[ 39.501608] audit: type=1800 audit(1576132907.947:32): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 39.526881] audit: type=1800 audit(1576132907.977:33): pid=7001 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.985929] IPVS: Creating netns size=2712 id=1 [ 50.990702] IPVS: ftp: loaded support on port[0] = 21 [ 51.558238] audit: type=1400 audit(1576132920.007:34): avc: denied { create } for pid=7204 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 51.582720] audit: type=1400 audit(1576132920.037:35): avc: denied { create } for pid=7204 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 51.607530] audit: type=1400 audit(1576132920.057:36): avc: denied { create } for pid=7204 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. 2019/12/12 06:42:07 parsed 1 programs 2019/12/12 06:42:07 executed programs: 0 [ 58.773992] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 58.788287] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 58.797934] IPVS: Creating netns size=2712 id=2 [ 58.798059] IPVS: ftp: loaded support on port[0] = 21 [ 58.823965] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 58.832244] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 58.840474] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 58.848437] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 58.917996] IPVS: Creating netns size=2712 id=3 [ 58.923106] IPVS: ftp: loaded support on port[0] = 21 [ 59.056371] IPVS: Creating netns size=2712 id=4 [ 59.061231] IPVS: ftp: loaded support on port[0] = 21 [ 59.067920] chnl_net:caif_netlink_parms(): no params data found [ 59.222462] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.229691] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.238607] IPVS: Creating netns size=2712 id=5 [ 59.240748] device bridge_slave_0 entered promiscuous mode [ 59.244644] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.244763] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.248738] device bridge_slave_1 entered promiscuous mode [ 59.267736] IPVS: ftp: loaded support on port[0] = 21 [ 59.356267] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 59.440755] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 59.597439] chnl_net:caif_netlink_parms(): no params data found [ 59.606763] IPVS: Creating netns size=2712 id=6 [ 59.606889] IPVS: ftp: loaded support on port[0] = 21 [ 59.633044] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.657641] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.722018] chnl_net:caif_netlink_parms(): no params data found [ 59.869779] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.877288] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.883774] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.892759] device bridge_slave_0 entered promiscuous mode [ 59.970979] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.977893] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.984343] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.993452] device bridge_slave_1 entered promiscuous mode [ 60.046720] IPVS: Creating netns size=2712 id=7 [ 60.051551] IPVS: ftp: loaded support on port[0] = 21 [ 60.138421] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.145286] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.154181] device bridge_slave_0 entered promiscuous mode [ 60.187754] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.196567] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.202932] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.212006] device bridge_slave_1 entered promiscuous mode [ 60.298208] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.334792] chnl_net:caif_netlink_parms(): no params data found [ 60.418249] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.461928] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.471022] chnl_net:caif_netlink_parms(): no params data found [ 60.502235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.612817] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.691909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.748531] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.755294] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.764052] device bridge_slave_0 entered promiscuous mode [ 60.771446] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.778250] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.787636] device bridge_slave_0 entered promiscuous mode [ 60.795690] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.802080] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.810985] device bridge_slave_1 entered promiscuous mode [ 60.858277] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.864821] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.873689] device bridge_slave_1 entered promiscuous mode [ 60.883109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.936494] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.947281] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.979327] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 61.011275] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 61.020999] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.034649] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.073278] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 61.199600] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 61.278474] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 61.290181] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.308665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.333306] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.350624] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.358032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.482764] chnl_net:caif_netlink_parms(): no params data found [ 61.507274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.515818] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 61.526542] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.534950] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 61.546812] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.623451] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 61.638951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.687717] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 61.698692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.717664] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.724097] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.736127] device bridge_slave_0 entered promiscuous mode [ 61.744400] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.750855] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.760050] device bridge_slave_1 entered promiscuous mode [ 61.859387] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 61.892061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 61.904327] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.917270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.926416] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.932811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.940404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.948424] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.954850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.005866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.069144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 62.091117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.108767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 62.120081] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.132391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 62.141272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 62.166695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.248376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.265322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.281666] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.297332] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 62.308786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.324097] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 62.341951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.353712] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.360243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.368681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.376293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.396791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.426533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.433083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.442334] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.448753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.489856] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 62.503470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.520126] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 62.549969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.566036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 62.596283] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.602893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.612946] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.619468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.627487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.635706] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.642061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.664516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.674901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.696823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.722606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.735598] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 62.756883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.767101] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.773480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.785752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 62.803619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.823099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.867861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.875990] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.882346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.890024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.897987] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.904332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.911682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.919370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.927171] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.933525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.941590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.955275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.971117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 63.013042] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 63.033717] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 63.059612] audit: type=1400 audit(1576132931.507:37): avc: denied { associate } for pid=7278 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 63.088697] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 63.098859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.106956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.128803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.152193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.170791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.177028] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.212713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.387697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.406588] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.413006] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.447030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.454688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.486498] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.492933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.585660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 63.636797] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 2019/12/12 06:42:12 executed programs: 9 [ 63.687720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.712162] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 2019/12/12 06:42:17 executed programs: 227 2019/12/12 06:42:22 executed programs: 465 2019/12/12 06:42:27 executed programs: 692 2019/12/12 06:42:32 executed programs: 940 2019/12/12 06:42:37 executed programs: 1180 2019/12/12 06:42:42 executed programs: 1422 2019/12/12 06:42:47 executed programs: 1645 2019/12/12 06:42:52 executed programs: 1897 2019/12/12 06:42:57 executed programs: 2152 2019/12/12 06:43:02 executed programs: 2399 2019/12/12 06:43:07 executed programs: 2637 2019/12/12 06:43:12 executed programs: 2887 2019/12/12 06:43:17 executed programs: 3128 2019/12/12 06:43:22 executed programs: 3367 2019/12/12 06:43:27 executed programs: 3599 2019/12/12 06:43:32 executed programs: 3851 2019/12/12 06:43:37 executed programs: 4100 ** 1177 printk messages dropped ** [ 153.217274] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde2c0 [ 153.217275] Read of size 32 by task syz-executor.1/19849 [ 153.217278] Address belongs to variable oid_index+0x220/0x580 [ 153.217280] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.217282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.217286] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.217290] ffff88012787f830 ffffffff85fde2c0 00000000000000ae ffff88012787f820 [ 153.217294] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.217295] Call Trace: [ 153.217298] [] dump_stack+0xe6/0x120 [ 153.217301] [] kasan_report_error+0x59a/0x5c0 [ 153.217305] [] kasan_report+0x34/0x40 [ 153.217307] [] ? memcpy+0x1d/0x40 [ 153.217316] [] __asan_loadN+0x12a/0x180 [ 153.217319] [] memcpy+0x1d/0x40 [ 153.217322] [] fbcon_get_font+0x221/0x560 [ 153.217325] [] con_font_op+0x564/0xfa0 [ 153.217328] [] ? con_write+0x90/0x90 [ 153.217332] [] ? selinux_capable+0xd/0x10 [ 153.217335] [] ? security_capable+0x6f/0xa0 [ 153.217338] [] ? ns_capable+0x56/0xc0 [ 153.217341] [] vt_ioctl+0x434/0x24e0 [ 153.217344] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.217347] [] ? complete_change_console+0x300/0x300 [ 153.217350] [] ? plist_del+0xe9/0x1d0 [ 153.217352] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.217356] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.217359] [] tty_ioctl+0x5d4/0x20f0 [ 153.217362] [] ? no_tty+0x90/0x90 [ 153.217365] [] ? __lock_acquire+0xca1/0x5560 [ 153.217368] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.217370] [] ? __lock_acquire+0x1985/0x5560 [ 153.217374] [] ? ___might_sleep+0x331/0x440 [ 153.217377] [] ? __might_sleep+0x90/0x1a0 [ 153.217381] [] do_vfs_ioctl+0x17f/0xe70 [ 153.217384] [] ? selinux_file_ioctl+0x324/0x510 [ 153.217387] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.217390] [] ? __fget+0x1df/0x320 [ 153.217392] [] ? __fget+0x42/0x320 [ 153.217396] [] ? security_file_ioctl+0x6a/0xa0 [ 153.217399] [] SyS_ioctl+0x74/0x80 [ 153.217403] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.217404] Memory state around the buggy address: [ 153.217406] ffffffff85fde180: 00 00 00 00 02 fa fa fa fa fa fa fa 00 00 00 00 [ 153.217409] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.217411] >ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.217412] ^ [ 153.217414] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.217416] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.217417] ================================================================== [ 153.219073] ================================================================== [ 153.219082] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde2e0 [ 153.219084] Read of size 32 by task syz-executor.1/19849 [ 153.219088] Address belongs to variable oid_index+0x240/0x580 [ 153.219092] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.219094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.219100] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.219105] ffff88012787f830 ffffffff85fde2e0 00000000000000af ffff88012787f820 [ 153.219109] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.219110] Call Trace: [ 153.219115] [] dump_stack+0xe6/0x120 [ 153.219119] [] kasan_report_error+0x59a/0x5c0 [ 153.219123] [] kasan_report+0x34/0x40 [ 153.219126] [] ? memcpy+0x1d/0x40 [ 153.219129] [] __asan_loadN+0x12a/0x180 [ 153.219132] [] memcpy+0x1d/0x40 [ 153.219137] [] fbcon_get_font+0x221/0x560 [ 153.219141] [] con_font_op+0x564/0xfa0 [ 153.219144] [] ? con_write+0x90/0x90 [ 153.219148] [] ? selinux_capable+0xd/0x10 [ 153.219152] [] ? security_capable+0x6f/0xa0 [ 153.219158] [] ? ns_capable+0x56/0xc0 [ 153.219161] [] vt_ioctl+0x434/0x24e0 [ 153.219166] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.219170] [] ? complete_change_console+0x300/0x300 [ 153.219173] [] ? plist_del+0xe9/0x1d0 [ 153.219176] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219180] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.219185] [] tty_ioctl+0x5d4/0x20f0 [ 153.219187] [] ? no_tty+0x90/0x90 [ 153.219190] [] ? __lock_acquire+0xca1/0x5560 [ 153.219193] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219195] [] ? __lock_acquire+0x1985/0x5560 [ 153.219200] [] ? ___might_sleep+0x331/0x440 [ 153.219203] [] ? __might_sleep+0x90/0x1a0 [ 153.219216] [] do_vfs_ioctl+0x17f/0xe70 [ 153.219219] [] ? selinux_file_ioctl+0x324/0x510 [ 153.219222] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.219226] [] ? __fget+0x1df/0x320 [ 153.219228] [] ? __fget+0x42/0x320 [ 153.219232] [] ? security_file_ioctl+0x6a/0xa0 [ 153.219234] [] SyS_ioctl+0x74/0x80 [ 153.219239] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.219241] Memory state around the buggy address: [ 153.219243] ffffffff85fde180: 00 00 00 00 02 fa fa fa fa fa fa fa 00 00 00 00 [ 153.219245] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.219247] >ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.219249] ^ [ 153.219251] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.219253] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219254] ================================================================== [ 153.219255] ================================================================== [ 153.219259] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde300 [ 153.219260] Read of size 32 by task syz-executor.1/19849 [ 153.219263] Address belongs to variable oid_index+0x260/0x580 [ 153.219266] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.219267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.219271] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.219275] ffff88012787f830 ffffffff85fde300 00000000000000b0 ffff88012787f820 [ 153.219278] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.219279] Call Trace: [ 153.219281] [] dump_stack+0xe6/0x120 [ 153.219284] [] kasan_report_error+0x59a/0x5c0 [ 153.219288] [] kasan_report+0x34/0x40 [ 153.219290] [] ? memcpy+0x1d/0x40 [ 153.219293] [] __asan_loadN+0x12a/0x180 [ 153.219295] [] memcpy+0x1d/0x40 [ 153.219299] [] fbcon_get_font+0x221/0x560 [ 153.219301] [] con_font_op+0x564/0xfa0 [ 153.219304] [] ? con_write+0x90/0x90 [ 153.219308] [] ? selinux_capable+0xd/0x10 [ 153.219311] [] ? security_capable+0x6f/0xa0 [ 153.219314] [] ? ns_capable+0x56/0xc0 [ 153.219317] [] vt_ioctl+0x434/0x24e0 [ 153.219320] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.219324] [] ? complete_change_console+0x300/0x300 [ 153.219327] [] ? plist_del+0xe9/0x1d0 [ 153.219330] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219333] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.219337] [] tty_ioctl+0x5d4/0x20f0 [ 153.219339] [] ? no_tty+0x90/0x90 [ 153.219341] [] ? __lock_acquire+0xca1/0x5560 [ 153.219344] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219347] [] ? __lock_acquire+0x1985/0x5560 [ 153.219351] [] ? ___might_sleep+0x331/0x440 [ 153.219354] [] ? __might_sleep+0x90/0x1a0 [ 153.219357] [] do_vfs_ioctl+0x17f/0xe70 [ 153.219360] [] ? selinux_file_ioctl+0x324/0x510 [ 153.219364] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.219367] [] ? __fget+0x1df/0x320 [ 153.219369] [] ? __fget+0x42/0x320 [ 153.219373] [] ? security_file_ioctl+0x6a/0xa0 [ 153.219376] [] SyS_ioctl+0x74/0x80 [ 153.219379] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.219381] Memory state around the buggy address: [ 153.219383] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.219385] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.219387] >ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.219389] ^ [ 153.219391] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219393] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219394] ================================================================== [ 153.219395] ================================================================== [ 153.219398] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde320 [ 153.219400] Read of size 32 by task syz-executor.1/19849 [ 153.219403] Address belongs to variable oid_index+0x280/0x580 [ 153.219406] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.219407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.219412] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.219415] ffff88012787f830 ffffffff85fde320 00000000000000b1 ffff88012787f820 [ 153.219419] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.219420] Call Trace: [ 153.219422] [] dump_stack+0xe6/0x120 [ 153.219425] [] kasan_report_error+0x59a/0x5c0 [ 153.219428] [] kasan_report+0x34/0x40 [ 153.219431] [] ? memcpy+0x1d/0x40 [ 153.219434] [] __asan_loadN+0x12a/0x180 [ 153.219436] [] memcpy+0x1d/0x40 [ 153.219440] [] fbcon_get_font+0x221/0x560 [ 153.219443] [] con_font_op+0x564/0xfa0 [ 153.219446] [] ? con_write+0x90/0x90 [ 153.219449] [] ? selinux_capable+0xd/0x10 [ 153.219452] [] ? security_capable+0x6f/0xa0 [ 153.219456] [] ? ns_capable+0x56/0xc0 [ 153.219459] [] vt_ioctl+0x434/0x24e0 [ 153.219462] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.219466] [] ? complete_change_console+0x300/0x300 [ 153.219469] [] ? plist_del+0xe9/0x1d0 [ 153.219472] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219475] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.219483] [] tty_ioctl+0x5d4/0x20f0 [ 153.219486] [] ? no_tty+0x90/0x90 [ 153.219489] [] ? __lock_acquire+0xca1/0x5560 [ 153.219492] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219494] [] ? __lock_acquire+0x1985/0x5560 [ 153.219498] [] ? ___might_sleep+0x331/0x440 [ 153.219501] [] ? __might_sleep+0x90/0x1a0 [ 153.219503] [] do_vfs_ioctl+0x17f/0xe70 [ 153.219506] [] ? selinux_file_ioctl+0x324/0x510 [ 153.219509] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.219511] [] ? __fget+0x1df/0x320 [ 153.219513] [] ? __fget+0x42/0x320 [ 153.219516] [] ? security_file_ioctl+0x6a/0xa0 [ 153.219519] [] SyS_ioctl+0x74/0x80 [ 153.219522] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.219524] Memory state around the buggy address: [ 153.219526] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.219528] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.219530] >ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.219531] ^ [ 153.219532] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219534] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219535] ================================================================== [ 153.219536] ================================================================== [ 153.219539] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde340 [ 153.219541] Read of size 32 by task syz-executor.1/19849 [ 153.219543] Address belongs to variable oid_index+0x2a0/0x580 [ 153.219545] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.219547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.219551] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.219554] ffff88012787f830 ffffffff85fde340 00000000000000b2 ffff88012787f820 [ 153.219557] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.219557] Call Trace: [ 153.219565] [] dump_stack+0xe6/0x120 [ 153.219568] [] kasan_report_error+0x59a/0x5c0 [ 153.219571] [] kasan_report+0x34/0x40 [ 153.219574] [] ? memcpy+0x1d/0x40 [ 153.219577] [] __asan_loadN+0x12a/0x180 [ 153.219580] [] memcpy+0x1d/0x40 [ 153.219584] [] fbcon_get_font+0x221/0x560 [ 153.219586] [] con_font_op+0x564/0xfa0 [ 153.219589] [] ? con_write+0x90/0x90 [ 153.219593] [] ? selinux_capable+0xd/0x10 [ 153.219596] [] ? security_capable+0x6f/0xa0 [ 153.219599] [] ? ns_capable+0x56/0xc0 [ 153.219602] [] vt_ioctl+0x434/0x24e0 [ 153.219606] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.219609] [] ? complete_change_console+0x300/0x300 [ 153.219612] [] ? plist_del+0xe9/0x1d0 [ 153.219615] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219619] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.219622] [] tty_ioctl+0x5d4/0x20f0 [ 153.219625] [] ? no_tty+0x90/0x90 [ 153.219628] [] ? __lock_acquire+0xca1/0x5560 [ 153.219631] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.219633] [] ? __lock_acquire+0x1985/0x5560 [ 153.219637] [] ? ___might_sleep+0x331/0x440 [ 153.219641] [] ? __might_sleep+0x90/0x1a0 [ 153.219644] [] do_vfs_ioctl+0x17f/0xe70 [ 153.219647] [] ? selinux_file_ioctl+0x324/0x510 [ 153.219650] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.219652] [] ? __fget+0x1df/0x320 [ 153.219654] [] ? __fget+0x42/0x320 [ 153.219658] [] ? security_file_ioctl+0x6a/0xa0 [ 153.219660] [] SyS_ioctl+0x74/0x80 [ 153.219663] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.219665] Memory state around the buggy address: [ 153.219666] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.219668] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.219670] >ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.219672] ^ [ 153.219674] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219676] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.219677] ================================================================== [ 153.222280] ================================================================== [ 153.222287] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde360 [ 153.222290] Read of size 32 by task syz-executor.1/19849 [ 153.222294] Address belongs to variable oid_index+0x2c0/0x580 [ 153.222299] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.222300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.222306] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.222310] ffff88012787f830 ffffffff85fde360 00000000000000b3 ffff88012787f820 [ 153.222314] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.222315] Call Trace: [ 153.222321] [] dump_stack+0xe6/0x120 [ 153.222324] [] kasan_report_error+0x59a/0x5c0 [ 153.222328] [] kasan_report+0x34/0x40 [ 153.222331] [] ? memcpy+0x1d/0x40 [ 153.222334] [] __asan_loadN+0x12a/0x180 [ 153.222337] [] memcpy+0x1d/0x40 [ 153.222342] [] fbcon_get_font+0x221/0x560 [ 153.222346] [] con_font_op+0x564/0xfa0 [ 153.222349] [] ? con_write+0x90/0x90 [ 153.222354] [] ? selinux_capable+0xd/0x10 [ 153.222358] [] ? security_capable+0x6f/0xa0 [ 153.222365] [] ? ns_capable+0x56/0xc0 [ 153.222368] [] vt_ioctl+0x434/0x24e0 [ 153.222374] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.222378] [] ? complete_change_console+0x300/0x300 [ 153.222382] [] ? plist_del+0xe9/0x1d0 [ 153.222386] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222389] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.222393] [] tty_ioctl+0x5d4/0x20f0 [ 153.222396] [] ? no_tty+0x90/0x90 [ 153.222399] [] ? __lock_acquire+0xca1/0x5560 [ 153.222402] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222405] [] ? __lock_acquire+0x1985/0x5560 [ 153.222410] [] ? ___might_sleep+0x331/0x440 [ 153.222413] [] ? __might_sleep+0x90/0x1a0 [ 153.222417] [] do_vfs_ioctl+0x17f/0xe70 [ 153.222420] [] ? selinux_file_ioctl+0x324/0x510 [ 153.222423] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.222426] [] ? __fget+0x1df/0x320 [ 153.222429] [] ? __fget+0x42/0x320 [ 153.222433] [] ? security_file_ioctl+0x6a/0xa0 [ 153.222435] [] SyS_ioctl+0x74/0x80 [ 153.222440] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.222442] Memory state around the buggy address: [ 153.222445] ffffffff85fde200: 02 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 153.222447] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.222449] >ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.222451] ^ [ 153.222453] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222455] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222456] ================================================================== [ 153.222458] ================================================================== [ 153.222461] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde380 [ 153.222463] Read of size 32 by task syz-executor.1/19849 [ 153.222465] Address belongs to variable oid_index+0x2e0/0x580 [ 153.222468] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.222469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.222474] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.222478] ffff88012787f830 ffffffff85fde380 00000000000000b4 ffff88012787f820 [ 153.222482] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.222483] Call Trace: [ 153.222486] [] dump_stack+0xe6/0x120 [ 153.222489] [] kasan_report_error+0x59a/0x5c0 [ 153.222493] [] kasan_report+0x34/0x40 [ 153.222496] [] ? memcpy+0x1d/0x40 [ 153.222499] [] __asan_loadN+0x12a/0x180 [ 153.222502] [] memcpy+0x1d/0x40 [ 153.222506] [] fbcon_get_font+0x221/0x560 [ 153.222509] [] con_font_op+0x564/0xfa0 [ 153.222512] [] ? con_write+0x90/0x90 [ 153.222515] [] ? selinux_capable+0xd/0x10 [ 153.222519] [] ? security_capable+0x6f/0xa0 [ 153.222522] [] ? ns_capable+0x56/0xc0 [ 153.222525] [] vt_ioctl+0x434/0x24e0 [ 153.222529] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.222532] [] ? complete_change_console+0x300/0x300 [ 153.222536] [] ? plist_del+0xe9/0x1d0 [ 153.222538] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222542] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.222545] [] tty_ioctl+0x5d4/0x20f0 [ 153.222548] [] ? no_tty+0x90/0x90 [ 153.222551] [] ? __lock_acquire+0xca1/0x5560 [ 153.222554] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222557] [] ? __lock_acquire+0x1985/0x5560 [ 153.222561] [] ? ___might_sleep+0x331/0x440 [ 153.222564] [] ? __might_sleep+0x90/0x1a0 [ 153.222568] [] do_vfs_ioctl+0x17f/0xe70 [ 153.222571] [] ? selinux_file_ioctl+0x324/0x510 [ 153.222574] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.222577] [] ? __fget+0x1df/0x320 [ 153.222579] [] ? __fget+0x42/0x320 [ 153.222583] [] ? security_file_ioctl+0x6a/0xa0 [ 153.222586] [] SyS_ioctl+0x74/0x80 [ 153.222590] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.222591] Memory state around the buggy address: [ 153.222594] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.222596] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.222598] >ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222599] ^ [ 153.222601] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222603] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.222604] ================================================================== [ 153.222605] ================================================================== [ 153.222608] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde3a0 [ 153.222610] Read of size 32 by task syz-executor.1/19849 [ 153.222612] Address belongs to variable oid_index+0x300/0x580 [ 153.222614] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.222616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.222619] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.222622] ffff88012787f830 ffffffff85fde3a0 00000000000000b5 ffff88012787f820 [ 153.222626] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.222627] Call Trace: [ 153.222629] [] dump_stack+0xe6/0x120 [ 153.222632] [] kasan_report_error+0x59a/0x5c0 [ 153.222636] [] kasan_report+0x34/0x40 [ 153.222639] [] ? memcpy+0x1d/0x40 [ 153.222642] [] __asan_loadN+0x12a/0x180 [ 153.222644] [] memcpy+0x1d/0x40 [ 153.222648] [] fbcon_get_font+0x221/0x560 [ 153.222651] [] con_font_op+0x564/0xfa0 [ 153.222654] [] ? con_write+0x90/0x90 [ 153.222657] [] ? selinux_capable+0xd/0x10 [ 153.222660] [] ? security_capable+0x6f/0xa0 [ 153.222664] [] ? ns_capable+0x56/0xc0 [ 153.222667] [] vt_ioctl+0x434/0x24e0 [ 153.222670] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.222673] [] ? complete_change_console+0x300/0x300 [ 153.222676] [] ? plist_del+0xe9/0x1d0 [ 153.222679] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222682] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.222686] [] tty_ioctl+0x5d4/0x20f0 [ 153.222688] [] ? no_tty+0x90/0x90 [ 153.222691] [] ? __lock_acquire+0xca1/0x5560 [ 153.222694] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222697] [] ? __lock_acquire+0x1985/0x5560 [ 153.222701] [] ? ___might_sleep+0x331/0x440 [ 153.222704] [] ? __might_sleep+0x90/0x1a0 [ 153.222707] [] do_vfs_ioctl+0x17f/0xe70 [ 153.222710] [] ? selinux_file_ioctl+0x324/0x510 [ 153.222713] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.222716] [] ? __fget+0x1df/0x320 [ 153.222719] [] ? __fget+0x42/0x320 [ 153.222723] [] ? security_file_ioctl+0x6a/0xa0 [ 153.222726] [] SyS_ioctl+0x74/0x80 [ 153.222729] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.222731] Memory state around the buggy address: [ 153.222733] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.222735] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.222737] >ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222738] ^ [ 153.222740] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222742] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.222743] ================================================================== [ 153.222745] ================================================================== [ 153.222748] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde3c0 [ 153.222749] Read of size 32 by task syz-executor.1/19849 [ 153.222752] Address belongs to variable oid_index+0x320/0x580 [ 153.222754] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.222756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.222760] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.222764] ffff88012787f830 ffffffff85fde3c0 00000000000000b6 ffff88012787f820 [ 153.222768] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.222769] Call Trace: [ 153.222772] [] dump_stack+0xe6/0x120 [ 153.222775] [] kasan_report_error+0x59a/0x5c0 [ 153.222778] [] kasan_report+0x34/0x40 [ 153.222781] [] ? memcpy+0x1d/0x40 [ 153.222784] [] __asan_loadN+0x12a/0x180 [ 153.222787] [] memcpy+0x1d/0x40 [ 153.222791] [] fbcon_get_font+0x221/0x560 [ 153.222793] [] con_font_op+0x564/0xfa0 [ 153.222796] [] ? con_write+0x90/0x90 [ 153.222800] [] ? selinux_capable+0xd/0x10 [ 153.222803] [] ? security_capable+0x6f/0xa0 [ 153.222806] [] ? ns_capable+0x56/0xc0 [ 153.222809] [] vt_ioctl+0x434/0x24e0 [ 153.222813] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.222816] [] ? complete_change_console+0x300/0x300 [ 153.222820] [] ? plist_del+0xe9/0x1d0 [ 153.222823] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222826] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.222830] [] tty_ioctl+0x5d4/0x20f0 [ 153.222832] [] ? no_tty+0x90/0x90 [ 153.222835] [] ? __lock_acquire+0xca1/0x5560 [ 153.222838] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222841] [] ? __lock_acquire+0x1985/0x5560 [ 153.222845] [] ? ___might_sleep+0x331/0x440 [ 153.222848] [] ? __might_sleep+0x90/0x1a0 [ 153.222851] [] do_vfs_ioctl+0x17f/0xe70 [ 153.222854] [] ? selinux_file_ioctl+0x324/0x510 [ 153.222857] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.222861] [] ? __fget+0x1df/0x320 [ 153.222863] [] ? __fget+0x42/0x320 [ 153.222867] [] ? security_file_ioctl+0x6a/0xa0 [ 153.222870] [] SyS_ioctl+0x74/0x80 [ 153.222873] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.222875] Memory state around the buggy address: [ 153.222877] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.222879] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.222882] >ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222883] ^ [ 153.222885] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.222887] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.222888] ================================================================== [ 153.222890] ================================================================== [ 153.222893] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde3e0 [ 153.222894] Read of size 32 by task syz-executor.1/19849 [ 153.222897] Address belongs to variable oid_index+0x340/0x580 [ 153.222899] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.222901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.222905] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.222914] ffff88012787f830 ffffffff85fde3e0 00000000000000b7 ffff88012787f820 [ 153.222918] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.222919] Call Trace: [ 153.222922] [] dump_stack+0xe6/0x120 [ 153.222925] [] kasan_report_error+0x59a/0x5c0 [ 153.222929] [] kasan_report+0x34/0x40 [ 153.222932] [] ? memcpy+0x1d/0x40 [ 153.222939] [] __asan_loadN+0x12a/0x180 [ 153.222942] [] memcpy+0x1d/0x40 [ 153.222946] [] fbcon_get_font+0x221/0x560 [ 153.222949] [] con_font_op+0x564/0xfa0 [ 153.222951] [] ? con_write+0x90/0x90 [ 153.222955] [] ? selinux_capable+0xd/0x10 [ 153.222958] [] ? security_capable+0x6f/0xa0 [ 153.222962] [] ? ns_capable+0x56/0xc0 [ 153.222964] [] vt_ioctl+0x434/0x24e0 [ 153.222968] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.222971] [] ? complete_change_console+0x300/0x300 [ 153.222975] [] ? plist_del+0xe9/0x1d0 [ 153.222977] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222981] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.222985] [] tty_ioctl+0x5d4/0x20f0 [ 153.222987] [] ? no_tty+0x90/0x90 [ 153.222990] [] ? __lock_acquire+0xca1/0x5560 [ 153.222993] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.222996] [] ? __lock_acquire+0x1985/0x5560 [ 153.223000] [] ? ___might_sleep+0x331/0x440 [ 153.223003] [] ? __might_sleep+0x90/0x1a0 [ 153.223007] [] do_vfs_ioctl+0x17f/0xe70 [ 153.223010] [] ? selinux_file_ioctl+0x324/0x510 [ 153.223013] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.223016] [] ? __fget+0x1df/0x320 [ 153.223018] [] ? __fget+0x42/0x320 [ 153.223021] [] ? security_file_ioctl+0x6a/0xa0 [ 153.223024] [] SyS_ioctl+0x74/0x80 [ 153.223028] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.223029] Memory state around the buggy address: [ 153.223032] ffffffff85fde280: 01 fa fa fa fa fa fa fa 00 00 02 fa fa fa fa fa [ 153.223034] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.223036] >ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.223037] ^ [ 153.223039] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.223041] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.223042] ================================================================== [ 153.224455] ================================================================== [ 153.224462] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde400 [ 153.224464] Read of size 32 by task syz-executor.1/19849 [ 153.224469] Address belongs to variable oid_index+0x360/0x580 [ 153.224473] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.224474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.224486] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.224490] ffff88012787f830 ffffffff85fde400 00000000000000b8 ffff88012787f820 [ 153.224494] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.224495] Call Trace: [ 153.224500] [] dump_stack+0xe6/0x120 [ 153.224503] [] kasan_report_error+0x59a/0x5c0 [ 153.224507] [] kasan_report+0x34/0x40 [ 153.224510] [] ? memcpy+0x1d/0x40 [ 153.224513] [] __asan_loadN+0x12a/0x180 [ 153.224516] [] memcpy+0x1d/0x40 [ 153.224521] [] fbcon_get_font+0x221/0x560 [ 153.224525] [] con_font_op+0x564/0xfa0 [ 153.224528] [] ? con_write+0x90/0x90 [ 153.224533] [] ? selinux_capable+0xd/0x10 [ 153.224537] [] ? security_capable+0x6f/0xa0 [ 153.224541] [] ? ns_capable+0x56/0xc0 [ 153.224546] [] vt_ioctl+0x434/0x24e0 [ 153.224551] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.224554] [] ? complete_change_console+0x300/0x300 [ 153.224558] [] ? plist_del+0xe9/0x1d0 [ 153.224561] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224565] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.224569] [] tty_ioctl+0x5d4/0x20f0 [ 153.224572] [] ? no_tty+0x90/0x90 [ 153.224575] [] ? __lock_acquire+0xca1/0x5560 [ 153.224577] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224580] [] ? __lock_acquire+0x1985/0x5560 [ 153.224584] [] ? ___might_sleep+0x331/0x440 [ 153.224587] [] ? __might_sleep+0x90/0x1a0 [ 153.224591] [] do_vfs_ioctl+0x17f/0xe70 [ 153.224594] [] ? selinux_file_ioctl+0x324/0x510 [ 153.224596] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.224599] [] ? __fget+0x1df/0x320 [ 153.224601] [] ? __fget+0x42/0x320 [ 153.224604] [] ? security_file_ioctl+0x6a/0xa0 [ 153.224607] [] SyS_ioctl+0x74/0x80 [ 153.224610] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.224612] Memory state around the buggy address: [ 153.224614] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.224616] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224618] >ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224619] ^ [ 153.224621] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.224622] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.224623] ================================================================== [ 153.224624] ================================================================== [ 153.224627] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde420 [ 153.224629] Read of size 32 by task syz-executor.1/19849 [ 153.224631] Address belongs to variable oid_index+0x380/0x580 [ 153.224633] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.224634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.224637] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.224639] ffff88012787f830 ffffffff85fde420 00000000000000b9 ffff88012787f820 [ 153.224641] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.224642] Call Trace: [ 153.224644] [] dump_stack+0xe6/0x120 [ 153.224646] [] kasan_report_error+0x59a/0x5c0 [ 153.224648] [] kasan_report+0x34/0x40 [ 153.224650] [] ? memcpy+0x1d/0x40 [ 153.224652] [] __asan_loadN+0x12a/0x180 [ 153.224654] [] memcpy+0x1d/0x40 [ 153.224656] [] fbcon_get_font+0x221/0x560 [ 153.224658] [] con_font_op+0x564/0xfa0 [ 153.224660] [] ? con_write+0x90/0x90 [ 153.224662] [] ? selinux_capable+0xd/0x10 [ 153.224664] [] ? security_capable+0x6f/0xa0 [ 153.224667] [] ? ns_capable+0x56/0xc0 [ 153.224668] [] vt_ioctl+0x434/0x24e0 [ 153.224671] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.224673] [] ? complete_change_console+0x300/0x300 [ 153.224675] [] ? plist_del+0xe9/0x1d0 [ 153.224677] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224679] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.224681] [] tty_ioctl+0x5d4/0x20f0 [ 153.224683] [] ? no_tty+0x90/0x90 [ 153.224684] [] ? __lock_acquire+0xca1/0x5560 [ 153.224686] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224688] [] ? __lock_acquire+0x1985/0x5560 [ 153.224690] [] ? ___might_sleep+0x331/0x440 [ 153.224692] [] ? __might_sleep+0x90/0x1a0 [ 153.224694] [] do_vfs_ioctl+0x17f/0xe70 [ 153.224696] [] ? selinux_file_ioctl+0x324/0x510 [ 153.224698] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.224700] [] ? __fget+0x1df/0x320 [ 153.224701] [] ? __fget+0x42/0x320 [ 153.224704] [] ? security_file_ioctl+0x6a/0xa0 [ 153.224705] [] SyS_ioctl+0x74/0x80 [ 153.224708] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.224709] Memory state around the buggy address: [ 153.224710] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.224711] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224712] >ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224713] ^ [ 153.224714] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.224716] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.224721] ================================================================== [ 153.224743] ================================================================== [ 153.224745] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde440 [ 153.224747] Read of size 32 by task syz-executor.1/19849 [ 153.224749] Address belongs to variable oid_index+0x3a0/0x580 [ 153.224751] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.224752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.224756] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.224759] ffff88012787f830 ffffffff85fde440 00000000000000ba ffff88012787f820 [ 153.224762] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.224763] Call Trace: [ 153.224765] [] dump_stack+0xe6/0x120 [ 153.224768] [] kasan_report_error+0x59a/0x5c0 [ 153.224771] [] kasan_report+0x34/0x40 [ 153.224774] [] ? memcpy+0x1d/0x40 [ 153.224776] [] __asan_loadN+0x12a/0x180 [ 153.224778] [] memcpy+0x1d/0x40 [ 153.224782] [] fbcon_get_font+0x221/0x560 [ 153.224784] [] con_font_op+0x564/0xfa0 [ 153.224787] [] ? con_write+0x90/0x90 [ 153.224790] [] ? selinux_capable+0xd/0x10 [ 153.224793] [] ? security_capable+0x6f/0xa0 [ 153.224796] [] ? ns_capable+0x56/0xc0 [ 153.224799] [] vt_ioctl+0x434/0x24e0 [ 153.224803] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.224806] [] ? complete_change_console+0x300/0x300 [ 153.224809] [] ? plist_del+0xe9/0x1d0 [ 153.224812] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224816] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.224819] [] tty_ioctl+0x5d4/0x20f0 [ 153.224822] [] ? no_tty+0x90/0x90 [ 153.224825] [] ? __lock_acquire+0xca1/0x5560 [ 153.224828] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.224830] [] ? __lock_acquire+0x1985/0x5560 [ 153.224834] [] ? ___might_sleep+0x331/0x440 [ 153.224838] [] ? __might_sleep+0x90/0x1a0 [ 153.224840] [] do_vfs_ioctl+0x17f/0xe70 [ 153.224843] [] ? selinux_file_ioctl+0x324/0x510 [ 153.224846] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.224849] [] ? __fget+0x1df/0x320 [ 153.224851] [] ? __fget+0x42/0x320 [ 153.224854] [] ? security_file_ioctl+0x6a/0xa0 [ 153.224857] [] SyS_ioctl+0x74/0x80 [ 153.224861] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.224862] Memory state around the buggy address: [ 153.224864] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.224866] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224868] >ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.224869] ^ [ 153.224871] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.224872] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.224873] ================================================================== [ 153.225537] ================================================================== [ 153.225542] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde460 [ 153.225544] Read of size 32 by task syz-executor.1/19849 [ 153.225546] Address belongs to variable oid_index+0x3c0/0x580 [ 153.225549] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.225550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.225553] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.225555] ffff88012787f830 ffffffff85fde460 00000000000000bb ffff88012787f820 [ 153.225558] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.225558] Call Trace: [ 153.225561] [] dump_stack+0xe6/0x120 [ 153.225563] [] kasan_report_error+0x59a/0x5c0 [ 153.225565] [] kasan_report+0x34/0x40 [ 153.225567] [] ? memcpy+0x1d/0x40 [ 153.225569] [] __asan_loadN+0x12a/0x180 [ 153.225571] [] memcpy+0x1d/0x40 [ 153.225575] [] fbcon_get_font+0x221/0x560 [ 153.225577] [] con_font_op+0x564/0xfa0 [ 153.225579] [] ? con_write+0x90/0x90 [ 153.225582] [] ? selinux_capable+0xd/0x10 [ 153.225585] [] ? security_capable+0x6f/0xa0 [ 153.225588] [] ? ns_capable+0x56/0xc0 [ 153.225590] [] vt_ioctl+0x434/0x24e0 [ 153.225593] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.225595] [] ? complete_change_console+0x300/0x300 [ 153.225597] [] ? plist_del+0xe9/0x1d0 [ 153.225600] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225602] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.225605] [] tty_ioctl+0x5d4/0x20f0 [ 153.225606] [] ? no_tty+0x90/0x90 [ 153.225608] [] ? __lock_acquire+0xca1/0x5560 [ 153.225610] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225611] [] ? __lock_acquire+0x1985/0x5560 [ 153.225614] [] ? ___might_sleep+0x331/0x440 [ 153.225616] [] ? __might_sleep+0x90/0x1a0 [ 153.225618] [] do_vfs_ioctl+0x17f/0xe70 [ 153.225620] [] ? selinux_file_ioctl+0x324/0x510 [ 153.225622] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.225624] [] ? __fget+0x1df/0x320 [ 153.225625] [] ? __fget+0x42/0x320 [ 153.225628] [] ? security_file_ioctl+0x6a/0xa0 [ 153.225630] [] SyS_ioctl+0x74/0x80 [ 153.225633] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.225634] Memory state around the buggy address: [ 153.225635] ffffffff85fde300: 04 fa fa fa fa fa fa fa 00 01 fa fa fa fa fa fa [ 153.225637] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225638] >ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225639] ^ [ 153.225640] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.225641] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.225642] ================================================================== [ 153.225643] ================================================================== [ 153.225645] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde480 [ 153.225646] Read of size 32 by task syz-executor.1/19849 [ 153.225648] Address belongs to variable oid_index+0x3e0/0x580 [ 153.225649] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.225650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.225652] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.225655] ffff88012787f830 ffffffff85fde480 00000000000000bc ffff88012787f820 [ 153.225657] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.225657] Call Trace: [ 153.225659] [] dump_stack+0xe6/0x120 [ 153.225661] [] kasan_report_error+0x59a/0x5c0 [ 153.225663] [] kasan_report+0x34/0x40 [ 153.225665] [] ? memcpy+0x1d/0x40 [ 153.225667] [] __asan_loadN+0x12a/0x180 [ 153.225669] [] memcpy+0x1d/0x40 [ 153.225671] [] fbcon_get_font+0x221/0x560 [ 153.225673] [] con_font_op+0x564/0xfa0 [ 153.225675] [] ? con_write+0x90/0x90 [ 153.225677] [] ? selinux_capable+0xd/0x10 [ 153.225679] [] ? security_capable+0x6f/0xa0 [ 153.225682] [] ? ns_capable+0x56/0xc0 [ 153.225683] [] vt_ioctl+0x434/0x24e0 [ 153.225686] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.225688] [] ? complete_change_console+0x300/0x300 [ 153.225690] [] ? plist_del+0xe9/0x1d0 [ 153.225692] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225694] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.225696] [] tty_ioctl+0x5d4/0x20f0 [ 153.225698] [] ? no_tty+0x90/0x90 [ 153.225699] [] ? __lock_acquire+0xca1/0x5560 [ 153.225701] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225702] [] ? __lock_acquire+0x1985/0x5560 [ 153.225705] [] ? ___might_sleep+0x331/0x440 [ 153.225707] [] ? __might_sleep+0x90/0x1a0 [ 153.225709] [] do_vfs_ioctl+0x17f/0xe70 [ 153.225711] [] ? selinux_file_ioctl+0x324/0x510 [ 153.225713] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.225715] [] ? __fget+0x1df/0x320 [ 153.225716] [] ? __fget+0x42/0x320 [ 153.225719] [] ? security_file_ioctl+0x6a/0xa0 [ 153.225721] [] SyS_ioctl+0x74/0x80 [ 153.225723] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.225724] Memory state around the buggy address: [ 153.225725] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225726] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225727] >ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.225728] ^ [ 153.225729] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.225730] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.225731] ================================================================== [ 153.225732] ================================================================== [ 153.225733] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde4a0 [ 153.225734] Read of size 32 by task syz-executor.1/19849 [ 153.225736] Address belongs to variable oid_index+0x400/0x580 [ 153.225737] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.225738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.225740] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.225743] ffff88012787f830 ffffffff85fde4a0 00000000000000bd ffff88012787f820 [ 153.225745] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.225745] Call Trace: [ 153.225747] [] dump_stack+0xe6/0x120 [ 153.225749] [] kasan_report_error+0x59a/0x5c0 [ 153.225751] [] kasan_report+0x34/0x40 [ 153.225753] [] ? memcpy+0x1d/0x40 [ 153.225755] [] __asan_loadN+0x12a/0x180 [ 153.225757] [] memcpy+0x1d/0x40 [ 153.225759] [] fbcon_get_font+0x221/0x560 [ 153.225761] [] con_font_op+0x564/0xfa0 [ 153.225763] [] ? con_write+0x90/0x90 [ 153.225765] [] ? selinux_capable+0xd/0x10 [ 153.225767] [] ? security_capable+0x6f/0xa0 [ 153.225769] [] ? ns_capable+0x56/0xc0 [ 153.225771] [] vt_ioctl+0x434/0x24e0 [ 153.225774] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.225776] [] ? complete_change_console+0x300/0x300 [ 153.225778] [] ? plist_del+0xe9/0x1d0 [ 153.225779] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225782] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.225784] [] tty_ioctl+0x5d4/0x20f0 [ 153.225785] [] ? no_tty+0x90/0x90 [ 153.225787] [] ? __lock_acquire+0xca1/0x5560 [ 153.225788] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225790] [] ? __lock_acquire+0x1985/0x5560 [ 153.225792] [] ? ___might_sleep+0x331/0x440 [ 153.225794] [] ? __might_sleep+0x90/0x1a0 [ 153.225796] [] do_vfs_ioctl+0x17f/0xe70 [ 153.225799] [] ? selinux_file_ioctl+0x324/0x510 [ 153.225800] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.225802] [] ? __fget+0x1df/0x320 [ 153.225804] [] ? __fget+0x42/0x320 [ 153.225806] [] ? security_file_ioctl+0x6a/0xa0 [ 153.225808] [] SyS_ioctl+0x74/0x80 [ 153.225810] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.225811] Memory state around the buggy address: [ 153.225812] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225814] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225815] >ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.225815] ^ [ 153.225816] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.225818] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.225818] ================================================================== [ 153.225819] ================================================================== [ 153.225821] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde4c0 [ 153.225822] Read of size 32 by task syz-executor.1/19849 [ 153.225823] Address belongs to variable oid_index+0x420/0x580 [ 153.225825] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.225825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.225828] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.225830] ffff88012787f830 ffffffff85fde4c0 00000000000000be ffff88012787f820 [ 153.225832] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.225833] Call Trace: [ 153.225834] [] dump_stack+0xe6/0x120 [ 153.225837] [] kasan_report_error+0x59a/0x5c0 [ 153.225839] [] kasan_report+0x34/0x40 [ 153.225841] [] ? memcpy+0x1d/0x40 [ 153.225842] [] __asan_loadN+0x12a/0x180 [ 153.225844] [] memcpy+0x1d/0x40 [ 153.225847] [] fbcon_get_font+0x221/0x560 [ 153.225848] [] con_font_op+0x564/0xfa0 [ 153.225850] [] ? con_write+0x90/0x90 [ 153.225852] [] ? selinux_capable+0xd/0x10 [ 153.225854] [] ? security_capable+0x6f/0xa0 [ 153.225857] [] ? ns_capable+0x56/0xc0 [ 153.225859] [] vt_ioctl+0x434/0x24e0 [ 153.225861] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.225863] [] ? complete_change_console+0x300/0x300 [ 153.225865] [] ? plist_del+0xe9/0x1d0 [ 153.225867] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225869] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.225871] [] tty_ioctl+0x5d4/0x20f0 [ 153.225873] [] ? no_tty+0x90/0x90 [ 153.225874] [] ? __lock_acquire+0xca1/0x5560 [ 153.225876] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225877] [] ? __lock_acquire+0x1985/0x5560 [ 153.225880] [] ? ___might_sleep+0x331/0x440 [ 153.225882] [] ? __might_sleep+0x90/0x1a0 [ 153.225884] [] do_vfs_ioctl+0x17f/0xe70 [ 153.225886] [] ? selinux_file_ioctl+0x324/0x510 [ 153.225888] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.225889] [] ? __fget+0x1df/0x320 [ 153.225891] [] ? __fget+0x42/0x320 [ 153.225893] [] ? security_file_ioctl+0x6a/0xa0 [ 153.225895] [] SyS_ioctl+0x74/0x80 [ 153.225897] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.225898] Memory state around the buggy address: [ 153.225899] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225901] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225902] >ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.225902] ^ [ 153.225904] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.225905] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.225905] ================================================================== [ 153.225906] ================================================================== [ 153.225908] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde4e0 [ 153.225909] Read of size 32 by task syz-executor.1/19849 [ 153.225911] Address belongs to variable oid_index+0x440/0x580 [ 153.225912] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.225913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.225915] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.225917] ffff88012787f830 ffffffff85fde4e0 00000000000000bf ffff88012787f820 [ 153.225919] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.225920] Call Trace: [ 153.225922] [] dump_stack+0xe6/0x120 [ 153.225924] [] kasan_report_error+0x59a/0x5c0 [ 153.225926] [] kasan_report+0x34/0x40 [ 153.225928] [] ? memcpy+0x1d/0x40 [ 153.225930] [] __asan_loadN+0x12a/0x180 [ 153.225931] [] memcpy+0x1d/0x40 [ 153.225939] [] fbcon_get_font+0x221/0x560 [ 153.225940] [] con_font_op+0x564/0xfa0 [ 153.225942] [] ? con_write+0x90/0x90 [ 153.225944] [] ? selinux_capable+0xd/0x10 [ 153.225946] [] ? security_capable+0x6f/0xa0 [ 153.225949] [] ? ns_capable+0x56/0xc0 [ 153.225951] [] vt_ioctl+0x434/0x24e0 [ 153.225953] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.225955] [] ? complete_change_console+0x300/0x300 [ 153.225957] [] ? plist_del+0xe9/0x1d0 [ 153.225959] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225961] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.225963] [] tty_ioctl+0x5d4/0x20f0 [ 153.225965] [] ? no_tty+0x90/0x90 [ 153.225966] [] ? __lock_acquire+0xca1/0x5560 [ 153.225968] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.225970] [] ? __lock_acquire+0x1985/0x5560 [ 153.225972] [] ? ___might_sleep+0x331/0x440 [ 153.225974] [] ? __might_sleep+0x90/0x1a0 [ 153.225976] [] do_vfs_ioctl+0x17f/0xe70 [ 153.225978] [] ? selinux_file_ioctl+0x324/0x510 [ 153.225980] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.225982] [] ? __fget+0x1df/0x320 [ 153.225983] [] ? __fget+0x42/0x320 [ 153.225985] [] ? security_file_ioctl+0x6a/0xa0 [ 153.225987] [] SyS_ioctl+0x74/0x80 [ 153.225989] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.225991] Memory state around the buggy address: [ 153.225992] ffffffff85fde380: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225993] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.225994] >ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.225995] ^ [ 153.225996] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.225997] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.225998] ================================================================== [ 153.225998] ================================================================== [ 153.226000] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde520 [ 153.226001] Read of size 32 by task syz-executor.1/19849 [ 153.226003] Address belongs to variable oid_index+0x480/0x580 [ 153.226004] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226007] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226010] ffff88012787f830 ffffffff85fde520 00000000000000c1 ffff88012787f820 [ 153.226012] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226012] Call Trace: [ 153.226014] [] dump_stack+0xe6/0x120 [ 153.226016] [] kasan_report_error+0x59a/0x5c0 [ 153.226018] [] kasan_report+0x34/0x40 [ 153.226020] [] ? memcpy+0x1d/0x40 [ 153.226022] [] __asan_loadN+0x12a/0x180 [ 153.226024] [] memcpy+0x1d/0x40 [ 153.226026] [] fbcon_get_font+0x221/0x560 [ 153.226028] [] con_font_op+0x564/0xfa0 [ 153.226029] [] ? con_write+0x90/0x90 [ 153.226032] [] ? selinux_capable+0xd/0x10 [ 153.226034] [] ? security_capable+0x6f/0xa0 [ 153.226036] [] ? ns_capable+0x56/0xc0 [ 153.226038] [] vt_ioctl+0x434/0x24e0 [ 153.226040] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226042] [] ? complete_change_console+0x300/0x300 [ 153.226044] [] ? plist_del+0xe9/0x1d0 [ 153.226046] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226048] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226050] [] tty_ioctl+0x5d4/0x20f0 [ 153.226052] [] ? no_tty+0x90/0x90 [ 153.226053] [] ? __lock_acquire+0xca1/0x5560 [ 153.226055] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226057] [] ? __lock_acquire+0x1985/0x5560 [ 153.226059] [] ? ___might_sleep+0x331/0x440 [ 153.226061] [] ? __might_sleep+0x90/0x1a0 [ 153.226063] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226065] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226067] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226068] [] ? __fget+0x1df/0x320 [ 153.226070] [] ? __fget+0x42/0x320 [ 153.226072] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226074] [] SyS_ioctl+0x74/0x80 [ 153.226076] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226077] Memory state around the buggy address: [ 153.226078] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.226080] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.226081] >ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226081] ^ [ 153.226083] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226084] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226084] ================================================================== [ 153.226085] ================================================================== [ 153.226087] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde540 [ 153.226088] Read of size 32 by task syz-executor.1/19849 [ 153.226089] Address belongs to variable oid_index+0x4a0/0x580 [ 153.226091] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226094] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226096] ffff88012787f830 ffffffff85fde540 00000000000000c2 ffff88012787f820 [ 153.226098] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226099] Call Trace: [ 153.226100] [] dump_stack+0xe6/0x120 [ 153.226102] [] kasan_report_error+0x59a/0x5c0 [ 153.226105] [] kasan_report+0x34/0x40 [ 153.226107] [] ? memcpy+0x1d/0x40 [ 153.226108] [] __asan_loadN+0x12a/0x180 [ 153.226110] [] memcpy+0x1d/0x40 [ 153.226112] [] fbcon_get_font+0x221/0x560 [ 153.226114] [] con_font_op+0x564/0xfa0 [ 153.226116] [] ? con_write+0x90/0x90 [ 153.226118] [] ? selinux_capable+0xd/0x10 [ 153.226120] [] ? security_capable+0x6f/0xa0 [ 153.226122] [] ? ns_capable+0x56/0xc0 [ 153.226124] [] vt_ioctl+0x434/0x24e0 [ 153.226127] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226129] [] ? complete_change_console+0x300/0x300 [ 153.226131] [] ? plist_del+0xe9/0x1d0 [ 153.226132] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226135] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226136] [] tty_ioctl+0x5d4/0x20f0 [ 153.226138] [] ? no_tty+0x90/0x90 [ 153.226140] [] ? __lock_acquire+0xca1/0x5560 [ 153.226141] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226143] [] ? __lock_acquire+0x1985/0x5560 [ 153.226145] [] ? ___might_sleep+0x331/0x440 [ 153.226147] [] ? __might_sleep+0x90/0x1a0 [ 153.226149] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226151] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226153] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226155] [] ? __fget+0x1df/0x320 [ 153.226156] [] ? __fget+0x42/0x320 [ 153.226159] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226160] [] SyS_ioctl+0x74/0x80 [ 153.226163] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226164] Memory state around the buggy address: [ 153.226165] ffffffff85fde400: 07 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 153.226166] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.226167] >ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226168] ^ [ 153.226169] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226170] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226171] ================================================================== [ 153.226171] ================================================================== [ 153.226173] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde580 [ 153.226174] Read of size 32 by task syz-executor.1/19849 [ 153.226176] Address belongs to variable oid_index+0x4e0/0x580 [ 153.226177] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226180] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226182] ffff88012787f830 ffffffff85fde580 00000000000000c4 ffff88012787f820 [ 153.226185] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226185] Call Trace: [ 153.226187] [] dump_stack+0xe6/0x120 [ 153.226189] [] kasan_report_error+0x59a/0x5c0 [ 153.226191] [] kasan_report+0x34/0x40 [ 153.226193] [] ? memcpy+0x1d/0x40 [ 153.226195] [] __asan_loadN+0x12a/0x180 [ 153.226196] [] memcpy+0x1d/0x40 [ 153.226199] [] fbcon_get_font+0x221/0x560 [ 153.226201] [] con_font_op+0x564/0xfa0 [ 153.226202] [] ? con_write+0x90/0x90 [ 153.226204] [] ? selinux_capable+0xd/0x10 [ 153.226207] [] ? security_capable+0x6f/0xa0 [ 153.226209] [] ? ns_capable+0x56/0xc0 [ 153.226211] [] vt_ioctl+0x434/0x24e0 [ 153.226213] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226215] [] ? complete_change_console+0x300/0x300 [ 153.226217] [] ? plist_del+0xe9/0x1d0 [ 153.226219] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226221] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226223] [] tty_ioctl+0x5d4/0x20f0 [ 153.226224] [] ? no_tty+0x90/0x90 [ 153.226226] [] ? __lock_acquire+0xca1/0x5560 [ 153.226228] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226229] [] ? __lock_acquire+0x1985/0x5560 [ 153.226232] [] ? ___might_sleep+0x331/0x440 [ 153.226234] [] ? __might_sleep+0x90/0x1a0 [ 153.226236] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226238] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226239] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226241] [] ? __fget+0x1df/0x320 [ 153.226242] [] ? __fget+0x42/0x320 [ 153.226245] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226247] [] SyS_ioctl+0x74/0x80 [ 153.226249] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226250] Memory state around the buggy address: [ 153.226251] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.226252] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226253] >ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226254] ^ [ 153.226255] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226256] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.226257] ================================================================== [ 153.226257] ================================================================== [ 153.226259] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde5a0 [ 153.226260] Read of size 32 by task syz-executor.1/19849 [ 153.226262] Address belongs to variable oid_index+0x500/0x580 [ 153.226266] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226269] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226272] ffff88012787f830 ffffffff85fde5a0 00000000000000c5 ffff88012787f820 [ 153.226274] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226274] Call Trace: [ 153.226276] [] dump_stack+0xe6/0x120 [ 153.226278] [] kasan_report_error+0x59a/0x5c0 [ 153.226280] [] kasan_report+0x34/0x40 [ 153.226282] [] ? memcpy+0x1d/0x40 [ 153.226284] [] __asan_loadN+0x12a/0x180 [ 153.226286] [] memcpy+0x1d/0x40 [ 153.226288] [] fbcon_get_font+0x221/0x560 [ 153.226290] [] con_font_op+0x564/0xfa0 [ 153.226292] [] ? con_write+0x90/0x90 [ 153.226294] [] ? selinux_capable+0xd/0x10 [ 153.226296] [] ? security_capable+0x6f/0xa0 [ 153.226298] [] ? ns_capable+0x56/0xc0 [ 153.226300] [] vt_ioctl+0x434/0x24e0 [ 153.226303] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226305] [] ? complete_change_console+0x300/0x300 [ 153.226307] [] ? plist_del+0xe9/0x1d0 [ 153.226308] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226311] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226312] [] tty_ioctl+0x5d4/0x20f0 [ 153.226314] [] ? no_tty+0x90/0x90 [ 153.226316] [] ? __lock_acquire+0xca1/0x5560 [ 153.226317] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226319] [] ? __lock_acquire+0x1985/0x5560 [ 153.226321] [] ? ___might_sleep+0x331/0x440 [ 153.226323] [] ? __might_sleep+0x90/0x1a0 [ 153.226325] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226327] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226329] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226331] [] ? __fget+0x1df/0x320 [ 153.226332] [] ? __fget+0x42/0x320 [ 153.226335] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226336] [] SyS_ioctl+0x74/0x80 [ 153.226339] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226339] Memory state around the buggy address: [ 153.226341] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.226342] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226343] >ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226344] ^ [ 153.226345] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226346] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.226346] ================================================================== [ 153.226357] ================================================================== [ 153.226360] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde5e0 [ 153.226361] Read of size 32 by task syz-executor.1/19849 [ 153.226364] Address belongs to variable oid_index+0x540/0x580 [ 153.226366] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226370] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226374] ffff88012787f830 ffffffff85fde5e0 00000000000000c7 ffff88012787f820 [ 153.226378] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226378] Call Trace: [ 153.226381] [] dump_stack+0xe6/0x120 [ 153.226384] [] kasan_report_error+0x59a/0x5c0 [ 153.226388] [] kasan_report+0x34/0x40 [ 153.226390] [] ? memcpy+0x1d/0x40 [ 153.226392] [] __asan_loadN+0x12a/0x180 [ 153.226394] [] memcpy+0x1d/0x40 [ 153.226396] [] fbcon_get_font+0x221/0x560 [ 153.226398] [] con_font_op+0x564/0xfa0 [ 153.226400] [] ? con_write+0x90/0x90 [ 153.226402] [] ? selinux_capable+0xd/0x10 [ 153.226404] [] ? security_capable+0x6f/0xa0 [ 153.226406] [] ? ns_capable+0x56/0xc0 [ 153.226408] [] vt_ioctl+0x434/0x24e0 [ 153.226411] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226413] [] ? complete_change_console+0x300/0x300 [ 153.226415] [] ? plist_del+0xe9/0x1d0 [ 153.226417] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226419] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226421] [] tty_ioctl+0x5d4/0x20f0 [ 153.226422] [] ? no_tty+0x90/0x90 [ 153.226424] [] ? __lock_acquire+0xca1/0x5560 [ 153.226426] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226427] [] ? __lock_acquire+0x1985/0x5560 [ 153.226430] [] ? ___might_sleep+0x331/0x440 [ 153.226432] [] ? __might_sleep+0x90/0x1a0 [ 153.226434] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226436] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226438] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226440] [] ? __fget+0x1df/0x320 [ 153.226441] [] ? __fget+0x42/0x320 [ 153.226443] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226445] [] SyS_ioctl+0x74/0x80 [ 153.226447] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226448] Memory state around the buggy address: [ 153.226450] ffffffff85fde480: 00 00 00 05 fa fa fa fa 00 00 00 fa fa fa fa fa [ 153.226451] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226452] >ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226453] ^ [ 153.226454] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226455] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.226455] ================================================================== [ 153.226456] ================================================================== [ 153.226458] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde600 [ 153.226459] Read of size 32 by task syz-executor.1/19849 [ 153.226460] Address belongs to variable oid_index+0x560/0x580 [ 153.226462] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226465] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226467] ffff88012787f830 ffffffff85fde600 00000000000000c8 ffff88012787f820 [ 153.226469] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226470] Call Trace: [ 153.226471] [] dump_stack+0xe6/0x120 [ 153.226473] [] kasan_report_error+0x59a/0x5c0 [ 153.226476] [] kasan_report+0x34/0x40 [ 153.226478] [] ? memcpy+0x1d/0x40 [ 153.226479] [] __asan_loadN+0x12a/0x180 [ 153.226481] [] memcpy+0x1d/0x40 [ 153.226484] [] fbcon_get_font+0x221/0x560 [ 153.226485] [] con_font_op+0x564/0xfa0 [ 153.226487] [] ? con_write+0x90/0x90 [ 153.226489] [] ? selinux_capable+0xd/0x10 [ 153.226491] [] ? security_capable+0x6f/0xa0 [ 153.226494] [] ? ns_capable+0x56/0xc0 [ 153.226496] [] vt_ioctl+0x434/0x24e0 [ 153.226498] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226500] [] ? complete_change_console+0x300/0x300 [ 153.226502] [] ? plist_del+0xe9/0x1d0 [ 153.226504] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226506] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226508] [] tty_ioctl+0x5d4/0x20f0 [ 153.226509] [] ? no_tty+0x90/0x90 [ 153.226511] [] ? __lock_acquire+0xca1/0x5560 [ 153.226513] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226514] [] ? __lock_acquire+0x1985/0x5560 [ 153.226517] [] ? ___might_sleep+0x331/0x440 [ 153.226519] [] ? __might_sleep+0x90/0x1a0 [ 153.226521] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226523] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226525] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226526] [] ? __fget+0x1df/0x320 [ 153.226528] [] ? __fget+0x42/0x320 [ 153.226530] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226532] [] SyS_ioctl+0x74/0x80 [ 153.226535] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226536] Memory state around the buggy address: [ 153.226537] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226538] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226539] >ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226540] ^ [ 153.226541] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.226542] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.226543] ================================================================== [ 153.226543] ================================================================== [ 153.226545] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde620 [ 153.226546] Read of size 32 by task syz-executor.1/19849 [ 153.226548] Address belongs to variable __func__.34671+0x0/0x40 [ 153.226549] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.226550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.226552] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.226555] ffff88012787f830 ffffffff85fde620 00000000000000c9 ffff88012787f820 [ 153.226557] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.226557] Call Trace: [ 153.226559] [] dump_stack+0xe6/0x120 [ 153.226561] [] kasan_report_error+0x59a/0x5c0 [ 153.226568] [] kasan_report+0x34/0x40 [ 153.226571] [] ? memcpy+0x1d/0x40 [ 153.226573] [] __asan_loadN+0x12a/0x180 [ 153.226576] [] memcpy+0x1d/0x40 [ 153.226580] [] fbcon_get_font+0x221/0x560 [ 153.226582] [] con_font_op+0x564/0xfa0 [ 153.226585] [] ? con_write+0x90/0x90 [ 153.226588] [] ? selinux_capable+0xd/0x10 [ 153.226591] [] ? security_capable+0x6f/0xa0 [ 153.226595] [] ? ns_capable+0x56/0xc0 [ 153.226598] [] vt_ioctl+0x434/0x24e0 [ 153.226601] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.226604] [] ? complete_change_console+0x300/0x300 [ 153.226608] [] ? plist_del+0xe9/0x1d0 [ 153.226610] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226614] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.226617] [] tty_ioctl+0x5d4/0x20f0 [ 153.226619] [] ? no_tty+0x90/0x90 [ 153.226620] [] ? __lock_acquire+0xca1/0x5560 [ 153.226622] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.226623] [] ? __lock_acquire+0x1985/0x5560 [ 153.226626] [] ? ___might_sleep+0x331/0x440 [ 153.226628] [] ? __might_sleep+0x90/0x1a0 [ 153.226630] [] do_vfs_ioctl+0x17f/0xe70 [ 153.226632] [] ? selinux_file_ioctl+0x324/0x510 [ 153.226634] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.226636] [] ? __fget+0x1df/0x320 [ 153.226637] [] ? __fget+0x42/0x320 [ 153.226640] [] ? security_file_ioctl+0x6a/0xa0 [ 153.226641] [] SyS_ioctl+0x74/0x80 [ 153.226644] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.226645] Memory state around the buggy address: [ 153.226646] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.226647] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.226648] >ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.226649] ^ [ 153.226650] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.226651] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.226652] ================================================================== [ 153.227774] ================================================================== [ 153.227780] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde640 [ 153.227782] Read of size 32 by task syz-executor.1/19849 [ 153.227784] Address belongs to variable __func__.34671+0x20/0x40 [ 153.227788] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.227790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.227795] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.227799] ffff88012787f830 ffffffff85fde640 00000000000000ca ffff88012787f820 [ 153.227801] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.227802] Call Trace: [ 153.227805] [] dump_stack+0xe6/0x120 [ 153.227807] [] kasan_report_error+0x59a/0x5c0 [ 153.227810] [] kasan_report+0x34/0x40 [ 153.227812] [] ? memcpy+0x1d/0x40 [ 153.227814] [] __asan_loadN+0x12a/0x180 [ 153.227815] [] memcpy+0x1d/0x40 [ 153.227819] [] fbcon_get_font+0x221/0x560 [ 153.227821] [] con_font_op+0x564/0xfa0 [ 153.227823] [] ? con_write+0x90/0x90 [ 153.227826] [] ? selinux_capable+0xd/0x10 [ 153.227828] [] ? security_capable+0x6f/0xa0 [ 153.227831] [] ? ns_capable+0x56/0xc0 [ 153.227833] [] vt_ioctl+0x434/0x24e0 [ 153.227836] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.227838] [] ? complete_change_console+0x300/0x300 [ 153.227840] [] ? plist_del+0xe9/0x1d0 [ 153.227842] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.227845] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.227847] [] tty_ioctl+0x5d4/0x20f0 [ 153.227849] [] ? no_tty+0x90/0x90 [ 153.227850] [] ? __lock_acquire+0xca1/0x5560 [ 153.227852] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.227854] [] ? __lock_acquire+0x1985/0x5560 [ 153.227857] [] ? ___might_sleep+0x331/0x440 [ 153.227859] [] ? __might_sleep+0x90/0x1a0 [ 153.227861] [] do_vfs_ioctl+0x17f/0xe70 [ 153.227863] [] ? selinux_file_ioctl+0x324/0x510 [ 153.227865] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.227867] [] ? __fget+0x1df/0x320 [ 153.227868] [] ? __fget+0x42/0x320 [ 153.227871] [] ? security_file_ioctl+0x6a/0xa0 [ 153.227873] [] SyS_ioctl+0x74/0x80 [ 153.227875] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.227876] Memory state around the buggy address: [ 153.227878] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.227879] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.227880] >ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.227881] ^ [ 153.227883] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.227884] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.227885] ================================================================== [ 153.227885] ================================================================== [ 153.227887] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde660 [ 153.227888] Read of size 32 by task syz-executor.1/19849 [ 153.227890] Address belongs to variable str__msr__trace_system_name+0x0/0x980 [ 153.227892] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.227893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.227895] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.227898] ffff88012787f830 ffffffff85fde660 00000000000000cb ffff88012787f820 [ 153.227900] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.227900] Call Trace: [ 153.227902] [] dump_stack+0xe6/0x120 [ 153.227904] [] kasan_report_error+0x59a/0x5c0 [ 153.227906] [] kasan_report+0x34/0x40 [ 153.227908] [] ? memcpy+0x1d/0x40 [ 153.227910] [] __asan_loadN+0x12a/0x180 [ 153.227912] [] memcpy+0x1d/0x40 [ 153.227914] [] fbcon_get_font+0x221/0x560 [ 153.227916] [] con_font_op+0x564/0xfa0 [ 153.227918] [] ? con_write+0x90/0x90 [ 153.227920] [] ? selinux_capable+0xd/0x10 [ 153.227922] [] ? security_capable+0x6f/0xa0 [ 153.227925] [] ? ns_capable+0x56/0xc0 [ 153.227927] [] vt_ioctl+0x434/0x24e0 [ 153.227929] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.227931] [] ? complete_change_console+0x300/0x300 [ 153.227938] [] ? plist_del+0xe9/0x1d0 [ 153.227940] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.227942] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.227944] [] tty_ioctl+0x5d4/0x20f0 [ 153.227945] [] ? no_tty+0x90/0x90 [ 153.227947] [] ? __lock_acquire+0xca1/0x5560 [ 153.227949] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.227950] [] ? __lock_acquire+0x1985/0x5560 [ 153.227953] [] ? ___might_sleep+0x331/0x440 [ 153.227955] [] ? __might_sleep+0x90/0x1a0 [ 153.227957] [] do_vfs_ioctl+0x17f/0xe70 [ 153.227959] [] ? selinux_file_ioctl+0x324/0x510 [ 153.227961] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.227962] [] ? __fget+0x1df/0x320 [ 153.227964] [] ? __fget+0x42/0x320 [ 153.227966] [] ? security_file_ioctl+0x6a/0xa0 [ 153.227968] [] SyS_ioctl+0x74/0x80 [ 153.227971] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.227972] Memory state around the buggy address: [ 153.227973] ffffffff85fde500: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 00 00 [ 153.227974] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.227975] >ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.227976] ^ [ 153.227977] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.227978] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.227979] ================================================================== [ 153.227979] ================================================================== [ 153.227981] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde680 [ 153.227982] Read of size 32 by task syz-executor.1/19849 [ 153.227984] Address belongs to variable str__msr__trace_system_name+0x20/0x980 [ 153.227986] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.227987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.227989] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.227991] ffff88012787f830 ffffffff85fde680 00000000000000cc ffff88012787f820 [ 153.227993] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.227994] Call Trace: [ 153.227996] [] dump_stack+0xe6/0x120 [ 153.227998] [] kasan_report_error+0x59a/0x5c0 [ 153.228000] [] kasan_report+0x34/0x40 [ 153.228002] [] ? memcpy+0x1d/0x40 [ 153.228004] [] __asan_loadN+0x12a/0x180 [ 153.228005] [] memcpy+0x1d/0x40 [ 153.228008] [] fbcon_get_font+0x221/0x560 [ 153.228010] [] con_font_op+0x564/0xfa0 [ 153.228012] [] ? con_write+0x90/0x90 [ 153.228014] [] ? selinux_capable+0xd/0x10 [ 153.228016] [] ? security_capable+0x6f/0xa0 [ 153.228018] [] ? ns_capable+0x56/0xc0 [ 153.228020] [] vt_ioctl+0x434/0x24e0 [ 153.228023] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.228025] [] ? complete_change_console+0x300/0x300 [ 153.228027] [] ? plist_del+0xe9/0x1d0 [ 153.228028] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228031] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.228033] [] tty_ioctl+0x5d4/0x20f0 [ 153.228034] [] ? no_tty+0x90/0x90 [ 153.228036] [] ? __lock_acquire+0xca1/0x5560 [ 153.228038] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228039] [] ? __lock_acquire+0x1985/0x5560 [ 153.228042] [] ? ___might_sleep+0x331/0x440 [ 153.228044] [] ? __might_sleep+0x90/0x1a0 [ 153.228045] [] do_vfs_ioctl+0x17f/0xe70 [ 153.228048] [] ? selinux_file_ioctl+0x324/0x510 [ 153.228049] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.228051] [] ? __fget+0x1df/0x320 [ 153.228053] [] ? __fget+0x42/0x320 [ 153.228055] [] ? security_file_ioctl+0x6a/0xa0 [ 153.228057] [] SyS_ioctl+0x74/0x80 [ 153.228059] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.228060] Memory state around the buggy address: [ 153.228061] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.228062] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.228063] >ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.228064] ^ [ 153.228065] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.228066] ffffffff85fde780: fa fa fa fa 00 00 07 fa fa fa fa fa 00 00 01 fa [ 153.228067] ================================================================== [ 153.228068] ================================================================== [ 153.228070] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde6c0 [ 153.228071] Read of size 32 by task syz-executor.1/19849 [ 153.228072] Address belongs to variable str__msr__trace_system_name+0x60/0x980 [ 153.228074] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.228074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.228077] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.228079] ffff88012787f830 ffffffff85fde6c0 00000000000000ce ffff88012787f820 [ 153.228081] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.228082] Call Trace: [ 153.228083] [] dump_stack+0xe6/0x120 [ 153.228086] [] kasan_report_error+0x59a/0x5c0 [ 153.228088] [] kasan_report+0x34/0x40 [ 153.228090] [] ? memcpy+0x1d/0x40 [ 153.228092] [] __asan_loadN+0x12a/0x180 [ 153.228093] [] memcpy+0x1d/0x40 [ 153.228096] [] fbcon_get_font+0x221/0x560 [ 153.228098] [] con_font_op+0x564/0xfa0 [ 153.228099] [] ? con_write+0x90/0x90 [ 153.228102] [] ? selinux_capable+0xd/0x10 [ 153.228104] [] ? security_capable+0x6f/0xa0 [ 153.228106] [] ? ns_capable+0x56/0xc0 [ 153.228108] [] vt_ioctl+0x434/0x24e0 [ 153.228110] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.228112] [] ? complete_change_console+0x300/0x300 [ 153.228114] [] ? plist_del+0xe9/0x1d0 [ 153.228116] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228118] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.228120] [] tty_ioctl+0x5d4/0x20f0 [ 153.228122] [] ? no_tty+0x90/0x90 [ 153.228124] [] ? __lock_acquire+0xca1/0x5560 [ 153.228125] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228127] [] ? __lock_acquire+0x1985/0x5560 [ 153.228129] [] ? ___might_sleep+0x331/0x440 [ 153.228131] [] ? __might_sleep+0x90/0x1a0 [ 153.228133] [] do_vfs_ioctl+0x17f/0xe70 [ 153.228135] [] ? selinux_file_ioctl+0x324/0x510 [ 153.228137] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.228139] [] ? __fget+0x1df/0x320 [ 153.228140] [] ? __fget+0x42/0x320 [ 153.228143] [] ? security_file_ioctl+0x6a/0xa0 [ 153.228144] [] SyS_ioctl+0x74/0x80 [ 153.228147] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.228148] Memory state around the buggy address: [ 153.228149] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.228150] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.228151] >ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.228152] ^ [ 153.228153] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.228154] ffffffff85fde780: fa fa fa fa 00 00 07 fa fa fa fa fa 00 00 01 fa [ 153.228155] ================================================================== [ 153.228156] ================================================================== [ 153.228157] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde6e0 [ 153.228158] Read of size 32 by task syz-executor.1/19849 [ 153.228160] Address belongs to variable str__msr__trace_system_name+0x80/0x980 [ 153.228161] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.228162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.228164] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.228167] ffff88012787f830 ffffffff85fde6e0 00000000000000cf ffff88012787f820 [ 153.228169] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.228169] Call Trace: [ 153.228171] [] dump_stack+0xe6/0x120 [ 153.228173] [] kasan_report_error+0x59a/0x5c0 [ 153.228175] [] kasan_report+0x34/0x40 [ 153.228177] [] ? memcpy+0x1d/0x40 [ 153.228179] [] __asan_loadN+0x12a/0x180 [ 153.228181] [] memcpy+0x1d/0x40 [ 153.228183] [] fbcon_get_font+0x221/0x560 [ 153.228185] [] con_font_op+0x564/0xfa0 [ 153.228187] [] ? con_write+0x90/0x90 [ 153.228189] [] ? selinux_capable+0xd/0x10 [ 153.228191] [] ? security_capable+0x6f/0xa0 [ 153.228194] [] ? ns_capable+0x56/0xc0 [ 153.228196] [] vt_ioctl+0x434/0x24e0 [ 153.228198] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.228200] [] ? complete_change_console+0x300/0x300 [ 153.228202] [] ? plist_del+0xe9/0x1d0 [ 153.228204] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228206] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.228208] [] tty_ioctl+0x5d4/0x20f0 [ 153.228210] [] ? no_tty+0x90/0x90 [ 153.228211] [] ? __lock_acquire+0xca1/0x5560 [ 153.228213] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228214] [] ? __lock_acquire+0x1985/0x5560 [ 153.228217] [] ? ___might_sleep+0x331/0x440 [ 153.228219] [] ? __might_sleep+0x90/0x1a0 [ 153.228221] [] do_vfs_ioctl+0x17f/0xe70 [ 153.228223] [] ? selinux_file_ioctl+0x324/0x510 [ 153.228225] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.228226] [] ? __fget+0x1df/0x320 [ 153.228228] [] ? __fget+0x42/0x320 [ 153.228230] [] ? security_file_ioctl+0x6a/0xa0 [ 153.228232] [] SyS_ioctl+0x74/0x80 [ 153.228234] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.228235] Memory state around the buggy address: [ 153.228236] ffffffff85fde580: 03 fa fa fa fa fa fa fa 00 00 00 00 02 fa fa fa [ 153.228238] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.228239] >ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.228239] ^ [ 153.228241] ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.228242] ffffffff85fde780: fa fa fa fa 00 00 07 fa fa fa fa fa 00 00 01 fa [ 153.228242] ================================================================== [ 153.228243] ================================================================== [ 153.228245] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde700 [ 153.228246] Read of size 32 by task syz-executor.1/19849 [ 153.228247] Address belongs to variable str__msr__trace_system_name+0xa0/0x980 [ 153.228249] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.228250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.228252] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.228254] ffff88012787f830 ffffffff85fde700 00000000000000d0 ffff88012787f820 [ 153.228256] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.228257] Call Trace: [ 153.228258] [] dump_stack+0xe6/0x120 [ 153.228261] [] kasan_report_error+0x59a/0x5c0 [ 153.228263] [] kasan_report+0x34/0x40 [ 153.228265] [] ? memcpy+0x1d/0x40 [ 153.228267] [] __asan_loadN+0x12a/0x180 [ 153.228268] [] memcpy+0x1d/0x40 [ 153.228271] [] fbcon_get_font+0x221/0x560 [ 153.228272] [] con_font_op+0x564/0xfa0 [ 153.228274] [] ? con_write+0x90/0x90 [ 153.228277] [] ? selinux_capable+0xd/0x10 [ 153.228279] [] ? security_capable+0x6f/0xa0 [ 153.228281] [] ? ns_capable+0x56/0xc0 [ 153.228283] [] vt_ioctl+0x434/0x24e0 [ 153.228285] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 153.228287] [] ? complete_change_console+0x300/0x300 [ 153.228289] [] ? plist_del+0xe9/0x1d0 [ 153.228291] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228293] [] ? avc_has_extended_perms+0x27b/0x10f0 [ 153.228295] [] tty_ioctl+0x5d4/0x20f0 [ 153.228297] [] ? no_tty+0x90/0x90 [ 153.228299] [] ? __lock_acquire+0xca1/0x5560 [ 153.228300] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 153.228302] [] ? __lock_acquire+0x1985/0x5560 [ 153.228304] [] ? ___might_sleep+0x331/0x440 [ 153.228306] [] ? __might_sleep+0x90/0x1a0 [ 153.228308] [] do_vfs_ioctl+0x17f/0xe70 [ 153.228311] [] ? selinux_file_ioctl+0x324/0x510 [ 153.228312] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 153.228314] [] ? __fget+0x1df/0x320 [ 153.228315] [] ? __fget+0x42/0x320 [ 153.228318] [] ? security_file_ioctl+0x6a/0xa0 [ 153.228319] [] SyS_ioctl+0x74/0x80 [ 153.228322] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 153.228323] Memory state around the buggy address: [ 153.228324] ffffffff85fde600: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 153.228325] ffffffff85fde680: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 153.228326] >ffffffff85fde700: 00 00 00 04 fa fa fa fa 00 00 00 00 03 fa fa fa [ 153.228327] ^ [ 153.228328] ffffffff85fde780: fa fa fa fa 00 00 07 fa fa fa fa fa 00 00 01 fa [ 153.228329] ffffffff85fde800: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00 [ 153.228330] ================================================================== [ 153.228330] ================================================================== [ 153.228332] BUG: KASAN: global-out-of-bounds in memcpy+0x1d/0x40 at addr ffffffff85fde720 [ 153.228333] Read of size 32 by task syz-executor.1/19849 [ 153.228335] Address belongs to variable str__msr__trace_system_name+0xc0/0x980 [ 153.228336] CPU: 0 PID: 19849 Comm: syz-executor.1 Tainted: G B 4.6.0-syzkaller #0 [ 153.228337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.228339] 1ffffffff0d9577e ffff88012787f7a0 ffffffff82c4dd46 0000000000000020 [ 153.228341] ffff88012787f830 ffffffff85fde720 00000000000000d1 ffff88012787f820 [ 153.228344] ffffffff817405ba 0000000000000010 0000000000000000 0000000000000286 [ 153.228344] Call Trace: [ 153.228346] [] dump_stack+0xe6/0x120 [ 153.228348] [] kasan_report_error+0x59a/0x5c0