Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 43.227255] ================================================================== [ 43.234662] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 43.241404] Read of size 8 at addr ffff8801d2157c68 by task blkid/2260 [ 43.248054] [ 43.249680] CPU: 0 PID: 2260 Comm: blkid Not tainted 4.4.166+ #4 [ 43.255813] 0000000000000000 d7fc45356407938e ffff8801d1caf6d0 ffffffff81aa62ad [ 43.263881] ffffea0007485400 ffff8801d2157c68 0000000000000000 ffff8801d2157c68 [ 43.271949] 0000000000000000 ffff8801d1caf708 ffffffff8148b12b ffff8801d2157c68 [ 43.279999] Call Trace: [ 43.282590] [] dump_stack+0xc1/0x124 [ 43.287951] [] print_address_description+0x6c/0x217 [ 43.294613] [] kasan_report.cold.6+0x175/0x2f7 [ 43.300847] [] ? disk_unblock_events+0x51/0x60 [ 43.307077] [] __asan_report_load8_noabort+0x14/0x20 [ 43.313823] [] disk_unblock_events+0x51/0x60 [ 43.319889] [] __blkdev_get+0x70c/0xdf0 [ 43.325505] [] ? trace_hardirqs_on+0x10/0x10 [ 43.331553] [] ? __blkdev_put+0x840/0x840 [ 43.337344] [] ? avc_has_perm_noaudit+0x197/0x2f0 [ 43.343832] [] ? avc_has_perm_noaudit+0x90/0x2f0 [ 43.350233] [] ? fsnotify+0x866/0x10c0 [ 43.355759] [] blkdev_get+0x2da/0x920 [ 43.361216] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 43.367960] [] ? bd_may_claim+0xd0/0xd0 [ 43.373578] [] ? bd_acquire+0x29/0x370 [ 43.379105] [] ? bd_acquire+0x8a/0x370 [ 43.384640] [] ? _raw_spin_unlock+0x2c/0x50 [ 43.390609] [] blkdev_open+0x1a5/0x250 [ 43.396140] [] do_dentry_open+0x38d/0xbd0 [ 43.401931] [] ? __inode_permission2+0x9b/0x240 [ 43.408240] [] ? blkdev_get_by_dev+0x70/0x70 [ 43.414293] [] vfs_open+0x12a/0x210 [ 43.419564] [] ? may_open.isra.19+0x156/0x240 [ 43.425700] [] path_openat+0xc10/0x3f10 [ 43.431318] [] ? may_open.isra.19+0x240/0x240 [ 43.437454] [] ? getname+0x19/0x20 [ 43.442637] [] ? do_sys_open+0x203/0x610 [ 43.448338] [] ? SyS_open+0x2d/0x40 [ 43.453615] [] ? entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.460362] [] ? trace_hardirqs_on+0x10/0x10 [ 43.466415] [] do_filp_open+0x197/0x270 [ 43.472043] [] ? user_path_mountpoint_at+0x70/0x70 [ 43.478617] [] ? __alloc_fd+0x36/0x4a0 [ 43.484153] [] ? _raw_spin_unlock+0x2c/0x50 [ 43.490116] [] ? __alloc_fd+0x1f3/0x4a0 [ 43.495730] [] do_sys_open+0x31c/0x610 [ 43.501259] [] ? filp_open+0x70/0x70 [ 43.506617] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 43.513473] [] SyS_open+0x2d/0x40 [ 43.518569] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.525138] [ 43.526755] Allocated by task 2254: [ 43.530380] [] save_stack_trace+0x26/0x50 [ 43.536309] [] kasan_kmalloc.part.1+0x62/0xf0 [ 43.542580] [] kasan_kmalloc+0xaf/0xc0 [ 43.548242] [] kmem_cache_alloc_trace+0x117/0x2d0 [ 43.554932] [] alloc_disk_node+0x54/0x3a0 [ 43.560850] [] alloc_disk+0x18/0x20 [ 43.566250] [] loop_add+0x36b/0x7c0 [ 43.571694] [] loop_control_ioctl+0x136/0x300 [ 43.577958] [] do_vfs_ioctl+0x63f/0xf40 [ 43.583705] [] SyS_ioctl+0x8f/0xc0 [ 43.589021] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.595745] [ 43.597373] Freed by task 2260: [ 43.600641] [] save_stack_trace+0x26/0x50 [ 43.606564] [] kasan_slab_free+0xac/0x190 [ 43.612496] [] kfree+0xf4/0x310 [ 43.617584] [] disk_release+0x259/0x330 [ 43.623346] [] device_release+0x7e/0x220 [ 43.629194] [] kobject_put+0x144/0x260 [ 43.634890] [] put_disk+0x23/0x30 [ 43.640114] [] __blkdev_get+0x66c/0xdf0 [ 43.645866] [] blkdev_get+0x2da/0x920 [ 43.651442] [] blkdev_open+0x1a5/0x250 [ 43.657105] [] do_dentry_open+0x38d/0xbd0 [ 43.663035] [] vfs_open+0x12a/0x210 [ 43.668437] [] path_openat+0xc10/0x3f10 [ 43.674182] [] do_filp_open+0x197/0x270 [ 43.679947] [] do_sys_open+0x31c/0x610 [ 43.685617] [] SyS_open+0x2d/0x40 [ 43.690859] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 43.697607] [ 43.699223] The buggy address belongs to the object at ffff8801d2157700 [ 43.699223] which belongs to the cache kmalloc-2048 of size 2048 [ 43.712049] The buggy address is located 1384 bytes inside of [ 43.712049] 2048-byte region [ffff8801d2157700, ffff8801d2157f00) [ 43.724112] The buggy address belongs to the page: [ 43.734007] kasan: CONFIG_KASAN_INLINE enabled [ 43.738422] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 43.751402] Modules linked in: [ 43.754719] CPU: 1 PID: 2521 Comm: syz-executor694 Not tainted 4.4.166+ #4 [ 43.761724] task: ffff8800b22717c0 task.stack: ffff8800b2288000 [ 43.767776] RIP: 0010:[] [] debug_check_no_obj_freed+0x1a2/0x890 [ 43.777271] RSP: 0018:ffff8800b228fc90 EFLAGS: 00010803 [ 43.782707] RAX: 0000000000000292 RBX: 41e5894855000000 RCX: ffffffff84051f00 [ 43.790274] RDX: 12dc3d1bf1290161 RSI: 0000000000000002 RDI: ffffffff81426a8d [ 43.797553] RBP: ffff8800b228fd78 R08: ffff8800b228fd10 R09: dead000000000200 [ 43.804812] R10: 0000000000061c80 R11: ffffffff831a49f8 R12: 96e1e8df89480b0f [ 43.812086] R13: ffffffff840ed908 R14: 96e1e8df89480b0f R15: dffffc0000000000 [ 43.819388] FS: 000000000244d880(0063) GS:ffff8801db700000(0000) knlGS:0000000000000000 [ 43.827602] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.833503] CR2: 0000000000421af0 CR3: 00000000b69ce000 CR4: 00000000001606b0 [ 43.840779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.848046] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.855304] Stack: [ 43.857445] ffff8800b228fe40 ffff8800b228fdf0 ffffffff840ed900 ffff8801d2aa6000 [ 43.865508] ffff8801d2aa50b0 0000000000000000 ffff8800b228fdb8 000000000009ba00 [ 43.873621] fffffbfff081db20 1ffff10016451f9e ffff8801d2aa50a0 ffff8801d2aa5000 [ 43.881709] Call Trace: [ 43.884294] [] ? debug_object_active_state+0x3b0/0x3b0 [ 43.891216] [] ? kmem_cache_free+0x9e/0x350 [ 43.897187] [] ? selinux_file_free_security+0x49/0x60 [ 43.904024] [] ? selinux_file_free_security+0x49/0x60 [ 43.910881] [] kmem_cache_free+0x18f/0x350 [ 43.917239] [] selinux_file_free_security+0x49/0x60 [ 43.923900] [] security_file_free+0x4e/0x90 [ 43.929869] [] __fput+0x242/0x6f0 [ 43.934963] [] ____fput+0x15/0x20 [ 43.940068] [] task_work_run+0x21c/0x2d0 [ 43.945818] [] exit_to_usermode_loop+0x13d/0x160 [ 43.952218] [] syscall_return_slowpath+0x254/0x2d0 [ 43.958810] [] int_ret_from_sys_call+0x25/0xa3 [ 43.965027] Code: 48 c7 c1 00 1f 05 84 4c 8b 34 31 4d 85 f6 0f 84 aa 03 00 00 49 b9 00 02 00 00 00 00 ad de 31 f6 4c 8d 45 98 4c 89 f2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 90 03 00 00 49 8d 7e 18 83 c6 01 4d 8b 26 [ 43.993262] RIP [] debug_check_no_obj_freed+0x1a2/0x890 [ 44.000408] RSP [ 44.004029] ---[ end trace 7cff5e28a38f99ab ]--- [ 44.008782] Kernel panic - not syncing: Fatal exception [ 45.203485] Shutting down cpus with NMI [ 45.208739] Kernel Offset: disabled [ 45.212362] Rebooting in 86400 seconds..