[ 44.221053] IPVS: ftp: loaded support on port[0] = 21 [ 45.362205] can: request_module (can-proto-0) failed. [ 45.376431] can: request_module (can-proto-0) failed. [ 45.386245] can: request_module (can-proto-0) failed. [ 45.592848] audit: type=1400 audit(1580946032.292:38): avc: denied { create } for pid=7106 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 45.617758] audit: type=1400 audit(1580946032.292:39): avc: denied { create } for pid=7106 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.644334] audit: type=1400 audit(1580946032.292:40): avc: denied { create } for pid=7106 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 45.808851] random: sshd: uninitialized urandom read (32 bytes read) [ 46.708275] random: sshd: uninitialized urandom read (32 bytes read) [ 46.929987] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. 2020/02/05 23:40:39 parsed 1 programs 2020/02/05 23:40:39 executed programs: 0 [ 53.291096] IPVS: ftp: loaded support on port[0] = 21 [ 54.128302] IPVS: ftp: loaded support on port[0] = 21 [ 54.176710] chnl_net:caif_netlink_parms(): no params data found [ 54.222468] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.229486] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.237139] device bridge_slave_0 entered promiscuous mode [ 54.246536] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.253428] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.260743] device bridge_slave_1 entered promiscuous mode [ 54.261776] IPVS: ftp: loaded support on port[0] = 21 [ 54.284796] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.306964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.349303] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.356832] team0: Port device team_slave_0 added [ 54.364513] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.371731] team0: Port device team_slave_1 added [ 54.377010] chnl_net:caif_netlink_parms(): no params data found [ 54.390923] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.407189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.441719] IPVS: ftp: loaded support on port[0] = 21 [ 54.462191] device hsr_slave_0 entered promiscuous mode [ 54.500424] device hsr_slave_1 entered promiscuous mode [ 54.592013] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.605416] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.636146] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.642837] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.649973] device bridge_slave_0 entered promiscuous mode [ 54.658888] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.665807] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.673085] device bridge_slave_1 entered promiscuous mode [ 54.725968] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.743007] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.749566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.756973] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.757488] IPVS: ftp: loaded support on port[0] = 21 [ 54.763623] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.784979] chnl_net:caif_netlink_parms(): no params data found [ 54.794617] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.833506] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.840834] team0: Port device team_slave_0 added [ 54.848220] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.855708] team0: Port device team_slave_1 added [ 54.877666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.909708] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.916312] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.924544] device bridge_slave_0 entered promiscuous mode [ 54.931097] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.938147] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.944824] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.951901] device bridge_slave_1 entered promiscuous mode [ 54.989828] chnl_net:caif_netlink_parms(): no params data found [ 55.072270] device hsr_slave_0 entered promiscuous mode [ 55.110430] device hsr_slave_1 entered promiscuous mode [ 55.161320] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.169098] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.179777] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.188516] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.221171] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.228451] team0: Port device team_slave_0 added [ 55.236600] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.244665] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.273875] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.281552] team0: Port device team_slave_1 added [ 55.282622] IPVS: ftp: loaded support on port[0] = 21 [ 55.290793] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.304256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.318066] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.328106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.378360] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.385038] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.392739] device bridge_slave_0 entered promiscuous mode [ 55.406031] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.425278] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.431813] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.438730] device bridge_slave_1 entered promiscuous mode [ 55.457344] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.512310] device hsr_slave_0 entered promiscuous mode [ 55.550435] device hsr_slave_1 entered promiscuous mode [ 55.593010] chnl_net:caif_netlink_parms(): no params data found [ 55.604003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.612107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.626683] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.635631] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.642225] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.652470] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.668841] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.691437] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.698684] team0: Port device team_slave_0 added [ 55.706250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.713778] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.730651] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.737802] team0: Port device team_slave_1 added [ 55.745387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.753757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.762162] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.768556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.794704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.811953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.828739] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.835641] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.843159] device bridge_slave_0 entered promiscuous mode [ 55.851336] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.857773] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.864942] device bridge_slave_1 entered promiscuous mode [ 55.873225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.880967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.889107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.897373] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.903760] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.913819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.925999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.950363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.958170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.971442] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.983824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.998228] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.008978] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.025148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.033783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.082635] device hsr_slave_0 entered promiscuous mode [ 56.120381] device hsr_slave_1 entered promiscuous mode [ 56.181845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.198228] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.206205] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.214189] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.223687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.231480] team0: Port device team_slave_0 added [ 56.237876] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.250796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.262129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.270214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.277983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.285795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.293970] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.301997] team0: Port device team_slave_1 added [ 56.331995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.354657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.365280] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.373569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.452375] device hsr_slave_0 entered promiscuous mode [ 56.490395] device hsr_slave_1 entered promiscuous mode [ 56.553020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.560872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.568885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.578751] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.585541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.600274] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.609722] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.623040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.630689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.637891] chnl_net:caif_netlink_parms(): no params data found [ 56.665046] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.682310] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.688553] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.698235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.709740] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.738366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.746465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.754756] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.761249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.768306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.780664] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.792901] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 56.801896] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.808299] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.815763] device bridge_slave_0 entered promiscuous mode [ 56.823092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.831765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.839381] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.845814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.854196] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.866294] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.873335] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.879758] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.887343] device bridge_slave_1 entered promiscuous mode [ 56.895281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.904897] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.911965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.925090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.934622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.946806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.966528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.982934] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.995209] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.011382] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.026974] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.035572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.044407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.052821] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.062243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.082216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.096070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.105061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.114247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.122824] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.134547] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.140941] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.153473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.162057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.170151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.177192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.188054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.198974] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.208270] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.216694] team0: Port device team_slave_0 added [ 57.224766] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.232700] team0: Port device team_slave_1 added [ 57.239090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.247657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.257205] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.263760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.275332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.285889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.297566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.304550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.312765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.320792] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.327335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.340947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.351140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.358371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.368817] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.397679] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.397685] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.400773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.422377] ================================================================== [ 57.422417] BUG: KASAN: global-out-of-bounds in fb_pad_aligned_buffer+0xd3/0x130 [ 57.422423] Read of size 1 at addr ffffffff87060736 by task syz-executor.0/7237 [ 57.422425] [ 57.422433] CPU: 0 PID: 7237 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0 [ 57.422435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.422438] Call Trace: [ 57.422449] dump_stack+0xf7/0x13b [ 57.422453] ? fb_pad_aligned_buffer+0xd3/0x130 [ 57.422463] print_address_description.cold.7+0x135/0x1c9 [ 57.422469] ? fb_pad_aligned_buffer+0xd3/0x130 [ 57.422475] kasan_report.cold.8+0x11a/0x2d3 [ 57.422483] __asan_report_load1_noabort+0x14/0x20 [ 57.422488] fb_pad_aligned_buffer+0xd3/0x130 [ 57.422500] bit_putcs+0x7fd/0xee0 [ 57.422514] ? update_attr.isra.1+0x170/0x170 [ 57.422522] ? fb_get_color_depth+0x49/0x60 [ 57.422528] fbcon_putcs+0x2fb/0x5b0 [ 57.422534] ? update_attr.isra.1+0x170/0x170 [ 57.422542] do_update_region+0x304/0x630 [ 57.422546] ? fb_set_cmap+0x34e/0x550 [ 57.422552] ? con_get_trans_old+0x200/0x200 [ 57.422564] redraw_screen+0x50d/0x7f0 [ 57.422567] ? bit_bmove+0x200/0x200 [ 57.422572] ? con_flush_chars+0x60/0x60 [ 57.422584] fbcon_do_set_font+0x656/0xa20 [ 57.422593] ? lock_acquire+0x173/0x400 [ 57.422602] fbcon_copy_font+0x116/0x1a0 [ 57.422609] con_font_op+0x219/0x1020 [ 57.422615] ? __might_fault+0xf1/0x1b0 [ 57.422620] ? lock_downgrade+0x7f0/0x7f0 [ 57.422625] ? con_write+0x80/0x80 [ 57.422634] ? kasan_check_write+0x14/0x20 [ 57.422644] vt_ioctl+0x9d7/0x21d0 [ 57.422651] ? find_held_lock+0x36/0x1d0 [ 57.422658] ? complete_change_console+0x300/0x300 [ 57.422669] ? avc_has_extended_perms+0x477/0x1100 [ 57.422674] ? lock_downgrade+0x7f0/0x7f0 [ 57.422691] ? do_futex+0x573/0x1760 [ 57.422699] tty_ioctl+0x434/0x1260 [ 57.422703] ? avc_ss_reset+0xd0/0xd0 [ 57.422708] ? tty_vhangup+0x20/0x20 [ 57.422713] ? __lock_acquire+0x6a4/0x4500 [ 57.422719] ? trace_hardirqs_on+0x10/0x10 [ 57.422724] ? trace_hardirqs_off+0x10/0x10 [ 57.422745] ? __might_sleep+0x93/0xb0 [ 57.422763] do_vfs_ioctl+0x180/0xfb0 [ 57.422770] ? __fget+0x1ad/0x2f0 [ 57.422777] ? ioctl_preallocate+0x1a0/0x1a0 [ 57.422785] ? __fget+0x1ca/0x2f0 [ 57.422794] ? security_file_ioctl+0x6a/0xa0 [ 57.422798] ? SyS_clock_settime+0x1a0/0x1a0 [ 57.422802] ? security_file_ioctl+0x6a/0xa0 [ 57.422808] SyS_ioctl+0x74/0x80 [ 57.422814] ? do_vfs_ioctl+0xfb0/0xfb0 [ 57.422822] do_syscall_64+0x1c7/0x5b0 [ 57.422827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.422837] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.422843] RIP: 0033:0x45a6f9 [ 57.422846] RSP: 002b:00007febd7cb6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.422852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 57.422855] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 57.422858] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 57.422866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febd7cb76d4 [ 57.422869] R13: 00000000004c382b R14: 00000000004d8d78 R15: 00000000ffffffff [ 57.422881] [ 57.422884] The buggy address belongs to the variable: [ 57.422889] oid_index+0x76/0x9a0 [ 57.422891] [ 57.422893] Memory state around the buggy address: [ 57.422898] ffffffff87060600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.422901] ffffffff87060680: 00 00 00 05 fa fa fa fa 00 00 00 00 00 00 00 00 [ 57.422904] >ffffffff87060700: 00 00 00 00 00 00 06 fa fa fa fa fa 00 02 fa fa [ 57.422906] ^ [ 57.422910] ffffffff87060780: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 02 fa [ 57.422913] ffffffff87060800: fa fa fa fa 00 03 fa fa fa fa fa fa 07 fa fa fa [ 57.422916] ================================================================== [ 57.422918] Disabling lock debugging due to kernel taint [ 57.422971] Kernel panic - not syncing: panic_on_warn set ... [ 57.422971] [ 57.422976] CPU: 0 PID: 7237 Comm: syz-executor.0 Tainted: G B 4.14.170-syzkaller #0 [ 57.422979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.422980] Call Trace: [ 57.422986] dump_stack+0xf7/0x13b [ 57.422991] ? fb_pad_aligned_buffer+0xd3/0x130 [ 57.422996] panic+0x1b0/0x358 [ 57.422999] ? add_taint.cold.5+0x11/0x11 [ 57.423004] ? ___preempt_schedule+0x16/0x18 [ 57.423010] ? fb_pad_aligned_buffer+0xd3/0x130 [ 57.423014] kasan_end_report+0x47/0x4f [ 57.423017] kasan_report.cold.8+0x76/0x2d3 [ 57.423021] __asan_report_load1_noabort+0x14/0x20 [ 57.423024] fb_pad_aligned_buffer+0xd3/0x130 [ 57.423028] bit_putcs+0x7fd/0xee0 [ 57.423036] ? update_attr.isra.1+0x170/0x170 [ 57.423041] ? fb_get_color_depth+0x49/0x60 [ 57.423045] fbcon_putcs+0x2fb/0x5b0 [ 57.423049] ? update_attr.isra.1+0x170/0x170 [ 57.423056] do_update_region+0x304/0x630 [ 57.423060] ? fb_set_cmap+0x34e/0x550 [ 57.423064] ? con_get_trans_old+0x200/0x200 [ 57.423071] redraw_screen+0x50d/0x7f0 [ 57.423074] ? bit_bmove+0x200/0x200 [ 57.423077] ? con_flush_chars+0x60/0x60 [ 57.423082] fbcon_do_set_font+0x656/0xa20 [ 57.423085] ? lock_acquire+0x173/0x400 [ 57.423090] fbcon_copy_font+0x116/0x1a0 [ 57.423094] con_font_op+0x219/0x1020 [ 57.423097] ? __might_fault+0xf1/0x1b0 [ 57.423101] ? lock_downgrade+0x7f0/0x7f0 [ 57.423104] ? con_write+0x80/0x80 [ 57.423109] ? kasan_check_write+0x14/0x20 [ 57.423113] vt_ioctl+0x9d7/0x21d0 [ 57.423117] ? find_held_lock+0x36/0x1d0 [ 57.423121] ? complete_change_console+0x300/0x300 [ 57.423126] ? avc_has_extended_perms+0x477/0x1100 [ 57.423129] ? lock_downgrade+0x7f0/0x7f0 [ 57.423137] ? do_futex+0x573/0x1760 [ 57.423141] tty_ioctl+0x434/0x1260 [ 57.423145] ? avc_ss_reset+0xd0/0xd0 [ 57.423148] ? tty_vhangup+0x20/0x20 [ 57.423151] ? __lock_acquire+0x6a4/0x4500 [ 57.423155] ? trace_hardirqs_on+0x10/0x10 [ 57.423159] ? trace_hardirqs_off+0x10/0x10 [ 57.423169] ? __might_sleep+0x93/0xb0 [ 57.423175] do_vfs_ioctl+0x180/0xfb0 [ 57.423179] ? __fget+0x1ad/0x2f0 [ 57.423184] ? ioctl_preallocate+0x1a0/0x1a0 [ 57.423189] ? __fget+0x1ca/0x2f0 [ 57.423194] ? security_file_ioctl+0x6a/0xa0 [ 57.423198] ? SyS_clock_settime+0x1a0/0x1a0 [ 57.423201] ? security_file_ioctl+0x6a/0xa0 [ 57.423205] SyS_ioctl+0x74/0x80 [ 57.423210] ? do_vfs_ioctl+0xfb0/0xfb0 [ 57.423214] do_syscall_64+0x1c7/0x5b0 [ 57.423218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.423223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.423226] RIP: 0033:0x45a6f9 [ 57.423228] RSP: 002b:00007febd7cb6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.423233] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 57.423235] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 57.423237] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 57.423239] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febd7cb76d4 [ 57.423242] R13: 00000000004c382b R14: 00000000004d8d78 R15: 00000000ffffffff [ 57.424736] Kernel Offset: disabled [ 58.114514] Rebooting in 86400 seconds..