Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. [ 44.408275] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.536534] audit: type=1400 audit(1563539022.366:36): avc: denied { map } for pid=7055 comm="syz-executor320" path="/root/syz-executor320046933" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.565038] ================================================================== [ 44.572822] BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2de/0x2f0 [ 44.580291] Read of size 8 at addr ffff888097382110 by task syz-executor320/7055 [ 44.587933] [ 44.589948] CPU: 1 PID: 7055 Comm: syz-executor320 Not tainted 4.14.133 #28 [ 44.597133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.606485] Call Trace: [ 44.609127] dump_stack+0x138/0x19c [ 44.612746] ? bpf_clone_redirect+0x2de/0x2f0 [ 44.617357] print_address_description.cold+0x7c/0x1dc [ 44.623280] ? bpf_clone_redirect+0x2de/0x2f0 [ 44.627774] kasan_report.cold+0xa9/0x2af [ 44.631927] __asan_report_load8_noabort+0x14/0x20 [ 44.636848] bpf_clone_redirect+0x2de/0x2f0 [ 44.641160] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 44.645955] ? SyS_bpf+0x749/0x38f3 [ 44.649774] bpf_prog_952a9deb36fe58b9+0x4c8/0x1000 [ 44.654794] ? trace_hardirqs_on+0x10/0x10 [ 44.659031] ? trace_hardirqs_on+0x10/0x10 [ 44.663256] ? bpf_test_run+0x44/0x330 [ 44.667145] ? find_held_lock+0x35/0x130 [ 44.671219] ? bpf_test_run+0x44/0x330 [ 44.675104] ? lock_acquire+0x16f/0x430 [ 44.679081] ? check_preemption_disabled+0x3c/0x250 [ 44.684406] ? bpf_test_run+0xa8/0x330 [ 44.688349] ? bpf_prog_test_run_skb+0x6c2/0x9a0 [ 44.693245] ? bpf_test_init.isra.0+0xe0/0xe0 [ 44.697826] ? __bpf_prog_get+0x153/0x1a0 [ 44.702003] ? SyS_bpf+0x749/0x38f3 [ 44.705626] ? __do_page_fault+0x4e9/0xb80 [ 44.709870] ? bpf_test_init.isra.0+0xe0/0xe0 [ 44.714505] ? bpf_prog_get+0x20/0x20 [ 44.718380] ? lock_downgrade+0x6e0/0x6e0 [ 44.722732] ? up_read+0x1a/0x40 [ 44.726089] ? __do_page_fault+0x358/0xb80 [ 44.730416] ? bpf_prog_get+0x20/0x20 [ 44.736799] ? do_syscall_64+0x1e8/0x640 [ 44.740964] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.745911] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.751283] [ 44.752991] Allocated by task 0: [ 44.757207] (stack is not available) [ 44.761541] [ 44.763331] Freed by task 0: [ 44.768302] (stack is not available) [ 44.772008] [ 44.773634] The buggy address belongs to the object at ffff888097382080 [ 44.773634] which belongs to the cache skbuff_head_cache of size 232 [ 44.787068] The buggy address is located 144 bytes inside of [ 44.787068] 232-byte region [ffff888097382080, ffff888097382168) [ 44.799028] The buggy address belongs to the page: [ 44.804080] page:ffffea00025ce080 count:1 mapcount:0 mapping:ffff888097382080 index:0x0 [ 44.812736] flags: 0x1fffc0000000100(slab) [ 44.817627] raw: 01fffc0000000100 ffff888097382080 0000000000000000 000000010000000c [ 44.825573] raw: ffffea00024b86e0 ffffea00024a9260 ffff88821b719240 0000000000000000 [ 44.834146] page dumped because: kasan: bad access detected [ 44.839984] [ 44.841597] Memory state around the buggy address: [ 44.846816] ffff888097382000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.854698] ffff888097382080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.862756] >ffff888097382100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.870930] ^ [ 44.875101] ffff888097382180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.882571] ffff888097382200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.890121] ================================================================== [ 44.897615] Disabling lock debugging due to kernel taint [ 44.903543] Kernel panic - not syncing: panic_on_warn set ... [ 44.903543] [ 44.911706] CPU: 1 PID: 7055 Comm: syz-executor320 Tainted: G B 4.14.133 #28 [ 44.920054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.929530] Call Trace: [ 44.932222] dump_stack+0x138/0x19c [ 44.935908] ? bpf_clone_redirect+0x2de/0x2f0 [ 44.940803] panic+0x1f2/0x426 [ 44.944008] ? add_taint.cold+0x16/0x16 [ 44.948032] kasan_end_report+0x47/0x4f [ 44.952014] kasan_report.cold+0x130/0x2af [ 44.956246] __asan_report_load8_noabort+0x14/0x20 [ 44.961263] bpf_clone_redirect+0x2de/0x2f0 [ 44.965602] ? bpf_prog_test_run_skb+0x157/0x9a0 [ 44.970348] ? SyS_bpf+0x749/0x38f3 [ 44.973996] bpf_prog_952a9deb36fe58b9+0x4c8/0x1000 [ 44.979065] ? trace_hardirqs_on+0x10/0x10 [ 44.983346] ? trace_hardirqs_on+0x10/0x10 [ 44.987668] ? bpf_test_run+0x44/0x330 [ 44.991545] ? find_held_lock+0x35/0x130 [ 44.995666] ? bpf_test_run+0x44/0x330 [ 44.999558] ? lock_acquire+0x16f/0x430 [ 45.003732] ? check_preemption_disabled+0x3c/0x250 [ 45.009489] ? bpf_test_run+0xa8/0x330 [ 45.013522] ? bpf_prog_test_run_skb+0x6c2/0x9a0 [ 45.018537] ? bpf_test_init.isra.0+0xe0/0xe0 [ 45.023027] ? __bpf_prog_get+0x153/0x1a0 [ 45.027358] ? SyS_bpf+0x749/0x38f3 [ 45.030995] ? __do_page_fault+0x4e9/0xb80 [ 45.035383] ? bpf_test_init.isra.0+0xe0/0xe0 [ 45.039894] ? bpf_prog_get+0x20/0x20 [ 45.043715] ? lock_downgrade+0x6e0/0x6e0 [ 45.048083] ? up_read+0x1a/0x40 [ 45.051928] ? __do_page_fault+0x358/0xb80 [ 45.056260] ? bpf_prog_get+0x20/0x20 [ 45.060072] ? do_syscall_64+0x1e8/0x640 [ 45.064507] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.069400] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.076015] Kernel Offset: disabled [ 45.079685] Rebooting in 86400 seconds..