[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   71.879497][   T27] audit: type=1800 audit(1576720633.555:25): pid=9052 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   71.910515][   T27] audit: type=1800 audit(1576720633.555:26): pid=9052 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   71.970798][   T27] audit: type=1800 audit(1576720633.555:27): pid=9052 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   82.355748][ T9204] sp0: Synchronizing with TNC
[   82.363567][   T32] ==================================================================
[   82.371773][   T32] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x23b/0x270
[   82.379666][   T32] Write of size 1 at addr ffff88809795504e by task kworker/u4:2/32
[   82.387551][   T32] 
[   82.389894][   T32] CPU: 0 PID: 32 Comm: kworker/u4:2 Not tainted 5.5.0-rc2-next-20191218-syzkaller #0
[   82.399344][   T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.409409][   T32] Workqueue: events_unbound flush_to_ldisc
[   82.415219][   T32] Call Trace:
[   82.418517][   T32]  dump_stack+0x197/0x210
[   82.422859][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.428071][   T32]  print_address_description.constprop.0.cold+0xd4/0x30b
[   82.435100][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.440335][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.445540][   T32]  __kasan_report.cold+0x1b/0x41
[   82.450491][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.455700][   T32]  kasan_report+0x12/0x20
[   82.460041][   T32]  __asan_report_store1_noabort+0x17/0x20
[   82.465774][   T32]  decode_data.part.0+0x23b/0x270
[   82.470828][   T32]  sixpack_receive_buf+0xde4/0x1420
[   82.476038][   T32]  ? sp_xmit+0xc40/0xc40
[   82.480289][   T32]  tty_ldisc_receive_buf+0x15f/0x1c0
[   82.485586][   T32]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.491840][   T32]  tty_port_default_receive_buf+0x7d/0xb0
[   82.497569][   T32]  flush_to_ldisc+0x222/0x390
[   82.502271][   T32]  process_one_work+0x9af/0x1740
[   82.507223][   T32]  ? pwq_dec_nr_in_flight+0x320/0x320
[   82.512606][   T32]  ? lock_acquire+0x190/0x410
[   82.517301][   T32]  worker_thread+0x98/0xe40
[   82.521814][   T32]  ? trace_hardirqs_on+0x67/0x240
[   82.526857][   T32]  kthread+0x361/0x430
[   82.530932][   T32]  ? process_one_work+0x1740/0x1740
[   82.536133][   T32]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   82.541865][   T32]  ret_from_fork+0x24/0x30
[   82.546289][   T32] 
[   82.548619][   T32] Allocated by task 9204:
[   82.552953][   T32]  save_stack+0x23/0x90
[   82.557118][   T32]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   82.562756][   T32]  kasan_kmalloc+0x9/0x10
[   82.567084][   T32]  __kmalloc_node+0x4e/0x70
[   82.571595][   T32]  kvmalloc_node+0x68/0x100
[   82.576103][   T32]  alloc_netdev_mqs+0x98/0xde0
[   82.580871][   T32]  sixpack_open+0x104/0xaaf
[   82.585374][   T32]  tty_ldisc_open.isra.0+0xa3/0x110
[   82.590580][   T32]  tty_set_ldisc+0x30e/0x6b0
[   82.595174][   T32]  tty_ioctl+0xe8d/0x14f0
[   82.599512][   T32]  do_vfs_ioctl+0x977/0x14e0
[   82.604121][   T32]  ksys_ioctl+0xab/0xd0
[   82.608283][   T32]  __x64_sys_ioctl+0x73/0xb0
[   82.612876][   T32]  do_syscall_64+0xfa/0x790
[   82.617459][   T32]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.623334][   T32] 
[   82.625665][   T32] Freed by task 0:
[   82.629379][   T32] (stack is not available)
[   82.633792][   T32] 
[   82.636123][   T32] The buggy address belongs to the object at ffff888097954000
[   82.636123][   T32]  which belongs to the cache kmalloc-4k of size 4096
[   82.650292][   T32] The buggy address is located 78 bytes to the right of
[   82.650292][   T32]  4096-byte region [ffff888097954000, ffff888097955000)
[   82.664064][   T32] The buggy address belongs to the page:
[   82.669680][   T32] page:ffffea00025e5500 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[   82.681027][   T32] raw: 00fffe0000010200 ffffea00023e8608 ffffea0002807a88 ffff8880aa402000
[   82.689607][   T32] raw: 0000000000000000 ffff888097954000 0000000100000001 0000000000000000
[   82.698211][   T32] page dumped because: kasan: bad access detected
[   82.704655][   T32] 
[   82.706972][   T32] Memory state around the buggy address:
[   82.712594][   T32]  ffff888097954f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.720686][   T32]  ffff888097954f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.728732][   T32] >ffff888097955000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.736772][   T32]                                               ^
[   82.743181][   T32]  ffff888097955080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.751220][   T32]  ffff888097955100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.759255][   T32] ==================================================================
[   82.767289][   T32] Disabling lock debugging due to kernel taint
[   82.773907][   T32] Kernel panic - not syncing: panic_on_warn set ...
[   82.780500][   T32] CPU: 0 PID: 32 Comm: kworker/u4:2 Tainted: G    B             5.5.0-rc2-next-20191218-syzkaller #0
[   82.791316][   T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.801356][   T32] Workqueue: events_unbound flush_to_ldisc
[   82.807132][   T32] Call Trace:
[   82.810422][   T32]  dump_stack+0x197/0x210
[   82.814749][   T32]  panic+0x2e3/0x75c
[   82.818621][   T32]  ? add_taint.cold+0x16/0x16
[   82.823280][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.828469][   T32]  ? preempt_schedule+0x4b/0x60
[   82.833297][   T32]  ? ___preempt_schedule+0x16/0x18
[   82.838399][   T32]  ? trace_hardirqs_on+0x5e/0x240
[   82.843414][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.848590][   T32]  end_report+0x47/0x4f
[   82.852722][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.857908][   T32]  __kasan_report.cold+0xe/0x41
[   82.862754][   T32]  ? decode_data.part.0+0x23b/0x270
[   82.867928][   T32]  kasan_report+0x12/0x20
[   82.872233][   T32]  __asan_report_store1_noabort+0x17/0x20
[   82.877946][   T32]  decode_data.part.0+0x23b/0x270
[   82.882953][   T32]  sixpack_receive_buf+0xde4/0x1420
[   82.888134][   T32]  ? sp_xmit+0xc40/0xc40
[   82.892385][   T32]  tty_ldisc_receive_buf+0x15f/0x1c0
[   82.897651][   T32]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.903873][   T32]  tty_port_default_receive_buf+0x7d/0xb0
[   82.909585][   T32]  flush_to_ldisc+0x222/0x390
[   82.914253][   T32]  process_one_work+0x9af/0x1740
[   82.919174][   T32]  ? pwq_dec_nr_in_flight+0x320/0x320
[   82.924528][   T32]  ? lock_acquire+0x190/0x410
[   82.929191][   T32]  worker_thread+0x98/0xe40
[   82.933689][   T32]  ? trace_hardirqs_on+0x67/0x240
[   82.938700][   T32]  kthread+0x361/0x430
[   82.942745][   T32]  ? process_one_work+0x1740/0x1740
[   82.947918][   T32]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   82.953615][   T32]  ret_from_fork+0x24/0x30
[   82.959374][   T32] Kernel Offset: disabled
[   82.963713][   T32] Rebooting in 86400 seconds..