================================================================== BUG: KASAN: out-of-bounds in syscall_get_arguments arch/x86/include/asm/syscall.h:131 [inline] BUG: KASAN: out-of-bounds in trace_event_raw_event_sys_enter+0x12d/0x4d0 include/trace/events/syscalls.h:18 Read of size 8 at addr ffffc900086f7668 by task syz-executor.5/26701 CPU: 1 PID: 26701 Comm: syz-executor.5 Not tainted 5.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fb/0x318 lib/dump_stack.c:118 print_address_description+0x74/0x5c0 mm/kasan/report.c:374 __kasan_report+0x149/0x1c0 mm/kasan/report.c:506 kasan_report+0x26/0x50 mm/kasan/common.c:639 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 syscall_get_arguments arch/x86/include/asm/syscall.h:131 [inline] trace_event_raw_event_sys_enter+0x12d/0x4d0 include/trace/events/syscalls.h:18 RIP: 0010:__writeq arch/x86/include/asm/io.h:98 [inline] RIP: 0010:bitfill_aligned+0x15d/0x200 drivers/video/fbdev/core/cfbfillrect.c:70 Code: 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 4d 89 34 24 4d 89 74 24 08 4d 89 74 24 10 4d 89 74 24 18 4d 89 74 24 20 4d 89 74 24 28 <4d> 89 74 24 30 4d 89 74 24 38 83 c3 f8 83 fb 07 76 16 49 83 c4 38 RSP: 0018:ffffc900086f7710 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: ffffffff83cbf478 RBX: 0000000003e13405 RCX: 0000000000040000 RDX: ffffc9001522b000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc900086f7760 R08: ffffffff83cbf42d R09: 0000000000000040 R10: ffff888049f80300 R11: 0000000000000002 R12: ffff888001005fd8 R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffff cfb_fillrect+0x57b/0x7a0 drivers/video/fbdev/core/cfbfillrect.c:327 vga16fb_fillrect+0x642/0x1470 drivers/video/fbdev/vga16fb.c:951 bit_clear_margins+0x25a/0x620 drivers/video/fbdev/core/bitblit.c:224 fbcon_clear_margins drivers/video/fbdev/core/fbcon.c:1372 [inline] fbcon_switch+0x1504/0x1f10 drivers/video/fbdev/core/fbcon.c:2354 redraw_screen+0x56e/0x1830 drivers/tty/vt/vt.c:997 fbcon_modechanged+0x810/0xdf0 drivers/video/fbdev/core/fbcon.c:2991 fbcon_update_vcs+0x31/0x40 drivers/video/fbdev/core/fbcon.c:3038 fb_set_var+0x8f5/0xdc0 drivers/video/fbdev/core/fbmem.c:1051 do_fb_ioctl+0x55e/0x780 drivers/video/fbdev/core/fbmem.c:1104 fb_ioctl+0xb9/0xf0 drivers/video/fbdev/core/fbmem.c:1180 do_vfs_ioctl+0x6e2/0x19b0 fs/ioctl.c:47 ksys_ioctl fs/ioctl.c:749 [inline] __do_sys_ioctl fs/ioctl.c:756 [inline] __se_sys_ioctl fs/ioctl.c:754 [inline] __x64_sys_ioctl+0xe3/0x120 fs/ioctl.c:754 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fefb1c25c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fefb1c266d4 RCX: 000000000045b349 RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000002ea R14: 00000000004c3f3a R15: 000000000075bf2c Memory state around the buggy address: ffffc900086f7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc900086f7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc900086f7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffffc900086f7680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc900086f7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================