Warning: Permanently added '10.128.1.102' (ECDSA) to the list of known hosts. executing program [ 176.642247][ T6587] loop0: detected capacity change from 0 to 264192 executing program executing program executing program [ 176.724636][ T6592] loop0: detected capacity change from 0 to 264192 executing program [ 176.834790][ T6599] loop0: detected capacity change from 0 to 264192 executing program executing program [ 176.919599][ T6608] loop0: detected capacity change from 0 to 264192 executing program executing program [ 176.979110][ T6614] loop0: detected capacity change from 0 to 264192 executing program executing program executing program executing program [ 177.124740][ T6621] loop0: detected capacity change from 0 to 264192 executing program executing program [ 177.203763][ T6628] loop0: detected capacity change from 0 to 264192 executing program executing program [ 177.323983][ T6636] loop0: detected capacity change from 0 to 264192 executing program executing program [ 177.404228][ T6643] loop0: detected capacity change from 0 to 264192 [ 177.473688][ T6648] loop0: detected capacity change from 0 to 264192 executing program [ 177.549850][ T6657] loop0: detected capacity change from 0 to 264192 executing program [ 177.615584][ T6661] loop0: detected capacity change from 0 to 264192 executing program [ 177.720638][ T6667] loop0: detected capacity change from 0 to 264192 executing program executing program [ 177.790842][ T6673] loop0: detected capacity change from 0 to 264192 [ 177.884187][ T6678] loop0: detected capacity change from 0 to 264192 executing program [ 177.977953][ T6685] loop0: detected capacity change from 0 to 264192 executing program executing program [ 178.049182][ T6691] loop0: detected capacity change from 0 to 264192 [ 178.109635][ T6699] loop0: detected capacity change from 0 to 264192 executing program executing program executing program executing program [ 178.184211][ T6703] loop0: detected capacity change from 0 to 264192 [ 178.273608][ T6710] loop0: detected capacity change from 0 to 264192 executing program executing program [ 178.340075][ T6717] loop0: detected capacity change from 0 to 264192 [ 178.398527][ T6723] loop0: detected capacity change from 0 to 264192 executing program [ 178.470430][ T6729] loop0: detected capacity change from 0 to 264192 executing program [ 178.558801][ T6735] loop0: detected capacity change from 0 to 264192 executing program executing program [ 178.629936][ T6741] loop0: detected capacity change from 0 to 264192 executing program executing program [ 178.694078][ T6747] loop0: detected capacity change from 0 to 264192 executing program [ 178.810146][ T6757] loop0: detected capacity change from 0 to 264192 executing program executing program executing program [ 178.900207][ T6763] loop0: detected capacity change from 0 to 264192 executing program [ 178.988083][ T6768] loop0: detected capacity change from 0 to 264192 executing program [ 179.077784][ T6775] loop0: detected capacity change from 0 to 264192 executing program executing program [ 179.154593][ T6783] loop0: detected capacity change from 0 to 264192 executing program [ 179.226752][ T6790] loop0: detected capacity change from 0 to 264192 executing program [ 179.320664][ T6794] loop0: detected capacity change from 0 to 264192 executing program executing program [ 179.400574][ T6800] loop0: detected capacity change from 0 to 264192 executing program [ 179.503961][ T6806] loop0: detected capacity change from 0 to 264192 executing program [ 179.581119][ T6815] loop0: detected capacity change from 0 to 264192 executing program executing program executing program [ 179.650554][ T6819] loop0: detected capacity change from 0 to 264192 executing program executing program [ 179.787809][ T6829] loop0: detected capacity change from 0 to 264192 [ 179.850684][ T6833] loop0: detected capacity change from 0 to 264192 executing program executing program executing program [ 179.920394][ T6839] loop0: detected capacity change from 0 to 264192 [ 180.084927][ T6845] ================================================================== [ 180.093277][ T6845] BUG: KASAN: use-after-free in bdev_evict_inode+0x3c3/0x410 [ 180.100750][ T6845] Read of size 8 at addr ffff888146568060 by task syz-executor103/6845 [ 180.110382][ T6845] [ 180.112709][ T6845] CPU: 1 PID: 6845 Comm: syz-executor103 Not tainted 5.14.0-rc5-next-20210810-syzkaller #0 [ 180.122694][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.132846][ T6845] Call Trace: [ 180.136145][ T6845] dump_stack_lvl+0xcd/0x134 [ 180.140873][ T6845] print_address_description.constprop.0.cold+0x6c/0x309 [ 180.147922][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.152962][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.158013][ T6845] kasan_report.cold+0x83/0xdf [ 180.162801][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.168020][ T6845] bdev_evict_inode+0x3c3/0x410 [ 180.173063][ T6845] ? __blkdev_direct_IO_simple+0x910/0x910 [ 180.178901][ T6845] evict+0x2ed/0x6b0 [ 180.182922][ T6845] iput.part.0+0x539/0x850 [ 180.187364][ T6845] iput+0x58/0x70 [ 180.191021][ T6845] ? block_uevent+0x80/0x80 [ 180.195584][ T6845] device_release+0x9f/0x240 [ 180.200286][ T6845] kobject_put+0x1c8/0x540 [ 180.204807][ T6845] put_device+0x1b/0x30 [ 180.208976][ T6845] blk_cleanup_disk+0x6b/0x80 [ 180.213669][ T6845] loop_control_ioctl+0x3db/0x450 [ 180.218712][ T6845] ? loop_queue_rq+0xf60/0xf60 [ 180.223520][ T6845] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 180.229780][ T6845] ? loop_queue_rq+0xf60/0xf60 [ 180.234818][ T6845] __x64_sys_ioctl+0x193/0x200 [ 180.239683][ T6845] do_syscall_64+0x35/0xb0 [ 180.244205][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 180.250112][ T6845] RIP: 0033:0x444dc9 [ 180.254019][ T6845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.274164][ T6845] RSP: 002b:00007fffbac3e7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.282724][ T6845] RAX: ffffffffffffffda RBX: 000000000002bef4 RCX: 0000000000444dc9 [ 180.290707][ T6845] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 [ 180.298959][ T6845] RBP: 0000000000000000 R08: 00007fffbac3e7e0 R09: 00007fffbac3e7e0 [ 180.306941][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbac3e7dc [ 180.315215][ T6845] R13: 00007fffbac3e810 R14: 00007fffbac3e7f0 R15: 000000000000003c [ 180.323203][ T6845] [ 180.325613][ T6845] Allocated by task 1: [ 180.329678][ T6845] kasan_save_stack+0x1b/0x40 [ 180.334372][ T6845] __kasan_kmalloc+0x9b/0xd0 [ 180.338977][ T6845] bdi_alloc+0x43/0x180 [ 180.343402][ T6845] __alloc_disk_node+0x6e/0x500 [ 180.348445][ T6845] __blk_mq_alloc_disk+0xec/0x190 [ 180.353483][ T6845] loop_add+0x324/0x940 [ 180.357648][ T6845] loop_init+0x1f4/0x216 [ 180.361903][ T6845] do_one_initcall+0x103/0x650 [ 180.366945][ T6845] kernel_init_freeable+0x6b1/0x73a [ 180.372777][ T6845] kernel_init+0x1a/0x1d0 [ 180.377138][ T6845] ret_from_fork+0x1f/0x30 [ 180.381612][ T6845] [ 180.384018][ T6845] Freed by task 6845: [ 180.387993][ T6845] kasan_save_stack+0x1b/0x40 [ 180.392721][ T6845] kasan_set_track+0x1c/0x30 [ 180.397326][ T6845] kasan_set_free_info+0x20/0x30 [ 180.402275][ T6845] __kasan_slab_free+0xfb/0x130 [ 180.407145][ T6845] slab_free_freelist_hook+0x7e/0x190 [ 180.412629][ T6845] kfree+0xe4/0x530 [ 180.416555][ T6845] bdi_put+0x72/0xa0 [ 180.420467][ T6845] disk_release+0x7b/0x270 [ 180.424895][ T6845] device_release+0x9f/0x240 [ 180.429583][ T6845] kobject_put+0x1c8/0x540 [ 180.434102][ T6845] put_device+0x1b/0x30 [ 180.438262][ T6845] blk_cleanup_disk+0x6b/0x80 [ 180.442956][ T6845] loop_control_ioctl+0x3db/0x450 [ 180.447999][ T6845] __x64_sys_ioctl+0x193/0x200 [ 180.452856][ T6845] do_syscall_64+0x35/0xb0 [ 180.457439][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 180.463457][ T6845] [ 180.465809][ T6845] Last potentially related work creation: [ 180.471593][ T6845] kasan_save_stack+0x1b/0x40 [ 180.476299][ T6845] kasan_record_aux_stack+0xe5/0x110 [ 180.481856][ T6845] insert_work+0x48/0x370 [ 180.486294][ T6845] __queue_work+0x5c1/0xed0 [ 180.490813][ T6845] flush_delayed_work+0xc6/0xf0 [ 180.495670][ T6845] wb_shutdown+0x1bb/0x230 [ 180.500188][ T6845] bdi_unregister+0x180/0x5a0 [ 180.504969][ T6845] del_gendisk+0x5a6/0x730 [ 180.509399][ T6845] loop_control_ioctl+0x3b5/0x450 [ 180.514519][ T6845] __x64_sys_ioctl+0x193/0x200 [ 180.519292][ T6845] do_syscall_64+0x35/0xb0 [ 180.523823][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 180.529726][ T6845] [ 180.532081][ T6845] Second to last potentially related work creation: [ 180.538659][ T6845] kasan_save_stack+0x1b/0x40 [ 180.543623][ T6845] kasan_record_aux_stack+0xe5/0x110 [ 180.549026][ T6845] insert_work+0x48/0x370 [ 180.553460][ T6845] __queue_work+0x5c1/0xed0 [ 180.557989][ T6845] __queue_delayed_work+0x1c8/0x270 [ 180.563201][ T6845] mod_delayed_work_on+0xdd/0x220 [ 180.568409][ T6845] wb_shutdown+0x178/0x230 [ 180.572849][ T6845] bdi_unregister+0x180/0x5a0 [ 180.577536][ T6845] del_gendisk+0x5a6/0x730 [ 180.581980][ T6845] loop_control_ioctl+0x3b5/0x450 [ 180.587100][ T6845] __x64_sys_ioctl+0x193/0x200 [ 180.591960][ T6845] do_syscall_64+0x35/0xb0 [ 180.596497][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 180.602411][ T6845] [ 180.604735][ T6845] The buggy address belongs to the object at ffff888146568000 [ 180.604735][ T6845] which belongs to the cache kmalloc-4k of size 4096 [ 180.622714][ T6845] The buggy address is located 96 bytes inside of [ 180.622714][ T6845] 4096-byte region [ffff888146568000, ffff888146569000) [ 180.635996][ T6845] The buggy address belongs to the page: [ 180.641861][ T6845] page:ffffea0005195a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146568 [ 180.652282][ T6845] head:ffffea0005195a00 order:3 compound_mapcount:0 compound_pincount:0 [ 180.660615][ T6845] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 180.668726][ T6845] raw: 057ff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 180.677322][ T6845] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 180.686090][ T6845] page dumped because: kasan: bad access detected [ 180.692502][ T6845] page_owner tracks the page as allocated [ 180.698212][ T6845] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 8085403015, free_ts 0 [ 180.716201][ T6845] get_page_from_freelist+0xa72/0x2f80 [ 180.721784][ T6845] __alloc_pages+0x1b2/0x500 [ 180.726402][ T6845] alloc_page_interleave+0x1e/0x200 [ 180.731625][ T6845] alloc_pages+0x29f/0x300 [ 180.736058][ T6845] new_slab+0x319/0x490 [ 180.740226][ T6845] ___slab_alloc+0x8b9/0xf50 [ 180.744839][ T6845] __slab_alloc.constprop.0+0x4d/0xa0 [ 180.750224][ T6845] kmem_cache_alloc_node_trace+0x183/0x400 [ 180.756051][ T6845] bdi_alloc+0x43/0x180 [ 180.760219][ T6845] __alloc_disk_node+0x6e/0x500 [ 180.765082][ T6845] __blk_mq_alloc_disk+0xec/0x190 [ 180.770116][ T6845] loop_add+0x324/0x940 [ 180.774282][ T6845] loop_init+0x1f4/0x216 [ 180.778532][ T6845] do_one_initcall+0x103/0x650 [ 180.783311][ T6845] kernel_init_freeable+0x6b1/0x73a [ 180.788524][ T6845] kernel_init+0x1a/0x1d0 [ 180.792863][ T6845] page_owner free stack trace missing [ 180.798313][ T6845] [ 180.800636][ T6845] Memory state around the buggy address: [ 180.806262][ T6845] ffff888146567f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.814328][ T6845] ffff888146567f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 180.822396][ T6845] >ffff888146568000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.830476][ T6845] ^ [ 180.837863][ T6845] ffff888146568080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.845927][ T6845] ffff888146568100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 180.853986][ T6845] ================================================================== [ 180.864587][ T6845] Kernel panic - not syncing: panic_on_warn set ... [ 180.871378][ T6845] CPU: 1 PID: 6845 Comm: syz-executor103 Tainted: G B 5.14.0-rc5-next-20210810-syzkaller #0 [ 180.882766][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.892833][ T6845] Call Trace: [ 180.896108][ T6845] dump_stack_lvl+0xcd/0x134 [ 180.900708][ T6845] panic+0x2b0/0x6dd [ 180.904604][ T6845] ? __warn_printk+0xf3/0xf3 [ 180.909282][ T6845] ? preempt_schedule_common+0x59/0xc0 [ 180.914756][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.919863][ T6845] ? preempt_schedule_thunk+0x16/0x18 [ 180.925251][ T6845] ? trace_hardirqs_on+0x38/0x1c0 [ 180.930298][ T6845] ? trace_hardirqs_on+0x51/0x1c0 [ 180.935330][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.940378][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.945423][ T6845] end_report.cold+0x63/0x6f [ 180.950026][ T6845] kasan_report.cold+0x71/0xdf [ 180.954802][ T6845] ? bdev_evict_inode+0x3c3/0x410 [ 180.959839][ T6845] bdev_evict_inode+0x3c3/0x410 [ 180.964708][ T6845] ? __blkdev_direct_IO_simple+0x910/0x910 [ 180.970623][ T6845] evict+0x2ed/0x6b0 [ 180.974561][ T6845] iput.part.0+0x539/0x850 [ 180.978993][ T6845] iput+0x58/0x70 [ 180.982634][ T6845] ? block_uevent+0x80/0x80 [ 180.987165][ T6845] device_release+0x9f/0x240 [ 180.991845][ T6845] kobject_put+0x1c8/0x540 [ 180.996265][ T6845] put_device+0x1b/0x30 [ 181.000420][ T6845] blk_cleanup_disk+0x6b/0x80 [ 181.005104][ T6845] loop_control_ioctl+0x3db/0x450 [ 181.010229][ T6845] ? loop_queue_rq+0xf60/0xf60 [ 181.015004][ T6845] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 181.021259][ T6845] ? loop_queue_rq+0xf60/0xf60 [ 181.026018][ T6845] __x64_sys_ioctl+0x193/0x200 [ 181.030795][ T6845] do_syscall_64+0x35/0xb0 [ 181.035212][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 181.041206][ T6845] RIP: 0033:0x444dc9 [ 181.045189][ T6845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.064844][ T6845] RSP: 002b:00007fffbac3e7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.073261][ T6845] RAX: ffffffffffffffda RBX: 000000000002bef4 RCX: 0000000000444dc9 [ 181.081402][ T6845] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 [ 181.089366][ T6845] RBP: 0000000000000000 R08: 00007fffbac3e7e0 R09: 00007fffbac3e7e0 [ 181.097344][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbac3e7dc [ 181.105417][ T6845] R13: 00007fffbac3e810 R14: 00007fffbac3e7f0 R15: 000000000000003c [ 181.114924][ T6845] Kernel Offset: disabled [ 181.119380][ T6845] Rebooting in 86400 seconds..