Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. [ 39.945757] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 40.073265] audit: type=1400 audit(1565386695.424:36): avc: denied { map } for pid=7035 comm="syz-executor139" path="/root/syz-executor139391520" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.101581] ================================================================== [ 40.109005] BUG: KASAN: slab-out-of-bounds in bpf_skb_change_proto+0xdbc/0x10f0 [ 40.116430] Read of size 2 at addr ffff888091537d40 by task syz-executor139/7035 [ 40.123933] [ 40.125553] CPU: 0 PID: 7035 Comm: syz-executor139 Not tainted 4.14.138 #34 [ 40.132623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.141950] Call Trace: [ 40.144519] dump_stack+0x138/0x19c [ 40.148123] ? bpf_skb_change_proto+0xdbc/0x10f0 [ 40.152857] print_address_description.cold+0x7c/0x1dc [ 40.158112] ? bpf_skb_change_proto+0xdbc/0x10f0 [ 40.162849] kasan_report.cold+0xa9/0x2af [ 40.166976] __asan_report_load2_noabort+0x14/0x20 [ 40.171997] bpf_skb_change_proto+0xdbc/0x10f0 [ 40.176565] ? build_skb+0x1f/0x160 [ 40.180194] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 40.184947] ? SyS_bpf+0x749/0x38f3 [ 40.188553] bpf_prog_0a61b7f223ef83f3+0xdfd/0x1000 [ 40.193563] ? trace_hardirqs_on+0x10/0x10 [ 40.197775] ? trace_hardirqs_on+0x10/0x10 [ 40.201984] ? bpf_test_run+0x44/0x330 [ 40.205846] ? find_held_lock+0x35/0x130 [ 40.209880] ? bpf_test_run+0x44/0x330 [ 40.213747] ? lock_acquire+0x16f/0x430 [ 40.217699] ? check_preemption_disabled+0x3c/0x250 [ 40.222693] ? bpf_test_run+0xa8/0x330 [ 40.226557] ? bpf_prog_test_run_skb+0x4d6/0x9a0 [ 40.231283] ? bpf_test_init.isra.0+0xe0/0xe0 [ 40.235751] ? __bpf_prog_get+0x153/0x1a0 [ 40.239971] ? SyS_bpf+0x749/0x38f3 [ 40.243579] ? __do_page_fault+0x4e9/0xb80 [ 40.247790] ? bpf_test_init.isra.0+0xe0/0xe0 [ 40.260686] ? bpf_prog_get+0x20/0x20 [ 40.264584] ? lock_downgrade+0x6e0/0x6e0 [ 40.268710] ? up_read+0x1a/0x40 [ 40.272063] ? __do_page_fault+0x358/0xb80 [ 40.276288] ? bpf_prog_get+0x20/0x20 [ 40.280091] ? do_syscall_64+0x1e8/0x640 [ 40.284138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.288961] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.294299] [ 40.295901] Allocated by task 0: [ 40.299942] (stack is not available) [ 40.303647] [ 40.305249] Freed by task 0: [ 40.308234] (stack is not available) [ 40.311917] [ 40.313518] The buggy address belongs to the object at ffff888091537d40 [ 40.313518] which belongs to the cache skbuff_head_cache of size 232 [ 40.326667] The buggy address is located 0 bytes inside of [ 40.326667] 232-byte region [ffff888091537d40, ffff888091537e28) [ 40.338458] The buggy address belongs to the page: [ 40.343363] page:ffffea0002454dc0 count:1 mapcount:0 mapping:ffff8880915370c0 index:0x0 [ 40.351493] flags: 0x1fffc0000000100(slab) [ 40.355704] raw: 01fffc0000000100 ffff8880915370c0 0000000000000000 000000010000000c [ 40.363556] raw: ffffea0002361f60 ffff8880a9dcc248 ffff88821b719240 0000000000000000 [ 40.371411] page dumped because: kasan: bad access detected [ 40.377092] [ 40.378690] Memory state around the buggy address: [ 40.383592] ffff888091537c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.390977] ffff888091537c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.398306] >ffff888091537d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.405638] ^ [ 40.411063] ffff888091537d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.418393] ffff888091537e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.425721] ================================================================== [ 40.433054] Disabling lock debugging due to kernel taint [ 40.438554] Kernel panic - not syncing: panic_on_warn set ... [ 40.438554] [ 40.445911] CPU: 0 PID: 7035 Comm: syz-executor139 Tainted: G B 4.14.138 #34 [ 40.454199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.463527] Call Trace: [ 40.466089] dump_stack+0x138/0x19c [ 40.469692] ? bpf_skb_change_proto+0xdbc/0x10f0 [ 40.474451] panic+0x1f2/0x426 [ 40.477651] ? add_taint.cold+0x16/0x16 [ 40.481615] kasan_end_report+0x47/0x4f [ 40.485561] kasan_report.cold+0x130/0x2af [ 40.489771] __asan_report_load2_noabort+0x14/0x20 [ 40.494847] bpf_skb_change_proto+0xdbc/0x10f0 [ 40.499398] ? build_skb+0x1f/0x160 [ 40.503016] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 40.507864] ? SyS_bpf+0x749/0x38f3 [ 40.511551] bpf_prog_0a61b7f223ef83f3+0xdfd/0x1000 [ 40.516552] ? trace_hardirqs_on+0x10/0x10 [ 40.520760] ? trace_hardirqs_on+0x10/0x10 [ 40.524994] ? bpf_test_run+0x44/0x330 [ 40.528850] ? find_held_lock+0x35/0x130 [ 40.532880] ? bpf_test_run+0x44/0x330 [ 40.536786] ? lock_acquire+0x16f/0x430 [ 40.540734] ? check_preemption_disabled+0x3c/0x250 [ 40.545721] ? bpf_test_run+0xa8/0x330 [ 40.549583] ? bpf_prog_test_run_skb+0x4d6/0x9a0 [ 40.554311] ? bpf_test_init.isra.0+0xe0/0xe0 [ 40.558781] ? __bpf_prog_get+0x153/0x1a0 [ 40.562928] ? SyS_bpf+0x749/0x38f3 [ 40.566530] ? __do_page_fault+0x4e9/0xb80 [ 40.570735] ? bpf_test_init.isra.0+0xe0/0xe0 [ 40.575201] ? bpf_prog_get+0x20/0x20 [ 40.578988] ? lock_downgrade+0x6e0/0x6e0 [ 40.583111] ? up_read+0x1a/0x40 [ 40.586451] ? __do_page_fault+0x358/0xb80 [ 40.591026] ? bpf_prog_get+0x20/0x20 [ 40.594798] ? do_syscall_64+0x1e8/0x640 [ 40.598846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.603666] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.609994] Kernel Offset: disabled [ 40.613613] Rebooting in 86400 seconds..