Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. [ 44.949019] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 45.077335] audit: type=1400 audit(1555915395.634:36): avc: denied { map } for pid=7071 comm="syz-executor825" path="/root/syz-executor825187896" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.115924] ================================================================== [ 45.123404] BUG: KASAN: slab-out-of-bounds in tls_push_record+0x1009/0x1210 [ 45.130488] Read of size 8 at addr ffff8880915ac5b8 by task syz-executor825/7071 [ 45.137994] [ 45.139603] CPU: 0 PID: 7071 Comm: syz-executor825 Not tainted 4.14.113 #3 [ 45.146596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.155935] Call Trace: [ 45.158515] dump_stack+0x138/0x19c [ 45.162152] ? tls_push_record+0x1009/0x1210 [ 45.166588] print_address_description.cold+0x7c/0x1dc [ 45.171850] ? tls_push_record+0x1009/0x1210 [ 45.176254] kasan_report.cold+0xaf/0x2b5 [ 45.180384] __asan_report_load8_noabort+0x14/0x20 [ 45.185323] tls_push_record+0x1009/0x1210 [ 45.189545] ? mark_held_locks+0xb1/0x100 [ 45.193680] ? __local_bh_enable_ip+0x99/0x1a0 [ 45.198255] ? trace_hardirqs_on_caller+0x400/0x590 [ 45.203266] tls_sw_push_pending_record+0x23/0x30 [ 45.208127] tls_sk_proto_close+0x5da/0x760 [ 45.212434] ? sock_def_wakeup+0x10c/0x200 [ 45.216661] ? tcp_check_oom+0x460/0x460 [ 45.220702] ? tls_write_space+0x2a0/0x2a0 [ 45.224916] ? ip_mc_drop_socket+0x1d6/0x230 [ 45.229312] inet_release+0xf2/0x1c0 [ 45.233019] __sock_release+0x20a/0x2c0 [ 45.237003] sock_release+0x18/0x20 [ 45.240620] smc_release+0x240/0x640 [ 45.244326] __sock_release+0xd3/0x2c0 [ 45.248194] ? __sock_release+0x2c0/0x2c0 [ 45.252338] sock_close+0x1b/0x30 [ 45.255775] __fput+0x277/0x7a0 [ 45.259039] ____fput+0x16/0x20 [ 45.262304] task_work_run+0x119/0x190 [ 45.266172] do_exit+0x7df/0x2c10 [ 45.269607] ? rw_verify_area+0xea/0x2b0 [ 45.273653] ? mm_update_next_owner+0x5d0/0x5d0 [ 45.278304] ? vfs_write+0x104/0x500 [ 45.282010] ? SyS_write+0x10b/0x180 [ 45.285794] do_group_exit+0x111/0x330 [ 45.289668] SyS_exit_group+0x1d/0x20 [ 45.293464] ? do_group_exit+0x330/0x330 [ 45.297539] do_syscall_64+0x1eb/0x630 [ 45.301425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.306254] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.311436] RIP: 0033:0x43eeb8 [ 45.314610] RSP: 002b:00007ffe819ce2a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.322308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043eeb8 [ 45.329558] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.336810] RBP: 00000000004be6c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.344069] R10: 0000000000000028 R11: 0000000000000246 R12: 0000000000000001 [ 45.351321] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.358582] [ 45.360195] Allocated by task 7071: [ 45.363807] save_stack_trace+0x16/0x20 [ 45.367759] save_stack+0x45/0xd0 [ 45.371195] kasan_kmalloc+0xce/0xf0 [ 45.374893] kmem_cache_alloc_trace+0x152/0x790 [ 45.379547] tls_set_sw_offload+0x8b/0xe70 [ 45.383760] tls_setsockopt+0x22e/0x410 [ 45.389080] sock_common_setsockopt+0x9a/0xe0 [ 45.393560] smc_setsockopt+0xc7/0x120 [ 45.397436] SyS_setsockopt+0x141/0x210 [ 45.401393] do_syscall_64+0x1eb/0x630 [ 45.405260] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.410429] [ 45.412036] Freed by task 0: [ 45.415028] (stack is not available) [ 45.418717] [ 45.420338] The buggy address belongs to the object at ffff8880915ac5c0 [ 45.420338] which belongs to the cache kmalloc-2048 of size 2048 [ 45.433154] The buggy address is located 8 bytes to the left of [ 45.433154] 2048-byte region [ffff8880915ac5c0, ffff8880915acdc0) [ 45.445395] The buggy address belongs to the page: [ 45.450346] page:ffffea0002456b00 count:1 mapcount:0 mapping:ffff8880915ac5c0 index:0x0 compound_mapcount: 0 [ 45.460321] flags: 0x1fffc0000008100(slab|head) [ 45.464990] raw: 01fffc0000008100 ffff8880915ac5c0 0000000000000000 0000000100000003 [ 45.472850] raw: ffffea00021aa7a0 ffff8880aa801948 ffff8880aa800c40 0000000000000000 [ 45.480714] page dumped because: kasan: bad access detected [ 45.486412] [ 45.488017] Memory state around the buggy address: [ 45.492927] ffff8880915ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.500283] ffff8880915ac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.507621] >ffff8880915ac580: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 45.514959] ^ [ 45.520127] ffff8880915ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.527475] ffff8880915ac680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.534807] ================================================================== [ 45.542144] Disabling lock debugging due to kernel taint [ 45.548284] Kernel panic - not syncing: panic_on_warn set ... [ 45.548284] [ 45.555663] CPU: 1 PID: 7071 Comm: syz-executor825 Tainted: G B 4.14.113 #3 [ 45.563867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.573225] Call Trace: [ 45.575799] dump_stack+0x138/0x19c [ 45.579406] ? tls_push_record+0x1009/0x1210 [ 45.583793] panic+0x1f2/0x438 [ 45.586963] ? add_taint.cold+0x16/0x16 [ 45.590920] ? ___preempt_schedule+0x16/0x18 [ 45.595309] kasan_end_report+0x47/0x4f [ 45.599257] kasan_report.cold+0x136/0x2b5 [ 45.603478] __asan_report_load8_noabort+0x14/0x20 [ 45.608383] tls_push_record+0x1009/0x1210 [ 45.612600] ? mark_held_locks+0xb1/0x100 [ 45.616724] ? __local_bh_enable_ip+0x99/0x1a0 [ 45.621336] ? trace_hardirqs_on_caller+0x400/0x590 [ 45.626330] tls_sw_push_pending_record+0x23/0x30 [ 45.631153] tls_sk_proto_close+0x5da/0x760 [ 45.635455] ? sock_def_wakeup+0x10c/0x200 [ 45.639671] ? tcp_check_oom+0x460/0x460 [ 45.643726] ? tls_write_space+0x2a0/0x2a0 [ 45.647939] ? ip_mc_drop_socket+0x1d6/0x230 [ 45.652343] inet_release+0xf2/0x1c0 [ 45.656040] __sock_release+0x20a/0x2c0 [ 45.660013] sock_release+0x18/0x20 [ 45.663653] smc_release+0x240/0x640 [ 45.667349] __sock_release+0xd3/0x2c0 [ 45.671240] ? __sock_release+0x2c0/0x2c0 [ 45.675364] sock_close+0x1b/0x30 [ 45.678795] __fput+0x277/0x7a0 [ 45.682094] ____fput+0x16/0x20 [ 45.685353] task_work_run+0x119/0x190 [ 45.689219] do_exit+0x7df/0x2c10 [ 45.692655] ? rw_verify_area+0xea/0x2b0 [ 45.696694] ? mm_update_next_owner+0x5d0/0x5d0 [ 45.701366] ? vfs_write+0x104/0x500 [ 45.705060] ? SyS_write+0x10b/0x180 [ 45.708749] do_group_exit+0x111/0x330 [ 45.712617] SyS_exit_group+0x1d/0x20 [ 45.716391] ? do_group_exit+0x330/0x330 [ 45.720449] do_syscall_64+0x1eb/0x630 [ 45.724315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.729140] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.734311] RIP: 0033:0x43eeb8 [ 45.737475] RSP: 002b:00007ffe819ce2a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.745158] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043eeb8 [ 45.752409] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.759656] RBP: 00000000004be6c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.766906] R10: 0000000000000028 R11: 0000000000000246 R12: 0000000000000001 [ 45.774157] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 45.782101] Kernel Offset: disabled [ 45.785720] Rebooting in 86400 seconds..