Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts. 2019/09/24 16:57:46 parsed 1 programs 2019/09/24 16:57:48 executed programs: 0 syzkaller login: [ 43.631407] audit: type=1400 audit(1569344268.434:5): avc: denied { sys_admin } for pid=2065 comm="syz-executor.2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 43.661041] audit: type=1400 audit(1569344268.464:6): avc: denied { net_admin } for pid=2074 comm="syz-executor.3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 43.992258] audit: type=1400 audit(1569344268.794:7): avc: denied { sys_chroot } for pid=2071 comm="syz-executor.2" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 44.017852] audit: type=1400 audit(1569344268.814:8): avc: denied { associate } for pid=2074 comm="syz-executor.3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 44.231182] ================================================================== [ 44.238578] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 44.245317] Read of size 8 at addr ffff8801ca0fb860 by task syz-executor.0/2264 [ 44.252749] [ 44.254372] CPU: 0 PID: 2264 Comm: syz-executor.0 Not tainted 4.9.141+ #1 [ 44.261288] ffff8801c8cdf6f8 ffffffff81b42e79 ffffea0007283e00 ffff8801ca0fb860 [ 44.269350] 0000000000000000 ffff8801ca0fb860 0000000000000000 ffff8801c8cdf730 [ 44.277405] ffffffff815009b8 ffff8801ca0fb860 0000000000000008 0000000000000000 [ 44.285566] Call Trace: [ 44.288150] [] dump_stack+0xc1/0x128 [ 44.293513] [] print_address_description+0x6c/0x234 [ 44.300178] [] kasan_report.cold.6+0x242/0x2fe [ 44.306414] [] ? disk_unblock_events+0x51/0x60 [ 44.312646] [] __asan_report_load8_noabort+0x14/0x20 [ 44.319404] [] disk_unblock_events+0x51/0x60 [ 44.325457] [] __blkdev_get+0x6b6/0xd60 [ 44.331073] [] ? __blkdev_put+0x840/0x840 [ 44.336863] [] ? fsnotify+0x114/0x1100 [ 44.342378] [] blkdev_get+0x2da/0x920 [ 44.347856] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 44.354584] [] ? bd_may_claim+0xd0/0xd0 [ 44.360188] [] ? bd_acquire+0x27/0x250 [ 44.365700] [] ? bd_acquire+0x88/0x250 [ 44.371218] [] ? _raw_spin_unlock+0x2c/0x50 [ 44.377163] [] blkdev_open+0x1a5/0x250 [ 44.382685] [] do_dentry_open+0x3ef/0xc90 [ 44.388456] [] ? blkdev_get_by_dev+0x70/0x70 [ 44.394488] [] vfs_open+0x11c/0x210 [ 44.399740] [] ? may_open.isra.20+0x14f/0x2a0 [ 44.405866] [] path_openat+0x542/0x2790 [ 44.411472] [] ? path_mountpoint+0x6c0/0x6c0 [ 44.417513] [] ? trace_hardirqs_on+0x10/0x10 [ 44.423555] [] ? expand_files.part.3+0x3a9/0x6d0 [ 44.429935] [] do_filp_open+0x197/0x270 [ 44.435535] [] ? may_open_dev+0xe0/0xe0 [ 44.441135] [] ? _raw_spin_unlock+0x2c/0x50 [ 44.447248] [] ? __alloc_fd+0x1d7/0x4a0 [ 44.452885] [] do_sys_open+0x30d/0x5c0 [ 44.458411] [] ? filp_open+0x70/0x70 [ 44.463761] [] ? __might_fault+0x18e/0x1d0 [ 44.469620] [] ? __might_fault+0xe4/0x1d0 [ 44.475398] [] ? SyS_clock_settime+0x220/0x220 [ 44.481607] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 44.487679] [] SyS_open+0x2d/0x40 [ 44.492874] [] ? do_sys_open+0x5c0/0x5c0 [ 44.498556] [] do_syscall_64+0x19f/0x550 [ 44.504242] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 44.511140] [ 44.512744] Allocated by task 2239: [ 44.516346] save_stack_trace+0x16/0x20 [ 44.520292] kasan_kmalloc.part.1+0x62/0xf0 [ 44.524587] kasan_kmalloc+0xaf/0xc0 [ 44.528277] kmem_cache_alloc_trace+0x117/0x2e0 [ 44.532923] alloc_disk_node+0x54/0x3a0 [ 44.536876] alloc_disk+0x18/0x20 [ 44.540305] loop_add+0x368/0x7a0 [ 44.543768] loop_probe+0x14f/0x180 [ 44.547403] kobj_lookup+0x223/0x410 [ 44.551089] get_gendisk+0x39/0x2d0 [ 44.554690] __blkdev_get+0x351/0xd60 [ 44.558464] blkdev_get+0x2da/0x920 [ 44.562064] blkdev_open+0x1a5/0x250 [ 44.565757] do_dentry_open+0x3ef/0xc90 [ 44.569704] vfs_open+0x11c/0x210 [ 44.573134] path_openat+0x542/0x2790 [ 44.576905] do_filp_open+0x197/0x270 [ 44.580679] do_sys_open+0x30d/0x5c0 [ 44.584454] SyS_open+0x2d/0x40 [ 44.587708] do_syscall_64+0x19f/0x550 [ 44.591568] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 44.596642] [ 44.598248] Freed by task 2264: [ 44.601506] save_stack_trace+0x16/0x20 [ 44.605454] kasan_slab_free+0xac/0x190 [ 44.609439] kfree+0xfb/0x310 [ 44.612525] disk_release+0x259/0x330 [ 44.616302] device_release+0x7e/0x220 [ 44.620170] kobject_put+0x148/0x250 [ 44.623865] put_disk+0x23/0x30 [ 44.627120] __blkdev_get+0x616/0xd60 [ 44.630904] blkdev_get+0x2da/0x920 [ 44.634510] blkdev_open+0x1a5/0x250 [ 44.638203] do_dentry_open+0x3ef/0xc90 [ 44.642155] vfs_open+0x11c/0x210 [ 44.645586] path_openat+0x542/0x2790 [ 44.649368] do_filp_open+0x197/0x270 [ 44.653145] do_sys_open+0x30d/0x5c0 [ 44.656834] SyS_open+0x2d/0x40 [ 44.660088] do_syscall_64+0x19f/0x550 [ 44.663950] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 44.669022] [ 44.670632] The buggy address belongs to the object at ffff8801ca0fb300 [ 44.670632] which belongs to the cache kmalloc-2048 of size 2048 [ 44.683443] The buggy address is located 1376 bytes inside of [ 44.683443] 2048-byte region [ffff8801ca0fb300, ffff8801ca0fbb00) [ 44.695467] The buggy address belongs to the page: [ 44.700396] page:ffffea0007283e00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 44.710732] flags: 0x4000000000004080(slab|head) [ 44.715461] page dumped because: kasan: bad access detected [ 44.721226] [ 44.722826] Memory state around the buggy address: [ 44.727731] ffff8801ca0fb700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.735066] ffff8801ca0fb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.742399] >ffff8801ca0fb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.749731] ^ [ 44.756201] ffff8801ca0fb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.763535] ffff8801ca0fb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.770906] ================================================================== [ 44.778239] Disabling lock debugging due to kernel taint [ 44.786632] Kernel panic - not syncing: panic_on_warn set ... [ 44.786632] [ 44.794016] CPU: 0 PID: 2264 Comm: syz-executor.0 Tainted: G B 4.9.141+ #1 [ 44.802151] ffff8801c8cdf658 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 44.810212] 0000000000000000 0000000000000000 0000000000000000 ffff8801c8cdf718 [ 44.818262] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 44.826318] Call Trace: [ 44.828900] [] dump_stack+0xc1/0x128 [ 44.834264] [] panic+0x1bf/0x39f [ 44.839258] [] ? add_taint.cold.5+0x16/0x16 [ 44.845257] [] ? ___preempt_schedule+0x16/0x18 [ 44.851468] [] kasan_end_report+0x47/0x4f [ 44.857281] [] kasan_report.cold.6+0x76/0x2fe [ 44.863465] [] ? disk_unblock_events+0x51/0x60 [ 44.869730] [] __asan_report_load8_noabort+0x14/0x20 [ 44.876504] [] disk_unblock_events+0x51/0x60 [ 44.882577] [] __blkdev_get+0x6b6/0xd60 [ 44.888181] [] ? __blkdev_put+0x840/0x840 [ 44.893955] [] ? fsnotify+0x114/0x1100 [ 44.899465] [] blkdev_get+0x2da/0x920 [ 44.904892] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 44.911624] [] ? bd_may_claim+0xd0/0xd0 [ 44.917221] [] ? bd_acquire+0x27/0x250 [ 44.922732] [] ? bd_acquire+0x88/0x250 [ 44.928247] [] ? _raw_spin_unlock+0x2c/0x50 [ 44.934196] [] blkdev_open+0x1a5/0x250 [ 44.939708] [] do_dentry_open+0x3ef/0xc90 [ 44.945482] [] ? blkdev_get_by_dev+0x70/0x70 [ 44.951522] [] vfs_open+0x11c/0x210 [ 44.956775] [] ? may_open.isra.20+0x14f/0x2a0 [ 44.962895] [] path_openat+0x542/0x2790 [ 44.968493] [] ? path_mountpoint+0x6c0/0x6c0 [ 44.974525] [] ? trace_hardirqs_on+0x10/0x10 [ 44.980571] [] ? expand_files.part.3+0x3a9/0x6d0 [ 44.986958] [] do_filp_open+0x197/0x270 [ 44.992555] [] ? may_open_dev+0xe0/0xe0 [ 44.998158] [] ? _raw_spin_unlock+0x2c/0x50 [ 45.004104] [] ? __alloc_fd+0x1d7/0x4a0 [ 45.009702] [] do_sys_open+0x30d/0x5c0 [ 45.015215] [] ? filp_open+0x70/0x70 [ 45.020553] [] ? __might_fault+0x18e/0x1d0 [ 45.026413] [] ? __might_fault+0xe4/0x1d0 [ 45.032210] [] ? SyS_clock_settime+0x220/0x220 [ 45.038421] [] ? do_vfs_ioctl+0x11a0/0x11a0 [ 45.044431] [] SyS_open+0x2d/0x40 [ 45.049511] [] ? do_sys_open+0x5c0/0x5c0 [ 45.055196] [] do_syscall_64+0x19f/0x550 [ 45.060880] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.068277] Kernel Offset: disabled [ 45.071889] Rebooting in 86400 seconds..