[   26.867229] audit: type=1800 audit(1540225192.758:27): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   26.900547] audit: type=1800 audit(1540225192.758:28): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.643687] audit: type=1800 audit(1540225193.608:29): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.662191] audit: type=1800 audit(1540225193.618:30): pid=5243 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
2018/10/22 16:20:03 parsed 1 programs
2018/10/22 16:20:05 executed programs: 0
syzkaller login: [   39.805017] IPVS: ftp: loaded support on port[0] = 21
[   40.046021] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.052654] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.059887] device bridge_slave_0 entered promiscuous mode
[   40.079010] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.085453] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.092357] device bridge_slave_1 entered promiscuous mode
[   40.109171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   40.126603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   40.175262] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.197291] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.271440] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.279923] team0: Port device team_slave_0 added
[   40.295769] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.302881] team0: Port device team_slave_1 added
[   40.319705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.339450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.358387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   40.378398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   40.522711] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.529206] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.536029] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.542361] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.049968] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.101519] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.151355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   41.158297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.165677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.211315] 8021q: adding VLAN 0 to HW filter on device team0
2018/10/22 16:20:10 executed programs: 39
2018/10/22 16:20:15 executed programs: 101
2018/10/22 16:20:20 executed programs: 162
2018/10/22 16:20:25 executed programs: 224
2018/10/22 16:20:31 executed programs: 288
[   69.801583] ==================================================================
[   69.809068] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[   69.816153] Write of size 512 at addr 0000000000001060 by task syz-executor0/7065
[   69.823758] 
[   69.825378] CPU: 0 PID: 7065 Comm: syz-executor0 Not tainted 4.19.0+ #74
[   69.832199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.841533] Call Trace:
[   69.844112]  dump_stack+0x1c4/0x2b6
[   69.847730]  ? dump_stack_print_info.cold.1+0x20/0x20
[   69.852916]  ? kasan_check_write+0x14/0x20
[   69.857141]  ? do_raw_spin_lock+0xc1/0x230
[   69.861363]  ? vprintk_func+0x85/0x181
[   69.865238]  kasan_report.cold.9+0x6d/0x309
[   69.869543]  ? n_tty_set_termios+0x106/0xe80
[   69.873940]  check_memory_region+0x13e/0x1b0
[   69.878547]  memset+0x23/0x40
[   69.881650]  n_tty_set_termios+0x106/0xe80
[   69.885884]  ? n_tty_poll+0xa40/0xa40
[   69.889673]  tty_set_termios+0x7a0/0xac0
[   69.893724]  ? tty_wait_until_sent+0x5d0/0x5d0
[   69.898312]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.903953]  set_termios+0x41e/0x7d0
[   69.907660]  ? tty_perform_flush+0x80/0x80
[   69.911887]  tty_mode_ioctl+0x857/0xb40
[   69.915848]  ? mark_held_locks+0x130/0x130
[   69.920097]  ? set_termios+0x7d0/0x7d0
[   69.923973]  ? tty_kref_put.part.14+0x88/0x260
[   69.928541]  ? ___might_sleep+0x1ed/0x300
[   69.932674]  ? arch_local_save_flags+0x40/0x40
[   69.937246]  n_tty_ioctl_helper+0x54/0x3b0
[   69.941481]  n_tty_ioctl+0x54/0x360
[   69.945099]  ? ldsem_down_read+0x32/0x40
[   69.949145]  ? ldsem_down_read+0x32/0x40
[   69.953196]  tty_ioctl+0x5ad/0x1820
[   69.956804]  ? commit_echoes+0x1c0/0x1c0
[   69.960853]  ? tty_vhangup+0x30/0x30
[   69.964551]  ? rcu_bh_qs+0xc0/0xc0
[   69.968083]  ? __fget+0x4d1/0x740
[   69.971524]  ? ksys_dup3+0x680/0x680
[   69.975226]  ? __might_fault+0x12b/0x1e0
[   69.979276]  ? lock_downgrade+0x900/0x900
[   69.983420]  ? lock_release+0x970/0x970
[   69.987386]  ? arch_local_save_flags+0x40/0x40
[   69.991957]  ? tty_vhangup+0x30/0x30
[   69.995667]  do_vfs_ioctl+0x1de/0x1720
[   69.999597]  ? ioctl_preallocate+0x300/0x300
[   70.004008]  ? memset+0x31/0x40
[   70.007276]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.012903]  ? smack_file_ioctl+0x210/0x3c0
[   70.017218]  ? fget_raw+0x20/0x20
[   70.020656]  ? smack_file_lock+0x2e0/0x2e0
[   70.024884]  ? do_syscall_64+0x9a/0x820
[   70.028851]  ? do_syscall_64+0x9a/0x820
[   70.032818]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.038347]  ? security_file_ioctl+0x94/0xc0
[   70.042748]  ksys_ioctl+0xa9/0xd0
[   70.046192]  __x64_sys_ioctl+0x73/0xb0
[   70.050065]  do_syscall_64+0x1b9/0x820
[   70.053941]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   70.059292]  ? syscall_return_slowpath+0x5e0/0x5e0
[   70.064208]  ? trace_hardirqs_on_caller+0x310/0x310
[   70.069212]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   70.074215]  ? recalc_sigpending_tsk+0x180/0x180
[   70.078956]  ? kasan_check_write+0x14/0x20
[   70.083177]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   70.088008]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.093183] RIP: 0033:0x457569
[   70.096360] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.115334] RSP: 002b:00007f9671978c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.123027] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   70.130283] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000007
[   70.137542] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   70.144808] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f96719796d4
[   70.152063] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   70.159326] ==================================================================
[   70.166662] Disabling lock debugging due to kernel taint
[   70.172507] Kernel panic - not syncing: panic_on_warn set ...
[   70.172507] 
[   70.179869] CPU: 0 PID: 7065 Comm: syz-executor0 Tainted: G    B             4.19.0+ #74
[   70.188076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.197407] Call Trace:
[   70.199981]  dump_stack+0x1c4/0x2b6
[   70.203593]  ? dump_stack_print_info.cold.1+0x20/0x20
[   70.208772]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   70.213518]  panic+0x238/0x4e7
[   70.216697]  ? add_taint.cold.5+0x16/0x16
[   70.220830]  ? preempt_schedule+0x4d/0x60
[   70.224963]  ? ___preempt_schedule+0x16/0x18
[   70.229407]  ? trace_hardirqs_on+0xb4/0x310
[   70.233723]  kasan_end_report+0x47/0x4f
[   70.237683]  kasan_report.cold.9+0x76/0x309
[   70.241989]  ? n_tty_set_termios+0x106/0xe80
[   70.246386]  check_memory_region+0x13e/0x1b0
[   70.250779]  memset+0x23/0x40
[   70.253868]  n_tty_set_termios+0x106/0xe80
[   70.258084]  ? n_tty_poll+0xa40/0xa40
[   70.261867]  tty_set_termios+0x7a0/0xac0
[   70.265915]  ? tty_wait_until_sent+0x5d0/0x5d0
[   70.270501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.276022]  set_termios+0x41e/0x7d0
[   70.279722]  ? tty_perform_flush+0x80/0x80
[   70.283944]  tty_mode_ioctl+0x857/0xb40
[   70.287901]  ? mark_held_locks+0x130/0x130
[   70.292126]  ? set_termios+0x7d0/0x7d0
[   70.296003]  ? tty_kref_put.part.14+0x88/0x260
[   70.300573]  ? ___might_sleep+0x1ed/0x300
[   70.304708]  ? arch_local_save_flags+0x40/0x40
[   70.309276]  n_tty_ioctl_helper+0x54/0x3b0
[   70.313499]  n_tty_ioctl+0x54/0x360
[   70.317114]  ? ldsem_down_read+0x32/0x40
[   70.321156]  ? ldsem_down_read+0x32/0x40
[   70.325201]  tty_ioctl+0x5ad/0x1820
[   70.328913]  ? commit_echoes+0x1c0/0x1c0
[   70.332985]  ? tty_vhangup+0x30/0x30
[   70.336685]  ? rcu_bh_qs+0xc0/0xc0
[   70.340220]  ? __fget+0x4d1/0x740
[   70.343674]  ? ksys_dup3+0x680/0x680
[   70.347451]  ? __might_fault+0x12b/0x1e0
[   70.351523]  ? lock_downgrade+0x900/0x900
[   70.355660]  ? lock_release+0x970/0x970
[   70.359757]  ? arch_local_save_flags+0x40/0x40
[   70.364352]  ? tty_vhangup+0x30/0x30
[   70.368120]  do_vfs_ioctl+0x1de/0x1720
[   70.372004]  ? ioctl_preallocate+0x300/0x300
[   70.376412]  ? memset+0x31/0x40
[   70.379702]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.385287]  ? smack_file_ioctl+0x210/0x3c0
[   70.389602]  ? fget_raw+0x20/0x20
[   70.393044]  ? smack_file_lock+0x2e0/0x2e0
[   70.397272]  ? do_syscall_64+0x9a/0x820
[   70.401232]  ? do_syscall_64+0x9a/0x820
[   70.405197]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.410723]  ? security_file_ioctl+0x94/0xc0
[   70.415122]  ksys_ioctl+0xa9/0xd0
[   70.418566]  __x64_sys_ioctl+0x73/0xb0
[   70.422443]  do_syscall_64+0x1b9/0x820
[   70.426355]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   70.431707]  ? syscall_return_slowpath+0x5e0/0x5e0
[   70.436627]  ? trace_hardirqs_on_caller+0x310/0x310
[   70.441629]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   70.446638]  ? recalc_sigpending_tsk+0x180/0x180
[   70.451385]  ? kasan_check_write+0x14/0x20
[   70.455609]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   70.460540]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.465714] RIP: 0033:0x457569
[   70.468894] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.487794] RSP: 002b:00007f9671978c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.495503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   70.502758] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000007
[   70.510013] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   70.517285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f96719796d4
[   70.524553] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   70.532676] Kernel Offset: disabled
[   70.536363] Rebooting in 86400 seconds..