Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 529.065754] md: md1 stopped. [ 529.074614] md: md1 stopped. executing program executing program executing program [ 529.203056] md: md1 stopped. [ 529.250135] md: md1 stopped. [ 529.250640] ================================================================== [ 529.261045] BUG: KASAN: use-after-free in disk_unblock_events+0x4b/0x50 [ 529.264883] md: md1 stopped. [ 529.267828] Read of size 8 at addr ffff8880b38d4888 by task syz-executor561/8085 [ 529.267832] [ 529.267841] CPU: 1 PID: 8085 Comm: syz-executor561 Not tainted 4.14.217-syzkaller #0 [ 529.267845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 executing program [ 529.267849] Call Trace: [ 529.267871] dump_stack+0x1b2/0x281 [ 529.267886] print_address_description.cold+0x54/0x1d3 [ 529.267897] kasan_report_error.cold+0x8a/0x191 [ 529.267908] ? disk_unblock_events+0x4b/0x50 [ 529.267917] __asan_report_load8_noabort+0x68/0x70 [ 529.267927] ? md_do_sync+0x17a0/0x17b0 [ 529.267933] ? disk_unblock_events+0x4b/0x50 [ 529.267938] ? md_do_sync+0x17b0/0x17b0 [ 529.267944] disk_unblock_events+0x4b/0x50 [ 529.267954] __blkdev_get+0x83b/0x1090 [ 529.267964] ? blkdev_get_block+0x70/0x70 [ 529.267972] ? sb_min_blocksize+0x1d0/0x1d0 [ 529.267984] blkdev_get+0x88/0x890 [ 529.267995] ? __blkdev_get+0x1090/0x1090 [ 529.268006] ? lock_downgrade+0x740/0x740 [ 529.268017] ? do_raw_spin_unlock+0x164/0x220 [ 529.268029] ? _raw_spin_unlock+0x29/0x40 [ 529.268038] blkdev_open+0x1cc/0x250 [ 529.268049] ? security_file_open+0x82/0x190 [ 529.268068] do_dentry_open+0x44b/0xec0 [ 529.268077] ? blkdev_get_by_dev+0x70/0x70 [ 529.268106] ? __inode_permission+0xcd/0x2f0 [ 529.268115] vfs_open+0x105/0x220 [ 529.268126] path_openat+0x628/0x2970 [ 529.280230] md: md1 stopped. [ 529.280797] ? path_lookupat+0x780/0x780 [ 529.314203] md: md1 stopped. [ 529.315251] ? trace_hardirqs_on+0x10/0x10 [ 529.315271] do_filp_open+0x179/0x3c0 [ 529.315282] ? may_open_dev+0xe0/0xe0 [ 529.395566] md: md1 stopped. [ 529.397459] ? lock_downgrade+0x740/0x740 [ 529.397474] ? do_raw_spin_unlock+0x164/0x220 [ 529.397494] ? _raw_spin_unlock+0x29/0x40 [ 529.444673] ? __alloc_fd+0x1be/0x490 [ 529.448719] do_sys_open+0x296/0x410 [ 529.452620] ? filp_open+0x60/0x60 [ 529.456723] ? _raw_spin_unlock_irq+0x5a/0x80 [ 529.461408] ? do_syscall_64+0x4c/0x640 [ 529.465860] ? SyS_open+0x30/0x30 [ 529.469448] do_syscall_64+0x1d5/0x640 [ 529.473394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 529.478944] RIP: 0033:0x447369 [ 529.482144] RSP: 002b:00007f1fb6e9fd98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 529.490106] RAX: ffffffffffffffda RBX: 00000000006dec58 RCX: 0000000000447369 [ 529.497899] RDX: 0000000000000000 RSI: 00000000200020c0 RDI: 00000000ffffff9c [ 529.505547] RBP: 00000000006dec50 R08: 00007f1fb6ea0700 R09: 0000000000000000 [ 529.513606] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec5c [ 529.521640] R13: 0000000020000000 R14: 00000000004af9e0 R15: 0000000000000001 [ 529.528919] [ 529.530546] Allocated by task 8077: [ 529.534282] kasan_kmalloc+0xeb/0x160 [ 529.538098] kmem_cache_alloc_node_trace+0x153/0x400 [ 529.543236] alloc_disk_node+0x5d/0x3d0 [ 529.547482] md_alloc+0x22a/0x890 [ 529.551495] md_probe+0x28/0x40 [ 529.554835] kobj_lookup+0x21f/0x400 [ 529.558746] get_gendisk+0x36/0x230 [ 529.562600] __blkdev_get+0x3e5/0x1090 [ 529.566712] blkdev_get+0x88/0x890 [ 529.570635] blkdev_open+0x1cc/0x250 [ 529.574513] do_dentry_open+0x44b/0xec0 [ 529.579056] vfs_open+0x105/0x220 [ 529.582531] path_openat+0x628/0x2970 [ 529.586383] do_filp_open+0x179/0x3c0 [ 529.590486] do_sys_open+0x296/0x410 [ 529.594373] do_syscall_64+0x1d5/0x640 [ 529.598793] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 529.605021] [ 529.607160] Freed by task 8085: [ 529.610824] kasan_slab_free+0xc3/0x1a0 [ 529.615282] kfree+0xc9/0x250 [ 529.618559] device_release+0xf0/0x1a0 [ 529.623000] kobject_put+0x251/0x550 [ 529.626835] put_disk+0x1f/0x30 [ 529.631086] __blkdev_get+0x7a6/0x1090 [ 529.635826] blkdev_get+0x88/0x890 [ 529.639568] blkdev_open+0x1cc/0x250 [ 529.644350] do_dentry_open+0x44b/0xec0 [ 529.651102] vfs_open+0x105/0x220 [ 529.655379] path_openat+0x628/0x2970 [ 529.659845] do_filp_open+0x179/0x3c0 [ 529.663993] do_sys_open+0x296/0x410 [ 529.668782] do_syscall_64+0x1d5/0x640 [ 529.673718] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 529.679741] [ 529.681615] The buggy address belongs to the object at ffff8880b38d4300 [ 529.681615] which belongs to the cache kmalloc-2048 of size 2048 [ 529.694982] The buggy address is located 1416 bytes inside of [ 529.694982] 2048-byte region [ffff8880b38d4300, ffff8880b38d4b00) [ 529.708040] The buggy address belongs to the page: [ 529.713102] page:ffffea0002ce3500 count:1 mapcount:0 mapping:ffff8880b38d4300 index:0x0 compound_mapcount: 0 [ 529.725096] flags: 0xfff00000008100(slab|head) [ 529.729886] raw: 00fff00000008100 ffff8880b38d4300 0000000000000000 0000000100000003 [ 529.738757] raw: ffffea0002bf19a0 ffffea0002d069a0 ffff88813fe80c40 0000000000000000 [ 529.747423] page dumped because: kasan: bad access detected [ 529.755153] [ 529.756881] Memory state around the buggy address: [ 529.761842] ffff8880b38d4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.769378] ffff8880b38d4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.776979] >ffff8880b38d4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.784491] ^ [ 529.788528] ffff8880b38d4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.796204] ffff8880b38d4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.804013] ================================================================== [ 529.811683] Disabling lock debugging due to kernel taint [ 529.818441] Kernel panic - not syncing: panic_on_warn set ... [ 529.818441] [ 529.825894] CPU: 1 PID: 8085 Comm: syz-executor561 Tainted: G B 4.14.217-syzkaller #0 [ 529.835235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.844941] Call Trace: [ 529.847557] dump_stack+0x1b2/0x281 [ 529.851372] panic+0x1f9/0x42d [ 529.854878] ? add_taint.cold+0x16/0x16 [ 529.858983] ? ___preempt_schedule+0x16/0x18 [ 529.864510] kasan_end_report+0x43/0x49 [ 529.869095] kasan_report_error.cold+0xa7/0x191 [ 529.874301] ? disk_unblock_events+0x4b/0x50 [ 529.878959] __asan_report_load8_noabort+0x68/0x70 [ 529.883924] ? md_do_sync+0x17a0/0x17b0 [ 529.888184] ? disk_unblock_events+0x4b/0x50 [ 529.893202] ? md_do_sync+0x17b0/0x17b0 [ 529.897693] disk_unblock_events+0x4b/0x50 [ 529.902229] __blkdev_get+0x83b/0x1090 [ 529.906292] ? blkdev_get_block+0x70/0x70 [ 529.910495] ? sb_min_blocksize+0x1d0/0x1d0 [ 529.915122] blkdev_get+0x88/0x890 [ 529.918816] ? __blkdev_get+0x1090/0x1090 [ 529.923266] ? lock_downgrade+0x740/0x740 [ 529.927475] ? do_raw_spin_unlock+0x164/0x220 [ 529.932319] ? _raw_spin_unlock+0x29/0x40 [ 529.936500] blkdev_open+0x1cc/0x250 [ 529.940324] ? security_file_open+0x82/0x190 [ 529.946908] do_dentry_open+0x44b/0xec0 [ 529.951014] ? blkdev_get_by_dev+0x70/0x70 [ 529.955276] ? __inode_permission+0xcd/0x2f0 [ 529.960121] vfs_open+0x105/0x220 [ 529.963971] path_openat+0x628/0x2970 [ 529.968434] ? path_lookupat+0x780/0x780 [ 529.972945] ? trace_hardirqs_on+0x10/0x10 [ 529.977233] do_filp_open+0x179/0x3c0 [ 529.981348] ? may_open_dev+0xe0/0xe0 [ 529.985570] ? lock_downgrade+0x740/0x740 [ 529.990759] ? do_raw_spin_unlock+0x164/0x220 [ 529.995600] ? _raw_spin_unlock+0x29/0x40 [ 529.999985] ? __alloc_fd+0x1be/0x490 [ 530.004003] do_sys_open+0x296/0x410 [ 530.007902] ? filp_open+0x60/0x60 [ 530.011724] ? _raw_spin_unlock_irq+0x5a/0x80 [ 530.016628] ? do_syscall_64+0x4c/0x640 [ 530.021340] ? SyS_open+0x30/0x30 [ 530.025208] do_syscall_64+0x1d5/0x640 [ 530.029559] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 530.035282] RIP: 0033:0x447369 [ 530.039355] RSP: 002b:00007f1fb6e9fd98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 530.049394] RAX: ffffffffffffffda RBX: 00000000006dec58 RCX: 0000000000447369 [ 530.056685] RDX: 0000000000000000 RSI: 00000000200020c0 RDI: 00000000ffffff9c [ 530.063991] RBP: 00000000006dec50 R08: 00007f1fb6ea0700 R09: 0000000000000000 [ 530.072158] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec5c [ 530.079991] R13: 0000000020000000 R14: 00000000004af9e0 R15: 0000000000000001 [ 530.088226] Kernel Offset: disabled [ 530.092073] Rebooting in 86400 seconds..