Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   23.192401] ==================================================================
[   23.199803] BUG: KASAN: use-after-free in disk_unblock_events+0x55/0x60
[   23.206550] Read of size 8 at addr ffff8801cee2f3e8 by task blkid/2193
[   23.213200] 
[   23.214826] CPU: 0 PID: 2193 Comm: blkid Not tainted 4.4.174+ #4
[   23.220958]  0000000000000000 de0d443612faf0c5 ffff8800b55ef730 ffffffff81aad1a1
[   23.229014]  0000000000000000 ffffea00073b8a00 ffff8801cee2f3e8 0000000000000008
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.237114]  0000000000000000 ffff8800b55ef768 ffffffff81490120 0000000000000000
[   23.245153] Call Trace:
[   23.247735]  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120
[   23.253107]  [<ffffffff81490120>] print_address_description+0x6f/0x21b
[   23.259767]  [<ffffffff81490358>] kasan_report.cold+0x8c/0x2be
[   23.265732]  [<ffffffff81a82965>] ? disk_unblock_events+0x55/0x60
[   23.271960]  [<ffffffff81484ed4>] __asan_report_load8_noabort+0x14/0x20
[   23.278706]  [<ffffffff81a82965>] disk_unblock_events+0x55/0x60
[   23.284754]  [<ffffffff8154efcc>] __blkdev_get+0x70c/0xdf0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.290372]  [<ffffffff8154e8c0>] ? __blkdev_put+0x840/0x840
[   23.296168]  [<ffffffff811ff5b0>] ? trace_hardirqs_on+0x10/0x10
[   23.302219]  [<ffffffff81551938>] blkdev_get+0x2e8/0x920
[   23.307660]  [<ffffffff81551650>] ? bd_may_claim+0xd0/0xd0
[   23.313280]  [<ffffffff81550d7a>] ? bd_acquire+0x8a/0x370
[   23.318810]  [<ffffffff82717f6d>] ? _raw_spin_unlock+0x2d/0x50
[   23.324776]  [<ffffffff8155219a>] blkdev_open+0x1aa/0x250
[   23.330308]  [<ffffffff8149154f>] do_dentry_open+0x38f/0xbd0
[   23.336103]  [<ffffffff814b6d8e>] ? __inode_permission2+0x9e/0x250
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.342412]  [<ffffffff81551ff0>] ? blkdev_get_by_dev+0x80/0x80
[   23.348463]  [<ffffffff81494d3b>] vfs_open+0x10b/0x210
[   23.353734]  [<ffffffff814c4947>] ? may_open.isra.0+0xe7/0x210
[   23.359709]  [<ffffffff814c5ddf>] path_openat+0x136f/0x4470
[   23.365413]  [<ffffffff81483f86>] ? kasan_kmalloc.part.0+0xc6/0xf0
[   23.371815]  [<ffffffff814c4a70>] ? may_open.isra.0+0x210/0x210
[   23.377870]  [<ffffffff811ff5b0>] ? trace_hardirqs_on+0x10/0x10
[   23.383921]  [<ffffffff814ccab1>] do_filp_open+0x1a1/0x270
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.389538]  [<ffffffff814ca46c>] ? getname_flags+0xcc/0x550
[   23.395334]  [<ffffffff814cc910>] ? user_path_mountpoint_at+0x50/0x50
[   23.401906]  [<ffffffff814f32ea>] ? __alloc_fd+0x1ea/0x490
[   23.407521]  [<ffffffff82717f6d>] ? _raw_spin_unlock+0x2d/0x50
[   23.413483]  [<ffffffff81495668>] do_sys_open+0x2f8/0x600
[   23.419009]  [<ffffffff81495370>] ? filp_open+0x70/0x70
[   23.424367]  [<ffffffff82719755>] ? retint_user+0x18/0x3c
[   23.429898]  [<ffffffff811ff385>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   23.436730]  [<ffffffff8149599d>] SyS_open+0x2d/0x40
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.441830]  [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   23.448394] 
[   23.450360] Allocated by task 2181:
[   23.453973]  [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50
[   23.460388]  [<ffffffff81483f22>] kasan_kmalloc.part.0+0x62/0xf0
[   23.466653]  [<ffffffff81484197>] kasan_kmalloc+0xb7/0xd0
[   23.472315]  [<ffffffff814801a3>] kmem_cache_alloc_trace+0x123/0x2d0
[   23.478930]  [<ffffffff81a81b50>] alloc_disk_node+0x50/0x3c0
[   23.484938]  [<ffffffff81a81edb>] alloc_disk+0x1b/0x20
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.490347]  [<ffffffff81d436d0>] loop_add+0x380/0x830
[   23.495748]  [<ffffffff81d440a8>] loop_control_ioctl+0x138/0x2f0
[   23.502019]  [<ffffffff814d23f7>] do_vfs_ioctl+0x6e7/0xfa0
[   23.507766]  [<ffffffff814d2d3f>] SyS_ioctl+0x8f/0xc0
[   23.513079]  [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   23.519783] 
[   23.521403] Freed by task 2193:
[   23.524664]  [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50
[   23.530586]  [<ffffffff81484820>] kasan_slab_free+0xb0/0x190
[   23.536510]  [<ffffffff81481c44>] kfree+0xf4/0x310
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.541576]  [<ffffffff81a80375>] disk_release+0x255/0x330
[   23.547327]  [<ffffffff81cf785d>] device_release+0x7d/0x220
[   23.553161]  [<ffffffff81ab309c>] kobject_put+0x14c/0x260
[   23.558823]  [<ffffffff81a7e013>] put_disk+0x23/0x30
[   23.564056]  [<ffffffff8154ef2c>] __blkdev_get+0x66c/0xdf0
[   23.569825]  [<ffffffff81551938>] blkdev_get+0x2e8/0x920
[   23.575397]  [<ffffffff8155219a>] blkdev_open+0x1aa/0x250
[   23.581066]  [<ffffffff8149154f>] do_dentry_open+0x38f/0xbd0
[   23.587029]  [<ffffffff81494d3b>] vfs_open+0x10b/0x210
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.592433]  [<ffffffff814c5ddf>] path_openat+0x136f/0x4470
[   23.598264]  [<ffffffff814ccab1>] do_filp_open+0x1a1/0x270
[   23.604012]  [<ffffffff81495668>] do_sys_open+0x2f8/0x600
[   23.609670]  [<ffffffff8149599d>] SyS_open+0x2d/0x40
[   23.614901]  [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   23.621599] 
[   23.623219] The buggy address belongs to the object at ffff8801cee2ee80
[   23.623219]  which belongs to the cache kmalloc-2048 of size 2048
[   23.636042] The buggy address is located 1384 bytes inside of
executing program
executing program
executing program
executing program
[   23.636042]  2048-byte region [ffff8801cee2ee80, ffff8801cee2f680)
[   23.648170] The buggy address belongs to the page:
[   23.653390] kasan: CONFIG_KASAN_INLINE enabled
[   23.657839] kasan: GPF could be caused by NULL-ptr deref or user memory access[   23.665431] ------------[ cut here ]------------
[   23.670192] WARNING: CPU: 1 PID: 2071 at kernel/sched/core.c:7941 __might_sleep+0x138/0x1a0()
[   23.678859] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff810de6f5>] do_wait+0x265/0xa00
[   23.689167] Kernel panic - not syncing: panic_on_warn set ...
[   23.689167] 
[   24.822849] Shutting down cpus with NMI
[   24.827217] Kernel Offset: disabled
[   24.830821] Rebooting in 86400 seconds..