[ OK ] Started Regular background program processing daemon. [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.169' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.443742][ T26] audit: type=1400 audit(1587757142.167:8): avc: denied { execmem } for pid=7038 comm="syz-executor100" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 67.526289][ T7040] ================================================================== [ 67.526331][ T7040] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x28d/0x5b0 [ 67.526338][ T7040] Read of size 31 at addr ffffffff88752f7c by task syz-executor100/7040 [ 67.526340][ T7040] [ 67.526349][ T7040] CPU: 1 PID: 7040 Comm: syz-executor100 Not tainted 5.7.0-rc2-syzkaller #0 [ 67.526353][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.526357][ T7040] Call Trace: [ 67.526370][ T7040] dump_stack+0x188/0x20d [ 67.526384][ T7040] print_address_description.constprop.0.cold+0x5/0x315 [ 67.526393][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526400][ T7040] __kasan_report.cold+0x35/0x4d [ 67.526410][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526419][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526425][ T7040] kasan_report+0x33/0x50 [ 67.526435][ T7040] check_memory_region+0x141/0x190 [ 67.526442][ T7040] memcpy+0x20/0x60 [ 67.526451][ T7040] fbcon_get_font+0x28d/0x5b0 [ 67.526461][ T7040] ? display_to_var+0x7b0/0x7b0 [ 67.526470][ T7040] con_font_op+0x1f7/0x1160 [ 67.526481][ T7040] ? lock_downgrade+0x840/0x840 [ 67.526489][ T7040] ? con_write+0xe0/0xe0 [ 67.526503][ T7040] ? __might_fault+0x190/0x1d0 [ 67.526515][ T7040] vt_ioctl+0x1d31/0x26b0 [ 67.526523][ T7040] ? tomoyo_find_next_domain+0x17d0/0x1f6c [ 67.526531][ T7040] ? lockdep_hardirqs_on+0x463/0x620 [ 67.526539][ T7040] ? complete_change_console+0x3a0/0x3a0 [ 67.526548][ T7040] ? tomoyo_path_number_perm+0x238/0x4d0 [ 67.526562][ T7040] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.526572][ T7040] ? complete_change_console+0x3a0/0x3a0 [ 67.526581][ T7040] tty_ioctl+0xedc/0x1440 [ 67.526590][ T7040] ? tty_vhangup+0x30/0x30 [ 67.526599][ T7040] ? do_vfs_ioctl+0x50c/0x12d0 [ 67.526609][ T7040] ? ioctl_file_clone+0x180/0x180 [ 67.526618][ T7040] ? selinux_file_mprotect+0x610/0x610 [ 67.526631][ T7040] ? up_read+0x1ab/0x750 [ 67.526644][ T7040] ? tty_vhangup+0x30/0x30 [ 67.526652][ T7040] ksys_ioctl+0x11a/0x180 [ 67.526662][ T7040] __x64_sys_ioctl+0x6f/0xb0 [ 67.526669][ T7040] ? lockdep_hardirqs_on+0x463/0x620 [ 67.526679][ T7040] do_syscall_64+0xf6/0x7d0 [ 67.526690][ T7040] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.526697][ T7040] RIP: 0033:0x441be9 [ 67.526705][ T7040] Code: e8 0c b1 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.526709][ T7040] RSP: 002b:00007ffce6156978 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.526717][ T7040] RAX: ffffffffffffffda RBX: 0000000000010784 RCX: 0000000000441be9 [ 67.526722][ T7040] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 67.526726][ T7040] RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000402970 [ 67.526731][ T7040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.526735][ T7040] R13: 0000000000402970 R14: 0000000000000000 R15: 0000000000000000 [ 67.526747][ T7040] [ 67.526749][ T7040] The buggy address belongs to the variable: [ 67.526756][ T7040] fontdata_8x16+0xffc/0x1120 [ 67.526765][ T7040] [ 67.526768][ T7040] Memory state around the buggy address: [ 67.526775][ T7040] ffffffff88752e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.526781][ T7040] ffffffff88752f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.526787][ T7040] >ffffffff88752f80: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 67.526792][ T7040] ^ [ 67.526801][ T7040] ffffffff88753000: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 03 fa [ 67.526810][ T7040] ffffffff88753080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.526816][ T7040] ================================================================== [ 67.526820][ T7040] Disabling lock debugging due to kernel taint [ 67.526826][ T7040] Kernel panic - not syncing: panic_on_warn set ... [ 67.526838][ T7040] CPU: 1 PID: 7040 Comm: syz-executor100 Tainted: G B 5.7.0-rc2-syzkaller #0 [ 67.526844][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.526847][ T7040] Call Trace: [ 67.526860][ T7040] dump_stack+0x188/0x20d [ 67.526874][ T7040] panic+0x2e3/0x75c [ 67.526881][ T7040] ? add_taint.cold+0x16/0x16 [ 67.526890][ T7040] ? print_shadow_for_address+0xb8/0x114 [ 67.526897][ T7040] ? trace_hardirqs_on+0x55/0x220 [ 67.526905][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526911][ T7040] end_report+0x4d/0x53 [ 67.526918][ T7040] __kasan_report.cold+0xd/0x4d [ 67.526925][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526932][ T7040] ? fbcon_get_font+0x28d/0x5b0 [ 67.526938][ T7040] kasan_report+0x33/0x50 [ 67.526946][ T7040] check_memory_region+0x141/0x190 [ 67.526952][ T7040] memcpy+0x20/0x60 [ 67.526959][ T7040] fbcon_get_font+0x28d/0x5b0 [ 67.526966][ T7040] ? display_to_var+0x7b0/0x7b0 [ 67.526973][ T7040] con_font_op+0x1f7/0x1160 [ 67.526980][ T7040] ? lock_downgrade+0x840/0x840 [ 67.526986][ T7040] ? con_write+0xe0/0xe0 [ 67.526995][ T7040] ? __might_fault+0x190/0x1d0 [ 67.527003][ T7040] vt_ioctl+0x1d31/0x26b0 [ 67.527009][ T7040] ? tomoyo_find_next_domain+0x17d0/0x1f6c [ 67.527016][ T7040] ? lockdep_hardirqs_on+0x463/0x620 [ 67.527023][ T7040] ? complete_change_console+0x3a0/0x3a0 [ 67.527030][ T7040] ? tomoyo_path_number_perm+0x238/0x4d0 [ 67.527039][ T7040] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 67.527046][ T7040] ? complete_change_console+0x3a0/0x3a0 [ 67.527052][ T7040] tty_ioctl+0xedc/0x1440 [ 67.527059][ T7040] ? tty_vhangup+0x30/0x30 [ 67.527065][ T7040] ? do_vfs_ioctl+0x50c/0x12d0 [ 67.527073][ T7040] ? ioctl_file_clone+0x180/0x180 [ 67.527079][ T7040] ? selinux_file_mprotect+0x610/0x610 [ 67.527087][ T7040] ? up_read+0x1ab/0x750 [ 67.527096][ T7040] ? tty_vhangup+0x30/0x30 [ 67.527102][ T7040] ksys_ioctl+0x11a/0x180 [ 67.527110][ T7040] __x64_sys_ioctl+0x6f/0xb0 [ 67.527116][ T7040] ? lockdep_hardirqs_on+0x463/0x620 [ 67.527123][ T7040] do_syscall_64+0xf6/0x7d0 [ 67.527131][ T7040] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 67.527136][ T7040] RIP: 0033:0x441be9 [ 67.527142][ T7040] Code: e8 0c b1 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.527146][ T7040] RSP: 002b:00007ffce6156978 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.527152][ T7040] RAX: ffffffffffffffda RBX: 0000000000010784 RCX: 0000000000441be9 [ 67.527155][ T7040] RDX: 0000000020000000 RSI: 0000000000004b6b RDI: 0000000000000003 [ 67.527159][ T7040] RBP: 0000000000000000 R08: 000000000000000d R09: 0000000000402970 [ 67.527163][ T7040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.527166][ T7040] R13: 0000000000402970 R14: 0000000000000000 R15: 0000000000000000 [ 67.528518][ T7040] Kernel Offset: disabled [ 68.185073][ T7040] Rebooting in 86400 seconds..