Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program [ 36.510182] ================================================================== [ 36.510207] BUG: KASAN: slab-out-of-bounds in soft_cursor+0x44b/0xa30 [ 36.510214] Read of size 15 at addr ffff8880af2e99b0 by task kworker/1:3/4697 [ 36.510215] [ 36.510224] CPU: 1 PID: 4697 Comm: kworker/1:3 Not tainted 4.19.190-syzkaller #0 [ 36.510228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.510236] Workqueue: events_power_efficient fb_flashcursor [ 36.510240] Call Trace: [ 36.510251] dump_stack+0x1fc/0x2ef [ 36.510262] print_address_description.cold+0x54/0x219 [ 36.510271] kasan_report_error.cold+0x8a/0x1b9 [ 36.510278] ? soft_cursor+0x44b/0xa30 [ 36.510288] kasan_report+0x8f/0xa0 [ 36.510295] ? soft_cursor+0x44b/0xa30 [ 36.510303] memcpy+0x20/0x50 [ 36.510310] soft_cursor+0x44b/0xa30 [ 36.510322] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.510331] bit_cursor+0x1126/0x1740 [ 36.510341] ? bit_update_start+0x1f0/0x1f0 [ 36.510348] ? lock_downgrade+0x720/0x720 [ 36.510361] ? __down_trylock_console_sem+0x16b/0x210 [ 36.510370] ? fb_get_color_depth+0x11a/0x240 [ 36.510379] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 36.510386] ? get_color+0x20e/0x410 [ 36.510393] ? bit_update_start+0x1f0/0x1f0 [ 36.510400] fb_flashcursor+0x38c/0x430 [ 36.510410] process_one_work+0x864/0x1570 [ 36.510421] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 36.510433] worker_thread+0x64c/0x1130 [ 36.510444] ? __kthread_parkme+0x133/0x1e0 [ 36.510451] ? process_one_work+0x1570/0x1570 [ 36.510458] kthread+0x33f/0x460 [ 36.510465] ? kthread_park+0x180/0x180 [ 36.510474] ret_from_fork+0x24/0x30 [ 36.510483] [ 36.510486] Allocated by task 8091: [ 36.510493] __kmalloc+0x15a/0x3c0 [ 36.510499] fbcon_set_font+0x34f/0x8a0 [ 36.510507] con_font_op+0x94b/0xf20 [ 36.510514] vt_ioctl+0x116b/0x2380 [ 36.510521] tty_ioctl+0x5b0/0x15c0 [ 36.510528] do_vfs_ioctl+0xcdb/0x12e0 [ 36.510533] ksys_ioctl+0x9b/0xc0 [ 36.510539] __x64_sys_ioctl+0x6f/0xb0 [ 36.510546] do_syscall_64+0xf9/0x620 [ 36.510553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.510554] [ 36.510557] Freed by task 4698: [ 36.510563] kfree+0xcc/0x210 [ 36.510572] skb_release_data+0x6de/0x920 [ 36.510578] consume_skb+0x113/0x3d0 [ 36.510584] skb_free_datagram+0x16/0xf0 [ 36.510590] netlink_recvmsg+0x627/0xea0 [ 36.510597] sock_recvmsg+0xca/0x110 [ 36.510603] ___sys_recvmsg+0x255/0x570 [ 36.510609] __x64_sys_recvmsg+0x12f/0x220 [ 36.510615] do_syscall_64+0xf9/0x620 [ 36.510621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.510623] [ 36.510628] The buggy address belongs to the object at ffff8880af2e97c0 [ 36.510628] which belongs to the cache kmalloc-512 of size 512 [ 36.510634] The buggy address is located 496 bytes inside of [ 36.510634] 512-byte region [ffff8880af2e97c0, ffff8880af2e99c0) [ 36.510636] The buggy address belongs to the page: [ 36.510642] page:ffffea0002bcba40 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0 [ 36.510648] flags: 0xfff00000000100(slab) [ 36.510657] raw: 00fff00000000100 ffffea0002899248 ffffea0002bcbc08 ffff88813bff0940 [ 36.510665] raw: 0000000000000000 ffff8880af2e9040 0000000100000006 0000000000000000 [ 36.510668] page dumped because: kasan: bad access detected [ 36.510670] [ 36.510672] Memory state around the buggy address: [ 36.510677] ffff8880af2e9880: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 36.510682] ffff8880af2e9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.510687] >ffff8880af2e9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.510690] ^ [ 36.510695] ffff8880af2e9a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.510700] ffff8880af2e9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.510703] ================================================================== [ 36.510705] Disabling lock debugging due to kernel taint [ 36.510709] Kernel panic - not syncing: panic_on_warn set ... [ 36.510709] [ 36.510716] CPU: 1 PID: 4697 Comm: kworker/1:3 Tainted: G B 4.19.190-syzkaller #0 [ 36.510719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.510724] Workqueue: events_power_efficient fb_flashcursor [ 36.510727] Call Trace: [ 36.510734] dump_stack+0x1fc/0x2ef [ 36.510742] panic+0x26a/0x50e [ 36.510748] ? __warn_printk+0xf3/0xf3 [ 36.510756] ? lock_downgrade+0x720/0x720 [ 36.510763] ? print_shadow_for_address+0xb8/0x114 [ 36.510771] ? trace_hardirqs_on+0x55/0x210 [ 36.510778] kasan_end_report+0x43/0x49 [ 36.510785] kasan_report_error.cold+0xa7/0x1b9 [ 36.510791] ? soft_cursor+0x44b/0xa30 [ 36.510797] kasan_report+0x8f/0xa0 [ 36.510804] ? soft_cursor+0x44b/0xa30 [ 36.510810] memcpy+0x20/0x50 [ 36.510817] soft_cursor+0x44b/0xa30 [ 36.510825] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.510832] bit_cursor+0x1126/0x1740 [ 36.510840] ? bit_update_start+0x1f0/0x1f0 [ 36.510846] ? lock_downgrade+0x720/0x720 [ 36.510855] ? __down_trylock_console_sem+0x16b/0x210 [ 36.510862] ? fb_get_color_depth+0x11a/0x240 [ 36.510870] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 36.510881] ? get_color+0x20e/0x410 [ 36.510900] ? bit_update_start+0x1f0/0x1f0 [ 36.510912] fb_flashcursor+0x38c/0x430 [ 36.510925] process_one_work+0x864/0x1570 [ 36.510942] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 36.510957] worker_thread+0x64c/0x1130 [ 36.510972] ? __kthread_parkme+0x133/0x1e0 [ 36.510985] ? process_one_work+0x1570/0x1570 [ 36.510997] kthread+0x33f/0x460 [ 36.511008] ? kthread_park+0x180/0x180 [ 36.511021] ret_from_fork+0x24/0x30 [ 36.511670] Kernel Offset: disabled [ 37.047263] Rebooting in 86400 seconds..