Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. [ 48.246722] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 48.368591] audit: type=1400 audit(1581096218.313:36): avc: denied { map } for pid=7523 comm="syz-executor174" path="/root/syz-executor174530772" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.415754] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 48.427768] ================================================================== [ 48.435308] BUG: KASAN: use-after-free in padata_parallel_worker+0x313/0x3b0 [ 48.442496] Write of size 8 at addr ffff88809e783958 by task kworker/0:0/3 [ 48.449507] [ 48.451133] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.14.170-syzkaller #0 [ 48.458410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.467833] Workqueue: pencrypt padata_parallel_worker [ 48.473125] Call Trace: [ 48.475777] dump_stack+0x142/0x197 [ 48.479519] ? padata_parallel_worker+0x313/0x3b0 [ 48.484405] print_address_description.cold+0x7c/0x1dc [ 48.489699] ? padata_parallel_worker+0x313/0x3b0 [ 48.494567] kasan_report.cold+0xa9/0x2af [ 48.498714] __asan_report_store8_noabort+0x17/0x20 [ 48.503964] padata_parallel_worker+0x313/0x3b0 [ 48.508673] ? check_preemption_disabled+0x3c/0x250 [ 48.513703] ? padata_sysfs_store+0xa0/0xa0 [ 48.518103] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 48.523579] process_one_work+0x863/0x1600 [ 48.527834] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 48.532513] worker_thread+0x5d9/0x1050 [ 48.536505] kthread+0x319/0x430 [ 48.539861] ? process_one_work+0x1600/0x1600 [ 48.544364] ? kthread_create_on_node+0xd0/0xd0 [ 48.549058] ret_from_fork+0x24/0x30 [ 48.552767] [ 48.554414] Allocated by task 7523: [ 48.558081] save_stack_trace+0x16/0x20 [ 48.562066] save_stack+0x45/0xd0 [ 48.565582] kasan_kmalloc+0xce/0xf0 [ 48.569302] __kmalloc+0x15d/0x7a0 [ 48.572884] tls_push_record+0x10a/0x1210 [ 48.577040] tls_sw_sendmsg+0x9e8/0x1020 [ 48.581107] inet_sendmsg+0x122/0x500 [ 48.584940] sock_sendmsg+0xce/0x110 [ 48.588791] SYSC_sendto+0x206/0x310 [ 48.592505] SyS_sendto+0x40/0x50 [ 48.595995] do_syscall_64+0x1e8/0x640 [ 48.599904] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.605102] [ 48.606744] Freed by task 7523: [ 48.610032] save_stack_trace+0x16/0x20 [ 48.614011] save_stack+0x45/0xd0 [ 48.617469] kasan_slab_free+0x75/0xc0 [ 48.621442] kfree+0xcc/0x270 [ 48.624554] tls_push_record+0xc03/0x1210 [ 48.628704] tls_sw_sendmsg+0x9e8/0x1020 [ 48.632779] inet_sendmsg+0x122/0x500 [ 48.636704] sock_sendmsg+0xce/0x110 [ 48.640412] SYSC_sendto+0x206/0x310 [ 48.644124] SyS_sendto+0x40/0x50 [ 48.647569] do_syscall_64+0x1e8/0x640 [ 48.651465] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.656646] [ 48.658274] The buggy address belongs to the object at ffff88809e783900 [ 48.658274] which belongs to the cache kmalloc-256 of size 256 [ 48.670928] The buggy address is located 88 bytes inside of [ 48.670928] 256-byte region [ffff88809e783900, ffff88809e783a00) [ 48.682713] The buggy address belongs to the page: [ 48.687652] page:ffffea000279e0c0 count:1 mapcount:0 mapping:ffff88809e783040 index:0xffff88809e783cc0 [ 48.697121] flags: 0xfffe0000000100(slab) [ 48.701269] raw: 00fffe0000000100 ffff88809e783040 ffff88809e783cc0 0000000100000002 [ 48.709156] raw: ffffea00027fdf60 ffffea00028372e0 ffff8880aa8007c0 0000000000000000 [ 48.717048] page dumped because: kasan: bad access detected [ 48.722762] [ 48.724375] Memory state around the buggy address: [ 48.729304] ffff88809e783800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.736668] ffff88809e783880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 48.744033] >ffff88809e783900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.751508] ^ [ 48.757873] ffff88809e783980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.765361] ffff88809e783a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 48.772826] ================================================================== [ 48.780197] Disabling lock debugging due to kernel taint [ 48.785716] Kernel panic - not syncing: panic_on_warn set ... [ 48.785716] [ 48.793200] CPU: 0 PID: 3 Comm: kworker/0:0 Tainted: G B 4.14.170-syzkaller #0 [ 48.801683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.811048] Workqueue: pencrypt padata_parallel_worker [ 48.816308] Call Trace: [ 48.819023] dump_stack+0x142/0x197 [ 48.822637] ? padata_parallel_worker+0x313/0x3b0 [ 48.827475] panic+0x1f9/0x42d [ 48.830695] ? add_taint.cold+0x16/0x16 [ 48.834698] kasan_end_report+0x47/0x4f [ 48.838661] kasan_report.cold+0x130/0x2af [ 48.842888] __asan_report_store8_noabort+0x17/0x20 [ 48.847909] padata_parallel_worker+0x313/0x3b0 [ 48.852582] ? check_preemption_disabled+0x3c/0x250 [ 48.857692] ? padata_sysfs_store+0xa0/0xa0 [ 48.861999] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 48.867469] process_one_work+0x863/0x1600 [ 48.871726] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 48.876409] worker_thread+0x5d9/0x1050 [ 48.880477] kthread+0x319/0x430 [ 48.883833] ? process_one_work+0x1600/0x1600 [ 48.888341] ? kthread_create_on_node+0xd0/0xd0 [ 48.893035] ret_from_fork+0x24/0x30 [ 48.898684] Kernel Offset: disabled [ 48.902324] Rebooting in 86400 seconds..