INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.0.44' (ECDSA) to the list of known hosts.
2017/10/28 13:52:36 parsed 1 programs
2017/10/28 13:52:36 executed programs: 0
2017/10/28 13:52:41 executed programs: 200
2017/10/28 13:52:46 executed programs: 372
2017/10/28 13:52:51 executed programs: 543
2017/10/28 13:52:56 executed programs: 717
2017/10/28 13:53:01 executed programs: 891
2017/10/28 13:53:06 executed programs: 1068
2017/10/28 13:53:11 executed programs: 1241
2017/10/28 13:53:16 executed programs: 1413
2017/10/28 13:53:21 executed programs: 1590
2017/10/28 13:53:26 executed programs: 1764
2017/10/28 13:53:31 executed programs: 1941
2017/10/28 13:53:36 executed programs: 2112
2017/10/28 13:53:41 executed programs: 2282
2017/10/28 13:53:46 executed programs: 2456
2017/10/28 13:53:51 executed programs: 2630
2017/10/28 13:53:56 executed programs: 2803
2017/10/28 13:54:01 executed programs: 2972
2017/10/28 13:54:06 executed programs: 3143
2017/10/28 13:54:11 executed programs: 3312
2017/10/28 13:54:16 executed programs: 3486
2017/10/28 13:54:21 executed programs: 3658
2017/10/28 13:54:26 executed programs: 3829
2017/10/28 13:54:31 executed programs: 4002
2017/10/28 13:54:36 executed programs: 4175
2017/10/28 13:54:41 executed programs: 4350
2017/10/28 13:54:46 executed programs: 4524
2017/10/28 13:54:51 executed programs: 4698
2017/10/28 13:54:56 executed programs: 4871
2017/10/28 13:55:01 executed programs: 5045
2017/10/28 13:55:06 executed programs: 5219
2017/10/28 13:55:11 executed programs: 5394
2017/10/28 13:55:16 executed programs: 5565
2017/10/28 13:55:21 executed programs: 5735
2017/10/28 13:55:26 executed programs: 5907
2017/10/28 13:55:31 executed programs: 6085
2017/10/28 13:55:36 executed programs: 6258
2017/10/28 13:55:42 executed programs: 6434
2017/10/28 13:55:47 executed programs: 6609
2017/10/28 13:55:52 executed programs: 6788
2017/10/28 13:55:57 executed programs: 6969
2017/10/28 13:56:02 executed programs: 7144
2017/10/28 13:56:07 executed programs: 7318
2017/10/28 13:56:12 executed programs: 7486
2017/10/28 13:56:17 executed programs: 7660
2017/10/28 13:56:22 executed programs: 7834
2017/10/28 13:56:27 executed programs: 8004
2017/10/28 13:56:32 executed programs: 8179
2017/10/28 13:56:37 executed programs: 8355
2017/10/28 13:56:42 executed programs: 8529
2017/10/28 13:56:47 executed programs: 8705
2017/10/28 13:56:52 executed programs: 8881
2017/10/28 13:56:57 executed programs: 9059
2017/10/28 13:57:02 executed programs: 9229
2017/10/28 13:57:07 executed programs: 9407
2017/10/28 13:57:12 executed programs: 9584
syzkaller login: [ 1573.140067] ==================================================================
[ 1573.141439] BUG: KASAN: use-after-free in __lock_acquire+0x3c9f/0x3d50
[ 1573.142399] Read of size 8 at addr ffff8801d279b3b0 by task blkid/26096
[ 1573.143295] 
[ 1573.143556] CPU: 1 PID: 26096 Comm: blkid Not tainted 4.14.0-rc6+ #150
[ 1573.144930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1573.146508] Call Trace:
[ 1573.147007]  dump_stack+0x194/0x257
[ 1573.147727]  ? arch_local_irq_restore+0x53/0x53
[ 1573.148524]  ? show_regs_print_info+0x65/0x65
[ 1573.149139]  ? __lock_acquire+0x3c9f/0x3d50
[ 1573.149770]  print_address_description+0x73/0x250
[ 1573.150464]  ? __lock_acquire+0x3c9f/0x3d50
[ 1573.151071]  kasan_report+0x25b/0x340
[ 1573.151599]  __asan_report_load8_noabort+0x14/0x20
[ 1573.152301]  __lock_acquire+0x3c9f/0x3d50
[ 1573.152869]  ? check_noncircular+0x20/0x20
[ 1573.153444]  ? __lock_is_held+0xb6/0x140
[ 1573.154062]  ? lo_release+0x6b/0x180
[ 1573.154582]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 1573.155334]  ? __perf_event_task_sched_in+0x200/0xc20
[ 1573.156098]  ? __lock_is_held+0xb6/0x140
[ 1573.156712]  ? find_held_lock+0x35/0x1d0
[ 1573.157314]  ? finish_task_switch+0x1d3/0x740
[ 1573.157930]  ? lock_downgrade+0x990/0x990
[ 1573.158743]  ? do_raw_spin_trylock+0x190/0x190
[ 1573.159459]  ? mark_held_locks+0xaf/0x100
[ 1573.160041]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1573.163493]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1573.168495]  ? trace_hardirqs_on+0xd/0x10
[ 1573.172632]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1573.177110]  ? finish_task_switch+0x1d3/0x740
[ 1573.181588]  ? finish_task_switch+0x1aa/0x740
[ 1573.186067]  ? preempt_notifier_dec+0x20/0x20
[ 1573.190555]  ? __schedule+0x8f3/0x2060
[ 1573.194426]  ? __sched_text_start+0x8/0x8
[ 1573.198557]  lock_acquire+0x1d5/0x580
[ 1573.202340]  ? lock_acquire+0x1d5/0x580
[ 1573.206296]  ? lo_release+0x6b/0x180
[ 1573.209996]  ? lock_release+0xa40/0xa40
[ 1573.213948]  ? check_same_owner+0x320/0x320
[ 1573.218253]  ? lock_release+0xa40/0xa40
[ 1573.222230]  ? lo_release+0x6b/0x180
[ 1573.225934]  ? lo_release+0x6b/0x180
[ 1573.229633]  __mutex_lock+0x16f/0x19d0
[ 1573.233502]  ? lo_release+0x6b/0x180
[ 1573.237197]  ? __mutex_lock+0x16f/0x19d0
[ 1573.241271]  ? __blkdev_put+0xa7/0x7c0
[ 1573.245140]  ? lo_release+0x6b/0x180
[ 1573.248833]  ? check_same_owner+0x320/0x320
[ 1573.253134]  ? __blkdev_put+0xa7/0x7c0
[ 1573.257000]  ? mutex_lock_io_nested+0x1880/0x1880
[ 1573.261822]  ? mutex_lock_io_nested+0x1880/0x1880
[ 1573.266644]  ? __might_sleep+0x95/0x190
[ 1573.270606]  ? blkdev_put+0x2a/0x4f0
[ 1573.274309]  ? check_noncircular+0x20/0x20
[ 1573.278523]  ? blkdev_put+0x2a/0x4f0
[ 1573.282220]  ? check_noncircular+0x20/0x20
[ 1573.286500]  ? is_bpf_text_address+0xa4/0x120
[ 1573.290981]  ? find_held_lock+0x35/0x1d0
[ 1573.295026]  ? blkdev_put+0x78/0x4f0
[ 1573.298729]  ? find_held_lock+0x35/0x1d0
[ 1573.302784]  ? __blkdev_put+0x2d9/0x7c0
[ 1573.306739]  ? lock_downgrade+0x990/0x990
[ 1573.310867]  ? do_raw_spin_trylock+0x190/0x190
[ 1573.315433]  ? __mutex_unlock_slowpath+0xe9/0xac0
[ 1573.320263]  ? lock_release+0xa40/0xa40
[ 1573.324230]  ? lo_compat_ioctl+0x140/0x140
[ 1573.328450]  mutex_lock_nested+0x16/0x20
[ 1573.332490]  ? mutex_lock_nested+0x16/0x20
[ 1573.336708]  lo_release+0x6b/0x180
[ 1573.340227]  ? lo_compat_ioctl+0x140/0x140
[ 1573.344440]  __blkdev_put+0x602/0x7c0
[ 1573.348225]  ? freeze_bdev+0x1e0/0x1e0
[ 1573.352096]  ? __fsnotify_parent+0xb4/0x3a0
[ 1573.356408]  blkdev_put+0x85/0x4f0
[ 1573.359931]  ? blkdev_put+0x4f0/0x4f0
[ 1573.363720]  blkdev_close+0x8b/0xb0
[ 1573.367393]  __fput+0x327/0x7e0
[ 1573.370658]  ? fput+0x140/0x140
[ 1573.373920]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1573.378399]  ____fput+0x15/0x20
[ 1573.381705]  task_work_run+0x199/0x270
[ 1573.385579]  ? task_work_cancel+0x210/0x210
[ 1573.389945]  ? exit_to_usermode_loop+0x8c/0x310
[ 1573.394603]  exit_to_usermode_loop+0x296/0x310
[ 1573.399174]  ? trace_event_raw_event_sys_exit+0x260/0x260
[ 1573.404703]  syscall_return_slowpath+0x42f/0x510
[ 1573.409467]  ? fd_install+0x60/0x60
[ 1573.413094]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[ 1573.418097]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[ 1573.423018]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1573.428030]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1573.432780]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 1573.437522] RIP: 0033:0x7f2252c8f2b0
[ 1573.441213] RSP: 002b:00007ffe10113bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1573.448899] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2252c8f2b0
[ 1573.456147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1573.463398] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 1573.470646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000023c0030
[ 1573.477893] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005
[ 1573.485149] 
[ 1573.486758] Allocated by task 26082:
[ 1573.490490]  save_stack_trace+0x16/0x20
[ 1573.494497]  save_stack+0x43/0xd0
[ 1573.497936]  kasan_kmalloc+0xad/0xe0
[ 1573.501632]  kmem_cache_alloc_trace+0x136/0x750
[ 1573.506281]  loop_add+0xbf/0xa50
[ 1573.509631]  loop_control_ioctl+0x2e9/0x490
[ 1573.513931]  do_vfs_ioctl+0x1b1/0x1520
[ 1573.517800]  SyS_ioctl+0x8f/0xc0
[ 1573.521151]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 1573.525882] 
[ 1573.527487] Freed by task 26082:
[ 1573.530832]  save_stack_trace+0x16/0x20
[ 1573.534787]  save_stack+0x43/0xd0
[ 1573.538219]  kasan_slab_free+0x71/0xc0
[ 1573.542083]  kfree+0xca/0x250
[ 1573.545168]  loop_remove+0x9a/0xc0
[ 1573.548691]  loop_control_ioctl+0x402/0x490
[ 1573.552995]  do_vfs_ioctl+0x1b1/0x1520
[ 1573.556860]  SyS_ioctl+0x8f/0xc0
[ 1573.560205]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 1573.564935] 
[ 1573.566542] The buggy address belongs to the object at ffff8801d279b200
[ 1573.566542]  which belongs to the cache kmalloc-1024 of size 1024
[ 1573.579350] The buggy address is located 432 bytes inside of
[ 1573.579350]  1024-byte region [ffff8801d279b200, ffff8801d279b600)
[ 1573.591287] The buggy address belongs to the page:
[ 1573.596194] page:ffffea000749e680 count:1 mapcount:0 mapping:ffff8801d279a000 index:0x0 compound_mapcount: 0
[ 1573.606141] flags: 0x200000000008100(slab|head)
[ 1573.610794] raw: 0200000000008100 ffff8801d279a000 0000000000000000 0000000100000007
[ 1573.618656] raw: ffffea0007202120 ffffea00074c5fa0 ffff8801dac00ac0 0000000000000000
[ 1573.626509] page dumped because: kasan: bad access detected
[ 1573.632194] 
[ 1573.633800] Memory state around the buggy address:
[ 1573.638707]  ffff8801d279b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1573.646050]  ffff8801d279b300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1573.653389] >ffff8801d279b380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1573.660725]                                      ^
[ 1573.665629]  ffff8801d279b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1573.672966]  ffff8801d279b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1573.680297] ==================================================================
[ 1573.687630] Disabling lock debugging due to kernel taint
[ 1573.693059] Kernel panic - not syncing: panic_on_warn set ...
[ 1573.693059] 
[ 1573.700398] CPU: 1 PID: 26096 Comm: blkid Tainted: G    B           4.14.0-rc6+ #150
[ 1573.708254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1573.717583] Call Trace:
[ 1573.720154]  dump_stack+0x194/0x257
[ 1573.723765]  ? arch_local_irq_restore+0x53/0x53
[ 1573.728413]  ? kasan_end_report+0x32/0x50
[ 1573.732542]  ? lock_downgrade+0x990/0x990
[ 1573.736670]  ? __lock_acquire+0x3c90/0x3d50
[ 1573.741042]  panic+0x1e4/0x417
[ 1573.744220]  ? __warn+0x1d9/0x1d9
[ 1573.747662]  ? __lock_acquire+0x3c9f/0x3d50
[ 1573.751964]  kasan_end_report+0x50/0x50
[ 1573.755917]  kasan_report+0x144/0x340
[ 1573.759698]  __asan_report_load8_noabort+0x14/0x20
[ 1573.764608]  __lock_acquire+0x3c9f/0x3d50
[ 1573.768738]  ? check_noncircular+0x20/0x20
[ 1573.772952]  ? __lock_is_held+0xb6/0x140
[ 1573.776996]  ? lo_release+0x6b/0x180
[ 1573.780691]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 1573.785867]  ? __perf_event_task_sched_in+0x200/0xc20
[ 1573.791044]  ? __lock_is_held+0xb6/0x140
[ 1573.795086]  ? find_held_lock+0x35/0x1d0
[ 1573.799128]  ? finish_task_switch+0x1d3/0x740
[ 1573.803602]  ? lock_downgrade+0x990/0x990
[ 1573.807733]  ? do_raw_spin_trylock+0x190/0x190
[ 1573.812298]  ? mark_held_locks+0xaf/0x100
[ 1573.816428]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1573.820902]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1573.825899]  ? trace_hardirqs_on+0xd/0x10
[ 1573.830034]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1573.834511]  ? finish_task_switch+0x1d3/0x740
[ 1573.838992]  ? finish_task_switch+0x1aa/0x740
[ 1573.843467]  ? preempt_notifier_dec+0x20/0x20
[ 1573.847947]  ? __schedule+0x8f3/0x2060
[ 1573.851817]  ? __sched_text_start+0x8/0x8
[ 1573.855948]  lock_acquire+0x1d5/0x580
[ 1573.859728]  ? lock_acquire+0x1d5/0x580
[ 1573.863683]  ? lo_release+0x6b/0x180
[ 1573.867380]  ? lock_release+0xa40/0xa40
[ 1573.871332]  ? check_same_owner+0x320/0x320
[ 1573.875634]  ? lock_release+0xa40/0xa40
[ 1573.879590]  ? lo_release+0x6b/0x180
[ 1573.883283]  ? lo_release+0x6b/0x180
[ 1573.886974]  __mutex_lock+0x16f/0x19d0
[ 1573.890839]  ? lo_release+0x6b/0x180
[ 1573.894532]  ? __mutex_lock+0x16f/0x19d0
[ 1573.898572]  ? __blkdev_put+0xa7/0x7c0
[ 1573.902437]  ? lo_release+0x6b/0x180
[ 1573.906130]  ? check_same_owner+0x320/0x320
[ 1573.910433]  ? __blkdev_put+0xa7/0x7c0
[ 1573.914300]  ? mutex_lock_io_nested+0x1880/0x1880
[ 1573.919125]  ? mutex_lock_io_nested+0x1880/0x1880
[ 1573.923948]  ? __might_sleep+0x95/0x190
[ 1573.927902]  ? blkdev_put+0x2a/0x4f0
[ 1573.931603]  ? check_noncircular+0x20/0x20
[ 1573.935818]  ? blkdev_put+0x2a/0x4f0
[ 1573.939513]  ? check_noncircular+0x20/0x20
[ 1573.943726]  ? is_bpf_text_address+0xa4/0x120
[ 1573.948201]  ? find_held_lock+0x35/0x1d0
[ 1573.952249]  ? blkdev_put+0x78/0x4f0
[ 1573.955943]  ? find_held_lock+0x35/0x1d0
[ 1573.959984]  ? __blkdev_put+0x2d9/0x7c0
[ 1573.963938]  ? lock_downgrade+0x990/0x990
[ 1573.968066]  ? do_raw_spin_trylock+0x190/0x190
[ 1573.972626]  ? __mutex_unlock_slowpath+0xe9/0xac0
[ 1573.977447]  ? lock_release+0xa40/0xa40
[ 1573.981404]  ? lo_compat_ioctl+0x140/0x140
[ 1573.985619]  mutex_lock_nested+0x16/0x20
[ 1573.989655]  ? mutex_lock_nested+0x16/0x20
[ 1573.993870]  lo_release+0x6b/0x180
[ 1573.997393]  ? lo_compat_ioctl+0x140/0x140
[ 1574.001606]  __blkdev_put+0x602/0x7c0
[ 1574.005389]  ? freeze_bdev+0x1e0/0x1e0
[ 1574.009259]  ? __fsnotify_parent+0xb4/0x3a0
[ 1574.013560]  blkdev_put+0x85/0x4f0
[ 1574.017079]  ? blkdev_put+0x4f0/0x4f0
[ 1574.020857]  blkdev_close+0x8b/0xb0
[ 1574.024461]  __fput+0x327/0x7e0
[ 1574.027719]  ? fput+0x140/0x140
[ 1574.030983]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1574.035457]  ____fput+0x15/0x20
[ 1574.038720]  task_work_run+0x199/0x270
[ 1574.042593]  ? task_work_cancel+0x210/0x210
[ 1574.046899]  ? exit_to_usermode_loop+0x8c/0x310
[ 1574.051549]  exit_to_usermode_loop+0x296/0x310
[ 1574.056114]  ? trace_event_raw_event_sys_exit+0x260/0x260
[ 1574.061635]  syscall_return_slowpath+0x42f/0x510
[ 1574.066369]  ? fd_install+0x60/0x60
[ 1574.069976]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[ 1574.074977]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[ 1574.079892]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1574.084889]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1574.089629]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 1574.094360] RIP: 0033:0x7f2252c8f2b0
[ 1574.098046] RSP: 002b:00007ffe10113bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1574.105729] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f2252c8f2b0
[ 1574.112973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1574.120220] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 1574.127470] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000023c0030
[ 1574.134716] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000005