[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.147515][ T28] audit: type=1400 audit(1599621987.702:8): avc: denied { execmem } for pid=6844 comm="syz-executor785" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 69.255595][ T6844] ================================================================== [ 69.255643][ T6844] BUG: KASAN: global-out-of-bounds in fbcon_resize+0x781/0x810 [ 69.255660][ T6844] Read of size 4 at addr ffffffff8896c2d8 by task syz-executor785/6844 [ 69.255662][ T6844] [ 69.255673][ T6844] CPU: 1 PID: 6844 Comm: syz-executor785 Not tainted 5.9.0-rc4-syzkaller #0 [ 69.255678][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.255682][ T6844] Call Trace: [ 69.255694][ T6844] dump_stack+0x198/0x1fd [ 69.255705][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255712][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255726][ T6844] print_address_description.constprop.0.cold+0x5/0x497 [ 69.255736][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255747][ T6844] ? lockdep_hardirqs_off+0x96/0xd0 [ 69.255757][ T6844] ? vprintk_func+0x97/0x1a6 [ 69.255767][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255774][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255782][ T6844] kasan_report.cold+0x1f/0x37 [ 69.255792][ T6844] ? fbcon_resize+0x781/0x810 [ 69.255802][ T6844] fbcon_resize+0x781/0x810 [ 69.255814][ T6844] ? display_to_var+0x7b0/0x7b0 [ 69.255836][ T6844] ? vc_do_resize+0x2f6/0x1150 [ 69.255843][ T6844] ? __kmalloc+0x1c7/0x310 [ 69.255853][ T6844] ? display_to_var+0x7b0/0x7b0 [ 69.255863][ T6844] vc_do_resize+0x535/0x1150 [ 69.255884][ T6844] ? lock_downgrade+0x830/0x830 [ 69.255894][ T6844] ? check_preemption_disabled+0x50/0x130 [ 69.255902][ T6844] ? store_bind+0x6a0/0x6a0 [ 69.255912][ T6844] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 69.255921][ T6844] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 69.255934][ T6844] vt_ioctl+0x11d2/0x2cc0 [ 69.255945][ T6844] ? lock_release+0x1/0x8f0 [ 69.255953][ T6844] ? vt_waitactive+0x350/0x350 [ 69.255962][ T6844] ? check_preemption_disabled+0x50/0x130 [ 69.255969][ T6844] ? kfree+0x221/0x2b0 [ 69.255982][ T6844] ? tomoyo_path_number_perm+0x415/0x4d0 [ 69.255991][ T6844] ? lockdep_hardirqs_on+0x53/0x100 [ 69.256003][ T6844] ? tomoyo_path_number_perm+0x244/0x4d0 [ 69.256015][ T6844] ? tomoyo_execute_permission+0x470/0x470 [ 69.256025][ T6844] ? do_raw_spin_unlock+0x171/0x230 [ 69.256036][ T6844] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 69.256047][ T6844] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 69.256054][ T6844] ? vt_waitactive+0x350/0x350 [ 69.256066][ T6844] tty_ioctl+0x1019/0x15f0 [ 69.256077][ T6844] ? tty_fasync+0x390/0x390 [ 69.256085][ T6844] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 69.256097][ T6844] ? do_vfs_ioctl+0x27d/0x1090 [ 69.256107][ T6844] ? generic_block_fiemap+0x60/0x60 [ 69.256118][ T6844] ? selinux_inode_getsecctx+0x90/0x90 [ 69.256127][ T6844] ? build_open_flags+0x650/0x650 [ 69.256150][ T6844] ? bpf_lsm_file_ioctl+0x5/0x10 [ 69.256158][ T6844] ? tty_fasync+0x390/0x390 [ 69.256169][ T6844] __x64_sys_ioctl+0x193/0x200 [ 69.256181][ T6844] do_syscall_64+0x2d/0x70 [ 69.256190][ T6844] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.256198][ T6844] RIP: 0033:0x4402a9 [ 69.256209][ T6844] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.256214][ T6844] RSP: 002b:00007ffef9b99358 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.256224][ T6844] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9 [ 69.256230][ T6844] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000004 [ 69.256236][ T6844] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 69.256241][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 69.256246][ T6844] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000 [ 69.256259][ T6844] [ 69.256262][ T6844] The buggy address belongs to the variable: [ 69.256270][ T6844] font_vga_8x16+0x58/0x60 [ 69.256273][ T6844] [ 69.256275][ T6844] Memory state around the buggy address: [ 69.256283][ T6844] ffffffff8896c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.256290][ T6844] ffffffff8896c200: 00 00 00 00 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 69.256297][ T6844] >ffffffff8896c280: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 69.256301][ T6844] ^ [ 69.256308][ T6844] ffffffff8896c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.256316][ T6844] ffffffff8896c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.256319][ T6844] ================================================================== [ 69.256322][ T6844] Disabling lock debugging due to kernel taint [ 69.256326][ T6844] Kernel panic - not syncing: panic_on_warn set ... [ 69.256335][ T6844] CPU: 1 PID: 6844 Comm: syz-executor785 Tainted: G B 5.9.0-rc4-syzkaller #0 [ 69.256339][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.256341][ T6844] Call Trace: [ 69.256349][ T6844] dump_stack+0x198/0x1fd [ 69.256357][ T6844] ? fbcon_resize+0x720/0x810 [ 69.256365][ T6844] panic+0x347/0x7c0 [ 69.256373][ T6844] ? __warn_printk+0xf3/0xf3 [ 69.256383][ T6844] ? trace_hardirqs_on+0x55/0x220 [ 69.256391][ T6844] ? fbcon_resize+0x781/0x810 [ 69.256397][ T6844] ? fbcon_resize+0x781/0x810 [ 69.256404][ T6844] end_report+0x4d/0x53 [ 69.256411][ T6844] kasan_report.cold+0xd/0x37 [ 69.256419][ T6844] ? fbcon_resize+0x781/0x810 [ 69.256426][ T6844] fbcon_resize+0x781/0x810 [ 69.256435][ T6844] ? display_to_var+0x7b0/0x7b0 [ 69.256445][ T6844] ? vc_do_resize+0x2f6/0x1150 [ 69.256451][ T6844] ? __kmalloc+0x1c7/0x310 [ 69.256458][ T6844] ? display_to_var+0x7b0/0x7b0 [ 69.256465][ T6844] vc_do_resize+0x535/0x1150 [ 69.256476][ T6844] ? lock_downgrade+0x830/0x830 [ 69.256483][ T6844] ? check_preemption_disabled+0x50/0x130 [ 69.256489][ T6844] ? store_bind+0x6a0/0x6a0 [ 69.256496][ T6844] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 69.256504][ T6844] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 69.256512][ T6844] vt_ioctl+0x11d2/0x2cc0 [ 69.256519][ T6844] ? lock_release+0x1/0x8f0 [ 69.256526][ T6844] ? vt_waitactive+0x350/0x350 [ 69.256533][ T6844] ? check_preemption_disabled+0x50/0x130 [ 69.256539][ T6844] ? kfree+0x221/0x2b0 [ 69.256547][ T6844] ? tomoyo_path_number_perm+0x415/0x4d0 [ 69.256555][ T6844] ? lockdep_hardirqs_on+0x53/0x100 [ 69.256563][ T6844] ? tomoyo_path_number_perm+0x244/0x4d0 [ 69.256572][ T6844] ? tomoyo_execute_permission+0x470/0x470 [ 69.256579][ T6844] ? do_raw_spin_unlock+0x171/0x230 [ 69.256587][ T6844] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 69.256595][ T6844] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 69.256601][ T6844] ? vt_waitactive+0x350/0x350 [ 69.256609][ T6844] tty_ioctl+0x1019/0x15f0 [ 69.256619][ T6844] ? tty_fasync+0x390/0x390 [ 69.256627][ T6844] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 69.256634][ T6844] ? do_vfs_ioctl+0x27d/0x1090 [ 69.256642][ T6844] ? generic_block_fiemap+0x60/0x60 [ 69.256659][ T6844] ? selinux_inode_getsecctx+0x90/0x90 [ 69.256667][ T6844] ? build_open_flags+0x650/0x650 [ 69.256677][ T6844] ? bpf_lsm_file_ioctl+0x5/0x10 [ 69.256685][ T6844] ? tty_fasync+0x390/0x390 [ 69.256694][ T6844] __x64_sys_ioctl+0x193/0x200 [ 69.256702][ T6844] do_syscall_64+0x2d/0x70 [ 69.256710][ T6844] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.256715][ T6844] RIP: 0033:0x4402a9 [ 69.256722][ T6844] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.256726][ T6844] RSP: 002b:00007ffef9b99358 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.256734][ T6844] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9 [ 69.256738][ T6844] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000004 [ 69.256743][ T6844] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 69.256747][ T6844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 69.256752][ T6844] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000 [ 69.257908][ T6844] Kernel Offset: disabled [ 70.028343][ T6844] Rebooting in 86400 seconds..