Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.773472] audit: type=1400 audit(1599156731.629:8): avc: denied { execmem } for pid=6474 comm="syz-executor062" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.884465] ================================================================== [ 39.884495] BUG: KASAN: global-out-of-bounds in fbcon_resize+0x7b5/0x860 [ 39.884501] Read of size 4 at addr ffffffff87cd6258 by task syz-executor062/6474 [ 39.884503] [ 39.884513] CPU: 1 PID: 6474 Comm: syz-executor062 Not tainted 4.19.143-syzkaller #0 [ 39.884517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.884520] Call Trace: [ 39.884530] dump_stack+0x1fc/0x2fe [ 39.884542] print_address_description.cold+0x5/0x219 [ 39.884551] kasan_report_error.cold+0x8a/0x1c7 [ 39.884558] ? fbcon_resize+0x7b5/0x860 [ 39.884565] __asan_report_load4_noabort+0x88/0x90 [ 39.884573] ? fbcon_resize+0x7b5/0x860 [ 39.884581] fbcon_resize+0x7b5/0x860 [ 39.884591] ? display_to_var+0x7b0/0x7b0 [ 39.884610] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.884618] ? __kmalloc+0x38e/0x3c0 [ 39.884625] ? vc_do_resize+0x2ff/0x1410 [ 39.884632] ? display_to_var+0x7b0/0x7b0 [ 39.884639] vc_do_resize+0x53e/0x1410 [ 39.884654] ? redraw_screen+0x870/0x870 [ 39.884664] ? lock_acquire+0x170/0x3c0 [ 39.884671] ? vt_ioctl+0xabe/0x2580 [ 39.884682] vt_ioctl+0xb23/0x2580 [ 39.884691] ? vt_waitactive+0x350/0x350 [ 39.884701] ? avc_has_extended_perms+0x86d/0xea0 [ 39.884710] ? __save_stack_trace+0xaf/0x190 [ 39.884719] ? avc_ss_reset+0x170/0x170 [ 39.884727] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 39.884737] ? tty_jobctrl_ioctl+0x4d/0xed0 [ 39.884744] ? vt_waitactive+0x350/0x350 [ 39.884751] tty_ioctl+0x5b0/0x15c0 [ 39.884759] ? do_sys_open+0x2ba/0x520 [ 39.884766] ? tty_fasync+0x300/0x300 [ 39.884774] ? mark_held_locks+0xf0/0xf0 [ 39.884786] ? debug_check_no_obj_freed+0x201/0x482 [ 39.884795] ? lock_downgrade+0x720/0x720 [ 39.884802] ? lock_acquire+0x170/0x3c0 [ 39.884810] ? tty_fasync+0x300/0x300 [ 39.884819] do_vfs_ioctl+0xcdb/0x12e0 [ 39.884827] ? selinux_file_ioctl+0x506/0x6c0 [ 39.884834] ? ioctl_preallocate+0x200/0x200 [ 39.884842] ? selinux_inode_link+0x20/0x20 [ 39.884850] ? putname+0xe1/0x120 [ 39.884857] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.884865] ? putname+0xe1/0x120 [ 39.884878] ksys_ioctl+0x9b/0xc0 [ 39.884887] __x64_sys_ioctl+0x6f/0xb0 [ 39.884894] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 39.884902] do_syscall_64+0xf9/0x620 [ 39.884912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.884918] RIP: 0033:0x4402a9 [ 39.884927] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.884931] RSP: 002b:00007fffeebef608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.884938] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9 [ 39.884943] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000004 [ 39.884947] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 39.884951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 39.884955] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000 [ 39.884964] [ 39.884967] The buggy address belongs to the variable: [ 39.884973] font_vga_8x16+0x58/0x60 [ 39.884975] [ 39.884977] Memory state around the buggy address: [ 39.884983] ffffffff87cd6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.884989] ffffffff87cd6180: 00 00 00 00 fa fa fa fa 00 fa fa fa fa fa fa fa [ 39.884994] >ffffffff87cd6200: 00 00 00 00 00 fa fa fa fa fa fa fa 00 00 00 00 [ 39.884997] ^ [ 39.885002] ffffffff87cd6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.885007] ffffffff87cd6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.885010] ================================================================== [ 39.885012] Disabling lock debugging due to kernel taint [ 39.885016] Kernel panic - not syncing: panic_on_warn set ... [ 39.885016] [ 39.885023] CPU: 1 PID: 6474 Comm: syz-executor062 Tainted: G B 4.19.143-syzkaller #0 [ 39.885027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.885028] Call Trace: [ 39.885034] dump_stack+0x1fc/0x2fe [ 39.885042] panic+0x26a/0x50e [ 39.885049] ? __warn_printk+0xf3/0xf3 [ 39.885056] ? lock_downgrade+0x720/0x720 [ 39.885063] ? print_shadow_for_address+0xb8/0x114 [ 39.885070] ? trace_hardirqs_on+0x55/0x210 [ 39.885078] kasan_end_report+0x43/0x49 [ 39.885084] kasan_report_error.cold+0xa7/0x1c7 [ 39.885091] ? fbcon_resize+0x7b5/0x860 [ 39.885097] __asan_report_load4_noabort+0x88/0x90 [ 39.885104] ? fbcon_resize+0x7b5/0x860 [ 39.885111] fbcon_resize+0x7b5/0x860 [ 39.885119] ? display_to_var+0x7b0/0x7b0 [ 39.885131] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.885137] ? __kmalloc+0x38e/0x3c0 [ 39.885143] ? vc_do_resize+0x2ff/0x1410 [ 39.885149] ? display_to_var+0x7b0/0x7b0 [ 39.885155] vc_do_resize+0x53e/0x1410 [ 39.885166] ? redraw_screen+0x870/0x870 [ 39.885172] ? lock_acquire+0x170/0x3c0 [ 39.885178] ? vt_ioctl+0xabe/0x2580 [ 39.885187] vt_ioctl+0xb23/0x2580 [ 39.885194] ? vt_waitactive+0x350/0x350 [ 39.885201] ? avc_has_extended_perms+0x86d/0xea0 [ 39.885207] ? __save_stack_trace+0xaf/0x190 [ 39.885215] ? avc_ss_reset+0x170/0x170 [ 39.885221] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 39.885228] ? tty_jobctrl_ioctl+0x4d/0xed0 [ 39.885234] ? vt_waitactive+0x350/0x350 [ 39.885241] tty_ioctl+0x5b0/0x15c0 [ 39.885247] ? do_sys_open+0x2ba/0x520 [ 39.885253] ? tty_fasync+0x300/0x300 [ 39.885260] ? mark_held_locks+0xf0/0xf0 [ 39.885268] ? debug_check_no_obj_freed+0x201/0x482 [ 39.885276] ? lock_downgrade+0x720/0x720 [ 39.885282] ? lock_acquire+0x170/0x3c0 [ 39.885288] ? tty_fasync+0x300/0x300 [ 39.885295] do_vfs_ioctl+0xcdb/0x12e0 [ 39.885302] ? selinux_file_ioctl+0x506/0x6c0 [ 39.885309] ? ioctl_preallocate+0x200/0x200 [ 39.885316] ? selinux_inode_link+0x20/0x20 [ 39.885323] ? putname+0xe1/0x120 [ 39.885329] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.885336] ? putname+0xe1/0x120 [ 39.885345] ksys_ioctl+0x9b/0xc0 [ 39.885353] __x64_sys_ioctl+0x6f/0xb0 [ 39.885359] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 39.885366] do_syscall_64+0xf9/0x620 [ 39.885374] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.885378] RIP: 0033:0x4402a9 [ 39.885384] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.885388] RSP: 002b:00007fffeebef608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.885394] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9 [ 39.885397] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000004 [ 39.885401] RBP: 00000000006ca018 R08: 000000000000000d R09: 00000000004002c8 [ 39.885410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10 [ 39.885414] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000 [ 39.886771] Kernel Offset: disabled [ 40.557539] Rebooting in 86400 seconds..