[   43.003358] audit: type=1800 audit(1575349599.320:31): pid=7619 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   48.035883] kauditd_printk_skb: 3 callbacks suppressed
[   48.035898] audit: type=1400 audit(1575349604.360:35): avc:  denied  { map } for  pid=7796 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
executing program
[   54.661875] audit: type=1400 audit(1575349610.980:36): avc:  denied  { map } for  pid=7808 comm="syz-executor100" path="/root/syz-executor100446347" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   54.689719] ==================================================================
[   54.689753] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0
[   54.689761] Read of size 2 at addr ffff8882197613c0 by task syz-executor100/7808
[   54.689763] 
[   54.689775] CPU: 1 PID: 7808 Comm: syz-executor100 Not tainted 4.19.87-syzkaller #0
[   54.689781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.689785] Call Trace:
[   54.689799]  dump_stack+0x197/0x210
[   54.689808]  ? vcs_scr_readw+0xc2/0xd0
[   54.689823]  print_address_description.cold+0x7c/0x20d
[   54.689831]  ? vcs_scr_readw+0xc2/0xd0
[   54.689839]  kasan_report.cold+0x8c/0x2ba
[   54.689850]  __asan_report_load2_noabort+0x14/0x20
[   54.689857]  vcs_scr_readw+0xc2/0xd0
[   54.689867]  vcs_write+0x646/0xcf0
[   54.689874]  ? save_stack+0xa9/0xd0
[   54.689932]  ? __kasan_slab_free+0x102/0x150
[   54.689945]  ? vcs_size+0x240/0x240
[   54.689956]  ? find_held_lock+0x35/0x130
[   54.689971]  __vfs_write+0x114/0x810
[   54.689978]  ? vcs_size+0x240/0x240
[   54.689987]  ? kernel_read+0x120/0x120
[   54.689997]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   54.690007]  ? __inode_security_revalidate+0xda/0x120
[   54.690017]  ? avc_policy_seqno+0xd/0x70
[   54.690024]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   54.690032]  ? selinux_file_permission+0x92/0x550
[   54.690042]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.690049]  ? security_file_permission+0x89/0x230
[   54.690059]  ? rw_verify_area+0x118/0x360
[   54.690068]  vfs_write+0x20c/0x560
[   54.690078]  ksys_write+0x14f/0x2d0
[   54.690088]  ? __ia32_sys_read+0xb0/0xb0
[   54.690100]  ? do_syscall_64+0x26/0x620
[   54.690110]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.690117]  ? do_syscall_64+0x26/0x620
[   54.690127]  __x64_sys_write+0x73/0xb0
[   54.690136]  do_syscall_64+0xfd/0x620
[   54.690148]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.690156] RIP: 0033:0x444399
[   54.690166] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.690171] RSP: 002b:00007ffdd9ba9e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   54.690180] RAX: ffffffffffffffda RBX: 00007ffdd9ba9e20 RCX: 0000000000444399
[   54.690184] RDX: 00000000fffffecb RSI: 0000000020000300 RDI: 0000000000000003
[   54.690189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400c60
[   54.690193] R10: 00007ffdd9ba9960 R11: 0000000000000246 R12: 00000000004020a0
[   54.690197] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   54.690208] 
[   54.690212] Allocated by task 1:
[   54.690221]  save_stack+0x45/0xd0
[   54.690227]  kasan_kmalloc+0xce/0xf0
[   54.690233]  __kmalloc+0x15d/0x750
[   54.690239]  vc_do_resize+0x262/0x14a0
[   54.690246]  vc_resize+0x4d/0x60
[   54.690256]  fbcon_init+0x1062/0x1b00
[   54.690278]  visual_init+0x337/0x620
[   54.690285]  do_bind_con_driver+0x549/0x8c0
[   54.690293]  do_take_over_console+0x449/0x590
[   54.690299]  do_fbcon_takeover+0x116/0x220
[   54.690305]  fbcon_event_notify+0x1786/0x1dba
[   54.690315]  notifier_call_chain+0xc2/0x230
[   54.690323]  blocking_notifier_call_chain+0x94/0xb0
[   54.690333]  fb_notifier_call_chain+0x25/0x30
[   54.690340]  register_framebuffer+0x61d/0xa70
[   54.690348]  vga16fb_probe+0x711/0x825
[   54.690357]  platform_drv_probe+0x93/0x160
[   54.690363]  really_probe+0x4a0/0x650
[   54.690370]  driver_probe_device+0x103/0x1b0
[   54.690376]  __device_attach_driver+0x225/0x290
[   54.690385]  bus_for_each_drv+0x16c/0x1f0
[   54.690391]  __device_attach+0x237/0x350
[   54.690397]  device_initial_probe+0x1b/0x20
[   54.690402]  bus_probe_device+0x1f7/0x2a0
[   54.690409]  device_add+0xb42/0x1760
[   54.690423]  platform_device_add+0x366/0x6f0
[   54.690435]  vga16fb_init+0x15f/0x1d6
[   54.690442]  do_one_initcall+0x107/0x78c
[   54.690450]  kernel_init_freeable+0x4d4/0x5c8
[   54.690457]  kernel_init+0x12/0x1c2
[   54.690462]  ret_from_fork+0x24/0x30
[   54.690464] 
[   54.690468] Freed by task 0:
[   54.690470] (stack is not available)
[   54.690472] 
[   54.690478] The buggy address belongs to the object at ffff888219760100
[   54.690478]  which belongs to the cache kmalloc-8192 of size 8192
[   54.690485] The buggy address is located 4800 bytes inside of
[   54.690485]  8192-byte region [ffff888219760100, ffff888219762100)
[   54.690487] The buggy address belongs to the page:
[   54.690496] page:ffffea000865d800 count:1 mapcount:0 mapping:ffff88812c315080 index:0x0 compound_mapcount: 0
[   54.690505] flags: 0x57ffe0000008100(slab|head)
[   54.690517] raw: 057ffe0000008100 ffffea0008688008 ffffea0008628808 ffff88812c315080
[   54.690526] raw: 0000000000000000 ffff888219760100 0000000100000001 0000000000000000
[   54.690529] page dumped because: kasan: bad access detected
[   54.690531] 
[   54.690534] Memory state around the buggy address:
[   54.690540]  ffff888219761280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.690546]  ffff888219761300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.690552] >ffff888219761380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   54.690555]                                            ^
[   54.690561]  ffff888219761400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.690567]  ffff888219761480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.690570] ==================================================================
[   54.690573] Disabling lock debugging due to kernel taint
[   54.690578] Kernel panic - not syncing: panic_on_warn set ...
[   54.690578] 
[   54.690586] CPU: 1 PID: 7808 Comm: syz-executor100 Tainted: G    B             4.19.87-syzkaller #0
[   54.690590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.690592] Call Trace:
[   54.690599]  dump_stack+0x197/0x210
[   54.690606]  ? vcs_scr_readw+0xc2/0xd0
[   54.690613]  panic+0x26a/0x50e
[   54.690619]  ? __warn_printk+0xf3/0xf3
[   54.690628]  ? lock_downgrade+0x880/0x880
[   54.690638]  ? trace_hardirqs_on+0x67/0x220
[   54.690645]  ? trace_hardirqs_on+0x5e/0x220
[   54.690655]  ? vcs_scr_readw+0xc2/0xd0
[   54.690662]  kasan_end_report+0x47/0x4f
[   54.690669]  kasan_report.cold+0xa9/0x2ba
[   54.690678]  __asan_report_load2_noabort+0x14/0x20
[   54.690684]  vcs_scr_readw+0xc2/0xd0
[   54.690691]  vcs_write+0x646/0xcf0
[   54.690697]  ? save_stack+0xa9/0xd0
[   54.690704]  ? __kasan_slab_free+0x102/0x150
[   54.690713]  ? vcs_size+0x240/0x240
[   54.690720]  ? find_held_lock+0x35/0x130
[   54.690730]  __vfs_write+0x114/0x810
[   54.690736]  ? vcs_size+0x240/0x240
[   54.690743]  ? kernel_read+0x120/0x120
[   54.690751]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   54.690757]  ? __inode_security_revalidate+0xda/0x120
[   54.690765]  ? avc_policy_seqno+0xd/0x70
[   54.690771]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   54.690778]  ? selinux_file_permission+0x92/0x550
[   54.690786]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.690793]  ? security_file_permission+0x89/0x230
[   54.690801]  ? rw_verify_area+0x118/0x360
[   54.690808]  vfs_write+0x20c/0x560
[   54.690816]  ksys_write+0x14f/0x2d0
[   54.690824]  ? __ia32_sys_read+0xb0/0xb0
[   54.690831]  ? do_syscall_64+0x26/0x620
[   54.690838]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.690845]  ? do_syscall_64+0x26/0x620
[   54.690853]  __x64_sys_write+0x73/0xb0
[   54.690861]  do_syscall_64+0xfd/0x620
[   54.690869]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.690874] RIP: 0033:0x444399
[   54.690880] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.690890] RSP: 002b:00007ffdd9ba9e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   54.690897] RAX: ffffffffffffffda RBX: 00007ffdd9ba9e20 RCX: 0000000000444399
[   54.690901] RDX: 00000000fffffecb RSI: 0000000020000300 RDI: 0000000000000003
[   54.690905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000400c60
[   54.690909] R10: 00007ffdd9ba9960 R11: 0000000000000246 R12: 00000000004020a0
[   54.690913] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   54.692530] Kernel Offset: disabled
[   55.475573] Rebooting in 86400 seconds..