[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 57.971514][ T7018] ================================================================== [ 57.971553][ T7018] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x28d/0x5b0 [ 57.971561][ T7018] Read of size 31 at addr ffffffff88752f7c by task syz-executor214/7018 [ 57.971563][ T7018] [ 57.971572][ T7018] CPU: 1 PID: 7018 Comm: syz-executor214 Not tainted 5.7.0-rc5-syzkaller #0 [ 57.971576][ T7018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.971579][ T7018] Call Trace: [ 57.971591][ T7018] dump_stack+0x188/0x20d [ 57.971604][ T7018] print_address_description.constprop.0.cold+0x5/0x315 [ 57.971612][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.971620][ T7018] __kasan_report.cold+0x35/0x4d [ 57.971629][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.971638][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.971645][ T7018] kasan_report+0x33/0x50 [ 57.971654][ T7018] check_memory_region+0x141/0x190 [ 57.971661][ T7018] memcpy+0x20/0x60 [ 57.971670][ T7018] fbcon_get_font+0x28d/0x5b0 [ 57.971680][ T7018] ? display_to_var+0x7b0/0x7b0 [ 57.971690][ T7018] con_font_op+0x1f7/0x1160 [ 57.971701][ T7018] ? lock_downgrade+0x840/0x840 [ 57.971708][ T7018] ? con_write+0xe0/0xe0 [ 57.971731][ T7018] ? __might_fault+0x190/0x1d0 [ 57.971744][ T7018] vt_ioctl+0x1d31/0x26b0 [ 57.971752][ T7018] ? tomoyo_same_path_acl+0x60/0xe0 [ 57.971760][ T7018] ? lockdep_hardirqs_on+0x463/0x620 [ 57.971775][ T7018] ? complete_change_console+0x3a0/0x3a0 [ 57.971790][ T7018] ? tomoyo_path_number_perm+0x238/0x4d0 [ 57.971812][ T7018] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.971828][ T7018] ? complete_change_console+0x3a0/0x3a0 [ 57.971843][ T7018] tty_ioctl+0xedc/0x1440 [ 57.971858][ T7018] ? tty_vhangup+0x30/0x30 [ 57.971870][ T7018] ? do_vfs_ioctl+0x50c/0x1360 [ 57.971880][ T7018] ? ioctl_file_clone+0x180/0x180 [ 57.971894][ T7018] ? up_read+0x1ab/0x750 [ 57.971902][ T7018] ? down_read_nested+0x420/0x420 [ 57.971913][ T7018] ? tty_vhangup+0x30/0x30 [ 57.971920][ T7018] ksys_ioctl+0x11a/0x180 [ 57.971930][ T7018] __x64_sys_ioctl+0x6f/0xb0 [ 57.971937][ T7018] ? lockdep_hardirqs_on+0x463/0x620 [ 57.971947][ T7018] do_syscall_64+0xf6/0x7d0 [ 57.971958][ T7018] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.971965][ T7018] RIP: 0033:0x441289 [ 57.971973][ T7018] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.971978][ T7018] RSP: 002b:00007ffe191069a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.971985][ T7018] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441289 [ 57.971990][ T7018] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 57.971995][ T7018] RBP: 000000000000e23a R08: 000000000000000d R09: 00000000004002c8 [ 57.971999][ T7018] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020b0 [ 57.972003][ T7018] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 57.972014][ T7018] [ 57.972017][ T7018] The buggy address belongs to the variable: [ 57.972024][ T7018] fontdata_8x16+0xffc/0x1120 [ 57.972026][ T7018] [ 57.972029][ T7018] Memory state around the buggy address: [ 57.972036][ T7018] ffffffff88752e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.972042][ T7018] ffffffff88752f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.972048][ T7018] >ffffffff88752f80: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 57.972051][ T7018] ^ [ 57.972059][ T7018] ffffffff88753000: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa [ 57.972069][ T7018] ffffffff88753080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.972077][ T7018] ================================================================== [ 57.972081][ T7018] Disabling lock debugging due to kernel taint [ 57.972147][ T7018] Kernel panic - not syncing: panic_on_warn set ... [ 57.972162][ T7018] CPU: 1 PID: 7018 Comm: syz-executor214 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 57.972172][ T7018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.972180][ T7018] Call Trace: [ 57.972196][ T7018] dump_stack+0x188/0x20d [ 57.972212][ T7018] panic+0x2e3/0x75c [ 57.972226][ T7018] ? add_taint.cold+0x16/0x16 [ 57.972242][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.972262][ T7018] ? trace_hardirqs_on+0x55/0x220 [ 57.972278][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.972292][ T7018] end_report+0x4d/0x53 [ 57.972305][ T7018] __kasan_report.cold+0xd/0x4d [ 57.972321][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.972336][ T7018] ? fbcon_get_font+0x28d/0x5b0 [ 57.972349][ T7018] kasan_report+0x33/0x50 [ 57.972364][ T7018] check_memory_region+0x141/0x190 [ 57.972377][ T7018] memcpy+0x20/0x60 [ 57.972392][ T7018] fbcon_get_font+0x28d/0x5b0 [ 57.972407][ T7018] ? display_to_var+0x7b0/0x7b0 [ 57.972421][ T7018] con_font_op+0x1f7/0x1160 [ 57.972436][ T7018] ? lock_downgrade+0x840/0x840 [ 57.972449][ T7018] ? con_write+0xe0/0xe0 [ 57.972465][ T7018] ? __might_fault+0x190/0x1d0 [ 57.972480][ T7018] vt_ioctl+0x1d31/0x26b0 [ 57.972493][ T7018] ? tomoyo_same_path_acl+0x60/0xe0 [ 57.972508][ T7018] ? lockdep_hardirqs_on+0x463/0x620 [ 57.972522][ T7018] ? complete_change_console+0x3a0/0x3a0 [ 57.972537][ T7018] ? tomoyo_path_number_perm+0x238/0x4d0 [ 57.972552][ T7018] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.972567][ T7018] ? complete_change_console+0x3a0/0x3a0 [ 57.972580][ T7018] tty_ioctl+0xedc/0x1440 [ 57.972594][ T7018] ? tty_vhangup+0x30/0x30 [ 57.972608][ T7018] ? do_vfs_ioctl+0x50c/0x1360 [ 57.972622][ T7018] ? ioctl_file_clone+0x180/0x180 [ 57.972637][ T7018] ? up_read+0x1ab/0x750 [ 57.972651][ T7018] ? down_read_nested+0x420/0x420 [ 57.972665][ T7018] ? tty_vhangup+0x30/0x30 [ 57.972679][ T7018] ksys_ioctl+0x11a/0x180 [ 57.972693][ T7018] __x64_sys_ioctl+0x6f/0xb0 [ 57.972708][ T7018] ? lockdep_hardirqs_on+0x463/0x620 [ 57.972723][ T7018] do_syscall_64+0xf6/0x7d0 [ 57.972739][ T7018] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.972751][ T7018] RIP: 0033:0x441289 [ 57.972822][ T7018] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.972832][ T7018] RSP: 002b:00007ffe191069a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.972852][ T7018] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441289 [ 57.972862][ T7018] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 57.972873][ T7018] RBP: 000000000000e23a R08: 000000000000000d R09: 00000000004002c8 [ 57.972883][ T7018] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020b0 [ 57.972893][ T7018] R13: 0000000000402140 R14: 0000000000000000 R15: 0000000000000000 [ 57.974373][ T7018] Kernel Offset: disabled [ 58.631085][ T7018] Rebooting in 86400 seconds..