Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. [ 73.571419] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.712287] audit: type=1400 audit(1556793683.648:36): avc: denied { map } for pid=7216 comm="syz-executor889" path="/root/syz-executor889210560" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 73.726084] md: md0 stopped. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.771642] md: md0 stopped. [ 73.778777] md: md0 stopped. [ 73.787737] md: md0 stopped. [ 73.793216] md: md0 stopped. [ 73.799254] md: md0 stopped. [ 73.806515] md: md0 stopped. [ 73.810838] md: md0 stopped. [ 73.816557] md: md0 stopped. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.822985] md: md0 stopped. [ 73.831523] md: md0 stopped. [ 73.836513] md: md0 stopped. [ 73.842536] md: md0 stopped. [ 73.847269] md: md0 stopped. [ 73.853634] md: md0 stopped. [ 73.859582] md: md0 stopped. [ 73.867242] md: md0 stopped. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 73.872429] md: md0 stopped. [ 73.881243] md: md0 stopped. [ 73.885244] md: md0 stopped. [ 73.891582] md: md0 stopped. [ 73.902931] md: md0 stopped. executing program executing program executing program executing program [ 73.954489] md: md0 stopped. [ 73.964927] ================================================================== [ 73.964932] md: md0 stopped. [ 73.965024] BUG: KASAN: use-after-free in disk_unblock_events+0x55/0x60 [ 73.981999] md: md0 stopped. [ 73.982731] Read of size 8 at addr ffff88809a86e7c8 by task syz-executor889/7287 [ 73.982735] [ 73.982744] CPU: 0 PID: 7287 Comm: syz-executor889 Not tainted 4.14.115 #5 executing program executing program executing program executing program [ 73.982748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.982780] Call Trace: [ 73.993447] md: md0 stopped. [ 73.995003] dump_stack+0x138/0x19c [ 73.995019] ? disk_unblock_events+0x55/0x60 [ 74.007082] md: md0 stopped. [ 74.011581] print_address_description.cold+0x7c/0x1dc [ 74.011598] ? disk_unblock_events+0x55/0x60 [ 74.011604] kasan_report.cold+0x11e/0x2db [ 74.011625] __asan_report_load8_noabort+0x14/0x20 [ 74.011632] disk_unblock_events+0x55/0x60 executing program executing program [ 74.011653] __blkdev_get+0x7d8/0x1120 [ 74.011666] ? __blkdev_put+0x7f0/0x7f0 [ 74.019097] md: md0 stopped. [ 74.021223] ? bd_acquire+0x178/0x2c0 [ 74.021263] ? find_held_lock+0x35/0x130 [ 74.021273] blkdev_get+0xa8/0x8e0 [ 74.021284] ? bd_may_claim+0xd0/0xd0 [ 74.021306] ? _raw_spin_unlock+0x2d/0x50 [ 74.021317] blkdev_open+0x1d1/0x260 [ 74.021338] ? security_file_open+0x8f/0x1a0 [ 74.030832] md: md0 stopped. [ 74.034556] do_dentry_open+0x73e/0xeb0 [ 74.034574] ? bd_acquire+0x2c0/0x2c0 executing program executing program executing program [ 74.048565] md: md0 stopped. [ 74.052570] vfs_open+0x105/0x230 [ 74.052601] path_openat+0x8bd/0x3f70 [ 74.052620] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.052633] ? trace_hardirqs_on+0x10/0x10 [ 74.052646] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 74.052652] ? __lock_is_held+0xb6/0x140 [ 74.052659] ? save_trace+0x290/0x290 [ 74.052675] ? __alloc_fd+0x1d4/0x4a0 [ 74.052684] do_filp_open+0x18e/0x250 [ 74.052695] ? __alloc_fd+0x1d4/0x4a0 [ 74.061035] md: md0 stopped. [ 74.063602] ? may_open_dev+0xe0/0xe0 [ 74.063631] ? _raw_spin_unlock+0x2d/0x50 [ 74.071061] md: md0 stopped. [ 74.071538] ? __alloc_fd+0x1d4/0x4a0 [ 74.079711] md: md0 stopped. [ 74.083271] do_sys_open+0x2c5/0x430 [ 74.083282] ? filp_open+0x70/0x70 [ 74.083291] ? up_read+0x1a/0x40 [ 74.083303] SyS_openat+0x30/0x40 [ 74.083308] ? SyS_open+0x40/0x40 [ 74.083343] do_syscall_64+0x1eb/0x630 [ 74.083351] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 74.083368] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.083376] RIP: 0033:0x441259 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 74.083384] RSP: 002b:00007ffc28007d78 EFLAGS: 00000246 [ 74.093051] md: md0 stopped. [ 74.094647] ORIG_RAX: 0000000000000101 [ 74.094653] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441259 [ 74.094658] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 74.094662] RBP: 00000000000120a8 R08: 0000000000000004 R09: 00000000004002c8 [ 74.094666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401fd0 [ 74.094670] R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000 [ 74.094685] executing program executing program executing program executing program executing program executing program [ 74.103279] md: md0 stopped. [ 74.105640] Allocated by task 1: [ 74.105667] save_stack_trace+0x16/0x20 [ 74.114439] md: md0 stopped. [ 74.118290] save_stack+0x45/0xd0 [ 74.118297] kasan_kmalloc+0xce/0xf0 [ 74.118307] kmem_cache_alloc_node_trace+0x153/0x770 [ 74.118315] alloc_disk_node+0x64/0x3e0 [ 74.118324] alloc_disk+0x1b/0x20 [ 74.127473] md: md0 stopped. [ 74.128120] md_alloc+0x219/0x840 [ 74.128131] md_probe+0x31/0x40 [ 74.137021] md: md0 stopped. [ 74.139860] kobj_lookup+0x221/0x410 executing program executing program executing program executing program executing program [ 74.139873] get_gendisk+0x3b/0x240 [ 74.148721] md: md0 stopped. [ 74.150530] __blkdev_get+0x3b1/0x1120 [ 74.150537] blkdev_get+0xa8/0x8e0 [ 74.150541] blkdev_open+0x1d1/0x260 [ 74.150549] do_dentry_open+0x73e/0xeb0 [ 74.150554] vfs_open+0x105/0x230 [ 74.150559] path_openat+0x8bd/0x3f70 [ 74.150564] do_filp_open+0x18e/0x250 [ 74.150570] do_sys_open+0x2c5/0x430 [ 74.150576] SyS_open+0x2d/0x40 [ 74.150639] md_run_setup+0x7a/0xad [ 74.150651] prepare_namespace+0x4a/0x21d [ 74.159043] md: md0 stopped. executing program executing program [ 74.161656] kernel_init_freeable+0x51a/0x538 [ 74.161667] kernel_init+0x12/0x162 [ 74.161674] ret_from_fork+0x3a/0x50 [ 74.161677] [ 74.161681] Freed by task 7287: [ 74.161690] save_stack_trace+0x16/0x20 [ 74.161699] save_stack+0x45/0xd0 [ 74.161704] kasan_slab_free+0x75/0xc0 [ 74.161708] kfree+0xcc/0x270 [ 74.161716] disk_release+0x24b/0x2d0 [ 74.161725] device_release+0xfa/0x1b0 [ 74.161733] kobject_put.cold+0x26f/0x2ff [ 74.161738] put_disk+0x23/0x30 [ 74.161745] __blkdev_get+0x73e/0x1120 [ 74.161750] blkdev_get+0xa8/0x8e0 [ 74.161758] blkdev_open+0x1d1/0x260 [ 74.171611] md: md0 stopped. [ 74.172308] do_dentry_open+0x73e/0xeb0 [ 74.180932] md: md0 stopped. [ 74.182670] vfs_open+0x105/0x230 [ 74.182677] path_openat+0x8bd/0x3f70 [ 74.182683] do_filp_open+0x18e/0x250 [ 74.182690] do_sys_open+0x2c5/0x430 [ 74.182698] SyS_openat+0x30/0x40 [ 74.191373] md: md0 stopped. [ 74.194905] do_syscall_64+0x1eb/0x630 [ 74.194919] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.194922] [ 74.194929] The buggy address belongs to the object at ffff88809a86e240 [ 74.194929] which belongs to the cache kmalloc-2048 of size 2048 [ 74.194939] The buggy address is located 1416 bytes inside of [ 74.194939] 2048-byte region [ffff88809a86e240, ffff88809a86ea40) [ 74.205299] md: md0 stopped. [ 74.209179] The buggy address belongs to the page: [ 74.209193] page:ffffea00026a1b80 count:1 mapcount:0 mapping:ffff88809a86e240 index:0x0 compound_mapcount: 0 [ 74.209204] flags: 0x1fffc0000008100(slab|head) [ 74.209214] raw: 01fffc0000008100 ffff88809a86e240 0000000000000000 0000000100000003 [ 74.209221] raw: ffffea00026a1520 ffffea0002696720 ffff8880aa800c40 0000000000000000 [ 74.209224] page dumped because: kasan: bad access detected [ 74.209232] [ 74.220669] md: md0 stopped. [ 74.223707] Memory state around the buggy address: [ 74.223720] ffff88809a86e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.223725] ffff88809a86e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.223730] >ffff88809a86e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.223734] ^ [ 74.223739] ffff88809a86e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.223744] ffff88809a86e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.223747] ================================================================== [ 74.223756] Disabling lock debugging due to kernel taint [ 74.234101] md: md0 stopped. [ 74.242870] Kernel panic - not syncing: panic_on_warn set ... [ 74.242870] [ 74.255555] md: md0 stopped. [ 74.258071] CPU: 0 PID: 7287 Comm: syz-executor889 Tainted: G B 4.14.115 #5 [ 74.258075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.258079] Call Trace: [ 74.258098] dump_stack+0x138/0x19c [ 74.258112] ? disk_unblock_events+0x55/0x60 [ 74.264474] md: md0 stopped. [ 74.265505] panic+0x1f2/0x438 [ 74.265515] ? add_taint.cold+0x16/0x16 [ 74.271262] md: md0 stopped. [ 74.272001] ? ___preempt_schedule+0x16/0x18 [ 74.272016] kasan_end_report+0x47/0x4f [ 74.278508] md: md0 stopped. [ 74.280855] kasan_report.cold+0x13b/0x2db [ 74.280864] __asan_report_load8_noabort+0x14/0x20 [ 74.280873] disk_unblock_events+0x55/0x60 [ 74.280880] __blkdev_get+0x7d8/0x1120 [ 74.280889] ? __blkdev_put+0x7f0/0x7f0 [ 74.280894] ? bd_acquire+0x178/0x2c0 [ 74.280904] ? find_held_lock+0x35/0x130 [ 74.280913] blkdev_get+0xa8/0x8e0 [ 74.287681] md: md0 stopped. [ 74.288441] ? bd_may_claim+0xd0/0xd0 [ 74.288455] ? _raw_spin_unlock+0x2d/0x50 [ 74.294641] md: md0 stopped. [ 74.295112] blkdev_open+0x1d1/0x260 [ 74.302218] md: md0 stopped. [ 74.305434] ? security_file_open+0x8f/0x1a0 [ 74.305447] do_dentry_open+0x73e/0xeb0 [ 74.305460] ? bd_acquire+0x2c0/0x2c0 [ 74.312349] md: md0 stopped. [ 74.316071] vfs_open+0x105/0x230 [ 74.316080] path_openat+0x8bd/0x3f70 [ 74.316092] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.316106] ? trace_hardirqs_on+0x10/0x10 [ 74.323933] md: md0 stopped. [ 74.327457] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 74.327468] ? __lock_is_held+0xb6/0x140 [ 74.327487] ? save_trace+0x290/0x290 [ 74.334160] md: md0 stopped. [ 74.334797] ? __alloc_fd+0x1d4/0x4a0 [ 74.342128] md: md0 stopped. [ 74.342323] do_filp_open+0x18e/0x250 [ 74.348777] md: md0 stopped. [ 74.349245] ? __alloc_fd+0x1d4/0x4a0 [ 74.357903] md: md0 stopped. [ 74.361090] ? may_open_dev+0xe0/0xe0 [ 74.361106] ? _raw_spin_unlock+0x2d/0x50 [ 74.361114] ? __alloc_fd+0x1d4/0x4a0 [ 74.361126] do_sys_open+0x2c5/0x430 [ 74.361134] ? filp_open+0x70/0x70 [ 74.361143] ? up_read+0x1a/0x40 [ 74.361156] SyS_openat+0x30/0x40 [ 74.367992] md: md0 stopped. [ 74.368678] ? SyS_open+0x40/0x40 [ 74.374585] md: md0 stopped. [ 74.377735] do_syscall_64+0x1eb/0x630 [ 74.377743] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 74.377760] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 74.384420] md: md0 stopped. [ 74.385230] RIP: 0033:0x441259 [ 74.391873] md: md0 stopped. [ 74.392229] RSP: 002b:00007ffc28007d78 EFLAGS: 00000246 [ 74.399175] md: md0 stopped. [ 74.400400] ORIG_RAX: 0000000000000101 [ 74.400405] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441259 [ 74.400409] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 74.400412] RBP: 00000000000120a8 R08: 0000000000000004 R09: 00000000004002c8 [ 74.400415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401fd0 [ 74.400419] R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000 [ 74.401925] Kernel Offset: disabled [ 74.925247] Rebooting in 86400 seconds..