Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. 2018/12/26 09:55:39 parsed 1 programs 2018/12/26 09:55:41 executed programs: 0 [ 494.168790] audit: type=1400 audit(1545818141.968:5): avc: denied { sys_admin } for pid=2161 comm="syz-executor1" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 494.350391] audit: type=1400 audit(1545818142.148:6): avc: denied { net_admin } for pid=2165 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 497.296815] audit: type=1400 audit(1545818145.098:7): avc: denied { sys_chroot } for pid=2165 comm="syz-executor5" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 497.327790] audit: type=1400 audit(1545818145.128:8): avc: denied { associate } for pid=2171 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 497.950526] ================================================================== [ 497.957943] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 497.964706] Read of size 8 at addr ffff8801cb84e2e0 by task blkid/3937 [ 497.971364] [ 497.973000] CPU: 0 PID: 3937 Comm: blkid Not tainted 4.9.141+ #23 [ 497.979222] ffff8801cb4bf6f8 ffffffff81b42e79 ffffea00072e1200 ffff8801cb84e2e0 [ 497.987330] 0000000000000000 ffff8801cb84e2e0 0000000000000000 ffff8801cb4bf730 [ 497.995407] ffffffff815009b8 ffff8801cb84e2e0 0000000000000008 0000000000000000 [ 498.003444] Call Trace: [ 498.006027] [] dump_stack+0xc1/0x128 [ 498.011373] [] print_address_description+0x6c/0x234 [ 498.018017] [] kasan_report.cold.6+0x242/0x2fe [ 498.024219] [] ? disk_unblock_events+0x51/0x60 [ 498.030424] [] __asan_report_load8_noabort+0x14/0x20 [ 498.037151] [] disk_unblock_events+0x51/0x60 [ 498.043181] [] __blkdev_get+0x6b6/0xd60 [ 498.048778] [] ? __blkdev_put+0x840/0x840 [ 498.054789] [] ? fsnotify+0x114/0x1100 [ 498.060298] [] blkdev_get+0x2da/0x920 [ 498.065721] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 498.072443] [] ? bd_may_claim+0xd0/0xd0 [ 498.078047] [] ? bd_acquire+0x27/0x250 [ 498.083678] [] ? bd_acquire+0x88/0x250 [ 498.089224] [] ? _raw_spin_unlock+0x2c/0x50 [ 498.095171] [] blkdev_open+0x1a5/0x250 [ 498.100782] [] do_dentry_open+0x3ef/0xc90 [ 498.106550] [] ? blkdev_get_by_dev+0x70/0x70 [ 498.112584] [] vfs_open+0x11c/0x210 [ 498.117833] [] ? may_open.isra.20+0x14f/0x2a0 [ 498.123947] [] path_openat+0x542/0x2790 [ 498.129542] [] ? path_mountpoint+0x6c0/0x6c0 [ 498.135658] [] ? trace_hardirqs_on+0x10/0x10 [ 498.141687] [] ? expand_files.part.3+0x3a9/0x6d0 [ 498.148064] [] do_filp_open+0x197/0x270 [ 498.153658] [] ? may_open_dev+0xe0/0xe0 [ 498.159253] [] ? _raw_spin_unlock+0x2c/0x50 [ 498.165223] [] ? __alloc_fd+0x1d7/0x4a0 [ 498.170821] [] do_sys_open+0x30d/0x5c0 [ 498.176332] [] ? filp_open+0x70/0x70 [ 498.181680] [] ? up_read+0x1a/0x40 [ 498.186846] [] SyS_open+0x2d/0x40 [ 498.191921] [] ? do_sys_open+0x5c0/0x5c0 [ 498.197623] [] do_syscall_64+0x19f/0x550 [ 498.203304] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 498.210384] [ 498.211988] Allocated by task 3918: [ 498.215600] save_stack_trace+0x16/0x20 [ 498.219549] kasan_kmalloc.part.1+0x62/0xf0 [ 498.223841] kasan_kmalloc+0xaf/0xc0 [ 498.227535] kmem_cache_alloc_trace+0x117/0x2e0 [ 498.232190] alloc_disk_node+0x54/0x3a0 [ 498.236139] alloc_disk+0x18/0x20 [ 498.239569] loop_add+0x368/0x7a0 [ 498.243111] loop_probe+0x14f/0x180 [ 498.246709] kobj_lookup+0x223/0x410 [ 498.250393] get_gendisk+0x39/0x2d0 [ 498.254014] __blkdev_get+0x351/0xd60 [ 498.257794] blkdev_get+0x488/0x920 [ 498.261390] blkdev_open+0x1a5/0x250 [ 498.265075] do_dentry_open+0x3ef/0xc90 [ 498.269022] vfs_open+0x11c/0x210 [ 498.272449] path_openat+0x542/0x2790 [ 498.276231] do_filp_open+0x197/0x270 [ 498.280003] do_sys_open+0x30d/0x5c0 [ 498.283692] compat_SyS_open+0x2a/0x40 [ 498.287547] do_fast_syscall_32+0x2f1/0xa10 [ 498.291842] entry_SYSENTER_compat+0x90/0xa2 [ 498.296237] [ 498.297834] Freed by task 3937: [ 498.301081] save_stack_trace+0x16/0x20 [ 498.305024] kasan_slab_free+0xac/0x190 [ 498.308985] kfree+0xfb/0x310 [ 498.312079] disk_release+0x259/0x330 [ 498.315849] device_release+0x7e/0x220 [ 498.319710] kobject_put+0x148/0x250 [ 498.323487] put_disk+0x23/0x30 [ 498.326737] __blkdev_get+0x616/0xd60 [ 498.330505] blkdev_get+0x2da/0x920 [ 498.334101] blkdev_open+0x1a5/0x250 [ 498.337783] do_dentry_open+0x3ef/0xc90 [ 498.341739] vfs_open+0x11c/0x210 [ 498.345162] path_openat+0x542/0x2790 [ 498.348935] do_filp_open+0x197/0x270 [ 498.352709] do_sys_open+0x30d/0x5c0 [ 498.356403] SyS_open+0x2d/0x40 [ 498.359656] do_syscall_64+0x19f/0x550 [ 498.363514] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 498.368583] [ 498.370214] The buggy address belongs to the object at ffff8801cb84dd80 [ 498.370214] which belongs to the cache kmalloc-2048 of size 2048 [ 498.383018] The buggy address is located 1376 bytes inside of [ 498.383018] 2048-byte region [ffff8801cb84dd80, ffff8801cb84e580) [ 498.395034] The buggy address belongs to the page: [ 498.399936] page:ffffea00072e1200 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 498.410120] flags: 0x4000000000004080(slab|head) [ 498.414848] page dumped because: kasan: bad access detected [ 498.420527] [ 498.422125] Memory state around the buggy address: [ 498.427030] ffff8801cb84e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 498.434364] ffff8801cb84e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 498.441708] >ffff8801cb84e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 498.449043] ^ [ 498.455520] ffff8801cb84e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 498.462852] ffff8801cb84e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 498.470182] ================================================================== [ 498.477510] Disabling lock debugging due to kernel taint [ 498.485577] Kernel panic - not syncing: panic_on_warn set ... [ 498.485577] [ 498.492951] CPU: 0 PID: 3937 Comm: blkid Tainted: G B 4.9.141+ #23 [ 498.500476] ffff8801cb4bf658 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 498.508523] 0000000000000000 0000000000000000 0000000000000000 ffff8801cb4bf718 [ 498.516597] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 498.524751] Call Trace: [ 498.527349] [] dump_stack+0xc1/0x128 [ 498.532707] [] panic+0x1bf/0x39f [ 498.537721] [] ? add_taint.cold.5+0x16/0x16 [ 498.543694] [] ? ___preempt_schedule+0x16/0x18 [ 498.549927] [] kasan_end_report+0x47/0x4f [ 498.555721] [] kasan_report.cold.6+0x76/0x2fe [ 498.561863] [] ? disk_unblock_events+0x51/0x60 [ 498.568091] [] __asan_report_load8_noabort+0x14/0x20 [ 498.574834] [] disk_unblock_events+0x51/0x60 [ 498.580886] [] __blkdev_get+0x6b6/0xd60 [ 498.586503] [] ? __blkdev_put+0x840/0x840 [ 498.592282] [] ? fsnotify+0x114/0x1100 [ 498.597790] [] blkdev_get+0x2da/0x920 [ 498.603318] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 498.610061] [] ? bd_may_claim+0xd0/0xd0 [ 498.615658] [] ? bd_acquire+0x27/0x250 [ 498.621164] [] ? bd_acquire+0x88/0x250 [ 498.626767] [] ? _raw_spin_unlock+0x2c/0x50 [ 498.632712] [] blkdev_open+0x1a5/0x250 [ 498.638235] [] do_dentry_open+0x3ef/0xc90 [ 498.644026] [] ? blkdev_get_by_dev+0x70/0x70 [ 498.650072] [] vfs_open+0x11c/0x210 [ 498.655330] [] ? may_open.isra.20+0x14f/0x2a0 [ 498.661540] [] path_openat+0x542/0x2790 [ 498.667139] [] ? path_mountpoint+0x6c0/0x6c0 [ 498.673168] [] ? trace_hardirqs_on+0x10/0x10 [ 498.679201] [] ? expand_files.part.3+0x3a9/0x6d0 [ 498.685577] [] do_filp_open+0x197/0x270 [ 498.691176] [] ? may_open_dev+0xe0/0xe0 [ 498.696773] [] ? _raw_spin_unlock+0x2c/0x50 [ 498.702714] [] ? __alloc_fd+0x1d7/0x4a0 [ 498.708307] [] do_sys_open+0x30d/0x5c0 [ 498.713830] [] ? filp_open+0x70/0x70 [ 498.719169] [] ? up_read+0x1a/0x40 [ 498.724342] [] SyS_open+0x2d/0x40 [ 498.729420] [] ? do_sys_open+0x5c0/0x5c0 [ 498.735104] [] do_syscall_64+0x19f/0x550 [ 498.740807] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 498.748331] Kernel Offset: disabled [ 498.751945] Rebooting in 86400 seconds..