Warning: Permanently added '[localhost]:41388' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 173.609214][ T8761] ================================================================== [ 173.614271][ T8761] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x117f/0x1290 [ 173.614748][ T8761] Write of size 4 at addr ffffc90009911000 by task syz-executor045/8761 [ 173.614750][ T8761] [ 173.615393][ T8761] CPU: 0 PID: 8761 Comm: syz-executor045 Not tainted 5.9.0-rc8-syzkaller #0 [ 173.615423][ T8761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 173.615486][ T8761] Call Trace: [ 173.616132][ T8761] dump_stack+0x198/0x1fd [ 173.616329][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.616340][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.616694][ T8761] print_address_description.constprop.0.cold+0x5/0x497 [ 173.616706][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.616910][ T8761] ? lockdep_hardirqs_off+0x96/0xd0 [ 173.617156][ T8761] ? vprintk_func+0x95/0x1d4 [ 173.617166][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.617173][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.617181][ T8761] kasan_report.cold+0x1f/0x37 [ 173.617191][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.617201][ T8761] sys_imageblit+0x117f/0x1290 [ 173.617201][ T8761] drm_fb_helper_sys_imageblit+0x1c/0x180 [ 173.617201][ T8761] bit_putcs+0x6e1/0xd20 [ 173.617201][ T8761] ? bit_cursor+0x1720/0x1720 [ 173.617201][ T8761] ? wait_for_completion+0x260/0x260 [ 173.617201][ T8761] ? fb_get_color_depth+0x81/0x240 [ 173.617201][ T8761] ? fb_get_color_depth+0x11a/0x240 [ 173.617201][ T8761] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 173.617201][ T8761] ? bit_cursor+0x1720/0x1720 [ 173.617201][ T8761] fbcon_putcs+0x35a/0x450 [ 173.617201][ T8761] do_update_region+0x399/0x630 [ 173.617201][ T8761] ? con_get_trans_old+0x2a0/0x2a0 [ 173.617201][ T8761] ? fb_get_color_depth+0x11a/0x240 [ 173.617201][ T8761] ? fbcon_set_palette+0x422/0x620 [ 173.617201][ T8761] ? var_to_display+0x7f0/0x7f0 [ 173.617201][ T8761] redraw_screen+0x658/0x790 [ 173.617201][ T8761] ? vc_init+0x5a0/0x5a0 [ 173.617201][ T8761] ? fbcon_set_palette+0x422/0x620 [ 173.617201][ T8761] fbcon_modechanged+0x593/0x6d0 [ 173.617201][ T8761] fbcon_update_vcs+0x3a/0x50 [ 173.617201][ T8761] do_fb_ioctl+0x62e/0x690 [ 173.617201][ T8761] ? fb_set_suspend+0x1a0/0x1a0 [ 173.617201][ T8761] ? lock_downgrade+0x830/0x830 [ 173.617201][ T8761] ? kfree+0x221/0x2b0 [ 173.617201][ T8761] ? check_preemption_disabled+0x50/0x130 [ 173.617201][ T8761] ? kfree+0x221/0x2b0 [ 173.617201][ T8761] ? tomoyo_path_number_perm+0x441/0x590 [ 173.617201][ T8761] ? lockdep_hardirqs_on+0x53/0x100 [ 173.617201][ T8761] ? tomoyo_path_number_perm+0x24e/0x590 [ 173.617201][ T8761] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 173.617201][ T8761] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 173.617201][ T8761] ? do_vfs_ioctl+0x27d/0x1090 [ 173.617201][ T8761] ? generic_block_fiemap+0x60/0x60 [ 173.617201][ T8761] fb_compat_ioctl+0x17c/0xc30 [ 173.617201][ T8761] ? fb_open+0x430/0x430 [ 173.617201][ T8761] ? __fget_files+0x294/0x400 [ 173.617201][ T8761] ? bpf_lsm_file_ioctl+0x5/0x10 [ 173.617201][ T8761] ? fb_open+0x430/0x430 [ 173.617201][ T8761] __do_compat_sys_ioctl+0x1d3/0x230 [ 173.617201][ T8761] __do_fast_syscall_32+0x60/0x90 [ 173.617201][ T8761] do_fast_syscall_32+0x2f/0x70 [ 173.617201][ T8761] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 173.617201][ T8761] RIP: 0023:0xf7f58549 [ 173.617201][ T8761] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 173.617201][ T8761] RSP: 002b:00000000f7f531dc EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 173.617201][ T8761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 173.617201][ T8761] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.617201][ T8761] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.617201][ T8761] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 173.617201][ T8761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.617201][ T8761] [ 173.617201][ T8761] [ 173.617201][ T8761] Memory state around the buggy address: [ 173.617201][ T8761] ffffc90009910f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 173.617201][ T8761] ffffc90009910f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 173.617201][ T8761] >ffffc90009911000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 173.617201][ T8761] ^ [ 173.617201][ T8761] ffffc90009911080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 173.617201][ T8761] ffffc90009911100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 173.617201][ T8761] ================================================================== [ 173.617201][ T8761] Disabling lock debugging due to kernel taint [ 173.628510][ T8761] Kernel panic - not syncing: panic_on_warn set ... [ 173.628578][ T8761] CPU: 0 PID: 8761 Comm: syz-executor045 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 173.628582][ T8761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 173.628623][ T8761] Call Trace: [ 173.628891][ T8761] dump_stack+0x198/0x1fd [ 173.628912][ T8761] ? sys_imageblit+0x1080/0x1290 [ 173.629055][ T8761] panic+0x382/0x7fb [ 173.629075][ T8761] ? __warn_printk+0xf3/0xf3 [ 173.629084][ T8761] ? preempt_schedule_common+0x59/0xc0 [ 173.629090][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.629242][ T8761] ? preempt_schedule_thunk+0x16/0x18 [ 173.629328][ T8761] ? trace_hardirqs_on+0x55/0x220 [ 173.629340][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.629350][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.629362][ T8761] end_report+0x4d/0x53 [ 173.629373][ T8761] kasan_report.cold+0xd/0x37 [ 173.629384][ T8761] ? sys_imageblit+0x117f/0x1290 [ 173.629394][ T8761] sys_imageblit+0x117f/0x1290 [ 173.629407][ T8761] drm_fb_helper_sys_imageblit+0x1c/0x180 [ 173.629419][ T8761] bit_putcs+0x6e1/0xd20 [ 173.629430][ T8761] ? bit_cursor+0x1720/0x1720 [ 173.629442][ T8761] ? wait_for_completion+0x260/0x260 [ 173.629453][ T8761] ? fb_get_color_depth+0x81/0x240 [ 173.629463][ T8761] ? fb_get_color_depth+0x11a/0x240 [ 173.629475][ T8761] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 173.629486][ T8761] ? bit_cursor+0x1720/0x1720 [ 173.629502][ T8761] fbcon_putcs+0x35a/0x450 [ 173.629514][ T8761] do_update_region+0x399/0x630 [ 173.629526][ T8761] ? con_get_trans_old+0x2a0/0x2a0 [ 173.629537][ T8761] ? fb_get_color_depth+0x11a/0x240 [ 173.629548][ T8761] ? fbcon_set_palette+0x422/0x620 [ 173.629559][ T8761] ? var_to_display+0x7f0/0x7f0 [ 173.629570][ T8761] redraw_screen+0x658/0x790 [ 173.629580][ T8761] ? vc_init+0x5a0/0x5a0 [ 173.629591][ T8761] ? fbcon_set_palette+0x422/0x620 [ 173.629602][ T8761] fbcon_modechanged+0x593/0x6d0 [ 173.629614][ T8761] fbcon_update_vcs+0x3a/0x50 [ 173.629624][ T8761] do_fb_ioctl+0x62e/0x690 [ 173.629635][ T8761] ? fb_set_suspend+0x1a0/0x1a0 [ 173.629647][ T8761] ? lock_downgrade+0x830/0x830 [ 173.629657][ T8761] ? kfree+0x221/0x2b0 [ 173.629670][ T8761] ? check_preemption_disabled+0x50/0x130 [ 173.629679][ T8761] ? kfree+0x221/0x2b0 [ 173.629692][ T8761] ? tomoyo_path_number_perm+0x441/0x590 [ 173.629704][ T8761] ? lockdep_hardirqs_on+0x53/0x100 [ 173.629716][ T8761] ? tomoyo_path_number_perm+0x24e/0x590 [ 173.629728][ T8761] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 173.629739][ T8761] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 173.629752][ T8761] ? do_vfs_ioctl+0x27d/0x1090 [ 173.629763][ T8761] ? generic_block_fiemap+0x60/0x60 [ 173.629773][ T8761] fb_compat_ioctl+0x17c/0xc30 [ 173.629783][ T8761] ? fb_open+0x430/0x430 [ 173.629794][ T8761] ? __fget_files+0x294/0x400 [ 173.629806][ T8761] ? bpf_lsm_file_ioctl+0x5/0x10 [ 173.629811][ T8761] ? fb_open+0x430/0x430 [ 173.629818][ T8761] __do_compat_sys_ioctl+0x1d3/0x230 [ 173.629825][ T8761] __do_fast_syscall_32+0x60/0x90 [ 173.629837][ T8761] do_fast_syscall_32+0x2f/0x70 [ 173.629849][ T8761] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 173.629869][ T8761] RIP: 0023:0xf7f58549 [ 173.629899][ T8761] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 173.629908][ T8761] RSP: 002b:00000000f7f531dc EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 173.629925][ T8761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 173.629934][ T8761] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.629943][ T8761] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 173.629951][ T8761] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 173.629960][ T8761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 173.636995][ T8761] Kernel Offset: disabled [ 173.636995][ T8761] Rebooting in 86400 seconds..