Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 55.857529] ================================================================== [ 55.858981] BUG: KASAN: use-after-free in disk_unblock_events+0x55/0x60 [ 55.860100] Read of size 8 at addr ffff8801cc4540e0 by task syz-executor291/2164 [ 55.861393] [ 55.861660] CPU: 0 PID: 2164 Comm: syz-executor291 Not tainted 4.9.168+ #39 [ 55.862918] ffff8801ce107730 ffffffff81b4f5d1 0000000000000000 ffffea0007311400 [ 55.864413] ffff8801cc4540e0 0000000000000008 ffffffff81b21b35 ffff8801ce107768 [ 55.865870] ffffffff81506898 0000000000000000 ffff8801cc4540e0 ffff8801cc4540e0 [ 55.867369] Call Trace: [ 55.867857] [<000000006dc8c4a2>] dump_stack+0xc1/0x120 [ 55.868799] [<000000003a61945f>] ? disk_unblock_events+0x55/0x60 [ 55.869913] [<000000003c457958>] print_address_description+0x6f/0x23a [ 55.871119] [<000000003a61945f>] ? disk_unblock_events+0x55/0x60 [ 55.872297] [<00000000d9f3850b>] kasan_report.cold+0x8c/0x2ba [ 55.873373] [<000000006e90d85a>] __asan_report_load8_noabort+0x14/0x20 [ 55.874476] [<000000003a61945f>] disk_unblock_events+0x55/0x60 [ 55.875532] [<0000000040085563>] __blkdev_get+0x6ba/0xeb0 [ 55.876598] [<00000000c4c45bee>] ? __blkdev_put+0x840/0x840 [ 55.877950] [<000000004d3c7164>] blkdev_get+0x2e8/0x920 [ 55.883383] [<00000000c20e67a9>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 55.890118] [<00000000572ca78c>] ? bd_may_claim+0xd0/0xd0 [ 55.895733] [<00000000696be6c3>] ? bd_acquire+0x26/0x250 [ 55.901252] [<0000000071941b65>] ? bd_acquire+0x88/0x250 [ 55.906784] [<00000000d4b9f2fa>] ? _raw_spin_unlock+0x2d/0x50 [ 55.912753] [<00000000339bbf96>] blkdev_open+0x1aa/0x250 [ 55.918287] [<00000000a3f816e7>] do_dentry_open+0x422/0xd20 [ 55.924077] [<000000009b761eb4>] ? blkdev_get_by_dev+0x80/0x80 [ 55.930186] [<000000005253ff23>] vfs_open+0x105/0x230 [ 55.935459] [<00000000997d2a27>] ? may_open.isra.0+0x139/0x290 [ 55.941511] [<000000005b95cf81>] path_openat+0xbf5/0x2f60 [ 55.947130] [<00000000ddc217b8>] ? path_mountpoint+0x6d0/0x6d0 [ 55.953180] [<00000000513a3326>] do_filp_open+0x1a1/0x280 [ 55.958797] [<000000000113c4da>] ? may_open_dev+0xe0/0xe0 [ 55.964420] [<00000000e8c31f0d>] ? __alloc_fd+0x1d4/0x490 [ 55.970042] [<00000000d4b9f2fa>] ? _raw_spin_unlock+0x2d/0x50 [ 55.976003] [<00000000e8c31f0d>] ? __alloc_fd+0x1d4/0x490 [ 55.981617] [<00000000017a994a>] do_sys_open+0x2f0/0x610 [ 55.987134] [<00000000e9bb32df>] ? filp_open+0x70/0x70 [ 55.992488] [<00000000fe3f9255>] ? __do_page_fault+0x545/0xa60 [ 55.998543] [<00000000719e23f6>] SyS_open+0x2d/0x40 [ 56.003632] [<000000000a95ceb1>] ? do_sys_open+0x610/0x610 [ 56.009326] [<00000000e3e65051>] do_syscall_64+0x1ad/0x570 [ 56.015031] [<000000004b1db9aa>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 56.021943] [ 56.023562] Allocated by task 2169: [ 56.027186] save_stack_trace+0x16/0x20 [ 56.031150] kasan_kmalloc.part.0+0x62/0xf0 [ 56.035461] kasan_kmalloc+0xb7/0xd0 [ 56.039163] kmem_cache_alloc_trace+0x115/0x2d0 [ 56.043828] alloc_disk_node+0x50/0x3c0 [ 56.047790] alloc_disk+0x1b/0x20 [ 56.051232] loop_add+0x37e/0x7b0 [ 56.054683] loop_probe+0x154/0x180 [ 56.058304] kobj_lookup+0x221/0x410 [ 56.062012] get_gendisk+0x3c/0x2d0 [ 56.065629] __blkdev_get+0x356/0xeb0 [ 56.069421] blkdev_get+0x2e8/0x920 [ 56.073038] blkdev_open+0x1aa/0x250 [ 56.076744] do_dentry_open+0x422/0xd20 [ 56.080708] vfs_open+0x105/0x230 [ 56.084154] path_openat+0xbf5/0x2f60 [ 56.087941] do_filp_open+0x1a1/0x280 [ 56.091744] do_sys_open+0x2f0/0x610 [ 56.095451] SyS_open+0x2d/0x40 [ 56.098721] do_syscall_64+0x1ad/0x570 [ 56.102602] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 56.107690] [ 56.109298] Freed by task 2164: [ 56.112568] save_stack_trace+0x16/0x20 [ 56.116531] kasan_slab_free+0xb0/0x190 [ 56.120499] kfree+0xfc/0x310 [ 56.123597] disk_release+0x255/0x330 [ 56.127387] device_release+0x7d/0x220 [ 56.131268] kobject_put+0x150/0x260 [ 56.134975] put_disk+0x23/0x30 [ 56.138248] __blkdev_get+0x61a/0xeb0 [ 56.142037] blkdev_get+0x2e8/0x920 [ 56.145645] blkdev_open+0x1aa/0x250 [ 56.149359] do_dentry_open+0x422/0xd20 [ 56.153318] vfs_open+0x105/0x230 [ 56.156760] path_openat+0xbf5/0x2f60 [ 56.160548] do_filp_open+0x1a1/0x280 [ 56.164335] do_sys_open+0x2f0/0x610 [ 56.168031] SyS_open+0x2d/0x40 [ 56.171301] do_syscall_64+0x1ad/0x570 [ 56.175182] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 56.180277] [ 56.181891] The buggy address belongs to the object at ffff8801cc453b80 [ 56.181891] which belongs to the cache kmalloc-2048 of size 2048 [ 56.194708] The buggy address is located 1376 bytes inside of [ 56.194708] 2048-byte region [ffff8801cc453b80, ffff8801cc454380) [ 56.206735] The buggy address belongs to the page: [ 56.211655] page:ffffea0007311400 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 56.221873] flags: 0x4000000000010200(slab|head) [ 56.226613] page dumped because: kasan: bad access detected [ 56.232306] [ 56.233921] Memory state around the buggy address: [ 56.238833] ffff8801cc453f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.246171] ffff8801cc454000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.253514] >ffff8801cc454080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.260878] ^ [ 56.267376] ffff8801cc454100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.274736] ffff8801cc454180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.282085] ================================================================== [ 56.289431] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program [ 56.304568] Kernel panic - not syncing: panic_on_warn set ... [ 56.304568] [ 56.311962] CPU: 0 PID: 2164 Comm: syz-executor291 Tainted: G B 4.9.168+ #39 [ 56.320267] ffff8801ce107670 ffffffff81b4f5d1 ffff8801ce107700 ffffffff82e3cb7f [ 56.328325] 00000000ffffffff 0000000000000000 ffffffff81b21b35 ffff8801ce107750 [ 56.336388] ffffffff813f945a 0000000041b58ab3 ffffffff82e2ec5a ffffffff813f9281 [ 56.344440] Call Trace: [ 56.347024] [<000000006dc8c4a2>] dump_stack+0xc1/0x120 [ 56.352388] [<000000003a61945f>] ? disk_unblock_events+0x55/0x60 executing program executing program executing program executing program executing program executing program [ 56.358616] [<00000000fec68b8a>] panic+0x1d9/0x3bd [ 56.363631] [<0000000062e8b3e4>] ? add_taint.cold+0x16/0x16 [ 56.369435] [<00000000f336bfd1>] ? preempt_schedule_common+0x4f/0xe0 [ 56.376012] [<000000003a61945f>] ? disk_unblock_events+0x55/0x60 [ 56.382243] [<000000001e75ebd0>] ? preempt_schedule+0x26/0x30 [ 56.388215] [<000000004c3aeaeb>] ? ___preempt_schedule+0x16/0x18 [ 56.394450] [<0000000028b94178>] kasan_end_report+0x47/0x4f [ 56.400251] [<00000000a5ff30b7>] kasan_report.cold+0xa9/0x2ba executing program executing program executing program executing program executing program executing program executing program executing program [ 56.406229] [<000000006e90d85a>] __asan_report_load8_noabort+0x14/0x20 [ 56.412980] [<000000003a61945f>] disk_unblock_events+0x55/0x60 [ 56.419039] [<0000000040085563>] __blkdev_get+0x6ba/0xeb0 [ 56.424669] [<00000000c4c45bee>] ? __blkdev_put+0x840/0x840 [ 56.430467] [<000000004d3c7164>] blkdev_get+0x2e8/0x920 [ 56.435914] [<00000000c20e67a9>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 56.442674] [<00000000572ca78c>] ? bd_may_claim+0xd0/0xd0 [ 56.448292] [<00000000696be6c3>] ? bd_acquire+0x26/0x250 [ 56.453827] [<0000000071941b65>] ? bd_acquire+0x88/0x250 executing program executing program executing program executing program executing program executing program executing program executing program [ 56.459364] [<00000000d4b9f2fa>] ? _raw_spin_unlock+0x2d/0x50 [ 56.465328] [<00000000339bbf96>] blkdev_open+0x1aa/0x250 [ 56.470863] [<00000000a3f816e7>] do_dentry_open+0x422/0xd20 [ 56.476667] [<000000009b761eb4>] ? blkdev_get_by_dev+0x80/0x80 [ 56.482717] [<000000005253ff23>] vfs_open+0x105/0x230 [ 56.487991] [<00000000997d2a27>] ? may_open.isra.0+0x139/0x290 [ 56.494041] [<000000005b95cf81>] path_openat+0xbf5/0x2f60 [ 56.499671] [<00000000ddc217b8>] ? path_mountpoint+0x6d0/0x6d0 executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.505724] [<00000000513a3326>] do_filp_open+0x1a1/0x280 [ 56.511358] [<000000000113c4da>] ? may_open_dev+0xe0/0xe0 [ 56.516981] [<00000000e8c31f0d>] ? __alloc_fd+0x1d4/0x490 [ 56.522601] [<00000000d4b9f2fa>] ? _raw_spin_unlock+0x2d/0x50 [ 56.528562] [<00000000e8c31f0d>] ? __alloc_fd+0x1d4/0x490 [ 56.534186] [<00000000017a994a>] do_sys_open+0x2f0/0x610 [ 56.539726] [<00000000e9bb32df>] ? filp_open+0x70/0x70 [ 56.545089] [<00000000fe3f9255>] ? __do_page_fault+0x545/0xa60 [ 56.551141] [<00000000719e23f6>] SyS_open+0x2d/0x40 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 56.556243] [<000000000a95ceb1>] ? do_sys_open+0x610/0x610 [ 56.561962] [<00000000e3e65051>] do_syscall_64+0x1ad/0x570 [ 56.567680] [<000000004b1db9aa>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 56.575055] Kernel Offset: disabled [ 56.578668] Rebooting in 86400 seconds..