Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. 2020/01/08 21:54:52 parsed 1 programs 2020/01/08 21:54:54 executed programs: 0 syzkaller login: [ 94.418558][ T9925] IPVS: ftp: loaded support on port[0] = 21 [ 94.488346][ T9925] chnl_net:caif_netlink_parms(): no params data found [ 94.522225][ T9925] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.529942][ T9925] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.538505][ T9925] device bridge_slave_0 entered promiscuous mode [ 94.547103][ T9925] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.555352][ T9925] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.563152][ T9925] device bridge_slave_1 entered promiscuous mode [ 94.581665][ T9925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.593735][ T9925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.613877][ T9925] team0: Port device team_slave_0 added [ 94.621894][ T9925] team0: Port device team_slave_1 added [ 94.676967][ T9925] device hsr_slave_0 entered promiscuous mode [ 94.744719][ T9925] device hsr_slave_1 entered promiscuous mode [ 94.880480][ T9925] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.957678][ T9925] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.017416][ T9925] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.076976][ T9925] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.146653][ T9925] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.153963][ T9925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.161896][ T9925] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.169004][ T9925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.210077][ T9925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.225417][ T2684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.237986][ T2684] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.256859][ T2684] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.266282][ T2684] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 95.280593][ T9925] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.291930][ T2968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.301534][ T2968] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.308709][ T2968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.324638][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.333085][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.340204][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.356244][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.365762][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.378479][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.395990][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.405883][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.416223][ T9925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.435356][ T2683] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.442976][ T2683] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.456444][ T9925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.476333][ T2683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.495884][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.506388][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.516917][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.526093][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.534964][ T9925] device veth0_vlan entered promiscuous mode [ 95.547410][ T9925] device veth1_vlan entered promiscuous mode [ 95.684057][ T9933] ================================================================== [ 95.684123][ T9933] BUG: KASAN: slab-out-of-bounds in fbcon_get_font+0x2b2/0x5e0 [ 95.684135][ T9933] Read of size 16 at addr ffff888086ce2d10 by task syz-executor.0/9933 [ 95.684139][ T9933] [ 95.684154][ T9933] CPU: 0 PID: 9933 Comm: syz-executor.0 Not tainted 5.5.0-rc5-next-20200108-syzkaller #0 [ 95.684172][ T9933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.684178][ T9933] Call Trace: [ 95.684194][ T9933] dump_stack+0x197/0x210 [ 95.684210][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.684230][ T9933] print_address_description.constprop.0.cold+0xd4/0x30b [ 95.684244][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.684259][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.684272][ T9933] __kasan_report.cold+0x1b/0x32 [ 95.684324][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.684342][ T9933] kasan_report+0x12/0x20 [ 95.684358][ T9933] check_memory_region+0x134/0x1a0 [ 95.684374][ T9933] memcpy+0x24/0x50 [ 95.684393][ T9933] fbcon_get_font+0x2b2/0x5e0 [ 95.684415][ T9933] ? display_to_var+0x7e0/0x7e0 [ 95.684432][ T9933] con_font_op+0x20b/0x1270 [ 95.684450][ T9933] ? lock_downgrade+0x920/0x920 [ 95.684475][ T9933] ? con_write+0xd0/0xd0 [ 95.684505][ T9933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.684522][ T9933] ? _copy_from_user+0x12c/0x1a0 [ 95.684544][ T9933] vt_ioctl+0x181a/0x26d0 [ 95.684563][ T9933] ? complete_change_console+0x3a0/0x3a0 [ 95.684583][ T9933] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 95.684605][ T9933] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.684621][ T9933] ? tty_jobctrl_ioctl+0x50/0xd40 [ 95.684638][ T9933] ? complete_change_console+0x3a0/0x3a0 [ 95.684656][ T9933] tty_ioctl+0xa37/0x14f0 [ 95.684674][ T9933] ? tty_vhangup+0x30/0x30 [ 95.684701][ T9933] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 95.684717][ T9933] ? do_vfs_ioctl+0x11b/0x1350 [ 95.684737][ T9933] ? ioctl_file_clone+0x180/0x180 [ 95.684753][ T9933] ? __fget+0x37f/0x550 [ 95.684774][ T9933] ? do_dup2+0x4f0/0x4f0 [ 95.684791][ T9933] ? ns_to_kernel_old_timeval+0x100/0x100 [ 95.684814][ T9933] ? tomoyo_file_ioctl+0x23/0x30 [ 95.684831][ T9933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.684845][ T9933] ? security_file_ioctl+0x8d/0xc0 [ 95.684860][ T9933] ? tty_vhangup+0x30/0x30 [ 95.684876][ T9933] ksys_ioctl+0x123/0x180 [ 95.684894][ T9933] __x64_sys_ioctl+0x73/0xb0 [ 95.684915][ T9933] do_syscall_64+0xfa/0x790 [ 95.684938][ T9933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.684949][ T9933] RIP: 0033:0x45af49 [ 95.684964][ T9933] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.684972][ T9933] RSP: 002b:00007f0c29632c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.684987][ T9933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 95.684995][ T9933] RDX: 0000000020000440 RSI: 0000000000004b72 RDI: 0000000000000004 [ 95.685004][ T9933] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 95.685013][ T9933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c296336d4 [ 95.685022][ T9933] R13: 00000000004c4237 R14: 00000000004daa38 R15: 00000000ffffffff [ 95.685043][ T9933] [ 95.685050][ T9933] Allocated by task 9930: [ 95.685062][ T9933] save_stack+0x23/0x90 [ 95.685074][ T9933] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 95.685084][ T9933] kasan_kmalloc+0x9/0x10 [ 95.685094][ T9933] __kmalloc+0x163/0x770 [ 95.685103][ T9933] fbcon_set_font+0x32d/0x860 [ 95.685115][ T9933] con_font_op+0xe30/0x1270 [ 95.685128][ T9933] vt_ioctl+0xd2e/0x26d0 [ 95.685139][ T9933] tty_ioctl+0xa37/0x14f0 [ 95.685149][ T9933] ksys_ioctl+0x123/0x180 [ 95.685161][ T9933] __x64_sys_ioctl+0x73/0xb0 [ 95.685176][ T9933] do_syscall_64+0xfa/0x790 [ 95.685192][ T9933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.685196][ T9933] [ 95.685202][ T9933] Freed by task 0: [ 95.685207][ T9933] (stack is not available) [ 95.685210][ T9933] [ 95.685219][ T9933] The buggy address belongs to the object at ffff888086ce2000 [ 95.685219][ T9933] which belongs to the cache kmalloc-4k of size 4096 [ 95.685231][ T9933] The buggy address is located 3344 bytes inside of [ 95.685231][ T9933] 4096-byte region [ffff888086ce2000, ffff888086ce3000) [ 95.685236][ T9933] The buggy address belongs to the page: [ 95.685250][ T9933] page:ffffea00021b3880 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0 [ 95.685269][ T9933] raw: 00fffe0000010200 ffffea00029ea388 ffffea0002a3ea08 ffff8880aa402000 [ 95.685285][ T9933] raw: 0000000000000000 ffff888086ce2000 0000000100000001 0000000000000000 [ 95.685292][ T9933] page dumped because: kasan: bad access detected [ 95.685296][ T9933] [ 95.685300][ T9933] Memory state around the buggy address: [ 95.685312][ T9933] ffff888086ce2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.685322][ T9933] ffff888086ce2c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.685331][ T9933] >ffff888086ce2d00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.685337][ T9933] ^ [ 95.685348][ T9933] ffff888086ce2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.685359][ T9933] ffff888086ce2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.685365][ T9933] ================================================================== [ 95.685369][ T9933] Disabling lock debugging due to kernel taint [ 95.688077][ T9933] Kernel panic - not syncing: panic_on_warn set ... [ 95.688096][ T9933] CPU: 0 PID: 9933 Comm: syz-executor.0 Tainted: G B 5.5.0-rc5-next-20200108-syzkaller #0 [ 95.688103][ T9933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.688107][ T9933] Call Trace: [ 95.688124][ T9933] dump_stack+0x197/0x210 [ 95.688141][ T9933] panic+0x2e3/0x75c [ 95.688155][ T9933] ? add_taint.cold+0x16/0x16 [ 95.688174][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.688187][ T9933] ? preempt_schedule+0x4b/0x60 [ 95.688204][ T9933] ? ___preempt_schedule+0x16/0x18 [ 95.688221][ T9933] ? trace_hardirqs_on+0x5e/0x240 [ 95.688238][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.688252][ T9933] end_report+0x47/0x4f [ 95.688268][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.688281][ T9933] __kasan_report.cold+0xe/0x32 [ 95.688299][ T9933] ? fbcon_get_font+0x2b2/0x5e0 [ 95.688313][ T9933] kasan_report+0x12/0x20 [ 95.688329][ T9933] check_memory_region+0x134/0x1a0 [ 95.688342][ T9933] memcpy+0x24/0x50 [ 95.688359][ T9933] fbcon_get_font+0x2b2/0x5e0 [ 95.688377][ T9933] ? display_to_var+0x7e0/0x7e0 [ 95.688392][ T9933] con_font_op+0x20b/0x1270 [ 95.688407][ T9933] ? lock_downgrade+0x920/0x920 [ 95.688422][ T9933] ? con_write+0xd0/0xd0 [ 95.688444][ T9933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.688458][ T9933] ? _copy_from_user+0x12c/0x1a0 [ 95.688483][ T9933] vt_ioctl+0x181a/0x26d0 [ 95.688500][ T9933] ? complete_change_console+0x3a0/0x3a0 [ 95.688517][ T9933] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 95.688533][ T9933] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.688547][ T9933] ? tty_jobctrl_ioctl+0x50/0xd40 [ 95.688563][ T9933] ? complete_change_console+0x3a0/0x3a0 [ 95.688578][ T9933] tty_ioctl+0xa37/0x14f0 [ 95.688594][ T9933] ? tty_vhangup+0x30/0x30 [ 95.688608][ T9933] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 95.688622][ T9933] ? do_vfs_ioctl+0x11b/0x1350 [ 95.688638][ T9933] ? ioctl_file_clone+0x180/0x180 [ 95.688652][ T9933] ? __fget+0x37f/0x550 [ 95.688668][ T9933] ? do_dup2+0x4f0/0x4f0 [ 95.688684][ T9933] ? ns_to_kernel_old_timeval+0x100/0x100 [ 95.688701][ T9933] ? tomoyo_file_ioctl+0x23/0x30 [ 95.688717][ T9933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.688729][ T9933] ? security_file_ioctl+0x8d/0xc0 [ 95.688742][ T9933] ? tty_vhangup+0x30/0x30 [ 95.688757][ T9933] ksys_ioctl+0x123/0x180 [ 95.688772][ T9933] __x64_sys_ioctl+0x73/0xb0 [ 95.688789][ T9933] do_syscall_64+0xfa/0x790 [ 95.688809][ T9933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.688818][ T9933] RIP: 0033:0x45af49 [ 95.688833][ T9933] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.688841][ T9933] RSP: 002b:00007f0c29632c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.688854][ T9933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 95.688862][ T9933] RDX: 0000000020000440 RSI: 0000000000004b72 RDI: 0000000000000004 [ 95.688869][ T9933] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 95.688877][ T9933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c296336d4 [ 95.688886][ T9933] R13: 00000000004c4237 R14: 00000000004daa38 R15: 00000000ffffffff [ 95.690192][ T9933] Kernel Offset: disabled [ 96.549692][ T9933] Rebooting in 86400 seconds..