Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   33.751719] ==================================================================
[   33.759151] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60
[   33.765888] Read of size 8 at addr ffff8800b64fa768 by task syz-executor311/2099
[   33.773404] 
[   33.775045] CPU: 0 PID: 2099 Comm: syz-executor311 Not tainted 4.4.166+ #17
[   33.782140]  0000000000000000 fb21ab47d6d5ab1e ffff8800b64e7660 ffffffff81aa62ad
[   33.790231]  ffffea0002d93e00 ffff8800b64fa768 0000000000000000 ffff8800b64fa768
executing program
executing program
executing program
executing program
[   33.798360]  0000000000000000 ffff8800b64e7698 ffffffff8148b12b ffff8800b64fa768
[   33.806425] Call Trace:
[   33.809006]  [<ffffffff81aa62ad>] dump_stack+0xc1/0x124
[   33.814364]  [<ffffffff8148b12b>] print_address_description+0x6c/0x217
[   33.821023]  [<ffffffff8148b44b>] kasan_report.cold.6+0x175/0x2f7
[   33.827252]  [<ffffffff81a7b921>] ? disk_unblock_events+0x51/0x60
[   33.833489]  [<ffffffff81480174>] __asan_report_load8_noabort+0x14/0x20
[   33.840238]  [<ffffffff81a7b921>] disk_unblock_events+0x51/0x60
[   33.846290]  [<ffffffff8154911c>] __blkdev_get+0x70c/0xdf0
executing program
executing program
[   33.851913]  [<ffffffff811fc640>] ? trace_hardirqs_on+0x10/0x10
[   33.857981]  [<ffffffff81548a10>] ? __blkdev_put+0x840/0x840
[   33.863781]  [<ffffffff815451e0>] ? blkdev_get_block+0x80/0x80
[   33.869743]  [<ffffffff8154ba8a>] blkdev_get+0x2da/0x920
[   33.875239]  [<ffffffff81237c97>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.882011]  [<ffffffff8154b7b0>] ? bd_may_claim+0xd0/0xd0
[   33.887625]  [<ffffffff8154af60>] ? bd_acquire+0x100/0x370
[   33.893254]  [<ffffffff8154af97>] ? bd_acquire+0x137/0x370
[   33.898874]  [<ffffffff827151bc>] ? _raw_spin_unlock+0x2c/0x50
[   33.904863]  [<ffffffff8154c2e5>] blkdev_open+0x1a5/0x250
[   33.910396]  [<ffffffff8148c4cd>] do_dentry_open+0x38d/0xbd0
[   33.916194]  [<ffffffff814b193b>] ? __inode_permission2+0x9b/0x240
[   33.922505]  [<ffffffff8154c140>] ? blkdev_get_by_dev+0x70/0x70
[   33.928554]  [<ffffffff8148fc3a>] vfs_open+0x12a/0x210
[   33.933919]  [<ffffffff814bf226>] ? may_open.isra.19+0x156/0x240
[   33.940083]  [<ffffffff814bff20>] path_openat+0xc10/0x3f10
[   33.945726]  [<ffffffff814bf310>] ? may_open.isra.19+0x240/0x240
[   33.951861]  [<ffffffff81490443>] ? do_sys_open+0x203/0x610
[   33.957562]  [<ffffffff81592eca>] ? compat_SyS_open+0x2a/0x40
[   33.963439]  [<ffffffff810060fe>] ? do_fast_syscall_32+0x31e/0xa80
[   33.969751]  [<ffffffff82717550>] ? sysenter_flags_fixed+0xd/0x1a
[   33.975982]  [<ffffffff811fc640>] ? trace_hardirqs_on+0x10/0x10
[   33.982032]  [<ffffffff81237c97>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.988786]  [<ffffffff810a2ee0>] ? native_set_pgd+0x50/0x50
[   33.994592]  [<ffffffff814c6eb7>] do_filp_open+0x197/0x270
[   34.000215]  [<ffffffff814c6d20>] ? user_path_mountpoint_at+0x70/0x70
[   34.006794]  [<ffffffff827151bc>] ? _raw_spin_unlock+0x2c/0x50
[   34.012785]  [<ffffffff814ed8e3>] ? __alloc_fd+0x1f3/0x4a0
[   34.018405]  [<ffffffff8149055c>] do_sys_open+0x31c/0x610
[   34.023932]  [<ffffffff81490240>] ? filp_open+0x70/0x70
[   34.029286]  [<ffffffff810ab7c6>] ? __do_page_fault+0x2b6/0x7e0
[   34.035342]  [<ffffffff81592eca>] compat_SyS_open+0x2a/0x40
[   34.041044]  [<ffffffff81592ea0>] ? compat_SyS_getdents64+0x260/0x260
[   34.047615]  [<ffffffff810060fe>] do_fast_syscall_32+0x31e/0xa80
[   34.053755]  [<ffffffff82717550>] sysenter_flags_fixed+0xd/0x1a
[   34.059820] 
[   34.061450] Allocated by task 2099:
[   34.065058]  [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50
[   34.070979]  [<ffffffff8147f1b2>] kasan_kmalloc.part.1+0x62/0xf0
[   34.077264]  [<ffffffff8147f42f>] kasan_kmalloc+0xaf/0xc0
[   34.082924]  [<ffffffff8147b3e7>] kmem_cache_alloc_trace+0x117/0x2d0
[   34.089541]  [<ffffffff81a7ab44>] alloc_disk_node+0x54/0x3a0
[   34.095498]  [<ffffffff81a7aea8>] alloc_disk+0x18/0x20
[   34.100905]  [<ffffffff81d3c8db>] loop_add+0x36b/0x7c0
[   34.106322]  [<ffffffff81d3d266>] loop_control_ioctl+0x136/0x300
[   34.112590]  [<ffffffff8159463f>] compat_SyS_ioctl+0x4af/0x2220
[   34.118785]  [<ffffffff810060fe>] do_fast_syscall_32+0x31e/0xa80
[   34.125084]  [<ffffffff82717550>] sysenter_flags_fixed+0xd/0x1a
[   34.131285] 
[   34.132899] Freed by task 2099:
[   34.136163]  [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50
[   34.142106]  [<ffffffff8147faac>] kasan_slab_free+0xac/0x190
[   34.148026]  [<ffffffff8147ce84>] kfree+0xf4/0x310
[   34.153101]  [<ffffffff81a793c9>] disk_release+0x259/0x330
[   34.158848]  [<ffffffff81cf130e>] device_release+0x7e/0x220
[   34.164691]  [<ffffffff81aac0a4>] kobject_put+0x144/0x260
[   34.170371]  [<ffffffff81a770d3>] put_disk+0x23/0x30
[   34.175609]  [<ffffffff8154907c>] __blkdev_get+0x66c/0xdf0
[   34.181361]  [<ffffffff8154ba8a>] blkdev_get+0x2da/0x920
[   34.186948]  [<ffffffff8154c2e5>] blkdev_open+0x1a5/0x250
[   34.192624]  [<ffffffff8148c4cd>] do_dentry_open+0x38d/0xbd0
[   34.198563]  [<ffffffff8148fc3a>] vfs_open+0x12a/0x210
[   34.203971]  [<ffffffff814bff20>] path_openat+0xc10/0x3f10
[   34.209718]  [<ffffffff814c6eb7>] do_filp_open+0x197/0x270
[   34.215464]  [<ffffffff8149055c>] do_sys_open+0x31c/0x610
[   34.221123]  [<ffffffff81592eca>] compat_SyS_open+0x2a/0x40
[   34.226957]  [<ffffffff810060fe>] do_fast_syscall_32+0x31e/0xa80
[   34.233254]  [<ffffffff82717550>] sysenter_flags_fixed+0xd/0x1a
[   34.239451] 
[   34.241218] The buggy address belongs to the object at ffff8800b64fa200
[   34.241218]  which belongs to the cache kmalloc-2048 of size 2048
[   34.254068] The buggy address is located 1384 bytes inside of
[   34.254068]  2048-byte region [ffff8800b64fa200, ffff8800b64faa00)
[   34.266104] The buggy address belongs to the page:
[   34.273750] ------------[ cut here ]------------