[....] Starting enhanced syslogd: rsyslogd[ 14.691314] audit: type=1400 audit(1520468474.006:4): avc: denied { syslog } for pid=3635 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2018/03/08 00:21:26 parsed 1 programs 2018/03/08 00:21:26 executed programs: 0 syzkaller login: [ 26.885822] IPVS: Creating netns size=2536 id=1 [ 26.909895] IPVS: Creating netns size=2536 id=2 [ 26.931301] IPVS: Creating netns size=2536 id=3 [ 26.959400] IPVS: Creating netns size=2536 id=4 [ 26.981532] IPVS: Creating netns size=2536 id=5 [ 27.005087] IPVS: Creating netns size=2536 id=6 [ 27.027869] IPVS: Creating netns size=2536 id=7 [ 27.046918] IPVS: Creating netns size=2536 id=8 [ 27.084759] ================================================================== [ 27.092167] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 27.098910] Read of size 8 at addr ffff8801d7b3c0e0 by task blkid/3845 [ 27.105554] [ 27.107172] CPU: 1 PID: 3845 Comm: blkid Not tainted 4.9.86-gd3a2afb #59 [ 27.113996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.123339] ffff8801c698f6f0 ffffffff81d956f9 ffffea00075ece00 ffff8801d7b3c0e0 [ 27.131367] 0000000000000000 ffff8801d7b3c0e0 0000000000000000 ffff8801c698f728 [ 27.139344] ffffffff8153e083 ffff8801d7b3c0e0 0000000000000008 0000000000000000 [ 27.147310] Call Trace: [ 27.149867] [] dump_stack+0xc1/0x128 [ 27.155198] [] print_address_description+0x73/0x280 [ 27.161831] [] kasan_report+0x275/0x360 [ 27.167425] [] ? disk_unblock_events+0x51/0x60 [ 27.173624] [] __asan_report_load8_noabort+0x14/0x20 [ 27.180342] [] disk_unblock_events+0x51/0x60 [ 27.186368] [] __blkdev_get+0x4b5/0xd50 [ 27.191958] [] ? __blkdev_put+0x7e0/0x7e0 [ 27.197724] [] blkdev_get+0x33b/0x960 [ 27.203140] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 27.209513] [] ? bd_acquire+0x27/0x250 [ 27.215016] [] ? bd_acquire+0x88/0x250 [ 27.220523] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.226463] [] blkdev_open+0x1a5/0x250 [ 27.231967] [] do_dentry_open+0x607/0xc60 [ 27.237735] [] ? blkdev_get_by_dev+0x60/0x60 [ 27.243761] [] vfs_open+0x105/0x220 [ 27.249005] [] ? may_open+0x231/0x2e0 [ 27.254430] [] path_openat+0x5ac/0x2910 [ 27.260021] [] ? path_lookupat+0x3f0/0x3f0 [ 27.265876] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.272857] [] ? __lock_is_held+0xa1/0xf0 [ 27.278620] [] do_filp_open+0x197/0x290 [ 27.284236] [] ? may_open_dev+0xe0/0xe0 [ 27.289828] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.295767] [] ? __alloc_fd+0x1d7/0x510 [ 27.301362] [] do_sys_open+0x366/0x620 [ 27.306873] [] ? filp_open+0x70/0x70 [ 27.312204] [] ? up_read+0x1a/0x40 [ 27.317363] [] ? __do_page_fault+0x3bd/0xd40 [ 27.323391] [] SyS_open+0x2d/0x40 [ 27.328462] [] ? do_sys_open+0x620/0x620 [ 27.334139] [] do_syscall_64+0x1a4/0x490 [ 27.339823] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.346713] [ 27.348309] Allocated by task 3824: [ 27.351903] save_stack_trace+0x16/0x20 [ 27.355843] save_stack+0x43/0xd0 [ 27.359264] kasan_kmalloc+0xad/0xe0 [ 27.362952] kmem_cache_alloc_trace+0xfb/0x2a0 [ 27.367502] alloc_disk_node+0x54/0x3b0 [ 27.371444] alloc_disk+0x18/0x20 [ 27.374864] loop_add+0x324/0x770 [ 27.378287] loop_control_ioctl+0x119/0x300 [ 27.382575] compat_SyS_ioctl+0x15f/0x2050 [ 27.386780] do_fast_syscall_32+0x2f5/0x870 [ 27.391067] entry_SYSENTER_compat+0x90/0xa2 [ 27.395439] [ 27.397039] Freed by task 3845: [ 27.400283] save_stack_trace+0x16/0x20 [ 27.404232] save_stack+0x43/0xd0 [ 27.407650] kasan_slab_free+0x72/0xc0 [ 27.411509] kfree+0x103/0x300 [ 27.414671] disk_release+0x259/0x330 [ 27.418436] device_release+0x7c/0x210 [ 27.422289] kobject_release+0xed/0x1a0 [ 27.426228] kobject_put+0x63/0xc0 [ 27.429735] put_disk+0x23/0x30 [ 27.432982] __blkdev_get+0x415/0xd50 [ 27.436748] blkdev_get+0x33b/0x960 [ 27.440344] blkdev_open+0x1a5/0x250 [ 27.444025] do_dentry_open+0x607/0xc60 [ 27.447965] vfs_open+0x105/0x220 [ 27.451386] path_openat+0x5ac/0x2910 [ 27.455154] do_filp_open+0x197/0x290 [ 27.458919] do_sys_open+0x366/0x620 [ 27.462600] SyS_open+0x2d/0x40 [ 27.465849] do_syscall_64+0x1a4/0x490 [ 27.469707] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.474773] [ 27.476369] The buggy address belongs to the object at ffff8801d7b3bb80 [ 27.476369] which belongs to the cache kmalloc-2048 of size 2048 [ 27.489167] The buggy address is located 1376 bytes inside of [ 27.489167] 2048-byte region [ffff8801d7b3bb80, ffff8801d7b3c380) [ 27.501178] The buggy address belongs to the page: [ 27.506075] page:ffffea00075ece00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 27.516240] flags: 0x8000000000004080(slab|head) [ 27.520961] page dumped because: kasan: bad access detected [ 27.526634] [ 27.528229] Memory state around the buggy address: [ 27.533126] ffff8801d7b3bf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.540449] ffff8801d7b3c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.547773] >ffff8801d7b3c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.555097] ^ [ 27.561555] ffff8801d7b3c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.568880] ffff8801d7b3c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.576206] ================================================================== [ 27.583530] Disabling lock debugging due to kernel taint [ 27.593146] Kernel panic - not syncing: panic_on_warn set ... [ 27.593146] [ 27.600526] CPU: 1 PID: 3845 Comm: blkid Tainted: G B 4.9.86-gd3a2afb #59 [ 27.608564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.617904] ffff8801c698f648 ffffffff81d956f9 ffffffff84197a0f ffff8801c698f720 [ 27.625930] 0000000000000000 ffff8801d7b3c0e0 0000000000000000 ffff8801c698f710 [ 27.633955] ffffffff8142f531 0000000041b58ab3 ffffffff8418b470 ffffffff8142f375 [ 27.641970] Call Trace: [ 27.644546] [] dump_stack+0xc1/0x128 [ 27.649900] [] panic+0x1bc/0x3a8 [ 27.654900] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 27.663098] [] ? preempt_schedule+0x25/0x30 [ 27.669037] [] ? ___preempt_schedule+0x16/0x18 [ 27.675238] [] kasan_end_report+0x50/0x50 [ 27.681002] [] kasan_report+0x167/0x360 [ 27.686594] [] ? disk_unblock_events+0x51/0x60 [ 27.692792] [] __asan_report_load8_noabort+0x14/0x20 [ 27.699511] [] disk_unblock_events+0x51/0x60 [ 27.705539] [] __blkdev_get+0x4b5/0xd50 [ 27.711130] [] ? __blkdev_put+0x7e0/0x7e0 [ 27.716896] [] blkdev_get+0x33b/0x960 [ 27.722313] [] ? bd_link_disk_holder+0x6c0/0x6c0 [ 27.728685] [] ? bd_acquire+0x27/0x250 [ 27.734189] [] ? bd_acquire+0x88/0x250 [ 27.739693] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.745632] [] blkdev_open+0x1a5/0x250 [ 27.751138] [] do_dentry_open+0x607/0xc60 [ 27.756903] [] ? blkdev_get_by_dev+0x60/0x60 [ 27.762927] [] vfs_open+0x105/0x220 [ 27.768169] [] ? may_open+0x231/0x2e0 [ 27.773594] [] path_openat+0x5ac/0x2910 [ 27.779184] [] ? path_lookupat+0x3f0/0x3f0 [ 27.785043] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.792024] [] ? __lock_is_held+0xa1/0xf0 [ 27.797788] [] do_filp_open+0x197/0x290 [ 27.803379] [] ? may_open_dev+0xe0/0xe0 [ 27.808975] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.814919] [] ? __alloc_fd+0x1d7/0x510 [ 27.820516] [] do_sys_open+0x366/0x620 [ 27.826034] [] ? filp_open+0x70/0x70 [ 27.831385] [] ? up_read+0x1a/0x40 [ 27.836549] [] ? __do_page_fault+0x3bd/0xd40 [ 27.842576] [] SyS_open+0x2d/0x40 [ 27.847645] [] ? do_sys_open+0x620/0x620 [ 27.853323] [] do_syscall_64+0x1a4/0x490 [ 27.859003] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.866328] Dumping ftrace buffer: [ 27.869838] (ftrace buffer empty) [ 27.873516] Kernel Offset: disabled [ 27.877112] Rebooting in 86400 seconds..