INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. 2018/12/26 11:06:04 parsed 1 programs 2018/12/26 11:06:05 executed programs: 0 2018/12/26 11:06:11 executed programs: 7 2018/12/26 11:06:16 executed programs: 189 2018/12/26 11:06:21 executed programs: 374 [ 203.479911] ================================================================== [ 203.487320] BUG: KASAN: use-after-free in disk_unblock_events+0x51/0x60 [ 203.494063] Read of size 8 at addr ffff8800b9ce2768 by task syz-executor0/2160 [ 203.501417] [ 203.503036] CPU: 0 PID: 2160 Comm: syz-executor0 Not tainted 4.4.169+ #7 [ 203.509860] 0000000000000000 7302ef7ca8839fd7 ffff8800b58076d0 ffffffff81aa635d [ 203.517886] ffffea0002e73800 ffff8800b9ce2768 0000000000000000 ffff8800b9ce2768 [ 203.525931] 0000000000000000 ffff8800b5807708 ffffffff8148b15b ffff8800b9ce2768 [ 203.534091] Call Trace: [ 203.536679] [] dump_stack+0xc1/0x124 [ 203.542035] [] print_address_description+0x6c/0x217 [ 203.548693] [] kasan_report.cold.6+0x175/0x2f7 [ 203.554915] [] ? disk_unblock_events+0x51/0x60 [ 203.561149] [] __asan_report_load8_noabort+0x14/0x20 [ 203.567892] [] disk_unblock_events+0x51/0x60 [ 203.573942] [] __blkdev_get+0x70c/0xdf0 [ 203.579560] [] ? trace_hardirqs_on+0x10/0x10 [ 203.585611] [] ? __blkdev_put+0x840/0x840 [ 203.591416] [] ? avc_has_perm_noaudit+0x197/0x2f0 [ 203.598143] [] ? avc_has_perm_noaudit+0x90/0x2f0 [ 203.604542] [] ? fsnotify+0x866/0x10c0 [ 203.610069] [] blkdev_get+0x2da/0x920 [ 203.615516] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 203.622260] [] ? bd_may_claim+0xd0/0xd0 [ 203.627871] [] ? bd_acquire+0x29/0x370 [ 203.633687] [] ? bd_acquire+0x8a/0x370 [ 203.639218] [] ? _raw_spin_unlock+0x2c/0x50 [ 203.645278] [] blkdev_open+0x1a5/0x250 [ 203.650811] [] do_dentry_open+0x38d/0xbd0 [ 203.656596] [] ? __inode_permission2+0x9b/0x240 [ 203.662904] [] ? blkdev_get_by_dev+0x70/0x70 [ 203.668957] [] vfs_open+0x12a/0x210 [ 203.674228] [] ? may_open.isra.19+0x156/0x240 [ 203.680361] [] path_openat+0xc10/0x3f10 [ 203.685978] [] ? may_open.isra.19+0x240/0x240 [ 203.692118] [] ? getname+0x19/0x20 [ 203.697295] [] ? do_sys_open+0x203/0x610 [ 203.702996] [] ? SyS_open+0x2d/0x40 [ 203.708263] [] ? entry_SYSCALL_64_fastpath+0x1e/0x9a [ 203.715017] [] ? trace_hardirqs_on+0x10/0x10 [ 203.721068] [] do_filp_open+0x197/0x270 [ 203.726682] [] ? user_path_mountpoint_at+0x70/0x70 [ 203.733248] [] ? __alloc_fd+0x36/0x4a0 [ 203.738773] [] ? _raw_spin_unlock+0x2c/0x50 [ 203.744733] [] ? __alloc_fd+0x1f3/0x4a0 [ 203.750351] [] do_sys_open+0x31c/0x610 [ 203.755882] [] ? mntput+0x66/0x90 [ 203.760973] [] ? filp_open+0x70/0x70 [ 203.766323] [] ? SyS_mkdirat+0x15e/0x240 [ 203.772018] [] ? SyS_mknod+0x40/0x40 [ 203.777378] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 203.784210] [] SyS_open+0x2d/0x40 [ 203.789308] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 203.795868] [ 203.797499] Allocated by task 5334: [ 203.801114] [] save_stack_trace+0x26/0x50 [ 203.807034] [] kasan_kmalloc.part.1+0x62/0xf0 [ 203.813301] [] kasan_kmalloc+0xaf/0xc0 [ 203.818954] [] kmem_cache_alloc_trace+0x117/0x2d0 [ 203.825566] [] alloc_disk_node+0x54/0x3a0 [ 203.831495] [] alloc_disk+0x18/0x20 [ 203.836890] [] loop_add+0x36b/0x7c0 [ 203.842307] [] loop_probe+0x14f/0x180 [ 203.847878] [] kobj_lookup+0x223/0x410 [ 203.853557] [] get_gendisk+0x39/0x2d0 [ 203.859150] [] blkdev_get+0xf6/0x920 [ 203.864637] [] blkdev_open+0x1a5/0x250 [ 203.870298] [] do_dentry_open+0x38d/0xbd0 [ 203.876215] [] vfs_open+0x12a/0x210 [ 203.881611] [] path_openat+0xc10/0x3f10 [ 203.887363] [] do_filp_open+0x197/0x270 [ 203.893111] [] do_sys_open+0x31c/0x610 [ 203.898765] [] SyS_open+0x2d/0x40 [ 203.903978] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 203.910675] [ 203.912288] Freed by task 2160: [ 203.915552] [] save_stack_trace+0x26/0x50 [ 203.921478] [] kasan_slab_free+0xac/0x190 [ 203.927412] [] kfree+0xf4/0x310 [ 203.932568] [] disk_release+0x259/0x330 [ 203.938321] [] device_release+0x7e/0x220 [ 203.944160] [] kobject_put+0x144/0x260 [ 203.949821] [] put_disk+0x23/0x30 [ 203.955049] [] __blkdev_get+0x66c/0xdf0 [ 203.960791] [] blkdev_get+0x2da/0x920 [ 203.966366] [] blkdev_open+0x1a5/0x250 [ 203.972025] [] do_dentry_open+0x38d/0xbd0 [ 203.977940] [] vfs_open+0x12a/0x210 [ 203.983335] [] path_openat+0xc10/0x3f10 [ 203.989093] [] do_filp_open+0x197/0x270 [ 203.994835] [] do_sys_open+0x31c/0x610 [ 204.000504] [] SyS_open+0x2d/0x40 [ 204.005728] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 204.012429] [ 204.014045] The buggy address belongs to the object at ffff8800b9ce2200 [ 204.014045] which belongs to the cache kmalloc-2048 of size 2048 [ 204.026869] The buggy address is located 1384 bytes inside of [ 204.026869] 2048-byte region [ffff8800b9ce2200, ffff8800b9ce2a00) [ 204.038900] The buggy address belongs to the page: [ 204.045968] ------------[ cut here ]------------ [ 204.050744] WARNING: CPU: 1 PID: -2104946528 at lib/debugobjects.c:263 debug_print_object+0x181/0x210() [ 204.060261] ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: 0xffff8800b9ce2200 [ 204.070136] Kernel panic - not syncing: panic_on_warn set ... [ 204.070136] [ 204.077508] CPU: 1 PID: -2104946528 Comm: Not tainted 4.4.169+ #7 [ 204.083818] 0000000000000000 2a89d8b1939ea06f ffff8801db707a98 ffffffff81aa635d [ 204.091916] ffffffff828353a0 ffff8800b4770000 ffffffff8292a580 0000000000000009 [ 204.100003] 0000000000000107 ffff8801db707b58 ffffffff813a22b4 0000000041b58ab3 [ 204.108190] Call Trace: [ 204.110761] [] dump_stack+0xc1/0x124 [ 204.116893] [] panic+0x19e/0x359 [ 204.121910] [] ? add_taint.cold.4+0x16/0x16 [ 204.127921] [] ? warn_slowpath_common.cold.6+0x5/0x20 [ 204.134755] [] warn_slowpath_common.cold.6+0x20/0x20 [ 204.141522] [] ? debug_print_object+0x181/0x210 [ 204.147846] [] ? ktime_add_safe+0x150/0x150 [ 204.153898] [] warn_slowpath_fmt+0xbf/0x100 [ 204.159868] [] ? warn_slowpath_common+0x120/0x120 [ 204.166378] [] debug_print_object+0x181/0x210 [ 204.172518] [] debug_object_deactivate+0x208/0x340 [ 204.179102] [] ? debug_object_activate+0x480/0x480 [ 204.185677] [] __hrtimer_run_queues+0x215/0xfc0 [ 204.192012] [] ? hrtimer_fixup_init+0x70/0x70 [ 204.198158] [] ? kvm_clock_read+0x23/0x40 [ 204.203954] [] ? kvm_clock_get_cycles+0x9/0x10 [ 204.210180] [] ? hrtimer_interrupt+0x12d/0x430 [ 204.216406] [] hrtimer_interrupt+0x1b1/0x430 [ 204.222456] [] local_apic_timer_interrupt+0x74/0xa0 [ 204.229119] [] smp_apic_timer_interrupt+0x7c/0xb0 [ 204.235602] [] apic_timer_interrupt+0x9d/0xb0 [ 204.241735] [ 205.408357] Shutting down cpus with NMI [ 205.413625] Kernel Offset: disabled [ 205.417235] Rebooting in 86400 seconds..