[ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.032690][ T6868] ================================================================== [ 56.032728][ T6868] BUG: KASAN: global-out-of-bounds in fbcon_resize+0x781/0x810 [ 56.032735][ T6868] Read of size 4 at addr ffffffff8896d418 by task syz-executor732/6868 [ 56.032738][ T6868] [ 56.032748][ T6868] CPU: 0 PID: 6868 Comm: syz-executor732 Not tainted 5.9.0-rc1-next-20200819-syzkaller #0 [ 56.032753][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.032756][ T6868] Call Trace: [ 56.032768][ T6868] dump_stack+0x18f/0x20d [ 56.032777][ T6868] ? fbcon_resize+0x781/0x810 [ 56.032784][ T6868] ? fbcon_resize+0x781/0x810 [ 56.032795][ T6868] print_address_description.constprop.0.cold+0x5/0x497 [ 56.032805][ T6868] ? do_syscall_64+0x2d/0x70 [ 56.032815][ T6868] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.032825][ T6868] ? vprintk_func+0x97/0x1a6 [ 56.032834][ T6868] ? fbcon_resize+0x781/0x810 [ 56.032841][ T6868] ? fbcon_resize+0x781/0x810 [ 56.032849][ T6868] kasan_report.cold+0x1f/0x37 [ 56.032858][ T6868] ? fbcon_resize+0x781/0x810 [ 56.032867][ T6868] fbcon_resize+0x781/0x810 [ 56.032878][ T6868] ? lock_downgrade+0x830/0x830 [ 56.032887][ T6868] ? display_to_var+0x7b0/0x7b0 [ 56.032894][ T6868] ? mark_lock+0xbc/0x1710 [ 56.032911][ T6868] ? vc_do_resize+0x2f6/0x1150 [ 56.032917][ T6868] ? __kmalloc+0x1bf/0x320 [ 56.032926][ T6868] ? display_to_var+0x7b0/0x7b0 [ 56.032935][ T6868] vc_do_resize+0x535/0x1150 [ 56.032945][ T6868] ? lock_acquire+0x1f1/0xad0 [ 56.032956][ T6868] ? lock_release+0x8e0/0x8e0 [ 56.032964][ T6868] ? lock_downgrade+0x830/0x830 [ 56.032971][ T6868] ? rwlock_bug.part.0+0x90/0x90 [ 56.032979][ T6868] ? store_bind+0x6a0/0x6a0 [ 56.032987][ T6868] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.032995][ T6868] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 56.033005][ T6868] ? trace_hardirqs_on+0x5f/0x220 [ 56.033016][ T6868] vt_ioctl+0x11d2/0x2cc0 [ 56.033025][ T6868] ? lock_downgrade+0x7b1/0x830 [ 56.033041][ T6868] ? vt_waitactive+0x350/0x350 [ 56.033051][ T6868] ? trace_hardirqs_on+0x5f/0x220 [ 56.033058][ T6868] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.033071][ T6868] ? tomoyo_path_number_perm+0x244/0x4d0 [ 56.033081][ T6868] ? tomoyo_execute_permission+0x470/0x470 [ 56.033087][ T6868] ? lockdep_hardirqs_off+0x89/0xc0 [ 56.033098][ T6868] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.033108][ T6868] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 56.033116][ T6868] ? vt_waitactive+0x350/0x350 [ 56.033124][ T6868] tty_ioctl+0x1019/0x15f0 [ 56.033132][ T6868] ? tty_fasync+0x390/0x390 [ 56.033141][ T6868] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.033150][ T6868] ? do_vfs_ioctl+0x27d/0x1090 [ 56.033159][ T6868] ? generic_block_fiemap+0x60/0x60 [ 56.033169][ T6868] ? build_open_flags+0x650/0x650 [ 56.033187][ T6868] ? bpf_lsm_file_ioctl+0x5/0x10 [ 56.033194][ T6868] ? tty_fasync+0x390/0x390 [ 56.033203][ T6868] __x64_sys_ioctl+0x193/0x200 [ 56.033213][ T6868] do_syscall_64+0x2d/0x70 [ 56.033221][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.033228][ T6868] RIP: 0033:0x440329 [ 56.033238][ T6868] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.033243][ T6868] RSP: 002b:00007ffc8ff997d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.033253][ T6868] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440329 [ 56.033258][ T6868] RDX: 0000000020000040 RSI: 0000000000005609 RDI: 0000000000000004 [ 56.033263][ T6868] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 56.033269][ T6868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.033274][ T6868] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.033284][ T6868] [ 56.033287][ T6868] The buggy address belongs to the variable: [ 56.033295][ T6868] font_vga_8x16+0x58/0x60 [ 56.033297][ T6868] [ 56.033300][ T6868] Memory state around the buggy address: [ 56.033307][ T6868] ffffffff8896d300: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 [ 56.033314][ T6868] ffffffff8896d380: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 [ 56.033320][ T6868] >ffffffff8896d400: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.033323][ T6868] ^ [ 56.033329][ T6868] ffffffff8896d480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.033335][ T6868] ffffffff8896d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.033338][ T6868] ================================================================== [ 56.033341][ T6868] Disabling lock debugging due to kernel taint [ 56.033345][ T6868] Kernel panic - not syncing: panic_on_warn set ... [ 56.033353][ T6868] CPU: 0 PID: 6868 Comm: syz-executor732 Tainted: G B 5.9.0-rc1-next-20200819-syzkaller #0 [ 56.033357][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.033359][ T6868] Call Trace: [ 56.033367][ T6868] dump_stack+0x18f/0x20d [ 56.033375][ T6868] ? fbcon_resize+0x700/0x810 [ 56.033383][ T6868] panic+0x2e3/0x75c [ 56.033391][ T6868] ? __warn_printk+0xf3/0xf3 [ 56.033400][ T6868] ? trace_hardirqs_on+0x55/0x220 [ 56.033407][ T6868] ? fbcon_resize+0x781/0x810 [ 56.033414][ T6868] ? fbcon_resize+0x781/0x810 [ 56.033421][ T6868] end_report+0x4d/0x53 [ 56.033428][ T6868] kasan_report.cold+0xd/0x37 [ 56.033435][ T6868] ? fbcon_resize+0x781/0x810 [ 56.033442][ T6868] fbcon_resize+0x781/0x810 [ 56.033450][ T6868] ? lock_downgrade+0x830/0x830 [ 56.033458][ T6868] ? display_to_var+0x7b0/0x7b0 [ 56.033464][ T6868] ? mark_lock+0xbc/0x1710 [ 56.033474][ T6868] ? vc_do_resize+0x2f6/0x1150 [ 56.033480][ T6868] ? __kmalloc+0x1bf/0x320 [ 56.033487][ T6868] ? display_to_var+0x7b0/0x7b0 [ 56.033494][ T6868] vc_do_resize+0x535/0x1150 [ 56.033502][ T6868] ? lock_acquire+0x1f1/0xad0 [ 56.033511][ T6868] ? lock_release+0x8e0/0x8e0 [ 56.033518][ T6868] ? lock_downgrade+0x830/0x830 [ 56.033524][ T6868] ? rwlock_bug.part.0+0x90/0x90 [ 56.033530][ T6868] ? store_bind+0x6a0/0x6a0 [ 56.033538][ T6868] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.033545][ T6868] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 56.033552][ T6868] ? trace_hardirqs_on+0x5f/0x220 [ 56.033560][ T6868] vt_ioctl+0x11d2/0x2cc0 [ 56.033568][ T6868] ? lock_downgrade+0x7b1/0x830 [ 56.033574][ T6868] ? vt_waitactive+0x350/0x350 [ 56.033582][ T6868] ? trace_hardirqs_on+0x5f/0x220 [ 56.033588][ T6868] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.033597][ T6868] ? tomoyo_path_number_perm+0x244/0x4d0 [ 56.033605][ T6868] ? tomoyo_execute_permission+0x470/0x470 [ 56.033611][ T6868] ? lockdep_hardirqs_off+0x89/0xc0 [ 56.033619][ T6868] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.033627][ T6868] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 56.033633][ T6868] ? vt_waitactive+0x350/0x350 [ 56.033640][ T6868] tty_ioctl+0x1019/0x15f0 [ 56.033646][ T6868] ? tty_fasync+0x390/0x390 [ 56.033653][ T6868] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.033661][ T6868] ? do_vfs_ioctl+0x27d/0x1090 [ 56.033668][ T6868] ? generic_block_fiemap+0x60/0x60 [ 56.033676][ T6868] ? build_open_flags+0x650/0x650 [ 56.033686][ T6868] ? bpf_lsm_file_ioctl+0x5/0x10 [ 56.033692][ T6868] ? tty_fasync+0x390/0x390 [ 56.033700][ T6868] __x64_sys_ioctl+0x193/0x200 [ 56.033707][ T6868] do_syscall_64+0x2d/0x70 [ 56.033715][ T6868] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.033720][ T6868] RIP: 0033:0x440329 [ 56.033726][ T6868] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.033730][ T6868] RSP: 002b:00007ffc8ff997d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.033738][ T6868] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440329 [ 56.033743][ T6868] RDX: 0000000020000040 RSI: 0000000000005609 RDI: 0000000000000004 [ 56.033747][ T6868] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 56.033752][ T6868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.033756][ T6868] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.034783][ T6868] Kernel Offset: disabled [ 56.822325][ T6868] Rebooting in 86400 seconds..