[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   31.904469] kauditd_printk_skb: 9 callbacks suppressed
[   31.904480] audit: type=1800 audit(1543098484.250:33): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   31.933897] audit: type=1800 audit(1543098484.250:34): pid=5962 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.206331] audit: type=1400 audit(1543098489.550:35): avc:  denied  { map } for  pid=6138 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts.
[   86.814977] audit: type=1400 audit(1543098539.160:36): avc:  denied  { map } for  pid=6152 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/11/24 22:28:59 parsed 1 programs
[   87.333604] audit: type=1400 audit(1543098539.670:37): avc:  denied  { map } for  pid=6152 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14203 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   88.722381] ld (6162) used greatest stack depth: 15296 bytes left
2018/11/24 22:29:01 executed programs: 0
[   88.870539] IPVS: ftp: loaded support on port[0] = 21
[   89.122545] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.129298] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.137102] device bridge_slave_0 entered promiscuous mode
[   89.155536] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.161911] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.169174] device bridge_slave_1 entered promiscuous mode
[   89.186882] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   89.206173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   89.255194] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   89.274096] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   89.350057] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   89.357694] team0: Port device team_slave_0 added
[   89.375914] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   89.383034] team0: Port device team_slave_1 added
[   89.400020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   89.422751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   89.443845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.462571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   89.610375] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.616790] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.623463] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.629863] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.153822] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.208843] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   90.262356] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   90.268856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   90.276468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   90.323464] 8021q: adding VLAN 0 to HW filter on device team0
[   90.599471] audit: type=1400 audit(1543098542.940:38): avc:  denied  { associate } for  pid=6165 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2018/11/24 22:29:06 executed programs: 153
2018/11/24 22:29:11 executed programs: 385
2018/11/24 22:29:16 executed programs: 620
2018/11/24 22:29:21 executed programs: 855
2018/11/24 22:29:26 executed programs: 1093
2018/11/24 22:29:31 executed programs: 1325
2018/11/24 22:29:36 executed programs: 1563
2018/11/24 22:29:41 executed programs: 1804
2018/11/24 22:29:46 executed programs: 2041
[  136.460700] ==================================================================
[  136.468314] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[  136.475393] Write of size 512 at addr 0000000000001060 by task syz-executor0/15293
[  136.483073] 
[  136.484686] CPU: 0 PID: 15293 Comm: syz-executor0 Not tainted 4.20.0-rc3+ #127
[  136.492019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.501346] Call Trace:
[  136.503913]  dump_stack+0x244/0x39d
[  136.507534]  ? dump_stack_print_info.cold.1+0x20/0x20
[  136.512721]  ? vprintk_func+0x85/0x181
[  136.516590]  kasan_report.cold.8+0x6d/0x309
[  136.520917]  ? n_tty_set_termios+0x106/0xe80
[  136.525325]  check_memory_region+0x13e/0x1b0
[  136.529716]  memset+0x23/0x40
[  136.532853]  n_tty_set_termios+0x106/0xe80
[  136.537127]  ? n_tty_receive_signal_char+0x120/0x120
[  136.542225]  tty_set_termios+0x7a0/0xac0
[  136.546265]  ? tty_wait_until_sent+0x5d0/0x5d0
[  136.550836]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  136.556351]  set_termios+0x41e/0x7d0
[  136.560047]  ? tty_perform_flush+0x80/0x80
[  136.564337]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  136.569436]  tty_mode_ioctl+0x857/0xb40
[  136.573388]  ? set_termios+0x7d0/0x7d0
[  136.577257]  ? perf_trace_sched_process_exec+0x860/0x860
[  136.582735]  ? avc_has_extended_perms+0x8cb/0x15a0
[  136.587648]  n_tty_ioctl_helper+0x54/0x3b0
[  136.591861]  n_tty_ioctl+0x54/0x360
[  136.595501]  ? ldsem_down_read+0x32/0x40
[  136.599539]  ? ldsem_down_read+0x32/0x40
[  136.603593]  tty_ioctl+0x5c6/0x17d0
[  136.607220]  ? commit_echoes+0x1c0/0x1c0
[  136.611279]  ? tty_vhangup+0x30/0x30
[  136.614991]  ? avc_has_extended_perms+0xab2/0x15a0
[  136.619906]  ? avc_ss_reset+0x190/0x190
[  136.623860]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  136.628790]  ? kasan_check_read+0x11/0x20
[  136.632916]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  136.638175]  ? rcu_softirq_qs+0x20/0x20
[  136.642139]  ? perf_trace_sched_process_exec+0x860/0x860
[  136.647570]  ? __might_fault+0x12b/0x1e0
[  136.651636]  ? lock_downgrade+0x900/0x900
[  136.655768]  ? tty_vhangup+0x30/0x30
[  136.659462]  do_vfs_ioctl+0x1de/0x1790
[  136.663331]  ? ioctl_preallocate+0x300/0x300
[  136.667731]  ? selinux_file_mprotect+0x620/0x620
[  136.672466]  ? rht_deferred_worker+0x1692/0x1de0
[  136.677201]  ? __sanitizer_cov_trace_const_cmp4+0xb/0x20
[  136.682633]  ? put_timespec64+0x10f/0x1b0
[  136.686761]  ? nsecs_to_jiffies+0x30/0x30
[  136.690902]  ? do_syscall_64+0x9a/0x820
[  136.694859]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  136.700384]  ? security_file_ioctl+0x94/0xc0
[  136.704893]  ksys_ioctl+0xa9/0xd0
[  136.708339]  __x64_sys_ioctl+0x73/0xb0
[  136.712206]  do_syscall_64+0x1b9/0x820
[  136.716076]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  136.721449]  ? syscall_return_slowpath+0x5e0/0x5e0
[  136.726360]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  136.731201]  ? trace_hardirqs_on_caller+0x310/0x310
[  136.736211]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  136.741227]  ? prepare_exit_to_usermode+0x291/0x3b0
[  136.746242]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  136.751084]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  136.756270] RIP: 0033:0x457569
[  136.759443] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  136.778325] RSP: 002b:00007f3482fc8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.786011] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  136.793258] RDX: 0000000020000080 RSI: 0000000000005402 RDI: 0000000000000005
[  136.800516] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  136.807795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3482fc96d4
[  136.815071] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  136.822337] ==================================================================
[  136.829686] Disabling lock debugging due to kernel taint
[  136.835745] Kernel panic - not syncing: panic_on_warn set ...
[  136.841657] CPU: 0 PID: 15293 Comm: syz-executor0 Tainted: G    B             4.20.0-rc3+ #127
[  136.850386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.859715] Call Trace:
[  136.862296]  dump_stack+0x244/0x39d
[  136.865904]  ? dump_stack_print_info.cold.1+0x20/0x20
[  136.871073]  panic+0x2ad/0x55c
[  136.874252]  ? add_taint.cold.5+0x16/0x16
[  136.878402]  ? preempt_schedule+0x4d/0x60
[  136.882537]  ? ___preempt_schedule+0x16/0x18
[  136.886953]  ? trace_hardirqs_on+0xb4/0x310
[  136.891282]  kasan_end_report+0x47/0x4f
[  136.895282]  kasan_report.cold.8+0x76/0x309
[  136.899610]  ? n_tty_set_termios+0x106/0xe80
[  136.904050]  check_memory_region+0x13e/0x1b0
[  136.908437]  memset+0x23/0x40
[  136.911521]  n_tty_set_termios+0x106/0xe80
[  136.915733]  ? n_tty_receive_signal_char+0x120/0x120
[  136.920819]  tty_set_termios+0x7a0/0xac0
[  136.924869]  ? tty_wait_until_sent+0x5d0/0x5d0
[  136.929437]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  136.934952]  set_termios+0x41e/0x7d0
[  136.938645]  ? tty_perform_flush+0x80/0x80
[  136.942900]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  136.948001]  tty_mode_ioctl+0x857/0xb40
[  136.951954]  ? set_termios+0x7d0/0x7d0
[  136.955825]  ? perf_trace_sched_process_exec+0x860/0x860
[  136.961252]  ? avc_has_extended_perms+0x8cb/0x15a0
[  136.966160]  n_tty_ioctl_helper+0x54/0x3b0
[  136.970373]  n_tty_ioctl+0x54/0x360
[  136.973978]  ? ldsem_down_read+0x32/0x40
[  136.978040]  ? ldsem_down_read+0x32/0x40
[  136.982102]  tty_ioctl+0x5c6/0x17d0
[  136.985721]  ? commit_echoes+0x1c0/0x1c0
[  136.989778]  ? tty_vhangup+0x30/0x30
[  136.993486]  ? avc_has_extended_perms+0xab2/0x15a0
[  136.998402]  ? avc_ss_reset+0x190/0x190
[  137.002359]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  137.007281]  ? kasan_check_read+0x11/0x20
[  137.011423]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  137.016712]  ? rcu_softirq_qs+0x20/0x20
[  137.020691]  ? perf_trace_sched_process_exec+0x860/0x860
[  137.026127]  ? __might_fault+0x12b/0x1e0
[  137.030186]  ? lock_downgrade+0x900/0x900
[  137.034331]  ? tty_vhangup+0x30/0x30
[  137.038031]  do_vfs_ioctl+0x1de/0x1790
[  137.041931]  ? ioctl_preallocate+0x300/0x300
[  137.046351]  ? selinux_file_mprotect+0x620/0x620
[  137.051108]  ? rht_deferred_worker+0x1692/0x1de0
[  137.055852]  ? __sanitizer_cov_trace_const_cmp4+0xb/0x20
[  137.061307]  ? put_timespec64+0x10f/0x1b0
[  137.065449]  ? nsecs_to_jiffies+0x30/0x30
[  137.069600]  ? do_syscall_64+0x9a/0x820
[  137.073570]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  137.079091]  ? security_file_ioctl+0x94/0xc0
[  137.083483]  ksys_ioctl+0xa9/0xd0
[  137.086922]  __x64_sys_ioctl+0x73/0xb0
[  137.090794]  do_syscall_64+0x1b9/0x820
[  137.094776]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  137.100140]  ? syscall_return_slowpath+0x5e0/0x5e0
[  137.105055]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  137.109884]  ? trace_hardirqs_on_caller+0x310/0x310
[  137.114911]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  137.119916]  ? prepare_exit_to_usermode+0x291/0x3b0
[  137.124956]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  137.129778]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  137.134954] RIP: 0033:0x457569
[  137.138145] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  137.157022] RSP: 002b:00007f3482fc8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  137.164730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  137.171976] RDX: 0000000020000080 RSI: 0000000000005402 RDI: 0000000000000005
[  137.179244] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  137.186502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3482fc96d4
[  137.193751] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  137.202011] Kernel Offset: disabled
[  137.205640] Rebooting in 86400 seconds..