Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
[   33.026055] random: sshd: uninitialized urandom read (32 bytes read)
[   33.116027] audit: type=1400 audit(1548963972.055:7): avc:  denied  { map } for  pid=1769 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/01/31 19:46:12 parsed 1 programs
[   33.866967] audit: type=1400 audit(1548963972.805:8): avc:  denied  { map } for  pid=1769 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5005 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[   34.688112] random: cc1: uninitialized urandom read (8 bytes read)
2019/01/31 19:46:15 executed programs: 0
[   36.662742] audit: type=1400 audit(1548963975.605:9): avc:  denied  { map } for  pid=1769 comm="syz-execprog" path="/root/syzkaller-shm914552412" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   38.658803] ==================================================================
[   38.666229] BUG: KASAN: use-after-free in ip_local_deliver+0x43d/0x450
[   38.672879] Read of size 8 at addr ffff8881d03a6dd0 by task syz-executor0/1933
[   38.680377] 
[   38.682003] CPU: 1 PID: 1933 Comm: syz-executor0 Not tainted 4.14.96+ #20
[   38.689066] Call Trace:
[   38.691636]  <IRQ>
[   38.693777]  dump_stack+0xb9/0x10e
[   38.697295]  ? ip_local_deliver+0x43d/0x450
[   38.701672]  print_address_description+0x60/0x226
[   38.706505]  ? ip_local_deliver+0x43d/0x450
[   38.710942]  kasan_report.cold+0x88/0x2a5
[   38.715077]  ? ip_local_deliver+0x43d/0x450
[   38.719376]  ? ip_call_ra_chain+0x540/0x540
[   38.723676]  ? ip_options_compile+0x65b/0x1360
[   38.728235]  ? ip_rcv+0x99f/0xf7a
[   38.731666]  ? ip_rcv_finish+0x5c9/0x1490
[   38.735793]  ? ip_rcv+0x9e2/0xf7a
[   38.739228]  ? ip_local_deliver+0x450/0x450
[   38.743536]  ? ip_local_deliver_finish+0xa20/0xa20
[   38.748453]  ? check_preemption_disabled+0x35/0x1f0
[   38.753471]  ? ip_local_deliver+0x450/0x450
[   38.757774]  ? __netif_receive_skb_core+0x1364/0x2c60
[   38.762956]  ? trace_hardirqs_on+0x10/0x10
[   38.767177]  ? flush_backlog+0x580/0x580
[   38.771216]  ? lock_downgrade+0x5d0/0x5d0
[   38.775348]  ? lock_acquire+0x10f/0x380
[   38.779303]  ? __netif_receive_skb+0x55/0x1f0
[   38.783773]  ? __netif_receive_skb+0x55/0x1f0
[   38.788247]  ? process_backlog+0x1dc/0x640
[   38.792460]  ? net_rx_action+0x213/0xcd0
[   38.796499]  ? net_rx_action+0x36b/0xcd0
[   38.800601]  ? napi_complete_done+0x3a0/0x3a0
[   38.805086]  ? default_inquire_remote_apic+0x50/0x50
[   38.810165]  ? lapic_next_event+0x59/0x90
[   38.814305]  ? __do_softirq+0x234/0x9ca
[   38.818263]  ? do_softirq_own_stack+0x2a/0x40
[   38.822736]  </IRQ>
[   38.825005]  ? ip_finish_output2+0xa13/0x12f0
[   38.829482]  ? do_softirq.part.0+0x5b/0x60
[   38.833694]  ? __local_bh_enable_ip+0xb0/0xc0
[   38.838181]  ? ip_finish_output2+0xa46/0x12f0
[   38.842656]  ? ip_copy_addrs+0xd0/0xd0
[   38.846521]  ? ip_output+0x397/0x520
[   38.850212]  ? iptable_nat_ipv4_fn+0x30/0x30
[   38.854603]  ? ip_finish_output+0x3ad/0xc70
[   38.858901]  ? ip_finish_output+0x3ad/0xc70
[   38.863205]  ? ip_output+0x1cf/0x520
[   38.866895]  ? ip_mc_output+0xbe0/0xbe0
[   38.870853]  ? ip_fragment.constprop.0+0x200/0x200
[   38.875762]  ? iptable_security_hook+0x174/0x1e0
[   38.880498]  ? check_preemption_disabled+0x35/0x1f0
[   38.885494]  ? raw_sendmsg+0x1be0/0x2270
[   38.889537]  ? raw_seq_next+0x80/0x80
[   38.893320]  ? avc_has_perm_noaudit+0x2d0/0x2d0
[   38.897983]  ? deref_stack_reg+0xe0/0xe0
[   38.902080]  ? ip4_datagram_release_cb+0x990/0x990
[   38.907065]  ? sock_has_perm+0x1d3/0x260
[   38.911110]  ? selinux_tun_dev_create+0xb0/0xb0
[   38.915766]  ? __lock_acquire+0x56a/0x3fa0
[   38.919981]  ? inet_sendmsg+0x14a/0x510
[   38.924003]  ? inet_recvmsg+0x540/0x540
[   38.927964]  ? sock_sendmsg+0xb7/0x100
[   38.931996]  ? sock_no_sendpage+0x132/0x1a0
[   38.936299]  ? sock_rfree+0x140/0x140
[   38.940079]  ? current_time+0x16/0xb0
[   38.943865]  ? timespec_trunc+0xc9/0x140
[   38.947908]  ? current_time+0x16/0xb0
[   38.951690]  ? inet_sendpage+0x1bb/0x5c0
[   38.955744]  ? inet_getname+0x390/0x390
[   38.959784]  ? kernel_sendpage+0x84/0xd0
[   38.963826]  ? sock_sendpage+0x84/0xa0
[   38.967701]  ? pipe_to_sendpage+0x23d/0x300
[   38.972027]  ? kernel_sendpage+0xd0/0xd0
[   38.976066]  ? direct_splice_actor+0x160/0x160
[   38.980625]  ? splice_from_pipe_next.part.0+0x1e4/0x290
[   38.985968]  ? __splice_from_pipe+0x331/0x740
[   38.990456]  ? direct_splice_actor+0x160/0x160
[   38.995037]  ? direct_splice_actor+0x160/0x160
[   38.999598]  ? splice_from_pipe+0xd9/0x140
[   39.003813]  ? splice_shrink_spd+0xb0/0xb0
[   39.008032]  ? security_file_permission+0x88/0x1e0
[   39.012944]  ? splice_from_pipe+0x140/0x140
[   39.017265]  ? direct_splice_actor+0x118/0x160
[   39.021833]  ? splice_direct_to_actor+0x292/0x760
[   39.026654]  ? generic_pipe_buf_nosteal+0x10/0x10
[   39.031602]  ? do_splice_to+0x150/0x150
[   39.035567]  ? security_file_permission+0x88/0x1e0
[   39.040501]  ? do_splice_direct+0x177/0x240
[   39.044802]  ? splice_direct_to_actor+0x760/0x760
[   39.049626]  ? security_file_permission+0x88/0x1e0
[   39.054546]  ? do_sendfile+0x493/0xb20
[   39.058416]  ? do_compat_pwritev64+0x170/0x170
[   39.063037]  ? put_timespec64+0xbe/0x110
[   39.067083]  ? nsecs_to_jiffies+0x30/0x30
[   39.071228]  ? SyS_sendfile64+0x11f/0x140
[   39.075356]  ? SyS_sendfile+0x150/0x150
[   39.079307]  ? do_clock_gettime+0xd0/0xd0
[   39.083431]  ? do_syscall_64+0x43/0x4b0
[   39.087388]  ? SyS_sendfile+0x150/0x150
[   39.091343]  ? do_syscall_64+0x19b/0x4b0
[   39.095385]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.100730] 
[   39.102359] Allocated by task 1933:
[   39.105980]  kasan_kmalloc.part.0+0x4f/0xd0
[   39.111933]  kmem_cache_alloc+0xd2/0x2d0
[   39.115976]  __alloc_skb+0xd7/0x550
[   39.119590]  alloc_skb_with_frags+0x85/0x500
[   39.123976]  sock_alloc_send_pskb+0x5a5/0x6f0
[   39.128448]  raw_sendmsg+0x1016/0x2270
[   39.132312]  inet_sendmsg+0x14a/0x510
[   39.136088]  sock_sendmsg+0xb7/0x100
[   39.139803]  sock_no_sendpage+0x132/0x1a0
[   39.143933]  inet_sendpage+0x1bb/0x5c0
[   39.147797]  kernel_sendpage+0x84/0xd0
[   39.151660]  sock_sendpage+0x84/0xa0
[   39.155353]  pipe_to_sendpage+0x23d/0x300
[   39.159477]  __splice_from_pipe+0x331/0x740
[   39.163775]  splice_from_pipe+0xd9/0x140
[   39.167812]  direct_splice_actor+0x118/0x160
[   39.172195]  splice_direct_to_actor+0x292/0x760
[   39.176848]  do_splice_direct+0x177/0x240
[   39.181028]  do_sendfile+0x493/0xb20
[   39.184732]  SyS_sendfile64+0x11f/0x140
[   39.188685]  do_syscall_64+0x19b/0x4b0
[   39.192551] 
[   39.194154] Freed by task 1933:
[   39.197449]  kasan_slab_free+0xb0/0x190
[   39.201397]  kmem_cache_free+0xc4/0x330
[   39.205350]  kfree_skbmem+0xa0/0x100
[   39.209049]  kfree_skb+0xcd/0x350
[   39.212533]  ip_defrag+0x5f4/0x3b50
[   39.216141]  ip_local_deliver+0x165/0x450
[   39.220264]  ip_rcv_finish+0x5c9/0x1490
[   39.224213]  ip_rcv+0x9e2/0xf7a
[   39.227476]  __netif_receive_skb_core+0x1364/0x2c60
[   39.232482]  __netif_receive_skb+0x55/0x1f0
[   39.236785]  process_backlog+0x1dc/0x640
[   39.240831]  net_rx_action+0x36b/0xcd0
[   39.244699] 
[   39.246310] The buggy address belongs to the object at ffff8881d03a6dc0
[   39.246310]  which belongs to the cache skbuff_head_cache of size 224
[   39.259579] The buggy address is located 16 bytes inside of
[   39.259579]  224-byte region [ffff8881d03a6dc0, ffff8881d03a6ea0)
[   39.271344] The buggy address belongs to the page:
[   39.276249] page:ffffea000740e980 count:1 mapcount:0 mapping:          (null) index:0x0
[   39.284371] flags: 0x4000000000000100(slab)
[   39.288669] raw: 4000000000000100 0000000000000000 0000000000000000 00000001800c000c
[   39.296526] raw: dead000000000100 dead000000000200 ffff8881dab58200 0000000000000000
[   39.304379] page dumped because: kasan: bad access detected
[   39.310060] 
[   39.311668] Memory state around the buggy address:
[   39.316586]  ffff8881d03a6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.323925]  ffff8881d03a6d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   39.331265] >ffff8881d03a6d80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   39.338596]                                                  ^
[   39.344546]  ffff8881d03a6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.351885]  ffff8881d03a6e80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   39.359216] ==================================================================
[   39.366636] Disabling lock debugging due to kernel taint
[   39.372115] Kernel panic - not syncing: panic_on_warn set ...
[   39.372115] 
[   39.379463] CPU: 1 PID: 1933 Comm: syz-executor0 Tainted: G    B           4.14.96+ #20
[   39.387856] Call Trace:
[   39.390421]  <IRQ>
[   39.392563]  dump_stack+0xb9/0x10e
[   39.396084]  panic+0x1d9/0x3c2
[   39.399250]  ? add_taint.cold+0x16/0x16
[   39.403204]  ? retint_kernel+0x2d/0x2d
[   39.407071]  ? ip_local_deliver+0x43d/0x450
[   39.411367]  kasan_end_report+0x43/0x49
[   39.415317]  kasan_report.cold+0xa4/0x2a5
[   39.419442]  ? ip_local_deliver+0x43d/0x450
[   39.423737]  ? ip_call_ra_chain+0x540/0x540
[   39.428035]  ? ip_options_compile+0x65b/0x1360
[   39.432597]  ? ip_rcv+0x99f/0xf7a
[   39.436038]  ? ip_rcv_finish+0x5c9/0x1490
[   39.440164]  ? ip_rcv+0x9e2/0xf7a
[   39.443597]  ? ip_local_deliver+0x450/0x450
[   39.447900]  ? ip_local_deliver_finish+0xa20/0xa20
[   39.452962]  ? check_preemption_disabled+0x35/0x1f0
[   39.457963]  ? ip_local_deliver+0x450/0x450
[   39.462266]  ? __netif_receive_skb_core+0x1364/0x2c60
[   39.467440]  ? trace_hardirqs_on+0x10/0x10
[   39.471725]  ? flush_backlog+0x580/0x580
[   39.475768]  ? lock_downgrade+0x5d0/0x5d0
[   39.479896]  ? lock_acquire+0x10f/0x380
[   39.483849]  ? __netif_receive_skb+0x55/0x1f0
[   39.488322]  ? __netif_receive_skb+0x55/0x1f0
[   39.492792]  ? process_backlog+0x1dc/0x640
[   39.497007]  ? net_rx_action+0x213/0xcd0
[   39.501044]  ? net_rx_action+0x36b/0xcd0
[   39.505178]  ? napi_complete_done+0x3a0/0x3a0
[   39.509663]  ? default_inquire_remote_apic+0x50/0x50
[   39.514753]  ? lapic_next_event+0x59/0x90
[   39.519139]  ? __do_softirq+0x234/0x9ca
[   39.523138]  ? do_softirq_own_stack+0x2a/0x40
[   39.527612]  </IRQ>
[   39.529830]  ? ip_finish_output2+0xa13/0x12f0
[   39.534306]  ? do_softirq.part.0+0x5b/0x60
[   39.538523]  ? __local_bh_enable_ip+0xb0/0xc0
[   39.542997]  ? ip_finish_output2+0xa46/0x12f0
[   39.547471]  ? ip_copy_addrs+0xd0/0xd0
[   39.551336]  ? ip_output+0x397/0x520
[   39.555028]  ? iptable_nat_ipv4_fn+0x30/0x30
[   39.559413]  ? ip_finish_output+0x3ad/0xc70
[   39.563837]  ? ip_finish_output+0x3ad/0xc70
[   39.568137]  ? ip_output+0x1cf/0x520
[   39.571843]  ? ip_mc_output+0xbe0/0xbe0
[   39.575803]  ? ip_fragment.constprop.0+0x200/0x200
[   39.580721]  ? iptable_security_hook+0x174/0x1e0
[   39.585455]  ? check_preemption_disabled+0x35/0x1f0
[   39.590446]  ? raw_sendmsg+0x1be0/0x2270
[   39.594486]  ? raw_seq_next+0x80/0x80
[   39.598261]  ? avc_has_perm_noaudit+0x2d0/0x2d0
[   39.602958]  ? deref_stack_reg+0xe0/0xe0
[   39.607005]  ? ip4_datagram_release_cb+0x990/0x990
[   39.611918]  ? sock_has_perm+0x1d3/0x260
[   39.615957]  ? selinux_tun_dev_create+0xb0/0xb0
[   39.620605]  ? __lock_acquire+0x56a/0x3fa0
[   39.624822]  ? inet_sendmsg+0x14a/0x510
[   39.628774]  ? inet_recvmsg+0x540/0x540
[   39.632726]  ? sock_sendmsg+0xb7/0x100
[   39.636591]  ? sock_no_sendpage+0x132/0x1a0
[   39.641409]  ? sock_rfree+0x140/0x140
[   39.645188]  ? current_time+0x16/0xb0
[   39.648966]  ? timespec_trunc+0xc9/0x140
[   39.653003]  ? current_time+0x16/0xb0
[   39.656789]  ? inet_sendpage+0x1bb/0x5c0
[   39.660836]  ? inet_getname+0x390/0x390
[   39.664782]  ? kernel_sendpage+0x84/0xd0
[   39.668823]  ? sock_sendpage+0x84/0xa0
[   39.672689]  ? pipe_to_sendpage+0x23d/0x300
[   39.676986]  ? kernel_sendpage+0xd0/0xd0
[   39.681020]  ? direct_splice_actor+0x160/0x160
[   39.685577]  ? splice_from_pipe_next.part.0+0x1e4/0x290
[   39.690938]  ? __splice_from_pipe+0x331/0x740
[   39.695411]  ? direct_splice_actor+0x160/0x160
[   39.699994]  ? direct_splice_actor+0x160/0x160
[   39.704560]  ? splice_from_pipe+0xd9/0x140
[   39.708769]  ? splice_shrink_spd+0xb0/0xb0
[   39.712998]  ? security_file_permission+0x88/0x1e0
[   39.717914]  ? splice_from_pipe+0x140/0x140
[   39.722210]  ? direct_splice_actor+0x118/0x160
[   39.726765]  ? splice_direct_to_actor+0x292/0x760
[   39.731635]  ? generic_pipe_buf_nosteal+0x10/0x10
[   39.736468]  ? do_splice_to+0x150/0x150
[   39.740422]  ? security_file_permission+0x88/0x1e0
[   39.745329]  ? do_splice_direct+0x177/0x240
[   39.749634]  ? splice_direct_to_actor+0x760/0x760
[   39.754520]  ? security_file_permission+0x88/0x1e0
[   39.759557]  ? do_sendfile+0x493/0xb20
[   39.763529]  ? do_compat_pwritev64+0x170/0x170
[   39.768095]  ? put_timespec64+0xbe/0x110
[   39.772136]  ? nsecs_to_jiffies+0x30/0x30
[   39.776263]  ? SyS_sendfile64+0x11f/0x140
[   39.780386]  ? SyS_sendfile+0x150/0x150
[   39.784335]  ? do_clock_gettime+0xd0/0xd0
[   39.788466]  ? do_syscall_64+0x43/0x4b0
[   39.792424]  ? SyS_sendfile+0x150/0x150
[   39.796375]  ? do_syscall_64+0x19b/0x4b0
[   39.800417]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.806274] Kernel Offset: 0x13e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   39.817168] Rebooting in 86400 seconds..