Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts. 2018/12/26 10:55:54 parsed 1 programs 2018/12/26 10:55:55 executed programs: 0 [ 47.751525] audit: type=1400 audit(1545821755.633:5): avc: denied { sys_admin } for pid=2064 comm="syz-executor2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 47.868928] audit: type=1400 audit(1545821755.753:6): avc: denied { net_admin } for pid=2077 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 50.463721] audit: type=1400 audit(1545821758.353:7): avc: denied { sys_chroot } for pid=2083 comm="syz-executor1" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 50.473667] audit: type=1400 audit(1545821758.363:8): avc: denied { associate } for pid=2086 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 50.900764] ================================================================== [ 50.908166] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 50.914913] Read of size 8 at addr ffff8801d0150de0 by task blkid/3839 [ 50.921569] [ 50.923196] CPU: 0 PID: 3839 Comm: blkid Not tainted 4.9.141+ #1 [ 50.929332] ffff8801c5b1f6f8 ffffffff81b42e79 ffffea0007405400 ffff8801d0150de0 [ 50.937392] 0000000000000000 ffff8801d0150de0 0000000000000000 ffff8801c5b1f730 [ 50.945472] ffffffff815009b8 ffff8801d0150de0 0000000000000008 0000000000000000 [ 50.953539] Call Trace: [ 50.956120] [] dump_stack+0xc1/0x128 [ 50.961483] [] print_address_description+0x6c/0x234 [ 50.968144] [] kasan_report.cold.6+0x242/0x2fe [ 50.974374] [] ? disk_unblock_events+0x51/0x60 [ 50.980600] [] __asan_report_load8_noabort+0x14/0x20 [ 50.987341] [] disk_unblock_events+0x51/0x60 [ 50.993383] [] __blkdev_get+0x6b6/0xd60 [ 50.999018] [] ? __blkdev_put+0x840/0x840 [ 51.004809] [] ? fsnotify+0x114/0x1100 [ 51.010338] [] blkdev_get+0x2da/0x920 [ 51.015787] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.022532] [] ? bd_may_claim+0xd0/0xd0 [ 51.028159] [] ? bd_acquire+0x27/0x250 [ 51.033699] [] ? bd_acquire+0x88/0x250 [ 51.039232] [] ? _raw_spin_unlock+0x2c/0x50 [ 51.045208] [] blkdev_open+0x1a5/0x250 [ 51.050742] [] do_dentry_open+0x3ef/0xc90 [ 51.056531] [] ? blkdev_get_by_dev+0x70/0x70 [ 51.062587] [] vfs_open+0x11c/0x210 [ 51.067859] [] ? may_open.isra.20+0x14f/0x2a0 [ 51.074000] [] path_openat+0x542/0x2790 [ 51.079612] [] ? path_mountpoint+0x6c0/0x6c0 [ 51.085645] [] ? trace_hardirqs_on+0x10/0x10 [ 51.091677] [] ? expand_files.part.3+0x3a9/0x6d0 [ 51.098057] [] do_filp_open+0x197/0x270 [ 51.103654] [] ? may_open_dev+0xe0/0xe0 [ 51.109252] [] ? _raw_spin_unlock+0x2c/0x50 [ 51.115199] [] ? __alloc_fd+0x1d7/0x4a0 [ 51.120809] [] do_sys_open+0x30d/0x5c0 [ 51.126320] [] ? filp_open+0x70/0x70 [ 51.131656] [] ? up_read+0x1a/0x40 [ 51.136833] [] SyS_open+0x2d/0x40 [ 51.141923] [] ? do_sys_open+0x5c0/0x5c0 [ 51.147607] [] do_syscall_64+0x19f/0x550 [ 51.153293] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.160185] [ 51.161783] Allocated by task 3820: [ 51.165387] save_stack_trace+0x16/0x20 [ 51.169330] kasan_kmalloc.part.1+0x62/0xf0 [ 51.173621] kasan_kmalloc+0xaf/0xc0 [ 51.177325] kmem_cache_alloc_trace+0x117/0x2e0 [ 51.182088] alloc_disk_node+0x54/0x3a0 [ 51.186035] alloc_disk+0x18/0x20 [ 51.189461] loop_add+0x368/0x7a0 [ 51.192885] loop_probe+0x14f/0x180 [ 51.196482] kobj_lookup+0x223/0x410 [ 51.200170] get_gendisk+0x39/0x2d0 [ 51.203770] blkdev_get+0xf6/0x920 [ 51.207282] blkdev_open+0x1a5/0x250 [ 51.210968] do_dentry_open+0x3ef/0xc90 [ 51.214914] vfs_open+0x11c/0x210 [ 51.218343] path_openat+0x542/0x2790 [ 51.222114] do_filp_open+0x197/0x270 [ 51.225885] do_sys_open+0x30d/0x5c0 [ 51.229569] SyS_open+0x2d/0x40 [ 51.232821] do_syscall_64+0x19f/0x550 [ 51.236693] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.241765] [ 51.243367] Freed by task 3839: [ 51.246625] save_stack_trace+0x16/0x20 [ 51.250569] kasan_slab_free+0xac/0x190 [ 51.254513] kfree+0xfb/0x310 [ 51.257607] disk_release+0x259/0x330 [ 51.261380] device_release+0x7e/0x220 [ 51.265239] kobject_put+0x148/0x250 [ 51.268921] put_disk+0x23/0x30 [ 51.272173] __blkdev_get+0x616/0xd60 [ 51.275945] blkdev_get+0x2da/0x920 [ 51.279544] blkdev_open+0x1a5/0x250 [ 51.283231] do_dentry_open+0x3ef/0xc90 [ 51.287178] vfs_open+0x11c/0x210 [ 51.290603] path_openat+0x542/0x2790 [ 51.294376] do_filp_open+0x197/0x270 [ 51.298149] do_sys_open+0x30d/0x5c0 [ 51.301836] SyS_open+0x2d/0x40 [ 51.305087] do_syscall_64+0x19f/0x550 [ 51.308944] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.314135] [ 51.315755] The buggy address belongs to the object at ffff8801d0150880 [ 51.315755] which belongs to the cache kmalloc-2048 of size 2048 [ 51.328557] The buggy address is located 1376 bytes inside of [ 51.328557] 2048-byte region [ffff8801d0150880, ffff8801d0151080) [ 51.340575] The buggy address belongs to the page: [ 51.345475] page:ffffea0007405400 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 51.355661] flags: 0x4000000000004080(slab|head) [ 51.360382] page dumped because: kasan: bad access detected [ 51.366064] [ 51.367661] Memory state around the buggy address: [ 51.372562] ffff8801d0150c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.379927] ffff8801d0150d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.387256] >ffff8801d0150d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.394587] ^ [ 51.401048] ffff8801d0150e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.408378] ffff8801d0150e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.415709] ================================================================== [ 51.423041] Disabling lock debugging due to kernel taint [ 51.437559] Kernel panic - not syncing: panic_on_warn set ... [ 51.437559] [ 51.444967] CPU: 0 PID: 3839 Comm: blkid Tainted: G B 4.9.141+ #1 [ 51.452319] ffff8801c5b1f658 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 51.460374] 0000000000000000 0000000000000000 0000000000000000 ffff8801c5b1f718 [ 51.468454] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 51.476615] Call Trace: [ 51.479208] [] dump_stack+0xc1/0x128 [ 51.484578] [] panic+0x1bf/0x39f [ 51.489591] [] ? add_taint.cold.5+0x16/0x16 [ 51.495572] [] ? ___preempt_schedule+0x16/0x18 [ 51.501797] [] kasan_end_report+0x47/0x4f [ 51.507633] [] kasan_report.cold.6+0x76/0x2fe [ 51.513774] [] ? disk_unblock_events+0x51/0x60 [ 51.520003] [] __asan_report_load8_noabort+0x14/0x20 [ 51.526752] [] disk_unblock_events+0x51/0x60 [ 51.532802] [] __blkdev_get+0x6b6/0xd60 [ 51.538432] [] ? __blkdev_put+0x840/0x840 [ 51.544227] [] ? fsnotify+0x114/0x1100 [ 51.549771] [] blkdev_get+0x2da/0x920 [ 51.555214] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 51.561976] [] ? bd_may_claim+0xd0/0xd0 [ 51.567591] [] ? bd_acquire+0x27/0x250 [ 51.573134] [] ? bd_acquire+0x88/0x250 [ 51.578705] [] ? _raw_spin_unlock+0x2c/0x50 [ 51.584684] [] blkdev_open+0x1a5/0x250 [ 51.590216] [] do_dentry_open+0x3ef/0xc90 [ 51.596007] [] ? blkdev_get_by_dev+0x70/0x70 [ 51.602062] [] vfs_open+0x11c/0x210 [ 51.607335] [] ? may_open.isra.20+0x14f/0x2a0 [ 51.613482] [] path_openat+0x542/0x2790 [ 51.619116] [] ? path_mountpoint+0x6c0/0x6c0 [ 51.625183] [] ? trace_hardirqs_on+0x10/0x10 [ 51.631238] [] ? expand_files.part.3+0x3a9/0x6d0 [ 51.637644] [] do_filp_open+0x197/0x270 [ 51.643267] [] ? may_open_dev+0xe0/0xe0 [ 51.648889] [] ? _raw_spin_unlock+0x2c/0x50 [ 51.654854] [] ? __alloc_fd+0x1d7/0x4a0 [ 51.660472] [] do_sys_open+0x30d/0x5c0 [ 51.666005] [] ? filp_open+0x70/0x70 [ 51.671361] [] ? up_read+0x1a/0x40 [ 51.676559] [] SyS_open+0x2d/0x40 [ 51.681656] [] ? do_sys_open+0x5c0/0x5c0 [ 51.687363] [] do_syscall_64+0x19f/0x550 [ 51.693069] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 51.700320] Kernel Offset: disabled [ 51.703929] Rebooting in 86400 seconds..