[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.156' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.738276] ================================================================== [ 32.745724] BUG: KASAN: use-after-free in tls_push_record+0x104c/0x1370 [ 32.752457] Write of size 1 at addr ffff8880b2520000 by task syz-executor352/8089 [ 32.760049] [ 32.761658] CPU: 0 PID: 8089 Comm: syz-executor352 Not tainted 4.19.211-syzkaller #0 [ 32.769514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 32.778844] Call Trace: [ 32.781416] dump_stack+0x1fc/0x2ef [ 32.785028] print_address_description.cold+0x54/0x219 [ 32.790285] kasan_report_error.cold+0x8a/0x1b9 [ 32.794934] ? tls_push_record+0x104c/0x1370 [ 32.799322] __asan_report_store1_noabort+0x88/0x90 [ 32.804322] ? tls_push_record+0x104c/0x1370 [ 32.808707] tls_push_record+0x104c/0x1370 [ 32.812929] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.817491] tls_sk_proto_close+0x8cf/0xc20 [ 32.821791] ? mark_held_locks+0xf0/0xf0 [ 32.825832] ? tcp_check_oom+0x520/0x520 [ 32.829873] ? tls_write_space+0x320/0x320 [ 32.834087] ? ip_mc_drop_socket+0x16/0x260 [ 32.838389] inet_release+0xd7/0x1e0 [ 32.842084] inet6_release+0x4c/0x70 [ 32.845779] __sock_release+0xcd/0x2a0 [ 32.849642] ? __sock_release+0x2a0/0x2a0 [ 32.853766] sock_close+0x15/0x20 [ 32.857196] __fput+0x2ce/0x890 [ 32.860460] task_work_run+0x148/0x1c0 [ 32.864330] do_exit+0xbf3/0x2be0 [ 32.867764] ? lock_downgrade+0x720/0x720 [ 32.871893] ? mm_update_next_owner+0x650/0x650 [ 32.876546] ? up_read+0x17/0x110 [ 32.879978] ? __do_page_fault+0x180/0xd60 [ 32.884199] do_group_exit+0x125/0x310 [ 32.888091] __x64_sys_exit_group+0x3a/0x50 [ 32.892394] do_syscall_64+0xf9/0x620 [ 32.896175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.901344] RIP: 0033:0x7ff127e28da9 [ 32.905054] Code: Bad RIP value. [ 32.908394] RSP: 002b:00007fff896ade88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.916078] RAX: ffffffffffffffda RBX: 00007ff127e9c270 RCX: 00007ff127e28da9 [ 32.923334] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 32.930593] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 32.937842] R10: 0000000000000028 R11: 0000000000000246 R12: 00007ff127e9c270 [ 32.945089] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 32.952346] [ 32.953950] The buggy address belongs to the page: [ 32.958863] page:ffffea0002c94800 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 32.967242] flags: 0xfff00000000000() [ 32.971036] raw: 00fff00000000000 ffffea0002c93008 ffffea0002cbb208 0000000000000000 [ 32.978895] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 32.986749] page dumped because: kasan: bad access detected [ 32.992433] [ 32.994032] Memory state around the buggy address: [ 32.998937] ffff8880b251ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.006272] ffff8880b251ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.013609] >ffff8880b2520000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.020939] ^ [ 33.024284] ffff8880b2520080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.031627] ffff8880b2520100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.039063] ================================================================== [ 33.046394] Disabling lock debugging due to kernel taint [ 33.051893] Kernel panic - not syncing: panic_on_warn set ... [ 33.051893] [ 33.059261] CPU: 0 PID: 8089 Comm: syz-executor352 Tainted: G B 4.19.211-syzkaller #0 [ 33.068520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 33.077861] Call Trace: [ 33.080433] dump_stack+0x1fc/0x2ef [ 33.084042] panic+0x26a/0x50e [ 33.087211] ? __warn_printk+0xf3/0xf3 [ 33.091093] ? preempt_schedule_common+0x45/0xc0 [ 33.095825] ? ___preempt_schedule+0x16/0x18 [ 33.100209] ? trace_hardirqs_on+0x55/0x210 [ 33.104515] kasan_end_report+0x43/0x49 [ 33.108475] kasan_report_error.cold+0xa7/0x1b9 [ 33.113118] ? tls_push_record+0x104c/0x1370 [ 33.117504] __asan_report_store1_noabort+0x88/0x90 [ 33.122494] ? tls_push_record+0x104c/0x1370 [ 33.126877] tls_push_record+0x104c/0x1370 [ 33.131090] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.135646] tls_sk_proto_close+0x8cf/0xc20 [ 33.139945] ? mark_held_locks+0xf0/0xf0 [ 33.143991] ? tcp_check_oom+0x520/0x520 [ 33.148029] ? tls_write_space+0x320/0x320 [ 33.152238] ? ip_mc_drop_socket+0x16/0x260 [ 33.156550] inet_release+0xd7/0x1e0 [ 33.160251] inet6_release+0x4c/0x70 [ 33.163960] __sock_release+0xcd/0x2a0 [ 33.167843] ? __sock_release+0x2a0/0x2a0 [ 33.171987] sock_close+0x15/0x20 [ 33.175423] __fput+0x2ce/0x890 [ 33.178687] task_work_run+0x148/0x1c0 [ 33.182554] do_exit+0xbf3/0x2be0 [ 33.185989] ? lock_downgrade+0x720/0x720 [ 33.190130] ? mm_update_next_owner+0x650/0x650 [ 33.194778] ? up_read+0x17/0x110 [ 33.198226] ? __do_page_fault+0x180/0xd60 [ 33.202446] do_group_exit+0x125/0x310 [ 33.206318] __x64_sys_exit_group+0x3a/0x50 [ 33.210623] do_syscall_64+0xf9/0x620 [ 33.214410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.219584] RIP: 0033:0x7ff127e28da9 [ 33.223295] Code: Bad RIP value. [ 33.226711] RSP: 002b:00007fff896ade88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.234407] RAX: ffffffffffffffda RBX: 00007ff127e9c270 RCX: 00007ff127e28da9 [ 33.241663] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 33.248910] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 33.256158] R10: 0000000000000028 R11: 0000000000000246 R12: 00007ff127e9c270 [ 33.263430] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 33.270863] Kernel Offset: disabled [ 33.274475] Rebooting in 86400 seconds..