[   94.499825][   T28] audit: type=1800 audit(1578551360.859:25): pid=9635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   95.518969][   T28] kauditd_printk_skb: 3 callbacks suppressed
[   95.518981][   T28] audit: type=1800 audit(1578551361.879:29): pid=9635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   95.545515][   T28] audit: type=1800 audit(1578551361.879:30): pid=9635 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [  104.250370][ T9791] ==================================================================
[  104.250415][ T9791] BUG: KASAN: global-out-of-bounds in bit_putcs+0xd5d/0xf10
[  104.250422][ T9791] Read of size 1 at addr ffffffff88742041 by task syz-executor628/9791
[  104.250424][ T9791] 
[  104.250435][ T9791] CPU: 0 PID: 9791 Comm: syz-executor628 Not tainted 5.5.0-rc5-syzkaller #0
[  104.250441][ T9791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  104.250444][ T9791] Call Trace:
[  104.250457][ T9791]  dump_stack+0x197/0x210
[  104.250465][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.250481][ T9791]  print_address_description.constprop.0.cold+0x5/0x30b
[  104.250488][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.250495][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.250503][ T9791]  __kasan_report.cold+0x1b/0x41
[  104.250515][ T9791]  ? fb_get_color_depth.part.0+0x70/0x200
[  104.250522][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.250531][ T9791]  kasan_report+0x12/0x20
[  104.250540][ T9791]  __asan_report_load1_noabort+0x14/0x20
[  104.250547][ T9791]  bit_putcs+0xd5d/0xf10
[  104.250566][ T9791]  ? bit_cursor+0x1a60/0x1a60
[  104.250579][ T9791]  ? __sanitizer_cov_trace_cmp4+0x11/0x20
[  104.250588][ T9791]  ? fb_get_color_depth.part.0+0xcf/0x200
[  104.250604][ T9791]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  104.250628][ T9791]  fbcon_putcs+0x33c/0x3e0
[  104.250643][ T9791]  ? bit_cursor+0x1a60/0x1a60
[  104.250657][ T9791]  ? fb_flashcursor+0x3e0/0x3e0
[  104.250678][ T9791]  do_con_write.part.0+0xfb5/0x1ef0
[  104.250703][ T9791]  ? do_con_trol+0x61b0/0x61b0
[  104.250713][ T9791]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  104.250721][ T9791]  ? add_wait_queue+0x112/0x170
[  104.250728][ T9791]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  104.250742][ T9791]  con_write+0x46/0xd0
[  104.250754][ T9791]  n_tty_write+0x40e/0x1080
[  104.250771][ T9791]  ? n_tty_read+0x1bf0/0x1bf0
[  104.250780][ T9791]  ? prepare_to_wait_exclusive+0x320/0x320
[  104.250791][ T9791]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  104.250802][ T9791]  ? _copy_from_user+0x12c/0x1a0
[  104.250813][ T9791]  tty_write+0x496/0x7f0
[  104.250823][ T9791]  ? n_tty_read+0x1bf0/0x1bf0
[  104.250837][ T9791]  do_iter_write+0x4a0/0x610
[  104.250844][ T9791]  ? dup_iter+0x260/0x260
[  104.250857][ T9791]  vfs_writev+0x1b3/0x2f0
[  104.250865][ T9791]  ? vfs_iter_write+0xb0/0xb0
[  104.250872][ T9791]  ? find_held_lock+0x35/0x130
[  104.250884][ T9791]  ? __do_page_fault+0x56a/0xd80
[  104.250896][ T9791]  ? lock_downgrade+0x920/0x920
[  104.250911][ T9791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.250921][ T9791]  ? __fget_light+0x1a9/0x230
[  104.250931][ T9791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.250940][ T9791]  do_writev+0x15b/0x330
[  104.250949][ T9791]  ? vfs_writev+0x2f0/0x2f0
[  104.250961][ T9791]  ? do_syscall_64+0x26/0x790
[  104.250968][ T9791]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.250976][ T9791]  ? do_syscall_64+0x26/0x790
[  104.250987][ T9791]  __x64_sys_writev+0x75/0xb0
[  104.250997][ T9791]  do_syscall_64+0xfa/0x790
[  104.251006][ T9791]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.251014][ T9791] RIP: 0033:0x441239
[  104.251023][ T9791] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  104.251027][ T9791] RSP: 002b:00007ffc892db868 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  104.251035][ T9791] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
[  104.251040][ T9791] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003
[  104.251044][ T9791] RBP: 0000000000019705 R08: 000000000000000d R09: 00000000004002c8
[  104.251049][ T9791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060
[  104.251053][ T9791] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
[  104.251064][ T9791] 
[  104.251067][ T9791] The buggy address belongs to the variable:
[  104.251074][ T9791]  oid_index+0xb01/0xb80
[  104.251077][ T9791] 
[  104.251079][ T9791] Memory state around the buggy address:
[  104.251087][ T9791]  ffffffff88741f00: 00 00 02 fa fa fa fa fa 00 00 00 05 fa fa fa fa
[  104.251093][ T9791]  ffffffff88741f80: 00 00 00 fa fa fa fa fa 00 00 00 00 00 01 fa fa
[  104.251100][ T9791] >ffffffff88742000: fa fa fa fa 00 00 00 00 01 fa fa fa fa fa fa fa
[  104.251103][ T9791]                                            ^
[  104.251109][ T9791]  ffffffff88742080: 00 00 00 00 fa fa fa fa 00 03 fa fa fa fa fa fa
[  104.251115][ T9791]  ffffffff88742100: 04 fa fa fa fa fa fa fa 00 00 01 fa fa fa fa fa
[  104.251119][ T9791] ==================================================================
[  104.251122][ T9791] Disabling lock debugging due to kernel taint
[  104.251127][ T9791] Kernel panic - not syncing: panic_on_warn set ...
[  104.251135][ T9791] CPU: 0 PID: 9791 Comm: syz-executor628 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  104.251139][ T9791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  104.251141][ T9791] Call Trace:
[  104.251148][ T9791]  dump_stack+0x197/0x210
[  104.251159][ T9791]  panic+0x2e3/0x75c
[  104.251166][ T9791]  ? add_taint.cold+0x16/0x16
[  104.251179][ T9791]  ? trace_hardirqs_on+0x67/0x240
[  104.251187][ T9791]  ? trace_hardirqs_on+0x5e/0x240
[  104.251194][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.251201][ T9791]  end_report+0x47/0x4f
[  104.251207][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.251214][ T9791]  __kasan_report.cold+0xe/0x41
[  104.251223][ T9791]  ? fb_get_color_depth.part.0+0x70/0x200
[  104.251229][ T9791]  ? bit_putcs+0xd5d/0xf10
[  104.251236][ T9791]  kasan_report+0x12/0x20
[  104.251244][ T9791]  __asan_report_load1_noabort+0x14/0x20
[  104.251251][ T9791]  bit_putcs+0xd5d/0xf10
[  104.251263][ T9791]  ? bit_cursor+0x1a60/0x1a60
[  104.251271][ T9791]  ? __sanitizer_cov_trace_cmp4+0x11/0x20
[  104.251279][ T9791]  ? fb_get_color_depth.part.0+0xcf/0x200
[  104.251288][ T9791]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  104.251296][ T9791]  fbcon_putcs+0x33c/0x3e0
[  104.251303][ T9791]  ? bit_cursor+0x1a60/0x1a60
[  104.251310][ T9791]  ? fb_flashcursor+0x3e0/0x3e0
[  104.251319][ T9791]  do_con_write.part.0+0xfb5/0x1ef0
[  104.251331][ T9791]  ? do_con_trol+0x61b0/0x61b0
[  104.251338][ T9791]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  104.251344][ T9791]  ? add_wait_queue+0x112/0x170
[  104.251350][ T9791]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  104.251359][ T9791]  con_write+0x46/0xd0
[  104.251367][ T9791]  n_tty_write+0x40e/0x1080
[  104.251379][ T9791]  ? n_tty_read+0x1bf0/0x1bf0
[  104.251387][ T9791]  ? prepare_to_wait_exclusive+0x320/0x320
[  104.251396][ T9791]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  104.251403][ T9791]  ? _copy_from_user+0x12c/0x1a0
[  104.251411][ T9791]  tty_write+0x496/0x7f0
[  104.251420][ T9791]  ? n_tty_read+0x1bf0/0x1bf0
[  104.251428][ T9791]  do_iter_write+0x4a0/0x610
[  104.251434][ T9791]  ? dup_iter+0x260/0x260
[  104.251443][ T9791]  vfs_writev+0x1b3/0x2f0
[  104.251451][ T9791]  ? vfs_iter_write+0xb0/0xb0
[  104.251456][ T9791]  ? find_held_lock+0x35/0x130
[  104.251464][ T9791]  ? __do_page_fault+0x56a/0xd80
[  104.251472][ T9791]  ? lock_downgrade+0x920/0x920
[  104.251483][ T9791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.251490][ T9791]  ? __fget_light+0x1a9/0x230
[  104.251498][ T9791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.251506][ T9791]  do_writev+0x15b/0x330
[  104.251513][ T9791]  ? vfs_writev+0x2f0/0x2f0
[  104.251521][ T9791]  ? do_syscall_64+0x26/0x790
[  104.251528][ T9791]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.251535][ T9791]  ? do_syscall_64+0x26/0x790
[  104.251544][ T9791]  __x64_sys_writev+0x75/0xb0
[  104.251552][ T9791]  do_syscall_64+0xfa/0x790
[  104.251560][ T9791]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.251564][ T9791] RIP: 0033:0x441239
[  104.251571][ T9791] Code: e8 3c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  104.251575][ T9791] RSP: 002b:00007ffc892db868 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  104.251581][ T9791] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
[  104.251585][ T9791] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000003
[  104.251589][ T9791] RBP: 0000000000019705 R08: 000000000000000d R09: 00000000004002c8
[  104.251593][ T9791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402060
[  104.251597][ T9791] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
[  104.253165][ T9791] Kernel Offset: disabled
[  105.066932][ T9791] Rebooting in 86400 seconds..