INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes [ 142.825173] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. [ 148.503968] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/03 06:35:55 parsed 1 programs [ 149.398385] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/03 06:35:56 executed programs: 0 [ 152.555777] ip (3232) used greatest stack depth: 23488 bytes left 2018/09/03 06:36:01 executed programs: 8 2018/09/03 06:36:06 executed programs: 37 2018/09/03 06:36:11 executed programs: 131 2018/09/03 06:36:16 executed programs: 289 2018/09/03 06:36:22 executed programs: 403 2018/09/03 06:36:27 executed programs: 533 [ 183.222648] ================================================================== [ 183.230082] BUG: KASAN: use-after-free in disk_unblock_events+0x4b/0x50 [ 183.236840] Read of size 8 at addr ffff8801cbd93868 by task syz-executor0/2036 [ 183.244185] [ 183.245811] CPU: 0 PID: 2036 Comm: syz-executor0 Not tainted 4.14.67+ #1 [ 183.252638] Call Trace: [ 183.255223] dump_stack+0xb9/0x11b [ 183.258766] print_address_description+0x60/0x22b [ 183.263616] kasan_report.cold.6+0x11b/0x2dd [ 183.268022] ? disk_unblock_events+0x4b/0x50 [ 183.272431] disk_unblock_events+0x4b/0x50 [ 183.276669] __blkdev_get+0x68f/0xe50 [ 183.280470] ? trace_hardirqs_on+0x10/0x10 [ 183.284706] ? __blkdev_put+0x6e0/0x6e0 [ 183.288680] ? bdget+0x426/0x4f0 [ 183.292050] blkdev_get+0x97/0x8c0 [ 183.295605] ? bd_may_claim+0xe0/0xe0 [ 183.299400] ? bd_acquire+0x149/0x2c0 [ 183.303508] ? lock_downgrade+0x560/0x560 [ 183.307667] ? lock_acquire+0x10f/0x380 [ 183.311641] ? bd_acquire+0x113/0x2c0 [ 183.315471] blkdev_open+0x1bd/0x240 [ 183.319179] ? security_file_open+0x88/0x190 [ 183.323598] do_dentry_open+0x426/0xda0 [ 183.327580] ? bd_acquire+0x2c0/0x2c0 [ 183.331419] vfs_open+0x11c/0x210 [ 183.334874] path_openat+0x4eb/0x23a0 [ 183.338689] ? path_mountpoint+0x9a0/0x9a0 [ 183.342931] ? kasan_kmalloc.part.1+0x4f/0xd0 [ 183.347433] ? trace_hardirqs_on+0x10/0x10 [ 183.351679] ? trace_hardirqs_on+0x10/0x10 [ 183.355925] do_filp_open+0x197/0x270 [ 183.359727] ? may_open_dev+0xd0/0xd0 [ 183.363553] ? _raw_spin_unlock+0x29/0x40 [ 183.367717] do_sys_open+0x2ef/0x580 [ 183.371435] ? filp_open+0x60/0x60 [ 183.374970] ? SyS_mkdirat+0x146/0x220 [ 183.378853] ? trace_hardirqs_on_caller+0x381/0x520 [ 183.383867] ? SyS_mknod+0x30/0x30 [ 183.387408] ? do_syscall_64+0x43/0x4b0 [ 183.391378] ? do_sys_open+0x580/0x580 [ 183.395262] do_syscall_64+0x19b/0x4b0 [ 183.399151] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 183.404333] RIP: 0033:0x410db0 [ 183.407520] RSP: 002b:00007ffc9cd380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 183.415238] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000410db0 [ 183.422500] RDX: 00007ffc9cd3810a RSI: 0000000000000002 RDI: 00007ffc9cd38100 [ 183.429773] RBP: 00000000000001ee R08: 0000000000000000 R09: 000000000000000a [ 183.437036] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 183.444323] R13: 000000000002c91a R14: 0000000000000051 R15: badc0ffeebadface [ 183.451609] [ 183.453227] Allocated by task 2036: [ 183.456853] kasan_kmalloc.part.1+0x4f/0xd0 [ 183.461175] kmem_cache_alloc_trace+0x138/0x300 [ 183.465840] alloc_disk_node+0x5f/0x3b0 [ 183.469809] loop_add+0x3e9/0x840 [ 183.473256] loop_probe+0x14f/0x180 [ 183.476876] kobj_lookup+0x230/0x420 [ 183.480597] get_gendisk+0x32/0x230 [ 183.484223] __blkdev_get+0x345/0xe50 [ 183.488017] blkdev_get+0x97/0x8c0 [ 183.491566] blkdev_open+0x1bd/0x240 [ 183.495280] do_dentry_open+0x426/0xda0 [ 183.499248] vfs_open+0x11c/0x210 [ 183.502693] path_openat+0x4eb/0x23a0 [ 183.506486] do_filp_open+0x197/0x270 [ 183.510283] do_sys_open+0x2ef/0x580 [ 183.514001] do_syscall_64+0x19b/0x4b0 [ 183.517888] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 183.523066] [ 183.524687] Freed by task 2036: [ 183.527963] kasan_slab_free+0xac/0x190 [ 183.531930] kfree+0xf5/0x310 [ 183.535037] device_release+0xf4/0x1a0 [ 183.538923] kobject_put+0x146/0x200 [ 183.542644] put_disk+0x1f/0x30 [ 183.545917] __blkdev_get+0x5fa/0xe50 [ 183.549715] blkdev_get+0x97/0x8c0 [ 183.553272] blkdev_open+0x1bd/0x240 [ 183.556981] do_dentry_open+0x426/0xda0 [ 183.560966] vfs_open+0x11c/0x210 [ 183.564436] path_openat+0x4eb/0x23a0 [ 183.568233] do_filp_open+0x197/0x270 [ 183.572032] do_sys_open+0x2ef/0x580 [ 183.575738] do_syscall_64+0x19b/0x4b0 [ 183.579627] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 183.584806] [ 183.586427] The buggy address belongs to the object at ffff8801cbd93300 [ 183.586427] which belongs to the cache kmalloc-2048 of size 2048 [ 183.599252] The buggy address is located 1384 bytes inside of [ 183.599252] 2048-byte region [ffff8801cbd93300, ffff8801cbd93b00) [ 183.611295] The buggy address belongs to the page: [ 183.616216] page:ffffea00072f6400 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 183.626177] flags: 0x4000000000008100(slab|head) [ 183.630927] raw: 4000000000008100 0000000000000000 0000000000000000 00000001000f000f [ 183.638806] raw: dead000000000100 dead000000000200 ffff8801da802800 0000000000000000 [ 183.646677] page dumped because: kasan: bad access detected [ 183.652380] [ 183.653997] Memory state around the buggy address: [ 183.658915] ffff8801cbd93700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.666267] ffff8801cbd93780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.673619] >ffff8801cbd93800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.680967] ^ [ 183.687709] ffff8801cbd93880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.695061] ffff8801cbd93900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 183.702413] ================================================================== [ 183.709761] Disabling lock debugging due to kernel taint [ 183.731107] Kernel panic - not syncing: panic_on_warn set ... [ 183.731107] [ 183.738503] CPU: 0 PID: 2036 Comm: syz-executor0 Tainted: G B 4.14.67+ #1 [ 183.746561] Call Trace: [ 183.749151] dump_stack+0xb9/0x11b [ 183.752689] panic+0x1bf/0x3a4 [ 183.755879] ? add_taint.cold.4+0x16/0x16 [ 183.760027] ? ___preempt_schedule+0x16/0x18 [ 183.764436] kasan_end_report+0x43/0x49 [ 183.768401] kasan_report.cold.6+0x77/0x2dd [ 183.772718] ? disk_unblock_events+0x4b/0x50 [ 183.777122] disk_unblock_events+0x4b/0x50 [ 183.781350] __blkdev_get+0x68f/0xe50 [ 183.785147] ? trace_hardirqs_on+0x10/0x10 [ 183.789387] ? __blkdev_put+0x6e0/0x6e0 [ 183.793356] ? bdget+0x426/0x4f0 [ 183.796720] blkdev_get+0x97/0x8c0 [ 183.800259] ? bd_may_claim+0xe0/0xe0 [ 183.804050] ? bd_acquire+0x149/0x2c0 [ 183.807847] ? lock_downgrade+0x560/0x560 [ 183.811992] ? lock_acquire+0x10f/0x380 [ 183.815959] ? bd_acquire+0x113/0x2c0 [ 183.819761] blkdev_open+0x1bd/0x240 [ 183.823473] ? security_file_open+0x88/0x190 [ 183.827879] do_dentry_open+0x426/0xda0 [ 183.831848] ? bd_acquire+0x2c0/0x2c0 [ 183.835658] vfs_open+0x11c/0x210 [ 183.839105] path_openat+0x4eb/0x23a0 [ 183.842903] ? path_mountpoint+0x9a0/0x9a0 [ 183.847137] ? kasan_kmalloc.part.1+0x4f/0xd0 [ 183.851642] ? trace_hardirqs_on+0x10/0x10 [ 183.855879] ? trace_hardirqs_on+0x10/0x10 [ 183.860114] do_filp_open+0x197/0x270 [ 183.863910] ? may_open_dev+0xd0/0xd0 [ 183.867727] ? _raw_spin_unlock+0x29/0x40 [ 183.871877] do_sys_open+0x2ef/0x580 [ 183.875608] ? filp_open+0x60/0x60 [ 183.879143] ? SyS_mkdirat+0x146/0x220 [ 183.883024] ? trace_hardirqs_on_caller+0x381/0x520 [ 183.888036] ? SyS_mknod+0x30/0x30 [ 183.891574] ? do_syscall_64+0x43/0x4b0 [ 183.895564] ? do_sys_open+0x580/0x580 [ 183.899449] do_syscall_64+0x19b/0x4b0 [ 183.903338] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 183.908517] RIP: 0033:0x410db0 [ 183.911712] RSP: 002b:00007ffc9cd380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 183.919414] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000410db0 [ 183.926674] RDX: 00007ffc9cd3810a RSI: 0000000000000002 RDI: 00007ffc9cd38100 [ 183.933935] RBP: 00000000000001ee R08: 0000000000000000 R09: 000000000000000a [ 183.941197] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 183.948459] R13: 000000000002c91a R14: 0000000000000051 R15: badc0ffeebadface [ 183.956023] Dumping ftrace buffer: [ 183.959549] (ftrace buffer empty) [ 183.963236] Kernel Offset: 0x27600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 183.974128] Rebooting in 86400 seconds..