[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 62.379458][ T27] audit: type=1800 audit(1576508140.776:25): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 62.399386][ T27] audit: type=1800 audit(1576508140.776:26): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 62.421079][ T27] audit: type=1800 audit(1576508140.776:27): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 74.525993][ T9091] ================================================================== [ 74.526033][ T9091] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200 [ 74.526041][ T9091] Read of size 2 at addr ffffffff8875111e by task syz-executor683/9091 [ 74.526043][ T9091] [ 74.526053][ T9091] CPU: 1 PID: 9091 Comm: syz-executor683 Not tainted 5.5.0-rc1-syzkaller #0 [ 74.526058][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.526061][ T9091] Call Trace: [ 74.526074][ T9091] dump_stack+0x197/0x210 [ 74.526081][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526093][ T9091] print_address_description.constprop.0.cold+0x5/0x30b [ 74.526099][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526106][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526114][ T9091] __kasan_report.cold+0x1b/0x41 [ 74.526123][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526132][ T9091] kasan_report+0x12/0x20 [ 74.526140][ T9091] __asan_report_load2_noabort+0x14/0x20 [ 74.526147][ T9091] vga16fb_imageblit+0x1c8b/0x2200 [ 74.526155][ T9091] ? mark_lock+0xdf/0x1220 [ 74.526169][ T9091] soft_cursor+0x4fb/0xa30 [ 74.526177][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0 [ 74.526189][ T9091] bit_cursor+0x12fc/0x1a60 [ 74.526201][ T9091] ? bit_clear+0x530/0x530 [ 74.526210][ T9091] ? fbcon_putcs+0x33c/0x3e0 [ 74.526217][ T9091] ? fbcon_putcs+0x343/0x3e0 [ 74.526232][ T9091] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 74.526241][ T9091] ? get_color+0x225/0x430 [ 74.526249][ T9091] fbcon_cursor+0x487/0x660 [ 74.526256][ T9091] ? bit_clear+0x530/0x530 [ 74.526267][ T9091] set_cursor+0x1fb/0x280 [ 74.526276][ T9091] redraw_screen+0x4e1/0x7d0 [ 74.526282][ T9091] ? efifb_probe.cold+0x181f/0x181f [ 74.526291][ T9091] ? respond_string+0x2c0/0x2c0 [ 74.526301][ T9091] ? fbcon_set_palette+0x3c4/0x4a0 [ 74.526312][ T9091] fbcon_modechanged+0x5c3/0x790 [ 74.526323][ T9091] fbcon_update_vcs+0x42/0x50 [ 74.526331][ T9091] fb_set_var+0xb32/0xdd0 [ 74.526340][ T9091] ? fb_blank+0x1a0/0x1a0 [ 74.526347][ T9091] ? lock_acquire+0x190/0x410 [ 74.526360][ T9091] ? __mutex_lock+0x458/0x13c0 [ 74.526368][ T9091] ? down+0x50/0x90 [ 74.526387][ T9091] ? do_fb_ioctl+0x335/0x7d0 [ 74.526400][ T9091] do_fb_ioctl+0x390/0x7d0 [ 74.526408][ T9091] ? fb_mmap+0x520/0x520 [ 74.526414][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0 [ 74.526427][ T9091] ? tomoyo_path_number_perm+0x454/0x520 [ 74.526437][ T9091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 74.526444][ T9091] ? tomoyo_path_number_perm+0x25e/0x520 [ 74.526454][ T9091] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 74.526479][ T9091] fb_compat_ioctl+0x305/0xc50 [ 74.526488][ T9091] ? fb_release+0x150/0x150 [ 74.526501][ T9091] ? do_sys_open+0x31d/0x5d0 [ 74.526513][ T9091] ? tomoyo_file_ioctl+0x23/0x30 [ 74.526521][ T9091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.526529][ T9091] ? security_file_ioctl+0x8d/0xc0 [ 74.526540][ T9091] __ia32_compat_sys_ioctl+0x233/0x610 [ 74.526548][ T9091] ? fb_release+0x150/0x150 [ 74.526561][ T9091] do_fast_syscall_32+0x27b/0xe16 [ 74.526573][ T9091] entry_SYSENTER_compat+0x70/0x7f [ 74.526580][ T9091] RIP: 0023:0xf7f5ea39 [ 74.526590][ T9091] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 74.526594][ T9091] RSP: 002b:00000000fff15d3c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 74.526603][ T9091] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 74.526607][ T9091] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000fff15d90 [ 74.526612][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 74.526616][ T9091] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 74.526621][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 74.526631][ T9091] [ 74.526634][ T9091] The buggy address belongs to the variable: [ 74.526642][ T9091] transl_h+0x3e/0x40 [ 74.526644][ T9091] [ 74.526647][ T9091] Memory state around the buggy address: [ 74.526654][ T9091] ffffffff88751000: 00 00 00 00 fa fa fa fa 00 00 00 00 00 fa fa fa [ 74.526660][ T9091] ffffffff88751080: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00 [ 74.526666][ T9091] >ffffffff88751100: fa fa fa fa 00 00 00 00 fa fa fa fa 00 01 fa fa [ 74.526669][ T9091] ^ [ 74.526675][ T9091] ffffffff88751180: fa fa fa fa 00 00 00 04 fa fa fa fa 00 00 04 fa [ 74.526681][ T9091] ffffffff88751200: fa fa fa fa 00 00 00 00 00 00 02 fa fa fa fa fa [ 74.526684][ T9091] ================================================================== [ 74.526687][ T9091] Disabling lock debugging due to kernel taint [ 74.526691][ T9091] Kernel panic - not syncing: panic_on_warn set ... [ 74.526699][ T9091] CPU: 1 PID: 9091 Comm: syz-executor683 Tainted: G B 5.5.0-rc1-syzkaller #0 [ 74.526703][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.526705][ T9091] Call Trace: [ 74.526712][ T9091] dump_stack+0x197/0x210 [ 74.526722][ T9091] panic+0x2e3/0x75c [ 74.526729][ T9091] ? add_taint.cold+0x16/0x16 [ 74.526740][ T9091] ? trace_hardirqs_on+0x67/0x240 [ 74.526747][ T9091] ? trace_hardirqs_on+0x5e/0x240 [ 74.526754][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526761][ T9091] end_report+0x47/0x4f [ 74.526767][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526773][ T9091] __kasan_report.cold+0xe/0x41 [ 74.526780][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200 [ 74.526787][ T9091] kasan_report+0x12/0x20 [ 74.526795][ T9091] __asan_report_load2_noabort+0x14/0x20 [ 74.526801][ T9091] vga16fb_imageblit+0x1c8b/0x2200 [ 74.526807][ T9091] ? mark_lock+0xdf/0x1220 [ 74.526816][ T9091] soft_cursor+0x4fb/0xa30 [ 74.526822][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0 [ 74.526831][ T9091] bit_cursor+0x12fc/0x1a60 [ 74.526839][ T9091] ? bit_clear+0x530/0x530 [ 74.526846][ T9091] ? fbcon_putcs+0x33c/0x3e0 [ 74.526853][ T9091] ? fbcon_putcs+0x343/0x3e0 [ 74.526863][ T9091] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 74.526870][ T9091] ? get_color+0x225/0x430 [ 74.526877][ T9091] fbcon_cursor+0x487/0x660 [ 74.526883][ T9091] ? bit_clear+0x530/0x530 [ 74.526890][ T9091] set_cursor+0x1fb/0x280 [ 74.526898][ T9091] redraw_screen+0x4e1/0x7d0 [ 74.526903][ T9091] ? efifb_probe.cold+0x181f/0x181f [ 74.526911][ T9091] ? respond_string+0x2c0/0x2c0 [ 74.526919][ T9091] ? fbcon_set_palette+0x3c4/0x4a0 [ 74.526935][ T9091] fbcon_modechanged+0x5c3/0x790 [ 74.526944][ T9091] fbcon_update_vcs+0x42/0x50 [ 74.526951][ T9091] fb_set_var+0xb32/0xdd0 [ 74.526958][ T9091] ? fb_blank+0x1a0/0x1a0 [ 74.526964][ T9091] ? lock_acquire+0x190/0x410 [ 74.526972][ T9091] ? __mutex_lock+0x458/0x13c0 [ 74.526979][ T9091] ? down+0x50/0x90 [ 74.526991][ T9091] ? do_fb_ioctl+0x335/0x7d0 [ 74.527000][ T9091] do_fb_ioctl+0x390/0x7d0 [ 74.527006][ T9091] ? fb_mmap+0x520/0x520 [ 74.527012][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0 [ 74.527020][ T9091] ? tomoyo_path_number_perm+0x454/0x520 [ 74.527029][ T9091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 74.527036][ T9091] ? tomoyo_path_number_perm+0x25e/0x520 [ 74.527043][ T9091] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 74.527059][ T9091] fb_compat_ioctl+0x305/0xc50 [ 74.527066][ T9091] ? fb_release+0x150/0x150 [ 74.527072][ T9091] ? do_sys_open+0x31d/0x5d0 [ 74.527080][ T9091] ? tomoyo_file_ioctl+0x23/0x30 [ 74.527088][ T9091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.527094][ T9091] ? security_file_ioctl+0x8d/0xc0 [ 74.527102][ T9091] __ia32_compat_sys_ioctl+0x233/0x610 [ 74.527109][ T9091] ? fb_release+0x150/0x150 [ 74.527117][ T9091] do_fast_syscall_32+0x27b/0xe16 [ 74.527125][ T9091] entry_SYSENTER_compat+0x70/0x7f [ 74.527130][ T9091] RIP: 0023:0xf7f5ea39 [ 74.527137][ T9091] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 74.527141][ T9091] RSP: 002b:00000000fff15d3c EFLAGS: 00000213 ORIG_RAX: 0000000000000036 [ 74.527147][ T9091] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 74.527151][ T9091] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000fff15d90 [ 74.527155][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 74.527159][ T9091] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 74.527163][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 74.528648][ T9091] Kernel Offset: disabled [ 75.354257][ T9091] Rebooting in 86400 seconds..