Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.994022][ T9198] ================================================================== [ 76.994064][ T9198] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 [ 76.994072][ T9198] Read of size 2 at addr ffff88809e18d2c0 by task syz-executor870/9198 [ 76.994074][ T9198] [ 76.994085][ T9198] CPU: 0 PID: 9198 Comm: syz-executor870 Not tainted 5.4.0-syzkaller #0 [ 76.994090][ T9198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.994094][ T9198] Call Trace: [ 76.994108][ T9198] dump_stack+0x197/0x210 [ 76.994116][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994130][ T9198] print_address_description.constprop.0.cold+0xd4/0x30b [ 76.994136][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994144][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994152][ T9198] __kasan_report.cold+0x1b/0x41 [ 76.994162][ T9198] ? vcs_write+0x460/0xcf0 [ 76.994169][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994178][ T9198] kasan_report+0x12/0x20 [ 76.994187][ T9198] __asan_report_load2_noabort+0x14/0x20 [ 76.994194][ T9198] vcs_scr_readw+0xc2/0xd0 [ 76.994202][ T9198] vcs_write+0x646/0xcf0 [ 76.994217][ T9198] ? vcs_size+0x250/0x250 [ 76.994230][ T9198] ? apparmor_file_permission+0x25/0x30 [ 76.994241][ T9198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.994252][ T9198] ? security_file_permission+0x8f/0x380 [ 76.994263][ T9198] ? trace_hardirqs_on+0x67/0x240 [ 76.994274][ T9198] __vfs_write+0x8a/0x110 [ 76.994280][ T9198] ? vcs_size+0x250/0x250 [ 76.994289][ T9198] vfs_write+0x268/0x5d0 [ 76.994299][ T9198] ksys_write+0x14f/0x290 [ 76.994308][ T9198] ? __ia32_sys_read+0xb0/0xb0 [ 76.994318][ T9198] ? do_syscall_64+0x26/0x790 [ 76.994328][ T9198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.994336][ T9198] ? do_syscall_64+0x26/0x790 [ 76.994346][ T9198] __x64_sys_write+0x73/0xb0 [ 76.994356][ T9198] do_syscall_64+0xfa/0x790 [ 76.994366][ T9198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.994373][ T9198] RIP: 0033:0x443e49 [ 76.994382][ T9198] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.994386][ T9198] RSP: 002b:00007ffdcf649378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.994402][ T9198] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e49 [ 76.994407][ T9198] RDX: 0000000000001010 RSI: 0000000020006480 RDI: 0000000000000003 [ 76.994412][ T9198] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 76.994417][ T9198] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b50 [ 76.994422][ T9198] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 76.994432][ T9198] [ 76.994437][ T9198] Allocated by task 9179: [ 76.994444][ T9198] save_stack+0x23/0x90 [ 76.994451][ T9198] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 76.994456][ T9198] kasan_kmalloc+0x9/0x10 [ 76.994466][ T9198] __kmalloc+0x163/0x770 [ 76.994472][ T9198] vc_allocate+0x3fc/0x760 [ 76.994478][ T9198] con_install+0x52/0x410 [ 76.994486][ T9198] tty_init_dev+0xf7/0x460 [ 76.994492][ T9198] tty_open+0x4a5/0xbb0 [ 76.994501][ T9198] chrdev_open+0x245/0x6b0 [ 76.994511][ T9198] do_dentry_open+0x4e6/0x1380 [ 76.994516][ T9198] vfs_open+0xa0/0xd0 [ 76.994525][ T9198] path_openat+0x10e4/0x4710 [ 76.994532][ T9198] do_filp_open+0x1a1/0x280 [ 76.994538][ T9198] do_sys_open+0x3fe/0x5d0 [ 76.994544][ T9198] __x64_sys_open+0x7e/0xc0 [ 76.994551][ T9198] do_syscall_64+0xfa/0x790 [ 76.994559][ T9198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.994561][ T9198] [ 76.994564][ T9198] Freed by task 0: [ 76.994567][ T9198] (stack is not available) [ 76.994569][ T9198] [ 76.994576][ T9198] The buggy address belongs to the object at ffff88809e18c000 [ 76.994576][ T9198] which belongs to the cache kmalloc-8k of size 8192 [ 76.994583][ T9198] The buggy address is located 4800 bytes inside of [ 76.994583][ T9198] 8192-byte region [ffff88809e18c000, ffff88809e18e000) [ 76.994585][ T9198] The buggy address belongs to the page: [ 76.994595][ T9198] page:ffffea0002786300 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 76.994607][ T9198] raw: 00fffe0000010200 ffffea000281e708 ffffea000245f608 ffff8880aa4021c0 [ 76.994616][ T9198] raw: 0000000000000000 ffff88809e18c000 0000000100000001 0000000000000000 [ 76.994620][ T9198] page dumped because: kasan: bad access detected [ 76.994623][ T9198] [ 76.994625][ T9198] Memory state around the buggy address: [ 76.994631][ T9198] ffff88809e18d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.994637][ T9198] ffff88809e18d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.994643][ T9198] >ffff88809e18d280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 76.994646][ T9198] ^ [ 76.994652][ T9198] ffff88809e18d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.994658][ T9198] ffff88809e18d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.994661][ T9198] ================================================================== [ 76.994664][ T9198] Disabling lock debugging due to kernel taint [ 76.994669][ T9198] Kernel panic - not syncing: panic_on_warn set ... [ 76.994676][ T9198] CPU: 0 PID: 9198 Comm: syz-executor870 Tainted: G B 5.4.0-syzkaller #0 [ 76.994680][ T9198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.994682][ T9198] Call Trace: [ 76.994690][ T9198] dump_stack+0x197/0x210 [ 76.994700][ T9198] panic+0x2e3/0x75c [ 76.994707][ T9198] ? add_taint.cold+0x16/0x16 [ 76.994717][ T9198] ? trace_hardirqs_on+0x67/0x240 [ 76.994724][ T9198] ? trace_hardirqs_on+0x5e/0x240 [ 76.994731][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994737][ T9198] end_report+0x47/0x4f [ 76.994743][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994750][ T9198] __kasan_report.cold+0xe/0x41 [ 76.994757][ T9198] ? vcs_write+0x460/0xcf0 [ 76.994763][ T9198] ? vcs_scr_readw+0xc2/0xd0 [ 76.994770][ T9198] kasan_report+0x12/0x20 [ 76.994777][ T9198] __asan_report_load2_noabort+0x14/0x20 [ 76.994789][ T9198] vcs_scr_readw+0xc2/0xd0 [ 76.994796][ T9198] vcs_write+0x646/0xcf0 [ 76.994806][ T9198] ? vcs_size+0x250/0x250 [ 76.994815][ T9198] ? apparmor_file_permission+0x25/0x30 [ 76.994824][ T9198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.994832][ T9198] ? security_file_permission+0x8f/0x380 [ 76.994839][ T9198] ? trace_hardirqs_on+0x67/0x240 [ 76.994846][ T9198] __vfs_write+0x8a/0x110 [ 76.994852][ T9198] ? vcs_size+0x250/0x250 [ 76.994859][ T9198] vfs_write+0x268/0x5d0 [ 76.994867][ T9198] ksys_write+0x14f/0x290 [ 76.994874][ T9198] ? __ia32_sys_read+0xb0/0xb0 [ 76.994881][ T9198] ? do_syscall_64+0x26/0x790 [ 76.994889][ T9198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.994896][ T9198] ? do_syscall_64+0x26/0x790 [ 76.994904][ T9198] __x64_sys_write+0x73/0xb0 [ 76.994912][ T9198] do_syscall_64+0xfa/0x790 [ 76.994920][ T9198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.994925][ T9198] RIP: 0033:0x443e49 [ 76.994932][ T9198] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.994935][ T9198] RSP: 002b:00007ffdcf649378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.994942][ T9198] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e49 [ 76.994946][ T9198] RDX: 0000000000001010 RSI: 0000000020006480 RDI: 0000000000000003 [ 76.994950][ T9198] RBP: 00000000006cf018 R08: 0000000000000000 R09: 00000000004002e0 [ 76.994955][ T9198] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b50 [ 76.994959][ T9198] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000 [ 76.996576][ T9198] Kernel Offset: disabled [ 77.739766][ T9198] Rebooting in 86400 seconds..