[....] Starting enhanced syslogd: rsyslogd[ 9.757990] audit: type=1400 audit(1514080398.499:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.15.235' (ECDSA) to the list of known hosts. 2017/12/24 01:53:30 parsed 1 programs 2017/12/24 01:53:30 executed programs: 0 syzkaller login: [ 21.626418] audit: type=1400 audit(1514080410.369:5): avc: denied { sys_admin } for pid=3343 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 21.646012] IPVS: Creating netns size=2536 id=1 [ 21.662609] IPVS: Creating netns size=2536 id=2 [ 21.684330] audit: type=1400 audit(1514080410.429:6): avc: denied { sys_chroot } for pid=3346 comm="syz-executor4" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 21.719703] IPVS: Creating netns size=2536 id=3 [ 21.741138] IPVS: Creating netns size=2536 id=4 [ 21.762978] IPVS: Creating netns size=2536 id=5 [ 21.775059] IPVS: Creating netns size=2536 id=6 [ 21.807659] IPVS: Creating netns size=2536 id=7 [ 21.843575] IPVS: Creating netns size=2536 id=8 [ 26.405636] ================================================================== [ 26.413035] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 26.419777] Read of size 8 at addr ffff8801c14cda60 by task blkid/5149 [ 26.426413] [ 26.428011] CPU: 1 PID: 5149 Comm: blkid Not tainted 4.9.71-g2506378 #113 [ 26.434907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.444234] ffff8801c4167790 ffffffff81d922b9 ffffea0007053200 ffff8801c14cda60 [ 26.452216] 0000000000000000 ffff8801c14cda60 0000000000000000 ffff8801c41677c8 [ 26.460197] ffffffff8153bab3 ffff8801c14cda60 0000000000000008 0000000000000000 [ 26.468179] Call Trace: [ 26.470747] [] dump_stack+0xc1/0x128 [ 26.476094] [] print_address_description+0x73/0x280 [ 26.482748] [] kasan_report+0x275/0x360 [ 26.488362] [] ? disk_unblock_events+0x51/0x60 [ 26.494576] [] __asan_report_load8_noabort+0x14/0x20 [ 26.501684] [] disk_unblock_events+0x51/0x60 [ 26.507709] [] __blkdev_get+0x4b5/0xd50 [ 26.513298] [] ? __blkdev_put+0x7e0/0x7e0 [ 26.519062] [] blkdev_get+0x33b/0x960 [ 26.524482] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 26.530869] [] ? bd_acquire+0x27/0x250 [ 26.536395] [] ? bd_acquire+0x88/0x250 [ 26.541915] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.547864] [] blkdev_open+0x1a5/0x250 [ 26.553368] [] do_dentry_open+0x607/0xc60 [ 26.559135] [] ? blkdev_get_by_dev+0x60/0x60 [ 26.565156] [] vfs_open+0x105/0x220 [ 26.570397] [] ? may_open+0x231/0x2e0 [ 26.575811] [] path_openat+0x5ac/0x2910 [ 26.581398] [] ? path_lookupat+0x3f0/0x3f0 [ 26.587247] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.594224] [] ? __lock_is_held+0xa1/0xf0 [ 26.599986] [] do_filp_open+0x197/0x290 [ 26.605575] [] ? may_open_dev+0xe0/0xe0 [ 26.611164] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.617098] [] ? __alloc_fd+0x1d7/0x510 [ 26.622692] [] do_sys_open+0x352/0x4c0 [ 26.628195] [] ? filp_open+0x70/0x70 [ 26.633528] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 26.640160] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.646964] [] SyS_open+0x2d/0x40 [ 26.652031] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 26.658572] [ 26.660165] Allocated by task 5138: [ 26.663759] save_stack_trace+0x16/0x20 [ 26.667697] save_stack+0x43/0xd0 [ 26.671120] kasan_kmalloc+0xad/0xe0 [ 26.674797] kmem_cache_alloc_trace+0xfb/0x2a0 [ 26.679345] alloc_disk_node+0x54/0x3b0 [ 26.683282] alloc_disk+0x18/0x20 [ 26.686701] loop_add+0x324/0x770 [ 26.690115] loop_probe+0x155/0x180 [ 26.693706] kobj_lookup+0x2ac/0x410 [ 26.697382] get_gendisk+0x37/0x2d0 [ 26.700975] __blkdev_get+0x34f/0xd50 [ 26.704743] blkdev_get+0x4bf/0x960 [ 26.708333] blkdev_open+0x1a5/0x250 [ 26.712009] do_dentry_open+0x607/0xc60 [ 26.715945] vfs_open+0x105/0x220 [ 26.719365] path_openat+0x5ac/0x2910 [ 26.723129] do_filp_open+0x197/0x290 [ 26.726898] do_sys_open+0x352/0x4c0 [ 26.730573] SyS_open+0x2d/0x40 [ 26.733815] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 26.738531] [ 26.740123] Freed by task 5149: [ 26.743365] save_stack_trace+0x16/0x20 [ 26.747303] save_stack+0x43/0xd0 [ 26.750721] kasan_slab_free+0x72/0xc0 [ 26.754571] kfree+0x103/0x300 [ 26.757730] disk_release+0x259/0x330 [ 26.761494] device_release+0x7c/0x210 [ 26.765346] kobject_release+0xed/0x1a0 [ 26.769282] kobject_put+0x63/0xc0 [ 26.772785] put_disk+0x23/0x30 [ 26.776030] __blkdev_get+0x415/0xd50 [ 26.779795] blkdev_get+0x33b/0x960 [ 26.783385] blkdev_open+0x1a5/0x250 [ 26.787061] do_dentry_open+0x607/0xc60 [ 26.790996] vfs_open+0x105/0x220 [ 26.794413] path_openat+0x5ac/0x2910 [ 26.798177] do_filp_open+0x197/0x290 [ 26.801939] do_sys_open+0x352/0x4c0 [ 26.805615] SyS_open+0x2d/0x40 [ 26.808856] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 26.813571] [ 26.815164] The buggy address belongs to the object at ffff8801c14cd500 [ 26.815164] which belongs to the cache kmalloc-2048 of size 2048 [ 26.827955] The buggy address is located 1376 bytes inside of [ 26.827955] 2048-byte region [ffff8801c14cd500, ffff8801c14cdd00) [ 26.839963] The buggy address belongs to the page: [ 26.844856] page:ffffea0007053200 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 26.855006] flags: 0x8000000000004080(slab|head) [ 26.859720] page dumped because: kasan: bad access detected [ 26.865395] [ 26.866985] Memory state around the buggy address: [ 26.871877] ffff8801c14cd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.879199] ffff8801c14cd980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.886519] >ffff8801c14cda00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.893840] ^ [ 26.900292] ffff8801c14cda80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2017/12/24 01:53:35 executed programs: 376 [ 26.907612] ffff8801c14cdb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.914930] ================================================================== [ 26.922249] Disabling lock debugging due to kernel taint [ 26.929451] Kernel panic - not syncing: panic_on_warn set ... [ 26.929451] [ 26.936816] CPU: 1 PID: 5149 Comm: blkid Tainted: G B 4.9.71-g2506378 #113 [ 26.944943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.954288] ffff8801c41676e8 ffffffff81d922b9 ffffffff84194b3f ffff8801c41677c0 [ 26.962302] 0000000000000000 ffff8801c14cda60 0000000000000000 ffff8801c41677b0 [ 26.970309] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 26.978321] Call Trace: [ 26.980897] [] dump_stack+0xc1/0x128 [ 26.986249] [] panic+0x1bc/0x3a8 [ 26.991252] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.999461] [] ? preempt_schedule+0x25/0x30 [ 27.005409] [] ? ___preempt_schedule+0x16/0x18 [ 27.011625] [] kasan_end_report+0x50/0x50 [ 27.017404] [] kasan_report+0x167/0x360 [ 27.023014] [] ? disk_unblock_events+0x51/0x60 [ 27.029235] [] __asan_report_load8_noabort+0x14/0x20 [ 27.035986] [] disk_unblock_events+0x51/0x60 [ 27.042041] [] __blkdev_get+0x4b5/0xd50 [ 27.047661] [] ? __blkdev_put+0x7e0/0x7e0 [ 27.053444] [] blkdev_get+0x33b/0x960 [ 27.058886] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 27.065275] [] ? bd_acquire+0x27/0x250 [ 27.070796] [] ? bd_acquire+0x88/0x250 [ 27.076320] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.082279] [] blkdev_open+0x1a5/0x250 [ 27.087808] [] do_dentry_open+0x607/0xc60 [ 27.093591] [] ? blkdev_get_by_dev+0x60/0x60 [ 27.099630] [] vfs_open+0x105/0x220 [ 27.104888] [] ? may_open+0x231/0x2e0 [ 27.110316] [] path_openat+0x5ac/0x2910 [ 27.115923] [] ? path_lookupat+0x3f0/0x3f0 [ 27.121801] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.128808] [] ? __lock_is_held+0xa1/0xf0 [ 27.134588] [] do_filp_open+0x197/0x290 [ 27.140194] [] ? may_open_dev+0xe0/0xe0 [ 27.145799] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.151745] [] ? __alloc_fd+0x1d7/0x510 [ 27.157356] [] do_sys_open+0x352/0x4c0 [ 27.162877] [] ? filp_open+0x70/0x70 [ 27.168226] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 27.174869] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.181683] [] SyS_open+0x2d/0x40 [ 27.186775] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 27.193783] Dumping ftrace buffer: [ 27.197293] (ftrace buffer empty) [ 27.200966] Kernel Offset: disabled [ 27.204554] Rebooting in 86400 seconds..