[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   57.647865][   T26] audit: type=1800 audit(1575368339.483:25): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   57.674463][   T26] audit: type=1800 audit(1575368339.483:26): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   57.726919][   T26] audit: type=1800 audit(1575368339.493:27): pid=8765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   82.712288][ T8917] ==================================================================
[   82.712328][ T8917] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0
[   82.712335][ T8917] Read of size 2 at addr ffff8880a54e12c0 by task syz-executor128/8917
[   82.712337][ T8917] 
[   82.712348][ T8917] CPU: 1 PID: 8917 Comm: syz-executor128 Not tainted 5.4.0-syzkaller #0
[   82.712352][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.712355][ T8917] Call Trace:
[   82.712368][ T8917]  dump_stack+0x197/0x210
[   82.712376][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712388][ T8917]  print_address_description.constprop.0.cold+0xd4/0x30b
[   82.712395][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712402][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712410][ T8917]  __kasan_report.cold+0x1b/0x41
[   82.712420][ T8917]  ? vcs_write+0x460/0xcf0
[   82.712427][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712435][ T8917]  kasan_report+0x12/0x20
[   82.712444][ T8917]  __asan_report_load2_noabort+0x14/0x20
[   82.712451][ T8917]  vcs_scr_readw+0xc2/0xd0
[   82.712459][ T8917]  vcs_write+0x646/0xcf0
[   82.712474][ T8917]  ? vcs_size+0x250/0x250
[   82.712486][ T8917]  ? apparmor_file_permission+0x25/0x30
[   82.712496][ T8917]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.712506][ T8917]  ? security_file_permission+0x8f/0x380
[   82.712515][ T8917]  ? trace_hardirqs_on+0x67/0x240
[   82.712525][ T8917]  __vfs_write+0x8a/0x110
[   82.712531][ T8917]  ? vcs_size+0x250/0x250
[   82.712540][ T8917]  vfs_write+0x268/0x5d0
[   82.712550][ T8917]  ksys_write+0x14f/0x290
[   82.712559][ T8917]  ? __ia32_sys_read+0xb0/0xb0
[   82.712570][ T8917]  ? do_fast_syscall_32+0xd1/0xe16
[   82.712578][ T8917]  ? entry_SYSENTER_compat+0x70/0x7f
[   82.712586][ T8917]  ? do_fast_syscall_32+0xd1/0xe16
[   82.712596][ T8917]  __ia32_sys_write+0x71/0xb0
[   82.712605][ T8917]  do_fast_syscall_32+0x27b/0xe16
[   82.712615][ T8917]  entry_SYSENTER_compat+0x70/0x7f
[   82.712621][ T8917] RIP: 0023:0xf7f2ba39
[   82.712629][ T8917] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   82.712634][ T8917] RSP: 002b:00000000fff02ffc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   82.712642][ T8917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020006480
[   82.712646][ T8917] RDX: 0000000000001010 RSI: 00000000080f000c RDI: 0000000000000000
[   82.712651][ T8917] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   82.712655][ T8917] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   82.712660][ T8917] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   82.712670][ T8917] 
[   82.712674][ T8917] Allocated by task 8898:
[   82.712681][ T8917]  save_stack+0x23/0x90
[   82.712688][ T8917]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   82.712694][ T8917]  kasan_kmalloc+0x9/0x10
[   82.712702][ T8917]  __kmalloc+0x163/0x770
[   82.712708][ T8917]  vc_allocate+0x3fc/0x760
[   82.712714][ T8917]  con_install+0x52/0x410
[   82.712721][ T8917]  tty_init_dev+0xf7/0x460
[   82.712727][ T8917]  tty_open+0x4a5/0xbb0
[   82.712735][ T8917]  chrdev_open+0x245/0x6b0
[   82.712744][ T8917]  do_dentry_open+0x4e6/0x1380
[   82.712750][ T8917]  vfs_open+0xa0/0xd0
[   82.712757][ T8917]  path_openat+0x10e4/0x4710
[   82.712765][ T8917]  do_filp_open+0x1a1/0x280
[   82.712772][ T8917]  do_sys_open+0x3fe/0x5d0
[   82.712778][ T8917]  __x64_sys_open+0x7e/0xc0
[   82.712785][ T8917]  do_syscall_64+0xfa/0x790
[   82.712793][ T8917]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.712795][ T8917] 
[   82.712798][ T8917] Freed by task 0:
[   82.712800][ T8917] (stack is not available)
[   82.712802][ T8917] 
[   82.712808][ T8917] The buggy address belongs to the object at ffff8880a54e0000
[   82.712808][ T8917]  which belongs to the cache kmalloc-8k of size 8192
[   82.712815][ T8917] The buggy address is located 4800 bytes inside of
[   82.712815][ T8917]  8192-byte region [ffff8880a54e0000, ffff8880a54e2000)
[   82.712818][ T8917] The buggy address belongs to the page:
[   82.712826][ T8917] page:ffffea0002953800 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0
[   82.712837][ T8917] raw: 00fffe0000010200 ffffea0002a6a808 ffffea000252f108 ffff8880aa4021c0
[   82.712846][ T8917] raw: 0000000000000000 ffff8880a54e0000 0000000100000001 0000000000000000
[   82.712849][ T8917] page dumped because: kasan: bad access detected
[   82.712851][ T8917] 
[   82.712854][ T8917] Memory state around the buggy address:
[   82.712860][ T8917]  ffff8880a54e1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.712866][ T8917]  ffff8880a54e1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.712872][ T8917] >ffff8880a54e1280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   82.712875][ T8917]                                            ^
[   82.712880][ T8917]  ffff8880a54e1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.712886][ T8917]  ffff8880a54e1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.712889][ T8917] ==================================================================
[   82.712892][ T8917] Disabling lock debugging due to kernel taint
[   82.712896][ T8917] Kernel panic - not syncing: panic_on_warn set ...
[   82.712903][ T8917] CPU: 1 PID: 8917 Comm: syz-executor128 Tainted: G    B             5.4.0-syzkaller #0
[   82.712907][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.712909][ T8917] Call Trace:
[   82.712917][ T8917]  dump_stack+0x197/0x210
[   82.712926][ T8917]  panic+0x2e3/0x75c
[   82.712932][ T8917]  ? add_taint.cold+0x16/0x16
[   82.712942][ T8917]  ? trace_hardirqs_on+0x67/0x240
[   82.712949][ T8917]  ? trace_hardirqs_on+0x5e/0x240
[   82.712956][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712962][ T8917]  end_report+0x47/0x4f
[   82.712968][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712975][ T8917]  __kasan_report.cold+0xe/0x41
[   82.712982][ T8917]  ? vcs_write+0x460/0xcf0
[   82.712988][ T8917]  ? vcs_scr_readw+0xc2/0xd0
[   82.712995][ T8917]  kasan_report+0x12/0x20
[   82.713002][ T8917]  __asan_report_load2_noabort+0x14/0x20
[   82.713009][ T8917]  vcs_scr_readw+0xc2/0xd0
[   82.713015][ T8917]  vcs_write+0x646/0xcf0
[   82.713026][ T8917]  ? vcs_size+0x250/0x250
[   82.713034][ T8917]  ? apparmor_file_permission+0x25/0x30
[   82.713042][ T8917]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.713049][ T8917]  ? security_file_permission+0x8f/0x380
[   82.713056][ T8917]  ? trace_hardirqs_on+0x67/0x240
[   82.713063][ T8917]  __vfs_write+0x8a/0x110
[   82.713069][ T8917]  ? vcs_size+0x250/0x250
[   82.713076][ T8917]  vfs_write+0x268/0x5d0
[   82.713084][ T8917]  ksys_write+0x14f/0x290
[   82.713091][ T8917]  ? __ia32_sys_read+0xb0/0xb0
[   82.713099][ T8917]  ? do_fast_syscall_32+0xd1/0xe16
[   82.713105][ T8917]  ? entry_SYSENTER_compat+0x70/0x7f
[   82.713112][ T8917]  ? do_fast_syscall_32+0xd1/0xe16
[   82.713120][ T8917]  __ia32_sys_write+0x71/0xb0
[   82.713128][ T8917]  do_fast_syscall_32+0x27b/0xe16
[   82.713136][ T8917]  entry_SYSENTER_compat+0x70/0x7f
[   82.713140][ T8917] RIP: 0023:0xf7f2ba39
[   82.713147][ T8917] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   82.713151][ T8917] RSP: 002b:00000000fff02ffc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   82.713162][ T8917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020006480
[   82.713166][ T8917] RDX: 0000000000001010 RSI: 00000000080f000c RDI: 0000000000000000
[   82.713170][ T8917] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   82.713174][ T8917] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   82.713178][ T8917] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   82.714465][ T8917] Kernel Offset: disabled
[   83.455963][ T8917] Rebooting in 86400 seconds..