Warning: Permanently added '[localhost]:39971' (ECDSA) to the list of known hosts.
syzkaller login: [  163.421931][   T39] kauditd_printk_skb: 7 callbacks suppressed
executing program
[  163.422020][   T39] audit: type=1400 audit(1595750016.672:42): avc:  denied  { map } for  pid=9273 comm="syz-executor080" path="/syz-executor080968211" dev="sda1" ino=16528 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  163.494822][ T9273] ==================================================================
[  163.495862][ T9273] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400
[  163.495922][ T9273] Write of size 8 at addr ffffc90009a91000 by task syz-executor080/9273
[  163.495925][ T9273] 
[  163.496023][ T9273] CPU: 3 PID: 9273 Comm: syz-executor080 Not tainted 5.8.0-rc6-syzkaller #0
[  163.496029][ T9273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  163.496074][ T9273] Call Trace:
[  163.496327][ T9273]  dump_stack+0x18f/0x20d
[  163.496354][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.496363][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.496485][ T9273]  print_address_description.constprop.0.cold+0x5/0x436
[  163.497895][ T9273]  ? lockdep_hardirqs_off+0x66/0xa0
[  163.498302][ T9273]  ? vprintk_func+0x97/0x1a6
[  163.498316][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.498326][ T9273]  kasan_report.cold+0x1f/0x37
[  163.498459][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.498470][ T9273]  bitfill_aligned+0x34a/0x400
[  163.498563][ T9273]  sys_fillrect+0x408/0x7a0
[  163.498572][ T9273]  ? sys_fillrect+0x7a0/0x7a0
[  163.498901][ T9273]  drm_fb_helper_sys_fillrect+0x1e/0x190
[  163.498912][ T9273]  bit_clear_margins+0x2d5/0x4a0
[  163.498922][ T9273]  ? bit_bmove+0x210/0x210
[  163.498970][ T9273]  ? fb_get_color_depth+0x11a/0x240
[  163.498982][ T9273]  fbcon_clear_margins+0x1d5/0x230
[  163.498992][ T9273]  fbcon_switch+0xb6e/0x16c0
[  163.499004][ T9273]  ? fbcon_scroll+0x3600/0x3600
[  163.499021][ T9273]  ? fbcon_cursor+0x52b/0x650
[  163.499030][ T9273]  ? kmalloc_array.constprop.0+0x20/0x20
[  163.499083][ T9273]  ? is_console_locked+0x5/0x10
[  163.499091][ T9273]  ? fbcon_set_origin+0x26/0x50
[  163.499190][ T9273]  redraw_screen+0x2ae/0x770
[  163.499202][ T9273]  ? vc_init+0x440/0x440
[  163.499211][ T9273]  ? fb_get_color_depth+0x11a/0x240
[  163.499221][ T9273]  ? fbcon_set_palette+0x3a8/0x490
[  163.499231][ T9273]  fbcon_modechanged+0x575/0x710
[  163.499243][ T9273]  fbcon_update_vcs+0x3a/0x50
[  163.499252][ T9273]  fb_set_var+0xae8/0xd60
[  163.499263][ T9273]  ? fb_blank+0x190/0x190
[  163.499273][ T9273]  ? lock_release+0x8d0/0x8d0
[  163.499286][ T9273]  ? lock_is_held_type+0xb0/0xe0
[  163.499294][ T9273]  ? lock_release+0x8d0/0x8d0
[  163.499309][ T9273]  ? do_fb_ioctl+0x2f2/0x6c0
[  163.499398][ T9273]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[  163.499408][ T9273]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  163.499547][ T9273]  ? trace_hardirqs_on+0x5f/0x220
[  163.499560][ T9273]  do_fb_ioctl+0x33f/0x6c0
[  163.499634][ T9273]  ? fb_set_suspend+0x1a0/0x1a0
[  163.499724][ T9273]  ? tomoyo_execute_permission+0x470/0x470
[  163.499909][ T9273]  ? __get_unused_fd_flags+0x60/0x60
[  163.499923][ T9273]  ? lock_is_held_type+0xb0/0xe0
[  163.499979][ T9273]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  163.499989][ T9273]  ? do_vfs_ioctl+0x27d/0x1090
[  163.500011][ T9273]  fb_ioctl+0xdd/0x130
[  163.500021][ T9273]  ? do_fb_ioctl+0x6c0/0x6c0
[  163.500028][ T9273]  ksys_ioctl+0x11a/0x180
[  163.500038][ T9273]  __x64_sys_ioctl+0x6f/0xb0
[  163.500045][ T9273]  ? lockdep_hardirqs_on+0x6a/0xe0
[  163.500055][ T9273]  do_syscall_64+0x60/0xe0
[  163.500091][ T9273]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  163.500307][ T9273] RIP: 0033:0x433d79
[  163.500481][ T9273] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  163.500486][ T9273] RSP: 002b:00007ffc03901138 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  163.500522][ T9273] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d79
[  163.500527][ T9273] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  163.500532][ T9273] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0
[  163.500537][ T9273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10
[  163.500542][ T9273] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000
[  163.500584][ T9273] 
[  163.500586][ T9273] 
[  163.500589][ T9273] Memory state around the buggy address:
[  163.500593][ T9273]  ffffc90009a90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.500593][ T9273]  ffffc90009a90f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.500593][ T9273] >ffffc90009a91000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  163.500593][ T9273]                    ^
[  163.500593][ T9273]  ffffc90009a91080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  163.500593][ T9273]  ffffc90009a91100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  163.500593][ T9273] ==================================================================
[  163.500593][ T9273] Disabling lock debugging due to kernel taint
[  163.506321][ T9273] Kernel panic - not syncing: panic_on_warn set ...
[  163.506379][ T9273] CPU: 3 PID: 9273 Comm: syz-executor080 Tainted: G    B             5.8.0-rc6-syzkaller #0
[  163.506440][ T9273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  163.506532][ T9273] Call Trace:
[  163.506675][ T9273]  dump_stack+0x18f/0x20d
[  163.506686][ T9273]  ? bitfill_aligned+0x2e0/0x400
[  163.506934][ T9273]  panic+0x2e3/0x75c
[  163.506942][ T9273]  ? __warn_printk+0xf3/0xf3
[  163.506953][ T9273]  ? preempt_schedule_common+0x59/0xc0
[  163.506962][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.507118][ T9273]  ? preempt_schedule_thunk+0x16/0x18
[  163.507126][ T9273]  ? trace_hardirqs_on+0x55/0x220
[  163.507135][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.507143][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.507158][ T9273]  end_report+0x4d/0x53
[  163.507166][ T9273]  kasan_report.cold+0xd/0x37
[  163.507175][ T9273]  ? bitfill_aligned+0x34a/0x400
[  163.507183][ T9273]  bitfill_aligned+0x34a/0x400
[  163.507193][ T9273]  sys_fillrect+0x408/0x7a0
[  163.507201][ T9273]  ? sys_fillrect+0x7a0/0x7a0
[  163.507212][ T9273]  drm_fb_helper_sys_fillrect+0x1e/0x190
[  163.507221][ T9273]  bit_clear_margins+0x2d5/0x4a0
[  163.507229][ T9273]  ? bit_bmove+0x210/0x210
[  163.507240][ T9273]  ? fb_get_color_depth+0x11a/0x240
[  163.507249][ T9273]  fbcon_clear_margins+0x1d5/0x230
[  163.507257][ T9273]  fbcon_switch+0xb6e/0x16c0
[  163.507266][ T9273]  ? fbcon_scroll+0x3600/0x3600
[  163.507277][ T9273]  ? fbcon_cursor+0x52b/0x650
[  163.507285][ T9273]  ? kmalloc_array.constprop.0+0x20/0x20
[  163.507295][ T9273]  ? is_console_locked+0x5/0x10
[  163.507400][ T9273]  ? fbcon_set_origin+0x26/0x50
[  163.507413][ T9273]  redraw_screen+0x2ae/0x770
[  163.507421][ T9273]  ? vc_init+0x440/0x440
[  163.507430][ T9273]  ? fb_get_color_depth+0x11a/0x240
[  163.507437][ T9273]  ? fbcon_set_palette+0x3a8/0x490
[  163.507446][ T9273]  fbcon_modechanged+0x575/0x710
[  163.507455][ T9273]  fbcon_update_vcs+0x3a/0x50
[  163.507462][ T9273]  fb_set_var+0xae8/0xd60
[  163.507471][ T9273]  ? fb_blank+0x190/0x190
[  163.507479][ T9273]  ? lock_release+0x8d0/0x8d0
[  163.507488][ T9273]  ? lock_is_held_type+0xb0/0xe0
[  163.507495][ T9273]  ? lock_release+0x8d0/0x8d0
[  163.507505][ T9273]  ? do_fb_ioctl+0x2f2/0x6c0
[  163.507517][ T9273]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[  163.507525][ T9273]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[  163.507533][ T9273]  ? trace_hardirqs_on+0x5f/0x220
[  163.507668][ T9273]  do_fb_ioctl+0x33f/0x6c0
[  163.507679][ T9273]  ? fb_set_suspend+0x1a0/0x1a0
[  163.507689][ T9273]  ? tomoyo_execute_permission+0x470/0x470
[  163.507697][ T9273]  ? __get_unused_fd_flags+0x60/0x60
[  163.507707][ T9273]  ? lock_is_held_type+0xb0/0xe0
[  163.507718][ T9273]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  163.507726][ T9273]  ? do_vfs_ioctl+0x27d/0x1090
[  163.507740][ T9273]  fb_ioctl+0xdd/0x130
[  163.507748][ T9273]  ? do_fb_ioctl+0x6c0/0x6c0
[  163.507754][ T9273]  ksys_ioctl+0x11a/0x180
[  163.507762][ T9273]  __x64_sys_ioctl+0x6f/0xb0
[  163.507769][ T9273]  ? lockdep_hardirqs_on+0x6a/0xe0
[  163.507782][ T9273]  do_syscall_64+0x60/0xe0
[  163.507791][ T9273]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  163.507797][ T9273] RIP: 0033:0x433d79
[  163.507806][ T9273] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  163.507810][ T9273] RSP: 002b:00007ffc03901138 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  163.507818][ T9273] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d79
[  163.507822][ T9273] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  163.507827][ T9273] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0
[  163.507831][ T9273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10
[  163.507835][ T9273] R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000
[  163.512668][ T9273] Kernel Offset: disabled
[  163.512668][ T9273] Rebooting in 86400 seconds..