Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.699781] FAULT_INJECTION: forcing a failure. [ 28.699781] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 28.711735] CPU: 1 PID: 7985 Comm: syz-executor375 Not tainted 4.14.272-syzkaller #0 [ 28.719668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.729003] Call Trace: [ 28.731936] dump_stack+0x1b2/0x281 [ 28.735554] should_fail.cold+0x10a/0x149 [ 28.739687] __alloc_pages_nodemask+0x22c/0x2720 [ 28.744427] ? kasan_slab_free+0xc3/0x1a0 [ 28.748556] ? ___pmd_free_tlb+0xa3/0xf0 [ 28.752596] ? free_pgd_range+0x697/0xcd0 [ 28.756730] ? exit_mmap+0x27f/0x4d0 [ 28.760421] ? mmput+0xfa/0x420 [ 28.763674] ? do_exit+0x984/0x2850 [ 28.767289] ? do_signal+0x7c/0x1550 [ 28.770985] ? exit_to_usermode_loop+0x160/0x200 [ 28.775723] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.781073] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.786077] ? lock_acquire+0x170/0x3f0 [ 28.790120] ? lock_downgrade+0x740/0x740 [ 28.794266] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 28.799086] ? exit_to_usermode_loop+0x160/0x200 [ 28.803829] ? ___pmd_free_tlb+0xa3/0xf0 [ 28.807870] alloc_pages_current+0x155/0x260 [ 28.812283] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.817286] __get_free_pages+0xb/0x40 [ 28.821150] tlb_remove_table+0x15c/0x240 [ 28.825276] free_pgd_range+0x697/0xcd0 [ 28.829235] free_pgtables+0x1ec/0x2b0 [ 28.833100] exit_mmap+0x27f/0x4d0 [ 28.836618] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 28.841268] ? kmem_cache_free+0x23a/0x2b0 [ 28.845482] ? __khugepaged_exit+0x29b/0x3c0 [ 28.849868] mmput+0xfa/0x420 [ 28.852950] do_exit+0x984/0x2850 [ 28.856384] ? wake_up_q+0x82/0xd0 [ 28.859914] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.864560] ? get_signal+0x323/0x1ca0 [ 28.868439] ? lock_acquire+0x170/0x3f0 [ 28.872409] ? lock_downgrade+0x740/0x740 [ 28.876536] do_group_exit+0x100/0x2e0 [ 28.880408] get_signal+0x38d/0x1ca0 [ 28.884100] ? do_futex+0x127/0x1570 [ 28.887794] ? kfree+0x14a/0x250 [ 28.891138] do_signal+0x7c/0x1550 [ 28.894657] ? vfs_iter_write+0xa0/0xa0 [ 28.898606] ? __handle_mm_fault+0x80f/0x4620 [ 28.903082] ? setup_sigcontext+0x820/0x820 [ 28.907385] ? lock_downgrade+0x740/0x740 [ 28.911523] ? __fget+0x265/0x3e0 [ 28.914961] ? SyS_futex+0x1da/0x290 [ 28.918653] ? SyS_futex+0x1e3/0x290 [ 28.922345] ? exit_to_usermode_loop+0x41/0x200 [ 28.926990] exit_to_usermode_loop+0x160/0x200 [ 28.931566] do_syscall_64+0x4a3/0x640 [ 28.935447] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.940635] RIP: 0033:0x7fdf5e7970d9 executing program [ 28.944323] RSP: 002b:00007fdf5e7272e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 28.952127] RAX: fffffffffffffe00 RBX: 00007fdf5e8204b0 RCX: 00007fdf5e7970d9 [ 28.959378] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdf5e8204b8 [ 28.966637] RBP: 00007fdf5e7ed194 R08: 0000000000000035 R09: 0000000000000035 [ 28.973977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf5e7272f0 [ 28.981247] R13: 00007fdf5e8204b8 R14: adb920009216992e R15: 0000000000000001 [ 29.003690] FAULT_INJECTION: forcing a failure. [ 29.003690] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 29.015642] CPU: 1 PID: 7990 Comm: syz-executor375 Not tainted 4.14.272-syzkaller #0 [ 29.023502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.033280] Call Trace: [ 29.035856] dump_stack+0x1b2/0x281 [ 29.039467] should_fail.cold+0x10a/0x149 [ 29.043597] __alloc_pages_nodemask+0x22c/0x2720 [ 29.048338] ? lock_acquire+0x170/0x3f0 [ 29.052291] ? lock_downgrade+0x740/0x740 [ 29.056437] ? depot_save_stack+0x1d3/0x3f0 [ 29.060741] ? mark_held_locks+0xa6/0xf0 [ 29.064781] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 29.069862] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 29.074688] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 29.079682] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 29.084776] ? kasan_kmalloc+0x139/0x160 [ 29.088812] ? kasan_kmalloc+0xeb/0x160 [ 29.092774] ? __kmalloc+0x15a/0x400 [ 29.096486] ? tls_push_record+0xfa/0x1270 [ 29.100694] ? tls_sw_sendmsg+0x879/0xfd0 [ 29.104834] ? inet_sendmsg+0x11a/0x4e0 [ 29.108785] ? sock_sendmsg+0xb5/0x100 [ 29.112650] ? sock_write_iter+0x22c/0x370 [ 29.116884] cache_grow_begin+0x91/0x700 [ 29.120924] ? check_preemption_disabled+0x35/0x240 [ 29.125916] cache_alloc_refill+0x273/0x350 [ 29.130216] __kmalloc+0x378/0x400 [ 29.133734] ? gcmaes_encrypt.constprop.0+0x527/0xc00 [ 29.138911] gcmaes_encrypt.constprop.0+0x527/0xc00 [ 29.143929] ? generic_gcmaes_encrypt+0xf4/0x130 [ 29.148665] ? helper_rfc4106_encrypt+0x2b0/0x2b0 [ 29.153485] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.158477] ? __kmalloc+0x3a4/0x400 [ 29.162166] ? tls_push_record+0xfa/0x1270 [ 29.166375] ? cryptd_aead_child+0x9/0x40 [ 29.170509] ? tls_push_record+0x938/0x1270 [ 29.174825] ? __check_object_size+0x179/0x230 [ 29.179394] ? tls_sw_sendmsg+0x879/0xfd0 [ 29.183620] ? tls_sw_push_pending_record+0x30/0x30 [ 29.188618] ? lock_acquire+0x170/0x3f0 [ 29.192628] ? lock_downgrade+0x740/0x740 [ 29.196757] ? inet_sendmsg+0x11a/0x4e0 [ 29.200709] ? security_socket_sendmsg+0x83/0xb0 [ 29.205455] ? inet_recvmsg+0x4d0/0x4d0 [ 29.209408] ? sock_sendmsg+0xb5/0x100 [ 29.213285] ? sock_write_iter+0x22c/0x370 [ 29.217500] ? sock_sendmsg+0x100/0x100 [ 29.221472] ? lock_acquire+0x170/0x3f0 [ 29.225436] ? lock_acquire+0x170/0x3f0 [ 29.229392] ? lock_downgrade+0x740/0x740 [ 29.233540] ? do_iter_readv_writev+0x4cf/0x5f0 [ 29.238203] ? clone_verify_area+0x1e0/0x1e0 [ 29.242680] ? rw_verify_area+0xe1/0x2a0 [ 29.246720] ? do_iter_write+0x152/0x550 [ 29.250759] ? proc_fail_nth_write+0x7b/0x180 [ 29.255230] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.260152] ? vfs_writev+0x125/0x290 [ 29.263928] ? vfs_iter_write+0xa0/0xa0 [ 29.267878] ? __handle_mm_fault+0x80f/0x4620 [ 29.272355] ? lock_downgrade+0x740/0x740 [ 29.276497] ? __fget+0x265/0x3e0 [ 29.279934] ? do_writev+0xfc/0x2c0 [ 29.283537] ? vfs_writev+0x290/0x290 [ 29.287311] ? __do_page_fault+0x159/0xad0 [ 29.291520] ? do_syscall_64+0x4c/0x640 [ 29.295469] ? SyS_readv+0x30/0x30 [ 29.299073] ? do_syscall_64+0x1d5/0x640 executing program [ 29.303111] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.322962] FAULT_INJECTION: forcing a failure. [ 29.322962] name failslab, interval 1, probability 0, space 0, times 1 [ 29.334735] CPU: 1 PID: 7994 Comm: syz-executor375 Not tainted 4.14.272-syzkaller #0 [ 29.342616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.351947] Call Trace: [ 29.354603] dump_stack+0x1b2/0x281 [ 29.358223] should_fail.cold+0x10a/0x149 [ 29.362354] should_failslab+0xd6/0x130 [ 29.366307] __kmalloc+0x6d/0x400 [ 29.369748] ? gcmaes_encrypt.constprop.0+0x527/0xc00 [ 29.374930] gcmaes_encrypt.constprop.0+0x527/0xc00 [ 29.379932] ? generic_gcmaes_encrypt+0xf4/0x130 [ 29.384679] ? helper_rfc4106_encrypt+0x2b0/0x2b0 [ 29.389589] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.394600] ? __kmalloc+0x3a4/0x400 [ 29.398300] ? tls_push_record+0xfa/0x1270 [ 29.402513] ? cryptd_aead_child+0x9/0x40 [ 29.406639] ? tls_push_record+0x938/0x1270 [ 29.410938] ? __check_object_size+0x179/0x230 [ 29.415497] ? tls_sw_sendmsg+0x879/0xfd0 [ 29.419635] ? tls_sw_push_pending_record+0x30/0x30 [ 29.424633] ? lock_acquire+0x170/0x3f0 [ 29.428584] ? lock_downgrade+0x740/0x740 [ 29.432726] ? inet_sendmsg+0x11a/0x4e0 [ 29.436683] ? security_socket_sendmsg+0x83/0xb0 [ 29.441417] ? inet_recvmsg+0x4d0/0x4d0 [ 29.445369] ? sock_sendmsg+0xb5/0x100 [ 29.449235] ? sock_write_iter+0x22c/0x370 [ 29.453445] ? sock_sendmsg+0x100/0x100 [ 29.457400] ? lock_acquire+0x170/0x3f0 [ 29.461360] ? lock_downgrade+0x740/0x740 [ 29.465486] ? do_iter_readv_writev+0x4cf/0x5f0 [ 29.470134] ? clone_verify_area+0x1e0/0x1e0 [ 29.474619] ? rw_verify_area+0xe1/0x2a0 [ 29.478674] ? do_iter_write+0x152/0x550 [ 29.482728] ? proc_fail_nth_write+0x7b/0x180 [ 29.487209] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.492123] ? vfs_writev+0x125/0x290 [ 29.495905] ? vfs_iter_write+0xa0/0xa0 [ 29.499856] ? __handle_mm_fault+0x80f/0x4620 [ 29.504338] ? lock_downgrade+0x740/0x740 [ 29.508486] ? __fget+0x265/0x3e0 [ 29.511918] ? do_writev+0xfc/0x2c0 [ 29.515528] ? vfs_writev+0x290/0x290 [ 29.519320] ? __do_page_fault+0x159/0xad0 [ 29.523535] ? do_syscall_64+0x4c/0x640 [ 29.527486] ? SyS_readv+0x30/0x30 [ 29.531352] ? do_syscall_64+0x1d5/0x640 [ 29.535393] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.650893] ================================================================== [ 29.658331] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x10cc/0x1270 [ 29.665413] Read of size 8 at addr ffff8880b31369f8 by task syz-executor375/7993 [ 29.672934] [ 29.674558] CPU: 0 PID: 7993 Comm: syz-executor375 Not tainted 4.14.272-syzkaller #0 [ 29.682422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.691771] Call Trace: [ 29.694361] dump_stack+0x1b2/0x281 [ 29.697969] print_address_description.cold+0x54/0x1d3 [ 29.703222] kasan_report_error.cold+0x8a/0x191 [ 29.707882] ? tls_push_record+0x10cc/0x1270 [ 29.712269] __asan_report_load8_noabort+0x68/0x70 [ 29.717176] ? tls_push_record+0x10cc/0x1270 [ 29.721562] tls_push_record+0x10cc/0x1270 [ 29.725776] ? mark_held_locks+0xa6/0xf0 [ 29.729906] ? __local_bh_enable_ip+0xc1/0x170 [ 29.734467] tls_sk_proto_close+0x5d2/0x8b0 [ 29.738772] ? tcp_check_oom+0x440/0x440 [ 29.742835] ? tls_write_space+0x2d0/0x2d0 [ 29.747061] ? ip_mc_drop_socket+0x16/0x220 [ 29.751360] inet_release+0xdf/0x1b0 [ 29.755139] inet6_release+0x4c/0x70 [ 29.758827] __sock_release+0xcd/0x2b0 [ 29.762690] ? __sock_release+0x2b0/0x2b0 [ 29.766814] sock_close+0x15/0x20 [ 29.770244] __fput+0x25f/0x7a0 [ 29.773525] task_work_run+0x11f/0x190 [ 29.777398] do_exit+0xa44/0x2850 [ 29.780835] ? try_to_wake_up+0x600/0x1100 [ 29.785050] ? do_group_exit+0x26b/0x2e0 [ 29.789088] ? mm_update_next_owner+0x5b0/0x5b0 [ 29.793739] ? lock_downgrade+0x740/0x740 [ 29.797865] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.802348] do_group_exit+0x100/0x2e0 [ 29.806224] SyS_exit_group+0x19/0x20 [ 29.809999] ? do_group_exit+0x2e0/0x2e0 [ 29.814050] do_syscall_64+0x1d5/0x640 [ 29.817917] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.823081] RIP: 0033:0x7fdf5e795c69 [ 29.826767] RSP: 002b:00007ffe1811f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.834804] RAX: ffffffffffffffda RBX: 00007fdf5e820450 RCX: 00007fdf5e795c69 [ 29.842050] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 29.849298] RBP: 0000000000000000 R08: ffffffffffffffb8 R09: 00000008f1cf6721 [ 29.856546] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf5e820450 [ 29.863806] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 29.871057] [ 29.872677] Allocated by task 0: [ 29.876016] (stack is not available) [ 29.879717] [ 29.881326] Freed by task 0: [ 29.884322] (stack is not available) [ 29.888018] [ 29.889621] The buggy address belongs to the object at ffff8880b3136180 [ 29.889621] which belongs to the cache kmalloc-2048 of size 2048 [ 29.902536] The buggy address is located 120 bytes to the right of [ 29.902536] 2048-byte region [ffff8880b3136180, ffff8880b3136980) [ 29.914998] The buggy address belongs to the page: [ 29.919911] page:ffffea0002cc4d80 count:1 mapcount:0 mapping:ffff8880b3136180 index:0x0 compound_mapcount: 0 [ 29.929873] flags: 0xfff00000008100(slab|head) [ 29.934445] raw: 00fff00000008100 ffff8880b3136180 0000000000000000 0000000100000003 [ 29.942326] raw: ffffea0002cb2720 ffff88813fe64948 ffff88813fe74c40 0000000000000000 [ 29.950181] page dumped because: kasan: bad access detected [ 29.955863] [ 29.957469] Memory state around the buggy address: [ 29.962371] ffff8880b3136880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.969705] ffff8880b3136900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.977038] >ffff8880b3136980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.984374] ^ [ 29.991648] ffff8880b3136a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.998996] ffff8880b3136a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.006345] ================================================================== [ 30.013768] Disabling lock debugging due to kernel taint [ 30.031191] Kernel panic - not syncing: panic_on_warn set ... [ 30.031191] [ 30.038651] CPU: 1 PID: 7993 Comm: syz-executor375 Tainted: G B 4.14.272-syzkaller #0 [ 30.047820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.057156] Call Trace: [ 30.059722] dump_stack+0x1b2/0x281 [ 30.063326] panic+0x1f9/0x42d [ 30.066493] ? add_taint.cold+0x16/0x16 [ 30.070444] ? ___preempt_schedule+0x16/0x18 [ 30.074827] kasan_end_report+0x43/0x49 [ 30.078788] kasan_report_error.cold+0xa7/0x191 [ 30.083433] ? tls_push_record+0x10cc/0x1270 [ 30.087814] __asan_report_load8_noabort+0x68/0x70 [ 30.092715] ? tls_push_record+0x10cc/0x1270 [ 30.097094] tls_push_record+0x10cc/0x1270 [ 30.101304] ? mark_held_locks+0xa6/0xf0 [ 30.105338] ? __local_bh_enable_ip+0xc1/0x170 [ 30.109895] tls_sk_proto_close+0x5d2/0x8b0 [ 30.114190] ? tcp_check_oom+0x440/0x440 [ 30.118226] ? tls_write_space+0x2d0/0x2d0 [ 30.122544] ? ip_mc_drop_socket+0x16/0x220 [ 30.126840] inet_release+0xdf/0x1b0 [ 30.130526] inet6_release+0x4c/0x70 [ 30.134211] __sock_release+0xcd/0x2b0 [ 30.138071] ? __sock_release+0x2b0/0x2b0 [ 30.142194] sock_close+0x15/0x20 [ 30.145623] __fput+0x25f/0x7a0 [ 30.148881] task_work_run+0x11f/0x190 [ 30.152741] do_exit+0xa44/0x2850 [ 30.156166] ? try_to_wake_up+0x600/0x1100 [ 30.160374] ? do_group_exit+0x26b/0x2e0 [ 30.164415] ? mm_update_next_owner+0x5b0/0x5b0 [ 30.169072] ? lock_downgrade+0x740/0x740 [ 30.173194] ? _raw_spin_unlock_irq+0x24/0x80 [ 30.177664] do_group_exit+0x100/0x2e0 [ 30.181525] SyS_exit_group+0x19/0x20 [ 30.185297] ? do_group_exit+0x2e0/0x2e0 [ 30.189332] do_syscall_64+0x1d5/0x640 [ 30.193191] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.198354] RIP: 0033:0x7fdf5e795c69 [ 30.202037] RSP: 002b:00007ffe1811f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.209730] RAX: ffffffffffffffda RBX: 00007fdf5e820450 RCX: 00007fdf5e795c69 [ 30.216972] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 30.224218] RBP: 0000000000000000 R08: ffffffffffffffb8 R09: 00000008f1cf6721 [ 30.231465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf5e820450 [ 30.238707] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 30.246026] Kernel Offset: disabled [ 30.249630] Rebooting in 86400 seconds..