[....] Starting periodic command[   39.183254] audit: type=1800 audit(1576509529.492:32): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
 scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.849958] audit: type=1800 audit(1576509530.152:33): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.451943] kauditd_printk_skb: 1 callbacks suppressed
[   44.451956] audit: type=1400 audit(1576509534.762:35): avc:  denied  { map } for  pid=7625 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts.
executing program
[   51.164092] audit: type=1400 audit(1576509541.472:36): avc:  denied  { map } for  pid=7637 comm="syz-executor684" path="/root/syz-executor684138354" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   51.248645] ==================================================================
[   51.248673] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200
[   51.248681] Read of size 2 at addr ffffffff87ef2bde by task syz-executor684/7637
[   51.248683] 
[   51.248693] CPU: 0 PID: 7637 Comm: syz-executor684 Not tainted 4.19.89-syzkaller #0
[   51.248697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.248700] Call Trace:
[   51.248712]  dump_stack+0x197/0x210
[   51.248722]  ? vga16fb_imageblit+0x1c8b/0x2200
[   51.248733]  print_address_description.cold+0x5/0x20d
[   51.248742]  ? vga16fb_imageblit+0x1c8b/0x2200
[   51.248750]  kasan_report.cold+0x8c/0x2ba
[   51.248761]  __asan_report_load2_noabort+0x14/0x20
[   51.248769]  vga16fb_imageblit+0x1c8b/0x2200
[   51.248785]  soft_cursor+0x4fb/0xa30
[   51.248796]  ? lockdep_hardirqs_on+0x415/0x5d0
[   51.248809]  bit_cursor+0x12fc/0x1a60
[   51.248821]  ? bit_clear+0x530/0x530
[   51.248828]  ? fbcon_putcs+0x42b/0x4f0
[   51.248835]  ? fbcon_putcs+0x271/0x4f0
[   51.248850]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   51.248858]  ? get_color+0x225/0x430
[   51.248867]  fbcon_cursor+0x58a/0x7b0
[   51.248874]  ? bit_clear+0x530/0x530
[   51.248885]  set_cursor+0x1fb/0x280
[   51.248894]  redraw_screen+0x60f/0x8e0
[   51.248900]  ? efifb_probe.cold+0x17e9/0x17e9
[   51.248909]  ? con_flush_chars+0xa0/0xa0
[   51.248919]  ? fbcon_set_palette+0x227/0x610
[   51.248929]  fbcon_modechanged+0x5f3/0x900
[   51.248940]  fbcon_event_notify+0x1bd/0x1dba
[   51.248949]  ? lock_acquire+0x16f/0x3f0
[   51.248962]  notifier_call_chain+0xc2/0x230
[   51.248975]  blocking_notifier_call_chain+0x94/0xb0
[   51.248986]  fb_notifier_call_chain+0x25/0x30
[   51.248994]  fb_set_var+0xc8f/0xe80
[   51.249005]  ? fb_set_suspend+0x130/0x130
[   51.249013]  ? lock_acquire+0x16f/0x3f0
[   51.249021]  ? lock_fb_info+0x1f/0x80
[   51.249035]  ? __mutex_lock+0x3cd/0x1300
[   51.249043]  ? mark_held_locks+0x100/0x100
[   51.249051]  ? lock_acquire+0x16f/0x3f0
[   51.249058]  ? lock_fb_info+0x1f/0x80
[   51.249069]  ? mutex_trylock+0x1e0/0x1e0
[   51.249076]  ? down+0x70/0x90
[   51.249092]  ? do_fb_ioctl+0x3e1/0xab0
[   51.249103]  ? mutex_lock_nested+0x16/0x20
[   51.249113]  do_fb_ioctl+0x450/0xab0
[   51.249122]  ? fb_read+0x580/0x580
[   51.249131]  ? kasan_check_read+0x11/0x20
[   51.249141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.249150]  ? avc_has_extended_perms+0xa78/0x10f0
[   51.249163]  ? avc_ss_reset+0x190/0x190
[   51.249172]  ? __kasan_slab_free+0x102/0x150
[   51.249179]  ? kasan_slab_free+0xe/0x10
[   51.249186]  ? kmem_cache_free+0x86/0x260
[   51.249193]  ? putname+0xef/0x130
[   51.249200]  ? do_sys_open+0x318/0x550
[   51.249206]  ? __x64_sys_openat+0x9d/0x100
[   51.249215]  ? do_syscall_64+0xfd/0x620
[   51.249222]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.249246]  fb_ioctl+0xe6/0x130
[   51.249253]  ? do_fb_ioctl+0xab0/0xab0
[   51.249262]  do_vfs_ioctl+0xd5f/0x1380
[   51.249270]  ? selinux_file_ioctl+0x46f/0x5e0
[   51.249277]  ? selinux_file_ioctl+0x125/0x5e0
[   51.249286]  ? ioctl_preallocate+0x210/0x210
[   51.249294]  ? selinux_file_mprotect+0x620/0x620
[   51.249306]  ? kmem_cache_free+0x222/0x260
[   51.249317]  ? do_sys_open+0x31d/0x550
[   51.249329]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.249336]  ? security_file_ioctl+0x8d/0xc0
[   51.249345]  ksys_ioctl+0xab/0xd0
[   51.249355]  __x64_sys_ioctl+0x73/0xb0
[   51.249364]  do_syscall_64+0xfd/0x620
[   51.249374]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.249381] RIP: 0033:0x440309
[   51.249391] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.249396] RSP: 002b:00007ffddbbccb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.249404] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   51.249409] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[   51.249413] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   51.249418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   51.249422] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   51.249433] 
[   51.249435] The buggy address belongs to the variable:
[   51.249443]  transl_h+0x3e/0x40
[   51.249445] 
[   51.249448] Memory state around the buggy address:
[   51.249455]  ffffffff87ef2a80: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
[   51.249461]  ffffffff87ef2b00: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   51.249467] >ffffffff87ef2b80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   51.249470]                                                     ^
[   51.249476]  ffffffff87ef2c00: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   51.249482]  ffffffff87ef2c80: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   51.249485] ==================================================================
[   51.249488] Disabling lock debugging due to kernel taint
[   51.249493] Kernel panic - not syncing: panic_on_warn set ...
[   51.249493] 
[   51.249500] CPU: 0 PID: 7637 Comm: syz-executor684 Tainted: G    B             4.19.89-syzkaller #0
[   51.249504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.249506] Call Trace:
[   51.249514]  dump_stack+0x197/0x210
[   51.249522]  ? vga16fb_imageblit+0x1c8b/0x2200
[   51.249529]  panic+0x26a/0x50e
[   51.249535]  ? __warn_printk+0xf3/0xf3
[   51.249543]  ? lock_downgrade+0x880/0x880
[   51.249553]  ? trace_hardirqs_on+0x67/0x220
[   51.249559]  ? trace_hardirqs_on+0x5e/0x220
[   51.249568]  ? vga16fb_imageblit+0x1c8b/0x2200
[   51.249575]  kasan_end_report+0x47/0x4f
[   51.249583]  kasan_report.cold+0xa9/0x2ba
[   51.249592]  __asan_report_load2_noabort+0x14/0x20
[   51.249599]  vga16fb_imageblit+0x1c8b/0x2200
[   51.249609]  soft_cursor+0x4fb/0xa30
[   51.249617]  ? lockdep_hardirqs_on+0x415/0x5d0
[   51.249627]  bit_cursor+0x12fc/0x1a60
[   51.249636]  ? bit_clear+0x530/0x530
[   51.249642]  ? fbcon_putcs+0x42b/0x4f0
[   51.249648]  ? fbcon_putcs+0x271/0x4f0
[   51.249658]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   51.249665]  ? get_color+0x225/0x430
[   51.249672]  fbcon_cursor+0x58a/0x7b0
[   51.249679]  ? bit_clear+0x530/0x530
[   51.249686]  set_cursor+0x1fb/0x280
[   51.249694]  redraw_screen+0x60f/0x8e0
[   51.249700]  ? efifb_probe.cold+0x17e9/0x17e9
[   51.249708]  ? con_flush_chars+0xa0/0xa0
[   51.249715]  ? fbcon_set_palette+0x227/0x610
[   51.249723]  fbcon_modechanged+0x5f3/0x900
[   51.249732]  fbcon_event_notify+0x1bd/0x1dba
[   51.249740]  ? lock_acquire+0x16f/0x3f0
[   51.249749]  notifier_call_chain+0xc2/0x230
[   51.249759]  blocking_notifier_call_chain+0x94/0xb0
[   51.249768]  fb_notifier_call_chain+0x25/0x30
[   51.249775]  fb_set_var+0xc8f/0xe80
[   51.249784]  ? fb_set_suspend+0x130/0x130
[   51.249791]  ? lock_acquire+0x16f/0x3f0
[   51.249798]  ? lock_fb_info+0x1f/0x80
[   51.249808]  ? __mutex_lock+0x3cd/0x1300
[   51.249815]  ? mark_held_locks+0x100/0x100
[   51.249822]  ? lock_acquire+0x16f/0x3f0
[   51.249829]  ? lock_fb_info+0x1f/0x80
[   51.249838]  ? mutex_trylock+0x1e0/0x1e0
[   51.249844]  ? down+0x70/0x90
[   51.249856]  ? do_fb_ioctl+0x3e1/0xab0
[   51.249865]  ? mutex_lock_nested+0x16/0x20
[   51.249873]  do_fb_ioctl+0x450/0xab0
[   51.249880]  ? fb_read+0x580/0x580
[   51.249888]  ? kasan_check_read+0x11/0x20
[   51.249896]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.249904]  ? avc_has_extended_perms+0xa78/0x10f0
[   51.249914]  ? avc_ss_reset+0x190/0x190
[   51.249921]  ? __kasan_slab_free+0x102/0x150
[   51.249928]  ? kasan_slab_free+0xe/0x10
[   51.249934]  ? kmem_cache_free+0x86/0x260
[   51.249939]  ? putname+0xef/0x130
[   51.249945]  ? do_sys_open+0x318/0x550
[   51.249952]  ? __x64_sys_openat+0x9d/0x100
[   51.249959]  ? do_syscall_64+0xfd/0x620
[   51.249966]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.249981]  fb_ioctl+0xe6/0x130
[   51.249988]  ? do_fb_ioctl+0xab0/0xab0
[   51.249995]  do_vfs_ioctl+0xd5f/0x1380
[   51.250002]  ? selinux_file_ioctl+0x46f/0x5e0
[   51.250009]  ? selinux_file_ioctl+0x125/0x5e0
[   51.250016]  ? ioctl_preallocate+0x210/0x210
[   51.250024]  ? selinux_file_mprotect+0x620/0x620
[   51.250031]  ? kmem_cache_free+0x222/0x260
[   51.250039]  ? do_sys_open+0x31d/0x550
[   51.250048]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.250055]  ? security_file_ioctl+0x8d/0xc0
[   51.250062]  ksys_ioctl+0xab/0xd0
[   51.250070]  __x64_sys_ioctl+0x73/0xb0
[   51.250078]  do_syscall_64+0xfd/0x620
[   51.250087]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.250091] RIP: 0033:0x440309
[   51.250098] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.250102] RSP: 002b:00007ffddbbccb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.250108] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   51.250112] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[   51.250116] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   51.250120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   51.250124] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   51.251575] Kernel Offset: disabled
[   52.133499] Rebooting in 86400 seconds..