[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.112425] kauditd_printk_skb: 7 callbacks suppressed
[   26.112436] audit: type=1800 audit(1540064855.419:29): pid=5192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.146074] audit: type=1800 audit(1540064855.419:30): pid=5192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
2018/10/20 19:48:23 parsed 1 programs
2018/10/20 19:48:24 executed programs: 0
syzkaller login: [   75.259978] IPVS: ftp: loaded support on port[0] = 21
[   75.507374] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.514374] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.522523] device bridge_slave_0 entered promiscuous mode
[   75.542296] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.548851] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.555915] device bridge_slave_1 entered promiscuous mode
[   75.573458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   75.591511] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   75.641756] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   75.662719] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   75.736009] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   75.743360] team0: Port device team_slave_0 added
[   75.759943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   75.767873] team0: Port device team_slave_1 added
[   75.784880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   75.804199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   75.823244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   75.842918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   75.987527] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.993985] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.000907] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.007286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.517566] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.568688] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   76.618397] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   76.624844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   76.631851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.682734] 8021q: adding VLAN 0 to HW filter on device team0
2018/10/20 19:48:29 executed programs: 158
2018/10/20 19:48:34 executed programs: 394
2018/10/20 19:48:39 executed programs: 633
2018/10/20 19:48:44 executed programs: 877
[  100.094276] kasan: CONFIG_KASAN_INLINE enabled
[  100.099036] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  100.106599] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  100.112836] CPU: 0 PID: 10188 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #293
[  100.120175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  100.129527] RIP: 0010:n_tty_flush_buffer+0x64/0x260
[  100.134531] Code: 80 3c 02 00 0f 85 d0 01 00 00 49 8b 9c 24 70 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 60 22 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 48 c7 83 60 22 00 00 00 00 00 00 48
[  100.153414] RSP: 0018:ffff8801d89df780 EFLAGS: 00010202
[  100.158761] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  100.166022] RDX: 000000000000044c RSI: 0000000000000000 RDI: 0000000000002260
[  100.173293] RBP: ffff8801d89df798 R08: ffff8801cb0b8bf0 R09: 0000000000000002
[  100.180564] R10: ffff8801cb0b8bd0 R11: 2c77dc48a4aa5556 R12: ffff8801cd2ba880
[  100.188738] R13: ffff8801cd2baab8 R14: 0000000000000000 R15: ffff8801d89df7e8
[  100.195997] FS:  00007fabac45a700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  100.204207] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.210073] CR2: 000000000072c000 CR3: 00000001d9b0f000 CR4: 00000000001406f0
[  100.217329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  100.224579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  100.231827] Call Trace:
[  100.234405]  set_termios+0x390/0x7d0
[  100.238103]  ? n_tty_kick_worker+0x230/0x230
[  100.242495]  ? tty_perform_flush+0x80/0x80
[  100.246722]  tty_mode_ioctl+0x268/0xb40
[  100.250686]  ? mark_held_locks+0x130/0x130
[  100.254919]  ? set_termios+0x7d0/0x7d0
[  100.258791]  ? tty_kref_put.part.14+0x88/0x260
[  100.263358]  ? ___might_sleep+0x1ed/0x300
[  100.267496]  ? arch_local_save_flags+0x40/0x40
[  100.272102]  n_tty_ioctl_helper+0x54/0x3b0
[  100.276320]  n_tty_ioctl+0x54/0x360
[  100.279929]  ? ldsem_down_read+0x32/0x40
[  100.283971]  ? ldsem_down_read+0x32/0x40
[  100.288016]  tty_ioctl+0x5ad/0x1820
[  100.291632]  ? commit_echoes+0x1c0/0x1c0
[  100.295676]  ? tty_vhangup+0x30/0x30
[  100.299373]  ? rcu_bh_qs+0xc0/0xc0
[  100.302903]  ? __fget+0x4d1/0x740
[  100.306342]  ? ksys_dup3+0x680/0x680
[  100.310046]  ? __might_fault+0x12b/0x1e0
[  100.314095]  ? lock_downgrade+0x900/0x900
[  100.318244]  ? lock_release+0x970/0x970
[  100.322203]  ? arch_local_save_flags+0x40/0x40
[  100.326778]  ? tty_vhangup+0x30/0x30
[  100.330482]  do_vfs_ioctl+0x1de/0x1720
[  100.334375]  ? ioctl_preallocate+0x300/0x300
[  100.338772]  ? __fget_light+0x2e9/0x430
[  100.342760]  ? fget_raw+0x20/0x20
[  100.346210]  ? _copy_to_user+0xc8/0x110
[  100.350187]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  100.355709]  ? put_timespec64+0x10f/0x1b0
[  100.359840]  ? nsecs_to_jiffies+0x30/0x30
[  100.363975]  ? do_syscall_64+0x9a/0x820
[  100.367945]  ? do_syscall_64+0x9a/0x820
[  100.371903]  ? lockdep_hardirqs_on+0x421/0x5c0
[  100.376493]  ? security_file_ioctl+0x94/0xc0
[  100.380889]  ksys_ioctl+0xa9/0xd0
[  100.384328]  __x64_sys_ioctl+0x73/0xb0
[  100.388200]  do_syscall_64+0x1b9/0x820
[  100.392074]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  100.397421]  ? syscall_return_slowpath+0x5e0/0x5e0
[  100.402331]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  100.407155]  ? trace_hardirqs_on_caller+0x310/0x310
[  100.412152]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  100.417165]  ? prepare_exit_to_usermode+0x291/0x3b0
[  100.422191]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  100.427050]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  100.432225] RIP: 0033:0x457569
[  100.435403] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  100.454321] RSP: 002b:00007fabac459c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.462033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  100.469290] RDX: 0000000020000000 RSI: 0000000000005404 RDI: 0000000000000005
[  100.476539] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  100.483789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabac45a6d4
[  100.491047] R13: 00000000004c0da4 R14: 00000000004d17d0 R15: 00000000ffffffff
[  100.498304] Modules linked in:
[  100.502303] ---[ end trace 37da8fc98290cf5d ]---
[  100.507107] RIP: 0010:n_tty_flush_buffer+0x64/0x260
[  100.512125] Code: 80 3c 02 00 0f 85 d0 01 00 00 49 8b 9c 24 70 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 60 22 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 48 c7 83 60 22 00 00 00 00 00 00 48
[  100.531067] RSP: 0018:ffff8801d89df780 EFLAGS: 00010202
[  100.536664] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  100.543964] RDX: 000000000000044c RSI: 0000000000000000 RDI: 0000000000002260
[  100.551346] RBP: ffff8801d89df798 R08: ffff8801cb0b8bf0 R09: 0000000000000002
[  100.558676] R10: ffff8801cb0b8bd0 R11: 2c77dc48a4aa5556 R12: ffff8801cd2ba880
[  100.565975] R13: ffff8801cd2baab8 R14: 0000000000000000 R15: ffff8801d89df7e8
[  100.573235] FS:  00007fabac45a700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  100.581516] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.587748] CR2: 000000000072c000 CR3: 00000001d9b0f000 CR4: 00000000001406f0
[  100.595050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  100.602318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  100.609605] Kernel panic - not syncing: Fatal exception
[  100.615932] Kernel Offset: disabled
[  100.619558] Rebooting in 86400 seconds..