[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   86.388697][   T27] audit: type=1800 audit(1577388355.935:25): pid=8955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   86.408957][   T27] audit: type=1800 audit(1577388355.935:26): pid=8955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   86.465965][   T27] audit: type=1800 audit(1577388355.935:27): pid=8955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   99.805174][ T9114] ==================================================================
[   99.813468][ T9114] BUG: KASAN: global-out-of-bounds in precalculate_color+0x2154/0x2480
[   99.821714][ T9114] Read of size 1 at addr ffffffff88b3d3f9 by task vivid-000-vid-c/9114
[   99.829926][ T9114] 
[   99.832263][ T9114] CPU: 1 PID: 9114 Comm: vivid-000-vid-c Not tainted 5.5.0-rc3-syzkaller #0
[   99.840909][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   99.850945][ T9114] Call Trace:
[   99.854218][ T9114]  dump_stack+0x197/0x210
[   99.858531][ T9114]  ? precalculate_color+0x2154/0x2480
[   99.863889][ T9114]  print_address_description.constprop.0.cold+0x5/0x30b
[   99.870817][ T9114]  ? precalculate_color+0x2154/0x2480
[   99.876182][ T9114]  ? precalculate_color+0x2154/0x2480
[   99.881546][ T9114]  __kasan_report.cold+0x1b/0x41
[   99.886474][ T9114]  ? color_to_ycbcr.isra.0+0x350/0x660
[   99.891962][ T9114]  ? precalculate_color+0x2154/0x2480
[   99.897322][ T9114]  kasan_report+0x12/0x20
[   99.901639][ T9114]  __asan_report_load1_noabort+0x14/0x20
[   99.907255][ T9114]  precalculate_color+0x2154/0x2480
[   99.912440][ T9114]  ? color_to_ycbcr.isra.0+0x660/0x660
[   99.917907][ T9114]  tpg_recalc+0x561/0x2850
[   99.922320][ T9114]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   99.928900][ T9114]  ? tpg_get_color.isra.0+0x300/0x300
[   99.934265][ T9114]  ? unwind_next_frame.part.0+0x1a9/0xa20
[   99.939971][ T9114]  ? vb2_vmalloc_vaddr+0x37/0x50
[   99.944896][ T9114]  tpg_calc_text_basep+0xa1/0x290
[   99.949920][ T9114]  vivid_fillbuff+0x1a5f/0x3af0
[   99.954752][ T9114]  ? mark_lock+0xc2/0x1220
[   99.959179][ T9114]  ? vivid_grab_controls+0x380/0x380
[   99.964451][ T9114]  ? find_held_lock+0x35/0x130
[   99.969204][ T9114]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[   99.975169][ T9114]  ? lock_downgrade+0x920/0x920
[   99.980000][ T9114]  ? rwlock_bug.part.0+0x90/0x90
[   99.984918][ T9114]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[   99.990538][ T9114]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[   99.996329][ T9114]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[  100.002232][ T9114]  ? lock_downgrade+0x920/0x920
[  100.007064][ T9114]  ? lock_acquire+0x190/0x410
[  100.011730][ T9114]  vivid_thread_vid_cap+0x5d8/0xa60
[  100.016924][ T9114]  kthread+0x361/0x430
[  100.020985][ T9114]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[  100.026969][ T9114]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  100.032670][ T9114]  ret_from_fork+0x24/0x30
[  100.037068][ T9114] 
[  100.039391][ T9114] The buggy address belongs to the variable:
[  100.045362][ T9114]  kbd_keycodes+0x119/0x760
[  100.049928][ T9114] 
[  100.052239][ T9114] Memory state around the buggy address:
[  100.057860][ T9114]  ffffffff88b3d280: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[  100.065907][ T9114]  ffffffff88b3d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  100.073958][ T9114] >ffffffff88b3d380: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
[  100.082048][ T9114]                                                                 ^
[  100.090004][ T9114]  ffffffff88b3d400: 00 00 00 00 07 fa fa fa fa fa fa fa 00 00 00 00
[  100.098055][ T9114]  ffffffff88b3d480: 00 fa fa fa fa fa fa fa 02 fa fa fa fa fa fa fa
[  100.106210][ T9114] ==================================================================
[  100.114250][ T9114] Disabling lock debugging due to kernel taint
[  100.121038][ T9114] Kernel panic - not syncing: panic_on_warn set ...
[  100.127669][ T9114] CPU: 1 PID: 9114 Comm: vivid-000-vid-c Tainted: G    B             5.5.0-rc3-syzkaller #0
[  100.137707][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  100.147757][ T9114] Call Trace:
[  100.151049][ T9114]  dump_stack+0x197/0x210
[  100.155449][ T9114]  panic+0x2e3/0x75c
[  100.159331][ T9114]  ? add_taint.cold+0x16/0x16
[  100.163996][ T9114]  ? precalculate_color+0x2154/0x2480
[  100.169360][ T9114]  ? preempt_schedule+0x4b/0x60
[  100.174193][ T9114]  ? ___preempt_schedule+0x16/0x18
[  100.179289][ T9114]  ? trace_hardirqs_on+0x5e/0x240
[  100.184429][ T9114]  ? precalculate_color+0x2154/0x2480
[  100.189804][ T9114]  end_report+0x47/0x4f
[  100.193943][ T9114]  ? precalculate_color+0x2154/0x2480
[  100.199302][ T9114]  __kasan_report.cold+0xe/0x41
[  100.204146][ T9114]  ? color_to_ycbcr.isra.0+0x350/0x660
[  100.209588][ T9114]  ? precalculate_color+0x2154/0x2480
[  100.214943][ T9114]  kasan_report+0x12/0x20
[  100.219442][ T9114]  __asan_report_load1_noabort+0x14/0x20
[  100.225055][ T9114]  precalculate_color+0x2154/0x2480
[  100.230234][ T9114]  ? color_to_ycbcr.isra.0+0x660/0x660
[  100.235697][ T9114]  tpg_recalc+0x561/0x2850
[  100.240114][ T9114]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[  100.246683][ T9114]  ? tpg_get_color.isra.0+0x300/0x300
[  100.252058][ T9114]  ? unwind_next_frame.part.0+0x1a9/0xa20
[  100.257755][ T9114]  ? vb2_vmalloc_vaddr+0x37/0x50
[  100.262693][ T9114]  tpg_calc_text_basep+0xa1/0x290
[  100.267695][ T9114]  vivid_fillbuff+0x1a5f/0x3af0
[  100.272522][ T9114]  ? mark_lock+0xc2/0x1220
[  100.276933][ T9114]  ? vivid_grab_controls+0x380/0x380
[  100.282196][ T9114]  ? find_held_lock+0x35/0x130
[  100.286947][ T9114]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[  100.293279][ T9114]  ? lock_downgrade+0x920/0x920
[  100.298117][ T9114]  ? rwlock_bug.part.0+0x90/0x90
[  100.303035][ T9114]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[  100.308656][ T9114]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[  100.314353][ T9114]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[  100.320225][ T9114]  ? lock_downgrade+0x920/0x920
[  100.325053][ T9114]  ? lock_acquire+0x190/0x410
[  100.329723][ T9114]  vivid_thread_vid_cap+0x5d8/0xa60
[  100.334911][ T9114]  kthread+0x361/0x430
[  100.338959][ T9114]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[  100.345005][ T9114]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  100.350720][ T9114]  ret_from_fork+0x24/0x30
[  100.356487][ T9114] Kernel Offset: disabled
[  100.360868][ T9114] Rebooting in 86400 seconds..