[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.546733] random: nonblocking pool is initialized
[   12.677250] sshd (5502) used greatest stack depth: 11856 bytes left
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.856833] IPVS: Creating netns size=2712 id=1
[   28.861800] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts.
2019/12/10 01:37:14 parsed 1 programs
2019/12/10 01:37:14 executed programs: 0
[   35.563369] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   35.571967] IPVS: Creating netns size=2712 id=2
[   35.576069] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   35.580639] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   35.585035] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   35.589389] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   35.592604] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   35.608418] IPVS: ftp: loaded support on port[0] = 21
[   35.619447] IPVS: Creating netns size=2712 id=3
[   35.624889] IPVS: ftp: loaded support on port[0] = 21
[   35.643501] chnl_net:caif_netlink_parms(): no params data found
[   35.652779] IPVS: Creating netns size=2712 id=4
[   35.657504] IPVS: ftp: loaded support on port[0] = 21
[   35.674345] IPVS: Creating netns size=2712 id=5
[   35.676326] chnl_net:caif_netlink_parms(): no params data found
[   35.685738] IPVS: ftp: loaded support on port[0] = 21
[   35.687379] device bridge_slave_0 entered promiscuous mode
[   35.688306] device bridge_slave_1 entered promiscuous mode
[   35.690791] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   35.691010] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   35.691137] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   35.691245] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   35.713958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   35.714044] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   35.718578] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   35.718648] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   35.719917] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   35.725462] device bridge_slave_0 entered promiscuous mode
[   35.725819] device bridge_slave_1 entered promiscuous mode
[   35.728037] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   35.728157] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   35.728275] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   35.728382] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   35.748608] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   35.748697] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   35.754941] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   35.755000] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   35.756188] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.756285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.756299] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.756310] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.776238] 8021q: adding VLAN 0 to HW filter on device bond0
[   35.776562] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   35.792259] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.798911] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.827020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   35.852628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   35.852897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   35.853735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   35.853799] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.853828] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.853892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   35.853956] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.853971] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.854114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   35.854167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   35.854373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   35.861576] 8021q: adding VLAN 0 to HW filter on device bond0
[   35.861887] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   35.862369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   35.886783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   35.887050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   35.898541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   35.898648] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.898666] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.898718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   35.898756] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.898771] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.898882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   35.898934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   35.900744] chnl_net:caif_netlink_parms(): no params data found
[   36.072116] device bridge_slave_0 entered promiscuous mode
[   36.079517] IPVS: Creating netns size=2712 id=6
[   36.084463] IPVS: ftp: loaded support on port[0] = 21
[   36.097498] device bridge_slave_1 entered promiscuous mode
[   36.112275] chnl_net:caif_netlink_parms(): no params data found
[   36.125260] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   36.132417] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   36.140626] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   36.147526] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   36.148225] IPVS: Creating netns size=2712 id=7
[   36.148238] IPVS: ftp: loaded support on port[0] = 21
[   36.157619] BUG: unable to handle kernel NULL pointer dereference at 0000000000000003
[   36.157630] IP: [<ffffffff81a4a8c4>] mem16_serial_out+0x14/0x20
[   36.157633] PGD b707b067 PUD b7140067 PMD 0 
[   36.157635] Oops: 0002 [#1] PREEMPT SMP 
[   36.157638] Modules linked in:
[   36.157642] CPU: 0 PID: 5841 Comm: syz-executor.0 Not tainted 4.4.0-rc5-syzkaller #0
[   36.157643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.157644] task: ffff8800b8848600 ti: ffff88012a96c000 task.ti: ffff88012a96c000
[   36.157648] RIP: 0010:[<ffffffff81a4a8c4>]  [<ffffffff81a4a8c4>] mem16_serial_out+0x14/0x20
[   36.157649] RSP: 0018:ffff88012a96fca0  EFLAGS: 00010206
[   36.157650] RAX: 000000000000000a RBX: ffffffff8449b720 RCX: 0000000000000000
[   36.157651] RDX: 00000000000000bf RSI: 0000000000000003 RDI: ffffffff8449b720
[   36.157652] RBP: ffff88012a96fca0 R08: ffffffff82e9a9fc R09: 0000000000000000
[   36.157653] R10: ffffffff82e9a9eb R11: 0000000000000000 R12: ffff8800b46fa000
[   36.157654] R13: 0000000000000001 R14: ffff8800b46fa000 R15: ffffffff8449b720
[   36.157656] FS:  00007fb291ccd700(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000
[   36.157657] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   36.157658] CR2: 0000000000000003 CR3: 00000000b707a000 CR4: 00000000001406f0
[   36.157662] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   36.157663] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   36.157663] Stack:
[   36.157666]  ffff88012a96fcd8 ffffffff81a4d3c1 ffff88021a1d89a8 ffff8800b46fa000
[   36.157668]  0000000000000001 ffff8800b46fa000 ffffffff8449b720 ffff88012a96fce8
[   36.157671]  ffffffff81a4d5a6 ffff88012a96fd20 ffffffff81a47bfd ffff88021a1d89a8
[   36.157671] Call Trace:
[   36.157675]  [<ffffffff81a4d3c1>] serial8250_do_startup+0x451/0x620
[   36.157677]  [<ffffffff81a4d5a6>] serial8250_startup+0x16/0x20
[   36.157679]  [<ffffffff81a47bfd>] uart_startup.part.15+0x7d/0x190
[   36.157681]  [<ffffffff81a4839f>] uart_ioctl+0x68f/0xaf0
[   36.157685]  [<ffffffff81a23a15>] tty_ioctl+0x385/0xe10
[   36.157691]  [<ffffffff812ff5bd>] do_vfs_ioctl+0x2dd/0x530
[   36.157695]  [<ffffffff8130b395>] ? __fget_light+0x25/0x90
[   36.157697]  [<ffffffff812ff884>] SyS_ioctl+0x74/0x80
[   36.157704]  [<ffffffff8269d736>] entry_SYSCALL_64_fastpath+0x16/0x76
[   36.157729] Code: 89 e5 d3 e6 48 63 f6 48 03 77 40 88 16 5d c3 0f 1f 84 00 00 00 00 00 0f b6 8f c1 00 00 00 55 48 89 e5 d3 e6 48 63 f6 48 03 77 40 <66> 89 16 5d c3 0f 1f 80 00 00 00 00 0f b6 8f c1 00 00 00 55 48 
[   36.157731] RIP  [<ffffffff81a4a8c4>] mem16_serial_out+0x14/0x20
[   36.157732]  RSP <ffff88012a96fca0>
[   36.157733] CR2: 0000000000000003
[   36.157737] ---[ end trace 314bf364f7014a3c ]---
[   36.157739] Kernel panic - not syncing: Fatal exception
[   36.161294] Kernel Offset: disabled