Warning: Permanently added '[localhost]:61884' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 105.787756][ T48] audit: type=1400 audit(1613411207.954:8): avc: denied { execmem } for pid=8647 comm="syz-executor566" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 105.878622][ T8649] ================================================================== [ 105.878692][ T8649] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x12f4/0x1430 [ 105.878946][ T8649] Write of size 4 at addr ffffc9000bc91000 by task syz-executor566/8649 [ 105.878969][ T8649] [ 105.879067][ T8649] CPU: 3 PID: 8649 Comm: syz-executor566 Not tainted 5.11.0-syzkaller #0 [ 105.879093][ T8649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 [ 105.879129][ T8649] Call Trace: [ 105.879178][ T8649] dump_stack+0x107/0x163 [ 105.879428][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.879456][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.879479][ T8649] print_address_description.constprop.0.cold+0x5/0x2c6 [ 105.879545][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.879581][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.879605][ T8649] kasan_report.cold+0x79/0xd5 [ 105.879636][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.879665][ T8649] sys_imageblit+0x12f4/0x1430 [ 105.879705][ T8649] ? drm_fb_helper_damage.isra.0+0x2c4/0x380 [ 105.879758][ T8649] drm_fbdev_fb_imageblit+0x15c/0x350 [ 105.879788][ T8649] bit_putcs+0x6e1/0xd20 [ 105.879835][ T8649] ? bit_clear+0x4f0/0x4f0 [ 105.879870][ T8649] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 105.879975][ T8649] ? fb_get_color_depth+0x11a/0x240 [ 105.880003][ T8649] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 105.880049][ T8649] ? bit_clear+0x4f0/0x4f0 [ 105.880072][ T8649] fbcon_putcs+0x35a/0x450 [ 105.880106][ T8649] do_update_region+0x399/0x630 [ 105.880161][ T8649] ? con_get_trans_old+0x2a0/0x2a0 [ 105.880186][ T8649] ? fb_get_color_depth+0x11a/0x240 [ 105.880218][ T8649] ? fbcon_set_palette+0x462/0x630 [ 105.880242][ T8649] ? var_to_display+0x7f0/0x7f0 [ 105.880364][ T8649] redraw_screen+0x658/0x790 [ 105.880396][ T8649] ? vc_init+0x5a0/0x5a0 [ 105.880426][ T8649] ? fbcon_set_palette+0x462/0x630 [ 105.880456][ T8649] fbcon_modechanged+0x593/0x6d0 [ 105.880492][ T8649] fbcon_update_vcs+0x3a/0x50 [ 105.880517][ T8649] do_fb_ioctl+0x62e/0x690 [ 105.880545][ T8649] ? fb_getput_cmap+0x270/0x270 [ 105.880571][ T8649] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 105.880732][ T8649] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 105.880762][ T8649] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 105.880789][ T8649] ? do_vfs_ioctl+0x27d/0x1090 [ 105.880863][ T8649] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 105.880890][ T8649] ? vmacache_update+0xce/0x140 [ 105.880962][ T8649] ? security_file_ioctl+0x5c/0xb0 [ 105.880995][ T8649] fb_ioctl+0xe7/0x150 [ 105.881018][ T8649] ? do_fb_ioctl+0x690/0x690 [ 105.881043][ T8649] __x64_sys_ioctl+0x193/0x200 [ 105.881070][ T8649] do_syscall_64+0x2d/0x70 [ 105.883084][ T8649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 105.883139][ T8649] RIP: 0033:0x43fd49 [ 105.883649][ T8649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 105.883672][ T8649] RSP: 002b:00007fff0eaf1448 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.883807][ T8649] RAX: ffffffffffffffda RBX: 0000000000019c10 RCX: 000000000043fd49 [ 105.883843][ T8649] RDX: 0000000020000080 RSI: 0000000000004601 RDI: 0000000000000003 [ 105.883857][ T8649] RBP: 0000000000000000 R08: 00007fff0eaf15e8 R09: 00007fff0eaf15e8 [ 105.883892][ T8649] R10: 00007fff0eaf0ec0 R11: 0000000000000246 R12: 00007fff0eaf145c [ 105.883908][ T8649] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 [ 105.884058][ T8649] [ 105.884066][ T8649] [ 105.884070][ T8649] Memory state around the buggy address: [ 105.884125][ T8649] ffffc9000bc90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.884180][ T8649] ffffc9000bc90f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 105.884195][ T8649] >ffffc9000bc91000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 105.884206][ T8649] ^ [ 105.884217][ T8649] ffffc9000bc91080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 105.884232][ T8649] ffffc9000bc91100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 105.884243][ T8649] ================================================================== [ 105.884251][ T8649] Disabling lock debugging due to kernel taint [ 105.884329][ T8649] Kernel panic - not syncing: panic_on_warn set ... [ 105.884339][ T8649] CPU: 3 PID: 8649 Comm: syz-executor566 Tainted: G B 5.11.0-syzkaller #0 [ 105.884362][ T8649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 [ 105.884401][ T8649] Call Trace: [ 105.884409][ T8649] dump_stack+0x107/0x163 [ 105.884440][ T8649] ? sys_imageblit+0x12d0/0x1430 [ 105.884463][ T8649] panic+0x306/0x73d [ 105.884484][ T8649] ? __warn_printk+0xf3/0xf3 [ 105.884506][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.884526][ T8649] ? trace_hardirqs_on+0x51/0x1c0 [ 105.884555][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.884576][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.884598][ T8649] end_report+0x58/0x5e [ 105.884623][ T8649] kasan_report.cold+0x67/0xd5 [ 105.884648][ T8649] ? sys_imageblit+0x12f4/0x1430 [ 105.884677][ T8649] sys_imageblit+0x12f4/0x1430 [ 105.884703][ T8649] ? drm_fb_helper_damage.isra.0+0x2c4/0x380 [ 105.884726][ T8649] drm_fbdev_fb_imageblit+0x15c/0x350 [ 105.884748][ T8649] bit_putcs+0x6e1/0xd20 [ 105.884773][ T8649] ? bit_clear+0x4f0/0x4f0 [ 105.884794][ T8649] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 105.884818][ T8649] ? fb_get_color_depth+0x11a/0x240 [ 105.884843][ T8649] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 105.884876][ T8649] ? bit_clear+0x4f0/0x4f0 [ 105.884895][ T8649] fbcon_putcs+0x35a/0x450 [ 105.884923][ T8649] do_update_region+0x399/0x630 [ 105.884946][ T8649] ? con_get_trans_old+0x2a0/0x2a0 [ 105.884968][ T8649] ? fb_get_color_depth+0x11a/0x240 [ 105.884992][ T8649] ? fbcon_set_palette+0x462/0x630 [ 105.885010][ T8649] ? var_to_display+0x7f0/0x7f0 [ 105.885030][ T8649] redraw_screen+0x658/0x790 [ 105.885057][ T8649] ? vc_init+0x5a0/0x5a0 [ 105.885079][ T8649] ? fbcon_set_palette+0x462/0x630 [ 105.885100][ T8649] fbcon_modechanged+0x593/0x6d0 [ 105.885123][ T8649] fbcon_update_vcs+0x3a/0x50 [ 105.885142][ T8649] do_fb_ioctl+0x62e/0x690 [ 105.885164][ T8649] ? fb_getput_cmap+0x270/0x270 [ 105.885191][ T8649] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 105.885217][ T8649] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 105.885242][ T8649] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 105.885268][ T8649] ? do_vfs_ioctl+0x27d/0x1090 [ 105.885290][ T8649] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 105.885315][ T8649] ? vmacache_update+0xce/0x140 [ 105.885336][ T8649] ? security_file_ioctl+0x5c/0xb0 [ 105.885359][ T8649] fb_ioctl+0xe7/0x150 [ 105.885382][ T8649] ? do_fb_ioctl+0x690/0x690 [ 105.885402][ T8649] __x64_sys_ioctl+0x193/0x200 [ 105.885423][ T8649] do_syscall_64+0x2d/0x70 [ 105.885445][ T8649] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 105.885466][ T8649] RIP: 0033:0x43fd49 [ 105.885480][ T8649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 105.885498][ T8649] RSP: 002b:00007fff0eaf1448 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.885518][ T8649] RAX: ffffffffffffffda RBX: 0000000000019c10 RCX: 000000000043fd49 [ 105.885531][ T8649] RDX: 0000000020000080 RSI: 0000000000004601 RDI: 0000000000000003 [ 105.885543][ T8649] RBP: 0000000000000000 R08: 00007fff0eaf15e8 R09: 00007fff0eaf15e8 [ 105.885555][ T8649] R10: 00007fff0eaf0ec0 R11: 0000000000000246 R12: 00007fff0eaf145c [ 105.885569][ T8649] R13: 431bde82d7b634db R14: 00000000004ae018 R15: 0000000000400488 [ 105.887838][ T8649] Dumping ftrace buffer: [ 105.887942][ T8649] (ftrace buffer empty) [ 105.887947][ T8649] Kernel Offset: disabled [ 106.907835][ T8649] Rebooting in 1 seconds.. [ 107.938469][ T8649] ACPI MEMORY or I/O RESET_REG. Connection to localhost closed by remote host. VM DIAGNOSIS: 17:46:48 Registers: info registers vcpu 0 RAX=ae03000200000021 RBX=ffff88802ca19460 RCX=ffffffff81291958 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8da39c18 RBP=0000000000000000 RSP=ffffc90000007f68 R8 =0000000000000000 R9 =ffffffff8da39c1f R10=fffffbfff1b47383 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81291990 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007efe02cac500 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055ecc955b228 CR3=000000001411e000 CR4=00150ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00009fc0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=7379732f646d65747379732f62696c2f XMM01=2e6c6c756e7974742d7665642f6d6574 XMM02=00642e6563697665642e6c6c756e7974 XMM03=742d7665642f6d65747379732f646d65 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=2f2f51d12db59466188395544526838b XMM10=2f2f51d12db81a432f2f7ac3e6662f1a XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ae03000200000021 RBX=ffff88802cb19460 RCX=ffffffff81291958 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8da39c18 RBP=0000000000000001 RSP=ffffc90000508f68 R8 =0000000000000000 R9 =ffffffff8da39c1f R10=fffffbfff1b47383 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81291990 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000004ae0f0 CR3=000000002083b000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=363635726f7475636578652d7a79732f XMM02=00000000000000000000000000000000 XMM03=000000000000000000000000000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=ae03000200000021 RBX=ffff88802cc19460 RCX=ffffffff81291958 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff8da39c18 RBP=0000000000000002 RSP=ffffc90000560f68 R8 =0000000000000000 R9 =ffffffff8da39c1f R10=fffffbfff1b47383 R11=0000000000000000 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff81291990 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000004b11d0 CR3=000000000ba8e000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff000000000000ffff000000000000 XMM02=0000000000000000000000ff00000000 XMM03=000000000000000000000000000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=2f666c65732f636f72702f0030303031 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8418c51c RDI=ffffffff9069a5c0 RBP=ffffffff9069a580 RSP=ffffc90001087280 R8 =000000000000005d R9 =0000000000000000 R10=ffffffff8418c50d R11=000000000000001f R12=0000000000000000 R13=fffffbfff20d3503 R14=fffffbfff20d34ba R15=dffffc0000000000 RIP=ffffffff8418c542 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000001536300 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055ecc9558748 CR3=0000000024c57000 CR4=00150ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=6c656e72656b2072656c6c616b7a7973 XMM01=203a7469647561205d3834542020205b XMM02=383a3435392e37303231313433313631 XMM03=726f66207d206d656d63657865207b20 XMM04=2038343a36343a373120353120626546 XMM05=65636f72703d7373616c63742030733a XMM06=733a755f6d65747379733d747865746e XMM07=725f6d65747379733a755f6d65747379 XMM08=6f7475636578652d7a7973223d6d6d6f XMM09=0000ffffffffffffffffffffffffff00 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000