Warning: Permanently added '10.128.1.6' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.167913][ T7007] ================================================================== [ 45.167943][ T7007] BUG: KASAN: slab-out-of-bounds in bit_putcs+0x103a/0x1bf0 [ 45.167949][ T7007] Read of size 1 at addr ffff8880a891dd3f by task syz-executor388/7007 [ 45.167951][ T7007] [ 45.167958][ T7007] CPU: 1 PID: 7007 Comm: syz-executor388 Not tainted 5.7.0-rc4-syzkaller #0 [ 45.167961][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.167964][ T7007] Call Trace: [ 45.167972][ T7007] dump_stack+0x1e9/0x30e [ 45.167981][ T7007] print_address_description+0x74/0x5c0 [ 45.167987][ T7007] ? vprintk_emit+0x342/0x3c0 [ 45.167994][ T7007] ? printk+0x62/0x83 [ 45.168001][ T7007] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 45.168010][ T7007] __kasan_report+0x103/0x1a0 [ 45.168015][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168021][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168025][ T7007] kasan_report+0x4d/0x80 [ 45.168032][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168054][ T7007] ? bit_clear+0x540/0x540 [ 45.168067][ T7007] ? fbcon_putcs+0x790/0xaf0 [ 45.168074][ T7007] ? bit_clear+0x540/0x540 [ 45.168083][ T7007] ? do_update_region+0x462/0x620 [ 45.168094][ T7007] ? redraw_screen+0xc30/0x16f0 [ 45.168104][ T7007] ? vc_do_resize+0x1541/0x1ce0 [ 45.168123][ T7007] ? vt_ioctl+0x3178/0x3eb0 [ 45.168141][ T7007] ? rcu_lock_release+0x5/0x20 [ 45.168150][ T7007] ? tomoyo_path_number_perm+0x58f/0x690 [ 45.168164][ T7007] ? tty_jobctrl_ioctl+0x1e8/0xc20 [ 45.168172][ T7007] ? tty_ioctl+0xee4/0x15c0 [ 45.168185][ T7007] ? tty_do_resize+0x180/0x180 [ 45.168191][ T7007] ? __se_sys_ioctl+0xf9/0x160 [ 45.168200][ T7007] ? do_syscall_64+0xf3/0x1b0 [ 45.168208][ T7007] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 45.168217][ T7007] [ 45.168221][ T7007] Allocated by task 7007: [ 45.168226][ T7007] __kasan_kmalloc+0x114/0x160 [ 45.168231][ T7007] __kmalloc+0x24b/0x330 [ 45.168235][ T7007] fbcon_set_font+0x2c4/0x970 [ 45.168240][ T7007] con_font_op+0xebc/0x1630 [ 45.168244][ T7007] vt_ioctl+0x179d/0x3eb0 [ 45.168247][ T7007] tty_ioctl+0xee4/0x15c0 [ 45.168252][ T7007] __se_sys_ioctl+0xf9/0x160 [ 45.168257][ T7007] do_syscall_64+0xf3/0x1b0 [ 45.168261][ T7007] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 45.168263][ T7007] [ 45.168266][ T7007] Freed by task 6135: [ 45.168270][ T7007] __kasan_slab_free+0x125/0x190 [ 45.168274][ T7007] kfree+0x10a/0x220 [ 45.168278][ T7007] __do_execve_file+0xc0e/0x1b80 [ 45.168282][ T7007] do_execve+0x2f/0x40 [ 45.168288][ T7007] call_usermodehelper_exec_async+0x2df/0x480 [ 45.168292][ T7007] ret_from_fork+0x24/0x30 [ 45.168293][ T7007] [ 45.168298][ T7007] The buggy address belongs to the object at ffff8880a891dc00 [ 45.168298][ T7007] which belongs to the cache kmalloc-512 of size 512 [ 45.168302][ T7007] The buggy address is located 319 bytes inside of [ 45.168302][ T7007] 512-byte region [ffff8880a891dc00, ffff8880a891de00) [ 45.168305][ T7007] The buggy address belongs to the page: [ 45.168313][ T7007] page:ffffea0002a24740 refcount:1 mapcount:0 mapping:0000000011613c67 index:0x0 [ 45.168317][ T7007] flags: 0xfffe0000000200(slab) [ 45.168324][ T7007] raw: 00fffe0000000200 ffffea00025ac3c8 ffffea0002517488 ffff8880aa400a80 [ 45.168330][ T7007] raw: 0000000000000000 ffff8880a891d000 0000000100000004 0000000000000000 [ 45.168332][ T7007] page dumped because: kasan: bad access detected [ 45.168334][ T7007] [ 45.168336][ T7007] Memory state around the buggy address: [ 45.168340][ T7007] ffff8880a891dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.168344][ T7007] ffff8880a891dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.168348][ T7007] >ffff8880a891dd00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.168350][ T7007] ^ [ 45.168354][ T7007] ffff8880a891dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.168357][ T7007] ffff8880a891de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.168360][ T7007] ================================================================== [ 45.168362][ T7007] Disabling lock debugging due to kernel taint [ 45.168365][ T7007] Kernel panic - not syncing: panic_on_warn set ... [ 45.168370][ T7007] CPU: 1 PID: 7007 Comm: syz-executor388 Tainted: G B 5.7.0-rc4-syzkaller #0 [ 45.168373][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.168374][ T7007] Call Trace: [ 45.168379][ T7007] dump_stack+0x1e9/0x30e [ 45.168385][ T7007] panic+0x264/0x7a0 [ 45.168391][ T7007] ? trace_hardirqs_on+0x30/0x70 [ 45.168396][ T7007] __kasan_report+0x191/0x1a0 [ 45.168401][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168405][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168409][ T7007] kasan_report+0x4d/0x80 [ 45.168414][ T7007] ? bit_putcs+0x103a/0x1bf0 [ 45.168425][ T7007] ? bit_clear+0x540/0x540 [ 45.168430][ T7007] ? fbcon_putcs+0x790/0xaf0 [ 45.168435][ T7007] ? bit_clear+0x540/0x540 [ 45.168440][ T7007] ? do_update_region+0x462/0x620 [ 45.168447][ T7007] ? redraw_screen+0xc30/0x16f0 [ 45.168454][ T7007] ? vc_do_resize+0x1541/0x1ce0 [ 45.168464][ T7007] ? vt_ioctl+0x3178/0x3eb0 [ 45.168474][ T7007] ? rcu_lock_release+0x5/0x20 [ 45.168480][ T7007] ? tomoyo_path_number_perm+0x58f/0x690 [ 45.168488][ T7007] ? tty_jobctrl_ioctl+0x1e8/0xc20 [ 45.168493][ T7007] ? tty_ioctl+0xee4/0x15c0 [ 45.168501][ T7007] ? tty_do_resize+0x180/0x180 [ 45.168505][ T7007] ? __se_sys_ioctl+0xf9/0x160 [ 45.168510][ T7007] ? do_syscall_64+0xf3/0x1b0 [ 45.168515][ T7007] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 45.169766][ T7007] Kernel Offset: disabled [ 45.702430][ T7007] Rebooting in 86400 seconds..