[ 185.529224][ T42] audit: type=1400 audit(1591788222.991:41): avc: denied { map } for pid=9699 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:8344' (ECDSA) to the list of known hosts. executing program [ 188.347145][ T42] audit: type=1400 audit(1591788225.811:42): avc: denied { map } for pid=9714 comm="syz-executor477" path="/syz-executor477095220" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 188.527836][ T9714] ================================================================== [ 188.530067][ T9714] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34b/0x410 [ 188.530194][ T9714] Write of size 8 at addr ffffc90009591000 by task syz-executor477/9714 [ 188.530197][ T9714] [ 188.530652][ T9714] CPU: 2 PID: 9714 Comm: syz-executor477 Not tainted 5.7.0-syzkaller #0 [ 188.530652][ T9714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 188.530652][ T9714] Call Trace: [ 188.530652][ T9714] dump_stack+0x188/0x20d [ 188.530652][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.530652][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.530652][ T9714] print_address_description.constprop.0.cold+0x5/0x413 [ 188.530652][ T9714] ? mutex_trylock+0x2c0/0x2c0 [ 188.530652][ T9714] ? drm_fb_helper_pan_display+0x39f/0x970 [ 188.530652][ T9714] ? vprintk_func+0x97/0x1a6 [ 188.530652][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.530652][ T9714] kasan_report.cold+0x1f/0x37 [ 188.530652][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.530652][ T9714] bitfill_aligned+0x34b/0x410 [ 188.530652][ T9714] sys_fillrect+0x415/0x7a0 [ 188.530652][ T9714] ? sys_fillrect+0x7a0/0x7a0 [ 188.530652][ T9714] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 188.530652][ T9714] ? fb_copy_cmap+0x2b2/0x370 [ 188.530652][ T9714] bit_clear_margins+0x3f6/0x4a0 [ 188.530652][ T9714] ? bit_bmove+0x210/0x210 [ 188.530652][ T9714] ? retint_kernel+0x2b/0x2b [ 188.530652][ T9714] fbcon_clear_margins+0x1de/0x240 [ 188.530652][ T9714] fbcon_switch+0xcde/0x16f0 [ 188.530652][ T9714] ? fbcon_set_def_font+0x370/0x370 [ 188.530652][ T9714] ? fbcon_cursor+0x477/0x650 [ 188.530652][ T9714] ? bit_clear+0x4e0/0x4e0 [ 188.530652][ T9714] ? is_console_locked+0x5/0x10 [ 188.530652][ T9714] ? fbcon_set_origin+0x26/0x50 [ 188.530652][ T9714] redraw_screen+0x2ae/0x770 [ 188.530652][ T9714] ? respond_string+0x290/0x290 [ 188.530652][ T9714] ? fbcon_set_palette+0x3b1/0x4a0 [ 188.530652][ T9714] fbcon_modechanged+0x581/0x720 [ 188.530652][ T9714] fbcon_update_vcs+0x3a/0x50 [ 188.530652][ T9714] fb_set_var+0xb03/0xd90 [ 188.530652][ T9714] ? fb_blank+0x190/0x190 [ 188.530652][ T9714] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 188.530652][ T9714] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 188.530652][ T9714] do_fb_ioctl+0x390/0x6e0 [ 188.530652][ T9714] ? fb_mmap+0x550/0x550 [ 188.530652][ T9714] ? tomoyo_execute_permission+0x470/0x470 [ 188.530652][ T9714] ? trace_hardirqs_off+0x50/0x220 [ 188.530652][ T9714] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 188.530652][ T9714] ? do_vfs_ioctl+0x50c/0x1360 [ 188.530652][ T9714] ? up_read+0x1ab/0x750 [ 188.530652][ T9714] fb_ioctl+0xdd/0x130 [ 188.530652][ T9714] ? do_fb_ioctl+0x6e0/0x6e0 [ 188.530652][ T9714] ksys_ioctl+0x11a/0x180 [ 188.530652][ T9714] __x64_sys_ioctl+0x6f/0xb0 [ 188.530652][ T9714] do_syscall_64+0xf6/0x7d0 [ 188.530652][ T9714] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 188.530652][ T9714] RIP: 0033:0x433d79 [ 188.530652][ T9714] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.530652][ T9714] RSP: 002b:00007ffe58c41d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.530652][ T9714] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d79 [ 188.530652][ T9714] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 188.530652][ T9714] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0 [ 188.530652][ T9714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 188.530652][ T9714] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 188.530652][ T9714] [ 188.530652][ T9714] [ 188.530652][ T9714] Memory state around the buggy address: [ 188.530652][ T9714] ffffc90009590f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.530652][ T9714] ffffc90009590f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.530652][ T9714] >ffffc90009591000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.530652][ T9714] ^ [ 188.530652][ T9714] ffffc90009591080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.530652][ T9714] ffffc90009591100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 188.530652][ T9714] ================================================================== [ 188.530652][ T9714] Disabling lock debugging due to kernel taint [ 188.544722][ T9714] Kernel panic - not syncing: panic_on_warn set ... [ 188.544764][ T9714] CPU: 2 PID: 9714 Comm: syz-executor477 Tainted: G B 5.7.0-syzkaller #0 [ 188.544769][ T9714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 188.544783][ T9714] Call Trace: [ 188.544966][ T9714] dump_stack+0x188/0x20d [ 188.544982][ T9714] ? bitfill_aligned+0x320/0x410 [ 188.545020][ T9714] panic+0x2e3/0x75c [ 188.545028][ T9714] ? add_taint.cold+0x16/0x16 [ 188.545059][ T9714] ? preempt_schedule_common+0x5e/0xc0 [ 188.545066][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.545072][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.545080][ T9714] ? preempt_schedule_thunk+0x16/0x18 [ 188.545088][ T9714] ? trace_hardirqs_on+0x55/0x230 [ 188.545095][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.545101][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.545109][ T9714] end_report+0x4d/0x53 [ 188.545117][ T9714] kasan_report.cold+0xd/0x37 [ 188.545124][ T9714] ? bitfill_aligned+0x34b/0x410 [ 188.545131][ T9714] bitfill_aligned+0x34b/0x410 [ 188.545138][ T9714] sys_fillrect+0x415/0x7a0 [ 188.545144][ T9714] ? sys_fillrect+0x7a0/0x7a0 [ 188.545154][ T9714] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 188.545161][ T9714] ? fb_copy_cmap+0x2b2/0x370 [ 188.545169][ T9714] bit_clear_margins+0x3f6/0x4a0 [ 188.545177][ T9714] ? bit_bmove+0x210/0x210 [ 188.545183][ T9714] ? retint_kernel+0x2b/0x2b [ 188.545193][ T9714] fbcon_clear_margins+0x1de/0x240 [ 188.545201][ T9714] fbcon_switch+0xcde/0x16f0 [ 188.545211][ T9714] ? fbcon_set_def_font+0x370/0x370 [ 188.545222][ T9714] ? fbcon_cursor+0x477/0x650 [ 188.545229][ T9714] ? bit_clear+0x4e0/0x4e0 [ 188.545236][ T9714] ? is_console_locked+0x5/0x10 [ 188.545243][ T9714] ? fbcon_set_origin+0x26/0x50 [ 188.545251][ T9714] redraw_screen+0x2ae/0x770 [ 188.545259][ T9714] ? respond_string+0x290/0x290 [ 188.545267][ T9714] ? fbcon_set_palette+0x3b1/0x4a0 [ 188.545281][ T9714] fbcon_modechanged+0x581/0x720 [ 188.545290][ T9714] fbcon_update_vcs+0x3a/0x50 [ 188.545296][ T9714] fb_set_var+0xb03/0xd90 [ 188.545303][ T9714] ? fb_blank+0x190/0x190 [ 188.545319][ T9714] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 188.545328][ T9714] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 188.545336][ T9714] do_fb_ioctl+0x390/0x6e0 [ 188.545343][ T9714] ? fb_mmap+0x550/0x550 [ 188.545352][ T9714] ? tomoyo_execute_permission+0x470/0x470 [ 188.545359][ T9714] ? trace_hardirqs_off+0x50/0x220 [ 188.545371][ T9714] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 188.545379][ T9714] ? do_vfs_ioctl+0x50c/0x1360 [ 188.545390][ T9714] ? up_read+0x1ab/0x750 [ 188.545399][ T9714] fb_ioctl+0xdd/0x130 [ 188.545405][ T9714] ? do_fb_ioctl+0x6e0/0x6e0 [ 188.545413][ T9714] ksys_ioctl+0x11a/0x180 [ 188.545421][ T9714] __x64_sys_ioctl+0x6f/0xb0 [ 188.545430][ T9714] do_syscall_64+0xf6/0x7d0 [ 188.545437][ T9714] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 188.545443][ T9714] RIP: 0033:0x433d79 [ 188.545450][ T9714] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.545454][ T9714] RSP: 002b:00007ffe58c41d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.545461][ T9714] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d79 [ 188.545465][ T9714] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 188.545469][ T9714] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0 [ 188.545473][ T9714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10 [ 188.545477][ T9714] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000 [ 188.550240][ T9714] Kernel Offset: disabled [ 188.550240][ T9714] Rebooting in 86400 seconds..