[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[   11.071317] random: sshd: uninitialized urandom read (32 bytes read)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[   11.160606] random: crng init done
[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   64.927051] ==================================================================
[   64.928199] BUG: KASAN: use-after-free in disk_unblock_events+0x55/0x60
[   64.929164] Read of size 8 at addr ffff8801cddc6b60 by task syz-executor079/2085
[   64.930250] 
[   64.930537] CPU: 0 PID: 2085 Comm: syz-executor079 Not tainted 4.9.168+ #40
[   64.931562]  ffff8801d6df7730 ffffffff81b4f5d1 0000000000000000 ffffea0007377000
[   64.932847]  ffff8801cddc6b60 0000000000000008 ffffffff81b21b35 ffff8801d6df7768
[   64.934223]  ffffffff81506898 0000000000000000 ffff8801cddc6b60 ffff8801cddc6b60
[   64.935504] Call Trace:
[   64.935888]  [<000000005ba6800b>] dump_stack+0xc1/0x120
[   64.936667]  [<00000000a65506f5>] ? disk_unblock_events+0x55/0x60
[   64.937498]  [<000000003ed305d2>] print_address_description+0x6f/0x23a
[   64.938485]  [<00000000a65506f5>] ? disk_unblock_events+0x55/0x60
[   64.939379]  [<0000000057f01885>] kasan_report.cold+0x8c/0x2ba
[   64.940235]  [<00000000c319bd70>] __asan_report_load8_noabort+0x14/0x20
[   64.941168]  [<00000000a65506f5>] disk_unblock_events+0x55/0x60
[   64.942112]  [<00000000ce2b7bfa>] __blkdev_get+0x6ba/0xeb0
[   64.942996]  [<000000007a6dcfaa>] ? __blkdev_put+0x840/0x840
[   64.943771]  [<0000000010f4fc77>] ? __might_sleep+0x95/0x1a0
[   64.944622]  [<0000000008c3e9dc>] blkdev_get+0x2e8/0x920
[   64.945620]  [<00000000f2bec7f8>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   64.946652]  [<0000000073f1e43e>] ? bd_may_claim+0xd0/0xd0
[   64.949254]  [<000000004a394543>] ? bd_acquire+0xf9/0x250
[   64.954773]  [<00000000f23b64e5>] ? bd_acquire+0x12f/0x250
[   64.960389]  [<0000000099acc471>] ? _raw_spin_unlock+0x2d/0x50
[   64.966343]  [<000000005b373118>] blkdev_open+0x1aa/0x250
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   64.971914]  [<00000000d0d52f76>] do_dentry_open+0x422/0xd20
[   64.977699]  [<00000000853e6471>] ? blkdev_get_by_dev+0x80/0x80
[   64.983871]  [<0000000043341c86>] vfs_open+0x105/0x230
[   64.989129]  [<00000000b9dcee3f>] ? may_open.isra.0+0x139/0x290
[   64.995164]  [<000000002b62e986>] path_openat+0xbf5/0x2f60
[   65.000771]  [<00000000f12c2090>] ? path_mountpoint+0x6d0/0x6d0
[   65.006804]  [<000000005cbd3098>] do_filp_open+0x1a1/0x280
[   65.012412]  [<00000000d55ef514>] ? may_open_dev+0xe0/0xe0
[   65.018092]  [<000000002f59be53>] ? __alloc_fd+0x1d4/0x490
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.023704]  [<0000000099acc471>] ? _raw_spin_unlock+0x2d/0x50
[   65.029763]  [<000000002f59be53>] ? __alloc_fd+0x1d4/0x490
[   65.035457]  [<0000000049e4586c>] do_sys_open+0x2f0/0x610
[   65.040995]  [<00000000a3a62963>] ? filp_open+0x70/0x70
[   65.046339]  [<00000000121b8f67>] ? __do_page_fault+0x545/0xa60
[   65.052378]  [<00000000d464c51d>] SyS_open+0x2d/0x40
[   65.057548]  [<000000001e00cab9>] ? do_sys_open+0x610/0x610
[   65.063246]  [<000000000b2d15dc>] do_syscall_64+0x1ad/0x570
[   65.068944]  [<000000005ecf3c0c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   65.075845] 
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.077448] Allocated by task 2085:
[   65.081061]  save_stack_trace+0x16/0x20
[   65.085010]  kasan_kmalloc.part.0+0x62/0xf0
[   65.089310]  kasan_kmalloc+0xb7/0xd0
[   65.093006]  kmem_cache_alloc_trace+0x115/0x2d0
[   65.097659]  alloc_disk_node+0x50/0x3c0
[   65.101611]  alloc_disk+0x1b/0x20
[   65.105042]  loop_add+0x37e/0x7b0
[   65.108464]  loop_control_ioctl+0x138/0x2f0
[   65.112763]  do_vfs_ioctl+0xb87/0x11d0
[   65.116708]  SyS_ioctl+0x8f/0xc0
[   65.120057]  do_syscall_64+0x1ad/0x570
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.123924]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   65.129042] 
[   65.130688] Freed by task 2085:
[   65.133950]  save_stack_trace+0x16/0x20
[   65.137896]  kasan_slab_free+0xb0/0x190
[   65.141847]  kfree+0xfc/0x310
[   65.144933]  disk_release+0x255/0x330
[   65.148707]  device_release+0x7d/0x220
[   65.152570]  kobject_put+0x150/0x260
[   65.156301]  put_disk+0x23/0x30
[   65.159626]  __blkdev_get+0x61a/0xeb0
[   65.163508]  blkdev_get+0x2e8/0x920
[   65.167109]  blkdev_open+0x1aa/0x250
[   65.170841]  do_dentry_open+0x422/0xd20
[   65.174795]  vfs_open+0x105/0x230
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.178229]  path_openat+0xbf5/0x2f60
[   65.182019]  do_filp_open+0x1a1/0x280
[   65.185804]  do_sys_open+0x2f0/0x610
[   65.189497]  SyS_open+0x2d/0x40
[   65.192756]  do_syscall_64+0x1ad/0x570
[   65.196627]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   65.201706] 
[   65.203312] The buggy address belongs to the object at ffff8801cddc6600
[   65.203312]  which belongs to the cache kmalloc-2048 of size 2048
[   65.216252] The buggy address is located 1376 bytes inside of
[   65.216252]  2048-byte region [ffff8801cddc6600, ffff8801cddc6e00)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.228291] The buggy address belongs to the page:
[   65.233239] page:ffffea0007377000 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
[   65.243430] flags: 0x4000000000010200(slab|head)
[   65.248160] page dumped because: kasan: bad access detected
[   65.253845] 
[   65.255444] Memory state around the buggy address:
[   65.260354]  ffff8801cddc6a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.267694]  ffff8801cddc6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.275030] >ffff8801cddc6b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.282364]                                                        ^
[   65.288835]  ffff8801cddc6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.296176]  ffff8801cddc6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.303516] ==================================================================
[   65.310854] Disabling lock debugging due to kernel taint
[   65.318330] Kernel panic - not syncing: panic_on_warn set ...
[   65.318330] 
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.325691] CPU: 0 PID: 2085 Comm: syz-executor079 Tainted: G    B           4.9.168+ #40
[   65.334020]  ffff8801d6df7670 ffffffff81b4f5d1 ffff8801d6df7700 ffffffff82e3cb7f
[   65.342069]  00000000ffffffff 0000000000000000 ffffffff81b21b35 ffff8801d6df7750
[   65.350134]  ffffffff813f945a 0000000041b58ab3 ffffffff82e2ec5a ffffffff813f9281
[   65.358408] Call Trace:
[   65.360992]  [<000000005ba6800b>] dump_stack+0xc1/0x120
[   65.366338]  [<00000000a65506f5>] ? disk_unblock_events+0x55/0x60
[   65.372556]  [<00000000df90a9e5>] panic+0x1d9/0x3bd
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.377552]  [<000000006b3785e0>] ? add_taint.cold+0x16/0x16
[   65.383446]  [<00000000cd1d1699>] ? preempt_schedule_common+0x4f/0xe0
[   65.390031]  [<00000000a65506f5>] ? disk_unblock_events+0x55/0x60
[   65.396267]  [<00000000b1ca8c95>] ? preempt_schedule+0x26/0x30
[   65.402240]  [<00000000e9a5b805>] ? ___preempt_schedule+0x16/0x18
[   65.408476]  [<000000002ad00c32>] kasan_end_report+0x47/0x4f
[   65.414272]  [<000000005e16ebe0>] kasan_report.cold+0xa9/0x2ba
[   65.420241]  [<00000000c319bd70>] __asan_report_load8_noabort+0x14/0x20
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.426995]  [<00000000a65506f5>] disk_unblock_events+0x55/0x60
[   65.433054]  [<00000000ce2b7bfa>] __blkdev_get+0x6ba/0xeb0
[   65.438685]  [<000000007a6dcfaa>] ? __blkdev_put+0x840/0x840
[   65.444487]  [<0000000010f4fc77>] ? __might_sleep+0x95/0x1a0
[   65.450291]  [<0000000008c3e9dc>] blkdev_get+0x2e8/0x920
[   65.455742]  [<00000000f2bec7f8>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   65.462498]  [<0000000073f1e43e>] ? bd_may_claim+0xd0/0xd0
[   65.468219]  [<000000004a394543>] ? bd_acquire+0xf9/0x250
[   65.473759]  [<00000000f23b64e5>] ? bd_acquire+0x12f/0x250
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.479479]  [<0000000099acc471>] ? _raw_spin_unlock+0x2d/0x50
[   65.485454]  [<000000005b373118>] blkdev_open+0x1aa/0x250
[   65.490995]  [<00000000d0d52f76>] do_dentry_open+0x422/0xd20
[   65.496975]  [<00000000853e6471>] ? blkdev_get_by_dev+0x80/0x80
[   65.503043]  [<0000000043341c86>] vfs_open+0x105/0x230
[   65.508319]  [<00000000b9dcee3f>] ? may_open.isra.0+0x139/0x290
[   65.514381]  [<000000002b62e986>] path_openat+0xbf5/0x2f60
[   65.520005]  [<00000000f12c2090>] ? path_mountpoint+0x6d0/0x6d0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.526062]  [<000000005cbd3098>] do_filp_open+0x1a1/0x280
[   65.531716]  [<00000000d55ef514>] ? may_open_dev+0xe0/0xe0
[   65.537342]  [<000000002f59be53>] ? __alloc_fd+0x1d4/0x490
[   65.542978]  [<0000000099acc471>] ? _raw_spin_unlock+0x2d/0x50
[   65.548957]  [<000000002f59be53>] ? __alloc_fd+0x1d4/0x490
[   65.554740]  [<0000000049e4586c>] do_sys_open+0x2f0/0x610
[   65.560286]  [<00000000a3a62963>] ? filp_open+0x70/0x70
[   65.565657]  [<00000000121b8f67>] ? __do_page_fault+0x545/0xa60
[   65.571723]  [<00000000d464c51d>] SyS_open+0x2d/0x40
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   65.576828]  [<000000001e00cab9>] ? do_sys_open+0x610/0x610
[   65.582544]  [<000000000b2d15dc>] do_syscall_64+0x1ad/0x570
[   65.588346]  [<000000005ecf3c0c>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   65.595673] Kernel Offset: disabled
[   65.609625] Rebooting in 86400 seconds..