[ 83.298196][ T26] audit: type=1800 audit(1581406372.700:25): pid=9808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 84.484577][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 84.484588][ T26] audit: type=1800 audit(1581406373.880:29): pid=9808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 84.511599][ T26] audit: type=1800 audit(1581406373.880:30): pid=9808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 92.431773][ T9962] ================================================================== [ 92.431819][ T9962] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200 [ 92.431827][ T9962] Read of size 2 at addr ffffffff8896d93e by task syz-executor342/9962 [ 92.431829][ T9962] [ 92.431839][ T9962] CPU: 0 PID: 9962 Comm: syz-executor342 Not tainted 5.6.0-rc1-syzkaller #0 [ 92.431844][ T9962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.431848][ T9962] Call Trace: [ 92.431861][ T9962] dump_stack+0x197/0x210 [ 92.431871][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.431887][ T9962] print_address_description.constprop.0.cold+0x5/0x30b [ 92.431895][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.431904][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.431914][ T9962] __kasan_report.cold+0x1b/0x32 [ 92.431926][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.431938][ T9962] kasan_report+0x12/0x20 [ 92.431948][ T9962] __asan_report_load2_noabort+0x14/0x20 [ 92.431958][ T9962] vga16fb_imageblit+0x1c8b/0x2200 [ 92.431967][ T9962] ? mark_lock+0x1bf/0x1220 [ 92.431990][ T9962] soft_cursor+0x4fb/0xa30 [ 92.431998][ T9962] ? lockdep_hardirqs_on+0x421/0x5e0 [ 92.432018][ T9962] bit_cursor+0x12fc/0x1a60 [ 92.432037][ T9962] ? bit_clear+0x530/0x530 [ 92.432045][ T9962] ? fbcon_putcs+0x33c/0x3e0 [ 92.432053][ T9962] ? fbcon_putcs+0x343/0x3e0 [ 92.432074][ T9962] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 92.432084][ T9962] ? get_color+0x225/0x430 [ 92.432097][ T9962] fbcon_cursor+0x487/0x660 [ 92.432106][ T9962] ? bit_clear+0x530/0x530 [ 92.432120][ T9962] set_cursor+0x1fb/0x280 [ 92.432130][ T9962] redraw_screen+0x4e1/0x7d0 [ 92.432138][ T9962] ? vesafb_probe.cold+0x1279/0x1279 [ 92.432149][ T9962] ? respond_string+0x2c0/0x2c0 [ 92.432161][ T9962] ? fbcon_set_palette+0x3c4/0x4a0 [ 92.432175][ T9962] fbcon_modechanged+0x5c3/0x790 [ 92.432191][ T9962] fbcon_update_vcs+0x42/0x50 [ 92.432200][ T9962] fb_set_var+0xb32/0xdd0 [ 92.432212][ T9962] ? fb_blank+0x1a0/0x1a0 [ 92.432221][ T9962] ? stack_depot_save+0x25a/0x450 [ 92.432236][ T9962] ? save_stack+0x5c/0x90 [ 92.432243][ T9962] ? save_stack+0x23/0x90 [ 92.432251][ T9962] ? __kasan_slab_free+0x102/0x150 [ 92.432259][ T9962] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 92.432268][ T9962] ? vga16fb_imageblit+0x1eb/0x2200 [ 92.432275][ T9962] ? vc_resize+0x4d/0x60 [ 92.432283][ T9962] ? fbcon_modechanged+0x367/0x790 [ 92.432291][ T9962] ? fbcon_update_vcs+0x4f/0x50 [ 92.432326][ T9962] ? bit_cursor+0xaf6/0x1a60 [ 92.432335][ T9962] ? fb_videomode_to_var+0x14/0x630 [ 92.432350][ T9962] fbcon_switch+0x556/0x17f0 [ 92.432367][ T9962] ? fbcon_set_def_font+0x360/0x360 [ 92.432391][ T9962] ? fbcon_cursor+0x48c/0x660 [ 92.432407][ T9962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.432416][ T9962] ? fbcon_set_origin+0x2b/0x50 [ 92.432424][ T9962] ? fbcon_scrolldelta+0x1220/0x1220 [ 92.432433][ T9962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.432445][ T9962] redraw_screen+0x2b6/0x7d0 [ 92.432453][ T9962] ? vesafb_probe.cold+0x1279/0x1279 [ 92.432463][ T9962] ? respond_string+0x2c0/0x2c0 [ 92.432476][ T9962] ? fbcon_set_palette+0x3c4/0x4a0 [ 92.432490][ T9962] fbcon_modechanged+0x5c3/0x790 [ 92.432506][ T9962] fbcon_update_vcs+0x42/0x50 [ 92.432515][ T9962] fb_set_var+0xb32/0xdd0 [ 92.432526][ T9962] ? fb_blank+0x1a0/0x1a0 [ 92.432535][ T9962] ? lock_acquire+0x190/0x410 [ 92.432555][ T9962] ? __mutex_lock+0x458/0x13c0 [ 92.432564][ T9962] ? down+0x50/0x90 [ 92.432595][ T9962] ? do_fb_ioctl+0x335/0x7d0 [ 92.432614][ T9962] do_fb_ioctl+0x390/0x7d0 [ 92.432623][ T9962] ? fb_mmap+0x560/0x560 [ 92.432644][ T9962] ? trace_hardirqs_on+0x67/0x240 [ 92.432661][ T9962] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 92.432671][ T9962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 92.432681][ T9962] ? do_vfs_ioctl+0x568/0x13b0 [ 92.432718][ T9962] fb_ioctl+0xe6/0x130 [ 92.432725][ T9962] ? do_fb_ioctl+0x7d0/0x7d0 [ 92.432736][ T9962] ksys_ioctl+0x123/0x180 [ 92.432749][ T9962] __x64_sys_ioctl+0x73/0xb0 [ 92.432762][ T9962] do_syscall_64+0xfa/0x790 [ 92.432775][ T9962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.432783][ T9962] RIP: 0033:0x440309 [ 92.432793][ T9962] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 92.432798][ T9962] RSP: 002b:00007ffdefd05f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.432807][ T9962] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 92.432811][ T9962] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 92.432816][ T9962] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 92.432821][ T9962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 92.432825][ T9962] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 92.432843][ T9962] [ 92.432846][ T9962] The buggy address belongs to the variable: [ 92.432855][ T9962] transl_h+0x3e/0x40 [ 92.432857][ T9962] [ 92.432860][ T9962] Memory state around the buggy address: [ 92.432867][ T9962] ffffffff8896d800: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.432873][ T9962] ffffffff8896d880: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa [ 92.432879][ T9962] >ffffffff8896d900: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa [ 92.432882][ T9962] ^ [ 92.432888][ T9962] ffffffff8896d980: 00 01 fa fa fa fa fa fa 00 00 00 04 fa fa fa fa [ 92.432894][ T9962] ffffffff8896da00: 00 00 04 fa fa fa fa fa 00 00 00 00 00 00 02 fa [ 92.432896][ T9962] ================================================================== [ 92.432899][ T9962] Disabling lock debugging due to kernel taint [ 92.432904][ T9962] Kernel panic - not syncing: panic_on_warn set ... [ 92.432912][ T9962] CPU: 0 PID: 9962 Comm: syz-executor342 Tainted: G B 5.6.0-rc1-syzkaller #0 [ 92.432915][ T9962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 92.432917][ T9962] Call Trace: [ 92.432925][ T9962] dump_stack+0x197/0x210 [ 92.432936][ T9962] panic+0x2e3/0x75c [ 92.432944][ T9962] ? add_taint.cold+0x16/0x16 [ 92.432956][ T9962] ? trace_hardirqs_on+0x67/0x240 [ 92.432963][ T9962] ? trace_hardirqs_on+0x5e/0x240 [ 92.432973][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.432981][ T9962] end_report+0x47/0x4f [ 92.432989][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.432996][ T9962] __kasan_report.cold+0xe/0x32 [ 92.433006][ T9962] ? vga16fb_imageblit+0x1c8b/0x2200 [ 92.433015][ T9962] kasan_report+0x12/0x20 [ 92.433024][ T9962] __asan_report_load2_noabort+0x14/0x20 [ 92.433032][ T9962] vga16fb_imageblit+0x1c8b/0x2200 [ 92.433038][ T9962] ? mark_lock+0x1bf/0x1220 [ 92.433052][ T9962] soft_cursor+0x4fb/0xa30 [ 92.433059][ T9962] ? lockdep_hardirqs_on+0x421/0x5e0 [ 92.433072][ T9962] bit_cursor+0x12fc/0x1a60 [ 92.433084][ T9962] ? bit_clear+0x530/0x530 [ 92.433091][ T9962] ? fbcon_putcs+0x33c/0x3e0 [ 92.433098][ T9962] ? fbcon_putcs+0x343/0x3e0 [ 92.433111][ T9962] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 92.433119][ T9962] ? get_color+0x225/0x430 [ 92.433129][ T9962] fbcon_cursor+0x487/0x660 [ 92.433136][ T9962] ? bit_clear+0x530/0x530 [ 92.433145][ T9962] set_cursor+0x1fb/0x280 [ 92.433152][ T9962] redraw_screen+0x4e1/0x7d0 [ 92.433160][ T9962] ? vesafb_probe.cold+0x1279/0x1279 [ 92.433168][ T9962] ? respond_string+0x2c0/0x2c0 [ 92.433177][ T9962] ? fbcon_set_palette+0x3c4/0x4a0 [ 92.433187][ T9962] fbcon_modechanged+0x5c3/0x790 [ 92.433198][ T9962] fbcon_update_vcs+0x42/0x50 [ 92.433205][ T9962] fb_set_var+0xb32/0xdd0 [ 92.433213][ T9962] ? fb_blank+0x1a0/0x1a0 [ 92.433219][ T9962] ? stack_depot_save+0x25a/0x450 [ 92.433229][ T9962] ? save_stack+0x5c/0x90 [ 92.433236][ T9962] ? save_stack+0x23/0x90 [ 92.433243][ T9962] ? __kasan_slab_free+0x102/0x150 [ 92.433250][ T9962] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 92.433258][ T9962] ? vga16fb_imageblit+0x1eb/0x2200 [ 92.433264][ T9962] ? vc_resize+0x4d/0x60 [ 92.433272][ T9962] ? fbcon_modechanged+0x367/0x790 [ 92.433279][ T9962] ? fbcon_update_vcs+0x4f/0x50 [ 92.433299][ T9962] ? bit_cursor+0xaf6/0x1a60 [ 92.433306][ T9962] ? fb_videomode_to_var+0x14/0x630 [ 92.433316][ T9962] fbcon_switch+0x556/0x17f0 [ 92.433328][ T9962] ? fbcon_set_def_font+0x360/0x360 [ 92.433342][ T9962] ? fbcon_cursor+0x48c/0x660 [ 92.433352][ T9962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.433359][ T9962] ? fbcon_set_origin+0x2b/0x50 [ 92.433367][ T9962] ? fbcon_scrolldelta+0x1220/0x1220 [ 92.433375][ T9962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 92.433383][ T9962] redraw_screen+0x2b6/0x7d0 [ 92.433391][ T9962] ? vesafb_probe.cold+0x1279/0x1279 [ 92.433399][ T9962] ? respond_string+0x2c0/0x2c0 [ 92.433413][ T9962] ? fbcon_set_palette+0x3c4/0x4a0 [ 92.433422][ T9962] fbcon_modechanged+0x5c3/0x790 [ 92.433433][ T9962] fbcon_update_vcs+0x42/0x50 [ 92.433440][ T9962] fb_set_var+0xb32/0xdd0 [ 92.433448][ T9962] ? fb_blank+0x1a0/0x1a0 [ 92.433455][ T9962] ? lock_acquire+0x190/0x410 [ 92.433467][ T9962] ? __mutex_lock+0x458/0x13c0 [ 92.433474][ T9962] ? down+0x50/0x90 [ 92.433491][ T9962] ? do_fb_ioctl+0x335/0x7d0 [ 92.433502][ T9962] do_fb_ioctl+0x390/0x7d0 [ 92.433509][ T9962] ? fb_mmap+0x560/0x560 [ 92.433522][ T9962] ? trace_hardirqs_on+0x67/0x240 [ 92.433538][ T9962] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 92.433547][ T9962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 92.433554][ T9962] ? do_vfs_ioctl+0x568/0x13b0 [ 92.433704][ T9962] fb_ioctl+0xe6/0x130 [ 92.433713][ T9962] ? do_fb_ioctl+0x7d0/0x7d0 [ 92.433722][ T9962] ksys_ioctl+0x123/0x180 [ 92.433732][ T9962] __x64_sys_ioctl+0x73/0xb0 [ 92.433748][ T9962] do_syscall_64+0xfa/0x790 [ 92.433758][ T9962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 92.433764][ T9962] RIP: 0033:0x440309 [ 92.433773][ T9962] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 92.433777][ T9962] RSP: 002b:00007ffdefd05f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.433784][ T9962] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 92.433788][ T9962] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 92.433792][ T9962] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 92.433796][ T9962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 92.433800][ T9962] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 92.435452][ T9962] Kernel Offset: disabled [ 93.476581][ T9962] Rebooting in 86400 seconds..