[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   28.398689] kauditd_printk_skb: 8 callbacks suppressed
[   28.398701] audit: type=1800 audit(1540203339.307:29): pid=5448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   28.432740] audit: type=1800 audit(1540203339.317:30): pid=5448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
2018/10/22 10:16:13 parsed 1 programs
2018/10/22 10:16:14 executed programs: 0
syzkaller login: [   63.983285] IPVS: ftp: loaded support on port[0] = 21
[   64.238287] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.244978] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.252845] device bridge_slave_0 entered promiscuous mode
[   64.273308] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.279695] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.286910] device bridge_slave_1 entered promiscuous mode
[   64.305604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   64.323294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   64.372975] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.392800] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.469421] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   64.476786] team0: Port device team_slave_0 added
[   64.493101] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   64.500184] team0: Port device team_slave_1 added
[   64.518250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.537321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.556978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.576990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.723862] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.730281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.737211] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.743574] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.250799] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.302499] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.353751] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   65.359877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.367987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.415244] 8021q: adding VLAN 0 to HW filter on device team0
[   68.581215] ==================================================================
[   68.588741] BUG: KASAN: user-memory-access in n_tty_set_termios+0x106/0xe80
[   68.595870] Write of size 512 at addr 0000000000001060 by task syz-executor0/5990
[   68.603482] 
[   68.605096] CPU: 1 PID: 5990 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98
[   68.613480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.622816] Call Trace:
[   68.625408]  dump_stack+0x244/0x39d
[   68.629038]  ? dump_stack_print_info.cold.1+0x20/0x20
[   68.634220]  ? vprintk_func+0x85/0x181
[   68.638096]  kasan_report.cold.8+0x6d/0x309
[   68.642402]  ? n_tty_set_termios+0x106/0xe80
[   68.646797]  check_memory_region+0x13e/0x1b0
[   68.651187]  memset+0x23/0x40
[   68.654284]  n_tty_set_termios+0x106/0xe80
[   68.658507]  ? n_tty_receive_signal_char+0x120/0x120
[   68.663592]  tty_set_termios+0x7a0/0xac0
[   68.667640]  ? tty_wait_until_sent+0x5d0/0x5d0
[   68.672212]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   68.677736]  set_termios+0x41e/0x7d0
[   68.681438]  ? tty_perform_flush+0x80/0x80
[   68.685661]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   68.690747]  tty_mode_ioctl+0x857/0xb40
[   68.694717]  ? set_termios+0x7d0/0x7d0
[   68.698590]  ? tty_kref_put.part.13+0x88/0x260
[   68.703178]  ? perf_trace_sched_process_exec+0x860/0x860
[   68.708618]  n_tty_ioctl_helper+0x54/0x3b0
[   68.712864]  n_tty_ioctl+0x54/0x360
[   68.716474]  ? ldsem_down_read+0x32/0x40
[   68.720514]  ? ldsem_down_read+0x32/0x40
[   68.724559]  tty_ioctl+0x5c6/0x17d0
[   68.728186]  ? commit_echoes+0x1c0/0x1c0
[   68.732232]  ? tty_vhangup+0x30/0x30
[   68.735926]  ? find_held_lock+0x36/0x1c0
[   68.739977]  ? __fget+0x4aa/0x740
[   68.743417]  ? lock_downgrade+0x900/0x900
[   68.747548]  ? check_preemption_disabled+0x48/0x280
[   68.752564]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   68.757480]  ? kasan_check_read+0x11/0x20
[   68.761614]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   68.766873]  ? rcu_softirq_qs+0x20/0x20
[   68.770856]  ? __fget+0x4d1/0x740
[   68.774311]  ? ksys_dup3+0x680/0x680
[   68.778009]  ? __might_fault+0x12b/0x1e0
[   68.782055]  ? lock_downgrade+0x900/0x900
[   68.786187]  ? lock_release+0xa10/0xa10
[   68.790141]  ? perf_trace_sched_process_exec+0x860/0x860
[   68.795578]  ? tty_vhangup+0x30/0x30
[   68.799278]  do_vfs_ioctl+0x1de/0x1720
[   68.803161]  ? ioctl_preallocate+0x300/0x300
[   68.807555]  ? __fget_light+0x2e9/0x430
[   68.811527]  ? fget_raw+0x20/0x20
[   68.814966]  ? _copy_to_user+0xc8/0x110
[   68.818928]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   68.824459]  ? put_timespec64+0x10f/0x1b0
[   68.828589]  ? nsecs_to_jiffies+0x30/0x30
[   68.832720]  ? do_syscall_64+0x9a/0x820
[   68.836675]  ? do_syscall_64+0x9a/0x820
[   68.840635]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   68.845202]  ? security_file_ioctl+0x94/0xc0
[   68.849596]  ksys_ioctl+0xa9/0xd0
[   68.853038]  __x64_sys_ioctl+0x73/0xb0
[   68.856913]  do_syscall_64+0x1b9/0x820
[   68.860786]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   68.866134]  ? syscall_return_slowpath+0x5e0/0x5e0
[   68.871058]  ? trace_hardirqs_on_caller+0x310/0x310
[   68.876073]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   68.881076]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   68.887725]  ? __switch_to_asm+0x40/0x70
[   68.891774]  ? __switch_to_asm+0x34/0x70
[   68.895823]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   68.900652]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   68.905826] RIP: 0033:0x457569
[   68.909005] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   68.927904] RSP: 002b:00007f27fef88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.935598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   68.942851] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000007
[   68.950103] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   68.957355] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27fef896d4
[   68.964609] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   68.971870] ==================================================================
[   68.979207] Disabling lock debugging due to kernel taint
[   68.985001] Kernel panic - not syncing: panic_on_warn set ...
[   68.990908] CPU: 1 PID: 5990 Comm: syz-executor0 Tainted: G    B             4.19.0-rc8-next-20181019+ #98
[   69.000720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.010060] Call Trace:
[   69.012662]  dump_stack+0x244/0x39d
[   69.016295]  ? dump_stack_print_info.cold.1+0x20/0x20
[   69.021481]  panic+0x2ad/0x55c
[   69.024660]  ? add_taint.cold.5+0x16/0x16
[   69.028794]  ? preempt_schedule+0x4d/0x60
[   69.032924]  ? ___preempt_schedule+0x16/0x18
[   69.037334]  ? trace_hardirqs_on+0xb4/0x310
[   69.041642]  kasan_end_report+0x47/0x4f
[   69.045612]  kasan_report.cold.8+0x76/0x309
[   69.049928]  ? n_tty_set_termios+0x106/0xe80
[   69.054322]  check_memory_region+0x13e/0x1b0
[   69.058736]  memset+0x23/0x40
[   69.061853]  n_tty_set_termios+0x106/0xe80
[   69.066070]  ? n_tty_receive_signal_char+0x120/0x120
[   69.071169]  tty_set_termios+0x7a0/0xac0
[   69.075224]  ? tty_wait_until_sent+0x5d0/0x5d0
[   69.079802]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.085325]  set_termios+0x41e/0x7d0
[   69.089026]  ? tty_perform_flush+0x80/0x80
[   69.093247]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   69.098335]  tty_mode_ioctl+0x857/0xb40
[   69.102296]  ? set_termios+0x7d0/0x7d0
[   69.106174]  ? tty_kref_put.part.13+0x88/0x260
[   69.110740]  ? perf_trace_sched_process_exec+0x860/0x860
[   69.116183]  n_tty_ioctl_helper+0x54/0x3b0
[   69.120404]  n_tty_ioctl+0x54/0x360
[   69.124013]  ? ldsem_down_read+0x32/0x40
[   69.128071]  ? ldsem_down_read+0x32/0x40
[   69.132137]  tty_ioctl+0x5c6/0x17d0
[   69.135758]  ? commit_echoes+0x1c0/0x1c0
[   69.139806]  ? tty_vhangup+0x30/0x30
[   69.143505]  ? find_held_lock+0x36/0x1c0
[   69.147567]  ? __fget+0x4aa/0x740
[   69.151015]  ? lock_downgrade+0x900/0x900
[   69.155147]  ? check_preemption_disabled+0x48/0x280
[   69.160163]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   69.165090]  ? kasan_check_read+0x11/0x20
[   69.169222]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   69.174485]  ? rcu_softirq_qs+0x20/0x20
[   69.178448]  ? __fget+0x4d1/0x740
[   69.181885]  ? ksys_dup3+0x680/0x680
[   69.185588]  ? __might_fault+0x12b/0x1e0
[   69.189636]  ? lock_downgrade+0x900/0x900
[   69.193778]  ? lock_release+0xa10/0xa10
[   69.197737]  ? perf_trace_sched_process_exec+0x860/0x860
[   69.203180]  ? tty_vhangup+0x30/0x30
[   69.206885]  do_vfs_ioctl+0x1de/0x1720
[   69.210770]  ? ioctl_preallocate+0x300/0x300
[   69.215168]  ? __fget_light+0x2e9/0x430
[   69.219126]  ? fget_raw+0x20/0x20
[   69.222561]  ? _copy_to_user+0xc8/0x110
[   69.226630]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.232175]  ? put_timespec64+0x10f/0x1b0
[   69.236328]  ? nsecs_to_jiffies+0x30/0x30
[   69.240463]  ? do_syscall_64+0x9a/0x820
[   69.244421]  ? do_syscall_64+0x9a/0x820
[   69.248382]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   69.252959]  ? security_file_ioctl+0x94/0xc0
[   69.257389]  ksys_ioctl+0xa9/0xd0
[   69.260836]  __x64_sys_ioctl+0x73/0xb0
[   69.264723]  do_syscall_64+0x1b9/0x820
[   69.268613]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   69.273964]  ? syscall_return_slowpath+0x5e0/0x5e0
[   69.278881]  ? trace_hardirqs_on_caller+0x310/0x310
[   69.283897]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   69.288900]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   69.295550]  ? __switch_to_asm+0x40/0x70
[   69.299595]  ? __switch_to_asm+0x34/0x70
[   69.303643]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   69.308485]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.313660] RIP: 0033:0x457569
[   69.316838] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   69.335740] RSP: 002b:00007f27fef88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.343440] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[   69.350709] RDX: 0000000020000040 RSI: 0000000000005402 RDI: 0000000000000007
[   69.357961] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[   69.365214] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27fef896d4
[   69.372465] R13: 00000000004c0d97 R14: 00000000004d17b8 R15: 00000000ffffffff
[   69.380586] Kernel Offset: disabled
[   69.384207] Rebooting in 86400 seconds..