Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.986654][ T6850] ================================================================== [ 56.986694][ T6850] BUG: KASAN: global-out-of-bounds in fbcon_resize+0x781/0x810 [ 56.986701][ T6850] Read of size 4 at addr ffffffff8896e618 by task syz-executor309/6850 [ 56.986704][ T6850] [ 56.986713][ T6850] CPU: 1 PID: 6850 Comm: syz-executor309 Not tainted 5.9.0-rc1-next-20200821-syzkaller #0 [ 56.986718][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.986721][ T6850] Call Trace: [ 56.986734][ T6850] dump_stack+0x18f/0x20d [ 56.986743][ T6850] ? fbcon_resize+0x781/0x810 [ 56.986751][ T6850] ? fbcon_resize+0x781/0x810 [ 56.986762][ T6850] print_address_description.constprop.0.cold+0x5/0x497 [ 56.986772][ T6850] ? do_syscall_64+0x2d/0x70 [ 56.986781][ T6850] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.986792][ T6850] ? vprintk_func+0x97/0x1a6 [ 56.986801][ T6850] ? fbcon_resize+0x781/0x810 [ 56.986808][ T6850] ? fbcon_resize+0x781/0x810 [ 56.986816][ T6850] kasan_report.cold+0x1f/0x37 [ 56.986825][ T6850] ? fbcon_resize+0x781/0x810 [ 56.986835][ T6850] fbcon_resize+0x781/0x810 [ 56.986845][ T6850] ? lock_downgrade+0x830/0x830 [ 56.986854][ T6850] ? display_to_var+0x7b0/0x7b0 [ 56.986861][ T6850] ? mark_lock+0xbc/0x1710 [ 56.986894][ T6850] ? vc_do_resize+0x2f6/0x1150 [ 56.986902][ T6850] ? __kmalloc+0x1bf/0x320 [ 56.986911][ T6850] ? display_to_var+0x7b0/0x7b0 [ 56.986919][ T6850] vc_do_resize+0x535/0x1150 [ 56.986930][ T6850] ? lock_acquire+0x1f1/0xad0 [ 56.986941][ T6850] ? lock_release+0x8e0/0x8e0 [ 56.986949][ T6850] ? lock_downgrade+0x830/0x830 [ 56.986956][ T6850] ? rwlock_bug.part.0+0x90/0x90 [ 56.986964][ T6850] ? store_bind+0x6a0/0x6a0 [ 56.986973][ T6850] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.986981][ T6850] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 56.986991][ T6850] ? trace_hardirqs_on+0x5f/0x220 [ 56.987002][ T6850] vt_ioctl+0x11d2/0x2cc0 [ 56.987011][ T6850] ? lock_downgrade+0x751/0x830 [ 56.987019][ T6850] ? vt_waitactive+0x350/0x350 [ 56.987028][ T6850] ? trace_hardirqs_on+0x5f/0x220 [ 56.987036][ T6850] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.987046][ T6850] ? tomoyo_path_number_perm+0x244/0x4d0 [ 56.987055][ T6850] ? tomoyo_execute_permission+0x470/0x470 [ 56.987062][ T6850] ? lockdep_hardirqs_off+0x89/0xc0 [ 56.987072][ T6850] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.987082][ T6850] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 56.987090][ T6850] ? vt_waitactive+0x350/0x350 [ 56.987098][ T6850] tty_ioctl+0x1019/0x15f0 [ 56.987107][ T6850] ? tty_fasync+0x390/0x390 [ 56.987115][ T6850] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.987124][ T6850] ? do_vfs_ioctl+0x27d/0x1090 [ 56.987133][ T6850] ? generic_block_fiemap+0x60/0x60 [ 56.987143][ T6850] ? build_open_flags+0x650/0x650 [ 56.987160][ T6850] ? bpf_lsm_file_ioctl+0x5/0x10 [ 56.987167][ T6850] ? tty_fasync+0x390/0x390 [ 56.987176][ T6850] __x64_sys_ioctl+0x193/0x200 [ 56.987186][ T6850] do_syscall_64+0x2d/0x70 [ 56.987194][ T6850] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.987201][ T6850] RIP: 0033:0x440329 [ 56.987210][ T6850] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.987215][ T6850] RSP: 002b:00007fff5ae20758 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.987225][ T6850] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440329 [ 56.987230][ T6850] RDX: 0000000020000040 RSI: 0000000000005609 RDI: 0000000000000004 [ 56.987235][ T6850] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 56.987240][ T6850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.987245][ T6850] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.987255][ T6850] [ 56.987258][ T6850] The buggy address belongs to the variable: [ 56.987266][ T6850] font_vga_8x16+0x58/0x60 [ 56.987268][ T6850] [ 56.987271][ T6850] Memory state around the buggy address: [ 56.987279][ T6850] ffffffff8896e500: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 [ 56.987285][ T6850] ffffffff8896e580: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 [ 56.987291][ T6850] >ffffffff8896e600: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.987295][ T6850] ^ [ 56.987301][ T6850] ffffffff8896e680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.987307][ T6850] ffffffff8896e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.987311][ T6850] ================================================================== [ 56.987314][ T6850] Disabling lock debugging due to kernel taint [ 56.987318][ T6850] Kernel panic - not syncing: panic_on_warn set ... [ 56.987326][ T6850] CPU: 1 PID: 6850 Comm: syz-executor309 Tainted: G B 5.9.0-rc1-next-20200821-syzkaller #0 [ 56.987330][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.987332][ T6850] Call Trace: [ 56.987340][ T6850] dump_stack+0x18f/0x20d [ 56.987348][ T6850] ? fbcon_resize+0x690/0x810 [ 56.987356][ T6850] panic+0x2e3/0x75c [ 56.987369][ T6850] ? __warn_printk+0xf3/0xf3 [ 56.987378][ T6850] ? trace_hardirqs_on+0x55/0x220 [ 56.987386][ T6850] ? fbcon_resize+0x781/0x810 [ 56.987392][ T6850] ? fbcon_resize+0x781/0x810 [ 56.987399][ T6850] end_report+0x4d/0x53 [ 56.987406][ T6850] kasan_report.cold+0xd/0x37 [ 56.987414][ T6850] ? fbcon_resize+0x781/0x810 [ 56.987421][ T6850] fbcon_resize+0x781/0x810 [ 56.987429][ T6850] ? lock_downgrade+0x830/0x830 [ 56.987436][ T6850] ? display_to_var+0x7b0/0x7b0 [ 56.987443][ T6850] ? mark_lock+0xbc/0x1710 [ 56.987453][ T6850] ? vc_do_resize+0x2f6/0x1150 [ 56.987459][ T6850] ? __kmalloc+0x1bf/0x320 [ 56.987466][ T6850] ? display_to_var+0x7b0/0x7b0 [ 56.987473][ T6850] vc_do_resize+0x535/0x1150 [ 56.987481][ T6850] ? lock_acquire+0x1f1/0xad0 [ 56.987489][ T6850] ? lock_release+0x8e0/0x8e0 [ 56.987499][ T6850] ? lock_downgrade+0x830/0x830 [ 56.987506][ T6850] ? rwlock_bug.part.0+0x90/0x90 [ 56.987512][ T6850] ? store_bind+0x6a0/0x6a0 [ 56.987520][ T6850] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.987527][ T6850] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 56.987534][ T6850] ? trace_hardirqs_on+0x5f/0x220 [ 56.987542][ T6850] vt_ioctl+0x11d2/0x2cc0 [ 56.987549][ T6850] ? lock_downgrade+0x751/0x830 [ 56.987556][ T6850] ? vt_waitactive+0x350/0x350 [ 56.987563][ T6850] ? trace_hardirqs_on+0x5f/0x220 [ 56.987570][ T6850] ? lockdep_hardirqs_on+0x76/0xf0 [ 56.987577][ T6850] ? tomoyo_path_number_perm+0x244/0x4d0 [ 56.987584][ T6850] ? tomoyo_execute_permission+0x470/0x470 [ 56.987591][ T6850] ? lockdep_hardirqs_off+0x89/0xc0 [ 56.987598][ T6850] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.987606][ T6850] ? tty_jobctrl_ioctl+0x4d/0x1010 [ 56.987613][ T6850] ? vt_waitactive+0x350/0x350 [ 56.987620][ T6850] tty_ioctl+0x1019/0x15f0 [ 56.987626][ T6850] ? tty_fasync+0x390/0x390 [ 56.987633][ T6850] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 56.987640][ T6850] ? do_vfs_ioctl+0x27d/0x1090 [ 56.987648][ T6850] ? generic_block_fiemap+0x60/0x60 [ 56.987655][ T6850] ? build_open_flags+0x650/0x650 [ 56.987665][ T6850] ? bpf_lsm_file_ioctl+0x5/0x10 [ 56.987672][ T6850] ? tty_fasync+0x390/0x390 [ 56.987679][ T6850] __x64_sys_ioctl+0x193/0x200 [ 56.987687][ T6850] do_syscall_64+0x2d/0x70 [ 56.987694][ T6850] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.987700][ T6850] RIP: 0033:0x440329 [ 56.987707][ T6850] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.987710][ T6850] RSP: 002b:00007fff5ae20758 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.987718][ T6850] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440329 [ 56.987722][ T6850] RDX: 0000000020000040 RSI: 0000000000005609 RDI: 0000000000000004 [ 56.987727][ T6850] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 56.987731][ T6850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.987736][ T6850] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.988826][ T6850] Kernel Offset: disabled [ 57.775004][ T6850] Rebooting in 86400 seconds..