INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-4,10.128.15.229' (ECDSA) to the list of known hosts. 2017/10/28 11:26:40 parsed 1 programs 2017/10/28 11:26:40 executed programs: 0 syzkaller login: [ 43.611730] IPVS: Creating netns size=2536 id=1 [ 43.626606] IPVS: Creating netns size=2536 id=2 [ 43.641666] IPVS: Creating netns size=2536 id=3 [ 43.670797] IPVS: Creating netns size=2536 id=4 [ 43.700517] IPVS: Creating netns size=2536 id=5 [ 43.726462] IPVS: Creating netns size=2536 id=6 [ 43.756192] IPVS: Creating netns size=2536 id=7 [ 43.775708] IPVS: Creating netns size=2536 id=8 2017/10/28 11:26:45 executed programs: 263 [ 53.083113] ================================================================== [ 53.090531] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 at addr ffff8801c63f62e0 [ 53.099436] Read of size 8 by task blkid/7914 [ 53.103912] CPU: 1 PID: 7914 Comm: blkid Not tainted 4.9.58-g3861f0b #75 [ 53.110727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.120065] ffff8801c97f7760 ffffffff81d91149 ffff8801da002000 ffff8801c63f5d80 [ 53.128102] ffff8801c63f6580 ffffed0038c7ec5c ffff8801c63f62e0 ffff8801c97f7788 [ 53.136121] ffffffff8153c01c ffffed0038c7ec5c ffff8801da002000 0000000000000000 [ 53.144132] Call Trace: [ 53.146714] [] dump_stack+0xc1/0x128 [ 53.152071] [] kasan_object_err+0x1c/0x70 [ 53.157865] [] kasan_report.part.1+0x21c/0x500 [ 53.164444] [] ? disk_unblock_events+0x51/0x60 [ 53.170676] [] ? dev_attr_show+0xc0/0xc0 [ 53.176366] [] __asan_report_load8_noabort+0x29/0x30 [ 53.183086] [] disk_unblock_events+0x51/0x60 [ 53.189113] [] __blkdev_get+0x4b5/0xd50 [ 53.194708] [] ? avc_has_perm+0xb0/0x4f0 [ 53.200390] [] ? __blkdev_put+0x7e0/0x7e0 [ 53.206170] [] blkdev_get+0x33b/0x960 [ 53.211604] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 53.217986] [] ? bd_acquire+0x27/0x250 [ 53.223502] [] ? bd_acquire+0x88/0x250 [ 53.229033] [] ? _raw_spin_unlock+0x2c/0x50 [ 53.234982] [] blkdev_open+0x1a5/0x250 [ 53.240493] [] do_dentry_open+0x607/0xc60 [ 53.246277] [] ? blkdev_get_by_dev+0x60/0x60 [ 53.252315] [] vfs_open+0x105/0x220 [ 53.257566] [] ? may_open+0x231/0x2e0 [ 53.262984] [] path_openat+0x5ac/0x2910 [ 53.268578] [] ? path_lookupat+0x3f0/0x3f0 [ 53.274439] [] ? filemap_map_pages+0x607/0xd70 [ 53.280644] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 53.287626] [] ? find_lock_entry+0x3e0/0x3e0 [ 53.293656] [] ? lru_cache_add+0xd9/0x1e0 [ 53.299425] [] ? handle_mm_fault+0x1ba1/0x2530 [ 53.305634] [] do_filp_open+0x197/0x290 [ 53.311225] [] ? may_open_dev+0xe0/0xe0 [ 53.316814] [] ? _raw_spin_unlock+0x2c/0x50 [ 53.322752] [] ? __alloc_fd+0x1d7/0x510 [ 53.328343] [] do_sys_open+0x352/0x4c0 [ 53.333853] [] ? filp_open+0x70/0x70 [ 53.339191] [] ? mm_fault_error+0x2c0/0x2c0 [ 53.345126] [] SyS_open+0x2d/0x40 [ 53.350200] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 53.356756] Object at ffff8801c63f5d80, in cache kmalloc-2048 size: 2048 [ 53.363564] Allocated: [ 53.366023] PID = 7881 [ 53.368488] save_stack_trace+0x16/0x20 [ 53.372425] save_stack+0x43/0xd0 [ 53.375842] kasan_kmalloc+0xad/0xe0 [ 53.379517] kmem_cache_alloc_trace+0xfb/0x2a0 [ 53.384067] alloc_disk_node+0x54/0x3b0 [ 53.388007] alloc_disk+0x18/0x20 [ 53.391424] loop_add+0x324/0x770 [ 53.394845] loop_probe+0x155/0x180 [ 53.398441] kobj_lookup+0x2ac/0x410 [ 53.402119] get_gendisk+0x37/0x2d0 [ 53.405714] __blkdev_get+0x34f/0xd50 [ 53.409482] blkdev_get+0x33b/0x960 [ 53.413071] blkdev_open+0x1a5/0x250 [ 53.416754] do_dentry_open+0x607/0xc60 [ 53.420693] vfs_open+0x105/0x220 [ 53.424113] path_openat+0x5ac/0x2910 [ 53.427879] do_filp_open+0x197/0x290 [ 53.431645] do_sys_open+0x352/0x4c0 [ 53.435324] SyS_open+0x2d/0x40 [ 53.438570] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 53.443286] Freed: [ 53.445400] PID = 7914 [ 53.447864] save_stack_trace+0x16/0x20 [ 53.451805] save_stack+0x43/0xd0 [ 53.455222] kasan_slab_free+0x73/0xc0 [ 53.459073] kfree+0xf0/0x2f0 [ 53.462144] disk_release+0x259/0x330 [ 53.465910] device_release+0x7c/0x210 [ 53.469762] kobject_release+0xed/0x1a0 [ 53.473699] kobject_put+0x63/0xc0 [ 53.477205] put_disk+0x23/0x30 [ 53.480450] __blkdev_get+0x415/0xd50 [ 53.484217] blkdev_get+0x33b/0x960 [ 53.487808] blkdev_open+0x1a5/0x250 [ 53.491484] do_dentry_open+0x607/0xc60 [ 53.495439] vfs_open+0x105/0x220 [ 53.498857] path_openat+0x5ac/0x2910 [ 53.502628] do_filp_open+0x197/0x290 [ 53.506396] do_sys_open+0x352/0x4c0 [ 53.510084] SyS_open+0x2d/0x40 [ 53.513332] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 53.518050] Memory state around the buggy address: [ 53.522948] ffff8801c63f6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.530280] ffff8801c63f6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.537603] >ffff8801c63f6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.544926] ^ [ 53.551383] ffff8801c63f6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.558708] ffff8801c63f6380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.566032] ================================================================== 2017/10/28 11:26:50 executed programs: 479