Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.398053][ T6875] ================================================================== [ 44.398086][ T6875] BUG: KASAN: slab-out-of-bounds in bit_putcs+0x132a/0x1bf0 [ 44.398092][ T6875] Read of size 1 at addr ffff8880a81ce230 by task syz-executor983/6875 [ 44.398094][ T6875] [ 44.398117][ T6875] CPU: 1 PID: 6875 Comm: syz-executor983 Not tainted 5.8.0-rc4-syzkaller #0 [ 44.398120][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.398123][ T6875] Call Trace: [ 44.398132][ T6875] dump_stack+0x1f0/0x31e [ 44.398143][ T6875] print_address_description+0x66/0x5a0 [ 44.398151][ T6875] ? printk+0x62/0x83 [ 44.398157][ T6875] ? vprintk_emit+0x339/0x3c0 [ 44.398165][ T6875] kasan_report+0x132/0x1d0 [ 44.398171][ T6875] ? bit_putcs+0x132a/0x1bf0 [ 44.398178][ T6875] bit_putcs+0x132a/0x1bf0 [ 44.398198][ T6875] ? bit_clear+0x540/0x540 [ 44.398205][ T6875] fbcon_putcs+0x790/0xaf0 [ 44.398212][ T6875] ? bit_clear+0x540/0x540 [ 44.398221][ T6875] do_update_region+0x462/0x620 [ 44.398231][ T6875] redraw_screen+0xc30/0x16f0 [ 44.398241][ T6875] vc_do_resize+0x1541/0x1ce0 [ 44.398257][ T6875] vt_ioctl+0x3185/0x3ec0 [ 44.398267][ T6875] ? lockdep_hardirqs_off+0x2f/0xa0 [ 44.398273][ T6875] ? _raw_spin_unlock_irqrestore+0x68/0xd0 [ 44.398279][ T6875] ? trace_hardirqs_off+0x2d/0x70 [ 44.398302][ T6875] ? trace_lock_release+0x137/0x1a0 [ 44.398313][ T6875] ? rcu_lock_release+0x5/0x20 [ 44.398321][ T6875] ? tomoyo_path_number_perm+0x58f/0x690 [ 44.398335][ T6875] ? tty_jobctrl_ioctl+0x1e8/0xbd0 [ 44.398344][ T6875] tty_ioctl+0xee4/0x15c0 [ 44.398353][ T6875] ? do_vfs_ioctl+0x6bc/0x16d0 [ 44.398364][ T6875] ? tty_do_resize+0x180/0x180 [ 44.398368][ T6875] __se_sys_ioctl+0xf9/0x160 [ 44.398375][ T6875] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.398381][ T6875] do_syscall_64+0x73/0xe0 [ 44.398388][ T6875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.398394][ T6875] RIP: 0033:0x4403a9 [ 44.398396][ T6875] Code: Bad RIP value. [ 44.398400][ T6875] RSP: 002b:00007fff9bff6948 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.398406][ T6875] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 44.398410][ T6875] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 44.398413][ T6875] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 44.398416][ T6875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 44.398420][ T6875] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 44.398428][ T6875] [ 44.398431][ T6875] Allocated by task 6875: [ 44.398438][ T6875] __kasan_kmalloc+0x103/0x140 [ 44.398443][ T6875] __kmalloc+0x24b/0x330 [ 44.398447][ T6875] fbcon_set_font+0x2c4/0x970 [ 44.398452][ T6875] con_font_op+0xebc/0x1630 [ 44.398456][ T6875] vt_ioctl+0x179d/0x3ec0 [ 44.398461][ T6875] tty_ioctl+0xee4/0x15c0 [ 44.398472][ T6875] __se_sys_ioctl+0xf9/0x160 [ 44.398477][ T6875] do_syscall_64+0x73/0xe0 [ 44.398483][ T6875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.398485][ T6875] [ 44.398487][ T6875] Freed by task 6840: [ 44.398493][ T6875] __kasan_slab_free+0x114/0x170 [ 44.398497][ T6875] kfree+0x10a/0x220 [ 44.398503][ T6875] napi_consume_skb+0x137/0x300 [ 44.398509][ T6875] free_old_xmit_skbs+0xb8/0x200 [ 44.398514][ T6875] virtnet_poll+0x284/0xc80 [ 44.398519][ T6875] net_rx_action+0x615/0x10e0 [ 44.398524][ T6875] __do_softirq+0x268/0x80c [ 44.398525][ T6875] [ 44.398530][ T6875] The buggy address belongs to the object at ffff8880a81ce000 [ 44.398530][ T6875] which belongs to the cache kmalloc-1k of size 1024 [ 44.398535][ T6875] The buggy address is located 560 bytes inside of [ 44.398535][ T6875] 1024-byte region [ffff8880a81ce000, ffff8880a81ce400) [ 44.398537][ T6875] The buggy address belongs to the page: [ 44.398545][ T6875] page:ffffea0002a07380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.398549][ T6875] flags: 0xfffe0000000200(slab) [ 44.398557][ T6875] raw: 00fffe0000000200 ffffea00029a5948 ffffea0002a14708 ffff8880aa400c40 [ 44.398565][ T6875] raw: 0000000000000000 ffff8880a81ce000 0000000100000002 0000000000000000 [ 44.398567][ T6875] page dumped because: kasan: bad access detected [ 44.398569][ T6875] [ 44.398571][ T6875] Memory state around the buggy address: [ 44.398576][ T6875] ffff8880a81ce100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.398580][ T6875] ffff8880a81ce180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.398584][ T6875] >ffff8880a81ce200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.398586][ T6875] ^ [ 44.398590][ T6875] ffff8880a81ce280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.398594][ T6875] ffff8880a81ce300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.398597][ T6875] ================================================================== [ 44.398599][ T6875] Disabling lock debugging due to kernel taint [ 44.398602][ T6875] Kernel panic - not syncing: panic_on_warn set ... [ 44.398607][ T6875] CPU: 1 PID: 6875 Comm: syz-executor983 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 44.398610][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.398611][ T6875] Call Trace: [ 44.398617][ T6875] dump_stack+0x1f0/0x31e [ 44.398624][ T6875] panic+0x264/0x7a0 [ 44.398629][ T6875] ? trace_hardirqs_on+0x30/0x80 [ 44.398635][ T6875] kasan_report+0x1c9/0x1d0 [ 44.398641][ T6875] ? bit_putcs+0x132a/0x1bf0 [ 44.398646][ T6875] bit_putcs+0x132a/0x1bf0 [ 44.398658][ T6875] ? bit_clear+0x540/0x540 [ 44.398663][ T6875] fbcon_putcs+0x790/0xaf0 [ 44.398668][ T6875] ? bit_clear+0x540/0x540 [ 44.398674][ T6875] do_update_region+0x462/0x620 [ 44.398681][ T6875] redraw_screen+0xc30/0x16f0 [ 44.398688][ T6875] vc_do_resize+0x1541/0x1ce0 [ 44.398698][ T6875] vt_ioctl+0x3185/0x3ec0 [ 44.398704][ T6875] ? lockdep_hardirqs_off+0x2f/0xa0 [ 44.398709][ T6875] ? _raw_spin_unlock_irqrestore+0x68/0xd0 [ 44.398713][ T6875] ? trace_hardirqs_off+0x2d/0x70 [ 44.398719][ T6875] ? trace_lock_release+0x137/0x1a0 [ 44.398736][ T6875] ? rcu_lock_release+0x5/0x20 [ 44.398742][ T6875] ? tomoyo_path_number_perm+0x58f/0x690 [ 44.398750][ T6875] ? tty_jobctrl_ioctl+0x1e8/0xbd0 [ 44.398756][ T6875] tty_ioctl+0xee4/0x15c0 [ 44.398772][ T6875] ? do_vfs_ioctl+0x6bc/0x16d0 [ 44.398779][ T6875] ? tty_do_resize+0x180/0x180 [ 44.398783][ T6875] __se_sys_ioctl+0xf9/0x160 [ 44.398789][ T6875] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.398794][ T6875] do_syscall_64+0x73/0xe0 [ 44.398799][ T6875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.398803][ T6875] RIP: 0033:0x4403a9 [ 44.398804][ T6875] Code: Bad RIP value. [ 44.398807][ T6875] RSP: 002b:00007fff9bff6948 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.398812][ T6875] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 44.398815][ T6875] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 44.398817][ T6875] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 44.398820][ T6875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 44.398823][ T6875] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 44.400314][ T6875] Kernel Offset: disabled [ 45.094293][ T6875] Rebooting in 86400 seconds..