[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   68.821538][   T27] audit: type=1800 audit(1577900811.323:25): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   68.842569][   T27] audit: type=1800 audit(1577900811.323:26): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   68.899859][   T27] audit: type=1800 audit(1577900811.323:27): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   78.102424][ T9307] ==================================================================
[   78.102461][ T9307] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x2b2/0x5e0
[   78.102468][ T9307] Read of size 32 at addr ffffffff88729e80 by task syz-executor135/9307
[   78.102470][ T9307] 
[   78.102480][ T9307] CPU: 1 PID: 9307 Comm: syz-executor135 Not tainted 5.5.0-rc4-syzkaller #0
[   78.102485][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.102488][ T9307] Call Trace:
[   78.102499][ T9307]  dump_stack+0x197/0x210
[   78.102506][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.102519][ T9307]  print_address_description.constprop.0.cold+0x5/0x30b
[   78.102526][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.102532][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.102541][ T9307]  __kasan_report.cold+0x1b/0x41
[   78.102549][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.102558][ T9307]  kasan_report+0x12/0x20
[   78.102567][ T9307]  check_memory_region+0x134/0x1a0
[   78.102575][ T9307]  memcpy+0x24/0x50
[   78.102583][ T9307]  fbcon_get_font+0x2b2/0x5e0
[   78.102599][ T9307]  ? display_to_var+0x7e0/0x7e0
[   78.102609][ T9307]  con_font_op+0x20b/0x1270
[   78.102617][ T9307]  ? mark_lock+0xc2/0x1220
[   78.102625][ T9307]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   78.102635][ T9307]  ? con_write+0xd0/0xd0
[   78.102645][ T9307]  ? cap_capable+0x205/0x270
[   78.102657][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.102666][ T9307]  ? security_capable+0x95/0xc0
[   78.102677][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.102686][ T9307]  ? ns_capable_common+0x93/0x100
[   78.102696][ T9307]  vt_ioctl+0xd2e/0x26d0
[   78.102705][ T9307]  ? complete_change_console+0x3a0/0x3a0
[   78.102712][ T9307]  ? lock_downgrade+0x920/0x920
[   78.102721][ T9307]  ? rwlock_bug.part.0+0x90/0x90
[   78.102731][ T9307]  ? tomoyo_path_number_perm+0x214/0x520
[   78.102739][ T9307]  ? find_held_lock+0x35/0x130
[   78.102749][ T9307]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.102758][ T9307]  ? tty_jobctrl_ioctl+0x50/0xd40
[   78.102766][ T9307]  ? complete_change_console+0x3a0/0x3a0
[   78.102775][ T9307]  tty_ioctl+0xa37/0x14f0
[   78.102785][ T9307]  ? tty_vhangup+0x30/0x30
[   78.102793][ T9307]  ? tomoyo_path_number_perm+0x454/0x520
[   78.102803][ T9307]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   78.102811][ T9307]  ? tomoyo_path_number_perm+0x25e/0x520
[   78.102821][ T9307]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   78.102839][ T9307]  ? tty_vhangup+0x30/0x30
[   78.102850][ T9307]  do_vfs_ioctl+0x977/0x14e0
[   78.102860][ T9307]  ? compat_ioctl_preallocate+0x220/0x220
[   78.102868][ T9307]  ? __fget+0x37f/0x550
[   78.102879][ T9307]  ? ksys_dup3+0x3e0/0x3e0
[   78.102891][ T9307]  ? tomoyo_file_ioctl+0x23/0x30
[   78.102900][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.102907][ T9307]  ? security_file_ioctl+0x8d/0xc0
[   78.102919][ T9307]  ksys_ioctl+0xab/0xd0
[   78.102936][ T9307]  __x64_sys_ioctl+0x73/0xb0
[   78.102954][ T9307]  do_syscall_64+0xfa/0x790
[   78.102974][ T9307]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.102984][ T9307] RIP: 0033:0x446889
[   78.102999][ T9307] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.103006][ T9307] RSP: 002b:00007fc70a887db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.103014][ T9307] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446889
[   78.103019][ T9307] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004
[   78.103024][ T9307] RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000
[   78.103028][ T9307] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c
[   78.103033][ T9307] R13: 00007ffc8fee4ecf R14: 00007fc70a8889c0 R15: 20c49ba5e353f7cf
[   78.103044][ T9307] 
[   78.103047][ T9307] The buggy address belongs to the variable:
[   78.103055][ T9307]  fontdata_8x16+0x1000/0x1120
[   78.103057][ T9307] 
[   78.103060][ T9307] Memory state around the buggy address:
[   78.103067][ T9307]  ffffffff88729d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.103073][ T9307]  ffffffff88729e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.103079][ T9307] >ffffffff88729e80: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   78.103083][ T9307]                    ^
[   78.103089][ T9307]  ffffffff88729f00: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa
[   78.103095][ T9307]  ffffffff88729f80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[   78.103098][ T9307] ==================================================================
[   78.103101][ T9307] Disabling lock debugging due to kernel taint
[   78.103105][ T9307] Kernel panic - not syncing: panic_on_warn set ...
[   78.103114][ T9307] CPU: 1 PID: 9307 Comm: syz-executor135 Tainted: G    B             5.5.0-rc4-syzkaller #0
[   78.103118][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.103120][ T9307] Call Trace:
[   78.103128][ T9307]  dump_stack+0x197/0x210
[   78.103137][ T9307]  panic+0x2e3/0x75c
[   78.103144][ T9307]  ? add_taint.cold+0x16/0x16
[   78.103156][ T9307]  ? trace_hardirqs_on+0x67/0x240
[   78.103163][ T9307]  ? trace_hardirqs_on+0x5e/0x240
[   78.103170][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.103177][ T9307]  end_report+0x47/0x4f
[   78.103183][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.103190][ T9307]  __kasan_report.cold+0xe/0x41
[   78.103197][ T9307]  ? fbcon_get_font+0x2b2/0x5e0
[   78.103204][ T9307]  kasan_report+0x12/0x20
[   78.103212][ T9307]  check_memory_region+0x134/0x1a0
[   78.103219][ T9307]  memcpy+0x24/0x50
[   78.103225][ T9307]  fbcon_get_font+0x2b2/0x5e0
[   78.103232][ T9307]  ? display_to_var+0x7e0/0x7e0
[   78.103240][ T9307]  con_font_op+0x20b/0x1270
[   78.103246][ T9307]  ? mark_lock+0xc2/0x1220
[   78.103253][ T9307]  ? apparmor_cred_prepare+0x7b0/0x7b0
[   78.103261][ T9307]  ? con_write+0xd0/0xd0
[   78.103268][ T9307]  ? cap_capable+0x205/0x270
[   78.103277][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.103285][ T9307]  ? security_capable+0x95/0xc0
[   78.103294][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.103301][ T9307]  ? ns_capable_common+0x93/0x100
[   78.103308][ T9307]  vt_ioctl+0xd2e/0x26d0
[   78.103315][ T9307]  ? complete_change_console+0x3a0/0x3a0
[   78.103321][ T9307]  ? lock_downgrade+0x920/0x920
[   78.103329][ T9307]  ? rwlock_bug.part.0+0x90/0x90
[   78.103337][ T9307]  ? tomoyo_path_number_perm+0x214/0x520
[   78.103343][ T9307]  ? find_held_lock+0x35/0x130
[   78.103351][ T9307]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   78.103359][ T9307]  ? tty_jobctrl_ioctl+0x50/0xd40
[   78.103365][ T9307]  ? complete_change_console+0x3a0/0x3a0
[   78.103373][ T9307]  tty_ioctl+0xa37/0x14f0
[   78.103381][ T9307]  ? tty_vhangup+0x30/0x30
[   78.103388][ T9307]  ? tomoyo_path_number_perm+0x454/0x520
[   78.103397][ T9307]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   78.103404][ T9307]  ? tomoyo_path_number_perm+0x25e/0x520
[   78.103412][ T9307]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   78.103424][ T9307]  ? tty_vhangup+0x30/0x30
[   78.103431][ T9307]  do_vfs_ioctl+0x977/0x14e0
[   78.103439][ T9307]  ? compat_ioctl_preallocate+0x220/0x220
[   78.103446][ T9307]  ? __fget+0x37f/0x550
[   78.103454][ T9307]  ? ksys_dup3+0x3e0/0x3e0
[   78.103463][ T9307]  ? tomoyo_file_ioctl+0x23/0x30
[   78.103471][ T9307]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.103478][ T9307]  ? security_file_ioctl+0x8d/0xc0
[   78.103485][ T9307]  ksys_ioctl+0xab/0xd0
[   78.103493][ T9307]  __x64_sys_ioctl+0x73/0xb0
[   78.103501][ T9307]  do_syscall_64+0xfa/0x790
[   78.103510][ T9307]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.103514][ T9307] RIP: 0033:0x446889
[   78.103522][ T9307] Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.103525][ T9307] RSP: 002b:00007fc70a887db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.103532][ T9307] RAX: ffffffffffffffda RBX: 00000000006dbc48 RCX: 0000000000446889
[   78.103536][ T9307] RDX: 0000000020000200 RSI: 0000000000004b60 RDI: 0000000000000004
[   78.103540][ T9307] RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000
[   78.103544][ T9307] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c
[   78.103548][ T9307] R13: 00007ffc8fee4ecf R14: 00007fc70a8889c0 R15: 20c49ba5e353f7cf
[   78.104804][ T9307] Kernel Offset: disabled
[   78.907845][ T9307] Rebooting in 86400 seconds..