[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.767825][ T25] audit: type=1800 audit(1575359869.934:25): pid=8786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.788168][ T25] audit: type=1800 audit(1575359869.934:26): pid=8786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.808739][ T25] audit: type=1800 audit(1575359869.944:27): pid=8786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.002996][ T8940] ================================================================== [ 68.003035][ T8940] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 [ 68.003042][ T8940] Read of size 2 at addr ffff88821915d2c0 by task syz-executor138/8940 [ 68.003044][ T8940] [ 68.003054][ T8940] CPU: 0 PID: 8940 Comm: syz-executor138 Not tainted 5.4.0-syzkaller #0 [ 68.003058][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.003061][ T8940] Call Trace: [ 68.003074][ T8940] dump_stack+0x197/0x210 [ 68.003082][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003094][ T8940] print_address_description.constprop.0.cold+0xd4/0x30b [ 68.003101][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003108][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003116][ T8940] __kasan_report.cold+0x1b/0x41 [ 68.003126][ T8940] ? vcs_write+0x460/0xcf0 [ 68.003132][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003141][ T8940] kasan_report+0x12/0x20 [ 68.003150][ T8940] __asan_report_load2_noabort+0x14/0x20 [ 68.003157][ T8940] vcs_scr_readw+0xc2/0xd0 [ 68.003165][ T8940] vcs_write+0x646/0xcf0 [ 68.003180][ T8940] ? vcs_size+0x250/0x250 [ 68.003192][ T8940] ? apparmor_file_permission+0x25/0x30 [ 68.003202][ T8940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.003212][ T8940] ? security_file_permission+0x8f/0x380 [ 68.003221][ T8940] ? trace_hardirqs_on+0x67/0x240 [ 68.003231][ T8940] __vfs_write+0x8a/0x110 [ 68.003237][ T8940] ? vcs_size+0x250/0x250 [ 68.003253][ T8940] vfs_write+0x268/0x5d0 [ 68.003263][ T8940] ksys_write+0x14f/0x290 [ 68.003272][ T8940] ? __ia32_sys_read+0xb0/0xb0 [ 68.003283][ T8940] ? do_syscall_64+0x26/0x790 [ 68.003293][ T8940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.003300][ T8940] ? do_syscall_64+0x26/0x790 [ 68.003310][ T8940] __x64_sys_write+0x73/0xb0 [ 68.003319][ T8940] do_syscall_64+0xfa/0x790 [ 68.003330][ T8940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.003337][ T8940] RIP: 0033:0x444399 [ 68.003344][ T8940] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.003349][ T8940] RSP: 002b:00007ffc1cc32918 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.003358][ T8940] RAX: ffffffffffffffda RBX: 00007ffc1cc32920 RCX: 0000000000444399 [ 68.003362][ T8940] RDX: 00000000fffffecb RSI: 0000000020000300 RDI: 0000000000000003 [ 68.003367][ T8940] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400c60 [ 68.003372][ T8940] R10: 00007ffc1cc32460 R11: 0000000000000246 R12: 00000000004020a0 [ 68.003376][ T8940] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 68.003387][ T8940] [ 68.003391][ T8940] Allocated by task 1: [ 68.003397][ T8940] save_stack+0x23/0x90 [ 68.003404][ T8940] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 68.003410][ T8940] kasan_kmalloc+0x9/0x10 [ 68.003418][ T8940] __kmalloc+0x163/0x770 [ 68.003424][ T8940] vc_do_resize+0x262/0x1460 [ 68.003430][ T8940] vc_resize+0x4d/0x60 [ 68.003440][ T8940] fbcon_init+0x122d/0x1a90 [ 68.003446][ T8940] visual_init+0x30a/0x5e0 [ 68.003452][ T8940] do_bind_con_driver+0x54c/0x8b0 [ 68.003458][ T8940] do_take_over_console+0x449/0x5a0 [ 68.003465][ T8940] do_fbcon_takeover+0x116/0x220 [ 68.003473][ T8940] fbcon_fb_registered+0x275/0x340 [ 68.003480][ T8940] register_framebuffer+0x5c3/0xa10 [ 68.003488][ T8940] vga16fb_probe+0x711/0x825 [ 68.003497][ T8940] platform_drv_probe+0x8d/0x140 [ 68.003504][ T8940] really_probe+0x291/0x710 [ 68.003511][ T8940] driver_probe_device+0x110/0x220 [ 68.003518][ T8940] __device_attach_driver+0x1c9/0x230 [ 68.003524][ T8940] bus_for_each_drv+0x172/0x1f0 [ 68.003530][ T8940] __device_attach+0x237/0x390 [ 68.003537][ T8940] device_initial_probe+0x1b/0x20 [ 68.003543][ T8940] bus_probe_device+0x1f1/0x2a0 [ 68.003552][ T8940] device_add+0x14fe/0x1d00 [ 68.003559][ T8940] platform_device_add+0x34d/0x6c0 [ 68.003568][ T8940] vga16fb_init+0x15f/0x1d6 [ 68.003575][ T8940] do_one_initcall+0x120/0x81a [ 68.003584][ T8940] kernel_init_freeable+0x4ca/0x5b9 [ 68.003591][ T8940] kernel_init+0x12/0x1bf [ 68.003598][ T8940] ret_from_fork+0x24/0x30 [ 68.003600][ T8940] [ 68.003603][ T8940] Freed by task 0: [ 68.003606][ T8940] (stack is not available) [ 68.003608][ T8940] [ 68.003614][ T8940] The buggy address belongs to the object at ffff88821915c000 [ 68.003614][ T8940] which belongs to the cache kmalloc-8k of size 8192 [ 68.003620][ T8940] The buggy address is located 4800 bytes inside of [ 68.003620][ T8940] 8192-byte region [ffff88821915c000, ffff88821915e000) [ 68.003623][ T8940] The buggy address belongs to the page: [ 68.003632][ T8940] page:ffffea0008645700 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 68.003642][ T8940] raw: 057ffe0000010200 ffffea0008644408 ffffea0008611008 ffff8880aa4021c0 [ 68.003651][ T8940] raw: 0000000000000000 ffff88821915c000 0000000100000001 0000000000000000 [ 68.003655][ T8940] page dumped because: kasan: bad access detected [ 68.003657][ T8940] [ 68.003659][ T8940] Memory state around the buggy address: [ 68.003665][ T8940] ffff88821915d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.003671][ T8940] ffff88821915d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.003677][ T8940] >ffff88821915d280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 68.003680][ T8940] ^ [ 68.003686][ T8940] ffff88821915d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.003692][ T8940] ffff88821915d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.003695][ T8940] ================================================================== [ 68.003697][ T8940] Disabling lock debugging due to kernel taint [ 68.003701][ T8940] Kernel panic - not syncing: panic_on_warn set ... [ 68.003709][ T8940] CPU: 0 PID: 8940 Comm: syz-executor138 Tainted: G B 5.4.0-syzkaller #0 [ 68.003713][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.003715][ T8940] Call Trace: [ 68.003723][ T8940] dump_stack+0x197/0x210 [ 68.003731][ T8940] panic+0x2e3/0x75c [ 68.003738][ T8940] ? add_taint.cold+0x16/0x16 [ 68.003748][ T8940] ? trace_hardirqs_on+0x67/0x240 [ 68.003755][ T8940] ? trace_hardirqs_on+0x5e/0x240 [ 68.003762][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003768][ T8940] end_report+0x47/0x4f [ 68.003774][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003781][ T8940] __kasan_report.cold+0xe/0x41 [ 68.003788][ T8940] ? vcs_write+0x460/0xcf0 [ 68.003794][ T8940] ? vcs_scr_readw+0xc2/0xd0 [ 68.003801][ T8940] kasan_report+0x12/0x20 [ 68.003808][ T8940] __asan_report_load2_noabort+0x14/0x20 [ 68.003815][ T8940] vcs_scr_readw+0xc2/0xd0 [ 68.003822][ T8940] vcs_write+0x646/0xcf0 [ 68.003832][ T8940] ? vcs_size+0x250/0x250 [ 68.003840][ T8940] ? apparmor_file_permission+0x25/0x30 [ 68.003847][ T8940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.003855][ T8940] ? security_file_permission+0x8f/0x380 [ 68.003862][ T8940] ? trace_hardirqs_on+0x67/0x240 [ 68.003869][ T8940] __vfs_write+0x8a/0x110 [ 68.003876][ T8940] ? vcs_size+0x250/0x250 [ 68.003883][ T8940] vfs_write+0x268/0x5d0 [ 68.003890][ T8940] ksys_write+0x14f/0x290 [ 68.003897][ T8940] ? __ia32_sys_read+0xb0/0xb0 [ 68.003905][ T8940] ? do_syscall_64+0x26/0x790 [ 68.003913][ T8940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.003920][ T8940] ? do_syscall_64+0x26/0x790 [ 68.003927][ T8940] __x64_sys_write+0x73/0xb0 [ 68.003935][ T8940] do_syscall_64+0xfa/0x790 [ 68.003944][ T8940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.003948][ T8940] RIP: 0033:0x444399 [ 68.003955][ T8940] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.003958][ T8940] RSP: 002b:00007ffc1cc32918 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.003965][ T8940] RAX: ffffffffffffffda RBX: 00007ffc1cc32920 RCX: 0000000000444399 [ 68.003970][ T8940] RDX: 00000000fffffecb RSI: 0000000020000300 RDI: 0000000000000003 [ 68.003974][ T8940] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400c60 [ 68.003978][ T8940] R10: 00007ffc1cc32460 R11: 0000000000000246 R12: 00000000004020a0 [ 68.003982][ T8940] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 68.005507][ T8940] Kernel Offset: disabled [ 68.805241][ T8940] Rebooting in 86400 seconds..