Warning: Permanently added '[localhost]:53599' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 114.987361][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 115.009483][ T39] audit: type=1400 audit(1584437458.271:42): avc: denied { map } for pid=9337 comm="syz-executor767" path="/syz-executor767253731" dev="sda1" ino=16527 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 115.023964][ T9337] ================================================================== [ 115.026249][ T9337] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34b/0x410 [ 115.026431][ T9337] Write of size 8 at addr ffffc90009621000 by task syz-executor767/9337 [ 115.026432][ T9337] [ 115.028332][ T9337] CPU: 3 PID: 9337 Comm: syz-executor767 Not tainted 5.6.0-rc6-syzkaller #0 [ 115.028447][ T9337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 115.028712][ T9337] Call Trace: [ 115.031925][ T9337] dump_stack+0x188/0x20d [ 115.031925][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] print_address_description.constprop.0.cold+0x5/0x315 [ 115.031925][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] __kasan_report.cold+0x1a/0x32 [ 115.031925][ T9337] ? mark_lock+0x61/0x1220 [ 115.031925][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] kasan_report+0xe/0x20 [ 115.031925][ T9337] bitfill_aligned+0x34b/0x410 [ 115.031925][ T9337] sys_fillrect+0x415/0x7a0 [ 115.031925][ T9337] ? sys_fillrect+0x7a0/0x7a0 [ 115.031925][ T9337] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 115.031925][ T9337] bit_clear_margins+0x2d5/0x4a0 [ 115.031925][ T9337] ? bit_bmove+0x210/0x210 [ 115.031925][ T9337] ? fbcon_clear_margins+0x131/0x240 [ 115.031925][ T9337] ? fbcon_clear_margins+0x13e/0x240 [ 115.031925][ T9337] fbcon_clear_margins+0x1de/0x240 [ 115.031925][ T9337] fbcon_switch+0xd1b/0x1740 [ 115.031925][ T9337] ? fbcon_set_def_font+0x370/0x370 [ 115.031925][ T9337] ? fbcon_cursor+0x477/0x650 [ 115.031925][ T9337] ? bit_clear+0x4e0/0x4e0 [ 115.031925][ T9337] ? is_console_locked+0x5/0x10 [ 115.031925][ T9337] ? fbcon_set_origin+0x26/0x50 [ 115.031925][ T9337] redraw_screen+0x2a8/0x770 [ 115.031925][ T9337] ? respond_string+0x290/0x290 [ 115.031925][ T9337] ? fbcon_set_palette+0x3b1/0x4a0 [ 115.031925][ T9337] fbcon_modechanged+0x5bd/0x780 [ 115.031925][ T9337] fbcon_update_vcs+0x3a/0x50 [ 115.031925][ T9337] fb_set_var+0xad0/0xd40 [ 115.031925][ T9337] ? fb_blank+0x190/0x190 [ 115.031925][ T9337] ? do_fb_ioctl+0x348/0x7d0 [ 115.031925][ T9337] ? lock_acquire+0x197/0x420 [ 115.031925][ T9337] ? do_fb_ioctl+0x335/0x7d0 [ 115.031925][ T9337] do_fb_ioctl+0x390/0x7d0 [ 115.031925][ T9337] ? fb_mmap+0x550/0x550 [ 115.031925][ T9337] ? tomoyo_execute_permission+0x470/0x470 [ 115.031925][ T9337] ? trace_hardirqs_off+0x50/0x220 [ 115.031925][ T9337] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 115.031925][ T9337] ? do_vfs_ioctl+0x506/0x12c0 [ 115.031925][ T9337] ? up_read+0x1ab/0x750 [ 115.031925][ T9337] fb_ioctl+0xdd/0x130 [ 115.031925][ T9337] ? do_fb_ioctl+0x7d0/0x7d0 [ 115.031925][ T9337] ksys_ioctl+0x11a/0x180 [ 115.031925][ T9337] __x64_sys_ioctl+0x6f/0xb0 [ 115.031925][ T9337] ? lockdep_hardirqs_on+0x417/0x5d0 [ 115.031925][ T9337] do_syscall_64+0xf6/0x7d0 [ 115.031925][ T9337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.031925][ T9337] RIP: 0033:0x433d29 [ 115.031925][ T9337] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.031925][ T9337] RSP: 002b:00007fff33d61508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.031925][ T9337] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d29 [ 115.031925][ T9337] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 115.031925][ T9337] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0 [ 115.031925][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bc0 [ 115.031925][ T9337] R13: 0000000000401c50 R14: 0000000000000000 R15: 0000000000000000 [ 115.031925][ T9337] [ 115.031925][ T9337] [ 115.031925][ T9337] Memory state around the buggy address: [ 115.031925][ T9337] ffffc90009620f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.031925][ T9337] ffffc90009620f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 115.031925][ T9337] >ffffc90009621000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 115.031925][ T9337] ^ [ 115.031925][ T9337] ffffc90009621080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 115.031925][ T9337] ffffc90009621100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 115.031925][ T9337] ================================================================== [ 115.031925][ T9337] Disabling lock debugging due to kernel taint [ 115.039373][ T9337] Kernel panic - not syncing: panic_on_warn set ... [ 115.039396][ T9337] CPU: 3 PID: 9337 Comm: syz-executor767 Tainted: G B 5.6.0-rc6-syzkaller #0 [ 115.039400][ T9337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 115.039402][ T9337] Call Trace: [ 115.039482][ T9337] dump_stack+0x188/0x20d [ 115.039492][ T9337] panic+0x2e3/0x75c [ 115.039500][ T9337] ? add_taint.cold+0x16/0x16 [ 115.039510][ T9337] ? preempt_schedule_common+0x5e/0xc0 [ 115.039518][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.039526][ T9337] ? ___preempt_schedule+0x16/0x18 [ 115.039536][ T9337] ? trace_hardirqs_on+0x55/0x220 [ 115.039543][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.039551][ T9337] end_report+0x43/0x49 [ 115.039557][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.039564][ T9337] __kasan_report.cold+0xd/0x32 [ 115.039573][ T9337] ? mark_lock+0x61/0x1220 [ 115.039583][ T9337] ? bitfill_aligned+0x34b/0x410 [ 115.039591][ T9337] kasan_report+0xe/0x20 [ 115.039597][ T9337] bitfill_aligned+0x34b/0x410 [ 115.039606][ T9337] sys_fillrect+0x415/0x7a0 [ 115.039612][ T9337] ? sys_fillrect+0x7a0/0x7a0 [ 115.039624][ T9337] drm_fb_helper_sys_fillrect+0x1c/0x190 [ 115.039631][ T9337] bit_clear_margins+0x2d5/0x4a0 [ 115.039638][ T9337] ? bit_bmove+0x210/0x210 [ 115.039648][ T9337] ? fbcon_clear_margins+0x131/0x240 [ 115.039655][ T9337] ? fbcon_clear_margins+0x13e/0x240 [ 115.039664][ T9337] fbcon_clear_margins+0x1de/0x240 [ 115.039672][ T9337] fbcon_switch+0xd1b/0x1740 [ 115.039682][ T9337] ? fbcon_set_def_font+0x370/0x370 [ 115.039696][ T9337] ? fbcon_cursor+0x477/0x650 [ 115.039701][ T9337] ? bit_clear+0x4e0/0x4e0 [ 115.039710][ T9337] ? is_console_locked+0x5/0x10 [ 115.039716][ T9337] ? fbcon_set_origin+0x26/0x50 [ 115.039726][ T9337] redraw_screen+0x2a8/0x770 [ 115.039734][ T9337] ? respond_string+0x290/0x290 [ 115.039742][ T9337] ? fbcon_set_palette+0x3b1/0x4a0 [ 115.039751][ T9337] fbcon_modechanged+0x5bd/0x780 [ 115.039761][ T9337] fbcon_update_vcs+0x3a/0x50 [ 115.039768][ T9337] fb_set_var+0xad0/0xd40 [ 115.039775][ T9337] ? fb_blank+0x190/0x190 [ 115.039783][ T9337] ? do_fb_ioctl+0x348/0x7d0 [ 115.039802][ T9337] ? lock_acquire+0x197/0x420 [ 115.039808][ T9337] ? do_fb_ioctl+0x335/0x7d0 [ 115.039817][ T9337] do_fb_ioctl+0x390/0x7d0 [ 115.039824][ T9337] ? fb_mmap+0x550/0x550 [ 115.039832][ T9337] ? tomoyo_execute_permission+0x470/0x470 [ 115.039840][ T9337] ? trace_hardirqs_off+0x50/0x220 [ 115.039855][ T9337] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 115.039863][ T9337] ? do_vfs_ioctl+0x506/0x12c0 [ 115.039877][ T9337] ? up_read+0x1ab/0x750 [ 115.039887][ T9337] fb_ioctl+0xdd/0x130 [ 115.039894][ T9337] ? do_fb_ioctl+0x7d0/0x7d0 [ 115.039900][ T9337] ksys_ioctl+0x11a/0x180 [ 115.039909][ T9337] __x64_sys_ioctl+0x6f/0xb0 [ 115.039915][ T9337] ? lockdep_hardirqs_on+0x417/0x5d0 [ 115.039922][ T9337] do_syscall_64+0xf6/0x7d0 [ 115.039931][ T9337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.039936][ T9337] RIP: 0033:0x433d29 [ 115.039945][ T9337] Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.039948][ T9337] RSP: 002b:00007fff33d61508 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.039956][ T9337] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d29 [ 115.039960][ T9337] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 115.039964][ T9337] RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0 [ 115.039968][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bc0 [ 115.039972][ T9337] R13: 0000000000401c50 R14: 0000000000000000 R15: 0000000000000000 [ 115.047431][ T9337] Kernel Offset: disabled [ 115.047958][ T9337] Rebooting in 86400 seconds..