[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   40.243026] audit: type=1800 audit(1575353204.902:33): pid=7480 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.698822] kauditd_printk_skb: 1 callbacks suppressed
[   44.698835] audit: type=1400 audit(1575353209.352:35): avc:  denied  { map } for  pid=7658 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts.
executing program
[   51.483917] audit: type=1400 audit(1575353216.142:36): avc:  denied  { map } for  pid=7670 comm="syz-executor473" path="/root/syz-executor473333360" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   51.510969] ==================================================================
[   51.510997] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0
[   51.511004] Read of size 2 at addr ffff888095f0a500 by task syz-executor473/7670
[   51.511006] 
[   51.511016] CPU: 0 PID: 7670 Comm: syz-executor473 Not tainted 4.19.87-syzkaller #0
[   51.511021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.511024] Call Trace:
[   51.511035]  dump_stack+0x197/0x210
[   51.511044]  ? vcs_scr_readw+0xc2/0xd0
[   51.511056]  print_address_description.cold+0x7c/0x20d
[   51.511064]  ? vcs_scr_readw+0xc2/0xd0
[   51.511072]  kasan_report.cold+0x8c/0x2ba
[   51.511083]  __asan_report_load2_noabort+0x14/0x20
[   51.511089]  vcs_scr_readw+0xc2/0xd0
[   51.511098]  vcs_write+0x646/0xcf0
[   51.511105]  ? save_stack+0xa9/0xd0
[   51.511113]  ? __kasan_slab_free+0x102/0x150
[   51.511125]  ? vcs_size+0x240/0x240
[   51.511135]  ? find_held_lock+0x35/0x130
[   51.511150]  __vfs_write+0x114/0x810
[   51.511157]  ? vcs_size+0x240/0x240
[   51.511165]  ? kernel_read+0x120/0x120
[   51.511175]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   51.511184]  ? __inode_security_revalidate+0xda/0x120
[   51.511194]  ? avc_policy_seqno+0xd/0x70
[   51.511200]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   51.511208]  ? selinux_file_permission+0x92/0x550
[   51.511218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.511225]  ? security_file_permission+0x89/0x230
[   51.511234]  ? rw_verify_area+0x118/0x360
[   51.511250]  vfs_write+0x20c/0x560
[   51.511261]  ksys_write+0x14f/0x2d0
[   51.511270]  ? __ia32_sys_read+0xb0/0xb0
[   51.511281]  ? do_syscall_64+0x26/0x620
[   51.511289]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.511297]  ? do_syscall_64+0x26/0x620
[   51.511307]  __x64_sys_write+0x73/0xb0
[   51.511316]  do_syscall_64+0xfd/0x620
[   51.511325]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.511332] RIP: 0033:0x443e49
[   51.511340] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.511344] RSP: 002b:00007ffe7e575428 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   51.511352] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e49
[   51.511357] RDX: 0000000000001010 RSI: 0000000020006480 RDI: 0000000000000003
[   51.511362] RBP: 00000000006cf018 R08: 0000f8ff00000000 R09: 00000000004002e0
[   51.511366] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000401b50
[   51.511371] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   51.511382] 
[   51.511386] Allocated by task 7645:
[   51.511394]  save_stack+0x45/0xd0
[   51.511400]  kasan_kmalloc+0xce/0xf0
[   51.511406]  __kmalloc+0x15d/0x750
[   51.511412]  vc_allocate+0x3f5/0x760
[   51.511418]  con_install+0x52/0x410
[   51.511424]  tty_init_dev+0xf7/0x460
[   51.511429]  tty_open+0x4bf/0xb70
[   51.511436]  chrdev_open+0x245/0x6b0
[   51.511442]  do_dentry_open+0x4c3/0x1210
[   51.511447]  vfs_open+0xa0/0xd0
[   51.511455]  path_openat+0x10d7/0x45e0
[   51.511461]  do_filp_open+0x1a1/0x280
[   51.511466]  do_sys_open+0x3fe/0x550
[   51.511472]  __x64_sys_open+0x7e/0xc0
[   51.511479]  do_syscall_64+0xfd/0x620
[   51.511486]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.511488] 
[   51.511491] Freed by task 0:
[   51.511493] (stack is not available)
[   51.511495] 
[   51.511500] The buggy address belongs to the object at ffff888095f09240
[   51.511500]  which belongs to the cache kmalloc-8192 of size 8192
[   51.511507] The buggy address is located 4800 bytes inside of
[   51.511507]  8192-byte region [ffff888095f09240, ffff888095f0b240)
[   51.511510] The buggy address belongs to the page:
[   51.511518] page:ffffea000257c200 count:1 mapcount:0 mapping:ffff88812c315080 index:0x0 compound_mapcount: 0
[   51.511526] flags: 0xfffe0000008100(slab|head)
[   51.511537] raw: 00fffe0000008100 ffffea0002488a08 ffffea0002518508 ffff88812c315080
[   51.511545] raw: 0000000000000000 ffff888095f09240 0000000100000001 0000000000000000
[   51.511548] page dumped because: kasan: bad access detected
[   51.511551] 
[   51.511553] Memory state around the buggy address:
[   51.511559]  ffff888095f0a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.511565]  ffff888095f0a480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.511571] >ffff888095f0a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.511573]                    ^
[   51.511579]  ffff888095f0a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.511584]  ffff888095f0a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.511588] ==================================================================
[   51.511590] Disabling lock debugging due to kernel taint
[   51.511594] Kernel panic - not syncing: panic_on_warn set ...
[   51.511594] 
[   51.511602] CPU: 0 PID: 7670 Comm: syz-executor473 Tainted: G    B             4.19.87-syzkaller #0
[   51.511606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.511608] Call Trace:
[   51.511615]  dump_stack+0x197/0x210
[   51.511622]  ? vcs_scr_readw+0xc2/0xd0
[   51.511629]  panic+0x26a/0x50e
[   51.511635]  ? __warn_printk+0xf3/0xf3
[   51.511644]  ? lock_downgrade+0x880/0x880
[   51.511653]  ? trace_hardirqs_on+0x67/0x220
[   51.511659]  ? trace_hardirqs_on+0x5e/0x220
[   51.511666]  ? vcs_scr_readw+0xc2/0xd0
[   51.511674]  kasan_end_report+0x47/0x4f
[   51.511681]  kasan_report.cold+0xa9/0x2ba
[   51.511690]  __asan_report_load2_noabort+0x14/0x20
[   51.511696]  vcs_scr_readw+0xc2/0xd0
[   51.511702]  vcs_write+0x646/0xcf0
[   51.511708]  ? save_stack+0xa9/0xd0
[   51.511716]  ? __kasan_slab_free+0x102/0x150
[   51.511725]  ? vcs_size+0x240/0x240
[   51.511732]  ? find_held_lock+0x35/0x130
[   51.511741]  __vfs_write+0x114/0x810
[   51.511747]  ? vcs_size+0x240/0x240
[   51.511754]  ? kernel_read+0x120/0x120
[   51.511761]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   51.511768]  ? __inode_security_revalidate+0xda/0x120
[   51.511776]  ? avc_policy_seqno+0xd/0x70
[   51.511782]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   51.511789]  ? selinux_file_permission+0x92/0x550
[   51.511797]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.511803]  ? security_file_permission+0x89/0x230
[   51.511811]  ? rw_verify_area+0x118/0x360
[   51.511818]  vfs_write+0x20c/0x560
[   51.511826]  ksys_write+0x14f/0x2d0
[   51.511834]  ? __ia32_sys_read+0xb0/0xb0
[   51.511842]  ? do_syscall_64+0x26/0x620
[   51.511848]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.511855]  ? do_syscall_64+0x26/0x620
[   51.511863]  __x64_sys_write+0x73/0xb0
[   51.511871]  do_syscall_64+0xfd/0x620
[   51.511879]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.511883] RIP: 0033:0x443e49
[   51.511890] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.511893] RSP: 002b:00007ffe7e575428 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   51.511900] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e49
[   51.511904] RDX: 0000000000001010 RSI: 0000000020006480 RDI: 0000000000000003
[   51.511908] RBP: 00000000006cf018 R08: 0000f8ff00000000 R09: 00000000004002e0
[   51.511912] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000401b50
[   51.511916] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   51.513468] Kernel Offset: disabled
[   52.213393] Rebooting in 86400 seconds..