Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 95.216788][ T8819] ================================================================== [ 95.216841][ T8819] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10 [ 95.216853][ T8819] Read of size 1 at addr ffff8880a66ec808 by task syz-executor523/8819 [ 95.216857][ T8819] [ 95.216872][ T8819] CPU: 1 PID: 8819 Comm: syz-executor523 Not tainted 5.4.0-syzkaller #0 [ 95.216880][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.216885][ T8819] Call Trace: [ 95.216902][ T8819] dump_stack+0x197/0x210 [ 95.216912][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.216928][ T8819] print_address_description.constprop.0.cold+0xd4/0x30b [ 95.216937][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.216945][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.216953][ T8819] __kasan_report.cold+0x1b/0x41 [ 95.216964][ T8819] ? fb_get_color_depth.part.0+0xa0/0x200 [ 95.216970][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.216979][ T8819] kasan_report+0x12/0x20 [ 95.216988][ T8819] __asan_report_load1_noabort+0x14/0x20 [ 95.216995][ T8819] bit_putcs+0xd5d/0xf10 [ 95.217012][ T8819] ? bit_cursor+0x1a60/0x1a60 [ 95.217023][ T8819] ? write_comp_data+0x1/0x70 [ 95.217031][ T8819] ? fb_get_color_depth.part.0+0xcf/0x200 [ 95.217042][ T8819] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.217054][ T8819] fbcon_putcs+0x33c/0x3e0 [ 95.217062][ T8819] ? bit_cursor+0x1a60/0x1a60 [ 95.217074][ T8819] do_update_region+0x42b/0x6f0 [ 95.217086][ T8819] ? con_get_trans_old+0x2a0/0x2a0 [ 95.217097][ T8819] ? fbcon_set_palette+0x3c4/0x4a0 [ 95.217105][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.217113][ T8819] ? var_to_display+0x810/0x810 [ 95.217124][ T8819] redraw_screen+0x676/0x7d0 [ 95.217134][ T8819] ? respond_string+0x2c0/0x2c0 [ 95.217147][ T8819] fbcon_do_set_font+0x829/0x960 [ 95.217157][ T8819] fbcon_copy_font+0x12c/0x190 [ 95.217165][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.217172][ T8819] ? fbcon_do_set_font+0x960/0x960 [ 95.217181][ T8819] con_font_op+0x6b2/0x1270 [ 95.217249][ T8819] ? lock_downgrade+0x920/0x920 [ 95.217258][ T8819] ? con_write+0xd0/0xd0 [ 95.217280][ T8819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.217289][ T8819] ? _copy_from_user+0x12c/0x1a0 [ 95.217301][ T8819] vt_ioctl+0x181a/0x26d0 [ 95.217311][ T8819] ? complete_change_console+0x3a0/0x3a0 [ 95.217318][ T8819] ? lock_downgrade+0x920/0x920 [ 95.217328][ T8819] ? rwlock_bug.part.0+0x90/0x90 [ 95.217338][ T8819] ? tomoyo_path_number_perm+0x214/0x520 [ 95.217345][ T8819] ? find_held_lock+0x35/0x130 [ 95.217355][ T8819] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.217369][ T8819] ? tty_jobctrl_ioctl+0x50/0xd40 [ 95.217378][ T8819] ? complete_change_console+0x3a0/0x3a0 [ 95.217392][ T8819] tty_ioctl+0xa37/0x14f0 [ 95.217407][ T8819] ? tty_vhangup+0x30/0x30 [ 95.217418][ T8819] ? tomoyo_path_number_perm+0x454/0x520 [ 95.217437][ T8819] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 95.217450][ T8819] ? tomoyo_path_number_perm+0x25e/0x520 [ 95.217468][ T8819] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 95.217495][ T8819] ? tty_vhangup+0x30/0x30 [ 95.217505][ T8819] do_vfs_ioctl+0x977/0x14e0 [ 95.217516][ T8819] ? compat_ioctl_preallocate+0x220/0x220 [ 95.217524][ T8819] ? __fget+0x37f/0x550 [ 95.217535][ T8819] ? ksys_dup3+0x3e0/0x3e0 [ 95.217544][ T8819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 95.217556][ T8819] ? tomoyo_file_ioctl+0x23/0x30 [ 95.217564][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.217572][ T8819] ? security_file_ioctl+0x8d/0xc0 [ 95.217581][ T8819] ksys_ioctl+0xab/0xd0 [ 95.217591][ T8819] __x64_sys_ioctl+0x73/0xb0 [ 95.217603][ T8819] do_syscall_64+0xfa/0x790 [ 95.217615][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.217622][ T8819] RIP: 0033:0x446a79 [ 95.217630][ T8819] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.217634][ T8819] RSP: 002b:00007f451fcd2d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.217642][ T8819] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446a79 [ 95.217647][ T8819] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 95.217652][ T8819] RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000 [ 95.217656][ T8819] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc5c [ 95.217661][ T8819] R13: 0000000000000000 R14: 00000000f72a8fce R15: 0000000000000000 [ 95.217672][ T8819] [ 95.217676][ T8819] Allocated by task 8802: [ 95.217683][ T8819] save_stack+0x23/0x90 [ 95.217690][ T8819] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 95.217696][ T8819] kasan_kmalloc+0x9/0x10 [ 95.217704][ T8819] __kmalloc+0x163/0x770 [ 95.217713][ T8819] fbcon_set_font+0x32d/0x860 [ 95.217725][ T8819] con_font_op+0xe30/0x1270 [ 95.217737][ T8819] vt_ioctl+0xd2e/0x26d0 [ 95.217749][ T8819] tty_ioctl+0xa37/0x14f0 [ 95.217760][ T8819] do_vfs_ioctl+0x977/0x14e0 [ 95.217771][ T8819] ksys_ioctl+0xab/0xd0 [ 95.217782][ T8819] __x64_sys_ioctl+0x73/0xb0 [ 95.217795][ T8819] do_syscall_64+0xfa/0x790 [ 95.217807][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.217811][ T8819] [ 95.217817][ T8819] Freed by task 8528: [ 95.217828][ T8819] save_stack+0x23/0x90 [ 95.217840][ T8819] __kasan_slab_free+0x102/0x150 [ 95.217851][ T8819] kasan_slab_free+0xe/0x10 [ 95.217861][ T8819] kfree+0x10a/0x2c0 [ 95.217874][ T8819] kvfree+0x61/0x70 [ 95.217885][ T8819] __free_fdtable+0x34/0x80 [ 95.217896][ T8819] put_files_struct+0x253/0x2f0 [ 95.217907][ T8819] exit_files+0x83/0xb0 [ 95.217921][ T8819] do_exit+0x8b5/0x2ef0 [ 95.217934][ T8819] do_group_exit+0x135/0x360 [ 95.217948][ T8819] __x64_sys_exit_group+0x44/0x50 [ 95.217960][ T8819] do_syscall_64+0xfa/0x790 [ 95.217972][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.217975][ T8819] [ 95.217984][ T8819] The buggy address belongs to the object at ffff8880a66ec000 [ 95.217984][ T8819] which belongs to the cache kmalloc-2k of size 2048 [ 95.217991][ T8819] The buggy address is located 8 bytes to the right of [ 95.217991][ T8819] 2048-byte region [ffff8880a66ec000, ffff8880a66ec800) [ 95.217994][ T8819] The buggy address belongs to the page: [ 95.218002][ T8819] page:ffffea000299bb00 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 95.218018][ T8819] raw: 00fffe0000000200 ffffea000299bac8 ffffea000299bb48 ffff8880aa400e00 [ 95.218027][ T8819] raw: 0000000000000000 ffff8880a66ec000 0000000100000001 0000000000000000 [ 95.218030][ T8819] page dumped because: kasan: bad access detected [ 95.218032][ T8819] [ 95.218035][ T8819] Memory state around the buggy address: [ 95.218043][ T8819] ffff8880a66ec700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.218049][ T8819] ffff8880a66ec780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.218054][ T8819] >ffff8880a66ec800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.218058][ T8819] ^ [ 95.218066][ T8819] ffff8880a66ec880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.218072][ T8819] ffff8880a66ec900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.218075][ T8819] ================================================================== [ 95.218078][ T8819] Disabling lock debugging due to kernel taint [ 95.218083][ T8819] Kernel panic - not syncing: panic_on_warn set ... [ 95.218091][ T8819] CPU: 1 PID: 8819 Comm: syz-executor523 Tainted: G B 5.4.0-syzkaller #0 [ 95.218095][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.218097][ T8819] Call Trace: [ 95.218105][ T8819] dump_stack+0x197/0x210 [ 95.218114][ T8819] panic+0x2e3/0x75c [ 95.218121][ T8819] ? add_taint.cold+0x16/0x16 [ 95.218132][ T8819] ? trace_hardirqs_on+0x67/0x240 [ 95.218139][ T8819] ? trace_hardirqs_on+0x5e/0x240 [ 95.218146][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.218153][ T8819] end_report+0x47/0x4f [ 95.218159][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.218165][ T8819] __kasan_report.cold+0xe/0x41 [ 95.218174][ T8819] ? fb_get_color_depth.part.0+0xa0/0x200 [ 95.218179][ T8819] ? bit_putcs+0xd5d/0xf10 [ 95.218187][ T8819] kasan_report+0x12/0x20 [ 95.218194][ T8819] __asan_report_load1_noabort+0x14/0x20 [ 95.218200][ T8819] bit_putcs+0xd5d/0xf10 [ 95.218212][ T8819] ? bit_cursor+0x1a60/0x1a60 [ 95.218220][ T8819] ? write_comp_data+0x1/0x70 [ 95.218227][ T8819] ? fb_get_color_depth.part.0+0xcf/0x200 [ 95.218236][ T8819] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.218245][ T8819] fbcon_putcs+0x33c/0x3e0 [ 95.218251][ T8819] ? bit_cursor+0x1a60/0x1a60 [ 95.218259][ T8819] do_update_region+0x42b/0x6f0 [ 95.218268][ T8819] ? con_get_trans_old+0x2a0/0x2a0 [ 95.218277][ T8819] ? fbcon_set_palette+0x3c4/0x4a0 [ 95.218284][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.218292][ T8819] ? var_to_display+0x810/0x810 [ 95.218300][ T8819] redraw_screen+0x676/0x7d0 [ 95.218308][ T8819] ? respond_string+0x2c0/0x2c0 [ 95.218317][ T8819] fbcon_do_set_font+0x829/0x960 [ 95.218325][ T8819] fbcon_copy_font+0x12c/0x190 [ 95.218332][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.218338][ T8819] ? fbcon_do_set_font+0x960/0x960 [ 95.218346][ T8819] con_font_op+0x6b2/0x1270 [ 95.218353][ T8819] ? lock_downgrade+0x920/0x920 [ 95.218366][ T8819] ? con_write+0xd0/0xd0 [ 95.218377][ T8819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.218385][ T8819] ? _copy_from_user+0x12c/0x1a0 [ 95.218393][ T8819] vt_ioctl+0x181a/0x26d0 [ 95.218402][ T8819] ? complete_change_console+0x3a0/0x3a0 [ 95.218408][ T8819] ? lock_downgrade+0x920/0x920 [ 95.218416][ T8819] ? rwlock_bug.part.0+0x90/0x90 [ 95.218423][ T8819] ? tomoyo_path_number_perm+0x214/0x520 [ 95.218429][ T8819] ? find_held_lock+0x35/0x130 [ 95.218438][ T8819] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 95.218445][ T8819] ? tty_jobctrl_ioctl+0x50/0xd40 [ 95.218453][ T8819] ? complete_change_console+0x3a0/0x3a0 [ 95.218460][ T8819] tty_ioctl+0xa37/0x14f0 [ 95.218468][ T8819] ? tty_vhangup+0x30/0x30 [ 95.218474][ T8819] ? tomoyo_path_number_perm+0x454/0x520 [ 95.218483][ T8819] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 95.218490][ T8819] ? tomoyo_path_number_perm+0x25e/0x520 [ 95.218498][ T8819] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 95.218510][ T8819] ? tty_vhangup+0x30/0x30 [ 95.218520][ T8819] do_vfs_ioctl+0x977/0x14e0 [ 95.218534][ T8819] ? compat_ioctl_preallocate+0x220/0x220 [ 95.218544][ T8819] ? __fget+0x37f/0x550 [ 95.218559][ T8819] ? ksys_dup3+0x3e0/0x3e0 [ 95.218572][ T8819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 95.218586][ T8819] ? tomoyo_file_ioctl+0x23/0x30 [ 95.218597][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.218604][ T8819] ? security_file_ioctl+0x8d/0xc0 [ 95.218611][ T8819] ksys_ioctl+0xab/0xd0 [ 95.218618][ T8819] __x64_sys_ioctl+0x73/0xb0 [ 95.218627][ T8819] do_syscall_64+0xfa/0x790 [ 95.218635][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.218641][ T8819] RIP: 0033:0x446a79 [ 95.218648][ T8819] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 95.218651][ T8819] RSP: 002b:00007f451fcd2d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.218658][ T8819] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446a79 [ 95.218662][ T8819] RDX: 0000000020000180 RSI: 0000000000004b72 RDI: 0000000000000003 [ 95.218666][ T8819] RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000 [ 95.218670][ T8819] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc5c [ 95.218674][ T8819] R13: 0000000000000000 R14: 00000000f72a8fce R15: 0000000000000000 [ 95.220253][ T8819] Kernel Offset: disabled