Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.960667] FAULT_INJECTION: forcing a failure. [ 27.960667] name failslab, interval 1, probability 0, space 0, times 1 [ 27.971988] CPU: 0 PID: 7987 Comm: syz-executor325 Not tainted 4.14.286-syzkaller #0 [ 27.979851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 27.989178] Call Trace: [ 27.991745] dump_stack+0x1b2/0x281 [ 27.995352] should_fail.cold+0x10a/0x149 [ 27.999475] should_failslab+0xd6/0x130 [ 28.003438] __kmalloc+0x6d/0x400 [ 28.006867] ? gcmaes_encrypt.constprop.0+0x527/0xc00 [ 28.012045] gcmaes_encrypt.constprop.0+0x527/0xc00 [ 28.017133] ? generic_gcmaes_encrypt+0xf4/0x130 [ 28.021873] ? helper_rfc4106_encrypt+0x2b0/0x2b0 [ 28.026702] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.031700] ? __kmalloc+0x3a4/0x400 [ 28.035406] ? tls_push_record+0xfa/0x1270 [ 28.039622] ? cryptd_aead_child+0x9/0x40 [ 28.043756] ? tls_push_record+0x938/0x1270 [ 28.048064] ? __check_object_size+0x179/0x230 [ 28.052627] ? tls_sw_sendmsg+0x879/0xfd0 [ 28.056760] ? tls_sw_push_pending_record+0x30/0x30 [ 28.061753] ? lock_acquire+0x170/0x3f0 [ 28.065712] ? lock_downgrade+0x740/0x740 [ 28.069835] ? inet_sendmsg+0x11a/0x4e0 [ 28.073798] ? security_socket_sendmsg+0x83/0xb0 [ 28.078541] ? inet_recvmsg+0x4d0/0x4d0 [ 28.082492] ? sock_sendmsg+0xb5/0x100 [ 28.086362] ? sock_write_iter+0x22c/0x370 [ 28.090664] ? sock_sendmsg+0x100/0x100 [ 28.094619] ? lock_acquire+0x170/0x3f0 [ 28.098590] ? lock_acquire+0x170/0x3f0 [ 28.102542] ? lock_downgrade+0x740/0x740 [ 28.106672] ? do_iter_readv_writev+0x4cf/0x5f0 [ 28.111316] ? clone_verify_area+0x1e0/0x1e0 [ 28.115715] ? rw_verify_area+0xe1/0x2a0 [ 28.119765] ? do_iter_write+0x152/0x550 [ 28.123806] ? proc_fail_nth_write+0x7b/0x180 [ 28.128281] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.133201] ? vfs_writev+0x125/0x290 [ 28.136976] ? vfs_iter_write+0xa0/0xa0 [ 28.140934] ? __handle_mm_fault+0x80f/0x4620 [ 28.145416] ? lock_downgrade+0x740/0x740 [ 28.149651] ? __fget+0x265/0x3e0 [ 28.153093] ? do_writev+0xfc/0x2c0 [ 28.156697] ? vfs_writev+0x290/0x290 [ 28.160474] ? __do_page_fault+0x159/0xad0 [ 28.164691] ? do_syscall_64+0x4c/0x640 [ 28.168645] ? SyS_readv+0x30/0x30 [ 28.172171] ? do_syscall_64+0x1d5/0x640 [ 28.176217] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.187729] ================================================================== [ 28.195199] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x10cc/0x1270 [ 28.202283] Read of size 8 at addr ffff888095914b38 by task syz-executor325/7987 [ 28.209792] [ 28.211405] CPU: 1 PID: 7987 Comm: syz-executor325 Not tainted 4.14.286-syzkaller #0 [ 28.219280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 28.228612] Call Trace: [ 28.231193] dump_stack+0x1b2/0x281 [ 28.234798] print_address_description.cold+0x54/0x1d3 [ 28.240050] kasan_report_error.cold+0x8a/0x191 [ 28.244707] ? tls_push_record+0x10cc/0x1270 [ 28.249140] __asan_report_load8_noabort+0x68/0x70 [ 28.254054] ? tls_push_record+0x10cc/0x1270 [ 28.258434] tls_push_record+0x10cc/0x1270 [ 28.262653] ? mark_held_locks+0xa6/0xf0 [ 28.266691] ? __local_bh_enable_ip+0xc1/0x170 [ 28.271257] tls_sk_proto_close+0x5d2/0x8b0 [ 28.275558] ? tcp_check_oom+0x440/0x440 [ 28.279601] ? tls_write_space+0x2d0/0x2d0 [ 28.283812] ? ip_mc_drop_socket+0x16/0x220 [ 28.288121] inet_release+0xdf/0x1b0 [ 28.291808] inet6_release+0x4c/0x70 [ 28.295500] __sock_release+0xcd/0x2b0 [ 28.299364] ? __sock_release+0x2b0/0x2b0 [ 28.303485] sock_close+0x15/0x20 [ 28.306919] __fput+0x25f/0x7a0 [ 28.310177] task_work_run+0x11f/0x190 [ 28.314043] do_exit+0xa44/0x2850 [ 28.317472] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.322120] ? get_signal+0x323/0x1ca0 [ 28.325985] ? lock_acquire+0x170/0x3f0 [ 28.329939] ? lock_downgrade+0x740/0x740 [ 28.334085] do_group_exit+0x100/0x2e0 [ 28.337952] get_signal+0x38d/0x1ca0 [ 28.341643] ? kfree+0x14a/0x250 [ 28.345006] do_signal+0x7c/0x1550 [ 28.348527] ? vfs_iter_write+0xa0/0xa0 [ 28.352475] ? __handle_mm_fault+0x80f/0x4620 [ 28.356946] ? setup_sigcontext+0x820/0x820 [ 28.361241] ? lock_downgrade+0x740/0x740 [ 28.365362] ? __fget+0x265/0x3e0 [ 28.368797] ? fput_many+0xe/0x140 [ 28.372314] ? exit_to_usermode_loop+0x41/0x200 [ 28.376959] exit_to_usermode_loop+0x160/0x200 [ 28.381516] do_syscall_64+0x4a3/0x640 [ 28.385381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.390549] RIP: 0033:0x7fad8ca1d0d9 [ 28.394233] RSP: 002b:00007fad8c9ce2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 28.401914] RAX: 00000000000024b1 RBX: 00007fad8caa64a0 RCX: 00007fad8ca1d0d9 [ 28.409172] RDX: 000000000000027f RSI: 0000000020000080 RDI: 0000000000000003 [ 28.416415] RBP: 00007fad8ca73194 R08: 0000000000000001 R09: 0000000000000034 [ 28.423657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8c9ce2f0 [ 28.430978] R13: 00007fad8caa64a8 R14: adb920009216992e R15: 0000000000000001 [ 28.438252] [ 28.439860] Allocated by task 0: [ 28.443215] (stack is not available) [ 28.446904] [ 28.448504] Freed by task 0: [ 28.451507] (stack is not available) [ 28.455205] [ 28.456821] The buggy address belongs to the object at ffff8880959142c0 [ 28.456821] which belongs to the cache kmalloc-2048 of size 2048 [ 28.469625] The buggy address is located 120 bytes to the right of [ 28.469625] 2048-byte region [ffff8880959142c0, ffff888095914ac0) [ 28.482081] The buggy address belongs to the page: [ 28.487007] page:ffffea0002564500 count:1 mapcount:0 mapping:ffff8880959142c0 index:0x0 compound_mapcount: 0 [ 28.496953] flags: 0xfff00000008100(slab|head) [ 28.501518] raw: 00fff00000008100 ffff8880959142c0 0000000000000000 0000000100000003 [ 28.509374] raw: ffffea00026461a0 ffff88813fe64948 ffff88813fe74c40 0000000000000000 [ 28.517233] page dumped because: kasan: bad access detected [ 28.522921] [ 28.524524] Memory state around the buggy address: [ 28.529431] ffff888095914a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.536783] ffff888095914a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.544116] >ffff888095914b00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.551450] ^ [ 28.556615] ffff888095914b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.563951] ffff888095914c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.571291] ================================================================== [ 28.578633] Disabling lock debugging due to kernel taint [ 28.584345] Kernel panic - not syncing: panic_on_warn set ... [ 28.584345] [ 28.591696] CPU: 1 PID: 7987 Comm: syz-executor325 Tainted: G B 4.14.286-syzkaller #0 [ 28.600776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 28.610108] Call Trace: [ 28.612669] dump_stack+0x1b2/0x281 [ 28.616270] panic+0x1f9/0x42d [ 28.619435] ? add_taint.cold+0x16/0x16 [ 28.623517] ? ___preempt_schedule+0x16/0x18 [ 28.627910] kasan_end_report+0x43/0x49 [ 28.631862] kasan_report_error.cold+0xa7/0x191 [ 28.636508] ? tls_push_record+0x10cc/0x1270 [ 28.640891] __asan_report_load8_noabort+0x68/0x70 [ 28.645801] ? tls_push_record+0x10cc/0x1270 [ 28.650181] tls_push_record+0x10cc/0x1270 [ 28.654392] ? mark_held_locks+0xa6/0xf0 [ 28.658425] ? __local_bh_enable_ip+0xc1/0x170 [ 28.662980] tls_sk_proto_close+0x5d2/0x8b0 [ 28.667279] ? tcp_check_oom+0x440/0x440 [ 28.671324] ? tls_write_space+0x2d0/0x2d0 [ 28.675533] ? ip_mc_drop_socket+0x16/0x220 [ 28.679826] inet_release+0xdf/0x1b0 [ 28.683512] inet6_release+0x4c/0x70 [ 28.687200] __sock_release+0xcd/0x2b0 [ 28.691061] ? __sock_release+0x2b0/0x2b0 [ 28.695181] sock_close+0x15/0x20 [ 28.698608] __fput+0x25f/0x7a0 [ 28.701864] task_work_run+0x11f/0x190 [ 28.705729] do_exit+0xa44/0x2850 [ 28.709157] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.713946] ? get_signal+0x323/0x1ca0 [ 28.717817] ? lock_acquire+0x170/0x3f0 [ 28.721774] ? lock_downgrade+0x740/0x740 [ 28.725906] do_group_exit+0x100/0x2e0 [ 28.729769] get_signal+0x38d/0x1ca0 [ 28.733459] ? kfree+0x14a/0x250 [ 28.736814] do_signal+0x7c/0x1550 [ 28.740335] ? vfs_iter_write+0xa0/0xa0 [ 28.744284] ? __handle_mm_fault+0x80f/0x4620 [ 28.748758] ? setup_sigcontext+0x820/0x820 [ 28.753053] ? lock_downgrade+0x740/0x740 [ 28.757174] ? __fget+0x265/0x3e0 [ 28.760703] ? fput_many+0xe/0x140 [ 28.764221] ? exit_to_usermode_loop+0x41/0x200 [ 28.768863] exit_to_usermode_loop+0x160/0x200 [ 28.773423] do_syscall_64+0x4a3/0x640 [ 28.777286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.782446] RIP: 0033:0x7fad8ca1d0d9 [ 28.786133] RSP: 002b:00007fad8c9ce2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 28.793812] RAX: 00000000000024b1 RBX: 00007fad8caa64a0 RCX: 00007fad8ca1d0d9 [ 28.801052] RDX: 000000000000027f RSI: 0000000020000080 RDI: 0000000000000003 [ 28.808292] RBP: 00007fad8ca73194 R08: 0000000000000001 R09: 0000000000000034 [ 28.815533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad8c9ce2f0 [ 28.822774] R13: 00007fad8caa64a8 R14: adb920009216992e R15: 0000000000000001 [ 28.830198] Kernel Offset: disabled [ 28.833807] Rebooting in 86400 seconds..