SELinux: Context unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 is not valid (left unmapped). print_req_error: I/O error, dev loop4, sector 0 EXT4-fs (sda1): Unrecognized mount option "smackfsdef=:^eth0Ä4keyringÓ!'" or missing value ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:332 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 Write of size 3586 at addr ffff88818fb0fca0 by task syz-executor.3/3265 CPU: 1 PID: 3265 Comm: syz-executor.3 Not tainted 4.14.152+ #0 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xca/0x134 lib/dump_stack.c:53 print_address_description+0x60/0x226 mm/kasan/report.c:187 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 memset+0x20/0x40 mm/kasan/common.c:113 memset include/linux/string.h:332 [inline] __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5884 [inline] ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5960 ext4_dirty_inode+0x6c/0x90 fs/ext4/inode.c:5994 __mark_inode_dirty+0x69c/0x1080 fs/fs-writeback.c:2141 mark_inode_dirty include/linux/fs.h:2050 [inline] generic_write_end+0x19a/0x250 fs/buffer.c:2218 ext4_da_write_end+0x25b/0xc40 fs/ext4/inode.c:3214 generic_perform_write+0x281/0x460 mm/filemap.c:3143 __generic_file_write_iter+0x32e/0x550 mm/filemap.c:3257 ext4_file_write_iter+0x58f/0xdb0 fs/ext4/file.c:268 EXT4-fs error (device sda1): ext4_xattr_ibody_get:590: inode #16548: comm syz-executor.2: corrupted in-inode xattr call_write_iter include/linux/fs.h:1798 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 vfs_write+0x17f/0x4d0 fs/read_write.c:546 SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a219 RSP: 002b:00007fdf32a92c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 RDX: 00000000175d900f RSI: 0000000020000200 RDI: 0000000000000004 RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf32a936d4 R13: 00000000004cab82 R14: 00000000004e3048 R15: 00000000ffffffff The buggy address belongs to the page: page:ffffea00063ec3c0 count:2 mapcount:0 mapping:ffff8881d56b8950 index:0x42e flags: 0x400000000000203a(referenced|dirty|lru|active|private) raw: 400000000000203a ffff8881d56b8950 000000000000042e 00000002ffffffff raw: ffffea00063b8aa0 ffffea00063e6e60 ffff8881d0ea0e70 ffff8881d641aa80 page dumped because: kasan: bad access detected page->mem_cgroup:ffff8881d641aa80 Memory state around the buggy address: ffff88818fb0ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88818fb0ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88818fb10000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88818fb10080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88818fb10100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== ------------[ cut here ]------------ kernel BUG at mm/memory.c:1508! print_req_error: I/O error, dev loop4, sector 80 invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Buffer I/O error on dev loop4, logical block 10, async page read Modules linked in: CPU: 1 PID: 3234 Comm: syz-executor.4 Tainted: G B 4.14.152+ #0 task: 000000005ff36639 task.stack: 00000000d2a55267 RIP: 0010:unmap_page_range+0x1034/0x1320 mm/memory.c:1508 RSP: 0018:ffff888198037648 EFLAGS: 00010297 RAX: ffff8881d084de00 RBX: dffffc0000000000 RCX: 0000be48f5894855 RDX: 0000000000000000 RSI: ffffffffae257490 RDI: ffff8881980377f0 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed103206a6c4 R10: ffffed103206a6c3 R11: ffff88819035361b R12: ffffffffae257498 R13: ffff888190353180 R14: 0000be48f5894855 R15: 5441554156415741 FS: 00007f683ad81700(0000) GS:ffff8881d7700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f66e96a8330 CR3: 00000001e2026003 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __oom_reap_task_mm+0x18b/0x2d0 mm/oom_kill.c:499 exit_mmap+0x366/0x440 mm/mmap.c:3049 __mmput kernel/fork.c:940 [inline] mmput+0xeb/0x370 kernel/fork.c:961 exit_mm kernel/exit.c:545 [inline] do_exit+0x905/0x2a20 kernel/exit.c:862 do_group_exit+0x100/0x2e0 kernel/exit.c:978 get_signal+0x39f/0x1cc0 kernel/signal.c:2422 do_signal+0x96/0x15d0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x11d/0x160 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x3a3/0x520 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a219 RSP: 002b:00007f683ad80cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000075bfd0 RCX: 000000000045a219 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffd2d8fea1f R14: 00007f683ad819c0 R15: 000000000075bfd4 Code: 7c 24 60 e8 0f 6a 02 00 4c 8b 7c 24 38 e9 83 f2 ff ff e8 50 99 e3 ff 48 8b 7c 24 58 e8 86 69 02 00 e9 96 f2 ff ff e8 3c 99 e3 ff <0f> 0b e8 35 99 e3 ff 31 d2 be a6 05 00 00 48 c7 c7 60 32 0b b0 RIP: unmap_page_range+0x1034/0x1320 mm/memory.c:1508 RSP: ffff888198037648 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#2] PREEMPT SMP KASAN NOPTI Modules linked in: CPU: 1 PID: 3234 Comm: syz-executor.4 Tainted: G B D 4.14.152+ #0 task: 000000005ff36639 task.stack: 00000000d2a55267 RIP: 0010:entity_before kernel/sched/fair.c:528 [inline] RIP: 0010:__enqueue_entity+0x80/0x230 kernel/sched/fair.c:583 RSP: 0018:ffff8881d7707b10 EFLAGS: 00010007 RAX: 000000000048a6d8 RBX: 0000000002453685 RCX: ffffffffae3986a6 RDX: 0000000000000000 RSI: ffff8881d7729308 RDI: 00000000024536c5 RBP: ffff888193fec730 R08: 00000000e0ccdeeb R09: fffffbfff6208485 R10: fffffbfff6208484 R11: 0000000000000003 R12: dffffc0000000000 R13: ffff8881d6642f80 R14: 0000000b69c7ec2b R15: 00000000005b8d80 FS: 00007f683ad81700(0000) GS:ffff8881d7700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f66e96a8330 CR3: 00000001e2026003 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: enqueue_entity kernel/sched/fair.c:4005 [inline] enqueue_task_fair+0xbf4/0x6300 kernel/sched/fair.c:5354 ttwu_activate kernel/sched/core.c:1686 [inline] ttwu_do_activate+0xd3/0x200 kernel/sched/core.c:1745 ttwu_queue kernel/sched/core.c:1890 [inline] try_to_wake_up+0x803/0x1290 kernel/sched/core.c:2130 call_timer_fn+0x15b/0x6a0 kernel/time/timer.c:1279 expire_timers+0x227/0x4c0 kernel/time/timer.c:1318 __run_timers kernel/time/timer.c:1636 [inline] run_timer_softirq+0x1eb/0x5d0 kernel/time/timer.c:1649 __do_softirq+0x234/0x9ec kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x114/0x150 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x1a7/0x650 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:oops_end+0x43/0x90 arch/x86/kernel/dumpstack.c:288 RSP: 0018:ffff888198037410 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 RAX: ffff8881d084de00 RBX: 0000000000000297 RCX: ffffffffae2d89e7 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000297 RBP: 000000000000000b R08: 0000000000000000 R09: fffffbfff6102c91 R10: fffffbfff6102c90 R11: 0000000000000003 R12: 0000000000000004 R13: ffff888198037598 R14: ffff8881d084de00 R15: ffff8881d084f0b0 do_trap_no_signal arch/x86/kernel/traps.c:213 [inline] do_trap+0x1b8/0x250 arch/x86/kernel/traps.c:257 do_error_trap+0x145/0x2d0 arch/x86/kernel/traps.c:301 invalid_op+0x18/0x40 arch/x86/entry/entry_64.S:963 RIP: 0010:unmap_page_range+0x1034/0x1320 mm/memory.c:1508 RSP: 0018:ffff888198037648 EFLAGS: 00010297 RAX: ffff8881d084de00 RBX: dffffc0000000000 RCX: 0000be48f5894855 RDX: 0000000000000000 RSI: ffffffffae257490 RDI: ffff8881980377f0 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed103206a6c4 R10: ffffed103206a6c3 R11: ffff88819035361b R12: ffffffffae257498 R13: ffff888190353180 R14: 0000be48f5894855 R15: 5441554156415741 __oom_reap_task_mm+0x18b/0x2d0 mm/oom_kill.c:499 exit_mmap+0x366/0x440 mm/mmap.c:3049 __mmput kernel/fork.c:940 [inline] mmput+0xeb/0x370 kernel/fork.c:961 exit_mm kernel/exit.c:545 [inline] do_exit+0x905/0x2a20 kernel/exit.c:862 do_group_exit+0x100/0x2e0 kernel/exit.c:978 get_signal+0x39f/0x1cc0 kernel/signal.c:2422 do_signal+0x96/0x15d0 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x11d/0x160 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x3a3/0x520 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a219 RSP: 002b:00007f683ad80cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000075bfd0 RCX: 000000000045a219 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 R13: 00007ffd2d8fea1f R14: 00007f683ad819c0 R15: 000000000075bfd4 Code: 02 00 0f 85 c1 01 00 00 4d 8b 75 50 ba 01 00 00 00 49 bc 00 00 00 00 00 fc ff df eb 03 48 89 c3 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 da 00 00 00 4c 3b 73 40 48 8d 6b 10 78 06 RIP: entity_before kernel/sched/fair.c:528 [inline] RSP: ffff8881d7707b10 RIP: __enqueue_entity+0x80/0x230 kernel/sched/fair.c:583 RSP: ffff8881d7707b10 ---[ end trace 4c44b7346495420b ]---