Warning: Permanently added '[localhost]:8703' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 176.641269][ T8478] ================================================================== [ 176.642776][ T8478] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34b/0x410 [ 176.642937][ T8478] Write of size 8 at addr ffffc9000a321000 by task syz-executor726/8478 [ 176.642939][ T8478] [ 176.643197][ T8478] CPU: 0 PID: 8478 Comm: syz-executor726 Not tainted 5.7.0-syzkaller #0 [ 176.643298][ T8478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 176.643344][ T8478] Call Trace: [ 176.643910][ T8478] dump_stack+0x188/0x20d [ 176.644135][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.644142][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.644171][ T8478] print_address_description.constprop.0.cold+0x5/0x413 [ 176.644180][ T8478] ? __this_cpu_preempt_check+0x84/0x190 [ 176.644876][ T8478] ? smp_apic_timer_interrupt+0x1b6/0x600 [ 176.645002][ T8478] ? vprintk_func+0x97/0x1a6 [ 176.645030][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.645038][ T8478] kasan_report.cold+0x1f/0x37 [ 176.645083][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.645092][ T8478] bitfill_aligned+0x34b/0x410 [ 176.645161][ T8478] sys_fillrect+0x415/0x7a0 [ 176.645168][ T8478] ? sys_fillrect+0x7a0/0x7a0 [ 176.645196][ T8478] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 176.645206][ T8478] ? fb_copy_cmap+0x2b2/0x370 [ 176.645216][ T8478] bit_clear_margins+0x3f6/0x4a0 [ 176.645226][ T8478] ? bit_bmove+0x210/0x210 [ 176.645242][ T8478] fbcon_clear_margins+0x1de/0x240 [ 176.645253][ T8478] fbcon_switch+0xcde/0x16f0 [ 176.645271][ T8478] ? fbcon_set_def_font+0x370/0x370 [ 176.645289][ T8478] ? fbcon_cursor+0x477/0x650 [ 176.645297][ T8478] ? bit_clear+0x4e0/0x4e0 [ 176.645306][ T8478] ? is_console_locked+0x5/0x10 [ 176.645314][ T8478] ? fbcon_set_origin+0x26/0x50 [ 176.645326][ T8478] redraw_screen+0x2ae/0x770 [ 176.645335][ T8478] ? respond_string+0x290/0x290 [ 176.645346][ T8478] ? fbcon_set_palette+0x3b1/0x4a0 [ 176.645357][ T8478] fbcon_modechanged+0x581/0x720 [ 176.645369][ T8478] fbcon_update_vcs+0x3a/0x50 [ 176.645378][ T8478] fb_set_var+0xb03/0xd90 [ 176.645387][ T8478] ? fb_blank+0x190/0x190 [ 176.645418][ T8478] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 176.645430][ T8478] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 176.645442][ T8478] do_fb_ioctl+0x390/0x6e0 [ 176.645451][ T8478] ? fb_mmap+0x550/0x550 [ 176.645461][ T8478] ? trace_hardirqs_off+0x50/0x220 [ 176.645470][ T8478] ? lock_downgrade+0x840/0x840 [ 176.645509][ T8478] ? tomoyo_path_number_perm+0x238/0x4d0 [ 176.645520][ T8478] ? tomoyo_execute_permission+0x470/0x470 [ 176.645528][ T8478] ? trace_hardirqs_off+0x50/0x220 [ 176.645548][ T8478] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 176.645560][ T8478] ? do_vfs_ioctl+0x50c/0x1360 [ 176.645572][ T8478] fb_compat_ioctl+0x305/0xc50 [ 176.645581][ T8478] ? fb_release+0x140/0x140 [ 176.645597][ T8478] ? do_sys_open+0xc3/0x140 [ 176.645607][ T8478] ? fb_release+0x140/0x140 [ 176.645619][ T8478] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 176.645650][ T8478] do_fast_syscall_32+0x270/0xe90 [ 176.645661][ T8478] entry_SYSENTER_compat+0x70/0x7f [ 176.645688][ T8478] [ 176.645691][ T8478] [ 176.645694][ T8478] Memory state around the buggy address: [ 176.645986][ T8478] ffffc9000a320f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.645993][ T8478] ffffc9000a320f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 176.645999][ T8478] >ffffc9000a321000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 176.646002][ T8478] ^ [ 176.646008][ T8478] ffffc9000a321080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 176.646014][ T8478] ffffc9000a321100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 176.646017][ T8478] ================================================================== [ 176.646852][ T8478] Disabling lock debugging due to kernel taint [ 176.647177][ T8478] Kernel panic - not syncing: panic_on_warn set ... [ 176.647203][ T8478] CPU: 0 PID: 8478 Comm: syz-executor726 Tainted: G B 5.7.0-syzkaller #0 [ 176.647251][ T8478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 176.647313][ T8478] Call Trace: [ 176.647397][ T8478] dump_stack+0x188/0x20d [ 176.647405][ T8478] ? bitfill_aligned+0x320/0x410 [ 176.647414][ T8478] panic+0x2e3/0x75c [ 176.647422][ T8478] ? add_taint.cold+0x16/0x16 [ 176.647433][ T8478] ? trace_hardirqs_on+0x55/0x230 [ 176.647439][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.647445][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.647452][ T8478] end_report+0x4d/0x53 [ 176.647460][ T8478] kasan_report.cold+0xd/0x37 [ 176.647467][ T8478] ? bitfill_aligned+0x34b/0x410 [ 176.647473][ T8478] bitfill_aligned+0x34b/0x410 [ 176.647481][ T8478] sys_fillrect+0x415/0x7a0 [ 176.647486][ T8478] ? sys_fillrect+0x7a0/0x7a0 [ 176.647498][ T8478] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 176.647505][ T8478] ? fb_copy_cmap+0x2b2/0x370 [ 176.647513][ T8478] bit_clear_margins+0x3f6/0x4a0 [ 176.647521][ T8478] ? bit_bmove+0x210/0x210 [ 176.647532][ T8478] fbcon_clear_margins+0x1de/0x240 [ 176.647540][ T8478] fbcon_switch+0xcde/0x16f0 [ 176.647549][ T8478] ? fbcon_set_def_font+0x370/0x370 [ 176.647560][ T8478] ? fbcon_cursor+0x477/0x650 [ 176.647566][ T8478] ? bit_clear+0x4e0/0x4e0 [ 176.647574][ T8478] ? is_console_locked+0x5/0x10 [ 176.647581][ T8478] ? fbcon_set_origin+0x26/0x50 [ 176.647589][ T8478] redraw_screen+0x2ae/0x770 [ 176.647597][ T8478] ? respond_string+0x290/0x290 [ 176.647605][ T8478] ? fbcon_set_palette+0x3b1/0x4a0 [ 176.647613][ T8478] fbcon_modechanged+0x581/0x720 [ 176.647621][ T8478] fbcon_update_vcs+0x3a/0x50 [ 176.647628][ T8478] fb_set_var+0xb03/0xd90 [ 176.647634][ T8478] ? fb_blank+0x190/0x190 [ 176.647651][ T8478] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 176.647661][ T8478] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 176.647669][ T8478] do_fb_ioctl+0x390/0x6e0 [ 176.647675][ T8478] ? fb_mmap+0x550/0x550 [ 176.647682][ T8478] ? trace_hardirqs_off+0x50/0x220 [ 176.647690][ T8478] ? lock_downgrade+0x840/0x840 [ 176.647702][ T8478] ? tomoyo_path_number_perm+0x238/0x4d0 [ 176.647711][ T8478] ? tomoyo_execute_permission+0x470/0x470 [ 176.647718][ T8478] ? trace_hardirqs_off+0x50/0x220 [ 176.647730][ T8478] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 176.647739][ T8478] ? do_vfs_ioctl+0x50c/0x1360 [ 176.647747][ T8478] fb_compat_ioctl+0x305/0xc50 [ 176.647754][ T8478] ? fb_release+0x140/0x140 [ 176.647765][ T8478] ? do_sys_open+0xc3/0x140 [ 176.647772][ T8478] ? fb_release+0x140/0x140 [ 176.647781][ T8478] __ia32_compat_sys_ioctl+0x23d/0x2b0 [ 176.647791][ T8478] do_fast_syscall_32+0x270/0xe90 [ 176.647800][ T8478] entry_SYSENTER_compat+0x70/0x7f [ 176.649337][ T8478] Kernel Offset: disabled [ 176.649337][ T8478] Rebooting in 86400 seconds..