Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 35.320372] ================================================================== [ 35.320411] BUG: KASAN: global-out-of-bounds in bit_putcs+0xbaf/0xd10 [ 35.320422] Read of size 1 at addr ffffffff88b656ad by task syz-executor352/8115 [ 35.320425] [ 35.320439] CPU: 0 PID: 8115 Comm: syz-executor352 Not tainted 4.19.163-syzkaller #0 [ 35.320446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.320451] Call Trace: [ 35.320467] dump_stack+0x1fc/0x2fe [ 35.320488] print_address_description.cold+0x5/0x219 [ 35.320505] kasan_report_error.cold+0x8a/0x1c7 [ 35.320517] ? bit_putcs+0xbaf/0xd10 [ 35.320530] __asan_report_load1_noabort+0x88/0x90 [ 35.320544] ? bit_putcs+0xbaf/0xd10 [ 35.320557] bit_putcs+0xbaf/0xd10 [ 35.320585] ? bit_cursor+0x1740/0x1740 [ 35.320608] ? fb_get_color_depth+0x11a/0x240 [ 35.320623] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 35.320648] ? bit_cursor+0x1740/0x1740 [ 35.320661] fbcon_putcs+0x336/0x4f0 [ 35.320678] ? fb_flashcursor+0x430/0x430 [ 35.320694] do_con_write+0xbcd/0x1d90 [ 35.320723] ? do_con_trol+0x5970/0x5970 [ 35.320745] ? n_tty_write+0x1ea/0xff0 [ 35.320767] ? mark_held_locks+0xa6/0xf0 [ 35.320783] con_write+0x22/0xb0 [ 35.320798] n_tty_write+0x3c0/0xff0 [ 35.320824] ? n_tty_open+0x160/0x160 [ 35.320841] ? do_wait_intr_irq+0x270/0x270 [ 35.320856] ? __might_fault+0x192/0x1d0 [ 35.320873] tty_write+0x496/0x810 [ 35.320886] ? n_tty_open+0x160/0x160 [ 35.320907] __vfs_write+0xf7/0x770 [ 35.320919] ? tty_compat_ioctl+0x270/0x270 [ 35.320934] ? common_file_perm+0x4e5/0x850 [ 35.320947] ? kernel_read+0x110/0x110 [ 35.320960] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.320975] ? apparmor_getprocattr+0x11d0/0x11d0 [ 35.320991] ? debug_object_init_on_stack+0x20/0x20 [ 35.321009] ? security_file_permission+0x1c0/0x220 [ 35.321029] vfs_write+0x1f3/0x540 [ 35.321046] ksys_write+0x12b/0x2a0 [ 35.321060] ? __ia32_sys_read+0xb0/0xb0 [ 35.321076] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.321091] ? do_syscall_64+0x21/0x620 [ 35.321107] do_syscall_64+0xf9/0x620 [ 35.321123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.321134] RIP: 0033:0x4413a9 [ 35.321147] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.321155] RSP: 002b:00007ffdbfae9658 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.321168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 35.321176] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 35.321184] RBP: 00000000000089e2 R08: 00000000004002c8 R09: 00000000004002c8 [ 35.321192] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 35.321199] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 35.321217] [ 35.321221] The buggy address belongs to the variable: [ 35.321234] oid_index+0x2ed/0xa60 [ 35.321238] [ 35.321242] Memory state around the buggy address: [ 35.321253] ffffffff88b65580: fa fa fa fa 05 fa fa fa fa fa fa fa 00 06 fa fa [ 35.321262] ffffffff88b65600: fa fa fa fa 07 fa fa fa fa fa fa fa 00 01 fa fa [ 35.321272] >ffffffff88b65680: fa fa fa fa 00 05 fa fa fa fa fa fa 03 fa fa fa [ 35.321277] ^ [ 35.321287] ffffffff88b65700: fa fa fa fa 03 fa fa fa fa fa fa fa 03 fa fa fa [ 35.321297] ffffffff88b65780: fa fa fa fa 00 07 fa fa fa fa fa fa 00 07 fa fa [ 35.321302] ================================================================== [ 35.321306] Disabling lock debugging due to kernel taint [ 35.321364] Kernel panic - not syncing: panic_on_warn set ... [ 35.321364] [ 35.321377] CPU: 0 PID: 8115 Comm: syz-executor352 Tainted: G B 4.19.163-syzkaller #0 [ 35.321384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.321387] Call Trace: [ 35.321400] dump_stack+0x1fc/0x2fe [ 35.321416] panic+0x26a/0x50e [ 35.321427] ? __warn_printk+0xf3/0xf3 [ 35.321441] ? preempt_schedule_common+0x45/0xc0 [ 35.321454] ? ___preempt_schedule+0x16/0x18 [ 35.321466] ? trace_hardirqs_on+0x55/0x210 [ 35.321481] kasan_end_report+0x43/0x49 [ 35.321494] kasan_report_error.cold+0xa7/0x1c7 [ 35.321504] ? bit_putcs+0xbaf/0xd10 [ 35.321516] __asan_report_load1_noabort+0x88/0x90 [ 35.321527] ? bit_putcs+0xbaf/0xd10 [ 35.321537] bit_putcs+0xbaf/0xd10 [ 35.321556] ? bit_cursor+0x1740/0x1740 [ 35.321573] ? fb_get_color_depth+0x11a/0x240 [ 35.321586] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 35.321598] ? bit_cursor+0x1740/0x1740 [ 35.321611] fbcon_putcs+0x336/0x4f0 [ 35.321626] ? fb_flashcursor+0x430/0x430 [ 35.321640] do_con_write+0xbcd/0x1d90 [ 35.321662] ? do_con_trol+0x5970/0x5970 [ 35.321673] ? n_tty_write+0x1ea/0xff0 [ 35.321689] ? mark_held_locks+0xa6/0xf0 [ 35.321703] con_write+0x22/0xb0 [ 35.321716] n_tty_write+0x3c0/0xff0 [ 35.321745] ? n_tty_open+0x160/0x160 [ 35.321758] ? do_wait_intr_irq+0x270/0x270 [ 35.321770] ? __might_fault+0x192/0x1d0 [ 35.321783] tty_write+0x496/0x810 [ 35.321794] ? n_tty_open+0x160/0x160 [ 35.321810] __vfs_write+0xf7/0x770 [ 35.321821] ? tty_compat_ioctl+0x270/0x270 [ 35.321834] ? common_file_perm+0x4e5/0x850 [ 35.321846] ? kernel_read+0x110/0x110 [ 35.321858] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.321871] ? apparmor_getprocattr+0x11d0/0x11d0 [ 35.321885] ? debug_object_init_on_stack+0x20/0x20 [ 35.321900] ? security_file_permission+0x1c0/0x220 [ 35.321915] vfs_write+0x1f3/0x540 [ 35.321929] ksys_write+0x12b/0x2a0 [ 35.321942] ? __ia32_sys_read+0xb0/0xb0 [ 35.321955] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.321967] ? do_syscall_64+0x21/0x620 [ 35.321981] do_syscall_64+0xf9/0x620 [ 35.321995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.322004] RIP: 0033:0x4413a9 [ 35.322016] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.322023] RSP: 002b:00007ffdbfae9658 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.322035] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 35.322042] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 35.322050] RBP: 00000000000089e2 R08: 00000000004002c8 R09: 00000000004002c8 [ 35.322057] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 35.322065] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 35.322581] Kernel Offset: disabled [ 35.943748] Rebooting in 86400 seconds..