[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 35.396040] ================================================================== [ 35.396089] BUG: KASAN: global-out-of-bounds in bit_putcs+0xbaf/0xd10 [ 35.396100] Read of size 1 at addr ffffffff88b659ad by task syz-executor071/8126 [ 35.396103] [ 35.396118] CPU: 1 PID: 8126 Comm: syz-executor071 Not tainted 4.19.166-syzkaller #0 [ 35.396125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.396130] Call Trace: [ 35.396146] dump_stack+0x1fc/0x2fe [ 35.396167] print_address_description.cold+0x5/0x219 [ 35.396184] kasan_report_error.cold+0x8a/0x1c7 [ 35.396197] ? bit_putcs+0xbaf/0xd10 [ 35.396210] __asan_report_load1_noabort+0x88/0x90 [ 35.396223] ? bit_putcs+0xbaf/0xd10 [ 35.396235] bit_putcs+0xbaf/0xd10 [ 35.396263] ? bit_cursor+0x1740/0x1740 [ 35.396286] ? fb_get_color_depth+0x11a/0x240 [ 35.396300] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 35.396325] ? bit_cursor+0x1740/0x1740 [ 35.396339] fbcon_putcs+0x336/0x4f0 [ 35.396356] ? fb_flashcursor+0x430/0x430 [ 35.396373] do_con_write+0xbcd/0x1d90 [ 35.396408] ? do_con_trol+0x5970/0x5970 [ 35.396420] ? n_tty_write+0x1ea/0xff0 [ 35.396442] ? mark_held_locks+0xa6/0xf0 [ 35.396459] con_write+0x22/0xb0 [ 35.396473] n_tty_write+0x3c0/0xff0 [ 35.396499] ? n_tty_open+0x160/0x160 [ 35.396515] ? do_wait_intr_irq+0x270/0x270 [ 35.396530] ? __might_fault+0x192/0x1d0 [ 35.396548] tty_write+0x496/0x810 [ 35.396562] ? n_tty_open+0x160/0x160 [ 35.396584] __vfs_write+0xf7/0x770 [ 35.396595] ? tty_compat_ioctl+0x270/0x270 [ 35.396610] ? common_file_perm+0x4e5/0x850 [ 35.396622] ? kernel_read+0x110/0x110 [ 35.396635] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.396649] ? apparmor_getprocattr+0x11d0/0x11d0 [ 35.396665] ? debug_object_init_on_stack+0x20/0x20 [ 35.396683] ? security_file_permission+0x1c0/0x220 [ 35.396703] vfs_write+0x1f3/0x540 [ 35.396718] ksys_write+0x12b/0x2a0 [ 35.396732] ? __ia32_sys_read+0xb0/0xb0 [ 35.396747] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.396762] ? do_syscall_64+0x21/0x620 [ 35.396778] do_syscall_64+0xf9/0x620 [ 35.396802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.396814] RIP: 0033:0x4413a9 [ 35.396827] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.396834] RSP: 002b:00007ffcce6d4338 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.396846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 35.396853] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 35.396860] RBP: 0000000000008a24 R08: 00000000004002c8 R09: 00000000004002c8 [ 35.396868] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 35.396875] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 35.396892] [ 35.396896] The buggy address belongs to the variable: [ 35.396909] oid_index+0x2ed/0xa60 [ 35.396913] [ 35.396917] Memory state around the buggy address: [ 35.396928] ffffffff88b65880: fa fa fa fa 05 fa fa fa fa fa fa fa 00 06 fa fa [ 35.396937] ffffffff88b65900: fa fa fa fa 07 fa fa fa fa fa fa fa 00 01 fa fa [ 35.396947] >ffffffff88b65980: fa fa fa fa 00 05 fa fa fa fa fa fa 03 fa fa fa [ 35.396952] ^ [ 35.396962] ffffffff88b65a00: fa fa fa fa 03 fa fa fa fa fa fa fa 03 fa fa fa [ 35.396971] ffffffff88b65a80: fa fa fa fa 00 07 fa fa fa fa fa fa 00 07 fa fa [ 35.396975] ================================================================== [ 35.396980] Disabling lock debugging due to kernel taint [ 35.399692] Kernel panic - not syncing: panic_on_warn set ... [ 35.399692] [ 35.399707] CPU: 0 PID: 8126 Comm: syz-executor071 Tainted: G B 4.19.166-syzkaller #0 [ 35.399714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.399717] Call Trace: [ 35.399732] dump_stack+0x1fc/0x2fe [ 35.399747] panic+0x26a/0x50e [ 35.399760] ? __warn_printk+0xf3/0xf3 [ 35.399775] ? preempt_schedule_common+0x45/0xc0 [ 35.399788] ? ___preempt_schedule+0x16/0x18 [ 35.399801] ? trace_hardirqs_on+0x55/0x210 [ 35.399817] kasan_end_report+0x43/0x49 [ 35.399830] kasan_report_error.cold+0xa7/0x1c7 [ 35.399841] ? bit_putcs+0xbaf/0xd10 [ 35.399853] __asan_report_load1_noabort+0x88/0x90 [ 35.399865] ? bit_putcs+0xbaf/0xd10 [ 35.399876] bit_putcs+0xbaf/0xd10 [ 35.399896] ? bit_cursor+0x1740/0x1740 [ 35.399913] ? fb_get_color_depth+0x11a/0x240 [ 35.399926] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 35.399939] ? bit_cursor+0x1740/0x1740 [ 35.399952] fbcon_putcs+0x336/0x4f0 [ 35.399967] ? fb_flashcursor+0x430/0x430 [ 35.399980] do_con_write+0xbcd/0x1d90 [ 35.400003] ? do_con_trol+0x5970/0x5970 [ 35.400013] ? n_tty_write+0x1ea/0xff0 [ 35.400029] ? mark_held_locks+0xa6/0xf0 [ 35.400043] con_write+0x22/0xb0 [ 35.400055] n_tty_write+0x3c0/0xff0 [ 35.400074] ? n_tty_open+0x160/0x160 [ 35.400088] ? do_wait_intr_irq+0x270/0x270 [ 35.400100] ? __might_fault+0x192/0x1d0 [ 35.400114] tty_write+0x496/0x810 [ 35.400126] ? n_tty_open+0x160/0x160 [ 35.400142] __vfs_write+0xf7/0x770 [ 35.400153] ? tty_compat_ioctl+0x270/0x270 [ 35.400166] ? common_file_perm+0x4e5/0x850 [ 35.400177] ? kernel_read+0x110/0x110 [ 35.400189] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.400202] ? apparmor_getprocattr+0x11d0/0x11d0 [ 35.400216] ? debug_object_init_on_stack+0x20/0x20 [ 35.400230] ? security_file_permission+0x1c0/0x220 [ 35.400253] vfs_write+0x1f3/0x540 [ 35.400268] ksys_write+0x12b/0x2a0 [ 35.400280] ? __ia32_sys_read+0xb0/0xb0 [ 35.400294] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.400307] ? do_syscall_64+0x21/0x620 [ 35.400320] do_syscall_64+0xf9/0x620 [ 35.400334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.400343] RIP: 0033:0x4413a9 [ 35.400355] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.400362] RSP: 002b:00007ffcce6d4338 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.400373] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 35.400381] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 35.400388] RBP: 0000000000008a24 R08: 00000000004002c8 R09: 00000000004002c8 [ 35.400396] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 35.400403] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 35.400879] Kernel Offset: disabled [ 36.021421] Rebooting in 86400 seconds..