INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2018/04/16 18:41:44 parsed 1 programs 2018/04/16 18:41:44 executed programs: 0 [ 171.269925] IPVS: Creating netns size=2536 id=1 [ 171.291244] IPVS: Creating netns size=2536 id=2 [ 171.305618] IPVS: Creating netns size=2536 id=3 [ 171.318665] IPVS: Creating netns size=2536 id=4 [ 171.352315] IPVS: Creating netns size=2536 id=5 [ 171.388879] IPVS: Creating netns size=2536 id=6 [ 171.426399] IPVS: Creating netns size=2536 id=7 [ 171.450629] IPVS: Creating netns size=2536 id=8 [ 173.728795] ================================================================== [ 173.736211] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 173.742958] Read of size 8 at addr ffff8801cb578de0 by task syz-executor5/4600 [ 173.750303] [ 173.751933] CPU: 1 PID: 4600 Comm: syz-executor5 Not tainted 4.9.94-g8683408 #3 [ 173.759365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.768715] ffff8801cca176c8 ffffffff81d9b509 ffffea00072d5e00 ffff8801cb578de0 [ 173.776817] 0000000000000000 ffff8801cb578de0 0000000000000000 ffff8801cca17700 [ 173.784861] ffffffff815652cb ffff8801cb578de0 0000000000000008 0000000000000000 [ 173.792896] Call Trace: [ 173.795525] [] dump_stack+0xc1/0x128 [ 173.801153] [] print_address_description+0x6c/0x234 [ 173.807818] [] kasan_report.cold.6+0x242/0x2fe [ 173.814048] [] ? disk_unblock_events+0x51/0x60 [ 173.820302] [] __asan_report_load8_noabort+0x14/0x20 [ 173.827046] [] disk_unblock_events+0x51/0x60 [ 173.833105] [] __blkdev_get+0x6b6/0xd60 [ 173.838731] [] ? __blkdev_put+0x840/0x840 [ 173.844523] [] ? fsnotify+0x114/0x1100 [ 173.850062] [] blkdev_get+0x2da/0x920 [ 173.855510] [] ? bd_may_claim+0xd0/0xd0 [ 173.861137] [] ? bd_acquire+0x27/0x250 [ 173.866675] [] ? bd_acquire+0x88/0x250 [ 173.872241] [] ? _raw_spin_unlock+0x2c/0x50 [ 173.878215] [] blkdev_open+0x1a5/0x250 [ 173.883753] [] do_dentry_open+0x703/0xc80 [ 173.889551] [] ? blkdev_get_by_dev+0x70/0x70 [ 173.895611] [] vfs_open+0x11c/0x210 [ 173.900887] [] ? may_open.isra.57+0x14f/0x2a0 [ 173.907043] [] path_openat+0x758/0x3590 [ 173.912697] [] ? save_stack+0xa9/0xd0 [ 173.918154] [] ? path_lookupat.isra.41+0x410/0x410 [ 173.924734] [] ? __lock_is_held+0xa2/0xf0 [ 173.930533] [] do_filp_open+0x197/0x270 [ 173.936159] [] ? may_open_dev+0xe0/0xe0 [ 173.941785] [] ? _raw_spin_unlock+0x2c/0x50 [ 173.947774] [] ? __alloc_fd+0x1d7/0x4a0 [ 173.953399] [] do_sys_open+0x30d/0x5c0 [ 173.958946] [] ? filp_open+0x70/0x70 [ 173.964289] [] ? up_read+0x1a/0x40 [ 173.969461] [] compat_SyS_open+0x2a/0x40 [ 173.975145] [] ? compat_SyS_getdents64+0x280/0x280 [ 173.981700] [] do_fast_syscall_32+0x2f7/0x870 [ 173.987817] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 173.994458] [] entry_SYSENTER_compat+0x90/0xa2 [ 174.000660] [ 174.002262] Allocated by task 4600: [ 174.005865] save_stack_trace+0x16/0x20 [ 174.009825] save_stack+0x43/0xd0 [ 174.013255] kasan_kmalloc+0xc7/0xe0 [ 174.016947] kmem_cache_alloc_trace+0xfd/0x2b0 [ 174.021504] alloc_disk_node+0x54/0x3a0 [ 174.025451] alloc_disk+0x18/0x20 [ 174.028878] loop_add+0x33b/0x770 [ 174.032305] loop_probe+0x14f/0x180 [ 174.035908] kobj_lookup+0x223/0x410 [ 174.039594] get_gendisk+0x39/0x2d0 [ 174.043203] __blkdev_get+0x351/0xd60 [ 174.046974] blkdev_get+0x2da/0x920 [ 174.050571] blkdev_open+0x1a5/0x250 [ 174.054258] do_dentry_open+0x703/0xc80 [ 174.058213] vfs_open+0x11c/0x210 [ 174.061649] path_openat+0x758/0x3590 [ 174.065438] do_filp_open+0x197/0x270 [ 174.069220] do_sys_open+0x30d/0x5c0 [ 174.072911] compat_SyS_open+0x2a/0x40 [ 174.076774] do_fast_syscall_32+0x2f7/0x870 [ 174.081066] entry_SYSENTER_compat+0x90/0xa2 [ 174.085442] [ 174.087044] Freed by task 4600: [ 174.090299] save_stack_trace+0x16/0x20 [ 174.094259] save_stack+0x43/0xd0 [ 174.097687] kasan_slab_free+0x72/0xc0 [ 174.101569] kfree+0xfb/0x310 [ 174.104671] disk_release+0x259/0x330 [ 174.108457] device_release+0x7e/0x220 [ 174.112321] kobject_release+0x103/0x1b0 [ 174.116363] kobject_put+0x6d/0xd0 [ 174.119889] put_disk+0x23/0x30 [ 174.123160] __blkdev_get+0x616/0xd60 [ 174.126935] blkdev_get+0x2da/0x920 [ 174.130535] blkdev_open+0x1a5/0x250 [ 174.134230] do_dentry_open+0x703/0xc80 [ 174.138178] vfs_open+0x11c/0x210 [ 174.141607] path_openat+0x758/0x3590 [ 174.145388] do_filp_open+0x197/0x270 [ 174.149164] do_sys_open+0x30d/0x5c0 [ 174.152858] compat_SyS_open+0x2a/0x40 [ 174.156722] do_fast_syscall_32+0x2f7/0x870 [ 174.161036] entry_SYSENTER_compat+0x90/0xa2 [ 174.165415] [ 174.167018] The buggy address belongs to the object at ffff8801cb578880 [ 174.167018] which belongs to the cache kmalloc-2048 of size 2048 [ 174.179826] The buggy address is located 1376 bytes inside of [ 174.179826] 2048-byte region [ffff8801cb578880, ffff8801cb579080) [ 174.191864] The buggy address belongs to the page: [ 174.196784] page:ffffea00072d5e00 count:1 mapcount:0 mapping: (null) index:0xffff8801cb57ee80 compound_mapcount: 0 [ 174.208288] flags: 0x8000000000004080(slab|head) [ 174.213016] page dumped because: kasan: bad access detected [ 174.218695] [ 174.220295] Memory state around the buggy address: [ 174.225201] ffff8801cb578c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.232543] ffff8801cb578d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.239883] >ffff8801cb578d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.247215] ^ [ 174.253681] ffff8801cb578e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.261020] ffff8801cb578e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.268358] ================================================================== [ 174.275690] Disabling lock debugging due to kernel taint [ 174.284483] Kernel panic - not syncing: panic_on_warn set ... [ 174.284483] [ 174.291887] CPU: 1 PID: 4600 Comm: syz-executor5 Tainted: G B 4.9.94-g8683408 #3 [ 174.300542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.309897] ffff8801cca17628 ffffffff81d9b509 ffffffff841a8a65 00000000ffffffff [ 174.317948] 0000000000000000 0000000000000001 0000000000000000 ffff8801cca176e8 [ 174.326000] ffffffff8141f845 0000000041b58ab3 ffffffff8419c168 ffffffff8141f686 [ 174.334076] Call Trace: [ 174.336671] [] dump_stack+0xc1/0x128 [ 174.342052] [] panic+0x1bf/0x3bc [ 174.347069] [] ? add_taint.cold.6+0x16/0x16 [ 174.353038] [] ? ___preempt_schedule+0x16/0x18 [ 174.359251] [] kasan_end_report+0x47/0x4f [ 174.365025] [] kasan_report.cold.6+0x76/0x2fe [ 174.371149] [] ? disk_unblock_events+0x51/0x60 [ 174.377361] [] __asan_report_load8_noabort+0x14/0x20 [ 174.384104] [] disk_unblock_events+0x51/0x60 [ 174.390148] [] __blkdev_get+0x6b6/0xd60 [ 174.395762] [] ? __blkdev_put+0x840/0x840 [ 174.401540] [] ? fsnotify+0x114/0x1100 [ 174.407060] [] blkdev_get+0x2da/0x920 [ 174.412485] [] ? bd_may_claim+0xd0/0xd0 [ 174.418088] [] ? bd_acquire+0x27/0x250 [ 174.423604] [] ? bd_acquire+0x88/0x250 [ 174.429126] [] ? _raw_spin_unlock+0x2c/0x50 [ 174.435080] [] blkdev_open+0x1a5/0x250 [ 174.440597] [] do_dentry_open+0x703/0xc80 [ 174.446377] [] ? blkdev_get_by_dev+0x70/0x70 [ 174.452409] [] vfs_open+0x11c/0x210 [ 174.457662] [] ? may_open.isra.57+0x14f/0x2a0 [ 174.463785] [] path_openat+0x758/0x3590 [ 174.469383] [] ? save_stack+0xa9/0xd0 [ 174.474822] [] ? path_lookupat.isra.41+0x410/0x410 [ 174.481380] [] ? __lock_is_held+0xa2/0xf0 [ 174.487157] [] do_filp_open+0x197/0x270 [ 174.492758] [] ? may_open_dev+0xe0/0xe0 [ 174.498359] [] ? _raw_spin_unlock+0x2c/0x50 [ 174.504311] [] ? __alloc_fd+0x1d7/0x4a0 [ 174.509917] [] do_sys_open+0x30d/0x5c0 [ 174.515447] [] ? filp_open+0x70/0x70 [ 174.520788] [] ? up_read+0x1a/0x40 [ 174.525957] [] compat_SyS_open+0x2a/0x40 [ 174.531646] [] ? compat_SyS_getdents64+0x280/0x280 [ 174.538205] [] do_fast_syscall_32+0x2f7/0x870 [ 174.544341] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.550987] [] entry_SYSENTER_compat+0x90/0xa2 [ 174.557680] Dumping ftrace buffer: [ 174.561204] (ftrace buffer empty) [ 174.564894] Kernel Offset: disabled [ 174.568496] Rebooting in 86400 seconds..