INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.208179] ================================================================== [ 476.215607] BUG: KASAN: use-after-free in disk_unblock_events+0x55/0x60 [ 476.222380] Read of size 8 at addr ffff8801cad2a760 by task syz-executor888/2177 [ 476.229905] [ 476.231528] CPU: 1 PID: 2177 Comm: syz-executor888 Not tainted 4.9.194+ #0 [ 476.238527] ffff8801caddf730 ffffffff81b67001 0000000000000000 ffffea00072b4a00 [ 476.246640] ffff8801cad2a760 0000000000000008 ffffffff81b3b4b5 ffff8801caddf768 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.255751] ffffffff8150c4f1 0000000000000000 ffff8801cad2a760 ffff8801cad2a760 [ 476.264415] Call Trace: [ 476.267002] [<0000000095c7a933>] dump_stack+0xc1/0x120 [ 476.272373] [<00000000a31f1622>] ? disk_unblock_events+0x55/0x60 [ 476.278629] [<000000001d044798>] print_address_description+0x6f/0x23a [ 476.285294] [<00000000a31f1622>] ? disk_unblock_events+0x55/0x60 [ 476.291553] [<00000000a995c5ab>] kasan_report.cold+0x8c/0x2ba [ 476.297531] [<000000005afefe01>] __asan_report_load8_noabort+0x14/0x20 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.304292] [<00000000a31f1622>] disk_unblock_events+0x55/0x60 [ 476.310358] [<00000000eb342e2d>] __blkdev_get+0x6ba/0xeb0 [ 476.315991] [<0000000041b63176>] ? __blkdev_put+0x840/0x840 [ 476.321800] [<0000000048b4d871>] blkdev_get+0x2e8/0x920 [ 476.327290] [<00000000e289bde4>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 476.334052] [<0000000076f3a064>] ? bd_may_claim+0xd0/0xd0 [ 476.339692] [<00000000d51f3250>] ? bd_acquire+0x26/0x250 [ 476.345239] [<00000000cc80883d>] ? bd_acquire+0x88/0x250 [ 476.350785] [<0000000079864876>] ? _raw_spin_unlock+0x2d/0x50 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.357045] [<00000000b6a001f8>] blkdev_open+0x1aa/0x250 [ 476.362591] [<00000000ef49ecd4>] do_dentry_open+0x422/0xd20 [ 476.368392] [<000000003cb3a13c>] ? blkdev_get_by_dev+0x80/0x80 [ 476.374490] [<0000000052ccc724>] vfs_open+0x105/0x230 [ 476.379773] [<0000000008aec44c>] ? may_open.isra.0+0x139/0x290 [ 476.385840] [<00000000db4734b6>] path_openat+0xbf5/0x2f60 [ 476.391559] [<00000000f5edd3d4>] ? path_mountpoint+0x6d0/0x6d0 [ 476.397624] [<00000000c9118141>] do_filp_open+0x1a1/0x280 [ 476.403253] [<000000006e46424c>] ? may_open_dev+0xe0/0xe0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.408879] [<00000000f4ab6a47>] ? __alloc_fd+0x1d4/0x490 [ 476.414502] [<0000000079864876>] ? _raw_spin_unlock+0x2d/0x50 [ 476.420480] [<00000000f4ab6a47>] ? __alloc_fd+0x1d4/0x490 [ 476.426113] [<00000000412acdca>] do_sys_open+0x2f0/0x610 [ 476.431674] [<000000002e65d1a3>] ? filp_open+0x70/0x70 [ 476.437047] [<000000000b1e4734>] ? __do_page_fault+0x545/0xa60 [ 476.443110] [<000000003f33a47b>] SyS_open+0x2d/0x40 [ 476.448214] [<00000000cb2df7a0>] ? do_sys_open+0x610/0x610 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.454105] [<00000000fd555c29>] do_syscall_64+0x1ad/0x5c0 [ 476.459835] [<000000001327c406>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 476.466783] [ 476.468416] Allocated by task 2177: [ 476.472051] save_stack_trace+0x16/0x20 [ 476.476032] kasan_kmalloc.part.0+0x62/0xf0 [ 476.480360] kasan_kmalloc+0xb7/0xd0 [ 476.484099] kmem_cache_alloc_trace+0x115/0x2d0 [ 476.488769] alloc_disk_node+0x50/0x3c0 [ 476.492743] alloc_disk+0x1b/0x20 [ 476.496196] loop_add+0x37e/0x7d0 [ 476.499651] loop_probe+0x154/0x180 [ 476.503273] kobj_lookup+0x221/0x410 [ 476.506982] get_gendisk+0x3c/0x2d0 [ 476.510608] __blkdev_get+0x356/0xeb0 [ 476.514410] blkdev_get+0x2e8/0x920 [ 476.518034] blkdev_open+0x1aa/0x250 [ 476.521746] do_dentry_open+0x422/0xd20 [ 476.525719] vfs_open+0x105/0x230 [ 476.529171] path_openat+0xbf5/0x2f60 [ 476.532968] do_filp_open+0x1a1/0x280 [ 476.536764] do_sys_open+0x2f0/0x610 [ 476.540472] SyS_open+0x2d/0x40 [ 476.543772] do_syscall_64+0x1ad/0x5c0 [ 476.547662] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 476.552785] [ 476.554413] Freed by task 2177: [ 476.557700] save_stack_trace+0x16/0x20 [ 476.561680] kasan_slab_free+0xb0/0x190 [ 476.565652] kfree+0xfc/0x310 [ 476.568783] disk_release+0x255/0x330 [ 476.572584] device_release+0x7d/0x220 [ 476.576468] kobject_put+0x150/0x260 [ 476.580181] put_disk+0x23/0x30 [ 476.583459] __blkdev_get+0x61a/0xeb0 [ 476.587257] blkdev_get+0x2e8/0x920 [ 476.590880] blkdev_open+0x1aa/0x250 [ 476.594764] do_dentry_open+0x422/0xd20 [ 476.598734] vfs_open+0x105/0x230 [ 476.602184] path_openat+0xbf5/0x2f60 [ 476.605979] do_filp_open+0x1a1/0x280 [ 476.609772] do_sys_open+0x2f0/0x610 [ 476.613485] SyS_open+0x2d/0x40 [ 476.616758] do_syscall_64+0x1ad/0x5c0 [ 476.620641] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 476.625747] [ 476.627368] The buggy address belongs to the object at ffff8801cad2a200 [ 476.627368] which belongs to the cache kmalloc-2048 of size 2048 [ 476.640548] The buggy address is located 1376 bytes inside of [ 476.640548] 2048-byte region [ffff8801cad2a200, ffff8801cad2aa00) [ 476.652595] The buggy address belongs to the page: [ 476.657524] page:ffffea00072b4a00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 476.667764] flags: 0x4000000000010200(slab|head) [ 476.672513] page dumped because: kasan: bad access detected [ 476.678216] [ 476.679912] Memory state around the buggy address: [ 476.684851] ffff8801cad2a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 476.692216] ffff8801cad2a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 476.699601] >ffff8801cad2a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.706956] ^ [ 476.713446] ffff8801cad2a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 476.720803] ffff8801cad2a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 476.728158] ================================================================== [ 476.735515] Disabling lock debugging due to kernel taint [ 476.748337] Kernel panic - not syncing: panic_on_warn set ... [ 476.748337] executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.755847] CPU: 1 PID: 2177 Comm: syz-executor888 Tainted: G B 4.9.194+ #0 [ 476.764067] ffff8801caddf670 ffffffff81b67001 ffff8801caddf700 ffffffff82e40f17 [ 476.772132] 00000000ffffffff 0000000000000001 ffffffff81b3b4b5 ffff8801caddf750 [ 476.780204] ffffffff813fef3a 0000000041b58ab3 ffffffff82e32f55 ffffffff813fed61 [ 476.788281] Call Trace: [ 476.790873] [<0000000095c7a933>] dump_stack+0xc1/0x120 [ 476.796240] [<00000000a31f1622>] ? disk_unblock_events+0x55/0x60 [ 476.802494] [<000000000a0f8266>] panic+0x1d9/0x3bd executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.807517] [<00000000f99357e3>] ? add_taint.cold+0x16/0x16 [ 476.813357] [<000000008c148eb2>] ? preempt_schedule_common+0x4f/0xe0 [ 476.819946] [<00000000a31f1622>] ? disk_unblock_events+0x55/0x60 [ 476.826184] [<00000000749319ae>] ? preempt_schedule+0x26/0x30 [ 476.832162] [<00000000f3b4d979>] ? ___preempt_schedule+0x16/0x18 [ 476.838409] [<00000000c8cca0b7>] kasan_end_report+0x47/0x4f [ 476.844219] [<0000000031521f85>] kasan_report.cold+0xa9/0x2ba [ 476.850202] [<000000005afefe01>] __asan_report_load8_noabort+0x14/0x20 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.856960] [<00000000a31f1622>] disk_unblock_events+0x55/0x60 [ 476.863030] [<00000000eb342e2d>] __blkdev_get+0x6ba/0xeb0 [ 476.868658] [<0000000041b63176>] ? __blkdev_put+0x840/0x840 [ 476.874571] [<0000000048b4d871>] blkdev_get+0x2e8/0x920 [ 476.880028] [<00000000e289bde4>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 476.886799] [<0000000076f3a064>] ? bd_may_claim+0xd0/0xd0 [ 476.892430] [<00000000d51f3250>] ? bd_acquire+0x26/0x250 [ 476.898077] [<00000000cc80883d>] ? bd_acquire+0x88/0x250 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.903628] [<0000000079864876>] ? _raw_spin_unlock+0x2d/0x50 [ 476.912123] [<00000000b6a001f8>] blkdev_open+0x1aa/0x250 [ 476.917707] [<00000000ef49ecd4>] do_dentry_open+0x422/0xd20 [ 476.923514] [<000000003cb3a13c>] ? blkdev_get_by_dev+0x80/0x80 [ 476.929578] [<0000000052ccc724>] vfs_open+0x105/0x230 [ 476.934865] [<0000000008aec44c>] ? may_open.isra.0+0x139/0x290 [ 476.940929] [<00000000db4734b6>] path_openat+0xbf5/0x2f60 [ 476.946563] [<00000000f5edd3d4>] ? path_mountpoint+0x6d0/0x6d0 [ 476.952630] [<00000000c9118141>] do_filp_open+0x1a1/0x280 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 476.958260] [<000000006e46424c>] ? may_open_dev+0xe0/0xe0 [ 476.963891] [<00000000f4ab6a47>] ? __alloc_fd+0x1d4/0x490 [ 476.969520] [<0000000079864876>] ? _raw_spin_unlock+0x2d/0x50 [ 476.975498] [<00000000f4ab6a47>] ? __alloc_fd+0x1d4/0x490 [ 476.981129] [<00000000412acdca>] do_sys_open+0x2f0/0x610 [ 476.986676] [<000000002e65d1a3>] ? filp_open+0x70/0x70 [ 476.992071] [<000000000b1e4734>] ? __do_page_fault+0x545/0xa60 [ 476.998136] [<000000003f33a47b>] SyS_open+0x2d/0x40 [ 477.003245] [<00000000cb2df7a0>] ? do_sys_open+0x610/0x610 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 477.008958] [<00000000fd555c29>] do_syscall_64+0x1ad/0x5c0 [ 477.014677] [<000000001327c406>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 477.022107] Kernel Offset: disabled [ 477.025740] Rebooting in 86400 seconds..