[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   80.063615][   T26] audit: type=1800 audit(1576989732.826:25): pid=9175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   80.083744][   T26] audit: type=1800 audit(1576989732.826:26): pid=9175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   80.137558][   T26] audit: type=1800 audit(1576989732.826:27): pid=9175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts.
syzkaller login: [   90.542901][ T9338] IPVS: ftp: loaded support on port[0] = 21
[   90.542907][ T9340] IPVS: ftp: loaded support on port[0] = 21
[   90.558075][ T9339] IPVS: ftp: loaded support on port[0] = 21
[   90.567487][ T9341] IPVS: ftp: loaded support on port[0] = 21
[   90.567692][ T9334] IPVS: ftp: loaded support on port[0] = 21
[   90.583977][ T9342] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   91.198580][ T9383] ==================================================================
[   91.198622][ T9383] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10
[   91.198629][ T9383] Read of size 1 at addr ffff88809408f964 by task syz-executor957/9383
[   91.198632][ T9383] 
[   91.198643][ T9383] CPU: 0 PID: 9383 Comm: syz-executor957 Not tainted 5.5.0-rc2-next-20191220-syzkaller #0
[   91.198648][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.198651][ T9383] Call Trace:
[   91.198661][ T9383]  dump_stack+0x197/0x210
[   91.198670][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.198684][ T9383]  print_address_description.constprop.0.cold+0xd4/0x30b
[   91.198692][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.198700][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.198709][ T9383]  __kasan_report.cold+0x1b/0x41
[   91.198718][ T9383]  ? fb_release+0x130/0x150
[   91.198725][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.198735][ T9383]  kasan_report+0x12/0x20
[   91.198748][ T9383]  __asan_report_load1_noabort+0x14/0x20
[   91.198756][ T9383]  bit_putcs+0xd5d/0xf10
[   91.198775][ T9383]  ? bit_cursor+0x1a60/0x1a60
[   91.198787][ T9383]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   91.198798][ T9383]  ? write_comp_data+0x21/0x70
[   91.198806][ T9383]  ? fb_get_color_depth.part.0+0xcf/0x200
[   91.198817][ T9383]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   91.198828][ T9383]  fbcon_putcs+0x33c/0x3e0
[   91.198838][ T9383]  ? bit_cursor+0x1a60/0x1a60
[   91.198849][ T9383]  do_update_region+0x42b/0x6f0
[   91.198860][ T9383]  ? con_get_trans_old+0x2a0/0x2a0
[   91.198871][ T9383]  ? fbcon_set_palette+0x3c4/0x4a0
[   91.198879][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.198887][ T9383]  ? var_to_display+0x810/0x810
[   91.198898][ T9383]  redraw_screen+0x676/0x7d0
[   91.198908][ T9383]  ? respond_string+0x2c0/0x2c0
[   91.198922][ T9383]  fbcon_do_set_font+0x829/0x960
[   91.198934][ T9383]  fbcon_copy_font+0x12c/0x190
[   91.198942][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.198950][ T9383]  ? fbcon_do_set_font+0x960/0x960
[   91.198959][ T9383]  con_font_op+0x6b2/0x1270
[   91.198969][ T9383]  ? lock_downgrade+0x920/0x920
[   91.198978][ T9383]  ? con_write+0xd0/0xd0
[   91.198993][ T9383]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   91.199003][ T9383]  ? _copy_from_user+0x12c/0x1a0
[   91.199014][ T9383]  vt_ioctl+0x181a/0x26d0
[   91.199024][ T9383]  ? complete_change_console+0x3a0/0x3a0
[   91.199037][ T9383]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   91.199050][ T9383]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   91.199060][ T9383]  ? tty_jobctrl_ioctl+0x50/0xd40
[   91.199069][ T9383]  ? complete_change_console+0x3a0/0x3a0
[   91.199077][ T9383]  tty_ioctl+0xa37/0x14f0
[   91.199086][ T9383]  ? tty_vhangup+0x30/0x30
[   91.199094][ T9383]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   91.199104][ T9383]  ? do_vfs_ioctl+0x11b/0x1340
[   91.199114][ T9383]  ? ioctl_file_clone+0x180/0x180
[   91.199123][ T9383]  ? __fget+0x37f/0x550
[   91.199135][ T9383]  ? do_dup2+0x4f0/0x4f0
[   91.199144][ T9383]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   91.199155][ T9383]  ? tomoyo_file_ioctl+0x23/0x30
[   91.199164][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.199174][ T9383]  ? security_file_ioctl+0x8d/0xc0
[   91.199180][ T9383]  ? tty_vhangup+0x30/0x30
[   91.199190][ T9383]  ksys_ioctl+0x123/0x180
[   91.199200][ T9383]  __x64_sys_ioctl+0x73/0xb0
[   91.199210][ T9383]  do_syscall_64+0xfa/0x790
[   91.199220][ T9383]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.199227][ T9383] RIP: 0033:0x447109
[   91.199237][ T9383] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   91.199241][ T9383] RSP: 002b:00007fb980b90db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.199250][ T9383] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000447109
[   91.199254][ T9383] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005
[   91.199259][ T9383] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000
[   91.199264][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c
[   91.199269][ T9383] R13: 00007fff8139b26f R14: 00007fb980b919c0 R15: 00000000006dcc3c
[   91.199279][ T9383] 
[   91.199284][ T9383] Allocated by task 9344:
[   91.199291][ T9383]  save_stack+0x23/0x90
[   91.199299][ T9383]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   91.199306][ T9383]  kasan_kmalloc+0x9/0x10
[   91.199312][ T9383]  __kmalloc+0x163/0x770
[   91.199325][ T9383]  fbcon_set_font+0x32d/0x860
[   91.199331][ T9383]  con_font_op+0xe30/0x1270
[   91.199338][ T9383]  vt_ioctl+0xd2e/0x26d0
[   91.199351][ T9383]  tty_ioctl+0xa37/0x14f0
[   91.199359][ T9383]  ksys_ioctl+0x123/0x180
[   91.199365][ T9383]  __x64_sys_ioctl+0x73/0xb0
[   91.199373][ T9383]  do_syscall_64+0xfa/0x790
[   91.199380][ T9383]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.199382][ T9383] 
[   91.199386][ T9383] Freed by task 9041:
[   91.199393][ T9383]  save_stack+0x23/0x90
[   91.199399][ T9383]  __kasan_slab_free+0x102/0x150
[   91.199406][ T9383]  kasan_slab_free+0xe/0x10
[   91.199412][ T9383]  kfree+0x10a/0x2c0
[   91.199420][ T9383]  tomoyo_find_next_domain+0x76a/0x1f6c
[   91.199427][ T9383]  tomoyo_bprm_check_security+0x124/0x1a0
[   91.199435][ T9383]  security_bprm_check+0x63/0xb0
[   91.199443][ T9383]  search_binary_handler+0x71/0x570
[   91.199451][ T9383]  __do_execve_file.isra.0+0x1329/0x22b0
[   91.199458][ T9383]  __x64_sys_execve+0x8f/0xc0
[   91.199466][ T9383]  do_syscall_64+0xfa/0x790
[   91.199473][ T9383]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.199475][ T9383] 
[   91.199482][ T9383] The buggy address belongs to the object at ffff88809408f800
[   91.199482][ T9383]  which belongs to the cache kmalloc-512 of size 512
[   91.199494][ T9383] The buggy address is located 356 bytes inside of
[   91.199494][ T9383]  512-byte region [ffff88809408f800, ffff88809408fa00)
[   91.199498][ T9383] The buggy address belongs to the page:
[   91.199511][ T9383] page:ffffea00025023c0 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0
[   91.199529][ T9383] raw: 00fffe0000000200 ffffea00028fdb08 ffffea00027a4308 ffff8880aa400a80
[   91.199546][ T9383] raw: 0000000000000000 ffff88809408f000 0000000100000004 0000000000000000
[   91.199552][ T9383] page dumped because: kasan: bad access detected
[   91.199556][ T9383] 
[   91.199560][ T9383] Memory state around the buggy address:
[   91.199570][ T9383]  ffff88809408f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.199577][ T9383]  ffff88809408f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.199583][ T9383] >ffff88809408f900: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.199587][ T9383]                                                        ^
[   91.199593][ T9383]  ffff88809408f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.199599][ T9383]  ffff88809408fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.199602][ T9383] ==================================================================
[   91.199605][ T9383] Disabling lock debugging due to kernel taint
[   91.199609][ T9383] Kernel panic - not syncing: panic_on_warn set ...
[   91.199618][ T9383] CPU: 0 PID: 9383 Comm: syz-executor957 Tainted: G    B             5.5.0-rc2-next-20191220-syzkaller #0
[   91.199622][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.199624][ T9383] Call Trace:
[   91.199632][ T9383]  dump_stack+0x197/0x210
[   91.199642][ T9383]  panic+0x2e3/0x75c
[   91.199650][ T9383]  ? add_taint.cold+0x16/0x16
[   91.199662][ T9383]  ? trace_hardirqs_on+0x67/0x240
[   91.199670][ T9383]  ? trace_hardirqs_on+0x5e/0x240
[   91.199678][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.199685][ T9383]  end_report+0x47/0x4f
[   91.199692][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.199700][ T9383]  __kasan_report.cold+0xe/0x41
[   91.199707][ T9383]  ? fb_release+0x130/0x150
[   91.199713][ T9383]  ? bit_putcs+0xd5d/0xf10
[   91.199721][ T9383]  kasan_report+0x12/0x20
[   91.199730][ T9383]  __asan_report_load1_noabort+0x14/0x20
[   91.199737][ T9383]  bit_putcs+0xd5d/0xf10
[   91.199749][ T9383]  ? bit_cursor+0x1a60/0x1a60
[   91.199758][ T9383]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   91.199766][ T9383]  ? write_comp_data+0x21/0x70
[   91.199773][ T9383]  ? fb_get_color_depth.part.0+0xcf/0x200
[   91.199782][ T9383]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   91.199790][ T9383]  fbcon_putcs+0x33c/0x3e0
[   91.199798][ T9383]  ? bit_cursor+0x1a60/0x1a60
[   91.199806][ T9383]  do_update_region+0x42b/0x6f0
[   91.199815][ T9383]  ? con_get_trans_old+0x2a0/0x2a0
[   91.199823][ T9383]  ? fbcon_set_palette+0x3c4/0x4a0
[   91.199831][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.199838][ T9383]  ? var_to_display+0x810/0x810
[   91.199846][ T9383]  redraw_screen+0x676/0x7d0
[   91.199854][ T9383]  ? respond_string+0x2c0/0x2c0
[   91.199864][ T9383]  fbcon_do_set_font+0x829/0x960
[   91.199873][ T9383]  fbcon_copy_font+0x12c/0x190
[   91.199881][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.199888][ T9383]  ? fbcon_do_set_font+0x960/0x960
[   91.199896][ T9383]  con_font_op+0x6b2/0x1270
[   91.199903][ T9383]  ? lock_downgrade+0x920/0x920
[   91.199910][ T9383]  ? con_write+0xd0/0xd0
[   91.199921][ T9383]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   91.199930][ T9383]  ? _copy_from_user+0x12c/0x1a0
[   91.199938][ T9383]  vt_ioctl+0x181a/0x26d0
[   91.199946][ T9383]  ? complete_change_console+0x3a0/0x3a0
[   91.199956][ T9383]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   91.199965][ T9383]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   91.199974][ T9383]  ? tty_jobctrl_ioctl+0x50/0xd40
[   91.199982][ T9383]  ? complete_change_console+0x3a0/0x3a0
[   91.199988][ T9383]  tty_ioctl+0xa37/0x14f0
[   91.199995][ T9383]  ? tty_vhangup+0x30/0x30
[   91.200003][ T9383]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   91.200010][ T9383]  ? do_vfs_ioctl+0x11b/0x1340
[   91.200019][ T9383]  ? ioctl_file_clone+0x180/0x180
[   91.200026][ T9383]  ? __fget+0x37f/0x550
[   91.200034][ T9383]  ? do_dup2+0x4f0/0x4f0
[   91.200042][ T9383]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   91.200050][ T9383]  ? tomoyo_file_ioctl+0x23/0x30
[   91.200058][ T9383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   91.200065][ T9383]  ? security_file_ioctl+0x8d/0xc0
[   91.200072][ T9383]  ? tty_vhangup+0x30/0x30
[   91.200079][ T9383]  ksys_ioctl+0x123/0x180
[   91.200087][ T9383]  __x64_sys_ioctl+0x73/0xb0
[   91.200096][ T9383]  do_syscall_64+0xfa/0x790
[   91.200104][ T9383]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.200109][ T9383] RIP: 0033:0x447109
[   91.200116][ T9383] Code: e8 6c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   91.200120][ T9383] RSP: 002b:00007fb980b90db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.200127][ T9383] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000447109
[   91.200131][ T9383] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005
[   91.200135][ T9383] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000
[   91.200139][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c
[   91.200143][ T9383] R13: 00007fff8139b26f R14: 00007fb980b919c0 R15: 00000000006dcc3c
[   91.201987][ T9383] Kernel Offset: disabled