[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   63.108596][   T27] audit: type=1800 audit(1583752116.013:25): pid=9316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   63.129301][   T27] audit: type=1800 audit(1583752116.023:26): pid=9316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   63.178547][   T27] audit: type=1800 audit(1583752116.033:27): pid=9316 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   74.983763][ T9469] sp0: Synchronizing with TNC
[   74.990086][  T228] ==================================================================
[   74.998303][  T228] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x235/0x260
[   75.006182][  T228] Write of size 1 at addr ffff8880925c944e by task kworker/u4:3/228
[   75.014147][  T228] 
[   75.016479][  T228] CPU: 1 PID: 228 Comm: kworker/u4:3 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0
[   75.026001][  T228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.036056][  T228] Workqueue: events_unbound flush_to_ldisc
[   75.046542][  T228] Call Trace:
[   75.049823][  T228]  dump_stack+0x188/0x20d
[   75.054141][  T228]  ? decode_data.part.0+0x235/0x260
[   75.059325][  T228]  ? decode_data.part.0+0x235/0x260
[   75.064511][  T228]  print_address_description.constprop.0.cold+0xd3/0x315
[   75.071535][  T228]  ? decode_data.part.0+0x235/0x260
[   75.076721][  T228]  ? decode_data.part.0+0x235/0x260
[   75.081904][  T228]  __kasan_report.cold+0x1a/0x32
[   75.086854][  T228]  ? decode_data.part.0+0x235/0x260
[   75.092051][  T228]  kasan_report+0xe/0x20
[   75.096281][  T228]  decode_data.part.0+0x235/0x260
[   75.101300][  T228]  sixpack_receive_buf+0xc24/0x1210
[   75.106494][  T228]  ? sp_xmit+0xc10/0xc10
[   75.110727][  T228]  tty_ldisc_receive_buf+0x14a/0x190
[   75.116129][  T228]  tty_port_default_receive_buf+0x78/0xa0
[   75.121861][  T228]  flush_to_ldisc+0x21d/0x390
[   75.126654][  T228]  process_one_work+0x94b/0x1690
[   75.131615][  T228]  ? pwq_dec_nr_in_flight+0x310/0x310
[   75.136988][  T228]  ? do_raw_spin_lock+0x129/0x2e0
[   75.142044][  T228]  worker_thread+0x96/0xe20
[   75.146548][  T228]  ? process_one_work+0x1690/0x1690
[   75.151738][  T228]  kthread+0x357/0x430
[   75.155812][  T228]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   75.161541][  T228]  ret_from_fork+0x24/0x30
[   75.165961][  T228] 
[   75.168272][  T228] Allocated by task 9469:
[   75.172603][  T228]  save_stack+0x1b/0x40
[   75.176755][  T228]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   75.182394][  T228]  kvmalloc_node+0x61/0xf0
[   75.186818][  T228]  alloc_netdev_mqs+0x97/0xde0
[   75.191616][  T228]  sixpack_open+0xfa/0xa41
[   75.196045][  T228]  tty_ldisc_open.isra.0+0x9b/0x110
[   75.201237][  T228]  tty_set_ldisc+0x2e8/0x670
[   75.205829][  T228]  tty_ioctl+0xcdf/0x1440
[   75.210166][  T228]  ksys_ioctl+0x11a/0x180
[   75.214495][  T228]  __x64_sys_ioctl+0x6f/0xb0
[   75.219147][  T228]  do_syscall_64+0xf6/0x790
[   75.223656][  T228]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.229546][  T228] 
[   75.231889][  T228] Freed by task 0:
[   75.235605][  T228] (stack is not available)
[   75.240008][  T228] 
[   75.242339][  T228] The buggy address belongs to the object at ffff8880925c8000
[   75.242339][  T228]  which belongs to the cache kmalloc-4k of size 4096
[   75.256382][  T228] The buggy address is located 1102 bytes to the right of
[   75.256382][  T228]  4096-byte region [ffff8880925c8000, ffff8880925c9000)
[   75.270334][  T228] The buggy address belongs to the page:
[   75.275959][  T228] page:ffffea0002497200 refcount:1 mapcount:0 mapping:0000000039784f6d index:0x0 head:ffffea0002497200 order:1 compound_mapcount:0
[   75.289410][  T228] flags: 0xfffe0000010200(slab|head)
[   75.294689][  T228] raw: 00fffe0000010200 ffffea00024f8388 ffffea0002899788 ffff8880aa002000
[   75.303601][  T228] raw: 0000000000000000 ffff8880925c8000 0000000100000001 0000000000000000
[   75.312161][  T228] page dumped because: kasan: bad access detected
[   75.318549][  T228] 
[   75.320858][  T228] Memory state around the buggy address:
[   75.326472][  T228]  ffff8880925c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.334516][  T228]  ffff8880925c9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.342571][  T228] >ffff8880925c9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.350620][  T228]                                               ^
[   75.357029][  T228]  ffff8880925c9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.365139][  T228]  ffff8880925c9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.373190][  T228] ==================================================================
[   75.381235][  T228] Disabling lock debugging due to kernel taint
[   75.395464][  T228] Kernel panic - not syncing: panic_on_warn set ...
[   75.402095][  T228] CPU: 1 PID: 228 Comm: kworker/u4:3 Tainted: G    B             5.6.0-rc3-next-20200228-syzkaller #0
[   75.413027][  T228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.423093][  T228] Workqueue: events_unbound flush_to_ldisc
[   75.428896][  T228] Call Trace:
[   75.432199][  T228]  dump_stack+0x188/0x20d
[   75.436661][  T228]  panic+0x2e3/0x75c
[   75.440561][  T228]  ? add_taint.cold+0x16/0x16
[   75.445250][  T228]  ? preempt_schedule_common+0x5e/0xc0
[   75.450717][  T228]  ? decode_data.part.0+0x235/0x260
[   75.455917][  T228]  ? ___preempt_schedule+0x16/0x18
[   75.461030][  T228]  ? trace_hardirqs_on+0x55/0x220
[   75.466068][  T228]  ? decode_data.part.0+0x235/0x260
[   75.471270][  T228]  end_report+0x43/0x49
[   75.475466][  T228]  ? decode_data.part.0+0x235/0x260
[   75.480660][  T228]  __kasan_report.cold+0xd/0x32
[   75.485518][  T228]  ? decode_data.part.0+0x235/0x260
[   75.490723][  T228]  kasan_report+0xe/0x20
[   75.494969][  T228]  decode_data.part.0+0x235/0x260
[   75.500008][  T228]  sixpack_receive_buf+0xc24/0x1210
[   75.505215][  T228]  ? sp_xmit+0xc10/0xc10
[   75.509464][  T228]  tty_ldisc_receive_buf+0x14a/0x190
[   75.514753][  T228]  tty_port_default_receive_buf+0x78/0xa0
[   75.520479][  T228]  flush_to_ldisc+0x21d/0x390
[   75.525165][  T228]  process_one_work+0x94b/0x1690
[   75.530115][  T228]  ? pwq_dec_nr_in_flight+0x310/0x310
[   75.535491][  T228]  ? do_raw_spin_lock+0x129/0x2e0
[   75.540527][  T228]  worker_thread+0x96/0xe20
[   75.545035][  T228]  ? process_one_work+0x1690/0x1690
[   75.550236][  T228]  kthread+0x357/0x430
[   75.554312][  T228]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   75.560032][  T228]  ret_from_fork+0x24/0x30
[   75.565715][  T228] Kernel Offset: disabled
[   75.570046][  T228] Rebooting in 86400 seconds..