Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. 2018/12/27 16:18:58 parsed 1 programs 2018/12/27 16:18:59 executed programs: 0 [ 580.598627] audit: type=1400 audit(1545927546.432:5): avc: denied { associate } for pid=2179 comm="syz-executor2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/12/27 16:19:06 executed programs: 6 2018/12/27 16:19:11 executed programs: 100 2018/12/27 16:19:16 executed programs: 196 2018/12/27 16:19:21 executed programs: 291 [ 598.770216] ================================================================== [ 598.777677] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 598.784409] Read of size 8 at addr ffff8801c600c960 by task blkid/7908 [ 598.791051] [ 598.792658] CPU: 0 PID: 7908 Comm: blkid Not tainted 4.9.147+ #86 [ 598.798861] ffff8801d39176f0 ffffffff81b43be9 ffffea0007180200 ffff8801c600c960 [ 598.806848] 0000000000000000 ffff8801c600c960 0000000000000000 ffff8801d3917728 [ 598.814952] ffffffff81500cd8 ffff8801c600c960 0000000000000008 0000000000000000 [ 598.822937] Call Trace: [ 598.825529] [] dump_stack+0xc1/0x128 [ 598.830921] [] print_address_description+0x6c/0x234 [ 598.837569] [] kasan_report.cold.6+0x242/0x2fe [ 598.843779] [] ? disk_unblock_events+0x51/0x60 [ 598.849985] [] __asan_report_load8_noabort+0x14/0x20 [ 598.856712] [] disk_unblock_events+0x51/0x60 [ 598.862757] [] __blkdev_get+0x6b6/0xd60 [ 598.868399] [] ? trace_hardirqs_on+0x10/0x10 [ 598.874442] [] ? __blkdev_put+0x840/0x840 [ 598.880212] [] ? fsnotify+0x114/0x1100 [ 598.885722] [] blkdev_get+0x2da/0x920 [ 598.891177] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 598.897901] [] ? bd_may_claim+0xd0/0xd0 [ 598.903500] [] ? bd_acquire+0x27/0x250 [ 598.909013] [] ? bd_acquire+0x88/0x250 [ 598.914560] [] ? _raw_spin_unlock+0x2c/0x50 [ 598.920512] [] blkdev_open+0x1a5/0x250 [ 598.926022] [] do_dentry_open+0x3ef/0xc90 [ 598.931791] [] ? blkdev_get_by_dev+0x70/0x70 [ 598.937823] [] vfs_open+0x11c/0x210 [ 598.943080] [] ? may_open.isra.21+0x14f/0x2a0 [ 598.949198] [] path_openat+0x661/0x2d90 [ 598.954876] [] ? path_mountpoint+0x6c0/0x6c0 [ 598.960923] [] ? trace_hardirqs_on+0x10/0x10 [ 598.966955] [] ? expand_files.part.3+0x3a9/0x6d0 [ 598.973334] [] do_filp_open+0x197/0x270 [ 598.978933] [] ? may_open_dev+0xe0/0xe0 [ 598.984531] [] ? _raw_spin_unlock+0x2c/0x50 [ 598.990477] [] ? __alloc_fd+0x1d7/0x4a0 [ 598.996078] [] do_sys_open+0x30d/0x5c0 [ 599.001588] [] ? filp_open+0x70/0x70 [ 599.006954] [] ? up_read+0x1a/0x40 [ 599.012121] [] SyS_open+0x2d/0x40 [ 599.017195] [] ? do_sys_open+0x5c0/0x5c0 [ 599.022989] [] do_syscall_64+0x19f/0x550 [ 599.028713] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 599.035619] [ 599.037224] Allocated by task 7775: [ 599.040844] save_stack_trace+0x16/0x20 [ 599.044834] kasan_kmalloc.part.1+0x62/0xf0 [ 599.049135] kasan_kmalloc+0xaf/0xc0 [ 599.052834] kmem_cache_alloc_trace+0x117/0x2e0 [ 599.057478] alloc_disk_node+0x54/0x3a0 [ 599.061429] alloc_disk+0x18/0x20 [ 599.065002] loop_add+0x368/0x7a0 [ 599.068435] loop_probe+0x14f/0x180 [ 599.072063] kobj_lookup+0x223/0x410 [ 599.075756] get_gendisk+0x39/0x2d0 [ 599.079352] __blkdev_get+0x351/0xd60 [ 599.083123] blkdev_get+0x2da/0x920 [ 599.086720] blkdev_open+0x1a5/0x250 [ 599.090403] do_dentry_open+0x3ef/0xc90 [ 599.094354] vfs_open+0x11c/0x210 [ 599.097781] path_openat+0x661/0x2d90 [ 599.101556] do_filp_open+0x197/0x270 [ 599.105329] do_sys_open+0x30d/0x5c0 [ 599.109013] SyS_open+0x2d/0x40 [ 599.112264] do_syscall_64+0x19f/0x550 [ 599.116154] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 599.121251] [ 599.122850] Freed by task 7908: [ 599.126105] save_stack_trace+0x16/0x20 [ 599.130057] kasan_slab_free+0xac/0x190 [ 599.134009] kfree+0xfb/0x310 [ 599.137093] disk_release+0x259/0x330 [ 599.140891] device_release+0x7e/0x220 [ 599.144753] kobject_put+0x148/0x250 [ 599.148441] put_disk+0x23/0x30 [ 599.151692] __blkdev_get+0x616/0xd60 [ 599.155466] blkdev_get+0x2da/0x920 [ 599.159075] blkdev_open+0x1a5/0x250 [ 599.162762] do_dentry_open+0x3ef/0xc90 [ 599.166710] vfs_open+0x11c/0x210 [ 599.170133] path_openat+0x661/0x2d90 [ 599.174025] do_filp_open+0x197/0x270 [ 599.177804] do_sys_open+0x30d/0x5c0 [ 599.181489] SyS_open+0x2d/0x40 [ 599.184740] do_syscall_64+0x19f/0x550 [ 599.188638] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 599.193718] [ 599.195320] The buggy address belongs to the object at ffff8801c600c400 [ 599.195320] which belongs to the cache kmalloc-2048 of size 2048 [ 599.208119] The buggy address is located 1376 bytes inside of [ 599.208119] 2048-byte region [ffff8801c600c400, ffff8801c600cc00) [ 599.220134] The buggy address belongs to the page: [ 599.225037] page:ffffea0007180200 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 599.235209] flags: 0x4000000000004080(slab|head) [ 599.239945] page dumped because: kasan: bad access detected [ 599.245655] [ 599.247256] Memory state around the buggy address: [ 599.252162] ffff8801c600c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 599.259589] ffff8801c600c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 599.266928] >ffff8801c600c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 599.274315] ^ [ 599.280786] ffff8801c600c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 599.288161] ffff8801c600ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 599.295499] ================================================================== [ 599.302866] Disabling lock debugging due to kernel taint [ 599.308682] Kernel panic - not syncing: panic_on_warn set ... [ 599.308682] [ 599.316026] CPU: 0 PID: 7908 Comm: blkid Tainted: G B 4.9.147+ #86 [ 599.323443] ffff8801d3917650 ffffffff81b43be9 ffffffff82e36c68 00000000ffffffff [ 599.331473] 0000000000000000 0000000000000000 0000000000000000 ffff8801d3917710 [ 599.339489] ffffffff813f7745 0000000041b58ab3 ffffffff82e2ac3b ffffffff813f7586 [ 599.347466] Call Trace: [ 599.350027] [] dump_stack+0xc1/0x128 [ 599.355388] [] panic+0x1bf/0x39f [ 599.360380] [] ? add_taint.cold.5+0x16/0x16 [ 599.366327] [] ? ___preempt_schedule+0x16/0x18 [ 599.372533] [] kasan_end_report+0x47/0x4f [ 599.378304] [] kasan_report.cold.6+0x76/0x2fe [ 599.384431] [] ? disk_unblock_events+0x51/0x60 [ 599.390649] [] __asan_report_load8_noabort+0x14/0x20 [ 599.397384] [] disk_unblock_events+0x51/0x60 [ 599.403425] [] __blkdev_get+0x6b6/0xd60 [ 599.409024] [] ? trace_hardirqs_on+0x10/0x10 [ 599.415175] [] ? __blkdev_put+0x840/0x840 [ 599.420949] [] ? fsnotify+0x114/0x1100 [ 599.426464] [] blkdev_get+0x2da/0x920 [ 599.431892] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 599.438622] [] ? bd_may_claim+0xd0/0xd0 [ 599.444280] [] ? bd_acquire+0x27/0x250 [ 599.449800] [] ? bd_acquire+0x88/0x250 [ 599.455314] [] ? _raw_spin_unlock+0x2c/0x50 [ 599.461316] [] blkdev_open+0x1a5/0x250 [ 599.466839] [] do_dentry_open+0x3ef/0xc90 [ 599.472619] [] ? blkdev_get_by_dev+0x70/0x70 [ 599.478655] [] vfs_open+0x11c/0x210 [ 599.483906] [] ? may_open.isra.21+0x14f/0x2a0 [ 599.490024] [] path_openat+0x661/0x2d90 [ 599.495627] [] ? path_mountpoint+0x6c0/0x6c0 [ 599.501685] [] ? trace_hardirqs_on+0x10/0x10 [ 599.507715] [] ? expand_files.part.3+0x3a9/0x6d0 [ 599.514160] [] do_filp_open+0x197/0x270 [ 599.519768] [] ? may_open_dev+0xe0/0xe0 [ 599.525373] [] ? _raw_spin_unlock+0x2c/0x50 [ 599.531325] [] ? __alloc_fd+0x1d7/0x4a0 [ 599.536928] [] do_sys_open+0x30d/0x5c0 [ 599.542607] [] ? filp_open+0x70/0x70 [ 599.547945] [] ? up_read+0x1a/0x40 [ 599.553109] [] SyS_open+0x2d/0x40 [ 599.558188] [] ? do_sys_open+0x5c0/0x5c0 [ 599.563872] [] do_syscall_64+0x19f/0x550 [ 599.569619] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 599.576859] Kernel Offset: disabled [ 599.580467] Rebooting in 86400 seconds..