? do_syscall_64+0x9a/0x820
[  139.502942]  ? do_syscall_64+0x9a/0x820
[  139.506903]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  139.512420]  ? security_file_ioctl+0x94/0xc0
[  139.516811]  ksys_ioctl+0xa9/0xd0
[  139.520251]  __x64_sys_ioctl+0x73/0xb0
[  139.524140]  do_syscall_64+0x1b9/0x820
[  139.528009]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  139.533368]  ? syscall_return_slowpath+0x5e0/0x5e0
[  139.538294]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  139.543120]  ? trace_hardirqs_on_caller+0x310/0x310
[  139.548307]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  139.553336]  ? prepare_exit_to_usermode+0x291/0x3b0
[  139.558340]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  139.563170]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  139.568341] RIP: 0033:0x457569
[  139.571515] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  139.590409] RSP: 002b:00007f58360b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  139.598101] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  139.605360] RDX: 0000000020000100 RSI: 0000000000005402 RDI: 0000000000000005
[  139.612610] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  139.619862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58360b96d4
[  139.627115] R13: 00000000004c0ffe R14: 00000000004d1d88 R15: 00000000ffffffff
[  139.634374] ==================================================================
[  139.641726] Disabling lock debugging due to kernel taint
[  139.647328] Kernel panic - not syncing: panic_on_warn set ...
[  139.653218] CPU: 0 PID: 11989 Comm: syz-executor0 Tainted: G    B             4.20.0-rc2+ #117
[  139.661944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  139.671277] Call Trace:
[  139.673847]  dump_stack+0x244/0x39d
[  139.677457]  ? dump_stack_print_info.cold.1+0x20/0x20
[  139.682631]  panic+0x2ad/0x55c
[  139.685805]  ? add_taint.cold.5+0x16/0x16
[  139.689934]  ? preempt_schedule+0x4d/0x60
[  139.694063]  ? ___preempt_schedule+0x16/0x18
[  139.698453]  ? trace_hardirqs_on+0xb4/0x310
[  139.702777]  kasan_end_report+0x47/0x4f
[  139.706734]  kasan_report.cold.8+0x76/0x309
[  139.711056]  ? n_tty_set_termios+0x106/0xe80
[  139.715449]  check_memory_region+0x13e/0x1b0
[  139.719852]  memset+0x23/0x40
[  139.722939]  n_tty_set_termios+0x106/0xe80
[  139.727173]  ? n_tty_receive_signal_char+0x120/0x120
[  139.732256]  tty_set_termios+0x7a0/0xac0
[  139.736298]  ? tty_wait_until_sent+0x5d0/0x5d0
[  139.740862]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  139.746381]  set_termios+0x41e/0x7d0
[  139.750075]  ? tty_perform_flush+0x80/0x80
[  139.754296]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  139.759382]  tty_mode_ioctl+0x857/0xb40
[  139.763341]  ? set_termios+0x7d0/0x7d0
[  139.767213]  ? perf_trace_sched_process_exec+0x860/0x860
[  139.772665]  n_tty_ioctl_helper+0x54/0x3b0
[  139.776931]  n_tty_ioctl+0x54/0x360
[  139.780543]  ? ldsem_down_read+0x32/0x40
[  139.784584]  ? ldsem_down_read+0x32/0x40
[  139.788624]  tty_ioctl+0x5c6/0x17d0
[  139.792239]  ? commit_echoes+0x1c0/0x1c0
[  139.796324]  ? tty_vhangup+0x30/0x30
[  139.800051]  ? find_held_lock+0x36/0x1c0
[  139.804093]  ? __fget+0x4aa/0x740
[  139.807544]  ? lock_downgrade+0x900/0x900
[  139.811675]  ? check_preemption_disabled+0x48/0x280
[  139.816673]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  139.821582]  ? kasan_check_read+0x11/0x20
[  139.825708]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  139.830966]  ? rcu_softirq_qs+0x20/0x20
[  139.834924]  ? __fget+0x4d1/0x740
[  139.838362]  ? ksys_dup3+0x680/0x680
[  139.842058]  ? __might_fault+0x12b/0x1e0
[  139.846128]  ? lock_downgrade+0x900/0x900
[  139.850257]  ? lock_release+0xa00/0xa00
[  139.854242]  ? perf_trace_sched_process_exec+0x860/0x860
[  139.859676]  ? tty_vhangup+0x30/0x30
[  139.863370]  do_vfs_ioctl+0x1de/0x1790
[  139.867242]  ? ioctl_preallocate+0x300/0x300
[  139.871628]  ? memset+0x31/0x40
[  139.874885]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  139.880416]  ? smack_file_ioctl+0x210/0x3c0
[  139.884730]  ? fget_raw+0x20/0x20
[  139.888164]  ? smack_file_lock+0x2e0/0x2e0
[  139.892385]  ? do_syscall_64+0x9a/0x820
[  139.896355]  ? do_syscall_64+0x9a/0x820
[  139.900310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  139.905828]  ? security_file_ioctl+0x94/0xc0
[  139.910216]  ksys_ioctl+0xa9/0xd0
[  139.913666]  __x64_sys_ioctl+0x73/0xb0
[  139.917537]  do_syscall_64+0x1b9/0x820
[  139.921407]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  139.926781]  ? syscall_return_slowpath+0x5e0/0x5e0
[  139.931694]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  139.936534]  ? trace_hardirqs_on_caller+0x310/0x310
[  139.941536]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  139.946535]  ? prepare_exit_to_usermode+0x291/0x3b0
[  139.951538]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  139.956363]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  139.961532] RIP: 0033:0x457569
[  139.964712] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  139.983593] RSP: 002b:00007f58360b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  139.991288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  139.998560] RDX: 0000000020000100 RSI: 0000000000005402 RDI: 0000000000000005
[  140.005810] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  140.013075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58360b96d4
[  140.020324] R13: 00000000004c0ffe R14: 00000000004d1d88 R15: 00000000ffffffff
[  140.028584] Kernel Offset: disabled
[  140.032207] Rebooting in 86400 seconds..