[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 57.855976][ T6904] ================================================================== [ 57.856019][ T6904] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc08/0xd60 [ 57.856026][ T6904] Read of size 1 at addr ffffffff8875c44b by task syz-executor748/6904 [ 57.856029][ T6904] [ 57.856038][ T6904] CPU: 0 PID: 6904 Comm: syz-executor748 Not tainted 5.7.0-syzkaller #0 [ 57.856043][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.856046][ T6904] Call Trace: [ 57.856057][ T6904] dump_stack+0x188/0x20d [ 57.856068][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856075][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856088][ T6904] print_address_description.constprop.0.cold+0x5/0x413 [ 57.856095][ T6904] ? fb_pad_aligned_buffer+0x10c/0x150 [ 57.856107][ T6904] ? vprintk_func+0x97/0x1a6 [ 57.856118][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856126][ T6904] kasan_report.cold+0x1f/0x37 [ 57.856136][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856146][ T6904] bit_putcs+0xc08/0xd60 [ 57.856166][ T6904] ? bit_cursor+0x1870/0x1870 [ 57.856174][ T6904] ? find_held_lock+0x2d/0x110 [ 57.856186][ T6904] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 57.856197][ T6904] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.856209][ T6904] fbcon_putcs+0x345/0x3f0 [ 57.856219][ T6904] ? bit_cursor+0x1870/0x1870 [ 57.856227][ T6904] ? fb_flashcursor+0x3e0/0x3e0 [ 57.856238][ T6904] do_con_write.part.0+0xf16/0x1dc0 [ 57.856258][ T6904] ? do_con_trol+0x5d80/0x5d80 [ 57.856273][ T6904] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 57.856284][ T6904] con_write+0x41/0xe0 [ 57.856294][ T6904] n_tty_write+0x3f0/0xf90 [ 57.856312][ T6904] ? n_tty_read+0x1b30/0x1b30 [ 57.856323][ T6904] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 57.856335][ T6904] ? __might_fault+0x190/0x1d0 [ 57.856346][ T6904] tty_write+0x495/0x800 [ 57.856355][ T6904] ? n_tty_read+0x1b30/0x1b30 [ 57.856368][ T6904] do_iter_write+0x486/0x600 [ 57.856383][ T6904] vfs_writev+0x1b3/0x2f0 [ 57.856391][ T6904] ? vfs_iter_write+0xa0/0xa0 [ 57.856400][ T6904] ? find_held_lock+0x2d/0x110 [ 57.856410][ T6904] ? do_page_fault+0x5ad/0x13d4 [ 57.856421][ T6904] ? lock_downgrade+0x840/0x840 [ 57.856439][ T6904] ? __fget_light+0x1ab/0x270 [ 57.856449][ T6904] do_writev+0x139/0x300 [ 57.856457][ T6904] ? vfs_writev+0x2f0/0x2f0 [ 57.856465][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.856476][ T6904] ? do_syscall_64+0x21/0x7d0 [ 57.856485][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.856496][ T6904] do_syscall_64+0xf6/0x7d0 [ 57.856506][ T6904] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.856513][ T6904] RIP: 0033:0x4412c9 [ 57.856521][ T6904] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.856526][ T6904] RSP: 002b:00007ffe5d874f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 57.856534][ T6904] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 57.856538][ T6904] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 57.856543][ T6904] RBP: 000000000000e201 R08: 000000000000000d R09: 00000000004002c8 [ 57.856548][ T6904] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 57.856553][ T6904] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 57.856565][ T6904] [ 57.856568][ T6904] The buggy address belongs to the variable: [ 57.856575][ T6904] __func__.45663+0xb/0x1c0 [ 57.856577][ T6904] [ 57.856580][ T6904] Memory state around the buggy address: [ 57.856588][ T6904] ffffffff8875c300: 00 00 00 fa fa fa fa fa 00 00 00 00 00 01 fa fa [ 57.856594][ T6904] ffffffff8875c380: fa fa fa fa 00 00 00 00 01 fa fa fa fa fa fa fa [ 57.856600][ T6904] >ffffffff8875c400: 00 00 00 00 fa fa fa fa 00 03 fa fa fa fa fa fa [ 57.856604][ T6904] ^ [ 57.856610][ T6904] ffffffff8875c480: 00 01 fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 57.856616][ T6904] ffffffff8875c500: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa [ 57.856619][ T6904] ================================================================== [ 57.856622][ T6904] Disabling lock debugging due to kernel taint [ 57.856626][ T6904] Kernel panic - not syncing: panic_on_warn set ... [ 57.856647][ T6904] CPU: 0 PID: 6904 Comm: syz-executor748 Tainted: G B 5.7.0-syzkaller #0 [ 57.856651][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.856653][ T6904] Call Trace: [ 57.856661][ T6904] dump_stack+0x188/0x20d [ 57.856669][ T6904] ? bit_putcs+0xb10/0xd60 [ 57.856677][ T6904] panic+0x2e3/0x75c [ 57.856685][ T6904] ? add_taint.cold+0x16/0x16 [ 57.856695][ T6904] ? trace_hardirqs_on+0x55/0x230 [ 57.856703][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856710][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856717][ T6904] end_report+0x4d/0x53 [ 57.856724][ T6904] kasan_report.cold+0xd/0x37 [ 57.856732][ T6904] ? bit_putcs+0xc08/0xd60 [ 57.856740][ T6904] bit_putcs+0xc08/0xd60 [ 57.856753][ T6904] ? bit_cursor+0x1870/0x1870 [ 57.856763][ T6904] ? find_held_lock+0x2d/0x110 [ 57.856776][ T6904] ? fb_get_color_depth.part.0+0xc6/0x1f0 [ 57.856788][ T6904] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 57.856801][ T6904] fbcon_putcs+0x345/0x3f0 [ 57.856813][ T6904] ? bit_cursor+0x1870/0x1870 [ 57.856824][ T6904] ? fb_flashcursor+0x3e0/0x3e0 [ 57.856834][ T6904] do_con_write.part.0+0xf16/0x1dc0 [ 57.856845][ T6904] ? do_con_trol+0x5d80/0x5d80 [ 57.856854][ T6904] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 57.856861][ T6904] con_write+0x41/0xe0 [ 57.856868][ T6904] n_tty_write+0x3f0/0xf90 [ 57.856879][ T6904] ? n_tty_read+0x1b30/0x1b30 [ 57.856887][ T6904] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 57.856900][ T6904] ? __might_fault+0x190/0x1d0 [ 57.856907][ T6904] tty_write+0x495/0x800 [ 57.856914][ T6904] ? n_tty_read+0x1b30/0x1b30 [ 57.856922][ T6904] do_iter_write+0x486/0x600 [ 57.856931][ T6904] vfs_writev+0x1b3/0x2f0 [ 57.856937][ T6904] ? vfs_iter_write+0xa0/0xa0 [ 57.856944][ T6904] ? find_held_lock+0x2d/0x110 [ 57.856951][ T6904] ? do_page_fault+0x5ad/0x13d4 [ 57.856959][ T6904] ? lock_downgrade+0x840/0x840 [ 57.856969][ T6904] ? __fget_light+0x1ab/0x270 [ 57.856976][ T6904] do_writev+0x139/0x300 [ 57.856982][ T6904] ? vfs_writev+0x2f0/0x2f0 [ 57.856989][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.856997][ T6904] ? do_syscall_64+0x21/0x7d0 [ 57.857005][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.857013][ T6904] do_syscall_64+0xf6/0x7d0 [ 57.857021][ T6904] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.857026][ T6904] RIP: 0033:0x4412c9 [ 57.857033][ T6904] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.857036][ T6904] RSP: 002b:00007ffe5d874f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 57.857043][ T6904] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 57.857047][ T6904] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 57.857051][ T6904] RBP: 000000000000e201 R08: 000000000000000d R09: 00000000004002c8 [ 57.857055][ T6904] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 57.857058][ T6904] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 57.858451][ T6904] Kernel Offset: disabled [ 58.562989][ T6904] Rebooting in 86400 seconds..