[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   39.496752] audit: type=1400 audit(1591462179.748:8): avc:  denied  { execmem } for  pid=6444 comm="syz-executor011" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   39.523441] ==================================================================
[   39.523469] BUG: KASAN: global-out-of-bounds in bit_putcs+0xbaa/0xd10
[   39.523475] Read of size 1 at addr ffffffff87ad55b1 by task syz-executor011/6446
[   39.523477] 
[   39.523486] CPU: 0 PID: 6446 Comm: syz-executor011 Not tainted 4.19.126-syzkaller #0
[   39.523491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.523494] Call Trace:
[   39.523505]  dump_stack+0x1fc/0x2fe
[   39.523513]  ? bit_putcs+0xbaa/0xd10
[   39.523526]  print_address_description.cold+0x5/0x222
[   39.523534]  ? bit_putcs+0xbaa/0xd10
[   39.523541]  kasan_report.cold+0x88/0x2b9
[   39.523550]  bit_putcs+0xbaa/0xd10
[   39.523565]  ? bit_cursor+0x1890/0x1890
[   39.523576]  ? __atomic_notifier_call_chain+0x1/0x180
[   39.523586]  ? fb_get_color_depth.part.0+0xc6/0x1f0
[   39.523593]  ? bit_cursor+0x1890/0x1890
[   39.523603]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   39.523612]  ? bit_cursor+0x1890/0x1890
[   39.523619]  fbcon_putcs+0x424/0x4e0
[   39.523627]  ? fb_flashcursor+0x440/0x440
[   39.523636]  do_con_write.part.0+0xf37/0x1db0
[   39.523654]  ? do_con_trol+0x5a80/0x5a80
[   39.523667]  ? mark_held_locks+0xa6/0xf0
[   39.523676]  con_write+0x41/0xe0
[   39.523684]  n_tty_write+0x3ee/0x1080
[   39.523697]  ? n_tty_open+0x160/0x160
[   39.523707]  ? do_wait_intr_irq+0x270/0x270
[   39.523717]  ? __might_fault+0x192/0x1d0
[   39.523728]  tty_write+0x455/0x790
[   39.523734]  ? n_tty_open+0x160/0x160
[   39.523746]  do_iter_write+0x460/0x5e0
[   39.523757]  vfs_writev+0x15f/0x2f0
[   39.523765]  ? vfs_iter_write+0xa0/0xa0
[   39.523775]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[   39.523790]  ? check_preemption_disabled+0x41/0x280
[   39.523797]  ? lock_downgrade+0x740/0x740
[   39.523806]  ? __fget_light+0x1a2/0x230
[   39.523815]  do_writev+0x136/0x330
[   39.523822]  ? vfs_writev+0x2f0/0x2f0
[   39.523831]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.523838]  ? trace_hardirqs_off_caller+0x69/0x210
[   39.523846]  ? do_syscall_64+0x21/0x620
[   39.523856]  do_syscall_64+0xf9/0x620
[   39.523865]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.523872] RIP: 0033:0x4412c9
[   39.523879] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.523883] RSP: 002b:00007ffcf23159b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   39.523891] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9
[   39.523895] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003
[   39.523899] RBP: 0000000000009a42 R08: 000000000000000d R09: 00000000004002c8
[   39.523903] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0
[   39.523907] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000
[   39.523917] 
[   39.523921] The buggy address belongs to the variable:
[   39.523934]  str__msr__trace_system_name+0x51/0x940
[   39.523936] 
[   39.523940] Memory state around the buggy address:
[   39.523950]  ffffffff87ad5480: fa fa fa fa 00 00 00 05 fa fa fa fa 00 00 00 00
[   39.523959]  ffffffff87ad5500: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa
[   39.523968] >ffffffff87ad5580: fa fa fa fa 00 00 01 fa fa fa fa fa 00 00 00 02
[   39.523972]                                      ^
[   39.523981]  ffffffff87ad5600: fa fa fa fa 00 00 00 00 00 fa fa fa fa fa fa fa
[   39.523990]  ffffffff87ad5680: 00 00 07 fa fa fa fa fa 00 00 02 fa fa fa fa fa
[   39.523995] ==================================================================
[   39.523999] Disabling lock debugging due to kernel taint
[   39.524004] Kernel panic - not syncing: panic_on_warn set ...
[   39.524004] 
[   39.524013] CPU: 0 PID: 6446 Comm: syz-executor011 Tainted: G    B             4.19.126-syzkaller #0
[   39.524017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.524019] Call Trace:
[   39.524032]  dump_stack+0x1fc/0x2fe
[   39.524041]  panic+0x26a/0x50e
[   39.524048]  ? __warn_printk+0xf3/0xf3
[   39.524056]  ? lock_downgrade+0x740/0x740
[   39.524063]  ? print_shadow_for_address+0xb8/0x114
[   39.524069]  ? trace_hardirqs_on+0x55/0x210
[   39.524076]  ? bit_putcs+0xbaa/0xd10
[   39.524083]  kasan_end_report+0x43/0x49
[   39.524090]  kasan_report.cold+0xa4/0x2b9
[   39.524097]  bit_putcs+0xbaa/0xd10
[   39.524108]  ? bit_cursor+0x1890/0x1890
[   39.524115]  ? __atomic_notifier_call_chain+0x1/0x180
[   39.524123]  ? fb_get_color_depth.part.0+0xc6/0x1f0
[   39.524130]  ? bit_cursor+0x1890/0x1890
[   39.524138]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   39.524146]  ? bit_cursor+0x1890/0x1890
[   39.524151]  fbcon_putcs+0x424/0x4e0
[   39.524158]  ? fb_flashcursor+0x440/0x440
[   39.524165]  do_con_write.part.0+0xf37/0x1db0
[   39.524176]  ? do_con_trol+0x5a80/0x5a80
[   39.524184]  ? mark_held_locks+0xa6/0xf0
[   39.524191]  con_write+0x41/0xe0
[   39.524198]  n_tty_write+0x3ee/0x1080
[   39.524207]  ? n_tty_open+0x160/0x160
[   39.524214]  ? do_wait_intr_irq+0x270/0x270
[   39.524222]  ? __might_fault+0x192/0x1d0
[   39.524230]  tty_write+0x455/0x790
[   39.524236]  ? n_tty_open+0x160/0x160
[   39.524244]  do_iter_write+0x460/0x5e0
[   39.524252]  vfs_writev+0x15f/0x2f0
[   39.524258]  ? vfs_iter_write+0xa0/0xa0
[   39.524267]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[   39.524277]  ? check_preemption_disabled+0x41/0x280
[   39.524283]  ? lock_downgrade+0x740/0x740
[   39.524290]  ? __fget_light+0x1a2/0x230
[   39.524297]  do_writev+0x136/0x330
[   39.524303]  ? vfs_writev+0x2f0/0x2f0
[   39.524310]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.524317]  ? trace_hardirqs_off_caller+0x69/0x210
[   39.524324]  ? do_syscall_64+0x21/0x620
[   39.524331]  do_syscall_64+0xf9/0x620
[   39.524339]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.524344] RIP: 0033:0x4412c9
[   39.524350] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.524353] RSP: 002b:00007ffcf23159b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   39.524359] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9
[   39.524363] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003
[   39.524367] RBP: 0000000000009a42 R08: 000000000000000d R09: 00000000004002c8
[   39.524370] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0
[   39.524374] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000
[   39.525742] Kernel Offset: disabled
[   40.190997] Rebooting in 86400 seconds..