Warning: Permanently added '10.128.0.234' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 74.196834][ T28] audit: type=1400 audit(1591454932.975:8): avc: denied { execmem } for pid=6877 comm="syz-executor956" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 74.229798][ T6879] ================================================================== [ 74.229845][ T6879] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc08/0xd60 [ 74.229853][ T6879] Read of size 1 at addr ffffffff8875c44b by task syz-executor956/6879 [ 74.229856][ T6879] [ 74.229867][ T6879] CPU: 0 PID: 6879 Comm: syz-executor956 Not tainted 5.7.0-syzkaller #0 [ 74.229873][ T6879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.229876][ T6879] Call Trace: [ 74.229889][ T6879] dump_stack+0x188/0x20d [ 74.229901][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.229910][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.229923][ T6879] print_address_description.constprop.0.cold+0x5/0x413 [ 74.229931][ T6879] ? fb_pad_aligned_buffer+0x10c/0x150 [ 74.229945][ T6879] ? vprintk_func+0x97/0x1a6 [ 74.229957][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.229966][ T6879] kasan_report.cold+0x1f/0x37 [ 74.229977][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.229988][ T6879] bit_putcs+0xc08/0xd60 [ 74.230010][ T6879] ? bit_cursor+0x1870/0x1870 [ 74.230020][ T6879] ? find_held_lock+0x2d/0x110 [ 74.230033][ T6879] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 74.230046][ T6879] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 74.230059][ T6879] fbcon_putcs+0x345/0x3f0 [ 74.230070][ T6879] ? bit_cursor+0x1870/0x1870 [ 74.230079][ T6879] ? fb_flashcursor+0x3e0/0x3e0 [ 74.230092][ T6879] do_con_write.part.0+0xf16/0x1dc0 [ 74.230114][ T6879] ? do_con_trol+0x5d80/0x5d80 [ 74.230131][ T6879] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 74.230143][ T6879] con_write+0x41/0xe0 [ 74.230154][ T6879] n_tty_write+0x3f0/0xf90 [ 74.230174][ T6879] ? n_tty_read+0x1b30/0x1b30 [ 74.230186][ T6879] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 74.230199][ T6879] ? __might_fault+0x190/0x1d0 [ 74.230212][ T6879] tty_write+0x495/0x800 [ 74.230221][ T6879] ? n_tty_read+0x1b30/0x1b30 [ 74.230236][ T6879] do_iter_write+0x486/0x600 [ 74.230253][ T6879] vfs_writev+0x1b3/0x2f0 [ 74.230262][ T6879] ? vfs_iter_write+0xa0/0xa0 [ 74.230272][ T6879] ? find_held_lock+0x2d/0x110 [ 74.230283][ T6879] ? do_page_fault+0x5ad/0x13d4 [ 74.230296][ T6879] ? lock_downgrade+0x840/0x840 [ 74.230316][ T6879] ? __fget_light+0x1ab/0x270 [ 74.230327][ T6879] do_writev+0x139/0x300 [ 74.230336][ T6879] ? vfs_writev+0x2f0/0x2f0 [ 74.230345][ T6879] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 74.230358][ T6879] ? do_syscall_64+0x21/0x7d0 [ 74.230368][ T6879] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 74.230381][ T6879] do_syscall_64+0xf6/0x7d0 [ 74.230392][ T6879] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 74.230400][ T6879] RIP: 0033:0x4412c9 [ 74.230409][ T6879] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.230414][ T6879] RSP: 002b:00007ffe1fe2c368 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 74.230423][ T6879] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 74.230429][ T6879] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 74.230434][ T6879] RBP: 00000000000121dd R08: 000000000000000d R09: 00000000004002c8 [ 74.230440][ T6879] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 74.230445][ T6879] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 74.230459][ T6879] [ 74.230462][ T6879] The buggy address belongs to the variable: [ 74.230470][ T6879] __func__.45663+0xb/0x1c0 [ 74.230473][ T6879] [ 74.230476][ T6879] Memory state around the buggy address: [ 74.230484][ T6879] ffffffff8875c300: 00 00 00 fa fa fa fa fa 00 00 00 00 00 01 fa fa [ 74.230491][ T6879] ffffffff8875c380: fa fa fa fa 00 00 00 00 01 fa fa fa fa fa fa fa [ 74.230498][ T6879] >ffffffff8875c400: 00 00 00 00 fa fa fa fa 00 03 fa fa fa fa fa fa [ 74.230502][ T6879] ^ [ 74.230508][ T6879] ffffffff8875c480: 00 01 fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 74.230515][ T6879] ffffffff8875c500: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 74.230519][ T6879] ================================================================== [ 74.230522][ T6879] Disabling lock debugging due to kernel taint [ 74.230526][ T6879] Kernel panic - not syncing: panic_on_warn set ... [ 74.230535][ T6879] CPU: 0 PID: 6879 Comm: syz-executor956 Tainted: G B 5.7.0-syzkaller #0 [ 74.230539][ T6879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.230541][ T6879] Call Trace: [ 74.230549][ T6879] dump_stack+0x188/0x20d [ 74.230559][ T6879] ? bit_putcs+0xb10/0xd60 [ 74.230574][ T6879] panic+0x2e3/0x75c [ 74.230584][ T6879] ? add_taint.cold+0x16/0x16 [ 74.230595][ T6879] ? trace_hardirqs_on+0x55/0x230 [ 74.230604][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.230611][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.230620][ T6879] end_report+0x4d/0x53 [ 74.230628][ T6879] kasan_report.cold+0xd/0x37 [ 74.230637][ T6879] ? bit_putcs+0xc08/0xd60 [ 74.230646][ T6879] bit_putcs+0xc08/0xd60 [ 74.230658][ T6879] ? bit_cursor+0x1870/0x1870 [ 74.230666][ T6879] ? find_held_lock+0x2d/0x110 [ 74.230675][ T6879] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 74.230688][ T6879] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 74.230702][ T6879] fbcon_putcs+0x345/0x3f0 [ 74.230716][ T6879] ? bit_cursor+0x1870/0x1870 [ 74.230728][ T6879] ? fb_flashcursor+0x3e0/0x3e0 [ 74.230742][ T6879] do_con_write.part.0+0xf16/0x1dc0 [ 74.230763][ T6879] ? do_con_trol+0x5d80/0x5d80 [ 74.230774][ T6879] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 74.230783][ T6879] con_write+0x41/0xe0 [ 74.230791][ T6879] n_tty_write+0x3f0/0xf90 [ 74.230802][ T6879] ? n_tty_read+0x1b30/0x1b30 [ 74.230811][ T6879] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 74.230820][ T6879] ? __might_fault+0x190/0x1d0 [ 74.230829][ T6879] tty_write+0x495/0x800 [ 74.230836][ T6879] ? n_tty_read+0x1b30/0x1b30 [ 74.230845][ T6879] do_iter_write+0x486/0x600 [ 74.230855][ T6879] vfs_writev+0x1b3/0x2f0 [ 74.230862][ T6879] ? vfs_iter_write+0xa0/0xa0 [ 74.230870][ T6879] ? find_held_lock+0x2d/0x110 [ 74.230877][ T6879] ? do_page_fault+0x5ad/0x13d4 [ 74.230887][ T6879] ? lock_downgrade+0x840/0x840 [ 74.230897][ T6879] ? __fget_light+0x1ab/0x270 [ 74.230905][ T6879] do_writev+0x139/0x300 [ 74.230912][ T6879] ? vfs_writev+0x2f0/0x2f0 [ 74.230920][ T6879] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 74.230929][ T6879] ? do_syscall_64+0x21/0x7d0 [ 74.230938][ T6879] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 74.230947][ T6879] do_syscall_64+0xf6/0x7d0 [ 74.230956][ T6879] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 74.230961][ T6879] RIP: 0033:0x4412c9 [ 74.230969][ T6879] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.230973][ T6879] RSP: 002b:00007ffe1fe2c368 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 74.230980][ T6879] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 74.230985][ T6879] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 74.230989][ T6879] RBP: 00000000000121dd R08: 000000000000000d R09: 00000000004002c8 [ 74.230994][ T6879] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 74.230998][ T6879] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 74.232697][ T6879] Kernel Offset: disabled [ 74.942146][ T6879] Rebooting in 86400 seconds..