Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program executing program [ 77.474939][ T7071] ================================================================== [ 77.474979][ T7071] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x28d/0x5b0 [ 77.474987][ T7071] Read of size 31 at addr ffffffff8875487c by task syz-executor161/7071 [ 77.474990][ T7071] [ 77.475000][ T7071] CPU: 0 PID: 7071 Comm: syz-executor161 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 77.475006][ T7071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.475009][ T7071] Call Trace: [ 77.475021][ T7071] dump_stack+0x188/0x20d [ 77.475036][ T7071] print_address_description.constprop.0.cold+0x5/0x315 [ 77.475044][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475053][ T7071] __kasan_report.cold+0x35/0x4d [ 77.475062][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475071][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475078][ T7071] kasan_report+0x33/0x50 [ 77.475089][ T7071] check_memory_region+0x141/0x190 [ 77.475098][ T7071] memcpy+0x20/0x60 [ 77.475106][ T7071] fbcon_get_font+0x28d/0x5b0 [ 77.475116][ T7071] ? display_to_var+0x7b0/0x7b0 [ 77.475126][ T7071] con_font_op+0x1f7/0x1160 [ 77.475137][ T7071] ? lock_downgrade+0x840/0x840 [ 77.475145][ T7071] ? con_write+0xe0/0xe0 [ 77.475161][ T7071] ? __might_fault+0x190/0x1d0 [ 77.475174][ T7071] vt_ioctl+0x1d31/0x26b0 [ 77.475183][ T7071] ? tomoyo_open_control+0xa00/0xa40 [ 77.475192][ T7071] ? lockdep_hardirqs_on+0x463/0x620 [ 77.475201][ T7071] ? complete_change_console+0x3a0/0x3a0 [ 77.475212][ T7071] ? tomoyo_path_number_perm+0x238/0x4d0 [ 77.475226][ T7071] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 77.475237][ T7071] ? complete_change_console+0x3a0/0x3a0 [ 77.475252][ T7071] tty_ioctl+0xedc/0x1440 [ 77.475269][ T7071] ? tty_vhangup+0x30/0x30 [ 77.475294][ T7071] ? do_vfs_ioctl+0x50c/0x12d0 [ 77.475314][ T7071] ? ioctl_file_clone+0x180/0x180 [ 77.475340][ T7071] ? up_read+0x1a8/0x750 [ 77.475355][ T7071] ? down_read_nested+0x430/0x430 [ 77.475367][ T7071] ? tty_vhangup+0x30/0x30 [ 77.475376][ T7071] ksys_ioctl+0x11a/0x180 [ 77.475387][ T7071] __x64_sys_ioctl+0x6f/0xb0 [ 77.475396][ T7071] ? lockdep_hardirqs_on+0x463/0x620 [ 77.475406][ T7071] do_syscall_64+0xf6/0x7d0 [ 77.475419][ T7071] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 77.475426][ T7071] RIP: 0033:0x441289 [ 77.475435][ T7071] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.475439][ T7071] RSP: 002b:00007ffd94bc1948 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.475448][ T7071] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441289 [ 77.475453][ T7071] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 77.475458][ T7071] RBP: 0000000000012e6c R08: 000000000000000d R09: 00000000004002c8 [ 77.475463][ T7071] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020b0 [ 77.475468][ T7071] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 77.475480][ T7071] [ 77.475483][ T7071] The buggy address belongs to the variable: [ 77.475492][ T7071] fontdata_8x16+0xffc/0x1120 [ 77.475494][ T7071] [ 77.475497][ T7071] Memory state around the buggy address: [ 77.475505][ T7071] ffffffff88754780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.475511][ T7071] ffffffff88754800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.475518][ T7071] >ffffffff88754880: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 77.475521][ T7071] ^ [ 77.475528][ T7071] ffffffff88754900: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa [ 77.475534][ T7071] ffffffff88754980: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.475537][ T7071] ================================================================== [ 77.475541][ T7071] Disabling lock debugging due to kernel taint [ 77.475545][ T7071] Kernel panic - not syncing: panic_on_warn set ... [ 77.475554][ T7071] CPU: 0 PID: 7071 Comm: syz-executor161 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 77.475558][ T7071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.475560][ T7071] Call Trace: [ 77.475568][ T7071] dump_stack+0x188/0x20d [ 77.475578][ T7071] panic+0x2e3/0x75c [ 77.475586][ T7071] ? add_taint.cold+0x16/0x16 [ 77.475596][ T7071] ? print_shadow_for_address+0xb8/0x114 [ 77.475603][ T7071] ? trace_hardirqs_on+0x55/0x220 [ 77.475610][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475618][ T7071] end_report+0x4d/0x53 [ 77.475625][ T7071] __kasan_report.cold+0xd/0x4d [ 77.475633][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475640][ T7071] ? fbcon_get_font+0x28d/0x5b0 [ 77.475646][ T7071] kasan_report+0x33/0x50 [ 77.475655][ T7071] check_memory_region+0x141/0x190 [ 77.475662][ T7071] memcpy+0x20/0x60 [ 77.475669][ T7071] fbcon_get_font+0x28d/0x5b0 [ 77.475676][ T7071] ? display_to_var+0x7b0/0x7b0 [ 77.475684][ T7071] con_font_op+0x1f7/0x1160 [ 77.475692][ T7071] ? lock_downgrade+0x840/0x840 [ 77.475699][ T7071] ? con_write+0xe0/0xe0 [ 77.475709][ T7071] ? __might_fault+0x190/0x1d0 [ 77.475718][ T7071] vt_ioctl+0x1d31/0x26b0 [ 77.475725][ T7071] ? tomoyo_open_control+0xa00/0xa40 [ 77.475733][ T7071] ? lockdep_hardirqs_on+0x463/0x620 [ 77.475741][ T7071] ? complete_change_console+0x3a0/0x3a0 [ 77.475749][ T7071] ? tomoyo_path_number_perm+0x238/0x4d0 [ 77.475759][ T7071] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 77.475768][ T7071] ? complete_change_console+0x3a0/0x3a0 [ 77.475775][ T7071] tty_ioctl+0xedc/0x1440 [ 77.475783][ T7071] ? tty_vhangup+0x30/0x30 [ 77.475791][ T7071] ? do_vfs_ioctl+0x50c/0x12d0 [ 77.475799][ T7071] ? ioctl_file_clone+0x180/0x180 [ 77.475809][ T7071] ? up_read+0x1a8/0x750 [ 77.475816][ T7071] ? down_read_nested+0x430/0x430 [ 77.475825][ T7071] ? tty_vhangup+0x30/0x30 [ 77.475833][ T7071] ksys_ioctl+0x11a/0x180 [ 77.475841][ T7071] __x64_sys_ioctl+0x6f/0xb0 [ 77.475848][ T7071] ? lockdep_hardirqs_on+0x463/0x620 [ 77.475856][ T7071] do_syscall_64+0xf6/0x7d0 [ 77.475865][ T7071] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 77.475870][ T7071] RIP: 0033:0x441289 [ 77.475877][ T7071] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.475880][ T7071] RSP: 002b:00007ffd94bc1948 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.475887][ T7071] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441289 [ 77.475892][ T7071] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 77.475896][ T7071] RBP: 0000000000012e6c R08: 000000000000000d R09: 00000000004002c8 [ 77.475900][ T7071] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020b0 [ 77.475904][ T7071] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 77.477462][ T7071] Kernel Offset: disabled [ 78.137245][ T7071] Rebooting in 86400 seconds..