[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.744669][ T6810] ================================================================== [ 57.744734][ T6810] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xbb6/0xd20 [ 57.744747][ T6810] Read of size 1 at addr ffff8880a6d10230 by task syz-executor665/6810 [ 57.744751][ T6810] [ 57.744766][ T6810] CPU: 1 PID: 6810 Comm: syz-executor665 Not tainted 5.8.0-rc4-syzkaller #0 [ 57.744774][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.744780][ T6810] Call Trace: [ 57.744796][ T6810] dump_stack+0x18f/0x20d [ 57.744813][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.744826][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.744843][ T6810] print_address_description.constprop.0.cold+0xae/0x436 [ 57.744860][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 57.744876][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 57.744891][ T6810] ? vprintk_func+0x97/0x1a6 [ 57.744907][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.744919][ T6810] kasan_report.cold+0x1f/0x37 [ 57.744935][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.744950][ T6810] bit_putcs+0xbb6/0xd20 [ 57.744986][ T6810] ? bit_cursor+0x17d0/0x17d0 [ 57.745000][ T6810] ? vga16fb_update_fix+0x4a0/0x4a0 [ 57.745023][ T6810] ? fb_get_color_depth+0x11a/0x240 [ 57.745040][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.745056][ T6810] ? bit_cursor+0x17d0/0x17d0 [ 57.745064][ T6810] fbcon_putcs+0x33c/0x3f0 [ 57.745078][ T6810] do_update_region+0x399/0x630 [ 57.745090][ T6810] ? con_get_trans_old+0x280/0x280 [ 57.745101][ T6810] ? fbcon_set_palette+0x3a8/0x490 [ 57.745108][ T6810] ? var_to_display+0x7f0/0x7f0 [ 57.745120][ T6810] redraw_screen+0x64c/0x770 [ 57.745129][ T6810] ? wait_for_completion+0x260/0x260 [ 57.745138][ T6810] ? vc_init+0x440/0x440 [ 57.745152][ T6810] vc_do_resize+0x110e/0x13f0 [ 57.745168][ T6810] ? lock_downgrade+0x820/0x820 [ 57.745178][ T6810] ? store_bind+0x6a0/0x6a0 [ 57.745187][ T6810] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 57.745196][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.745205][ T6810] ? trace_hardirqs_on+0x5f/0x220 [ 57.745216][ T6810] vt_ioctl+0x2037/0x2670 [ 57.745225][ T6810] ? trace_stack_print+0x1e0/0x2c0 [ 57.745235][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 57.745242][ T6810] ? vt_waitactive+0x350/0x350 [ 57.745253][ T6810] ? tomoyo_path_number_perm+0x244/0x4d0 [ 57.745264][ T6810] ? tomoyo_execute_permission+0x470/0x470 [ 57.745273][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 57.745284][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.745294][ T6810] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 57.745301][ T6810] ? vt_waitactive+0x350/0x350 [ 57.745312][ T6810] tty_ioctl+0x1019/0x15f0 [ 57.745322][ T6810] ? tty_fasync+0x390/0x390 [ 57.745332][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.745341][ T6810] ? do_vfs_ioctl+0x27d/0x1090 [ 57.745350][ T6810] ? generic_block_fiemap+0x60/0x60 [ 57.745358][ T6810] ? do_sys_openat2+0xa2/0x3b0 [ 57.745367][ T6810] ? build_open_flags+0x650/0x650 [ 57.745376][ T6810] ? sockfd_lookup_light+0xc6/0x170 [ 57.745385][ T6810] ? __sys_sendmsg+0x10c/0x1b0 [ 57.745393][ T6810] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.745406][ T6810] ? tty_fasync+0x390/0x390 [ 57.745414][ T6810] ksys_ioctl+0x11a/0x180 [ 57.745423][ T6810] __x64_sys_ioctl+0x6f/0xb0 [ 57.745432][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 57.745440][ T6810] do_syscall_64+0x60/0xe0 [ 57.745457][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.745464][ T6810] RIP: 0033:0x4403a9 [ 57.745468][ T6810] Code: Bad RIP value. [ 57.745472][ T6810] RSP: 002b:00007fffe534add8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.745481][ T6810] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 57.745486][ T6810] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 57.745491][ T6810] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 57.745496][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 57.745501][ T6810] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 57.745511][ T6810] [ 57.745515][ T6810] Allocated by task 6810: [ 57.745525][ T6810] save_stack+0x1b/0x40 [ 57.745532][ T6810] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 57.745539][ T6810] __kmalloc+0x17a/0x340 [ 57.745546][ T6810] fbcon_set_font+0x34f/0x8b0 [ 57.745553][ T6810] con_font_op+0xd25/0x1110 [ 57.745559][ T6810] vt_ioctl+0x1180/0x2670 [ 57.745566][ T6810] tty_ioctl+0x1019/0x15f0 [ 57.745573][ T6810] ksys_ioctl+0x11a/0x180 [ 57.745579][ T6810] __x64_sys_ioctl+0x6f/0xb0 [ 57.745586][ T6810] do_syscall_64+0x60/0xe0 [ 57.745594][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.745596][ T6810] [ 57.745599][ T6810] Freed by task 1: [ 57.745607][ T6810] save_stack+0x1b/0x40 [ 57.745615][ T6810] __kasan_slab_free+0xf5/0x140 [ 57.745623][ T6810] kfree+0x103/0x2c0 [ 57.745630][ T6810] skb_release_data+0x6d9/0x910 [ 57.745636][ T6810] consume_skb+0xc2/0x160 [ 57.745644][ T6810] unix_stream_read_generic+0x16c9/0x1ae0 [ 57.745651][ T6810] unix_stream_recvmsg+0xb1/0xf0 [ 57.745659][ T6810] ____sys_recvmsg+0x2c4/0x640 [ 57.745666][ T6810] ___sys_recvmsg+0x127/0x200 [ 57.745672][ T6810] __sys_recvmsg+0xe2/0x1a0 [ 57.745679][ T6810] do_syscall_64+0x60/0xe0 [ 57.745687][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.745689][ T6810] [ 57.745695][ T6810] The buggy address belongs to the object at ffff8880a6d10000 [ 57.745695][ T6810] which belongs to the cache kmalloc-1k of size 1024 [ 57.745702][ T6810] The buggy address is located 560 bytes inside of [ 57.745702][ T6810] 1024-byte region [ffff8880a6d10000, ffff8880a6d10400) [ 57.745705][ T6810] The buggy address belongs to the page: [ 57.745715][ T6810] page:ffffea00029b4400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a6d10800 [ 57.745721][ T6810] flags: 0xfffe0000000200(slab) [ 57.745733][ T6810] raw: 00fffe0000000200 ffffea00029c9908 ffffea00026b8ec8 ffff8880aa000c40 [ 57.745742][ T6810] raw: ffff8880a6d10800 ffff8880a6d10000 0000000100000001 0000000000000000 [ 57.745746][ T6810] page dumped because: kasan: bad access detected [ 57.745748][ T6810] [ 57.745750][ T6810] Memory state around the buggy address: [ 57.745757][ T6810] ffff8880a6d10100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.745763][ T6810] ffff8880a6d10180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.745770][ T6810] >ffff8880a6d10200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.745773][ T6810] ^ [ 57.745779][ T6810] ffff8880a6d10280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.745785][ T6810] ffff8880a6d10300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.745788][ T6810] ================================================================== [ 57.745791][ T6810] Disabling lock debugging due to kernel taint [ 57.745795][ T6810] Kernel panic - not syncing: panic_on_warn set ... [ 57.745804][ T6810] CPU: 1 PID: 6810 Comm: syz-executor665 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 57.745808][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.745810][ T6810] Call Trace: [ 57.745818][ T6810] dump_stack+0x18f/0x20d [ 57.745826][ T6810] ? bit_putcs+0xad0/0xd20 [ 57.745834][ T6810] panic+0x2e3/0x75c [ 57.745843][ T6810] ? __warn_printk+0xf3/0xf3 [ 57.745851][ T6810] ? trace_hardirqs_on+0x55/0x220 [ 57.745859][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.745866][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.745872][ T6810] end_report+0x4d/0x53 [ 57.745878][ T6810] kasan_report.cold+0xd/0x37 [ 57.745886][ T6810] ? bit_putcs+0xbb6/0xd20 [ 57.745894][ T6810] bit_putcs+0xbb6/0xd20 [ 57.745905][ T6810] ? bit_cursor+0x17d0/0x17d0 [ 57.745912][ T6810] ? vga16fb_update_fix+0x4a0/0x4a0 [ 57.745921][ T6810] ? fb_get_color_depth+0x11a/0x240 [ 57.745930][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.745938][ T6810] ? bit_cursor+0x17d0/0x17d0 [ 57.745945][ T6810] fbcon_putcs+0x33c/0x3f0 [ 57.745954][ T6810] do_update_region+0x399/0x630 [ 57.745963][ T6810] ? con_get_trans_old+0x280/0x280 [ 57.745971][ T6810] ? fbcon_set_palette+0x3a8/0x490 [ 57.745978][ T6810] ? var_to_display+0x7f0/0x7f0 [ 57.745987][ T6810] redraw_screen+0x64c/0x770 [ 57.745995][ T6810] ? wait_for_completion+0x260/0x260 [ 57.746003][ T6810] ? vc_init+0x440/0x440 [ 57.746013][ T6810] vc_do_resize+0x110e/0x13f0 [ 57.746024][ T6810] ? lock_downgrade+0x820/0x820 [ 57.746032][ T6810] ? store_bind+0x6a0/0x6a0 [ 57.746039][ T6810] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 57.746047][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.746054][ T6810] ? trace_hardirqs_on+0x5f/0x220 [ 57.746061][ T6810] vt_ioctl+0x2037/0x2670 [ 57.746069][ T6810] ? trace_stack_print+0x1e0/0x2c0 [ 57.746078][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 57.746084][ T6810] ? vt_waitactive+0x350/0x350 [ 57.746092][ T6810] ? tomoyo_path_number_perm+0x244/0x4d0 [ 57.746101][ T6810] ? tomoyo_execute_permission+0x470/0x470 [ 57.746109][ T6810] ? lockdep_hardirqs_off+0x66/0xa0 [ 57.746119][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.746126][ T6810] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 57.746133][ T6810] ? vt_waitactive+0x350/0x350 [ 57.746141][ T6810] tty_ioctl+0x1019/0x15f0 [ 57.746149][ T6810] ? tty_fasync+0x390/0x390 [ 57.746158][ T6810] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.746164][ T6810] ? do_vfs_ioctl+0x27d/0x1090 [ 57.746172][ T6810] ? generic_block_fiemap+0x60/0x60 [ 57.746183][ T6810] ? do_sys_openat2+0xa2/0x3b0 [ 57.746190][ T6810] ? build_open_flags+0x650/0x650 [ 57.746197][ T6810] ? sockfd_lookup_light+0xc6/0x170 [ 57.746204][ T6810] ? __sys_sendmsg+0x10c/0x1b0 [ 57.746211][ T6810] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.746220][ T6810] ? tty_fasync+0x390/0x390 [ 57.746227][ T6810] ksys_ioctl+0x11a/0x180 [ 57.746234][ T6810] __x64_sys_ioctl+0x6f/0xb0 [ 57.746242][ T6810] ? lockdep_hardirqs_on+0x6a/0xe0 [ 57.746249][ T6810] do_syscall_64+0x60/0xe0 [ 57.746257][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.746262][ T6810] RIP: 0033:0x4403a9 [ 57.746264][ T6810] Code: Bad RIP value. [ 57.746268][ T6810] RSP: 002b:00007fffe534add8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.746275][ T6810] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403a9 [ 57.746279][ T6810] RDX: 0000000020000080 RSI: 000000000000560a RDI: 0000000000000004 [ 57.746284][ T6810] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 57.746288][ T6810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 57.746292][ T6810] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 57.747309][ T6810] Kernel Offset: disabled [ 58.750129][ T6810] Rebooting in 86400 seconds..