Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts.
[   53.071625] audit: type=1400 audit(1576381389.423:36): avc:  denied  { map } for  pid=7796 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/12/15 03:43:09 parsed 1 programs
[   54.626862] audit: type=1400 audit(1576381390.983:37): avc:  denied  { map } for  pid=7796 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=17070 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/12/15 03:43:11 executed programs: 0
[   54.809297] IPVS: ftp: loaded support on port[0] = 21
[   54.869724] chnl_net:caif_netlink_parms(): no params data found
[   54.902533] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.909716] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.917571] device bridge_slave_0 entered promiscuous mode
[   54.925915] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.932324] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.939698] device bridge_slave_1 entered promiscuous mode
[   54.955550] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   54.964813] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   54.981530] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   54.989459] team0: Port device team_slave_0 added
[   54.995445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   55.002752] team0: Port device team_slave_1 added
[   55.010260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   55.017859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   55.076714] device hsr_slave_0 entered promiscuous mode
[   55.114687] device hsr_slave_1 entered promiscuous mode
[   55.155344] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   55.162713] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   55.178652] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.185192] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.192062] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.198504] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.231515] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   55.238957] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.248366] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   55.257781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.277092] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.284742] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.292119] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   55.303786] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   55.310339] 8021q: adding VLAN 0 to HW filter on device team0
[   55.319723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.327414] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.333745] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.343217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.352925] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.359487] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.375570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.390712] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.401022] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.412002] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   55.419606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.427188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.435393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.443029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.450633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.462866] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   55.475314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.486276] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   55.493014] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   55.500883] audit: type=1400 audit(1576381391.863:38): avc:  denied  { associate } for  pid=7812 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2019/12/15 03:43:16 executed programs: 125
[   59.885743] ==================================================================
[   59.885772] BUG: KASAN: use-after-free in fbcon_cursor+0x686/0x7b0
[   59.885779] Read of size 2 at addr ffff88809fedd44c by task syz-executor.0/8323
[   59.885781] 
[   59.885791] CPU: 0 PID: 8323 Comm: syz-executor.0 Not tainted 4.19.89-syzkaller #0
[   59.885796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.885798] Call Trace:
[   59.885811]  dump_stack+0x197/0x210
[   59.885820]  ? fbcon_cursor+0x686/0x7b0
[   59.885832]  print_address_description.cold+0x7c/0x20d
[   59.885840]  ? fbcon_cursor+0x686/0x7b0
[   59.885848]  kasan_report.cold+0x8c/0x2ba
[   59.885859]  __asan_report_load2_noabort+0x14/0x20
[   59.885866]  fbcon_cursor+0x686/0x7b0
[   59.885877]  fbcon_scrolldelta+0x675/0x1330
[   59.885887]  ? mark_held_locks+0xb1/0x100
[   59.885895]  ? kfree+0x170/0x220
[   59.885904]  ? vc_do_resize+0xa69/0x14a0
[   59.885911]  ? kfree+0x170/0x220
[   59.885919]  ? lockdep_hardirqs_on+0x415/0x5d0
[   59.885929]  fbcon_set_origin+0x43/0x50
[   59.885936]  ? fbcon_scrolldelta+0x1330/0x1330
[   59.885943]  set_origin+0x341/0x440
[   59.885952]  vc_do_resize+0xacc/0x14a0
[   59.885969]  ? vc_uniscr_alloc+0xd0/0xd0
[   59.885979]  ? lock_acquire+0x16f/0x3f0
[   59.885987]  ? vt_ioctl+0x1414/0x2530
[   59.885998]  vc_resize+0x4d/0x60
[   59.886006]  vt_ioctl+0x146c/0x2530
[   59.886016]  ? complete_change_console+0x3a0/0x3a0
[   59.886027]  ? avc_has_extended_perms+0xa78/0x10f0
[   59.886040]  ? avc_ss_reset+0x190/0x190
[   59.886049]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   59.886060]  ? tty_jobctrl_ioctl+0x50/0xcd0
[   59.886068]  ? complete_change_console+0x3a0/0x3a0
[   59.886076]  tty_ioctl+0x7f3/0x1510
[   59.886085]  ? tty_vhangup+0x30/0x30
[   59.886093]  ? mark_held_locks+0x100/0x100
[   59.886108]  ? __fget+0x340/0x540
[   59.886122]  ? __might_sleep+0x95/0x190
[   59.886129]  ? tty_vhangup+0x30/0x30
[   59.886138]  do_vfs_ioctl+0xd5f/0x1380
[   59.886147]  ? selinux_file_ioctl+0x46f/0x5e0
[   59.886154]  ? selinux_file_ioctl+0x125/0x5e0
[   59.886163]  ? ioctl_preallocate+0x210/0x210
[   59.886170]  ? selinux_file_mprotect+0x620/0x620
[   59.886182]  ? iterate_fd+0x360/0x360
[   59.886190]  ? nsecs_to_jiffies+0x30/0x30
[   59.886206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.886217]  ? security_file_ioctl+0x8d/0xc0
[   59.886232]  ksys_ioctl+0xab/0xd0
[   59.886248]  __x64_sys_ioctl+0x73/0xb0
[   59.886264]  do_syscall_64+0xfd/0x620
[   59.886282]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.886297] RIP: 0033:0x45a909
[   59.886307] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   59.886312] RSP: 002b:00007f77cb9d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   59.886320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a909
[   59.886324] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000003
[   59.886329] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   59.886334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77cb9d46d4
[   59.886338] R13: 00000000004c7009 R14: 00000000004dd670 R15: 00000000ffffffff
[   59.886349] 
[   59.886352] Allocated by task 7820:
[   59.886360]  save_stack+0x45/0xd0
[   59.886367]  kasan_kmalloc+0xce/0xf0
[   59.886373]  __kmalloc+0x15d/0x750
[   59.886379]  vc_do_resize+0x262/0x14a0
[   59.886385]  vc_resize+0x4d/0x60
[   59.886392]  vt_ioctl+0x146c/0x2530
[   59.886398]  tty_ioctl+0x7f3/0x1510
[   59.886404]  do_vfs_ioctl+0xd5f/0x1380
[   59.886410]  ksys_ioctl+0xab/0xd0
[   59.886417]  __x64_sys_ioctl+0x73/0xb0
[   59.886424]  do_syscall_64+0xfd/0x620
[   59.886431]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.886433] 
[   59.886436] Freed by task 8323:
[   59.886443]  save_stack+0x45/0xd0
[   59.886450]  __kasan_slab_free+0x102/0x150
[   59.886457]  kasan_slab_free+0xe/0x10
[   59.886463]  kfree+0xcf/0x220
[   59.886469]  vc_do_resize+0xa69/0x14a0
[   59.886475]  vc_resize+0x4d/0x60
[   59.886482]  vt_ioctl+0x146c/0x2530
[   59.886488]  tty_ioctl+0x7f3/0x1510
[   59.886494]  do_vfs_ioctl+0xd5f/0x1380
[   59.886500]  ksys_ioctl+0xab/0xd0
[   59.886506]  __x64_sys_ioctl+0x73/0xb0
[   59.886514]  do_syscall_64+0xfd/0x620
[   59.886521]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.886523] 
[   59.886528] The buggy address belongs to the object at ffff88809fedd440
[   59.886528]  which belongs to the cache kmalloc-32 of size 32
[   59.886535] The buggy address is located 12 bytes inside of
[   59.886535]  32-byte region [ffff88809fedd440, ffff88809fedd460)
[   59.886537] The buggy address belongs to the page:
[   59.886545] page:ffffea00027fb740 count:1 mapcount:0 mapping:ffff88812c31c1c0 index:0xffff88809feddfc1
[   59.886552] flags: 0xfffe0000000100(slab)
[   59.886563] raw: 00fffe0000000100 ffffea0002818d48 ffffea00027f48c8 ffff88812c31c1c0
[   59.886571] raw: ffff88809feddfc1 ffff88809fedd000 000000010000003f 0000000000000000
[   59.886575] page dumped because: kasan: bad access detected
[   59.886577] 
[   59.886579] Memory state around the buggy address:
[   59.886585]  ffff88809fedd300: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[   59.886591]  ffff88809fedd380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   59.886597] >ffff88809fedd400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   59.886600]                                               ^
[   59.886606]  ffff88809fedd480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   59.886611]  ffff88809fedd500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   59.886614] ==================================================================
[   59.886617] Disabling lock debugging due to kernel taint
[   59.886621] Kernel panic - not syncing: panic_on_warn set ...
[   59.886621] 
[   59.886629] CPU: 0 PID: 8323 Comm: syz-executor.0 Tainted: G    B             4.19.89-syzkaller #0
[   59.886633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.886635] Call Trace:
[   59.886643]  dump_stack+0x197/0x210
[   59.886651]  ? fbcon_cursor+0x686/0x7b0
[   59.886658]  panic+0x26a/0x50e
[   59.886664]  ? __warn_printk+0xf3/0xf3
[   59.886673]  ? lock_downgrade+0x880/0x880
[   59.886684]  ? trace_hardirqs_on+0x67/0x220
[   59.886691]  ? trace_hardirqs_on+0x5e/0x220
[   59.886699]  ? fbcon_cursor+0x686/0x7b0
[   59.886707]  kasan_end_report+0x47/0x4f
[   59.886715]  kasan_report.cold+0xa9/0x2ba
[   59.886725]  __asan_report_load2_noabort+0x14/0x20
[   59.886731]  fbcon_cursor+0x686/0x7b0
[   59.886740]  fbcon_scrolldelta+0x675/0x1330
[   59.886748]  ? mark_held_locks+0xb1/0x100
[   59.886754]  ? kfree+0x170/0x220
[   59.886761]  ? vc_do_resize+0xa69/0x14a0
[   59.886767]  ? kfree+0x170/0x220
[   59.886775]  ? lockdep_hardirqs_on+0x415/0x5d0
[   59.886783]  fbcon_set_origin+0x43/0x50
[   59.886790]  ? fbcon_scrolldelta+0x1330/0x1330
[   59.886797]  set_origin+0x341/0x440
[   59.886805]  vc_do_resize+0xacc/0x14a0
[   59.886817]  ? vc_uniscr_alloc+0xd0/0xd0
[   59.886825]  ? lock_acquire+0x16f/0x3f0
[   59.886832]  ? vt_ioctl+0x1414/0x2530
[   59.886841]  vc_resize+0x4d/0x60
[   59.886849]  vt_ioctl+0x146c/0x2530
[   59.886857]  ? complete_change_console+0x3a0/0x3a0
[   59.886866]  ? avc_has_extended_perms+0xa78/0x10f0
[   59.886876]  ? avc_ss_reset+0x190/0x190
[   59.886884]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   59.886892]  ? tty_jobctrl_ioctl+0x50/0xcd0
[   59.886900]  ? complete_change_console+0x3a0/0x3a0
[   59.886907]  tty_ioctl+0x7f3/0x1510
[   59.886915]  ? tty_vhangup+0x30/0x30
[   59.886922]  ? mark_held_locks+0x100/0x100
[   59.886931]  ? __fget+0x340/0x540
[   59.886941]  ? __might_sleep+0x95/0x190
[   59.886948]  ? tty_vhangup+0x30/0x30
[   59.886956]  do_vfs_ioctl+0xd5f/0x1380
[   59.886964]  ? selinux_file_ioctl+0x46f/0x5e0
[   59.886971]  ? selinux_file_ioctl+0x125/0x5e0
[   59.886979]  ? ioctl_preallocate+0x210/0x210
[   59.886987]  ? selinux_file_mprotect+0x620/0x620
[   59.886996]  ? iterate_fd+0x360/0x360
[   59.887002]  ? nsecs_to_jiffies+0x30/0x30
[   59.887012]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.887020]  ? security_file_ioctl+0x8d/0xc0
[   59.887027]  ksys_ioctl+0xab/0xd0
[   59.887036]  __x64_sys_ioctl+0x73/0xb0
[   59.887044]  do_syscall_64+0xfd/0x620
[   59.887054]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.887058] RIP: 0033:0x45a909
[   59.887065] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   59.887069] RSP: 002b:00007f77cb9d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   59.887075] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a909
[   59.887080] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000003
[   59.887084] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   59.887088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77cb9d46d4
[   59.887092] R13: 00000000004c7009 R14: 00000000004dd670 R15: 00000000ffffffff
[   59.888633] Kernel Offset: disabled