Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. [ 108.027690] random: sshd: uninitialized urandom read (32 bytes read) [ 108.168969] audit: type=1400 audit(1536806294.113:7): avc: denied { map } for pid=5572 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/09/13 02:38:14 parsed 1 programs [ 108.695110] audit: type=1400 audit(1536806294.643:8): avc: denied { map } for pid=5572 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14717 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 109.357633] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/13 02:38:16 executed programs: 0 [ 110.888747] audit: type=1400 audit(1536806296.833:9): avc: denied { map } for pid=5572 comm="syz-execprog" path="/root/syzkaller-shm301436805" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 110.923963] IPVS: ftp: loaded support on port[0] = 21 [ 111.183666] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.190415] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.197964] device bridge_slave_0 entered promiscuous mode [ 111.217342] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.223877] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.230944] device bridge_slave_1 entered promiscuous mode [ 111.249090] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 111.268462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 111.321539] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 111.342670] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 111.423448] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 111.430906] team0: Port device team_slave_0 added [ 111.449349] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.456720] team0: Port device team_slave_1 added [ 111.474483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.496234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.515872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.536511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.691986] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.698656] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.705845] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.712187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.261224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.319465] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 112.374099] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 112.380289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 112.390234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.436605] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.748620] audit: type=1400 audit(1536806298.693:10): avc: denied { map_create } for pid=5842 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 112.772182] audit: type=1400 audit(1536806298.713:11): avc: denied { map_read map_write } for pid=5842 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 112.882736] ================================================================== [ 112.890280] BUG: KASAN: use-after-free in __dev_map_entry_free+0x2ab/0x300 [ 112.897285] Read of size 8 at addr ffff8801bcb23b08 by task ksoftirqd/1/18 [ 112.904282] [ 112.904300] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc3+ #12 [ 112.904306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.912846] Call Trace: [ 112.912867] dump_stack+0x1c4/0x2b4 [ 112.912878] ? dump_stack_print_info.cold.2+0x52/0x52 [ 112.912888] ? printk+0xa7/0xcf [ 112.912897] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 112.912912] print_address_description.cold.8+0x9/0x1ff [ 112.912925] kasan_report.cold.9+0x242/0x309 [ 112.951557] ? __dev_map_entry_free+0x2ab/0x300 [ 112.956274] __asan_report_load8_noabort+0x14/0x20 [ 112.956284] __dev_map_entry_free+0x2ab/0x300 [ 112.956293] ? dev_map_delete_elem+0x120/0x120 [ 112.956307] rcu_process_callbacks+0xf23/0x2670 [ 112.956321] ? __rcu_read_unlock+0x2f0/0x2f0 [ 112.956333] ? lock_is_held_type+0x210/0x210 [ 112.956347] ? graph_lock+0x170/0x170 [ 112.987619] ? graph_lock+0x170/0x170 [ 112.991451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.996984] ? check_preemption_disabled+0x48/0x200 [ 113.001998] ? check_preemption_disabled+0x48/0x200 [ 113.007026] ? finish_task_switch+0x1f5/0x900 [ 113.011515] ? _raw_spin_unlock_irq+0x27/0x80 [ 113.016006] ? _raw_spin_unlock_irq+0x27/0x80 [ 113.020497] ? lockdep_hardirqs_on+0x421/0x5c0 [ 113.025080] ? trace_hardirqs_on+0xbd/0x310 [ 113.029577] ? kasan_check_read+0x11/0x20 [ 113.033728] ? finish_task_switch+0x1f5/0x900 [ 113.038217] ? compat_start_thread+0x80/0x80 [ 113.042680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.042699] ? _raw_spin_unlock_irq+0x60/0x80 [ 113.042722] ? finish_task_switch+0x1f5/0x900 [ 113.057238] ? finish_task_switch+0x1b5/0x900 [ 113.061757] ? __switch_to_asm+0x34/0x70 [ 113.065830] ? preempt_notifier_register+0x200/0x200 [ 113.070937] ? __switch_to_asm+0x34/0x70 [ 113.075056] ? __switch_to_asm+0x34/0x70 [ 113.075065] ? __switch_to_asm+0x40/0x70 [ 113.075071] ? __switch_to_asm+0x34/0x70 [ 113.075078] ? __switch_to_asm+0x40/0x70 [ 113.075085] ? __switch_to_asm+0x34/0x70 [ 113.075097] ? __switch_to_asm+0x40/0x70 [ 113.083255] ? __switch_to_asm+0x34/0x70 [ 113.083264] ? __switch_to_asm+0x40/0x70 [ 113.083279] ? pvclock_read_flags+0x160/0x160 [ 113.083291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.083305] ? check_preemption_disabled+0x48/0x200 [ 113.112233] ? check_preemption_disabled+0x48/0x200 [ 113.112263] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 113.122862] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 113.122876] ? rcu_pm_notify+0xc0/0xc0 [ 113.122896] __do_softirq+0x30b/0xad8 [ 113.122914] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 113.151526] ? schedule+0x108/0x460 [ 113.155168] ? trace_hardirqs_off+0xb8/0x310 [ 113.159579] ? ___might_sleep+0x1ed/0x300 [ 113.163752] ? smpboot_thread_fn+0x68b/0xa00 [ 113.168186] ? trace_hardirqs_on+0x310/0x310 [ 113.172610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.178160] ? check_preemption_disabled+0x48/0x200 [ 113.183182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.188735] ? takeover_tasklets+0xa90/0xa90 [ 113.188747] run_ksoftirqd+0x94/0x100 [ 113.188759] smpboot_thread_fn+0x68b/0xa00 [ 113.188773] ? sort_range+0x30/0x30 [ 113.197014] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 113.197037] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.215751] ? __kthread_parkme+0xfb/0x1a0 [ 113.220002] kthread+0x35a/0x420 [ 113.223377] ? sort_range+0x30/0x30 [ 113.227012] ? kthread_bind+0x40/0x40 [ 113.230916] ret_from_fork+0x3a/0x50 [ 113.234631] [ 113.236247] Allocated by task 5862: [ 113.239874] save_stack+0x43/0xd0 [ 113.243317] kasan_kmalloc+0xc7/0xe0 [ 113.243327] kmem_cache_alloc_trace+0x152/0x750 [ 113.243336] dev_map_alloc+0x210/0x810 [ 113.243345] map_create+0x3bd/0x10f0 [ 113.243358] __x64_sys_bpf+0x303/0x510 [ 113.251776] do_syscall_64+0x1b9/0x820 [ 113.251790] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.251804] [ 113.274159] Freed by task 5859: [ 113.277657] save_stack+0x43/0xd0 [ 113.281110] __kasan_slab_free+0x102/0x150 [ 113.285351] kasan_slab_free+0xe/0x10 [ 113.289499] kfree+0xcf/0x230 [ 113.289513] dev_map_free+0x514/0x690 [ 113.296430] bpf_map_free_deferred+0xba/0xf0 [ 113.296439] process_one_work+0xc90/0x1b90 [ 113.296451] worker_thread+0x17f/0x1390 [ 113.309129] kthread+0x35a/0x420 [ 113.312566] ret_from_fork+0x3a/0x50 [ 113.316272] [ 113.317890] The buggy address belongs to the object at ffff8801bcb23a00 [ 113.317890] which belongs to the cache kmalloc-512 of size 512 [ 113.330646] The buggy address is located 264 bytes inside of [ 113.330646] 512-byte region [ffff8801bcb23a00, ffff8801bcb23c00) [ 113.330651] The buggy address belongs to the page: [ 113.330660] page:ffffea0006f2c8c0 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 [ 113.347508] flags: 0x2fffc0000000100(slab) [ 113.347522] raw: 02fffc0000000100 ffffea0006efd388 ffffea00070a0848 ffff8801da800940 [ 113.347531] raw: 0000000000000000 ffff8801bcb23000 0000000100000006 0000000000000000 [ 113.375728] page dumped because: kasan: bad access detected [ 113.381446] [ 113.383063] Memory state around the buggy address: [ 113.383075] ffff8801bcb23a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.383081] ffff8801bcb23a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.383087] >ffff8801bcb23b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.383091] ^ [ 113.383097] ffff8801bcb23b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.383103] ffff8801bcb23c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.383106] ================================================================== [ 113.383109] Disabling lock debugging due to kernel taint [ 113.383162] Kernel panic - not syncing: panic_on_warn set ... [ 113.383162] [ 113.412973] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.413908] CPU: 1 PID: 18 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc3+ #12 [ 113.423657] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.428699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.428710] Call Trace: [ 113.428730] dump_stack+0x1c4/0x2b4 [ 113.452314] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.455271] ? dump_stack_print_info.cold.2+0x52/0x52 [ 113.467122] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.472952] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 113.472964] panic+0x238/0x4e7 [ 113.472977] ? add_taint.cold.5+0x16/0x16 [ 113.497900] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.500149] ? trace_hardirqs_on+0xb4/0x310 [ 113.511452] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.514385] kasan_end_report+0x47/0x4f [ 113.514397] kasan_report.cold.9+0x76/0x309 [ 113.533927] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.541836] ? __dev_map_entry_free+0x2ab/0x300 [ 113.541853] __asan_report_load8_noabort+0x14/0x20 [ 113.549594] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.550127] __dev_map_entry_free+0x2ab/0x300 [ 113.550135] ? dev_map_delete_elem+0x120/0x120 [ 113.550164] rcu_process_callbacks+0xf23/0x2670 [ 113.572153] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.575549] ? __rcu_read_unlock+0x2f0/0x2f0 [ 113.575563] ? lock_is_held_type+0x210/0x210 [ 113.575576] ? graph_lock+0x170/0x170 [ 113.581923] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.584689] ? graph_lock+0x170/0x170 [ 113.584711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.584725] ? check_preemption_disabled+0x48/0x200 [ 113.606957] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.608326] ? check_preemption_disabled+0x48/0x200 [ 113.620750] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.621569] ? finish_task_switch+0x1f5/0x900 [ 113.642463] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.643502] ? _raw_spin_unlock_irq+0x27/0x80 [ 113.655673] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.657682] ? _raw_spin_unlock_irq+0x27/0x80 [ 113.657698] ? lockdep_hardirqs_on+0x421/0x5c0 [ 113.687286] ? trace_hardirqs_on+0xbd/0x310 [ 113.689369] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.691769] ? kasan_check_read+0x11/0x20 [ 113.691781] ? finish_task_switch+0x1f5/0x900 [ 113.691789] ? compat_start_thread+0x80/0x80 [ 113.691799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.691810] ? _raw_spin_unlock_irq+0x60/0x80 [ 113.691817] ? finish_task_switch+0x1f5/0x900 [ 113.691824] ? finish_task_switch+0x1b5/0x900 [ 113.691831] ? __switch_to_asm+0x34/0x70 [ 113.691839] ? preempt_notifier_register+0x200/0x200 [ 113.691846] ? __switch_to_asm+0x34/0x70 [ 113.691852] ? __switch_to_asm+0x34/0x70 [ 113.691858] ? __switch_to_asm+0x40/0x70 [ 113.691864] ? __switch_to_asm+0x34/0x70 [ 113.691871] ? __switch_to_asm+0x40/0x70 [ 113.691877] ? __switch_to_asm+0x34/0x70 [ 113.691883] ? __switch_to_asm+0x40/0x70 [ 113.691889] ? __switch_to_asm+0x34/0x70 [ 113.691896] ? __switch_to_asm+0x40/0x70 [ 113.691905] ? pvclock_read_flags+0x160/0x160 [ 113.691912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.691920] ? check_preemption_disabled+0x48/0x200 [ 113.691926] ? check_preemption_disabled+0x48/0x200 [ 113.691938] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 113.691945] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 113.691953] ? rcu_pm_notify+0xc0/0xc0 [ 113.691964] __do_softirq+0x30b/0xad8 [ 113.691975] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 113.691990] ? schedule+0x108/0x460 [ 113.692007] ? trace_hardirqs_off+0xb8/0x310 [ 113.692020] ? ___might_sleep+0x1ed/0x300 [ 113.692039] ? smpboot_thread_fn+0x68b/0xa00 [ 113.702777] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.707117] ? trace_hardirqs_on+0x310/0x310 [ 113.707133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.707151] ? check_preemption_disabled+0x48/0x200 [ 113.737476] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.739698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.747973] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.751895] ? takeover_tasklets+0xa90/0xa90 [ 113.751912] run_ksoftirqd+0x94/0x100 [ 113.782630] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.786271] smpboot_thread_fn+0x68b/0xa00 [ 113.786288] ? sort_range+0x30/0x30 [ 113.793143] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.796331] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 113.828844] kobject: 'loop0' (00000000c76d86f9): kobject_uevent_env [ 113.832196] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.832211] ? __kthread_parkme+0xfb/0x1a0 [ 113.832225] kthread+0x35a/0x420 [ 113.832243] ? sort_range+0x30/0x30 [ 113.838790] kobject: 'loop0' (00000000c76d86f9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 113.846093] ? kthread_bind+0x40/0x40 [ 113.846108] ret_from_fork+0x3a/0x50 [ 113.852174] Kernel Offset: disabled [ 113.964412] Rebooting in 86400 seconds..