INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
2018/04/14 01:20:08 parsed 1 programs
2018/04/14 01:20:08 executed programs: 0
syzkaller login: [   37.769223] IPVS: Creating netns size=2536 id=1
[   37.790812] IPVS: Creating netns size=2536 id=2
[   37.812019] IPVS: Creating netns size=2536 id=3
[   37.832710] IPVS: Creating netns size=2536 id=4
[   37.855142] IPVS: Creating netns size=2536 id=5
[   37.876002] IPVS: Creating netns size=2536 id=6
[   37.898278] IPVS: Creating netns size=2536 id=7
[   37.919451] IPVS: Creating netns size=2536 id=8
2018/04/14 01:20:13 executed programs: 64
2018/04/14 01:20:18 executed programs: 132
[   51.756008] ==================================================================
[   51.763387] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60
[   51.770107] Read of size 8 at addr ffff8801ca311660 by task syz-executor6/4300
[   51.777432] 
[   51.779049] CPU: 1 PID: 4300 Comm: syz-executor6 Not tainted 4.9.93-gcb02358 #1
[   51.786464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.795796]  ffff8801ca3576c8 ffffffff81d9aa29 ffffea000728c400 ffff8801ca311660
[   51.803767]  0000000000000000 ffff8801ca311660 0000000000000000 ffff8801ca357700
[   51.811734]  ffffffff81564acb ffff8801ca311660 0000000000000008 0000000000000000
[   51.819703] Call Trace:
[   51.822264]  [<ffffffff81d9aa29>] dump_stack+0xc1/0x128
[   51.827600]  [<ffffffff81564acb>] print_address_description+0x6c/0x234
[   51.834240]  [<ffffffff81564ed5>] kasan_report.cold.6+0x242/0x2fe
[   51.840446]  [<ffffffff81d466c1>] ? disk_unblock_events+0x51/0x60
[   51.846651]  [<ffffffff81538b54>] __asan_report_load8_noabort+0x14/0x20
[   51.853374]  [<ffffffff81d466c1>] disk_unblock_events+0x51/0x60
[   51.859403]  [<ffffffff8162e5f6>] __blkdev_get+0x6b6/0xd60
[   51.864997]  [<ffffffff8162df40>] ? __blkdev_put+0x840/0x840
[   51.870767]  [<ffffffff8164a5f4>] ? fsnotify+0x114/0x1100
[   51.876273]  [<ffffffff8163153a>] blkdev_get+0x2da/0x920
[   51.881695]  [<ffffffff81631260>] ? bd_may_claim+0xd0/0xd0
[   51.887289]  [<ffffffff81630067>] ? bd_acquire+0x27/0x250
[   51.892794]  [<ffffffff816300c8>] ? bd_acquire+0x88/0x250
[   51.898300]  [<ffffffff838cf12c>] ? _raw_spin_unlock+0x2c/0x50
[   51.904238]  [<ffffffff81631d95>] blkdev_open+0x1a5/0x250
[   51.909743]  [<ffffffff81566c43>] do_dentry_open+0x703/0xc80
[   51.915508]  [<ffffffff81631bf0>] ? blkdev_get_by_dev+0x70/0x70
[   51.921534]  [<ffffffff8156a42c>] vfs_open+0x11c/0x210
[   51.926777]  [<ffffffff8159125f>] ? may_open.isra.57+0x14f/0x2a0
[   51.932897]  [<ffffffff815a1568>] path_openat+0x758/0x3590
[   51.938575]  [<ffffffff81537b49>] ? save_stack+0xa9/0xd0
[   51.943995]  [<ffffffff815a0e10>] ? path_lookupat.isra.41+0x410/0x410
[   51.950542]  [<ffffffff8122dc22>] ? __lock_is_held+0xa2/0xf0
[   51.956306]  [<ffffffff815a8667>] do_filp_open+0x197/0x270
[   51.961899]  [<ffffffff815a84d0>] ? may_open_dev+0xe0/0xe0
[   51.967499]  [<ffffffff838cf12c>] ? _raw_spin_unlock+0x2c/0x50
[   51.973440]  [<ffffffff815d3e37>] ? __alloc_fd+0x1d7/0x4a0
[   51.979033]  [<ffffffff8156ae3d>] do_sys_open+0x30d/0x5c0
[   51.984543]  [<ffffffff8156ab30>] ? filp_open+0x70/0x70
[   51.989876]  [<ffffffff81229cca>] ? up_read+0x1a/0x40
[   51.995036]  [<ffffffff8168225a>] compat_SyS_open+0x2a/0x40
[   52.000713]  [<ffffffff81682230>] ? compat_SyS_getdents64+0x280/0x280
[   52.007262]  [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870
[   52.013465]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.020101]  [<ffffffff838d11d0>] entry_SYSENTER_compat+0x90/0xa2
[   52.026301] 
[   52.027899] Allocated by task 4302:
[   52.031496]  save_stack_trace+0x16/0x20
[   52.035440]  save_stack+0x43/0xd0
[   52.038863]  kasan_kmalloc+0xc7/0xe0
[   52.042548]  kmem_cache_alloc_trace+0xfd/0x2b0
[   52.047100]  alloc_disk_node+0x54/0x3a0
[   52.051054]  alloc_disk+0x18/0x20
[   52.054476]  loop_add+0x33b/0x770
[   52.057899]  loop_probe+0x14f/0x180
[   52.061496]  kobj_lookup+0x223/0x410
[   52.065181]  get_gendisk+0x39/0x2d0
[   52.068777]  __blkdev_get+0x351/0xd60
[   52.072545]  blkdev_get+0x2da/0x920
[   52.076141]  blkdev_open+0x1a5/0x250
[   52.079822]  do_dentry_open+0x703/0xc80
[   52.083763]  vfs_open+0x11c/0x210
[   52.087187]  path_openat+0x758/0x3590
[   52.090960]  do_filp_open+0x197/0x270
[   52.094730]  do_sys_open+0x30d/0x5c0
[   52.098416]  compat_SyS_open+0x2a/0x40
[   52.102273]  do_fast_syscall_32+0x2f7/0x870
[   52.106561]  entry_SYSENTER_compat+0x90/0xa2
[   52.110935] 
[   52.112533] Freed by task 4300:
[   52.115780]  save_stack_trace+0x16/0x20
[   52.119722]  save_stack+0x43/0xd0
[   52.123153]  kasan_slab_free+0x72/0xc0
[   52.127009]  kfree+0xfb/0x310
[   52.130081]  disk_release+0x259/0x330
[   52.133849]  device_release+0x7e/0x220
[   52.137707]  kobject_release+0x103/0x1b0
[   52.141736]  kobject_put+0x6d/0xd0
[   52.145243]  put_disk+0x23/0x30
[   52.148493]  __blkdev_get+0x616/0xd60
[   52.152260]  blkdev_get+0x2da/0x920
[   52.155855]  blkdev_open+0x1a5/0x250
[   52.159535]  do_dentry_open+0x703/0xc80
[   52.163477]  vfs_open+0x11c/0x210
[   52.166899]  path_openat+0x758/0x3590
[   52.170671]  do_filp_open+0x197/0x270
[   52.174443]  do_sys_open+0x30d/0x5c0
[   52.178127]  compat_SyS_open+0x2a/0x40
[   52.181985]  do_fast_syscall_32+0x2f7/0x870
[   52.186274]  entry_SYSENTER_compat+0x90/0xa2
[   52.190651] 
[   52.192251] The buggy address belongs to the object at ffff8801ca311100
[   52.192251]  which belongs to the cache kmalloc-2048 of size 2048
[   52.205050] The buggy address is located 1376 bytes inside of
[   52.205050]  2048-byte region [ffff8801ca311100, ffff8801ca311900)
[   52.217065] The buggy address belongs to the page:
[   52.221971] page:ffffea000728c400 count:1 mapcount:0 mapping:          (null) index:0xffff8801ca316600 compound_mapcount: 0
[   52.233445] flags: 0x8000000000004080(slab|head)
[   52.238169] page dumped because: kasan: bad access detected
[   52.243847] 
[   52.245442] Memory state around the buggy address:
[   52.250348]  ffff8801ca311500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.257676]  ffff8801ca311580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.265003] >ffff8801ca311600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.272329]                                                        ^
[   52.278789]  ffff8801ca311680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.286116]  ffff8801ca311700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.293440] ==================================================================
[   52.300767] Disabling lock debugging due to kernel taint
[   52.