[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.907410] ================================================================== [ 26.914828] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x10cc/0x1270 [ 26.921904] Read of size 8 at addr ffff8880b3280cb8 by task syz-executor123/7975 [ 26.929409] [ 26.931015] CPU: 0 PID: 7975 Comm: syz-executor123 Not tainted 4.14.288-syzkaller #0 [ 26.938875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 26.948200] Call Trace: [ 26.950768] dump_stack+0x1b2/0x281 [ 26.954373] print_address_description.cold+0x54/0x1d3 [ 26.959626] kasan_report_error.cold+0x8a/0x191 [ 26.964272] ? tls_push_record+0x10cc/0x1270 [ 26.968655] __asan_report_load8_noabort+0x68/0x70 [ 26.973560] ? tls_push_record+0x10cc/0x1270 [ 26.977941] tls_push_record+0x10cc/0x1270 [ 26.982153] ? mark_held_locks+0xa6/0xf0 [ 26.986194] ? __local_bh_enable_ip+0xc1/0x170 [ 26.990752] tls_sk_proto_close+0x6f0/0x8b0 [ 26.995153] ? trace_hardirqs_on+0x10/0x10 [ 26.999363] ? tcp_check_oom+0x440/0x440 [ 27.003400] ? tls_write_space+0x2d0/0x2d0 [ 27.007610] ? ip_mc_drop_socket+0x16/0x220 [ 27.011908] inet_release+0xdf/0x1b0 [ 27.015594] inet6_release+0x4c/0x70 [ 27.019290] __sock_release+0xcd/0x2b0 [ 27.023155] ? __sock_release+0x2b0/0x2b0 [ 27.027282] sock_close+0x15/0x20 [ 27.030708] __fput+0x25f/0x7a0 [ 27.033964] task_work_run+0x11f/0x190 [ 27.037829] do_exit+0xa44/0x2850 [ 27.041260] ? __do_page_fault+0x571/0xad0 [ 27.045470] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.050114] ? lock_downgrade+0x740/0x740 [ 27.054237] do_group_exit+0x100/0x2e0 [ 27.058098] SyS_exit_group+0x19/0x20 [ 27.061871] ? do_group_exit+0x2e0/0x2e0 [ 27.065906] do_syscall_64+0x1d5/0x640 [ 27.069770] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.074935] RIP: 0033:0x7fda5c062e29 [ 27.078619] RSP: 002b:00007fff1ccf9d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.086298] RAX: ffffffffffffffda RBX: 00007fda5c0d6270 RCX: 00007fda5c062e29 [ 27.093543] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 27.100784] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 27.108027] R10: 0000000000000028 R11: 0000000000000246 R12: 00007fda5c0d6270 [ 27.115271] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 27.122519] [ 27.124122] Allocated by task 0: [ 27.127455] (stack is not available) [ 27.131136] [ 27.132739] Freed by task 0: [ 27.135729] (stack is not available) [ 27.139411] [ 27.141010] The buggy address belongs to the object at ffff8880b3280440 [ 27.141010] which belongs to the cache kmalloc-2048 of size 2048 [ 27.153811] The buggy address is located 120 bytes to the right of [ 27.153811] 2048-byte region [ffff8880b3280440, ffff8880b3280c40) [ 27.166261] The buggy address belongs to the page: [ 27.171164] page:ffffea0002cca000 count:1 mapcount:0 mapping:ffff8880b3280440 index:0x0 compound_mapcount: 0 [ 27.181113] flags: 0xfff00000008100(slab|head) [ 27.185668] raw: 00fff00000008100 ffff8880b3280440 0000000000000000 0000000100000003 [ 27.193518] raw: ffffea00025d0b20 ffff88813fe64948 ffff88813fe74c40 0000000000000000 [ 27.201367] page dumped because: kasan: bad access detected [ 27.207055] [ 27.208657] Memory state around the buggy address: [ 27.213569] ffff8880b3280b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.220901] ffff8880b3280c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.228231] >ffff8880b3280c80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.235560] ^ [ 27.240720] ffff8880b3280d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.248050] ffff8880b3280d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.255376] ================================================================== [ 27.262702] Disabling lock debugging due to kernel taint [ 27.268638] Kernel panic - not syncing: panic_on_warn set ... [ 27.268638] [ 27.275994] CPU: 0 PID: 7975 Comm: syz-executor123 Tainted: G B 4.14.288-syzkaller #0 [ 27.285076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 27.294409] Call Trace: [ 27.296970] dump_stack+0x1b2/0x281 [ 27.300568] panic+0x1f9/0x42d [ 27.303732] ? add_taint.cold+0x16/0x16 [ 27.307680] ? ___preempt_schedule+0x16/0x18 [ 27.312061] kasan_end_report+0x43/0x49 [ 27.316008] kasan_report_error.cold+0xa7/0x191 [ 27.320651] ? tls_push_record+0x10cc/0x1270 [ 27.325035] __asan_report_load8_noabort+0x68/0x70 [ 27.329936] ? tls_push_record+0x10cc/0x1270 [ 27.334317] tls_push_record+0x10cc/0x1270 [ 27.338522] ? mark_held_locks+0xa6/0xf0 [ 27.342554] ? __local_bh_enable_ip+0xc1/0x170 [ 27.347107] tls_sk_proto_close+0x6f0/0x8b0 [ 27.351401] ? trace_hardirqs_on+0x10/0x10 [ 27.355611] ? tcp_check_oom+0x440/0x440 [ 27.359642] ? tls_write_space+0x2d0/0x2d0 [ 27.363849] ? ip_mc_drop_socket+0x16/0x220 [ 27.368144] inet_release+0xdf/0x1b0 [ 27.371828] inet6_release+0x4c/0x70 [ 27.375512] __sock_release+0xcd/0x2b0 [ 27.379372] ? __sock_release+0x2b0/0x2b0 [ 27.383489] sock_close+0x15/0x20 [ 27.386916] __fput+0x25f/0x7a0 [ 27.390168] task_work_run+0x11f/0x190 [ 27.394031] do_exit+0xa44/0x2850 [ 27.397459] ? __do_page_fault+0x571/0xad0 [ 27.401666] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.406365] ? lock_downgrade+0x740/0x740 [ 27.410486] do_group_exit+0x100/0x2e0 [ 27.414346] SyS_exit_group+0x19/0x20 [ 27.418126] ? do_group_exit+0x2e0/0x2e0 [ 27.422158] do_syscall_64+0x1d5/0x640 [ 27.426021] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.431196] RIP: 0033:0x7fda5c062e29 [ 27.434876] RSP: 002b:00007fff1ccf9d08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.442554] RAX: ffffffffffffffda RBX: 00007fda5c0d6270 RCX: 00007fda5c062e29 [ 27.449795] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 27.457038] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 27.464285] R10: 0000000000000028 R11: 0000000000000246 R12: 00007fda5c0d6270 [ 27.471620] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 27.479038] Kernel Offset: disabled [ 27.482647] Rebooting in 86400 seconds..