[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.434293] ================================================================== [ 27.441708] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x10cc/0x1270 [ 27.448780] Read of size 8 at addr ffff88809633c578 by task syz-executor227/7985 [ 27.456282] [ 27.457885] CPU: 0 PID: 7985 Comm: syz-executor227 Not tainted 4.14.273-syzkaller #0 [ 27.465740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.475067] Call Trace: [ 27.477633] dump_stack+0x1b2/0x281 [ 27.481242] print_address_description.cold+0x54/0x1d3 [ 27.486494] kasan_report_error.cold+0x8a/0x191 [ 27.491134] ? tls_push_record+0x10cc/0x1270 [ 27.495517] __asan_report_load8_noabort+0x68/0x70 [ 27.500420] ? tls_push_record+0x10cc/0x1270 [ 27.504800] tls_push_record+0x10cc/0x1270 [ 27.509064] ? mark_held_locks+0xa6/0xf0 [ 27.513116] ? __local_bh_enable_ip+0xc1/0x170 [ 27.517691] tls_sk_proto_close+0x6f0/0x8b0 [ 27.521987] ? trace_hardirqs_on+0x10/0x10 [ 27.526204] ? tcp_check_oom+0x440/0x440 [ 27.530247] ? tls_write_space+0x2d0/0x2d0 [ 27.534470] ? ip_mc_drop_socket+0x16/0x220 [ 27.538785] inet_release+0xdf/0x1b0 [ 27.542475] inet6_release+0x4c/0x70 [ 27.546175] __sock_release+0xcd/0x2b0 [ 27.550038] ? __sock_release+0x2b0/0x2b0 [ 27.554161] sock_close+0x15/0x20 [ 27.557592] __fput+0x25f/0x7a0 [ 27.560848] task_work_run+0x11f/0x190 [ 27.564711] do_exit+0xa44/0x2850 [ 27.568142] ? __do_page_fault+0x571/0xad0 [ 27.572355] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.577000] ? lock_downgrade+0x740/0x740 [ 27.581125] do_group_exit+0x100/0x2e0 [ 27.584986] SyS_exit_group+0x19/0x20 [ 27.588763] ? do_group_exit+0x2e0/0x2e0 [ 27.592797] do_syscall_64+0x1d5/0x640 [ 27.596664] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.601828] RIP: 0033:0x7f86d6084e29 [ 27.605525] RSP: 002b:00007ffd9d5bad48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 27.613219] RAX: ffffffffffffffda RBX: 00007f86d60f8270 RCX: 00007f86d6084e29 [ 27.620464] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 27.627705] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 27.634946] R10: 0000000000000028 R11: 0000000000000246 R12: 00007f86d60f8270 [ 27.642186] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 27.649434] [ 27.651040] Allocated by task 7985: [ 27.654653] kasan_kmalloc+0xeb/0x160 [ 27.658427] kmem_cache_alloc_trace+0x131/0x3d0 [ 27.663070] tls_set_sw_offload+0x88/0xcd0 [ 27.667277] tls_setsockopt+0x216/0x3f0 [ 27.671221] SyS_setsockopt+0x110/0x1e0 [ 27.675182] do_syscall_64+0x1d5/0x640 [ 27.679045] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.684203] [ 27.685803] Freed by task 0: [ 27.688793] (stack is not available) [ 27.692488] [ 27.694092] The buggy address belongs to the object at ffff88809633c580 [ 27.694092] which belongs to the cache kmalloc-2048 of size 2048 [ 27.706905] The buggy address is located 8 bytes to the left of [ 27.706905] 2048-byte region [ffff88809633c580, ffff88809633cd80) [ 27.719095] The buggy address belongs to the page: [ 27.723997] page:ffffea000258cf00 count:1 mapcount:0 mapping:ffff88809633c580 index:0x0 compound_mapcount: 0 [ 27.733947] flags: 0xfff00000008100(slab|head) [ 27.738501] raw: 00fff00000008100 ffff88809633c580 0000000000000000 0000000100000003 [ 27.746356] raw: ffffea0002586f20 ffffea00025651a0 ffff88813fe74c40 0000000000000000 [ 27.754226] page dumped because: kasan: bad access detected [ 27.759906] [ 27.761502] Memory state around the buggy address: [ 27.766401] ffff88809633c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.773733] ffff88809633c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.781069] >ffff88809633c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.788399] ^ [ 27.795642] ffff88809633c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.802974] ffff88809633c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.810304] ================================================================== [ 27.817633] Disabling lock debugging due to kernel taint [ 27.826116] Kernel panic - not syncing: panic_on_warn set ... [ 27.826116] [ 27.833475] CPU: 1 PID: 7985 Comm: syz-executor227 Tainted: G B 4.14.273-syzkaller #0 [ 27.842554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.851889] Call Trace: [ 27.854459] dump_stack+0x1b2/0x281 [ 27.858060] panic+0x1f9/0x42d [ 27.861229] ? add_taint.cold+0x16/0x16 [ 27.865177] ? ___preempt_schedule+0x16/0x18 [ 27.869559] kasan_end_report+0x43/0x49 [ 27.873506] kasan_report_error.cold+0xa7/0x191 [ 27.878162] ? tls_push_record+0x10cc/0x1270 [ 27.882542] __asan_report_load8_noabort+0x68/0x70 [ 27.887445] ? tls_push_record+0x10cc/0x1270 [ 27.891826] tls_push_record+0x10cc/0x1270 [ 27.896049] ? mark_held_locks+0xa6/0xf0 [ 27.900177] ? __local_bh_enable_ip+0xc1/0x170 [ 27.904749] tls_sk_proto_close+0x6f0/0x8b0 [ 27.909041] ? trace_hardirqs_on+0x10/0x10 [ 27.913280] ? tcp_check_oom+0x440/0x440 [ 27.917327] ? tls_write_space+0x2d0/0x2d0 [ 27.921540] ? ip_mc_drop_socket+0x16/0x220 [ 27.925840] inet_release+0xdf/0x1b0 [ 27.929537] inet6_release+0x4c/0x70 [ 27.933270] __sock_release+0xcd/0x2b0 [ 27.937130] ? __sock_release+0x2b0/0x2b0 [ 27.941248] sock_close+0x15/0x20 [ 27.944674] __fput+0x25f/0x7a0 [ 27.947934] task_work_run+0x11f/0x190 [ 27.951797] do_exit+0xa44/0x2850 [ 27.955249] ? __do_page_fault+0x571/0xad0 [ 27.959459] ? mm_update_next_owner+0x5b0/0x5b0 [ 27.964105] ? lock_downgrade+0x740/0x740 [ 27.968243] do_group_exit+0x100/0x2e0 [ 27.972106] SyS_exit_group+0x19/0x20 [ 27.975880] ? do_group_exit+0x2e0/0x2e0 [ 27.979918] do_syscall_64+0x1d5/0x640 [ 27.983782] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.988988] RIP: 0033:0x7f86d6084e29 [ 27.992673] RSP: 002b:00007ffd9d5bad48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.000353] RAX: ffffffffffffffda RBX: 00007f86d60f8270 RCX: 00007f86d6084e29 [ 28.007594] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 28.014834] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 28.022078] R10: 0000000000000028 R11: 0000000000000246 R12: 00007f86d60f8270 [ 28.029331] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 28.036769] Kernel Offset: disabled [ 28.040376] Rebooting in 86400 seconds..