[....] Starting enhanced syslogd: rsyslogd[ 12.862639] audit: type=1400 audit(1515423085.750:4): avc: denied { syslog } for pid=3177 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. net.ipv6.conf.syz5.accept_dad = 0 net.ipv6.conf.syz3.accept_dad = 0 net.ipv6.conf.syz7.accept_dad = 0 net.ipv6.conf.syz2.accept_dad = 0 net.ipv6.conf.syz6.accept_dad = 0 net.ipv6.conf.syz4.accept_dad = 0 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz1.accept_dad = 0 net.ipv6.conf.syz7.router_solicitations = 0 net.ipv6.conf.syz2.router_solicitations = 0 net.ipv6.conf.syz4.router_solicitations = 0 net.ipv6.conf.syz3.router_solicitations = 0 net.ipv6.conf.syz1.router_solicitations = 0 net.ipv6.conf.syz5.router_solicitations = 0 net.ipv6.conf.syz6.router_solicitations = 0 net.ipv6.conf.syz0.router_solicitations = 0 syzkaller login: [ 23.948905] audit: type=1400 audit(1515423096.840:5): avc: denied { sys_admin } for pid=3337 comm="syzkaller950941" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 executing program [ 24.034240] IPVS: Creating netns size=2536 id=1 [ 24.058074] audit: type=1400 audit(1515423096.950:6): avc: denied { sys_chroot } for pid=3515 comm="syzkaller950941" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.094089] IPVS: Creating netns size=2536 id=2 executing program [ 24.105649] IPVS: Creating netns size=2536 id=3 executing program executing program executing program executing program [ 24.127220] IPVS: Creating netns size=2536 id=4 [ 24.139233] IPVS: Creating netns size=2536 id=5 [ 24.160404] IPVS: Creating netns size=2536 id=6 executing program executing program executing program executing program executing program [ 24.195025] IPVS: Creating netns size=2536 id=7 executing program executing program executing program [ 24.233550] IPVS: Creating netns size=2536 id=8 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 25.942734] ================================================================== [ 25.950161] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 25.956903] Read of size 8 at addr ffff8801d600eb60 by task blkid/4519 [ 25.963549] [ 25.965161] CPU: 0 PID: 4519 Comm: blkid Not tainted 4.9.75-g5f5e5d4 #17 [ 25.971982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.981323] ffff8801be5f7790 ffffffff81d93049 ffffea0007580200 ffff8801d600eb60 executing program executing program executing program executing program executing program [ 25.989359] 0000000000000000 ffff8801d600eb60 0000000000000000 ffff8801be5f77c8 [ 25.997399] ffffffff8153ca53 ffff8801d600eb60 0000000000000008 0000000000000000 [ 26.005432] Call Trace: [ 26.008009] [] dump_stack+0xc1/0x128 [ 26.013376] [] print_address_description+0x73/0x280 [ 26.020044] [] kasan_report+0x275/0x360 [ 26.025671] [] ? disk_unblock_events+0x51/0x60 [ 26.031908] [] __asan_report_load8_noabort+0x14/0x20 [ 26.038669] [] disk_unblock_events+0x51/0x60 [ 26.044723] [] __blkdev_get+0x4b5/0xd50 [ 26.050349] [] ? __blkdev_put+0x7e0/0x7e0 [ 26.056156] [] blkdev_get+0x33b/0x960 [ 26.061613] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 26.068023] [] ? bd_acquire+0x27/0x250 [ 26.073586] [] ? bd_acquire+0x88/0x250 [ 26.079132] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.085109] [] blkdev_open+0x1a5/0x250 [ 26.090651] [] do_dentry_open+0x607/0xc60 [ 26.096444] [] ? blkdev_get_by_dev+0x60/0x60 [ 26.102502] [] vfs_open+0x105/0x220 [ 26.107773] [] ? may_open+0x231/0x2e0 [ 26.113227] [] path_openat+0x5ac/0x2910 [ 26.118854] [] ? path_lookupat+0x3f0/0x3f0 [ 26.124733] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.131746] [] ? __lock_is_held+0xa1/0xf0 [ 26.137545] [] do_filp_open+0x197/0x290 [ 26.143167] [] ? may_open_dev+0xe0/0xe0 [ 26.148792] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.154776] [] ? __alloc_fd+0x1d7/0x510 [ 26.160393] [] do_sys_open+0x352/0x4c0 [ 26.165922] [] ? filp_open+0x70/0x70 [ 26.171292] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 26.177968] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.184803] [] SyS_open+0x2d/0x40 [ 26.189919] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 26.196493] [ 26.198108] Allocated by task 4494: [ 26.201740] save_stack_trace+0x16/0x20 [ 26.205720] save_stack+0x43/0xd0 [ 26.209170] kasan_kmalloc+0xad/0xe0 [ 26.212886] kmem_cache_alloc_trace+0xfb/0x2a0 [ 26.217464] alloc_disk_node+0x54/0x3b0 [ 26.221454] alloc_disk+0x18/0x20 [ 26.224925] loop_add+0x324/0x770 [ 26.228386] loop_probe+0x155/0x180 [ 26.232017] kobj_lookup+0x2ac/0x410 [ 26.235730] get_gendisk+0x37/0x2d0 [ 26.239354] __blkdev_get+0x34f/0xd50 [ 26.243155] blkdev_get+0x4bf/0x960 [ 26.246782] blkdev_open+0x1a5/0x250 [ 26.250500] do_dentry_open+0x607/0xc60 [ 26.254467] vfs_open+0x105/0x220 [ 26.257922] path_openat+0x5ac/0x2910 [ 26.261719] do_filp_open+0x197/0x290 [ 26.265513] do_sys_open+0x352/0x4c0 [ 26.269219] compat_SyS_open+0x2a/0x40 [ 26.273095] do_fast_syscall_32+0x2f7/0x890 [ 26.277409] entry_SYSENTER_compat+0x74/0x83 [ 26.281803] [ 26.283421] Freed by task 4519: [ 26.286695] save_stack_trace+0x16/0x20 [ 26.290664] save_stack+0x43/0xd0 [ 26.294120] kasan_slab_free+0x72/0xc0 [ 26.298000] kfree+0x103/0x300 [ 26.301188] disk_release+0x259/0x330 [ 26.304995] device_release+0x7c/0x210 [ 26.308881] kobject_release+0xed/0x1a0 [ 26.312848] kobject_put+0x63/0xc0 [ 26.316385] put_disk+0x23/0x30 [ 26.319661] __blkdev_get+0x415/0xd50 [ 26.323486] blkdev_get+0x33b/0x960 [ 26.327106] blkdev_open+0x1a5/0x250 [ 26.330817] do_dentry_open+0x607/0xc60 [ 26.334785] vfs_open+0x105/0x220 [ 26.338235] path_openat+0x5ac/0x2910 [ 26.342032] do_filp_open+0x197/0x290 [ 26.345825] do_sys_open+0x352/0x4c0 [ 26.349535] SyS_open+0x2d/0x40 [ 26.352822] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 26.357564] [ 26.359179] The buggy address belongs to the object at ffff8801d600e600 [ 26.359179] which belongs to the cache kmalloc-2048 of size 2048 [ 26.372009] The buggy address is located 1376 bytes inside of [ 26.372009] 2048-byte region [ffff8801d600e600, ffff8801d600ee00) [ 26.384058] The buggy address belongs to the page: [ 26.389005] page:ffffea0007580200 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 26.399210] flags: 0x8000000000004080(slab|head) [ 26.403954] page dumped because: kasan: bad access detected [ 26.409649] [ 26.411266] Memory state around the buggy address: [ 26.416185] ffff8801d600ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.423533] ffff8801d600ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.430882] >ffff8801d600eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.438224] ^ executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 26.444706] ffff8801d600eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.452063] ffff8801d600ec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.459422] ================================================================== [ 26.466768] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 26.493373] Kernel panic - not syncing: panic_on_warn set ... [ 26.493373] [ 26.500782] CPU: 0 PID: 4519 Comm: blkid Tainted: G B 4.9.75-g5f5e5d4 #17 [ 26.508828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.518187] ffff8801be5f76e8 ffffffff81d93049 ffffffff84195be7 ffff8801be5f77c0 [ 26.526224] 0000000000000000 ffff8801d600eb60 0000000000000000 ffff8801be5f77b0 [ 26.534237] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 26.542245] Call Trace: executing program executing program executing program executing program executing program [ 26.544814] [] dump_stack+0xc1/0x128 [ 26.550188] [] panic+0x1bc/0x3a8 [ 26.555203] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.563423] [] ? preempt_schedule+0x25/0x30 [ 26.569392] [] ? ___preempt_schedule+0x16/0x18 [ 26.575629] [] kasan_end_report+0x50/0x50 [ 26.581451] [] kasan_report+0x167/0x360 [ 26.587115] [] ? disk_unblock_events+0x51/0x60 [ 26.593434] [] __asan_report_load8_noabort+0x14/0x20 [ 26.600192] [] disk_unblock_events+0x51/0x60 [ 26.606249] [] __blkdev_get+0x4b5/0xd50 [ 26.611873] [] ? __blkdev_put+0x7e0/0x7e0 [ 26.617667] [] blkdev_get+0x33b/0x960 [ 26.623114] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 26.629516] [] ? bd_acquire+0x27/0x250 [ 26.635051] [] ? bd_acquire+0x88/0x250 [ 26.640591] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.646560] [] blkdev_open+0x1a5/0x250 [ 26.652101] [] do_dentry_open+0x607/0xc60 [ 26.657897] [] ? blkdev_get_by_dev+0x60/0x60 [ 26.663963] [] vfs_open+0x105/0x220 [ 26.669240] [] ? may_open+0x231/0x2e0 [ 26.674689] [] path_openat+0x5ac/0x2910 [ 26.680309] [] ? path_lookupat+0x3f0/0x3f0 [ 26.686186] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.693192] [] ? __lock_is_held+0xa1/0xf0 [ 26.698995] [] do_filp_open+0x197/0x290 [ 26.704610] [] ? may_open_dev+0xe0/0xe0 [ 26.710237] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.716216] [] ? __alloc_fd+0x1d7/0x510 [ 26.721831] [] do_sys_open+0x352/0x4c0 [ 26.727365] [] ? filp_open+0x70/0x70 [ 26.732726] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 26.739408] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.746237] [] SyS_open+0x2d/0x40 [ 26.751341] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 26.758028] Dumping ftrace buffer: [ 26.761552] (ftrace buffer empty) [ 26.765230] Kernel Offset: disabled [ 26.768825] Rebooting in 86400 seconds..