Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.164910] ================================================================== [ 35.172345] BUG: KASAN: use-after-free in tls_push_record+0x104c/0x1370 [ 35.179081] Write of size 1 at addr ffff888095298000 by task syz-executor144/8087 [ 35.186680] [ 35.188292] CPU: 0 PID: 8087 Comm: syz-executor144 Not tainted 4.19.211-syzkaller #0 [ 35.196466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.205808] Call Trace: [ 35.208380] dump_stack+0x1fc/0x2ef [ 35.211998] print_address_description.cold+0x54/0x219 [ 35.217348] kasan_report_error.cold+0x8a/0x1b9 [ 35.221998] ? tls_push_record+0x104c/0x1370 [ 35.226387] __asan_report_store1_noabort+0x88/0x90 [ 35.231388] ? tls_push_record+0x104c/0x1370 [ 35.235778] tls_push_record+0x104c/0x1370 [ 35.240003] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.244568] tls_sk_proto_close+0x8cf/0xc20 [ 35.248890] ? mark_held_locks+0xf0/0xf0 [ 35.252932] ? tcp_check_oom+0x520/0x520 [ 35.256974] ? tls_write_space+0x320/0x320 [ 35.261189] ? ip_mc_drop_socket+0x16/0x260 [ 35.265679] inet_release+0xd7/0x1e0 [ 35.269390] inet6_release+0x4c/0x70 [ 35.273089] __sock_release+0xcd/0x2a0 [ 35.276960] ? __sock_release+0x2a0/0x2a0 [ 35.281092] sock_close+0x15/0x20 [ 35.284531] __fput+0x2ce/0x890 [ 35.287806] task_work_run+0x148/0x1c0 [ 35.291683] do_exit+0xbf3/0x2be0 [ 35.295136] ? lock_downgrade+0x720/0x720 [ 35.299272] ? mm_update_next_owner+0x650/0x650 [ 35.303926] ? up_read+0x17/0x110 [ 35.307361] ? __do_page_fault+0x180/0xd60 [ 35.311581] do_group_exit+0x125/0x310 [ 35.315455] __x64_sys_exit_group+0x3a/0x50 [ 35.319760] do_syscall_64+0xf9/0x620 [ 35.323559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.328731] RIP: 0033:0x7fb2e70a7d39 [ 35.332437] Code: Bad RIP value. [ 35.335788] RSP: 002b:00007ffec2db49b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.343563] RAX: ffffffffffffffda RBX: 00007fb2e711b270 RCX: 00007fb2e70a7d39 [ 35.351332] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 35.358587] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 35.365841] R10: 0000000000000028 R11: 0000000000000246 R12: 00007fb2e711b270 [ 35.373089] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 35.380345] [ 35.381951] The buggy address belongs to the page: [ 35.386862] page:ffffea000254a600 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 35.395247] flags: 0xfff00000000000() [ 35.399031] raw: 00fff00000000000 ffffea00028c2408 ffffea0002ca0e08 0000000000000000 [ 35.406927] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 35.414781] page dumped because: kasan: bad access detected [ 35.420465] [ 35.422070] Memory state around the buggy address: [ 35.426976] ffff888095297f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.434323] ffff888095297f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.441665] >ffff888095298000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.449434] ^ [ 35.452781] ffff888095298080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.460119] ffff888095298100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 35.467452] ================================================================== [ 35.474790] Disabling lock debugging due to kernel taint [ 35.485474] Kernel panic - not syncing: panic_on_warn set ... [ 35.485474] [ 35.485490] CPU: 1 PID: 8087 Comm: syz-executor144 Tainted: G B 4.19.211-syzkaller #0 [ 35.485496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.485500] Call Trace: [ 35.485519] dump_stack+0x1fc/0x2ef [ 35.485535] panic+0x26a/0x50e [ 35.485554] ? __warn_printk+0xf3/0xf3 [ 35.524646] ? preempt_schedule_common+0x45/0xc0 [ 35.529381] ? ___preempt_schedule+0x16/0x18 [ 35.533767] ? trace_hardirqs_on+0x55/0x210 [ 35.538068] kasan_end_report+0x43/0x49 [ 35.542020] kasan_report_error.cold+0xa7/0x1b9 [ 35.546679] ? tls_push_record+0x104c/0x1370 [ 35.551472] __asan_report_store1_noabort+0x88/0x90 [ 35.556473] ? tls_push_record+0x104c/0x1370 [ 35.560876] tls_push_record+0x104c/0x1370 [ 35.565098] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.569662] tls_sk_proto_close+0x8cf/0xc20 [ 35.573972] ? mark_held_locks+0xf0/0xf0 [ 35.578015] ? tcp_check_oom+0x520/0x520 [ 35.582061] ? tls_write_space+0x320/0x320 [ 35.586276] ? ip_mc_drop_socket+0x16/0x260 [ 35.590577] inet_release+0xd7/0x1e0 [ 35.594277] inet6_release+0x4c/0x70 [ 35.597972] __sock_release+0xcd/0x2a0 [ 35.601842] ? __sock_release+0x2a0/0x2a0 [ 35.605967] sock_close+0x15/0x20 [ 35.609398] __fput+0x2ce/0x890 [ 35.612656] task_work_run+0x148/0x1c0 [ 35.616519] do_exit+0xbf3/0x2be0 [ 35.619957] ? lock_downgrade+0x720/0x720 [ 35.624084] ? mm_update_next_owner+0x650/0x650 [ 35.628730] ? up_read+0x17/0x110 [ 35.632173] ? __do_page_fault+0x180/0xd60 [ 35.636384] do_group_exit+0x125/0x310 [ 35.640249] __x64_sys_exit_group+0x3a/0x50 [ 35.644547] do_syscall_64+0xf9/0x620 [ 35.648326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.653493] RIP: 0033:0x7fb2e70a7d39 [ 35.657184] Code: Bad RIP value. [ 35.660522] RSP: 002b:00007ffec2db49b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.668205] RAX: ffffffffffffffda RBX: 00007fb2e711b270 RCX: 00007fb2e70a7d39 [ 35.675453] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 35.682697] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 35.689942] R10: 0000000000000028 R11: 0000000000000246 R12: 00007fb2e711b270 [ 35.697185] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 35.704611] Kernel Offset: disabled [ 35.708219] Rebooting in 86400 seconds..