[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   79.510230][   T27] audit: type=1800 audit(1578455275.072:25): pid=9481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   79.530232][   T27] audit: type=1800 audit(1578455275.082:26): pid=9481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   79.552949][   T27] audit: type=1800 audit(1578455275.082:27): pid=9481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   89.485607][ T9636] ==================================================================
[   89.485649][ T9636] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x2b2/0x5e0
[   89.485657][ T9636] Read of size 32 at addr ffffffff88941480 by task syz-executor290/9636
[   89.485659][ T9636] 
[   89.485670][ T9636] CPU: 0 PID: 9636 Comm: syz-executor290 Not tainted 5.5.0-rc5-next-20200107-syzkaller #0
[   89.485675][ T9636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   89.485678][ T9636] Call Trace:
[   89.485689][ T9636]  dump_stack+0x197/0x210
[   89.485698][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.485712][ T9636]  print_address_description.constprop.0.cold+0x5/0x30b
[   89.485720][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.485729][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.485740][ T9636]  __kasan_report.cold+0x1b/0x32
[   89.485757][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.485774][ T9636]  kasan_report+0x12/0x20
[   89.485789][ T9636]  check_memory_region+0x134/0x1a0
[   89.485805][ T9636]  memcpy+0x24/0x50
[   89.485823][ T9636]  fbcon_get_font+0x2b2/0x5e0
[   89.485839][ T9636]  ? display_to_var+0x7e0/0x7e0
[   89.485849][ T9636]  con_font_op+0x20b/0x1270
[   89.485861][ T9636]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   89.485871][ T9636]  ? con_write+0xd0/0xd0
[   89.485879][ T9636]  ? cap_capable+0x205/0x270
[   89.485892][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.485901][ T9636]  ? security_capable+0x95/0xc0
[   89.485911][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.485922][ T9636]  ? ns_capable_common+0x93/0x100
[   89.485934][ T9636]  vt_ioctl+0xd2e/0x26d0
[   89.485944][ T9636]  ? complete_change_console+0x3a0/0x3a0
[   89.485956][ T9636]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   89.485968][ T9636]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   89.485977][ T9636]  ? tty_jobctrl_ioctl+0x50/0xd40
[   89.485986][ T9636]  ? complete_change_console+0x3a0/0x3a0
[   89.485996][ T9636]  tty_ioctl+0xa37/0x14f0
[   89.486005][ T9636]  ? tty_vhangup+0x30/0x30
[   89.486013][ T9636]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   89.486023][ T9636]  ? do_vfs_ioctl+0x11b/0x1350
[   89.486033][ T9636]  ? ioctl_file_clone+0x180/0x180
[   89.486041][ T9636]  ? file_open_root+0x5f0/0x5f0
[   89.486051][ T9636]  ? __kasan_check_write+0x14/0x20
[   89.486060][ T9636]  ? up_read+0x1cd/0x810
[   89.486073][ T9636]  ? tomoyo_file_ioctl+0x23/0x30
[   89.486082][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.486089][ T9636]  ? security_file_ioctl+0x8d/0xc0
[   89.486097][ T9636]  ? tty_vhangup+0x30/0x30
[   89.486106][ T9636]  ksys_ioctl+0x123/0x180
[   89.486116][ T9636]  __x64_sys_ioctl+0x73/0xb0
[   89.486126][ T9636]  do_syscall_64+0xfa/0x790
[   89.486138][ T9636]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.486144][ T9636] RIP: 0033:0x4412d9
[   89.486153][ T9636] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   89.486157][ T9636] RSP: 002b:00007ffe842f0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.486166][ T9636] RAX: ffffffffffffffda RBX: 00000000004a2487 RCX: 00000000004412d9
[   89.486171][ T9636] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004
[   89.486176][ T9636] RBP: 0000000000015d63 R08: 000000000000000d R09: 00000000004002c8
[   89.486181][ T9636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402100
[   89.486185][ T9636] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000
[   89.486196][ T9636] 
[   89.486199][ T9636] The buggy address belongs to the variable:
[   89.486207][ T9636]  fontdata_8x16+0x1000/0x1120
[   89.486209][ T9636] 
[   89.486211][ T9636] Memory state around the buggy address:
[   89.486219][ T9636]  ffffffff88941380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.486225][ T9636]  ffffffff88941400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.486231][ T9636] >ffffffff88941480: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   89.486234][ T9636]                    ^
[   89.486240][ T9636]  ffffffff88941500: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa
[   89.486246][ T9636]  ffffffff88941580: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[   89.486249][ T9636] ==================================================================
[   89.486252][ T9636] Disabling lock debugging due to kernel taint
[   89.486257][ T9636] Kernel panic - not syncing: panic_on_warn set ...
[   89.486265][ T9636] CPU: 0 PID: 9636 Comm: syz-executor290 Tainted: G    B             5.5.0-rc5-next-20200107-syzkaller #0
[   89.486269][ T9636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   89.486271][ T9636] Call Trace:
[   89.486278][ T9636]  dump_stack+0x197/0x210
[   89.486287][ T9636]  panic+0x2e3/0x75c
[   89.486295][ T9636]  ? add_taint.cold+0x16/0x16
[   89.486306][ T9636]  ? trace_hardirqs_on+0x67/0x240
[   89.486313][ T9636]  ? trace_hardirqs_on+0x5e/0x240
[   89.486322][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.486329][ T9636]  end_report+0x47/0x4f
[   89.486336][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.486343][ T9636]  __kasan_report.cold+0xe/0x32
[   89.486352][ T9636]  ? fbcon_get_font+0x2b2/0x5e0
[   89.486359][ T9636]  kasan_report+0x12/0x20
[   89.486367][ T9636]  check_memory_region+0x134/0x1a0
[   89.486374][ T9636]  memcpy+0x24/0x50
[   89.486382][ T9636]  fbcon_get_font+0x2b2/0x5e0
[   89.486391][ T9636]  ? display_to_var+0x7e0/0x7e0
[   89.486398][ T9636]  con_font_op+0x20b/0x1270
[   89.486407][ T9636]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   89.486415][ T9636]  ? con_write+0xd0/0xd0
[   89.486421][ T9636]  ? cap_capable+0x205/0x270
[   89.486430][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.486437][ T9636]  ? security_capable+0x95/0xc0
[   89.486446][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.486453][ T9636]  ? ns_capable_common+0x93/0x100
[   89.486462][ T9636]  vt_ioctl+0xd2e/0x26d0
[   89.486471][ T9636]  ? complete_change_console+0x3a0/0x3a0
[   89.486479][ T9636]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   89.486488][ T9636]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   89.486502][ T9636]  ? tty_jobctrl_ioctl+0x50/0xd40
[   89.486510][ T9636]  ? complete_change_console+0x3a0/0x3a0
[   89.486517][ T9636]  tty_ioctl+0xa37/0x14f0
[   89.486525][ T9636]  ? tty_vhangup+0x30/0x30
[   89.486533][ T9636]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   89.486539][ T9636]  ? do_vfs_ioctl+0x11b/0x1350
[   89.486548][ T9636]  ? ioctl_file_clone+0x180/0x180
[   89.486554][ T9636]  ? file_open_root+0x5f0/0x5f0
[   89.486562][ T9636]  ? __kasan_check_write+0x14/0x20
[   89.486569][ T9636]  ? up_read+0x1cd/0x810
[   89.486578][ T9636]  ? tomoyo_file_ioctl+0x23/0x30
[   89.486586][ T9636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   89.486592][ T9636]  ? security_file_ioctl+0x8d/0xc0
[   89.486599][ T9636]  ? tty_vhangup+0x30/0x30
[   89.486606][ T9636]  ksys_ioctl+0x123/0x180
[   89.486614][ T9636]  __x64_sys_ioctl+0x73/0xb0
[   89.486622][ T9636]  do_syscall_64+0xfa/0x790
[   89.486632][ T9636]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   89.486637][ T9636] RIP: 0033:0x4412d9
[   89.486644][ T9636] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   89.486647][ T9636] RSP: 002b:00007ffe842f0838 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.486654][ T9636] RAX: ffffffffffffffda RBX: 00000000004a2487 RCX: 00000000004412d9
[   89.486658][ T9636] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004
[   89.486662][ T9636] RBP: 0000000000015d63 R08: 000000000000000d R09: 00000000004002c8
[   89.486666][ T9636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402100
[   89.486670][ T9636] R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000
[   89.488260][ T9636] Kernel Offset: disabled
[   90.226427][ T9636] Rebooting in 86400 seconds..