Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. [ 42.864440] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.984011] audit: type=1400 audit(1571985885.874:36): avc: denied { map } for pid=7020 comm="syz-executor878" path="/root/syz-executor878040324" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.012111] ================================================================== [ 43.020046] BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2de/0x2f0 [ 43.027349] Read of size 8 at addr ffff888098758b10 by task syz-executor878/7020 [ 43.035736] [ 43.037353] CPU: 0 PID: 7020 Comm: syz-executor878 Not tainted 4.14.150 #0 [ 43.044353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.053700] Call Trace: [ 43.056285] dump_stack+0x138/0x197 [ 43.059902] ? bpf_clone_redirect+0x2de/0x2f0 [ 43.064740] print_address_description.cold+0x7c/0x1dc [ 43.070540] ? bpf_clone_redirect+0x2de/0x2f0 [ 43.075281] kasan_report.cold+0xa9/0x2af [ 43.079427] __asan_report_load8_noabort+0x14/0x20 [ 43.084336] bpf_clone_redirect+0x2de/0x2f0 [ 43.088639] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 43.093384] ? SyS_bpf+0x6ad/0x2da8 [ 43.096994] bpf_prog_5dcdee4b6441ca99+0x57c/0x1000 [ 43.101990] ? trace_hardirqs_on+0x10/0x10 [ 43.106205] ? trace_hardirqs_on+0x10/0x10 [ 43.110454] ? bpf_test_run+0x44/0x330 [ 43.114326] ? find_held_lock+0x35/0x130 [ 43.118399] ? bpf_test_run+0x44/0x330 [ 43.122276] ? lock_acquire+0x16f/0x430 [ 43.126252] ? check_preemption_disabled+0x3c/0x250 [ 43.131608] ? bpf_test_run+0xa8/0x330 [ 43.135478] ? bpf_prog_test_run_skb+0x6c2/0x9a0 [ 43.140240] ? bpf_test_init.isra.0+0xe0/0xe0 [ 43.144711] ? __bpf_prog_get+0x153/0x1a0 [ 43.148836] ? SyS_bpf+0x6ad/0x2da8 [ 43.152448] ? __do_page_fault+0x4e9/0xb80 [ 43.156671] ? bpf_test_init.isra.0+0xe0/0xe0 [ 43.161145] ? bpf_prog_get+0x20/0x20 [ 43.164932] ? lock_downgrade+0x740/0x740 [ 43.169079] ? up_read+0x1a/0x40 [ 43.172605] ? __do_page_fault+0x358/0xb80 [ 43.177375] ? bpf_prog_get+0x20/0x20 [ 43.181162] ? do_syscall_64+0x1e8/0x640 [ 43.185206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.190041] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.195391] [ 43.196998] Allocated by task 0: [ 43.200336] (stack is not available) [ 43.204042] [ 43.205657] Freed by task 0: [ 43.208648] (stack is not available) [ 43.212333] [ 43.213958] The buggy address belongs to the object at ffff888098758a80 [ 43.213958] which belongs to the cache skbuff_head_cache of size 232 [ 43.227111] The buggy address is located 144 bytes inside of [ 43.227111] 232-byte region [ffff888098758a80, ffff888098758b68) [ 43.238970] The buggy address belongs to the page: [ 43.243878] page:ffffea000261d600 count:1 mapcount:0 mapping:ffff888098758080 index:0x0 [ 43.252009] flags: 0x1fffc0000000100(slab) [ 43.256307] raw: 01fffc0000000100 ffff888098758080 0000000000000000 000000010000000c [ 43.264163] raw: ffffea000215a4a0 ffff8880a9dce048 ffff8880a9e82d80 0000000000000000 [ 43.272106] page dumped because: kasan: bad access detected [ 43.277802] [ 43.279409] Memory state around the buggy address: [ 43.284313] ffff888098758a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.291648] ffff888098758a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.298993] >ffff888098758b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.306340] ^ [ 43.310215] ffff888098758b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.317550] ffff888098758c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.324884] ================================================================== [ 43.332225] Disabling lock debugging due to kernel taint [ 43.337986] Kernel panic - not syncing: panic_on_warn set ... [ 43.337986] [ 43.345364] CPU: 0 PID: 7020 Comm: syz-executor878 Tainted: G B 4.14.150 #0 [ 43.353568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.363072] Call Trace: [ 43.365642] dump_stack+0x138/0x197 [ 43.369247] ? bpf_clone_redirect+0x2de/0x2f0 [ 43.373726] panic+0x1f9/0x42d [ 43.376892] ? add_taint.cold+0x16/0x16 [ 43.380845] kasan_end_report+0x47/0x4f [ 43.384801] kasan_report.cold+0x130/0x2af [ 43.389018] __asan_report_load8_noabort+0x14/0x20 [ 43.393930] bpf_clone_redirect+0x2de/0x2f0 [ 43.398229] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 43.402968] ? SyS_bpf+0x6ad/0x2da8 [ 43.406569] bpf_prog_5dcdee4b6441ca99+0x57c/0x1000 [ 43.411580] ? trace_hardirqs_on+0x10/0x10 [ 43.415798] ? trace_hardirqs_on+0x10/0x10 [ 43.420009] ? bpf_test_run+0x44/0x330 [ 43.423877] ? find_held_lock+0x35/0x130 [ 43.427925] ? bpf_test_run+0x44/0x330 [ 43.431801] ? lock_acquire+0x16f/0x430 [ 43.435754] ? check_preemption_disabled+0x3c/0x250 [ 43.440745] ? bpf_test_run+0xa8/0x330 [ 43.444629] ? bpf_prog_test_run_skb+0x6c2/0x9a0 [ 43.449363] ? bpf_test_init.isra.0+0xe0/0xe0 [ 43.453832] ? __bpf_prog_get+0x153/0x1a0 [ 43.457954] ? SyS_bpf+0x6ad/0x2da8 [ 43.461560] ? __do_page_fault+0x4e9/0xb80 [ 43.465768] ? bpf_test_init.isra.0+0xe0/0xe0 [ 43.470240] ? bpf_prog_get+0x20/0x20 [ 43.474015] ? lock_downgrade+0x740/0x740 [ 43.478136] ? up_read+0x1a/0x40 [ 43.481486] ? __do_page_fault+0x358/0xb80 [ 43.485697] ? bpf_prog_get+0x20/0x20 [ 43.489481] ? do_syscall_64+0x1e8/0x640 [ 43.493528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.498349] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 43.505040] Kernel Offset: disabled [ 43.508660] Rebooting in 86400 seconds..