[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   65.212212][   T27] audit: type=1800 audit(1575924532.173:25): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   65.232447][   T27] audit: type=1800 audit(1575924532.173:26): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   65.278210][   T27] audit: type=1800 audit(1575924532.173:27): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
syzkaller login: [   77.546746][ T9180] IPVS: ftp: loaded support on port[0] = 21
[   77.557879][ T9176] IPVS: ftp: loaded support on port[0] = 21
[   77.567517][ T9182] IPVS: ftp: loaded support on port[0] = 21
[   77.581430][ T9181] IPVS: ftp: loaded support on port[0] = 21
[   77.589926][ T9184] IPVS: ftp: loaded support on port[0] = 21
[   77.601485][ T9183] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   78.267996][ T9211] ==================================================================
[   78.268049][ T9211] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10
[   78.268059][ T9211] Read of size 1 at addr ffff8880a8cf6164 by task syz-executor307/9211
[   78.268063][ T9211] 
[   78.268078][ T9211] CPU: 0 PID: 9211 Comm: syz-executor307 Not tainted 5.5.0-rc1-syzkaller #0
[   78.268085][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.268090][ T9211] Call Trace:
[   78.268107][ T9211]  dump_stack+0x197/0x210
[   78.268119][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.268139][ T9211]  print_address_description.constprop.0.cold+0xd4/0x30b
[   78.268150][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.268161][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.268175][ T9211]  __kasan_report.cold+0x1b/0x41
[   78.268191][ T9211]  ? fb_get_color_depth.part.0+0x40/0x200
[   78.268202][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.268216][ T9211]  kasan_report+0x12/0x20
[   78.268231][ T9211]  __asan_report_load1_noabort+0x14/0x20
[   78.268243][ T9211]  bit_putcs+0xd5d/0xf10
[   78.268278][ T9211]  ? bit_cursor+0x1a60/0x1a60
[   78.268295][ T9211]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   78.268313][ T9211]  ? write_comp_data+0x1/0x70
[   78.268328][ T9211]  ? fb_get_color_depth.part.0+0xcf/0x200
[   78.268346][ T9211]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.268359][ T9211]  fbcon_putcs+0x33c/0x3e0
[   78.268367][ T9211]  ? bit_cursor+0x1a60/0x1a60
[   78.268379][ T9211]  do_update_region+0x42b/0x6f0
[   78.268391][ T9211]  ? con_get_trans_old+0x2a0/0x2a0
[   78.268402][ T9211]  ? fbcon_set_palette+0x3c4/0x4a0
[   78.268410][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.268418][ T9211]  ? var_to_display+0x810/0x810
[   78.268429][ T9211]  redraw_screen+0x676/0x7d0
[   78.268439][ T9211]  ? respond_string+0x2c0/0x2c0
[   78.268451][ T9211]  fbcon_do_set_font+0x829/0x960
[   78.268462][ T9211]  fbcon_copy_font+0x12c/0x190
[   78.268470][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.268476][ T9211]  ? fbcon_do_set_font+0x960/0x960
[   78.268485][ T9211]  con_font_op+0x6b2/0x1270
[   78.268494][ T9211]  ? lock_downgrade+0x920/0x920
[   78.268504][ T9211]  ? con_write+0xd0/0xd0
[   78.268518][ T9211]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   78.268527][ T9211]  ? _copy_from_user+0x12c/0x1a0
[   78.268538][ T9211]  vt_ioctl+0x181a/0x26d0
[   78.268549][ T9211]  ? complete_change_console+0x3a0/0x3a0
[   78.268556][ T9211]  ? lock_downgrade+0x920/0x920
[   78.268565][ T9211]  ? rwlock_bug.part.0+0x90/0x90
[   78.268575][ T9211]  ? tomoyo_path_number_perm+0x214/0x520
[   78.268582][ T9211]  ? find_held_lock+0x35/0x130
[   78.268592][ T9211]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.268601][ T9211]  ? tty_jobctrl_ioctl+0x50/0xd40
[   78.268609][ T9211]  ? complete_change_console+0x3a0/0x3a0
[   78.268619][ T9211]  tty_ioctl+0xa37/0x14f0
[   78.268628][ T9211]  ? tty_vhangup+0x30/0x30
[   78.268636][ T9211]  ? tomoyo_path_number_perm+0x454/0x520
[   78.268646][ T9211]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   78.268654][ T9211]  ? tomoyo_path_number_perm+0x25e/0x520
[   78.268663][ T9211]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   78.268681][ T9211]  ? tty_vhangup+0x30/0x30
[   78.268692][ T9211]  do_vfs_ioctl+0x977/0x14e0
[   78.268702][ T9211]  ? compat_ioctl_preallocate+0x220/0x220
[   78.268710][ T9211]  ? __fget+0x37f/0x550
[   78.268721][ T9211]  ? ksys_dup3+0x3e0/0x3e0
[   78.268730][ T9211]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   78.268742][ T9211]  ? tomoyo_file_ioctl+0x23/0x30
[   78.268750][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.268758][ T9211]  ? security_file_ioctl+0x8d/0xc0
[   78.268767][ T9211]  ksys_ioctl+0xab/0xd0
[   78.268782][ T9211]  __x64_sys_ioctl+0x73/0xb0
[   78.268791][ T9211]  do_syscall_64+0xfa/0x790
[   78.268803][ T9211]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.268813][ T9211] RIP: 0033:0x447139
[   78.268827][ T9211] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.268834][ T9211] RSP: 002b:00007f36fa404db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.268848][ T9211] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000447139
[   78.268856][ T9211] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005
[   78.268865][ T9211] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[   78.268872][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c
[   78.268878][ T9211] R13: 00007ffea17860cf R14: 00007f36fa4059c0 R15: 00000000006dcc2c
[   78.268889][ T9211] 
[   78.268894][ T9211] Allocated by task 9186:
[   78.268901][ T9211]  save_stack+0x23/0x90
[   78.268908][ T9211]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   78.268914][ T9211]  kasan_kmalloc+0x9/0x10
[   78.268920][ T9211]  __kmalloc+0x163/0x770
[   78.268926][ T9211]  fbcon_set_font+0x32d/0x860
[   78.268933][ T9211]  con_font_op+0xe30/0x1270
[   78.268940][ T9211]  vt_ioctl+0xd2e/0x26d0
[   78.268947][ T9211]  tty_ioctl+0xa37/0x14f0
[   78.268953][ T9211]  do_vfs_ioctl+0x977/0x14e0
[   78.268959][ T9211]  ksys_ioctl+0xab/0xd0
[   78.268965][ T9211]  __x64_sys_ioctl+0x73/0xb0
[   78.268972][ T9211]  do_syscall_64+0xfa/0x790
[   78.268980][ T9211]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.268982][ T9211] 
[   78.268985][ T9211] Freed by task 8248:
[   78.268991][ T9211]  save_stack+0x23/0x90
[   78.268998][ T9211]  __kasan_slab_free+0x102/0x150
[   78.269004][ T9211]  kasan_slab_free+0xe/0x10
[   78.269009][ T9211]  kfree+0x10a/0x2c0
[   78.269018][ T9211]  load_elf_binary+0x25bb/0x5310
[   78.269026][ T9211]  search_binary_handler+0x16d/0x570
[   78.269033][ T9211]  __do_execve_file.isra.0+0x1329/0x22b0
[   78.269040][ T9211]  __x64_sys_execve+0x8f/0xc0
[   78.269047][ T9211]  do_syscall_64+0xfa/0x790
[   78.269054][ T9211]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.269056][ T9211] 
[   78.269062][ T9211] The buggy address belongs to the object at ffff8880a8cf6000
[   78.269062][ T9211]  which belongs to the cache kmalloc-512 of size 512
[   78.269069][ T9211] The buggy address is located 356 bytes inside of
[   78.269069][ T9211]  512-byte region [ffff8880a8cf6000, ffff8880a8cf6200)
[   78.269072][ T9211] The buggy address belongs to the page:
[   78.269081][ T9211] page:ffffea0002a33d80 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0
[   78.269091][ T9211] raw: 00fffe0000000200 ffffea0002a3a508 ffffea000268dc08 ffff8880aa400a80
[   78.269100][ T9211] raw: 0000000000000000 ffff8880a8cf6000 0000000100000004 0000000000000000
[   78.269104][ T9211] page dumped because: kasan: bad access detected
[   78.269106][ T9211] 
[   78.269109][ T9211] Memory state around the buggy address:
[   78.269115][ T9211]  ffff8880a8cf6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.269121][ T9211]  ffff8880a8cf6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.269127][ T9211] >ffff8880a8cf6100: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.269130][ T9211]                                                        ^
[   78.269136][ T9211]  ffff8880a8cf6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.269141][ T9211]  ffff8880a8cf6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.269144][ T9211] ==================================================================
[   78.269148][ T9211] Disabling lock debugging due to kernel taint
[   78.269315][ T9211] Kernel panic - not syncing: panic_on_warn set ...
[   78.269331][ T9211] CPU: 0 PID: 9211 Comm: syz-executor307 Tainted: G    B             5.5.0-rc1-syzkaller #0
[   78.269341][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.269349][ T9211] Call Trace:
[   78.269371][ T9211]  dump_stack+0x197/0x210
[   78.269385][ T9211]  panic+0x2e3/0x75c
[   78.269399][ T9211]  ? add_taint.cold+0x16/0x16
[   78.269412][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.269427][ T9211]  ? preempt_schedule+0x4b/0x60
[   78.269442][ T9211]  ? ___preempt_schedule+0x16/0x18
[   78.269458][ T9211]  ? trace_hardirqs_on+0x5e/0x240
[   78.269471][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.269484][ T9211]  end_report+0x47/0x4f
[   78.269497][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.269511][ T9211]  __kasan_report.cold+0xe/0x41
[   78.269525][ T9211]  ? fb_get_color_depth.part.0+0x40/0x200
[   78.269537][ T9211]  ? bit_putcs+0xd5d/0xf10
[   78.269551][ T9211]  kasan_report+0x12/0x20
[   78.269565][ T9211]  __asan_report_load1_noabort+0x14/0x20
[   78.269578][ T9211]  bit_putcs+0xd5d/0xf10
[   78.269600][ T9211]  ? bit_cursor+0x1a60/0x1a60
[   78.269615][ T9211]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   78.269629][ T9211]  ? write_comp_data+0x1/0x70
[   78.269643][ T9211]  ? fb_get_color_depth.part.0+0xcf/0x200
[   78.269659][ T9211]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.269674][ T9211]  fbcon_putcs+0x33c/0x3e0
[   78.269687][ T9211]  ? bit_cursor+0x1a60/0x1a60
[   78.269702][ T9211]  do_update_region+0x42b/0x6f0
[   78.269717][ T9211]  ? con_get_trans_old+0x2a0/0x2a0
[   78.269732][ T9211]  ? fbcon_set_palette+0x3c4/0x4a0
[   78.269746][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.269761][ T9211]  ? var_to_display+0x810/0x810
[   78.269782][ T9211]  redraw_screen+0x676/0x7d0
[   78.269797][ T9211]  ? respond_string+0x2c0/0x2c0
[   78.269811][ T9211]  fbcon_do_set_font+0x829/0x960
[   78.269825][ T9211]  fbcon_copy_font+0x12c/0x190
[   78.269840][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.269852][ T9211]  ? fbcon_do_set_font+0x960/0x960
[   78.269866][ T9211]  con_font_op+0x6b2/0x1270
[   78.269880][ T9211]  ? lock_downgrade+0x920/0x920
[   78.269894][ T9211]  ? con_write+0xd0/0xd0
[   78.269912][ T9211]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   78.269930][ T9211]  ? _copy_from_user+0x12c/0x1a0
[   78.269946][ T9211]  vt_ioctl+0x181a/0x26d0
[   78.269962][ T9211]  ? complete_change_console+0x3a0/0x3a0
[   78.269975][ T9211]  ? lock_downgrade+0x920/0x920
[   78.269989][ T9211]  ? rwlock_bug.part.0+0x90/0x90
[   78.270003][ T9211]  ? tomoyo_path_number_perm+0x214/0x520
[   78.270016][ T9211]  ? find_held_lock+0x35/0x130
[   78.270031][ T9211]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.270045][ T9211]  ? tty_jobctrl_ioctl+0x50/0xd40
[   78.270060][ T9211]  ? complete_change_console+0x3a0/0x3a0
[   78.270074][ T9211]  tty_ioctl+0xa37/0x14f0
[   78.270088][ T9211]  ? tty_vhangup+0x30/0x30
[   78.270101][ T9211]  ? tomoyo_path_number_perm+0x454/0x520
[   78.270116][ T9211]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   78.270130][ T9211]  ? tomoyo_path_number_perm+0x25e/0x520
[   78.270144][ T9211]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   78.270164][ T9211]  ? tty_vhangup+0x30/0x30
[   78.270173][ T9211]  do_vfs_ioctl+0x977/0x14e0
[   78.270183][ T9211]  ? compat_ioctl_preallocate+0x220/0x220
[   78.270193][ T9211]  ? __fget+0x37f/0x550
[   78.270207][ T9211]  ? ksys_dup3+0x3e0/0x3e0
[   78.270218][ T9211]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   78.270232][ T9211]  ? tomoyo_file_ioctl+0x23/0x30
[   78.270244][ T9211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.270255][ T9211]  ? security_file_ioctl+0x8d/0xc0
[   78.270266][ T9211]  ksys_ioctl+0xab/0xd0
[   78.270279][ T9211]  __x64_sys_ioctl+0x73/0xb0
[   78.270292][ T9211]  do_syscall_64+0xfa/0x790
[   78.270306][ T9211]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.270313][ T9211] RIP: 0033:0x447139
[   78.270328][ T9211] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.270338][ T9211] RSP: 002b:00007f36fa404db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.270358][ T9211] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000447139
[   78.270369][ T9211] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005
[   78.270379][ T9211] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[   78.270390][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c
[   78.270401][ T9211] R13: 00007ffea17860cf R14: 00007f36fa4059c0 R15: 00000000006dcc2c
[   78.271801][ T9211] Kernel Offset: disabled