Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. 2019/03/19 08:53:24 parsed 1 programs 2019/03/19 08:53:28 executed programs: 0 [ 1246.926652] audit: type=1400 audit(1552985608.792:5): avc: denied { sys_admin } for pid=2262 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 1246.964351] audit: type=1400 audit(1552985608.832:6): avc: denied { net_admin } for pid=2267 comm="syz-executor.1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 1247.371440] audit: type=1400 audit(1552985609.242:7): avc: denied { sys_chroot } for pid=2269 comm="syz-executor.0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 1247.398522] audit: type=1400 audit(1552985609.272:8): avc: denied { associate } for pid=2267 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 1247.435909] audit: type=1400 audit(1552985609.302:9): avc: denied { setuid } for pid=2412 comm="syz-executor.2" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 1248.398972] ================================================================== [ 1248.406491] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 1248.413242] Read of size 8 at addr ffff8801d81bfc60 by task blkid/2626 [ 1248.419894] [ 1248.421508] CPU: 0 PID: 2626 Comm: blkid Not tainted 4.9.141+ #23 [ 1248.427754] ffff8801d795f6f8 ffffffff81b42e79 ffffea0007606e00 ffff8801d81bfc60 [ 1248.435844] 0000000000000000 ffff8801d81bfc60 0000000000000000 ffff8801d795f730 [ 1248.443981] ffffffff815009b8 ffff8801d81bfc60 0000000000000008 0000000000000000 [ 1248.452053] Call Trace: [ 1248.454660] [] dump_stack+0xc1/0x128 [ 1248.460073] [] print_address_description+0x6c/0x234 [ 1248.466740] [] kasan_report.cold.6+0x242/0x2fe [ 1248.472972] [] ? disk_unblock_events+0x51/0x60 [ 1248.479377] [] __asan_report_load8_noabort+0x14/0x20 [ 1248.486131] [] disk_unblock_events+0x51/0x60 [ 1248.492268] [] __blkdev_get+0x6b6/0xd60 [ 1248.497902] [] ? __blkdev_put+0x840/0x840 [ 1248.503700] [] ? fsnotify+0x114/0x1100 [ 1248.509229] [] blkdev_get+0x2da/0x920 [ 1248.514746] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 1248.521504] [] ? bd_may_claim+0xd0/0xd0 [ 1248.527123] [] ? bd_acquire+0x27/0x250 [ 1248.532657] [] ? bd_acquire+0x88/0x250 [ 1248.538284] [] ? _raw_spin_unlock+0x2c/0x50 [ 1248.544253] [] blkdev_open+0x1a5/0x250 [ 1248.549764] [] do_dentry_open+0x3ef/0xc90 [ 1248.555539] [] ? blkdev_get_by_dev+0x70/0x70 [ 1248.561572] [] vfs_open+0x11c/0x210 [ 1248.566877] [] ? may_open.isra.20+0x14f/0x2a0 [ 1248.573004] [] path_openat+0x542/0x2790 [ 1248.578603] [] ? path_mountpoint+0x6c0/0x6c0 [ 1248.584650] [] ? trace_hardirqs_on+0x10/0x10 [ 1248.590697] [] ? expand_files.part.3+0x3a9/0x6d0 [ 1248.597171] [] do_filp_open+0x197/0x270 [ 1248.602773] [] ? may_open_dev+0xe0/0xe0 [ 1248.608373] [] ? _raw_spin_unlock+0x2c/0x50 [ 1248.614318] [] ? __alloc_fd+0x1d7/0x4a0 [ 1248.619916] [] do_sys_open+0x30d/0x5c0 [ 1248.625433] [] ? filp_open+0x70/0x70 [ 1248.630773] [] ? up_read+0x1a/0x40 [ 1248.635945] [] SyS_open+0x2d/0x40 [ 1248.641022] [] ? do_sys_open+0x5c0/0x5c0 [ 1248.646727] [] do_syscall_64+0x19f/0x550 [ 1248.652416] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1248.659320] [ 1248.660923] Allocated by task 2620: [ 1248.664551] save_stack_trace+0x16/0x20 [ 1248.668498] kasan_kmalloc.part.1+0x62/0xf0 [ 1248.672793] kasan_kmalloc+0xaf/0xc0 [ 1248.676488] kmem_cache_alloc_trace+0x117/0x2e0 [ 1248.681135] alloc_disk_node+0x54/0x3a0 [ 1248.685083] alloc_disk+0x18/0x20 [ 1248.688567] loop_add+0x368/0x7a0 [ 1248.691997] loop_probe+0x14f/0x180 [ 1248.695621] kobj_lookup+0x223/0x410 [ 1248.699324] get_gendisk+0x39/0x2d0 [ 1248.702927] blkdev_get+0xf6/0x920 [ 1248.706444] blkdev_open+0x1a5/0x250 [ 1248.710128] do_dentry_open+0x3ef/0xc90 [ 1248.714077] vfs_open+0x11c/0x210 [ 1248.717502] path_openat+0x542/0x2790 [ 1248.721276] do_filp_open+0x197/0x270 [ 1248.725050] do_sys_open+0x30d/0x5c0 [ 1248.728779] compat_SyS_open+0x2a/0x40 [ 1248.732645] do_fast_syscall_32+0x2f1/0xa10 [ 1248.736939] entry_SYSENTER_compat+0x90/0xa2 [ 1248.741317] [ 1248.742916] Freed by task 2626: [ 1248.746173] save_stack_trace+0x16/0x20 [ 1248.750122] kasan_slab_free+0xac/0x190 [ 1248.754070] kfree+0xfb/0x310 [ 1248.757151] disk_release+0x259/0x330 [ 1248.760927] device_release+0x7e/0x220 [ 1248.764787] kobject_put+0x148/0x250 [ 1248.768488] put_disk+0x23/0x30 [ 1248.771760] __blkdev_get+0x616/0xd60 [ 1248.775534] blkdev_get+0x2da/0x920 [ 1248.779146] blkdev_open+0x1a5/0x250 [ 1248.782837] do_dentry_open+0x3ef/0xc90 [ 1248.786785] vfs_open+0x11c/0x210 [ 1248.790211] path_openat+0x542/0x2790 [ 1248.793989] do_filp_open+0x197/0x270 [ 1248.797764] do_sys_open+0x30d/0x5c0 [ 1248.801453] SyS_open+0x2d/0x40 [ 1248.804709] do_syscall_64+0x19f/0x550 [ 1248.808569] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1248.813656] [ 1248.815258] The buggy address belongs to the object at ffff8801d81bf700 [ 1248.815258] which belongs to the cache kmalloc-2048 of size 2048 [ 1248.828074] The buggy address is located 1376 bytes inside of [ 1248.828074] 2048-byte region [ffff8801d81bf700, ffff8801d81bff00) [ 1248.840093] The buggy address belongs to the page: [ 1248.844996] page:ffffea0007606e00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 1248.855173] flags: 0x4000000000004080(slab|head) [ 1248.859901] page dumped because: kasan: bad access detected [ 1248.865598] [ 1248.867211] Memory state around the buggy address: [ 1248.872114] ffff8801d81bfb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1248.879445] ffff8801d81bfb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1248.886777] >ffff8801d81bfc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1248.894456] ^ [ 1248.900921] ffff8801d81bfc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1248.908268] ffff8801d81bfd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1248.915613] ================================================================== [ 1248.922960] Disabling lock debugging due to kernel taint [ 1248.933207] Kernel panic - not syncing: panic_on_warn set ... [ 1248.933207] [ 1248.940587] CPU: 0 PID: 2626 Comm: blkid Tainted: G B 4.9.141+ #23 [ 1248.948025] ffff8801d795f658 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 1248.956112] 0000000000000000 0000000000000000 0000000000000000 ffff8801d795f718 [ 1248.964193] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 1248.972259] Call Trace: [ 1248.974845] [] dump_stack+0xc1/0x128 [ 1248.980246] [] panic+0x1bf/0x39f [ 1248.985260] [] ? add_taint.cold.5+0x16/0x16 [ 1248.991232] [] ? ___preempt_schedule+0x16/0x18 [ 1248.997464] [] kasan_end_report+0x47/0x4f [ 1249.003255] [] kasan_report.cold.6+0x76/0x2fe [ 1249.009438] [] ? disk_unblock_events+0x51/0x60 [ 1249.015692] [] __asan_report_load8_noabort+0x14/0x20 [ 1249.022453] [] disk_unblock_events+0x51/0x60 [ 1249.028514] [] __blkdev_get+0x6b6/0xd60 [ 1249.034135] [] ? __blkdev_put+0x840/0x840 [ 1249.039929] [] ? fsnotify+0x114/0x1100 [ 1249.045482] [] blkdev_get+0x2da/0x920 [ 1249.050930] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 1249.057679] [] ? bd_may_claim+0xd0/0xd0 [ 1249.063301] [] ? bd_acquire+0x27/0x250 [ 1249.068834] [] ? bd_acquire+0x88/0x250 [ 1249.074369] [] ? _raw_spin_unlock+0x2c/0x50 [ 1249.080343] [] blkdev_open+0x1a5/0x250 [ 1249.085885] [] do_dentry_open+0x3ef/0xc90 [ 1249.091950] [] ? blkdev_get_by_dev+0x70/0x70 [ 1249.097991] [] vfs_open+0x11c/0x210 [ 1249.103245] [] ? may_open.isra.20+0x14f/0x2a0 [ 1249.109362] [] path_openat+0x542/0x2790 [ 1249.114959] [] ? path_mountpoint+0x6c0/0x6c0 [ 1249.120994] [] ? trace_hardirqs_on+0x10/0x10 [ 1249.127028] [] ? expand_files.part.3+0x3a9/0x6d0 [ 1249.133447] [] do_filp_open+0x197/0x270 [ 1249.139069] [] ? may_open_dev+0xe0/0xe0 [ 1249.144668] [] ? _raw_spin_unlock+0x2c/0x50 [ 1249.150630] [] ? __alloc_fd+0x1d7/0x4a0 [ 1249.156232] [] do_sys_open+0x30d/0x5c0 [ 1249.161746] [] ? filp_open+0x70/0x70 [ 1249.167089] [] ? up_read+0x1a/0x40 [ 1249.172256] [] SyS_open+0x2d/0x40 [ 1249.177333] [] ? do_sys_open+0x5c0/0x5c0 [ 1249.183020] [] do_syscall_64+0x19f/0x550 [ 1249.188721] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1249.195992] Kernel Offset: disabled [ 1249.199622] Rebooting in 86400 seconds..