[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 32.557191] audit: type=1400 audit(1591459316.034:8): avc: denied { execmem } for pid=6344 comm="syz-executor743" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.584577] ================================================================== [ 32.584609] BUG: KASAN: global-out-of-bounds in bit_putcs+0xa8a/0xc00 [ 32.584615] Read of size 1 at addr ffffffff86c69472 by task syz-executor743/6346 [ 32.584618] [ 32.584626] CPU: 1 PID: 6346 Comm: syz-executor743 Not tainted 4.14.183-syzkaller #0 [ 32.584630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.584633] Call Trace: [ 32.584645] dump_stack+0x1b2/0x283 [ 32.584654] ? bit_putcs+0xa8a/0xc00 [ 32.584666] print_address_description.cold+0x5/0x1dc [ 32.584673] ? bit_putcs+0xa8a/0xc00 [ 32.584680] kasan_report.cold+0xa9/0x2b9 [ 32.584689] bit_putcs+0xa8a/0xc00 [ 32.584702] ? bit_cursor+0x1660/0x1660 [ 32.584707] ? fb_get_color_depth.part.0+0xa1/0x1c0 [ 32.584712] ? raw_notifier_call_chain+0x21/0x30 [ 32.584717] ? fb_get_color_depth+0x5a/0x70 [ 32.584723] ? bit_cursor+0x1660/0x1660 [ 32.584727] fbcon_putcs+0x3bb/0x480 [ 32.584732] ? fb_flashcursor+0x400/0x400 [ 32.584739] do_con_write.part.0+0xc27/0x1a20 [ 32.584750] ? do_con_trol+0x52e0/0x52e0 [ 32.584757] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 32.584762] con_write+0x33/0xc0 [ 32.584768] n_tty_write+0x375/0xe20 [ 32.584778] ? n_tty_open+0x160/0x160 [ 32.584784] ? do_wait_intr_irq+0x270/0x270 [ 32.584795] ? __might_fault+0x177/0x1b0 [ 32.584802] tty_write+0x3f1/0x6e0 [ 32.584806] ? n_tty_open+0x160/0x160 [ 32.584814] do_iter_write+0x3d9/0x550 [ 32.584822] vfs_writev+0x133/0x2a0 [ 32.584826] ? vfs_iter_write+0xa0/0xa0 [ 32.584832] ? __handle_mm_fault+0x9cc/0x3670 [ 32.584838] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 32.584848] ? __do_page_fault+0x5a0/0xb50 [ 32.584855] ? __fget_light+0x16a/0x1f0 [ 32.584860] do_writev+0xfc/0x2c0 [ 32.584865] ? vfs_writev+0x2a0/0x2a0 [ 32.584881] ? __do_page_fault+0x19a/0xb50 [ 32.584887] ? do_syscall_64+0x4c/0x640 [ 32.584891] ? SyS_readv+0x30/0x30 [ 32.584896] do_syscall_64+0x1d5/0x640 [ 32.584903] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.584908] RIP: 0033:0x4412c9 [ 32.584910] RSP: 002b:00007fffe80457e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 32.584916] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 32.584918] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 32.584921] RBP: 0000000000007f3e R08: 000000000000000d R09: 00000000004002c8 [ 32.584924] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 32.584926] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 32.584933] [ 32.584935] The buggy address belongs to the variable: [ 32.584947] str__msr__trace_system_name+0x112/0x9a0 [ 32.584948] [ 32.584950] Memory state around the buggy address: [ 32.584954] ffffffff86c69300: fa fa fa fa 00 03 fa fa fa fa fa fa 04 fa fa fa [ 32.584957] ffffffff86c69380: fa fa fa fa 00 00 01 fa fa fa fa fa 00 00 00 02 [ 32.584960] >ffffffff86c69400: fa fa fa fa 00 00 07 fa fa fa fa fa 00 00 02 fa [ 32.584963] ^ [ 32.584966] ffffffff86c69480: fa fa fa fa 00 04 fa fa fa fa fa fa 00 02 fa fa [ 32.584969] ffffffff86c69500: fa fa fa fa 00 00 01 fa fa fa fa fa 04 fa fa fa [ 32.584971] ================================================================== [ 32.584972] Disabling lock debugging due to kernel taint [ 32.584991] Kernel panic - not syncing: panic_on_warn set ... [ 32.584991] [ 32.584998] CPU: 1 PID: 6346 Comm: syz-executor743 Tainted: G B 4.14.183-syzkaller #0 [ 32.585001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.585003] Call Trace: [ 32.585010] dump_stack+0x1b2/0x283 [ 32.585019] panic+0x1f9/0x42d [ 32.585025] ? add_taint.cold+0x16/0x16 [ 32.585035] ? bit_putcs+0xa8a/0xc00 [ 32.585039] kasan_end_report+0x43/0x49 [ 32.585043] kasan_report.cold+0x12f/0x2b9 [ 32.585047] bit_putcs+0xa8a/0xc00 [ 32.585055] ? bit_cursor+0x1660/0x1660 [ 32.585058] ? fb_get_color_depth.part.0+0xa1/0x1c0 [ 32.585062] ? raw_notifier_call_chain+0x21/0x30 [ 32.585066] ? fb_get_color_depth+0x5a/0x70 [ 32.585071] ? bit_cursor+0x1660/0x1660 [ 32.585074] fbcon_putcs+0x3bb/0x480 [ 32.585078] ? fb_flashcursor+0x400/0x400 [ 32.585083] do_con_write.part.0+0xc27/0x1a20 [ 32.585090] ? do_con_trol+0x52e0/0x52e0 [ 32.585095] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 32.585099] con_write+0x33/0xc0 [ 32.585103] n_tty_write+0x375/0xe20 [ 32.585110] ? n_tty_open+0x160/0x160 [ 32.585114] ? do_wait_intr_irq+0x270/0x270 [ 32.585118] ? __might_fault+0x177/0x1b0 [ 32.585122] tty_write+0x3f1/0x6e0 [ 32.585126] ? n_tty_open+0x160/0x160 [ 32.585130] do_iter_write+0x3d9/0x550 [ 32.585136] vfs_writev+0x133/0x2a0 [ 32.585140] ? vfs_iter_write+0xa0/0xa0 [ 32.585144] ? __handle_mm_fault+0x9cc/0x3670 [ 32.585149] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 32.585154] ? __do_page_fault+0x5a0/0xb50 [ 32.585159] ? __fget_light+0x16a/0x1f0 [ 32.585163] do_writev+0xfc/0x2c0 [ 32.585167] ? vfs_writev+0x2a0/0x2a0 [ 32.585170] ? __do_page_fault+0x19a/0xb50 [ 32.585174] ? do_syscall_64+0x4c/0x640 [ 32.585177] ? SyS_readv+0x30/0x30 [ 32.585181] do_syscall_64+0x1d5/0x640 [ 32.585187] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.585190] RIP: 0033:0x4412c9 [ 32.585192] RSP: 002b:00007fffe80457e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 32.585196] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412c9 [ 32.585198] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003 [ 32.585200] RBP: 0000000000007f3e R08: 000000000000000d R09: 00000000004002c8 [ 32.585202] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020f0 [ 32.585204] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000 [ 32.586518] Kernel Offset: disabled [ 33.136493] Rebooting in 86400 seconds..