[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.656086] kauditd_printk_skb: 7 callbacks suppressed
[   26.656097] audit: type=1800 audit(1540257141.156:29): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.686185] audit: type=1800 audit(1540257141.156:30): pid=5234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
2018/10/23 01:12:39 parsed 1 programs
2018/10/23 01:12:41 executed programs: 0
syzkaller login: [   46.887173] IPVS: ftp: loaded support on port[0] = 21
[   47.139111] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.146023] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.153373] device bridge_slave_0 entered promiscuous mode
[   47.171679] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.178306] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.185520] device bridge_slave_1 entered promiscuous mode
[   47.203099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.220650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.271777] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   47.292580] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   47.366541] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   47.374271] team0: Port device team_slave_0 added
[   47.392531] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   47.399662] team0: Port device team_slave_1 added
[   47.417760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.439658] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.458174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.477278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   47.622920] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.629508] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.636402] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.642905] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.169178] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.224268] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.277838] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   48.284091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   48.291324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.345016] 8021q: adding VLAN 0 to HW filter on device team0
[   50.164097] ==================================================================
[   50.171755] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[   50.178858] Write of size 512 at addr 0000000000001060 by task syz-executor0/5950
[   50.186469] 
[   50.188104] CPU: 0 PID: 5950 Comm: syz-executor0 Not tainted 4.19.0+ #297
[   50.195033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.204481] Call Trace:
[   50.207081]  dump_stack+0x1c4/0x2b6
[   50.210704]  ? dump_stack_print_info.cold.1+0x20/0x20
[   50.215895]  ? kasan_check_write+0x14/0x20
[   50.220124]  ? do_raw_spin_lock+0xc1/0x230
[   50.224350]  ? vprintk_func+0x85/0x181
[   50.228227]  kasan_report.cold.9+0x6d/0x309
[   50.232534]  ? n_tty_set_termios+0x106/0xe80
[   50.236933]  check_memory_region+0x13e/0x1b0
[   50.241346]  memset+0x23/0x40
[   50.244455]  n_tty_set_termios+0x106/0xe80
[   50.248674]  ? n_tty_poll+0xa40/0xa40
[   50.252462]  tty_set_termios+0x7a0/0xac0
[   50.256527]  ? tty_wait_until_sent+0x5d0/0x5d0
[   50.261100]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.266627]  set_termios+0x41e/0x7d0
[   50.270350]  ? tty_perform_flush+0x80/0x80
[   50.274593]  tty_mode_ioctl+0x857/0xb40
[   50.278555]  ? mark_held_locks+0x130/0x130
[   50.282779]  ? set_termios+0x7d0/0x7d0
[   50.286657]  ? tty_kref_put.part.14+0x88/0x260
[   50.291241]  ? ___might_sleep+0x1ed/0x300
[   50.295378]  ? arch_local_save_flags+0x40/0x40
[   50.299988]  n_tty_ioctl_helper+0x54/0x3b0
[   50.304207]  n_tty_ioctl+0x54/0x360
[   50.307819]  ? ldsem_down_read+0x32/0x40
[   50.311884]  ? ldsem_down_read+0x32/0x40
[   50.315960]  tty_ioctl+0x5ad/0x1820
[   50.319587]  ? commit_echoes+0x1c0/0x1c0
[   50.323637]  ? tty_vhangup+0x30/0x30
[   50.327335]  ? rcu_bh_qs+0xc0/0xc0
[   50.330891]  ? __fget+0x4d1/0x740
[   50.334365]  ? ksys_dup3+0x680/0x680
[   50.338079]  ? __might_fault+0x12b/0x1e0
[   50.342128]  ? lock_downgrade+0x900/0x900
[   50.346262]  ? lock_release+0x970/0x970
[   50.350220]  ? arch_local_save_flags+0x40/0x40
[   50.354791]  ? tty_vhangup+0x30/0x30
[   50.358495]  do_vfs_ioctl+0x1de/0x1720
[   50.362375]  ? ioctl_preallocate+0x300/0x300
[   50.366782]  ? __fget_light+0x2e9/0x430
[   50.370742]  ? fget_raw+0x20/0x20
[   50.374181]  ? _copy_to_user+0xc8/0x110
[   50.378148]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.383670]  ? put_timespec64+0x10f/0x1b0
[   50.387807]  ? nsecs_to_jiffies+0x30/0x30
[   50.391959]  ? do_syscall_64+0x9a/0x820
[   50.395922]  ? do_syscall_64+0x9a/0x820
[   50.399890]  ? lockdep_hardirqs_on+0x421/0x5c0
[   50.404465]  ? security_file_ioctl+0x94/0xc0
[   50.408860]  ksys_ioctl+0xa9/0xd0
[   50.412314]  __x64_sys_ioctl+0x73/0xb0
[   50.416205]  do_syscall_64+0x1b9/0x820
[   50.420079]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   50.425434]  ? syscall_return_slowpath+0x5e0/0x5e0
[   50.430351]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.435356]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   50.440661]  ? recalc_sigpending_tsk+0x180/0x180
[   50.445417]  ? kasan_check_write+0x14/0x20
[   50.449643]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.454478]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.459656] RIP: 0033:0x457569
[   50.462838] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   50.481724] RSP: 002b:00007fa717060c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   50.489422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   50.496675] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000006
[   50.503940] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   50.511206] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7170616d4
[   50.518462] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   50.525737] ==================================================================
[   50.533078] Disabling lock debugging due to kernel taint
[   50.539461] Kernel panic - not syncing: panic_on_warn set ...
[   50.539461] 
[   50.546835] CPU: 0 PID: 5950 Comm: syz-executor0 Tainted: G    B             4.19.0+ #297
[   50.555131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.564469] Call Trace:
[   50.567047]  dump_stack+0x1c4/0x2b6
[   50.570666]  ? dump_stack_print_info.cold.1+0x20/0x20
[   50.575863]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   50.580620]  panic+0x238/0x4e7
[   50.583803]  ? add_taint.cold.5+0x16/0x16
[   50.587945]  ? preempt_schedule+0x4d/0x60
[   50.592102]  ? ___preempt_schedule+0x16/0x18
[   50.596497]  ? trace_hardirqs_on+0xb4/0x310
[   50.600822]  kasan_end_report+0x47/0x4f
[   50.604784]  kasan_report.cold.9+0x76/0x309
[   50.609100]  ? n_tty_set_termios+0x106/0xe80
[   50.613497]  check_memory_region+0x13e/0x1b0
[   50.617892]  memset+0x23/0x40
[   50.621020]  n_tty_set_termios+0x106/0xe80
[   50.625238]  ? n_tty_poll+0xa40/0xa40
[   50.629044]  tty_set_termios+0x7a0/0xac0
[   50.633125]  ? tty_wait_until_sent+0x5d0/0x5d0
[   50.637759]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.643294]  set_termios+0x41e/0x7d0
[   50.646996]  ? tty_perform_flush+0x80/0x80
[   50.651221]  tty_mode_ioctl+0x857/0xb40
[   50.655212]  ? mark_held_locks+0x130/0x130
[   50.659438]  ? set_termios+0x7d0/0x7d0
[   50.663321]  ? tty_kref_put.part.14+0x88/0x260
[   50.667924]  ? ___might_sleep+0x1ed/0x300
[   50.672058]  ? arch_local_save_flags+0x40/0x40
[   50.676626]  n_tty_ioctl_helper+0x54/0x3b0
[   50.680847]  n_tty_ioctl+0x54/0x360
[   50.684459]  ? ldsem_down_read+0x32/0x40
[   50.688504]  ? ldsem_down_read+0x32/0x40
[   50.692579]  tty_ioctl+0x5ad/0x1820
[   50.696189]  ? commit_echoes+0x1c0/0x1c0
[   50.700294]  ? tty_vhangup+0x30/0x30
[   50.703999]  ? rcu_bh_qs+0xc0/0xc0
[   50.707541]  ? __fget+0x4d1/0x740
[   50.711025]  ? ksys_dup3+0x680/0x680
[   50.714727]  ? __might_fault+0x12b/0x1e0
[   50.718775]  ? lock_downgrade+0x900/0x900
[   50.722933]  ? lock_release+0x970/0x970
[   50.726907]  ? arch_local_save_flags+0x40/0x40
[   50.731478]  ? tty_vhangup+0x30/0x30
[   50.735191]  do_vfs_ioctl+0x1de/0x1720
[   50.739065]  ? ioctl_preallocate+0x300/0x300
[   50.743459]  ? __fget_light+0x2e9/0x430
[   50.747425]  ? fget_raw+0x20/0x20
[   50.750862]  ? _copy_to_user+0xc8/0x110
[   50.754825]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.760361]  ? put_timespec64+0x10f/0x1b0
[   50.764498]  ? nsecs_to_jiffies+0x30/0x30
[   50.768633]  ? do_syscall_64+0x9a/0x820
[   50.772594]  ? do_syscall_64+0x9a/0x820
[   50.776592]  ? lockdep_hardirqs_on+0x421/0x5c0
[   50.781159]  ? security_file_ioctl+0x94/0xc0
[   50.785557]  ksys_ioctl+0xa9/0xd0
[   50.788998]  __x64_sys_ioctl+0x73/0xb0
[   50.792872]  do_syscall_64+0x1b9/0x820
[   50.796746]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   50.802118]  ? syscall_return_slowpath+0x5e0/0x5e0
[   50.807036]  ? trace_hardirqs_on_caller+0x310/0x310
[   50.812038]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   50.817066]  ? recalc_sigpending_tsk+0x180/0x180
[   50.821817]  ? kasan_check_write+0x14/0x20
[   50.826064]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.830934]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   50.836106] RIP: 0033:0x457569
[   50.839298] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   50.858191] RSP: 002b:00007fa717060c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   50.865882] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   50.873134] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000006
[   50.880427] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   50.887681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7170616d4
[   50.894941] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   50.903130] Kernel Offset: disabled
[   50.906753] Rebooting in 86400 seconds..