Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.433091][ T9386] ================================================================== [ 81.441414][ T9386] BUG: KASAN: global-out-of-bounds in precalculate_color+0x2154/0x2480 [ 81.449666][ T9386] Read of size 1 at addr ffffffff88b44439 by task vivid-000-vid-c/9386 [ 81.457894][ T9386] [ 81.460214][ T9386] CPU: 0 PID: 9386 Comm: vivid-000-vid-c Not tainted 5.5.0-rc2-next-20191220-syzkaller #0 [ 81.474958][ T9386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.485010][ T9386] Call Trace: [ 81.488305][ T9386] dump_stack+0x197/0x210 [ 81.492708][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.498087][ T9386] print_address_description.constprop.0.cold+0x5/0x30b [ 81.505203][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.510674][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.516048][ T9386] __kasan_report.cold+0x1b/0x41 [ 81.521324][ T9386] ? color_to_ycbcr.isra.0+0x360/0x660 [ 81.526766][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.532124][ T9386] kasan_report+0x12/0x20 [ 81.536437][ T9386] __asan_report_load1_noabort+0x14/0x20 [ 81.543022][ T9386] precalculate_color+0x2154/0x2480 [ 81.548232][ T9386] ? color_to_ycbcr.isra.0+0x660/0x660 [ 81.553687][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.558712][ T9386] tpg_recalc+0x561/0x2850 [ 81.563129][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.568154][ T9386] ? mark_lock+0xc2/0x1220 [ 81.572552][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.577642][ T9386] ? __lock_acquire+0x16f2/0x4a00 [ 81.582642][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.587645][ T9386] ? tpg_get_color.isra.0+0x300/0x300 [ 81.593031][ T9386] ? mark_lock+0xc2/0x1220 [ 81.597437][ T9386] ? __free_object+0x5d4/0x1180 [ 81.602285][ T9386] ? vb2_vmalloc_vaddr+0x37/0x50 [ 81.607210][ T9386] tpg_calc_text_basep+0xa1/0x290 [ 81.612748][ T9386] vivid_fillbuff+0x1a5f/0x3af0 [ 81.617677][ T9386] ? rwlock_bug.part.0+0x90/0x90 [ 81.622608][ T9386] ? vivid_grab_controls+0x380/0x380 [ 81.627870][ T9386] ? find_held_lock+0x35/0x130 [ 81.632638][ T9386] ? vivid_thread_vid_cap_tick+0x112f/0x2210 [ 81.638613][ T9386] ? lock_downgrade+0x920/0x920 [ 81.643444][ T9386] ? rwlock_bug.part.0+0x90/0x90 [ 81.648444][ T9386] ? v4l2_ctrl_request_setup+0x46c/0xb30 [ 81.654095][ T9386] vivid_thread_vid_cap_tick+0x8cf/0x2210 [ 81.659803][ T9386] ? vivid_thread_vid_cap_tick+0x8cf/0x2210 [ 81.665691][ T9386] ? usleep_range+0x170/0x170 [ 81.670358][ T9386] ? lock_acquire+0x190/0x410 [ 81.675031][ T9386] vivid_thread_vid_cap+0x5d8/0xa60 [ 81.680222][ T9386] kthread+0x361/0x430 [ 81.684272][ T9386] ? vivid_thread_vid_cap_tick+0x2210/0x2210 [ 81.690329][ T9386] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 81.696473][ T9386] ret_from_fork+0x24/0x30 [ 81.700871][ T9386] [ 81.703176][ T9386] The buggy address belongs to the variable: [ 81.709135][ T9386] kbd_keycodes+0x159/0x760 [ 81.713636][ T9386] [ 81.715942][ T9386] Memory state around the buggy address: [ 81.721550][ T9386] ffffffff88b44300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.729629][ T9386] ffffffff88b44380: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa [ 81.737779][ T9386] >ffffffff88b44400: 00 00 00 00 07 fa fa fa fa fa fa fa 00 00 00 00 [ 81.745828][ T9386] ^ [ 81.751879][ T9386] ffffffff88b44480: 00 fa fa fa fa fa fa fa 02 fa fa fa fa fa fa fa [ 81.760291][ T9386] ffffffff88b44500: 04 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa [ 81.768336][ T9386] ================================================================== [ 81.776457][ T9386] Disabling lock debugging due to kernel taint [ 81.783739][ T9386] Kernel panic - not syncing: panic_on_warn set ... [ 81.790353][ T9386] CPU: 0 PID: 9386 Comm: vivid-000-vid-c Tainted: G B 5.5.0-rc2-next-20191220-syzkaller #0 [ 81.801621][ T9386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.811662][ T9386] Call Trace: [ 81.814934][ T9386] dump_stack+0x197/0x210 [ 81.819245][ T9386] panic+0x2e3/0x75c [ 81.823133][ T9386] ? add_taint.cold+0x16/0x16 [ 81.827975][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.833341][ T9386] ? preempt_schedule+0x4b/0x60 [ 81.838204][ T9386] ? ___preempt_schedule+0x16/0x18 [ 81.843314][ T9386] ? trace_hardirqs_on+0x5e/0x240 [ 81.848334][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.853685][ T9386] end_report+0x47/0x4f [ 81.857834][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.863271][ T9386] __kasan_report.cold+0xe/0x41 [ 81.868172][ T9386] ? color_to_ycbcr.isra.0+0x360/0x660 [ 81.873619][ T9386] ? precalculate_color+0x2154/0x2480 [ 81.878998][ T9386] kasan_report+0x12/0x20 [ 81.883382][ T9386] __asan_report_load1_noabort+0x14/0x20 [ 81.888998][ T9386] precalculate_color+0x2154/0x2480 [ 81.894180][ T9386] ? color_to_ycbcr.isra.0+0x660/0x660 [ 81.899617][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.904620][ T9386] tpg_recalc+0x561/0x2850 [ 81.909020][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.914022][ T9386] ? mark_lock+0xc2/0x1220 [ 81.918547][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.923574][ T9386] ? __lock_acquire+0x16f2/0x4a00 [ 81.928580][ T9386] ? __kasan_check_read+0x11/0x20 [ 81.933700][ T9386] ? tpg_get_color.isra.0+0x300/0x300 [ 81.939199][ T9386] ? mark_lock+0xc2/0x1220 [ 81.943604][ T9386] ? __free_object+0x5d4/0x1180 [ 81.948436][ T9386] ? vb2_vmalloc_vaddr+0x37/0x50 [ 81.953354][ T9386] tpg_calc_text_basep+0xa1/0x290 [ 81.958375][ T9386] vivid_fillbuff+0x1a5f/0x3af0 [ 81.963220][ T9386] ? rwlock_bug.part.0+0x90/0x90 [ 81.968144][ T9386] ? vivid_grab_controls+0x380/0x380 [ 81.973408][ T9386] ? find_held_lock+0x35/0x130 [ 81.978149][ T9386] ? vivid_thread_vid_cap_tick+0x112f/0x2210 [ 81.984124][ T9386] ? lock_downgrade+0x920/0x920 [ 81.988950][ T9386] ? rwlock_bug.part.0+0x90/0x90 [ 81.993864][ T9386] ? v4l2_ctrl_request_setup+0x46c/0xb30 [ 81.999491][ T9386] vivid_thread_vid_cap_tick+0x8cf/0x2210 [ 82.005206][ T9386] ? vivid_thread_vid_cap_tick+0x8cf/0x2210 [ 82.011090][ T9386] ? usleep_range+0x170/0x170 [ 82.015758][ T9386] ? lock_acquire+0x190/0x410 [ 82.020419][ T9386] vivid_thread_vid_cap+0x5d8/0xa60 [ 82.025599][ T9386] kthread+0x361/0x430 [ 82.029646][ T9386] ? vivid_thread_vid_cap_tick+0x2210/0x2210 [ 82.035613][ T9386] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 82.041326][ T9386] ret_from_fork+0x24/0x30 [ 82.047407][ T9386] Kernel Offset: disabled [ 82.051761][ T9386] Rebooting in 86400 seconds..