[   38.948645] audit: type=1800 audit(1575572333.931:29): pid=7547 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   38.982893] audit: type=1800 audit(1575572333.931:30): pid=7547 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   49.177794] kauditd_printk_skb: 5 callbacks suppressed
[   49.177808] audit: type=1400 audit(1575572344.161:36): avc:  denied  { map } for  pid=7734 comm="syz-executor428" path="/root/syz-executor428105635" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   49.211587] ==================================================================
[   49.211615] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0
[   49.211623] Read of size 2 at addr ffff8880a540d440 by task syz-executor428/7734
[   49.211625] 
[   49.211635] CPU: 0 PID: 7734 Comm: syz-executor428 Not tainted 4.19.88-syzkaller #0
[   49.211640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.211644] Call Trace:
[   49.211656]  dump_stack+0x197/0x210
[   49.211666]  ? vcs_scr_readw+0xc2/0xd0
[   49.211676]  print_address_description.cold+0x7c/0x20d
[   49.211685]  ? vcs_scr_readw+0xc2/0xd0
[   49.211693]  kasan_report.cold+0x8c/0x2ba
[   49.211705]  __asan_report_load2_noabort+0x14/0x20
[   49.211712]  vcs_scr_readw+0xc2/0xd0
[   49.211724]  vcs_write+0x646/0xcf0
[   49.211739]  ? vcs_size+0x240/0x240
[   49.211749]  ? find_get_entry+0x3e1/0xa00
[   49.211763]  __vfs_write+0x114/0x810
[   49.211771]  ? ondemand_readahead+0x54b/0xcd0
[   49.211779]  ? vcs_size+0x240/0x240
[   49.211787]  ? kernel_read+0x120/0x120
[   49.211795]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.211805]  ? copy_page_to_iter+0x45a/0xd50
[   49.211825]  __kernel_write+0x110/0x390
[   49.211835]  write_pipe_buf+0x15d/0x1f0
[   49.211844]  ? do_splice_direct+0x2a0/0x2a0
[   49.211852]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.211860]  ? splice_from_pipe_next.part.0+0x255/0x2f0
[   49.211867]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   49.211877]  __splice_from_pipe+0x391/0x7d0
[   49.211885]  ? do_splice_direct+0x2a0/0x2a0
[   49.211896]  ? do_splice_direct+0x2a0/0x2a0
[   49.211904]  splice_from_pipe+0x108/0x170
[   49.211913]  ? splice_shrink_spd+0xd0/0xd0
[   49.211928]  ? security_file_permission+0x89/0x230
[   49.211938]  default_file_splice_write+0x3c/0x90
[   49.211945]  ? generic_splice_sendpage+0x50/0x50
[   49.211954]  direct_splice_actor+0x123/0x190
[   49.211964]  splice_direct_to_actor+0x2e7/0x890
[   49.211973]  ? generic_pipe_buf_nosteal+0x10/0x10
[   49.211983]  ? do_splice_to+0x180/0x180
[   49.211990]  ? security_file_permission+0x89/0x230
[   49.211999]  ? rw_verify_area+0x118/0x360
[   49.212008]  do_splice_direct+0x1da/0x2a0
[   49.212017]  ? splice_direct_to_actor+0x890/0x890
[   49.212035]  ? security_file_permission+0x89/0x230
[   49.212044]  ? rw_verify_area+0x118/0x360
[   49.212053]  do_sendfile+0x597/0xce0
[   49.212067]  ? do_compat_pwritev64+0x1c0/0x1c0
[   49.212079]  ? lock_downgrade+0x880/0x880
[   49.212087]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.212097]  ? check_preemption_disabled+0x48/0x290
[   49.212108]  __x64_sys_sendfile64+0x1dd/0x220
[   49.212117]  ? __ia32_sys_sendfile+0x230/0x230
[   49.212127]  ? do_syscall_64+0x26/0x620
[   49.212135]  ? lockdep_hardirqs_on+0x415/0x5d0
[   49.212145]  ? trace_hardirqs_on+0x67/0x220
[   49.212155]  do_syscall_64+0xfd/0x620
[   49.212167]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.212173] RIP: 0033:0x4401f9
[   49.212182] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   49.212187] RSP: 002b:00007ffd32dae608 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   49.212195] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   49.212200] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[   49.212205] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   49.212209] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 0000000000401a80
[   49.212214] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   49.212224] 
[   49.212228] Allocated by task 1:
[   49.212236]  save_stack+0x45/0xd0
[   49.212243]  kasan_kmalloc+0xce/0xf0
[   49.212249]  __kmalloc+0x15d/0x750
[   49.212256]  vc_do_resize+0x262/0x14a0
[   49.212262]  vc_resize+0x4d/0x60
[   49.212270]  fbcon_init+0x1062/0x1b00
[   49.212276]  visual_init+0x337/0x620
[   49.212282]  do_bind_con_driver+0x549/0x8c0
[   49.212288]  do_take_over_console+0x449/0x590
[   49.212295]  do_fbcon_takeover+0x116/0x220
[   49.212301]  fbcon_event_notify+0x1786/0x1dba
[   49.212311]  notifier_call_chain+0xc2/0x230
[   49.212319]  blocking_notifier_call_chain+0x94/0xb0
[   49.212328]  fb_notifier_call_chain+0x25/0x30
[   49.212335]  register_framebuffer+0x61d/0xa70
[   49.212341]  vga16fb_probe+0x711/0x825
[   49.212350]  platform_drv_probe+0x93/0x160
[   49.212356]  really_probe+0x4a0/0x650
[   49.212363]  driver_probe_device+0x103/0x1b0
[   49.212369]  __device_attach_driver+0x225/0x290
[   49.212377]  bus_for_each_drv+0x16c/0x1f0
[   49.212383]  __device_attach+0x237/0x350
[   49.212389]  device_initial_probe+0x1b/0x20
[   49.212395]  bus_probe_device+0x1f7/0x2a0
[   49.212402]  device_add+0xb42/0x1760
[   49.212409]  platform_device_add+0x366/0x6f0
[   49.212417]  vga16fb_init+0x15f/0x1d6
[   49.212424]  do_one_initcall+0x107/0x78c
[   49.212433]  kernel_init_freeable+0x4d4/0x5c8
[   49.212439]  kernel_init+0x12/0x1c4
[   49.212445]  ret_from_fork+0x24/0x30
[   49.212447] 
[   49.212450] Freed by task 0:
[   49.212452] (stack is not available)
[   49.212454] 
[   49.212460] The buggy address belongs to the object at ffff8880a540c180
[   49.212460]  which belongs to the cache kmalloc-8192 of size 8192
[   49.212467] The buggy address is located 4800 bytes inside of
[   49.212467]  8192-byte region [ffff8880a540c180, ffff8880a540e180)
[   49.212469] The buggy address belongs to the page:
[   49.212477] page:ffffea0002950300 count:1 mapcount:0 mapping:ffff88812c315080 index:0x0 compound_mapcount: 0
[   49.212485] flags: 0xfffe0000008100(slab|head)
[   49.212496] raw: 00fffe0000008100 ffffea0002991108 ffffea00028c7c08 ffff88812c315080
[   49.212504] raw: 0000000000000000 ffff8880a540c180 0000000100000001 0000000000000000
[   49.212508] page dumped because: kasan: bad access detected
[   49.212510] 
[   49.212512] Memory state around the buggy address:
[   49.212519]  ffff8880a540d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.212524]  ffff8880a540d380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.212530] >ffff8880a540d400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   49.212533]                                            ^
[   49.212539]  ffff8880a540d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.212544]  ffff8880a540d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.212547] ==================================================================
[   49.212550] Disabling lock debugging due to kernel taint
[   49.212554] Kernel panic - not syncing: panic_on_warn set ...
[   49.212554] 
[   49.212562] CPU: 0 PID: 7734 Comm: syz-executor428 Tainted: G    B             4.19.88-syzkaller #0
[   49.212566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.212568] Call Trace:
[   49.212575]  dump_stack+0x197/0x210
[   49.212583]  ? vcs_scr_readw+0xc2/0xd0
[   49.212590]  panic+0x26a/0x50e
[   49.212596]  ? __warn_printk+0xf3/0xf3
[   49.212604]  ? lock_downgrade+0x880/0x880
[   49.212612]  ? trace_hardirqs_on+0x67/0x220
[   49.212619]  ? trace_hardirqs_on+0x5e/0x220
[   49.212627]  ? vcs_scr_readw+0xc2/0xd0
[   49.212634]  kasan_end_report+0x47/0x4f
[   49.212641]  kasan_report.cold+0xa9/0x2ba
[   49.212650]  __asan_report_load2_noabort+0x14/0x20
[   49.212657]  vcs_scr_readw+0xc2/0xd0
[   49.212664]  vcs_write+0x646/0xcf0
[   49.212686]  ? vcs_size+0x240/0x240
[   49.212696]  ? find_get_entry+0x3e1/0xa00
[   49.212708]  __vfs_write+0x114/0x810
[   49.212717]  ? ondemand_readahead+0x54b/0xcd0
[   49.212726]  ? vcs_size+0x240/0x240
[   49.212736]  ? kernel_read+0x120/0x120
[   49.212746]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.212756]  ? copy_page_to_iter+0x45a/0xd50
[   49.212777]  __kernel_write+0x110/0x390
[   49.212788]  write_pipe_buf+0x15d/0x1f0
[   49.212800]  ? do_splice_direct+0x2a0/0x2a0
[   49.212811]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.212820]  ? splice_from_pipe_next.part.0+0x255/0x2f0
[   49.212831]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   49.212846]  __splice_from_pipe+0x391/0x7d0
[   49.212858]  ? do_splice_direct+0x2a0/0x2a0
[   49.212871]  ? do_splice_direct+0x2a0/0x2a0
[   49.212883]  splice_from_pipe+0x108/0x170
[   49.212896]  ? splice_shrink_spd+0xd0/0xd0
[   49.212911]  ? security_file_permission+0x89/0x230
[   49.212924]  default_file_splice_write+0x3c/0x90
[   49.212936]  ? generic_splice_sendpage+0x50/0x50
[   49.212949]  direct_splice_actor+0x123/0x190
[   49.212961]  splice_direct_to_actor+0x2e7/0x890
[   49.212974]  ? generic_pipe_buf_nosteal+0x10/0x10
[   49.212986]  ? do_splice_to+0x180/0x180
[   49.212998]  ? security_file_permission+0x89/0x230
[   49.213011]  ? rw_verify_area+0x118/0x360
[   49.213028]  do_splice_direct+0x1da/0x2a0
[   49.213041]  ? splice_direct_to_actor+0x890/0x890
[   49.213054]  ? security_file_permission+0x89/0x230
[   49.213067]  ? rw_verify_area+0x118/0x360
[   49.213080]  do_sendfile+0x597/0xce0
[   49.213099]  ? do_compat_pwritev64+0x1c0/0x1c0
[   49.213112]  ? lock_downgrade+0x880/0x880
[   49.213125]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.213138]  ? check_preemption_disabled+0x48/0x290
[   49.213152]  __x64_sys_sendfile64+0x1dd/0x220
[   49.213165]  ? __ia32_sys_sendfile+0x230/0x230
[   49.213178]  ? do_syscall_64+0x26/0x620
[   49.213191]  ? lockdep_hardirqs_on+0x415/0x5d0
[   49.213203]  ? trace_hardirqs_on+0x67/0x220
[   49.213217]  do_syscall_64+0xfd/0x620
[   49.213231]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.213241] RIP: 0033:0x4401f9
[   49.213253] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   49.213262] RSP: 002b:00007ffd32dae608 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   49.213279] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   49.213288] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[   49.213297] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   49.213307] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 0000000000401a80
[   49.213316] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   49.214747] Kernel Offset: disabled
[   50.176375] Rebooting in 86400 seconds..