Resetting rate control (1931793 samples) Warning: Permanently added '[localhost]:38918' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program Resetting rate control (72260 samples) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 909.763567][ T8362] ================================================================== [ 909.763567][ T8362] BUG: KASAN: global-out-of-bounds in fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] Read of size 1 at addr ffffffff8896d0e0 by task syz-executor737/8362 [ 909.763567][ T8362] [ 909.763567][ T8362] CPU: 3 PID: 8362 Comm: syz-executor737 Not tainted 5.9.0-rc2-syzkaller #0 [ 909.763567][ T8362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 909.763567][ T8362] Call Trace: [ 909.763567][ T8362] dump_stack+0x18f/0x20d [ 909.763567][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] print_address_description.constprop.0.cold+0x5/0x497 [ 909.763567][ T8362] ? mark_lock+0xbc/0x1710 [ 909.763567][ T8362] ? vprintk_func+0x97/0x1a6 [ 909.763567][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] kasan_report.cold+0x1f/0x37 [ 909.763567][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] fb_pad_aligned_buffer+0x122/0x150 [ 909.763567][ T8362] bit_putcs+0x9eb/0xd20 [ 909.763567][ T8362] ? bit_cursor+0x17d0/0x17d0 [ 909.763567][ T8362] ? fb_get_color_depth+0x11a/0x240 [ 909.763567][ T8362] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 909.763567][ T8362] ? bit_cursor+0x17d0/0x17d0 [ 909.763567][ T8362] fbcon_putcs+0x33c/0x3f0 [ 909.763567][ T8362] do_update_region+0x399/0x630 [ 909.763567][ T8362] ? con_get_trans_old+0x280/0x280 [ 909.763567][ T8362] ? fb_get_color_depth+0x11a/0x240 [ 909.763567][ T8362] ? fbcon_set_palette+0x3a8/0x490 [ 909.763567][ T8362] ? var_to_display+0x7f0/0x7f0 [ 909.763567][ T8362] redraw_screen+0x64e/0x770 [ 909.763567][ T8362] ? lock_acquire+0x1f1/0xad0 [ 909.763567][ T8362] ? vc_init+0x430/0x430 [ 909.763567][ T8362] fbcon_do_set_font+0x7ec/0x950 [ 909.763567][ T8362] fbcon_copy_font+0x125/0x190 [ 909.763567][ T8362] ? fbcon_do_set_font+0x950/0x950 [ 909.763567][ T8362] con_font_op+0x65a/0x1110 [ 909.763567][ T8362] ? lock_downgrade+0x830/0x830 [ 909.763567][ T8362] ? con_write+0xb0/0xb0 [ 909.763567][ T8362] ? __might_fault+0x190/0x1d0 [ 909.763567][ T8362] vt_compat_ioctl+0x3fd/0x6b0 [ 909.763567][ T8362] ? vc_SAK+0x340/0x340 [ 909.763567][ T8362] ? __fget_files+0x294/0x400 [ 909.763567][ T8362] ? vc_SAK+0x340/0x340 [ 909.763567][ T8362] tty_compat_ioctl+0x19c/0x410 [ 909.763567][ T8362] ? tty_ioctl+0x15f0/0x15f0 [ 909.763567][ T8362] __do_compat_sys_ioctl+0x1d3/0x230 [ 909.763567][ T8362] __do_fast_syscall_32+0x57/0x80 [ 909.763567][ T8362] do_fast_syscall_32+0x2f/0x70 [ 909.763567][ T8362] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 909.763567][ T8362] RIP: 0023:0xf7f60549 [ 909.763567][ T8362] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 909.763567][ T8362] RSP: 002b:00000000f7f3a1dc EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 909.763567][ T8362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72 [ 909.763567][ T8362] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 00000000080fd01c [ 909.763567][ T8362] RBP: 0000000000000068 R08: 0000000000000000 R09: 0000000000000000 [ 909.763567][ T8362] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 909.763567][ T8362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.763567][ T8362] [ 909.763567][ T8362] The buggy address belongs to the variable: [ 909.763567][ T8362] fontdata_8x16+0x1000/0x1120 [ 909.763567][ T8362] [ 909.763567][ T8362] Memory state around the buggy address: [ 909.763567][ T8362] ffffffff8896cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 909.763567][ T8362] ffffffff8896d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 909.763567][ T8362] >ffffffff8896d080: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 [ 909.763567][ T8362] ^ [ 909.763567][ T8362] ffffffff8896d100: 06 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 [ 909.763567][ T8362] ffffffff8896d180: 06 f9 f9 f9 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 [ 909.763567][ T8362] ================================================================== [ 909.763567][ T8362] Disabling lock debugging due to kernel taint [ 909.858059][ T8362] Kernel panic - not syncing: panic_on_warn set ... [ 909.861338][ T8362] CPU: 3 PID: 8362 Comm: syz-executor737 Tainted: G B 5.9.0-rc2-syzkaller #0 [ 909.861348][ T8362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 909.861490][ T8362] Call Trace: [ 909.862258][ T8362] dump_stack+0x18f/0x20d [ 909.862724][ T8362] ? fb_pad_aligned_buffer+0x80/0x150 [ 909.863473][ T8362] panic+0x2e3/0x75c [ 909.863473][ T8362] ? __warn_printk+0xf3/0xf3 [ 909.863473][ T8362] ? preempt_schedule_common+0x59/0xc0 [ 909.863473][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.863473][ T8362] ? preempt_schedule_thunk+0x16/0x18 [ 909.863473][ T8362] ? trace_hardirqs_on+0x55/0x220 [ 909.863473][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.863473][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.863473][ T8362] end_report+0x4d/0x53 [ 909.863473][ T8362] kasan_report.cold+0xd/0x37 [ 909.863473][ T8362] ? fb_pad_aligned_buffer+0x122/0x150 [ 909.863473][ T8362] fb_pad_aligned_buffer+0x122/0x150 [ 909.863473][ T8362] bit_putcs+0x9eb/0xd20 [ 909.863473][ T8362] ? bit_cursor+0x17d0/0x17d0 [ 909.863473][ T8362] ? fb_get_color_depth+0x11a/0x240 [ 909.863473][ T8362] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 909.863473][ T8362] ? bit_cursor+0x17d0/0x17d0 [ 909.863473][ T8362] fbcon_putcs+0x33c/0x3f0 [ 909.863473][ T8362] do_update_region+0x399/0x630 [ 909.863473][ T8362] ? con_get_trans_old+0x280/0x280 [ 909.863473][ T8362] ? fb_get_color_depth+0x11a/0x240 [ 909.863473][ T8362] ? fbcon_set_palette+0x3a8/0x490 [ 909.863473][ T8362] ? var_to_display+0x7f0/0x7f0 [ 909.863473][ T8362] redraw_screen+0x64e/0x770 [ 909.863473][ T8362] ? lock_acquire+0x1f1/0xad0 [ 909.863473][ T8362] ? vc_init+0x430/0x430 [ 909.863473][ T8362] fbcon_do_set_font+0x7ec/0x950 [ 909.863473][ T8362] fbcon_copy_font+0x125/0x190 [ 909.863473][ T8362] ? fbcon_do_set_font+0x950/0x950 [ 909.863473][ T8362] con_font_op+0x65a/0x1110 [ 909.863473][ T8362] ? lock_downgrade+0x830/0x830 [ 909.863473][ T8362] ? con_write+0xb0/0xb0 [ 909.863473][ T8362] ? __might_fault+0x190/0x1d0 [ 909.863473][ T8362] vt_compat_ioctl+0x3fd/0x6b0 [ 909.863473][ T8362] ? vc_SAK+0x340/0x340 [ 909.863473][ T8362] ? __fget_files+0x294/0x400 [ 909.863473][ T8362] ? vc_SAK+0x340/0x340 [ 909.863473][ T8362] tty_compat_ioctl+0x19c/0x410 [ 909.863473][ T8362] ? tty_ioctl+0x15f0/0x15f0 [ 909.863473][ T8362] __do_compat_sys_ioctl+0x1d3/0x230 [ 909.863473][ T8362] __do_fast_syscall_32+0x57/0x80 [ 909.863473][ T8362] do_fast_syscall_32+0x2f/0x70 [ 909.863473][ T8362] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 909.863473][ T8362] RIP: 0023:0xf7f60549 [ 909.863473][ T8362] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 909.863473][ T8362] RSP: 002b:00000000f7f3a1dc EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 909.863473][ T8362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72 [ 909.863473][ T8362] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 00000000080fd01c [ 909.863473][ T8362] RBP: 0000000000000068 R08: 0000000000000000 R09: 0000000000000000 [ 909.863473][ T8362] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 909.863473][ T8362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 909.863473][ T8362] Kernel Offset: disabled