INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes [ 1237.244291] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. [ 1242.843400] random: sshd: uninitialized urandom read (32 bytes read) [ 1242.928924] audit: type=1400 audit(1554719069.847:8): avc: denied { map } for pid=1968 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/08 10:24:30 parsed 1 programs [ 1243.807671] audit: type=1400 audit(1554719070.727:9): avc: denied { map } for pid=1968 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5011 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 1244.828298] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/08 10:24:33 executed programs: 0 [ 1246.794058] audit: type=1400 audit(1554719073.717:10): avc: denied { map } for pid=1968 comm="syz-execprog" path="/root/syzkaller-shm314691674" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/04/08 10:24:38 executed programs: 56 2019/04/08 10:24:43 executed programs: 189 [ 1260.535501] ================================================================== [ 1260.542958] BUG: KASAN: use-after-free in disk_unblock_events+0x4b/0x50 [ 1260.549718] Read of size 8 at addr ffff8881c44d73e8 by task blkid/4123 [ 1260.556377] [ 1260.558016] CPU: 0 PID: 4123 Comm: blkid Not tainted 4.14.111+ #50 [ 1260.564324] Call Trace: [ 1260.566923] dump_stack+0xb9/0x10e [ 1260.570466] ? disk_unblock_events+0x4b/0x50 [ 1260.574873] print_address_description+0x60/0x226 [ 1260.579719] ? disk_unblock_events+0x4b/0x50 [ 1260.584127] kasan_report.cold+0x88/0x2a5 [ 1260.588366] ? disk_unblock_events+0x4b/0x50 [ 1260.592777] ? __blkdev_get+0x68f/0xf90 [ 1260.596762] ? __blkdev_put+0x6d0/0x6d0 [ 1260.600828] ? fsnotify+0x8b0/0x1150 [ 1260.604548] ? blkdev_get+0x97/0x8b0 [ 1260.608267] ? bd_acquire+0x171/0x2c0 [ 1260.612069] ? bd_may_claim+0xd0/0xd0 [ 1260.615875] ? lock_downgrade+0x5d0/0x5d0 [ 1260.620025] ? lock_acquire+0x10f/0x380 [ 1260.624014] ? bd_acquire+0x21/0x2c0 [ 1260.627744] ? blkdev_open+0x1cc/0x250 [ 1260.631632] ? security_file_open+0x88/0x190 [ 1260.636052] ? do_dentry_open+0x44e/0xdf0 [ 1260.640230] ? bd_acquire+0x2c0/0x2c0 [ 1260.644041] ? vfs_open+0x105/0x230 [ 1260.647759] ? path_openat+0xb6b/0x2b70 [ 1260.651748] ? path_mountpoint+0x9a0/0x9a0 [ 1260.656029] ? trace_hardirqs_on+0x10/0x10 [ 1260.660273] ? do_filp_open+0x1a1/0x280 [ 1260.664251] ? may_open_dev+0xe0/0xe0 [ 1260.668061] ? lock_downgrade+0x5d0/0x5d0 [ 1260.672210] ? lock_acquire+0x10f/0x380 [ 1260.676188] ? __alloc_fd+0x3f/0x490 [ 1260.679914] ? _raw_spin_unlock+0x29/0x40 [ 1260.684062] ? __alloc_fd+0x1bf/0x490 [ 1260.687876] ? do_sys_open+0x2ca/0x590 [ 1260.691765] ? filp_open+0x60/0x60 [ 1260.695318] ? do_syscall_64+0x43/0x4b0 [ 1260.699295] ? do_sys_open+0x590/0x590 [ 1260.703185] ? do_syscall_64+0x19b/0x4b0 [ 1260.707308] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1260.712693] [ 1260.714314] Allocated by task 4114: [ 1260.717947] kasan_kmalloc.part.0+0x4f/0xd0 [ 1260.722266] kmem_cache_alloc_trace+0x126/0x310 [ 1260.726929] alloc_disk_node+0x5b/0x3d0 [ 1260.730895] [ 1260.732515] Freed by task 4123: [ 1260.735796] kasan_slab_free+0xb0/0x190 [ 1260.739767] kfree+0xf5/0x310 [ 1260.742870] device_release+0xf4/0x1a0 [ 1260.746750] [ 1260.748374] The buggy address belongs to the object at ffff8881c44d6e80 [ 1260.748374] which belongs to the cache kmalloc-2048 of size 2048 [ 1260.761205] The buggy address is located 1384 bytes inside of [ 1260.761205] 2048-byte region [ffff8881c44d6e80, ffff8881c44d7680) [ 1260.773252] The buggy address belongs to the page: [ 1260.778180] page:ffffea0007113400 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 1260.788261] flags: 0x4000000000010200(slab|head) [ 1260.793020] raw: 4000000000010200 0000000000000000 0000000000000000 00000001000f000f [ 1260.800906] raw: ffffea0007114e00 0000000200000002 ffff8881da802800 0000000000000000 [ 1260.808784] page dumped because: kasan: bad access detected [ 1260.814488] [ 1260.816110] Memory state around the buggy address: [ 1260.821038] ffff8881c44d7280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1260.828398] ffff8881c44d7300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1260.835754] >ffff8881c44d7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1260.843108] ^ [ 1260.849859] ffff8881c44d7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1260.857208] ffff8881c44d7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1260.864548] ================================================================== [ 1260.871901] Disabling lock debugging due to kernel taint [ 1260.897620] Kernel panic - not syncing: panic_on_warn set ... [ 1260.897620] [ 1260.905018] CPU: 0 PID: 4123 Comm: blkid Tainted: G B 4.14.111+ #50 [ 1260.912550] Call Trace: [ 1260.915137] dump_stack+0xb9/0x10e [ 1260.918696] panic+0x1d9/0x3c2 [ 1260.921905] ? add_taint.cold+0x16/0x16 [ 1260.925879] ? disk_unblock_events+0x4b/0x50 [ 1260.930283] ? ___preempt_schedule+0x16/0x18 [ 1260.934690] ? disk_unblock_events+0x4b/0x50 [ 1260.939099] kasan_end_report+0x43/0x49 [ 1260.943067] kasan_report.cold+0xa4/0x2a5 [ 1260.947215] ? disk_unblock_events+0x4b/0x50 [ 1260.951624] ? __blkdev_get+0x68f/0xf90 [ 1260.955601] ? __blkdev_put+0x6d0/0x6d0 [ 1260.959574] ? fsnotify+0x8b0/0x1150 [ 1260.963290] ? blkdev_get+0x97/0x8b0 [ 1260.967012] ? bd_acquire+0x171/0x2c0 [ 1260.970814] ? bd_may_claim+0xd0/0xd0 [ 1260.974612] ? lock_downgrade+0x5d0/0x5d0 [ 1260.978754] ? lock_acquire+0x10f/0x380 [ 1260.982813] ? bd_acquire+0x21/0x2c0 [ 1260.986533] ? blkdev_open+0x1cc/0x250 [ 1260.990419] ? security_file_open+0x88/0x190 [ 1260.994830] ? do_dentry_open+0x44e/0xdf0 [ 1260.998974] ? bd_acquire+0x2c0/0x2c0 [ 1261.002820] ? vfs_open+0x105/0x230 [ 1261.006475] ? path_openat+0xb6b/0x2b70 [ 1261.010452] ? path_mountpoint+0x9a0/0x9a0 [ 1261.014687] ? trace_hardirqs_on+0x10/0x10 [ 1261.019042] ? do_filp_open+0x1a1/0x280 [ 1261.023011] ? may_open_dev+0xe0/0xe0 [ 1261.026865] ? lock_downgrade+0x5d0/0x5d0 [ 1261.031004] ? lock_acquire+0x10f/0x380 [ 1261.035036] ? __alloc_fd+0x3f/0x490 [ 1261.038740] ? _raw_spin_unlock+0x29/0x40 [ 1261.043041] ? __alloc_fd+0x1bf/0x490 [ 1261.046831] ? do_sys_open+0x2ca/0x590 [ 1261.050698] ? filp_open+0x60/0x60 [ 1261.054223] ? do_syscall_64+0x43/0x4b0 [ 1261.058176] ? do_sys_open+0x590/0x590 [ 1261.062047] ? do_syscall_64+0x19b/0x4b0 [ 1261.066092] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1261.071913] Kernel Offset: 0xf800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 1261.082738] Rebooting in 86400 seconds..