[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 30.051257] ================================================================== [ 30.051290] BUG: KASAN: global-out-of-bounds in bit_putcs+0xab7/0xc30 [ 30.051296] Read of size 1 at addr ffffffff87cf4863 by task syz-executor055/7997 [ 30.051299] [ 30.051308] CPU: 0 PID: 7997 Comm: syz-executor055 Not tainted 4.14.212-syzkaller #0 [ 30.051313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.051316] Call Trace: [ 30.051327] dump_stack+0x1b2/0x283 [ 30.051342] print_address_description.cold+0x5/0x1d3 [ 30.051351] kasan_report_error.cold+0x8a/0x194 [ 30.051358] ? bit_putcs+0xab7/0xc30 [ 30.051364] __asan_report_load1_noabort+0x68/0x70 [ 30.051373] ? bit_putcs+0xab7/0xc30 [ 30.051379] bit_putcs+0xab7/0xc30 [ 30.051399] ? bit_cursor+0x1580/0x1580 [ 30.051408] ? __lock_acquire+0x521/0x3f20 [ 30.051420] ? fb_get_color_depth+0x100/0x200 [ 30.051431] ? bit_cursor+0x1580/0x1580 [ 30.051438] fbcon_putcs+0x2fe/0x480 [ 30.051448] ? fb_flashcursor+0x3f0/0x3f0 [ 30.051460] do_con_write+0x9dd/0x19b0 [ 30.051480] ? do_con_trol+0x51e0/0x51e0 [ 30.051493] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 30.051503] con_write+0x21/0xa0 [ 30.051513] n_tty_write+0x352/0xda0 [ 30.051531] ? n_tty_open+0x160/0x160 [ 30.051546] ? do_wait_intr_irq+0x270/0x270 [ 30.051556] ? __might_fault+0x177/0x1b0 [ 30.051566] tty_write+0x410/0x740 [ 30.051574] ? n_tty_open+0x160/0x160 [ 30.051588] __vfs_write+0xe4/0x630 [ 30.051594] ? tty_compat_ioctl+0x240/0x240 [ 30.051604] ? kernel_read+0x110/0x110 [ 30.051615] ? common_file_perm+0x3ee/0x580 [ 30.051621] ? lock_acquire+0x170/0x3f0 [ 30.051634] ? security_file_permission+0x82/0x1e0 [ 30.051643] ? rw_verify_area+0xe1/0x2a0 [ 30.051653] vfs_write+0x17f/0x4d0 [ 30.051664] SyS_write+0xf2/0x210 [ 30.051672] ? SyS_read+0x210/0x210 [ 30.051681] ? do_syscall_64+0x4c/0x640 [ 30.051689] ? SyS_read+0x210/0x210 [ 30.051698] do_syscall_64+0x1d5/0x640 [ 30.051711] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.051717] RIP: 0033:0x4413a9 [ 30.051721] RSP: 002b:00007ffdf5846ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.051730] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 30.051735] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 30.051740] RBP: 0000000000007571 R08: 00000000004002c8 R09: 00000000004002c8 [ 30.051745] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 30.051749] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 30.051762] [ 30.051764] The buggy address belongs to the variable: [ 30.051772] oid_index+0x2e3/0x9a0 [ 30.051775] [ 30.051777] Memory state around the buggy address: [ 30.051784] ffffffff87cf4700: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa [ 30.051790] ffffffff87cf4780: fa fa fa fa 07 fa fa fa fa fa fa fa 00 01 fa fa [ 30.051796] >ffffffff87cf4800: fa fa fa fa 00 05 fa fa fa fa fa fa 03 fa fa fa [ 30.051799] ^ [ 30.051805] ffffffff87cf4880: fa fa fa fa 03 fa fa fa fa fa fa fa 03 fa fa fa [ 30.051810] ffffffff87cf4900: fa fa fa fa 00 07 fa fa fa fa fa fa 00 07 fa fa [ 30.051813] ================================================================== [ 30.051815] Disabling lock debugging due to kernel taint [ 30.051819] Kernel panic - not syncing: panic_on_warn set ... [ 30.051819] [ 30.051826] CPU: 0 PID: 7997 Comm: syz-executor055 Tainted: G B 4.14.212-syzkaller #0 [ 30.051830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.051832] Call Trace: [ 30.051839] dump_stack+0x1b2/0x283 [ 30.051849] panic+0x1f9/0x42d [ 30.051856] ? add_taint.cold+0x16/0x16 [ 30.051863] ? lock_downgrade+0x740/0x740 [ 30.051873] kasan_end_report+0x43/0x49 [ 30.051879] kasan_report_error.cold+0xa7/0x194 [ 30.051885] ? bit_putcs+0xab7/0xc30 [ 30.051891] __asan_report_load1_noabort+0x68/0x70 [ 30.051897] ? bit_putcs+0xab7/0xc30 [ 30.051903] bit_putcs+0xab7/0xc30 [ 30.051915] ? bit_cursor+0x1580/0x1580 [ 30.051921] ? __lock_acquire+0x521/0x3f20 [ 30.051930] ? fb_get_color_depth+0x100/0x200 [ 30.051937] ? bit_cursor+0x1580/0x1580 [ 30.051942] fbcon_putcs+0x2fe/0x480 [ 30.051950] ? fb_flashcursor+0x3f0/0x3f0 [ 30.051957] do_con_write+0x9dd/0x19b0 [ 30.051970] ? do_con_trol+0x51e0/0x51e0 [ 30.051979] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 30.051988] con_write+0x21/0xa0 [ 30.051995] n_tty_write+0x352/0xda0 [ 30.052007] ? n_tty_open+0x160/0x160 [ 30.052014] ? do_wait_intr_irq+0x270/0x270 [ 30.052022] ? __might_fault+0x177/0x1b0 [ 30.052030] tty_write+0x410/0x740 [ 30.052036] ? n_tty_open+0x160/0x160 [ 30.052045] __vfs_write+0xe4/0x630 [ 30.052052] ? tty_compat_ioctl+0x240/0x240 [ 30.052059] ? kernel_read+0x110/0x110 [ 30.052067] ? common_file_perm+0x3ee/0x580 [ 30.052073] ? lock_acquire+0x170/0x3f0 [ 30.052082] ? security_file_permission+0x82/0x1e0 [ 30.052090] ? rw_verify_area+0xe1/0x2a0 [ 30.052098] vfs_write+0x17f/0x4d0 [ 30.052106] SyS_write+0xf2/0x210 [ 30.052114] ? SyS_read+0x210/0x210 [ 30.052121] ? do_syscall_64+0x4c/0x640 [ 30.052127] ? SyS_read+0x210/0x210 [ 30.052134] do_syscall_64+0x1d5/0x640 [ 30.052145] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.052150] RIP: 0033:0x4413a9 [ 30.052154] RSP: 002b:00007ffdf5846ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.052161] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004413a9 [ 30.052165] RDX: 0000000000000018 RSI: 0000000020001340 RDI: 0000000000000004 [ 30.052169] RBP: 0000000000007571 R08: 00000000004002c8 R09: 00000000004002c8 [ 30.052174] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402150 [ 30.052177] R13: 00000000004021e0 R14: 0000000000000000 R15: 0000000000000000 [ 30.052646] Kernel Offset: disabled [ 30.604236] Rebooting in 86400 seconds..