Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts. [ 124.375278] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 124.505424] audit: type=1400 audit(1555831154.128:36): avc: denied { map } for pid=6926 comm="syz-executor953" path="/root/syz-executor953219092" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 124.547449] FAULT_INJECTION: forcing a failure. [ 124.547449] name failslab, interval 1, probability 0, space 0, times 1 [ 124.558850] CPU: 0 PID: 6928 Comm: syz-executor953 Not tainted 4.14.113 #3 [ 124.565845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.575176] Call Trace: [ 124.577762] dump_stack+0x138/0x19c [ 124.581391] should_fail.cold+0x10f/0x159 [ 124.585531] should_failslab+0xdb/0x130 [ 124.589484] kmem_cache_alloc_trace+0x2ec/0x790 [ 124.594373] ? security_capable+0x94/0xc0 [ 124.598536] pagemap_read+0x23c/0x520 [ 124.602324] ? clear_refs_write+0x730/0x730 [ 124.606631] ? __inode_security_revalidate+0xd6/0x130 [ 124.611808] ? avc_policy_seqno+0x9/0x20 [ 124.615855] ? selinux_file_permission+0x85/0x480 [ 124.620686] ? rw_verify_area+0xea/0x2b0 [ 124.624728] do_iter_read+0x3e7/0x5b0 [ 124.628705] vfs_readv+0xd3/0x130 [ 124.632157] ? compat_rw_copy_check_uvector+0x310/0x310 [ 124.637520] ? push_pipe+0x3e6/0x780 [ 124.641291] ? iov_iter_revert+0x9d0/0x9d0 [ 124.645526] ? iov_iter_pipe+0x9f/0x2c0 [ 124.649492] default_file_splice_read+0x421/0x7b0 [ 124.654362] ? __kmalloc+0x15d/0x7a0 [ 124.658084] ? alloc_pipe_info+0x15c/0x380 [ 124.663298] ? splice_direct_to_actor+0x5da/0x7b0 [ 124.668137] ? do_splice_direct+0x18d/0x230 [ 124.672455] ? do_splice_direct+0x230/0x230 [ 124.676771] ? trace_hardirqs_on+0x10/0x10 [ 124.681004] ? save_trace+0x290/0x290 [ 124.684799] ? save_trace+0x290/0x290 [ 124.688601] ? __inode_security_revalidate+0xd6/0x130 [ 124.693790] ? avc_policy_seqno+0x9/0x20 [ 124.697908] ? selinux_file_permission+0x85/0x480 [ 124.702274] FAULT_INJECTION: forcing a failure. [ 124.702274] name failslab, interval 1, probability 0, space 0, times 1 [ 124.702815] ? security_file_permission+0x8f/0x1f0 [ 124.702830] ? rw_verify_area+0xea/0x2b0 [ 124.723348] ? do_splice_direct+0x230/0x230 [ 124.727737] do_splice_to+0x108/0x170 [ 124.731700] splice_direct_to_actor+0x222/0x7b0 [ 124.736370] ? generic_pipe_buf_nosteal+0x10/0x10 [ 124.741221] ? do_splice_to+0x170/0x170 [ 124.745187] ? rw_verify_area+0xea/0x2b0 [ 124.749236] do_splice_direct+0x18d/0x230 [ 124.753384] ? splice_direct_to_actor+0x7b0/0x7b0 [ 124.758460] ? rw_verify_area+0xea/0x2b0 [ 124.762513] do_sendfile+0x4db/0xbd0 [ 124.766329] ? do_compat_pwritev64+0x140/0x140 [ 124.771052] ? mutex_unlock+0xd/0x10 [ 124.774752] ? fput+0xd4/0x150 [ 124.777926] SyS_sendfile64+0x102/0x110 [ 124.781883] ? SyS_sendfile+0x130/0x130 [ 124.785845] ? do_syscall_64+0x53/0x630 [ 124.789804] ? SyS_sendfile+0x130/0x130 [ 124.793763] do_syscall_64+0x1eb/0x630 [ 124.797630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.802623] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 124.807814] RIP: 0033:0x446889 [ 124.811047] RSP: 002b:00007f9279b52d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 124.818751] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 124.826135] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 124.833400] RBP: 00000000006dbc20 R08: 0000000000000002 R09: 65732f636f003931 [ 124.840659] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc2c [ 124.847920] R13: 00007f9279b52d10 R14: 0000000000000005 R15: 0000000000000000 [ 124.855197] CPU: 1 PID: 6933 Comm: syz-executor953 Not tainted 4.14.113 #3 [ 124.862236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.871587] Call Trace: [ 124.874165] dump_stack+0x138/0x19c [ 124.877772] should_fail.cold+0x10f/0x159 [ 124.881923] should_failslab+0xdb/0x130 [ 124.885903] __kmalloc+0x2f3/0x7a0 [ 124.889425] ? tls_push_record+0x10a/0x1210 [ 124.893739] tls_push_record+0x10a/0x1210 [ 124.897971] tls_sw_sendpage+0x437/0xb50 [ 124.902207] ? tls_sw_sendmsg+0x1020/0x1020 [ 124.906512] inet_sendpage+0x15a/0x580 [ 124.910489] ? tls_sw_sendmsg+0x1020/0x1020 [ 124.914804] kernel_sendpage+0x95/0xf0 [ 124.918722] ? inet_sendmsg+0x500/0x500 [ 124.922683] sock_sendpage+0x8b/0xc0 [ 124.926452] ? kernel_sendpage+0xf0/0xf0 [ 124.930499] pipe_to_sendpage+0x244/0x340 [ 124.934643] ? direct_splice_actor+0x1a0/0x1a0 [ 124.939216] __splice_from_pipe+0x351/0x790 [ 124.943615] ? direct_splice_actor+0x1a0/0x1a0 [ 124.948198] ? direct_splice_actor+0x1a0/0x1a0 [ 124.952758] splice_from_pipe+0xf0/0x150 [ 124.956808] ? splice_shrink_spd+0xb0/0xb0 [ 124.961030] ? security_file_permission+0x8f/0x1f0 [ 124.965945] generic_splice_sendpage+0x3c/0x50 [ 124.970519] ? splice_from_pipe+0x150/0x150 [ 124.974833] direct_splice_actor+0x126/0x1a0 [ 124.979275] splice_direct_to_actor+0x2a1/0x7b0 [ 124.983941] ? generic_pipe_buf_nosteal+0x10/0x10 [ 124.988781] ? do_splice_to+0x170/0x170 [ 124.992741] ? rw_verify_area+0xea/0x2b0 [ 124.996783] do_splice_direct+0x18d/0x230 [ 125.000925] ? splice_direct_to_actor+0x7b0/0x7b0 [ 125.005827] ? rw_verify_area+0xea/0x2b0 [ 125.009875] do_sendfile+0x4db/0xbd0 [ 125.013575] ? do_compat_pwritev64+0x140/0x140 [ 125.018137] ? mutex_unlock+0xd/0x10 [ 125.021841] ? fput+0xd4/0x150 [ 125.025017] SyS_sendfile64+0x102/0x110 [ 125.028971] ? SyS_sendfile+0x130/0x130 [ 125.032939] ? do_syscall_64+0x53/0x630 [ 125.036896] ? SyS_sendfile+0x130/0x130 [ 125.040962] do_syscall_64+0x1eb/0x630 [ 125.044843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.049675] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 125.054988] RIP: 0033:0x446889 executing program [ 125.058164] RSP: 002b:00007f9279b31d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 125.065858] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446889 [ 125.073114] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 125.080375] RBP: 00000000006dbc30 R08: 0000000000000002 R09: 0000000000003931 [ 125.087644] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc3c [ 125.094899] R13: 00007f9279b31d10 R14: 0000000000000008 R15: 0000000000000000 [ 125.109990] FAULT_INJECTION: forcing a failure. [ 125.109990] name failslab, interval 1, probability 0, space 0, times 0 [ 125.121973] CPU: 0 PID: 6936 Comm: syz-executor953 Not tainted 4.14.113 #3 [ 125.128990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.138341] Call Trace: [ 125.140924] dump_stack+0x138/0x19c [ 125.144541] should_fail.cold+0x10f/0x159 [ 125.148678] should_failslab+0xdb/0x130 [ 125.152652] __kmalloc+0x2f3/0x7a0 [ 125.156196] ? tls_push_record+0x10a/0x1210 [ 125.160506] tls_push_record+0x10a/0x1210 [ 125.164655] tls_sw_sendpage+0x437/0xb50 [ 125.168823] ? tls_sw_sendmsg+0x1020/0x1020 [ 125.173143] inet_sendpage+0x15a/0x580 [ 125.177062] ? tls_sw_sendmsg+0x1020/0x1020 [ 125.181382] kernel_sendpage+0x95/0xf0 [ 125.185254] ? inet_sendmsg+0x500/0x500 [ 125.189226] sock_sendpage+0x8b/0xc0 [ 125.192923] ? kernel_sendpage+0xf0/0xf0 [ 125.196970] pipe_to_sendpage+0x244/0x340 [ 125.201098] ? direct_splice_actor+0x1a0/0x1a0 [ 125.205665] __splice_from_pipe+0x351/0x790 [ 125.210016] ? direct_splice_actor+0x1a0/0x1a0 [ 125.214612] ? direct_splice_actor+0x1a0/0x1a0 [ 125.219178] splice_from_pipe+0xf0/0x150 [ 125.223221] ? splice_shrink_spd+0xb0/0xb0 [ 125.227464] ? security_file_permission+0x8f/0x1f0 [ 125.232389] generic_splice_sendpage+0x3c/0x50 [ 125.236958] ? splice_from_pipe+0x150/0x150 [ 125.241275] direct_splice_actor+0x126/0x1a0 [ 125.245671] splice_direct_to_actor+0x2a1/0x7b0 [ 125.250533] ? generic_pipe_buf_nosteal+0x10/0x10 [ 125.255382] ? do_splice_to+0x170/0x170 [ 125.259348] ? rw_verify_area+0xea/0x2b0 [ 125.263404] do_splice_direct+0x18d/0x230 [ 125.267645] ? splice_direct_to_actor+0x7b0/0x7b0 [ 125.272479] ? rw_verify_area+0xea/0x2b0 [ 125.276541] do_sendfile+0x4db/0xbd0 [ 125.280248] ? do_compat_pwritev64+0x140/0x140 [ 125.284832] ? mutex_unlock+0xd/0x10 [ 125.288541] ? fput+0xd4/0x150 [ 125.291735] SyS_sendfile64+0x102/0x110 [ 125.295834] ? SyS_sendfile+0x130/0x130 [ 125.299807] ? do_syscall_64+0x53/0x630 [ 125.303776] ? SyS_sendfile+0x130/0x130 [ 125.307757] do_syscall_64+0x1eb/0x630 [ 125.311640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.316483] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 125.321755] RIP: 0033:0x446889 [ 125.324930] RSP: 002b:00007f9279b52d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 125.332735] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 125.339994] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 125.347348] RBP: 00000000006dbc20 R08: 0000000000000002 R09: 65732f636f003931 [ 125.354729] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc2c [ 125.361999] R13: 00007f9279b52d10 R14: 0000000000000005 R15: 0000000000000000 [ 125.373084] FAULT_INJECTION: forcing a failure. [ 125.373084] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 125.384911] CPU: 1 PID: 6937 Comm: syz-executor953 Not tainted 4.14.113 #3 [ 125.391910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.401425] Call Trace: [ 125.404019] dump_stack+0x138/0x19c [ 125.407631] should_fail.cold+0x10f/0x159 [ 125.411763] __alloc_pages_nodemask+0x1d6/0x7a0 [ 125.416420] ? fs_reclaim_acquire+0x20/0x20 [ 125.420725] ? __alloc_pages_slowpath+0x2930/0x2930 [ 125.425731] cache_grow_begin+0x80/0x410 [ 125.429771] kmem_cache_alloc_trace+0x6b5/0x790 [ 125.434419] ? security_capable+0x94/0xc0 [ 125.438614] pagemap_read+0x23c/0x520 [ 125.442416] ? clear_refs_write+0x730/0x730 [ 125.446720] ? __inode_security_revalidate+0xd6/0x130 [ 125.451948] ? avc_policy_seqno+0x9/0x20 [ 125.455999] ? selinux_file_permission+0x85/0x480 [ 125.460416] ================================================================== [ 125.460889] ? rw_verify_area+0xea/0x2b0 [ 125.460897] do_iter_read+0x3e7/0x5b0 [ 125.460908] vfs_readv+0xd3/0x130 [ 125.460914] ? compat_rw_copy_check_uvector+0x310/0x310 [ 125.460925] ? push_pipe+0x3e6/0x780 [ 125.460937] ? iov_iter_revert+0x9d0/0x9d0 [ 125.468409] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x260/0x6b0 [ 125.468418] Read of size 4096 at addr ffff888091def000 by task syz-executor953/6936 [ 125.472484] ? iov_iter_pipe+0x9f/0x2c0 [ 125.476320] [ 125.513689] default_file_splice_read+0x421/0x7b0 [ 125.518519] ? __kmalloc+0x15d/0x7a0 [ 125.522213] ? alloc_pipe_info+0x15c/0x380 [ 125.526427] ? splice_direct_to_actor+0x5da/0x7b0 [ 125.531247] ? do_splice_direct+0x18d/0x230 [ 125.535565] ? do_splice_direct+0x230/0x230 [ 125.539888] ? trace_hardirqs_on+0x10/0x10 [ 125.544116] ? save_trace+0x290/0x290 [ 125.547905] ? save_trace+0x290/0x290 [ 125.551700] ? __inode_security_revalidate+0xd6/0x130 [ 125.556867] ? avc_policy_seqno+0x9/0x20 [ 125.560907] ? selinux_file_permission+0x85/0x480 [ 125.565733] ? security_file_permission+0x8f/0x1f0 [ 125.570646] ? rw_verify_area+0xea/0x2b0 [ 125.574817] ? do_splice_direct+0x230/0x230 [ 125.579147] do_splice_to+0x108/0x170 [ 125.582933] splice_direct_to_actor+0x222/0x7b0 [ 125.587592] ? generic_pipe_buf_nosteal+0x10/0x10 [ 125.592434] ? do_splice_to+0x170/0x170 [ 125.596400] ? rw_verify_area+0xea/0x2b0 [ 125.600467] do_splice_direct+0x18d/0x230 [ 125.604616] ? splice_direct_to_actor+0x7b0/0x7b0 [ 125.609447] ? rw_verify_area+0xea/0x2b0 [ 125.613496] do_sendfile+0x4db/0xbd0 [ 125.617210] ? do_compat_pwritev64+0x140/0x140 [ 125.621784] ? mutex_unlock+0xd/0x10 [ 125.625495] ? fput+0xd4/0x150 [ 125.628676] SyS_sendfile64+0x102/0x110 [ 125.632694] ? SyS_sendfile+0x130/0x130 [ 125.636688] ? do_syscall_64+0x53/0x630 [ 125.640656] ? SyS_sendfile+0x130/0x130 [ 125.644618] do_syscall_64+0x1eb/0x630 [ 125.648487] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.653319] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 125.658605] RIP: 0033:0x446889 [ 125.661830] RSP: 002b:00007f9279b31d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 125.669533] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446889 [ 125.676783] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 125.684094] RBP: 00000000006dbc30 R08: 0000000000000002 R09: 0000000000003931 [ 125.691526] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc3c [ 125.698830] R13: 00007f9279b31d10 R14: 0000000000000008 R15: 0000000000000000 [ 125.706113] CPU: 0 PID: 6936 Comm: syz-executor953 Not tainted 4.14.113 #3 [ 125.713164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.722516] Call Trace: [ 125.725317] dump_stack+0x138/0x19c [ 125.728985] ? scatterwalk_copychunks+0x260/0x6b0 [ 125.733824] print_address_description.cold+0x7c/0x1dc [ 125.739092] ? scatterwalk_copychunks+0x260/0x6b0 [ 125.743921] kasan_report.cold+0xaf/0x2b5 [ 125.748070] check_memory_region+0x123/0x190 [ 125.752608] memcpy+0x24/0x50 [ 125.755706] scatterwalk_copychunks+0x260/0x6b0 [ 125.760471] scatterwalk_map_and_copy+0x12f/0x1d0 [ 125.765299] ? scatterwalk_copychunks+0x6b0/0x6b0 [ 125.770137] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 125.775824] ? rcu_read_lock_sched_held+0x110/0x130 [ 125.780836] ? __kmalloc+0x379/0x7a0 [ 125.784543] ? gcmaes_encrypt.constprop.0+0x143/0xb90 [ 125.789725] gcmaes_encrypt.constprop.0+0x1d2/0xb90 [ 125.794724] ? __lock_is_held+0xb6/0x140 [ 125.798832] generic_gcmaes_encrypt+0xf4/0x130 [ 125.803422] ? helper_rfc4106_encrypt+0x320/0x320 [ 125.808264] ? sk_stream_wait_memory+0x991/0xcf0 [ 125.813002] gcmaes_wrapper_encrypt+0x101/0x170 [ 125.817653] tls_push_record+0x90b/0x1210 [ 125.821854] tls_sw_sendpage+0x437/0xb50 [ 125.825934] ? tls_sw_sendmsg+0x1020/0x1020 [ 125.830241] inet_sendpage+0x15a/0x580 [ 125.834112] ? tls_sw_sendmsg+0x1020/0x1020 [ 125.838482] kernel_sendpage+0x95/0xf0 [ 125.842373] ? inet_sendmsg+0x500/0x500 [ 125.846348] sock_sendpage+0x8b/0xc0 [ 125.850160] ? kernel_sendpage+0xf0/0xf0 [ 125.854207] pipe_to_sendpage+0x244/0x340 [ 125.858347] ? direct_splice_actor+0x1a0/0x1a0 [ 125.862927] __splice_from_pipe+0x351/0x790 [ 125.867271] ? direct_splice_actor+0x1a0/0x1a0 [ 125.871846] ? direct_splice_actor+0x1a0/0x1a0 [ 125.876410] splice_from_pipe+0xf0/0x150 [ 125.880471] ? splice_shrink_spd+0xb0/0xb0 [ 125.884846] ? security_file_permission+0x8f/0x1f0 [ 125.889765] generic_splice_sendpage+0x3c/0x50 [ 125.894325] ? splice_from_pipe+0x150/0x150 [ 125.898719] direct_splice_actor+0x126/0x1a0 [ 125.903229] splice_direct_to_actor+0x2a1/0x7b0 [ 125.907899] ? generic_pipe_buf_nosteal+0x10/0x10 [ 125.912790] ? do_splice_to+0x170/0x170 [ 125.916882] ? rw_verify_area+0xea/0x2b0 [ 125.920931] do_splice_direct+0x18d/0x230 [ 125.925080] ? splice_direct_to_actor+0x7b0/0x7b0 [ 125.929934] ? rw_verify_area+0xea/0x2b0 [ 125.933994] do_sendfile+0x4db/0xbd0 [ 125.937708] ? do_compat_pwritev64+0x140/0x140 [ 125.942280] ? mutex_unlock+0xd/0x10 [ 125.945979] ? fput+0xd4/0x150 [ 125.949171] SyS_sendfile64+0x102/0x110 [ 125.953137] ? SyS_sendfile+0x130/0x130 [ 125.957099] ? do_syscall_64+0x53/0x630 [ 125.961160] ? SyS_sendfile+0x130/0x130 [ 125.965114] do_syscall_64+0x1eb/0x630 [ 125.968980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.973811] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 125.979041] RIP: 0033:0x446889 [ 125.982224] RSP: 002b:00007f9279b52d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 125.989953] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 125.997204] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 126.004455] RBP: 00000000006dbc20 R08: 0000000000000002 R09: 65732f636f003931 [ 126.012103] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc2c [ 126.021457] R13: 00007f9279b52d10 R14: 0000000000000005 R15: 0000000000000000 [ 126.028979] [ 126.030610] Allocated by task 6311: [ 126.034220] save_stack_trace+0x16/0x20 [ 126.038176] save_stack+0x45/0xd0 [ 126.041605] kasan_kmalloc+0xce/0xf0 [ 126.045298] kasan_slab_alloc+0xf/0x20 [ 126.049165] kmem_cache_alloc+0x12e/0x780 [ 126.053293] get_empty_filp+0x8c/0x3b0 [ 126.057264] path_openat+0x8f/0x3f70 [ 126.061222] do_filp_open+0x18e/0x250 [ 126.065056] do_open_execat+0xe7/0x4a0 [ 126.068936] do_execveat_common.isra.0+0x6d2/0x1dd0 [ 126.073934] SyS_execve+0x39/0x50 [ 126.077382] do_syscall_64+0x1eb/0x630 [ 126.081270] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 126.086438] [ 126.088048] Freed by task 0: [ 126.091051] save_stack_trace+0x16/0x20 [ 126.095009] save_stack+0x45/0xd0 [ 126.098569] kasan_slab_free+0x75/0xc0 [ 126.102444] kmem_cache_free+0x83/0x2b0 [ 126.106406] file_free_rcu+0x63/0xa0 [ 126.110103] rcu_process_callbacks+0x7c0/0x12c0 [ 126.114766] __do_softirq+0x24e/0x9ae [ 126.118559] [ 126.120173] The buggy address belongs to the object at ffff888091def000 [ 126.120173] which belongs to the cache filp of size 456 [ 126.132217] The buggy address is located 0 bytes inside of [ 126.132217] 456-byte region [ffff888091def000, ffff888091def1c8) [ 126.144138] The buggy address belongs to the page: [ 126.149055] page:ffffea0002477bc0 count:1 mapcount:0 mapping:ffff888091def000 index:0x0 [ 126.157412] flags: 0x1fffc0000000100(slab) [ 126.161654] raw: 01fffc0000000100 ffff888091def000 0000000000000000 0000000100000006 [ 126.169734] raw: ffffea0002974a20 ffffea0002983460 ffff8880aa9e09c0 0000000000000000 [ 126.177604] page dumped because: kasan: bad access detected [ 126.183296] [ 126.184910] Memory state around the buggy address: [ 126.189829] ffff888091deef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 126.197400] ffff888091deef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 126.205012] >ffff888091def000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 126.212353] ^ [ 126.215709] ffff888091def080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 126.223059] ffff888091def100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 126.230524] ================================================================== [ 126.237862] Disabling lock debugging due to kernel taint [ 126.243428] Kernel panic - not syncing: panic_on_warn set ... [ 126.243428] [ 126.251011] CPU: 0 PID: 6936 Comm: syz-executor953 Tainted: G B 4.14.113 #3 [ 126.259371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.268826] Call Trace: [ 126.271408] dump_stack+0x138/0x19c [ 126.275023] ? scatterwalk_copychunks+0x260/0x6b0 [ 126.279911] panic+0x1f2/0x438 [ 126.283107] ? add_taint.cold+0x16/0x16 [ 126.287071] kasan_end_report+0x47/0x4f [ 126.291022] kasan_report.cold+0x136/0x2b5 [ 126.295300] check_memory_region+0x123/0x190 [ 126.299716] memcpy+0x24/0x50 [ 126.302872] scatterwalk_copychunks+0x260/0x6b0 [ 126.307552] scatterwalk_map_and_copy+0x12f/0x1d0 [ 126.312393] ? scatterwalk_copychunks+0x6b0/0x6b0 [ 126.317369] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 126.322807] ? rcu_read_lock_sched_held+0x110/0x130 [ 126.327813] ? __kmalloc+0x379/0x7a0 [ 126.331580] ? gcmaes_encrypt.constprop.0+0x143/0xb90 [ 126.337020] gcmaes_encrypt.constprop.0+0x1d2/0xb90 [ 126.342026] ? __lock_is_held+0xb6/0x140 [ 126.346071] generic_gcmaes_encrypt+0xf4/0x130 [ 126.350647] ? helper_rfc4106_encrypt+0x320/0x320 [ 126.355630] ? sk_stream_wait_memory+0x991/0xcf0 [ 126.360378] gcmaes_wrapper_encrypt+0x101/0x170 [ 126.365043] tls_push_record+0x90b/0x1210 [ 126.369178] tls_sw_sendpage+0x437/0xb50 [ 126.373224] ? tls_sw_sendmsg+0x1020/0x1020 [ 126.377533] inet_sendpage+0x15a/0x580 [ 126.381463] ? tls_sw_sendmsg+0x1020/0x1020 [ 126.385987] kernel_sendpage+0x95/0xf0 [ 126.389872] ? inet_sendmsg+0x500/0x500 [ 126.393841] sock_sendpage+0x8b/0xc0 [ 126.397642] ? kernel_sendpage+0xf0/0xf0 [ 126.401693] pipe_to_sendpage+0x244/0x340 [ 126.405827] ? direct_splice_actor+0x1a0/0x1a0 [ 126.410405] __splice_from_pipe+0x351/0x790 [ 126.414757] ? direct_splice_actor+0x1a0/0x1a0 [ 126.419407] ? direct_splice_actor+0x1a0/0x1a0 [ 126.423984] splice_from_pipe+0xf0/0x150 [ 126.428030] ? splice_shrink_spd+0xb0/0xb0 [ 126.432248] ? security_file_permission+0x8f/0x1f0 [ 126.437154] generic_splice_sendpage+0x3c/0x50 [ 126.441712] ? splice_from_pipe+0x150/0x150 [ 126.446150] direct_splice_actor+0x126/0x1a0 [ 126.450556] splice_direct_to_actor+0x2a1/0x7b0 [ 126.455218] ? generic_pipe_buf_nosteal+0x10/0x10 [ 126.460054] ? do_splice_to+0x170/0x170 [ 126.464025] ? rw_verify_area+0xea/0x2b0 [ 126.468233] do_splice_direct+0x18d/0x230 [ 126.472377] ? splice_direct_to_actor+0x7b0/0x7b0 [ 126.477312] ? rw_verify_area+0xea/0x2b0 [ 126.481549] do_sendfile+0x4db/0xbd0 [ 126.485252] ? do_compat_pwritev64+0x140/0x140 [ 126.489815] ? mutex_unlock+0xd/0x10 [ 126.493748] ? fput+0xd4/0x150 [ 126.496935] SyS_sendfile64+0x102/0x110 [ 126.500899] ? SyS_sendfile+0x130/0x130 [ 126.504859] ? do_syscall_64+0x53/0x630 [ 126.508829] ? SyS_sendfile+0x130/0x130 [ 126.512790] do_syscall_64+0x1eb/0x630 [ 126.525208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 126.530050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 126.535225] RIP: 0033:0x446889 [ 126.538398] RSP: 002b:00007f9279b52d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 126.546094] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446889 [ 126.553359] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 126.560720] RBP: 00000000006dbc20 R08: 0000000000000002 R09: 65732f636f003931 [ 126.568081] R10: 0000000000006785 R11: 0000000000000246 R12: 00000000006dbc2c [ 126.575330] R13: 00007f9279b52d10 R14: 0000000000000005 R15: 0000000000000000 [ 126.583421] Kernel Offset: disabled [ 126.587110] Rebooting in 86400 seconds..