[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.019795] kauditd_printk_skb: 8 callbacks suppressed
[   30.019806] audit: type=1800 audit(1543389094.829:29): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   30.045985] audit: type=1800 audit(1543389094.829:30): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts.
2018/11/28 07:12:44 parsed 1 programs
2018/11/28 07:12:46 executed programs: 0
syzkaller login: [  101.813886] IPVS: ftp: loaded support on port[0] = 21
[  102.068001] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.075023] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.082020] device bridge_slave_0 entered promiscuous mode
[  102.100912] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.107380] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.114600] device bridge_slave_1 entered promiscuous mode
[  102.131913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  102.151060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.203719] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.225246] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.301127] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  102.308987] team0: Port device team_slave_0 added
[  102.324953] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  102.332073] team0: Port device team_slave_1 added
[  102.349292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.371537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.392085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.412296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.559716] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.566189] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.572922] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.579323] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.110523] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.164796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  103.217910] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  103.224135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  103.231246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.282625] 8021q: adding VLAN 0 to HW filter on device team0
[  105.200636] ==================================================================
[  105.208152] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[  105.215253] Write of size 512 at addr 0000000000001060 by task syz-executor0/6620
[  105.222871] 
[  105.224502] CPU: 0 PID: 6620 Comm: syz-executor0 Not tainted 4.20.0-rc4+ #131
[  105.231761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  105.241102] Call Trace:
[  105.243682]  dump_stack+0x244/0x39d
[  105.247305]  ? dump_stack_print_info.cold.1+0x20/0x20
[  105.252489]  ? vprintk_func+0x85/0x181
[  105.256374]  kasan_report.cold.8+0x6d/0x309
[  105.260684]  ? n_tty_set_termios+0x106/0xe80
[  105.265104]  check_memory_region+0x13e/0x1b0
[  105.269506]  memset+0x23/0x40
[  105.272609]  n_tty_set_termios+0x106/0xe80
[  105.276851]  ? n_tty_receive_signal_char+0x120/0x120
[  105.281946]  tty_set_termios+0x7a0/0xac0
[  105.286003]  ? tty_wait_until_sent+0x5d0/0x5d0
[  105.290587]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  105.296122]  set_termios+0x41e/0x7d0
[  105.299847]  ? tty_perform_flush+0x80/0x80
[  105.304081]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  105.309186]  tty_mode_ioctl+0x857/0xb40
[  105.313152]  ? set_termios+0x7d0/0x7d0
[  105.317043]  ? perf_trace_sched_process_exec+0x860/0x860
[  105.322491]  n_tty_ioctl_helper+0x54/0x3b0
[  105.326720]  n_tty_ioctl+0x54/0x360
[  105.330344]  ? ldsem_down_read+0x32/0x40
[  105.334395]  ? ldsem_down_read+0x32/0x40
[  105.338516]  tty_ioctl+0x5c6/0x17d0
[  105.342133]  ? commit_echoes+0x1c0/0x1c0
[  105.346186]  ? tty_vhangup+0x30/0x30
[  105.349892]  ? find_held_lock+0x36/0x1c0
[  105.353962]  ? __fget+0x4aa/0x740
[  105.357457]  ? lock_downgrade+0x900/0x900
[  105.361601]  ? check_preemption_disabled+0x48/0x280
[  105.366616]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  105.371536]  ? kasan_check_read+0x11/0x20
[  105.375708]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  105.380980]  ? rcu_softirq_qs+0x20/0x20
[  105.384954]  ? __fget+0x4d1/0x740
[  105.388402]  ? ksys_dup3+0x680/0x680
[  105.392109]  ? __might_fault+0x12b/0x1e0
[  105.396167]  ? lock_downgrade+0x900/0x900
[  105.400354]  ? lock_release+0xa00/0xa00
[  105.404338]  ? perf_trace_sched_process_exec+0x860/0x860
[  105.409782]  ? tty_vhangup+0x30/0x30
[  105.413486]  do_vfs_ioctl+0x1de/0x1790
[  105.417405]  ? ioctl_preallocate+0x300/0x300
[  105.421807]  ? memset+0x31/0x40
[  105.425104]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.430634]  ? smack_file_ioctl+0x210/0x3c0
[  105.434944]  ? fget_raw+0x20/0x20
[  105.438390]  ? smack_file_lock+0x2e0/0x2e0
[  105.442625]  ? do_syscall_64+0x9a/0x820
[  105.446598]  ? do_syscall_64+0x9a/0x820
[  105.450604]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.456136]  ? security_file_ioctl+0x94/0xc0
[  105.460539]  ksys_ioctl+0xa9/0xd0
[  105.463999]  __x64_sys_ioctl+0x73/0xb0
[  105.467898]  do_syscall_64+0x1b9/0x820
[  105.471777]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  105.477132]  ? syscall_return_slowpath+0x5e0/0x5e0
[  105.482053]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  105.486889]  ? trace_hardirqs_on_caller+0x310/0x310
[  105.491900]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  105.496951]  ? prepare_exit_to_usermode+0x291/0x3b0
[  105.501967]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  105.506808]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.512010] RIP: 0033:0x457569
[  105.515195] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  105.534092] RSP: 002b:00007febde9c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.541791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  105.549072] RDX: 0000000020000140 RSI: 0000000000005402 RDI: 0000000000000005
[  105.556338] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  105.563601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febde9c16d4
[  105.570861] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  105.578128] ==================================================================
[  105.585475] Disabling lock debugging due to kernel taint
[  105.591488] Kernel panic - not syncing: panic_on_warn set ...
[  105.597401] CPU: 0 PID: 6620 Comm: syz-executor0 Tainted: G    B             4.20.0-rc4+ #131
[  105.606099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  105.615447] Call Trace:
[  105.618042]  dump_stack+0x244/0x39d
[  105.621663]  ? dump_stack_print_info.cold.1+0x20/0x20
[  105.626862]  panic+0x2ad/0x55c
[  105.630057]  ? add_taint.cold.5+0x16/0x16
[  105.634213]  ? preempt_schedule+0x4d/0x60
[  105.638353]  ? ___preempt_schedule+0x16/0x18
[  105.642756]  ? trace_hardirqs_on+0xb4/0x310
[  105.647072]  kasan_end_report+0x47/0x4f
[  105.651044]  kasan_report.cold.8+0x76/0x309
[  105.655364]  ? n_tty_set_termios+0x106/0xe80
[  105.659767]  check_memory_region+0x13e/0x1b0
[  105.664167]  memset+0x23/0x40
[  105.667309]  n_tty_set_termios+0x106/0xe80
[  105.671553]  ? n_tty_receive_signal_char+0x120/0x120
[  105.676649]  tty_set_termios+0x7a0/0xac0
[  105.680703]  ? tty_wait_until_sent+0x5d0/0x5d0
[  105.685282]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  105.690827]  set_termios+0x41e/0x7d0
[  105.694538]  ? tty_perform_flush+0x80/0x80
[  105.698769]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  105.703877]  tty_mode_ioctl+0x857/0xb40
[  105.707862]  ? set_termios+0x7d0/0x7d0
[  105.711746]  ? perf_trace_sched_process_exec+0x860/0x860
[  105.717190]  n_tty_ioctl_helper+0x54/0x3b0
[  105.721418]  n_tty_ioctl+0x54/0x360
[  105.725042]  ? ldsem_down_read+0x32/0x40
[  105.729108]  ? ldsem_down_read+0x32/0x40
[  105.733163]  tty_ioctl+0x5c6/0x17d0
[  105.736782]  ? commit_echoes+0x1c0/0x1c0
[  105.740855]  ? tty_vhangup+0x30/0x30
[  105.744558]  ? find_held_lock+0x36/0x1c0
[  105.748624]  ? __fget+0x4aa/0x740
[  105.752080]  ? lock_downgrade+0x900/0x900
[  105.756226]  ? check_preemption_disabled+0x48/0x280
[  105.761236]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  105.766159]  ? kasan_check_read+0x11/0x20
[  105.770298]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  105.775566]  ? rcu_softirq_qs+0x20/0x20
[  105.779537]  ? __fget+0x4d1/0x740
[  105.782983]  ? ksys_dup3+0x680/0x680
[  105.786694]  ? __might_fault+0x12b/0x1e0
[  105.790785]  ? lock_downgrade+0x900/0x900
[  105.794947]  ? lock_release+0xa00/0xa00
[  105.798922]  ? perf_trace_sched_process_exec+0x860/0x860
[  105.804409]  ? tty_vhangup+0x30/0x30
[  105.808117]  do_vfs_ioctl+0x1de/0x1790
[  105.811998]  ? ioctl_preallocate+0x300/0x300
[  105.816398]  ? memset+0x31/0x40
[  105.819673]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.825202]  ? smack_file_ioctl+0x210/0x3c0
[  105.829514]  ? fget_raw+0x20/0x20
[  105.832961]  ? smack_file_lock+0x2e0/0x2e0
[  105.837196]  ? do_syscall_64+0x9a/0x820
[  105.841164]  ? do_syscall_64+0x9a/0x820
[  105.845133]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  105.850696]  ? security_file_ioctl+0x94/0xc0
[  105.855101]  ksys_ioctl+0xa9/0xd0
[  105.858550]  __x64_sys_ioctl+0x73/0xb0
[  105.862469]  do_syscall_64+0x1b9/0x820
[  105.866350]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  105.871717]  ? syscall_return_slowpath+0x5e0/0x5e0
[  105.876645]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  105.881483]  ? trace_hardirqs_on_caller+0x310/0x310
[  105.886492]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  105.891501]  ? prepare_exit_to_usermode+0x291/0x3b0
[  105.896511]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  105.901346]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  105.906524] RIP: 0033:0x457569
[  105.909716] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  105.928614] RSP: 002b:00007febde9c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.936358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  105.943617] RDX: 0000000020000140 RSI: 0000000000005402 RDI: 0000000000000005
[  105.950876] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  105.958180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febde9c16d4
[  105.965443] R13: 00000000004c10be R14: 00000000004d2410 R15: 00000000ffffffff
[  105.973727] Kernel Offset: disabled
[  105.977358] Rebooting in 86400 seconds..