[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 50.277831] ==================================================================
[ 50.285343] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x10cc/0x1270
[ 50.292451] Read of size 8 at addr ffff8880b37eab78 by task syz-executor393/8002
[ 50.299994]
[ 50.301619] CPU: 1 PID: 8002 Comm: syz-executor393 Not tainted 4.14.299-syzkaller #0
[ 50.309491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 50.318840] Call Trace:
[ 50.321440] dump_stack+0x1b2/0x281
[ 50.325072] print_address_description.cold+0x54/0x1d3
[ 50.330348] kasan_report_error.cold+0x8a/0x191
[ 50.335016] ? tls_push_record+0x10cc/0x1270
[ 50.339427] __asan_report_load8_noabort+0x68/0x70
[ 50.344359] ? tls_push_record+0x10cc/0x1270
[ 50.348781] tls_push_record+0x10cc/0x1270
[ 50.353010] ? mark_held_locks+0xa6/0xf0
[ 50.357057] ? __local_bh_enable_ip+0xc1/0x170
[ 50.361639] tls_sk_proto_close+0x6f0/0x8b0
[ 50.365980] ? tcp_check_oom+0x440/0x440
[ 50.370056] ? tls_write_space+0x2d0/0x2d0
[ 50.374291] ? ip_mc_drop_socket+0x16/0x220
executing program
[ 50.378617] inet_release+0xdf/0x1b0
[ 50.382328] inet6_release+0x4c/0x70
[ 50.386047] __sock_release+0xcd/0x2b0
[ 50.389957] ? __sock_release+0x2b0/0x2b0
[ 50.394102] sock_close+0x15/0x20
[ 50.397554] __fput+0x25f/0x7a0
[ 50.400834] task_work_run+0x11f/0x190
[ 50.404720] do_exit+0xa44/0x2850
[ 50.408172] ? wake_up_q+0x82/0xd0
[ 50.411713] ? mm_update_next_owner+0x5b0/0x5b0
[ 50.416386] ? get_signal+0x323/0x1ca0
[ 50.420277] ? lock_acquire+0x170/0x3f0
[ 50.424250] ? lock_downgrade+0x740/0x740
[ 50.428402] do_group_exit+0x100/0x2e0
[ 50.432291] get_signal+0x38d/0x1ca0
[ 50.435999] ? do_futex+0x127/0x1570
[ 50.439717] ? __wake_up_common_lock+0xcd/0x140
[ 50.444399] do_signal+0x7c/0x1550
[ 50.447938] ? ___preempt_schedule+0x16/0x18
[ 50.452356] ? setup_sigcontext+0x820/0x820
[ 50.456675] ? sock_setsockopt+0x112/0x1a50
[ 50.460995] ? __local_bh_enable_ip+0x132/0x170
[ 50.465662] ? sock_setsockopt+0x117/0x1a50
[ 50.469988] ? SyS_futex+0x1da/0x290
[ 50.473709] ? SyS_futex+0x1e3/0x290
[ 50.477428] ? exit_to_usermode_loop+0x41/0x200
[ 50.482109] exit_to_usermode_loop+0x160/0x200
[ 50.486696] do_syscall_64+0x4a3/0x640
[ 50.490586] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 50.495781]
[ 50.497402] Allocated by task 7984:
[ 50.501026] kasan_kmalloc+0xeb/0x160
[ 50.504822] kmem_cache_alloc_trace+0x131/0x3d0
[ 50.508641] ------------[ cut here ]------------
[ 50.509477] tls_set_sw_offload+0x88/0xcd0
[ 50.509487] tls_setsockopt+0x216/0x3f0
[ 50.514281] kernel BUG at include/linux/scatterlist.h:190!
[ 50.518492] SyS_setsockopt+0x110/0x1e0
[ 50.532012] do_syscall_64+0x1d5/0x640
[ 50.535917] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 50.541088]
[ 50.542704] Freed by task 0:
[ 50.544180] ------------[ cut here ]------------
[ 50.545704] (stack is not available)
[ 50.550546] kernel BUG at include/linux/scatterlist.h:190!
[ 50.554231]
[ 50.561457] The buggy address belongs to the object at ffff8880b37ea300
[ 50.561457] which belongs to the cache kmalloc-2048 of size 2048
[ 50.574280] The buggy address is located 120 bytes to the right of
[ 50.574280] 2048-byte region [ffff8880b37ea300, ffff8880b37eab00)
[ 50.585220] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 50.586764] The buggy address belongs to the page:
[ 50.592105] Modules linked in:
[ 50.597010] page:ffffea0002cdfa80 count:1 mapcount:0 mapping:ffff8880b37ea300 index:0x0
[ 50.597020] CPU: 0 PID: 8014 Comm: syz-executor393 Not tainted 4.14.299-syzkaller #0
[ 50.600211] compound_mapcount: 0
[ 50.608326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 50.616183] flags: 0xfff00000008100(slab|head)
[ 50.619611] task: ffff888094c02080 task.stack: ffff8880b30e8000
[ 50.628940] raw: 00fff00000008100 ffff8880b37ea300 0000000000000000 0000000100000003
[ 50.633587] RIP: 0010:tls_push_record+0xd41/0x1270
[ 50.639610] raw: ffffea0002569ea0 ffffea00025681a0 ffff88813fe74c40 0000000000000000
[ 50.647462] RSP: 0018:ffff8880b30ef868 EFLAGS: 00010297
[ 50.652363] page dumped because: kasan: bad access detected
[ 50.665543]
[ 50.671232] RAX: ffff888094c02080 RBX: ffff8880ab406700 RCX: 0000000000000000
[ 50.672833] Memory state around the buggy address:
[ 50.680079] RDX: 0000000000000000 RSI: ffff8880b016f4e0 RDI: ffff8880b016f4b8
[ 50.684981] ffff8880b37eaa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.692227] RBP: ffff8880b322b400 R08: ffffffff8ae15eae R09: ffffffff8ae15eb0
[ 50.699557] ffff8880b37eaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.706805] R10: 00000000001466d9 R11: 0000000000066071 R12: ffff88809dfac040
[ 50.714136] >ffff8880b37eab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.721381] R13: 0000000000000017 R14: ffff8880b016f4c0 R15: ffff8880b016f4b8
[ 50.728711] ^
[ 50.735957] FS: 00007f120f6f6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
[ 50.743222] ffff8880b37eab80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.751425] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.758755] ffff8880b37eac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 50.764611] CR2: 00007f3170d34000 CR3: 00000000a8c07000 CR4: 00000000003406f0
[ 50.771942] ==================================================================
[ 50.779186] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.793766] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.801021] Call Trace:
[ 50.803593] ? mark_held_locks+0xa6/0xf0
[ 50.807632] ? __local_bh_enable_ip+0xc1/0x170
[ 50.812191] tls_sk_proto_close+0x6f0/0x8b0
[ 50.816493] ? tcp_check_oom+0x440/0x440
[ 50.820534] ? tls_write_space+0x2d0/0x2d0
[ 50.824747] ? ip_mc_drop_socket+0x16/0x220
[ 50.829043] inet_release+0xdf/0x1b0
[ 50.832735] inet6_release+0x4c/0x70
[ 50.836426] __sock_release+0xcd/0x2b0
[ 50.840289] ? __sock_release+0x2b0/0x2b0
[ 50.844412] sock_close+0x15/0x20
[ 50.847843] __fput+0x25f/0x7a0
[ 50.851104] task_work_run+0x11f/0x190
[ 50.854968] do_exit+0xa44/0x2850
[ 50.858400] ? futex_lock_pi_atomic+0x2e0/0x2e0
[ 50.863044] ? hash_futex+0x12/0x200
[ 50.866737] ? mm_update_next_owner+0x5b0/0x5b0
[ 50.871384] ? get_signal+0x323/0x1ca0
[ 50.875247] ? lock_acquire+0x170/0x3f0
[ 50.879198] ? lock_downgrade+0x740/0x740
[ 50.883325] do_group_exit+0x100/0x2e0
[ 50.887188] get_signal+0x38d/0x1ca0
[ 50.890876] ? do_futex+0x127/0x1570
[ 50.894566] ? __fget+0x237/0x3e0
[ 50.897999] do_signal+0x7c/0x1550
[ 50.901515] ? sock_sendmsg+0xc4/0x100
[ 50.905379] ? fput_many+0xe/0x140
[ 50.908894] ? SyS_sendto+0x1e7/0x2c0
[ 50.912676] ? setup_sigcontext+0x820/0x820
[ 50.916978] ? vm_mmap_pgoff+0xcb/0x1a0
[ 50.920931] ? SyS_futex+0x1da/0x290
[ 50.924618] ? SyS_futex+0x1e3/0x290
executing program
executing program
[ 50.928307] ? SyS_mmap_pgoff+0x25e/0x510
[ 50.932433] ? exit_to_usermode_loop+0x41/0x200
[ 50.937079] exit_to_usermode_loop+0x160/0x200
[ 50.941637] do_syscall_64+0x4a3/0x640
[ 50.945505] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 50.950669] Code: 00 4a 00 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 07 05 00 00 4c 89 e7 41 ff 94 24 58 04 00 00 e9 54 fd ff ff e8 cf e8 27 fb <0f> 0b e8 c8 e8 27 fb 0f 0b e8 c1 e8 27 fb 0f 0b e8 ba e8 27 fb
[ 50.969768] RIP: tls_push_record+0xd41/0x1270 RSP: ffff8880b30ef868
[ 50.993516] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[ 50.998891] Modules linked in:
[ 51.002080] CPU: 0 PID: 8015 Comm: syz-executor393 Tainted: G B D 4.14.299-syzkaller #0
[ 51.011166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 51.020512] task: ffff88809534c0c0 task.stack: ffff8880b2ec0000
[ 51.026567] RIP: 0010:tls_push_record+0xd41/0x1270
[ 51.031484] RSP: 0018:ffff8880b2ec7868 EFLAGS: 00010297
[ 51.036839] RAX: ffff88809534c0c0 RBX: ffff8880ab406500 RCX: 0000000000000000
[ 51.044100] RDX: 0000000000000000 RSI: ffff8880b016e3e0 RDI: ffff8880b016e3b8
[ 51.051360] RBP: ffff8880aff7bd00 R08: ffffffff8ae15eae R09: ffffffff8ae15eb0
[ 51.058619] R10: 00000000001466d9 R11: 0000000000066071 R12: ffff888095a3c100
[ 51.065880] R13: 0000000000000017 R14: ffff8880b016e3c0 R15: ffff8880b016e3b8
[ 51.073660] FS: 00007f120f6f6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
[ 51.081874] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.087741] CR2: 00007f3170d36000 CR3: 000000008f6a9000 CR4: 00000000003406f0
[ 51.095002] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.102266] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.109528] Call Trace:
[ 51.112111] ? mark_held_locks+0xa6/0xf0
[ 51.116164] ? __local_bh_enable_ip+0xc1/0x170
[ 51.120743] tls_sk_proto_close+0x6f0/0x8b0
[ 51.125055] ? tcp_check_oom+0x440/0x440
[ 51.129109] ? tls_write_space+0x2d0/0x2d0
[ 51.133335] ? ip_mc_drop_socket+0x16/0x220
[ 51.137648] inet_release+0xdf/0x1b0
[ 51.141350] inet6_release+0x4c/0x70
[ 51.145065] __sock_release+0xcd/0x2b0
[ 51.148954] ? __sock_release+0x2b0/0x2b0
[ 51.153099] sock_close+0x15/0x20
[ 51.156545] __fput+0x25f/0x7a0
[ 51.159818] task_work_run+0x11f/0x190
[ 51.163701] do_exit+0xa44/0x2850
[ 51.167144] ? futex_lock_pi_atomic+0x2e0/0x2e0
[ 51.171802] ? hash_futex+0x12/0x200
[ 51.172427] Kernel panic - not syncing: panic_on_warn set ...
[ 51.172427]
[ 51.175506] ? mm_update_next_owner+0x5b0/0x5b0
[ 51.187507] ? get_signal+0x323/0x1ca0
[ 51.191381] ? lock_acquire+0x170/0x3f0
[ 51.195338] ? lock_downgrade+0x740/0x740
[ 51.199475] do_group_exit+0x100/0x2e0
[ 51.203359] get_signal+0x38d/0x1ca0
[ 51.207061] ? do_futex+0x127/0x1570
[ 51.210762] ? __fget+0x237/0x3e0
[ 51.214201] do_signal+0x7c/0x1550
[ 51.217724] ? sock_sendmsg+0xc4/0x100
[ 51.221596] ? fput_many+0xe/0x140
[ 51.225117] ? SyS_sendto+0x1e7/0x2c0
[ 51.228897] ? setup_sigcontext+0x820/0x820
[ 51.233202] ? vm_mmap_pgoff+0xcb/0x1a0
[ 51.237160] ? SyS_futex+0x1da/0x290
[ 51.240851] ? SyS_futex+0x1e3/0x290
[ 51.244548] ? SyS_mmap_pgoff+0x25e/0x510
[ 51.248680] ? exit_to_usermode_loop+0x41/0x200
[ 51.253331] exit_to_usermode_loop+0x160/0x200
[ 51.257895] do_syscall_64+0x4a3/0x640
[ 51.261782] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 51.266955] Code: 00 4a 00 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 07 05 00 00 4c 89 e7 41 ff 94 24 58 04 00 00 e9 54 fd ff ff e8 cf e8 27 fb <0f> 0b e8 c8 e8 27 fb 0f 0b e8 c1 e8 27 fb 0f 0b e8 ba e8 27 fb
[ 51.286099] RIP: tls_push_record+0xd41/0x1270 RSP: ffff8880b2ec7868
[ 51.292633] Kernel Offset: disabled
[ 51.296243] Rebooting in 86400 seconds..