[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.768238] ================================================================== [ 27.768265] BUG: KASAN: global-out-of-bounds in soft_cursor+0x442/0xa50 [ 27.768271] Read of size 32 at addr ffffffff87cf4cd0 by task syz-executor768/7988 [ 27.768273] [ 27.768280] CPU: 1 PID: 7988 Comm: syz-executor768 Not tainted 4.14.210-syzkaller #0 [ 27.768284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.768287] Call Trace: [ 27.768296] dump_stack+0x1b2/0x283 [ 27.768308] print_address_description.cold+0x5/0x1d3 [ 27.768317] kasan_report_error.cold+0x8a/0x194 [ 27.768323] ? soft_cursor+0x442/0xa50 [ 27.768328] kasan_report+0x6f/0x7b [ 27.768335] ? soft_cursor+0x442/0xa50 [ 27.768343] memcpy+0x20/0x50 [ 27.768350] soft_cursor+0x442/0xa50 [ 27.768362] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 27.768371] bit_cursor+0xf7a/0x1580 [ 27.768382] ? bit_update_start+0x1f0/0x1f0 [ 27.768390] ? __up_console_sem+0xa9/0x1b0 [ 27.768400] ? lock_acquire+0x170/0x3f0 [ 27.768407] ? fb_get_color_depth+0x100/0x200 [ 27.768416] ? get_color+0x1be/0x3a0 [ 27.768424] ? bit_update_start+0x1f0/0x1f0 [ 27.768431] fbcon_cursor+0x480/0x640 [ 27.768442] hide_cursor+0x7a/0x2a0 [ 27.768451] update_region+0xc9/0x110 [ 27.768458] vcs_write+0x3b9/0xb40 [ 27.768470] ? aa_file_perm+0x304/0xab0 [ 27.768482] ? vcs_read+0x9b0/0x9b0 [ 27.768488] ? aa_path_link+0x3a0/0x3a0 [ 27.768494] ? lock_downgrade+0x740/0x740 [ 27.768507] __vfs_write+0xe4/0x630 [ 27.768513] ? vcs_read+0x9b0/0x9b0 [ 27.768520] ? debug_check_no_obj_freed+0x2c0/0x674 [ 27.768528] ? kernel_read+0x110/0x110 [ 27.768538] ? common_file_perm+0x3ee/0x580 [ 27.768545] ? __fd_install+0x227/0x5c0 [ 27.768558] ? security_file_permission+0x82/0x1e0 [ 27.768567] ? rw_verify_area+0xe1/0x2a0 [ 27.768575] vfs_write+0x17f/0x4d0 [ 27.768584] SyS_write+0xf2/0x210 [ 27.768591] ? SyS_read+0x210/0x210 [ 27.768599] ? do_syscall_64+0x4c/0x640 [ 27.768606] ? SyS_read+0x210/0x210 [ 27.768613] do_syscall_64+0x1d5/0x640 [ 27.768627] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.768633] RIP: 0033:0x440389 [ 27.768637] RSP: 002b:00007ffd141f0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.768645] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440389 [ 27.768650] RDX: 0000000000000121 RSI: 00000000200000c0 RDI: 0000000000000004 [ 27.768654] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 27.768657] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401bf0 [ 27.768662] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000 [ 27.768674] [ 27.768677] The buggy address belongs to the variable: [ 27.768684] oid_index+0x850/0x9a0 [ 27.768686] [ 27.768688] Memory state around the buggy address: [ 27.768694] ffffffff87cf4b80: fa fa fa fa 04 fa fa fa fa fa fa fa 05 fa fa fa [ 27.768700] ffffffff87cf4c00: fa fa fa fa 01 fa fa fa fa fa fa fa 00 00 02 fa [ 27.768705] >ffffffff87cf4c80: fa fa fa fa 00 00 00 fa fa fa fa fa 00 00 00 00 [ 27.768708] ^ [ 27.768713] ffffffff87cf4d00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa [ 27.768719] ffffffff87cf4d80: fa fa fa fa 00 00 00 05 fa fa fa fa 00 00 00 00 [ 27.768721] ================================================================== [ 27.768725] Disabling lock debugging due to kernel taint [ 27.768728] Kernel panic - not syncing: panic_on_warn set ... [ 27.768728] [ 27.768735] CPU: 1 PID: 7988 Comm: syz-executor768 Tainted: G B 4.14.210-syzkaller #0 [ 27.768739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.768741] Call Trace: [ 27.768748] dump_stack+0x1b2/0x283 [ 27.768757] panic+0x1f9/0x42d [ 27.768764] ? add_taint.cold+0x16/0x16 [ 27.768770] ? lock_downgrade+0x740/0x740 [ 27.768779] kasan_end_report+0x43/0x49 [ 27.768785] kasan_report_error.cold+0xa7/0x194 [ 27.768791] ? soft_cursor+0x442/0xa50 [ 27.768796] kasan_report+0x6f/0x7b [ 27.768802] ? soft_cursor+0x442/0xa50 [ 27.768807] memcpy+0x20/0x50 [ 27.768812] soft_cursor+0x442/0xa50 [ 27.768820] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 27.768826] bit_cursor+0xf7a/0x1580 [ 27.768834] ? bit_update_start+0x1f0/0x1f0 [ 27.768840] ? __up_console_sem+0xa9/0x1b0 [ 27.768848] ? lock_acquire+0x170/0x3f0 [ 27.768854] ? fb_get_color_depth+0x100/0x200 [ 27.768861] ? get_color+0x1be/0x3a0 [ 27.768867] ? bit_update_start+0x1f0/0x1f0 [ 27.768873] fbcon_cursor+0x480/0x640 [ 27.768881] hide_cursor+0x7a/0x2a0 [ 27.768888] update_region+0xc9/0x110 [ 27.768894] vcs_write+0x3b9/0xb40 [ 27.768902] ? aa_file_perm+0x304/0xab0 [ 27.768910] ? vcs_read+0x9b0/0x9b0 [ 27.768915] ? aa_path_link+0x3a0/0x3a0 [ 27.768920] ? lock_downgrade+0x740/0x740 [ 27.768929] __vfs_write+0xe4/0x630 [ 27.768934] ? vcs_read+0x9b0/0x9b0 [ 27.768940] ? debug_check_no_obj_freed+0x2c0/0x674 [ 27.768946] ? kernel_read+0x110/0x110 [ 27.768954] ? common_file_perm+0x3ee/0x580 [ 27.768960] ? __fd_install+0x227/0x5c0 [ 27.768968] ? security_file_permission+0x82/0x1e0 [ 27.768975] ? rw_verify_area+0xe1/0x2a0 [ 27.768983] vfs_write+0x17f/0x4d0 [ 27.768990] SyS_write+0xf2/0x210 [ 27.768997] ? SyS_read+0x210/0x210 [ 27.769003] ? do_syscall_64+0x4c/0x640 [ 27.769009] ? SyS_read+0x210/0x210 [ 27.769016] do_syscall_64+0x1d5/0x640 [ 27.769025] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.769029] RIP: 0033:0x440389 [ 27.769033] RSP: 002b:00007ffd141f0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.769039] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440389 [ 27.769043] RDX: 0000000000000121 RSI: 00000000200000c0 RDI: 0000000000000004 [ 27.769046] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 27.769050] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401bf0 [ 27.769054] R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000 [ 27.769670] Kernel Offset: disabled [ 28.332373] Rebooting in 86400 seconds..