| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1438224799.6405.12.camel@intel.com>
Date: Thu, 30 Jul 2015 10:53:19 +0800
From: Huang Ying <ying.huang@...el.com>
To: Christoph Hellwig <hch@....de>
Cc: Jens Axboe <axboe@...com>, LKML <linux-kernel@...r.kernel.org>,
LKP ML <lkp@...org>
Subject: [lkp] [block] bcf2843b3f8: BUG: KASan: use after free in
dio_bio_complete+0x15a/0x190 at addr ffff88001114e6f8
FYI, we noticed the below changes on
git://git.kernel.dk/linux-block.git for-4.3/bio-error
commit bcf2843b3f8feae8f87c8028e1625540c1abdd5a ("block: add a bi_error field to struct bio")
[ 38.880091] ==================================================================
[ 38.880778] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e6f8
[ 38.881012] Read of size 4 by task mdadm/245
[ 38.881012] =============================================================================
[ 38.881012] BUG kmalloc-192 (Not tainted): kasan: bad access detected
[ 38.881012] -----------------------------------------------------------------------------
[ 38.881012]
[ 38.881012] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 38.881012] INFO: Object 0xffff88001114e6c0 @offset=1728 fp=0xffff88001114e240
[ 38.881012]
[ 38.881012] Bytes b4 ffff88001114e6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 38.881012] Object ffff88001114e6c0: 40 e2 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff @.........B.....
[ 38.881012] Object ffff88001114e6d0: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 38.881012] Object ffff88001114e6e0: 88 ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 38.881012] Object ffff88001114e6f0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 38.881012] Object ffff88001114e700: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 38.881012] Object ffff88001114e710: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 38.881012] Object ffff88001114e720: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 38.881012] Object ffff88001114e730: 40 e7 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff @.......@.......
[ 38.881012] Object ffff88001114e740: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a..............
[ 38.881012] Object ffff88001114e750: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 38.881012] Object ffff88001114e760: e0 23 15 81 ff ff ff ff 6d 13 00 00 b6 1a 00 00 .#......m.......
[ 38.881012] Object ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i...............
[ 38.881012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 38.881012] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 38.881012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 38.881012] ffffea0000445380 ffff88001114e6c0 ffff880000090800 ffff88000efef868
[ 38.881012] Call Trace:
[ 38.881012] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 38.881012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 38.881012] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 38.881012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 38.881012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 38.881012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 38.881012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 38.881012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 38.881012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 38.881012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 38.881012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 38.881012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 38.881012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 38.881012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 38.881012] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 38.881012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 38.881012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 38.881012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 38.881012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 38.881012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 38.881012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 38.881012] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 38.881012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 38.881012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 38.881012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 38.881012] Memory state around the buggy address:
[ 38.881012] ffff88001114e580: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 38.881012] ffff88001114e600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.881012] >ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.881012] ^
[ 38.881012] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.881012] ffff88001114e780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 38.881012] ==================================================================
[ 39.071363] ==================================================================
[ 39.072015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e938
[ 39.072015] Read of size 4 by task mdadm/245
[ 39.072015] =============================================================================
[ 39.072015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.072015] -----------------------------------------------------------------------------
[ 39.072015]
[ 39.072015] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.072015] INFO: Object 0xffff88001114e900 @offset=2304 fp=0xffff88001114e180
[ 39.072015]
[ 39.072015] Bytes b4 ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.072015] Object ffff88001114e900: 80 e1 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.072015] Object ffff88001114e910: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.072015] Object ffff88001114e920: f8 ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.072015] Object ffff88001114e930: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.072015] Object ffff88001114e940: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.072015] Object ffff88001114e950: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.072015] Object ffff88001114e960: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.072015] Object ffff88001114e970: 80 e9 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.072015] Object ffff88001114e980: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 39.072015] Object ffff88001114e990: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 39.072015] Object ffff88001114e9a0: e0 23 15 81 ff ff ff ff 8f ba 00 00 8f ba 00 00 .#..............
[ 39.072015] Object ffff88001114e9b0: 8c 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .A..............
[ 39.072015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.072015] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.072015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.072015] ffffea0000445380 ffff88001114e900 ffff880000090800 ffff88000efef868
[ 39.072015] Call Trace:
[ 39.072015] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.072015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.072015] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.072015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.072015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.072015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.072015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.072015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.072015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.072015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.072015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.072015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.072015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.072015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.072015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.072015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.072015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.072015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.072015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.072015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.072015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.072015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.072015] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.072015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.072015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.072015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.072015] Memory state around the buggy address:
[ 39.072015] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.072015] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.072015] >ffff88001114e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.072015] ^
[ 39.072015] ffff88001114e980: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 39.072015] ffff88001114ea00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 39.072015] ==================================================================
[ 39.186345] ==================================================================
[ 39.187015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e938
[ 39.187015] Read of size 4 by task mdadm/245
[ 39.187015] =============================================================================
[ 39.187015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.187015] -----------------------------------------------------------------------------
[ 39.187015]
[ 39.187015] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.187015] INFO: Object 0xffff88001114e900 @offset=2304 fp=0xffff88001114e180
[ 39.187015]
[ 39.187015] Bytes b4 ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.187015] Object ffff88001114e900: 80 e1 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.187015] Object ffff88001114e910: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.187015] Object ffff88001114e920: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.187015] Object ffff88001114e930: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.187015] Object ffff88001114e940: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.187015] Object ffff88001114e950: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.187015] Object ffff88001114e960: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.187015] Object ffff88001114e970: 80 e9 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.187015] Object ffff88001114e980: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 39.187015] Object ffff88001114e990: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 39.187015] Object ffff88001114e9a0: e0 23 15 81 ff ff ff ff 8f ba 00 00 8f ba 00 00 .#..............
[ 39.187015] Object ffff88001114e9b0: 8c 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .A..............
[ 39.187015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.187015] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.187015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.187015] ffffea0000445380 ffff88001114e900 ffff880000090800 ffff88000efef868
[ 39.187015] Call Trace:
[ 39.187015] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.187015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.187015] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.187015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.187015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.187015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.187015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.187015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.187015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.187015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.187015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.187015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.187015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.187015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.187015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.187015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.187015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.187015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.187015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.187015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.187015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.187015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.187015] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.187015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.187015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.187015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.187015] Memory state around the buggy address:
[ 39.187015] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.187015] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.187015] >ffff88001114e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.187015] ^
[ 39.187015] ffff88001114e980: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 39.187015] ffff88001114ea00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 39.187015] ==================================================================
[ 39.314250] ==================================================================
[ 39.314970] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8
[ 39.315012] Read of size 4 by task mdadm/245
[ 39.315012] =============================================================================
[ 39.315012] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.315012] -----------------------------------------------------------------------------
[ 39.315012]
[ 39.315012] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.315012] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0
[ 39.315012]
[ 39.315012] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i...............
[ 39.315012] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.315012] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.315012] Object ffff88001114e7a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.315012] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.315012] Object ffff88001114e7c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.315012] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.315012] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.315012] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.315012] Object ffff88001114e800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 39.315012] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................
[ 39.315012] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.315012] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.315012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.315012] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.315012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.315012] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868
[ 39.315012] Call Trace:
[ 39.315012] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.315012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.315012] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.315012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.315012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.315012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.315012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.315012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.315012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.315012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.315012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.315012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.315012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.315012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.315012] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.315012] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.315012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.315012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.315012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.315012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.315012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.315012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.315012] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.315012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.315012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.315012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.315012] Memory state around the buggy address:
[ 39.315012] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.315012] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.315012] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.315012] ^
[ 39.315012] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.315012] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.315012] ==================================================================
[ 39.399228] ==================================================================
[ 39.399908] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8
[ 39.400011] Read of size 4 by task mdadm/245
[ 39.400011] =============================================================================
[ 39.400011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.400011] -----------------------------------------------------------------------------
[ 39.400011]
[ 39.400011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.400011] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0
[ 39.400011]
[ 39.400011] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i...............
[ 39.400011] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.400011] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.400011] Object ffff88001114e7a0: 00 00 04 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.400011] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.400011] Object ffff88001114e7c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 39.400011] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.400011] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 39.400011] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.400011] Object ffff88001114e800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a..............
[ 39.400011] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................
[ 39.400011] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.400011] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.400011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.400011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.400011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.400011] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868
[ 39.400011] Call Trace:
[ 39.400011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.400011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.400011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.400011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.400011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.400011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.400011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.400011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.400011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.400011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.400011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.400011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.400011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.400011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.400011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.400011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.400011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.400011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.400011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.400011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.400011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.400011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.400011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.400011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.400011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.400011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.400011] Memory state around the buggy address:
[ 39.400011] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.400011] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.400011] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.400011] ^
[ 39.400011] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.400011] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.400011] ==================================================================
[ 39.483280] ==================================================================
[ 39.483957] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8
[ 39.484010] Read of size 4 by task mdadm/245
[ 39.484010] =============================================================================
[ 39.484010] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.484010] -----------------------------------------------------------------------------
[ 39.484010]
[ 39.484010] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.484010] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0
[ 39.484010]
[ 39.484010] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i...............
[ 39.484010] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.484010] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.484010] Object ffff88001114e7a0: ff ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.484010] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.484010] Object ffff88001114e7c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 39.484010] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.484010] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 39.484010] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.484010] Object ffff88001114e800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a..............
[ 39.484010] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................
[ 39.484010] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.484010] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.484010] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.484010] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.484010] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.484010] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868
[ 39.484010] Call Trace:
[ 39.484010] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.484010] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.484010] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.484010] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.484010] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.484010] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.484010] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.484010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.484010] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.484010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.484010] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.484010] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.484010] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.484010] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.484010] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.484010] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.484010] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.484010] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.484010] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.484010] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.484010] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.484010] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.484010] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.484010] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.484010] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.484010] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.484010] Memory state around the buggy address:
[ 39.484010] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.484010] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.484010] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.484010] ^
[ 39.484010] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.484010] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.484010] ==================================================================
[ 39.575174] ==================================================================
[ 39.575873] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e878
[ 39.576011] Read of size 4 by task mdadm/245
[ 39.576011] =============================================================================
[ 39.576011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.576011] -----------------------------------------------------------------------------
[ 39.576011]
[ 39.576011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.576011] INFO: Object 0xffff88001114e840 @offset=2112 fp=0xffff88001114e300
[ 39.576011]
[ 39.576011] Bytes b4 ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.576011] Object ffff88001114e840: 00 e3 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B.....
[ 39.576011] Object ffff88001114e850: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.576011] Object ffff88001114e860: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.576011] Object ffff88001114e870: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.576011] Object ffff88001114e880: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 39.576011] Object ffff88001114e890: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.576011] Object ffff88001114e8a0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 39.576011] Object ffff88001114e8b0: c0 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.576011] Object ffff88001114e8c0: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a..............
[ 39.576011] Object ffff88001114e8d0: 80 fb 09 83 ff ff ff ff b0 c6 9d 10 00 88 ff ff ................
[ 39.576011] Object ffff88001114e8e0: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.576011] Object ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.576011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.576011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.576011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.576011] ffffea0000445380 ffff88001114e840 ffff880000090800 ffff88000efef868
[ 39.576011] Call Trace:
[ 39.576011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.576011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.576011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.576011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.576011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.576011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.576011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.576011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.576011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.576011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.576011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.576011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.576011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.576011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.576011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.576011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.576011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.576011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.576011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.576011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.576011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.576011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.576011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.576011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.576011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.576011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.576011] Memory state around the buggy address:
[ 39.576011] ffff88001114e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.576011] ffff88001114e780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.576011] >ffff88001114e800: 00 00 00 00 00 00 00 00 fb fb fb fb fb fb fb fb
[ 39.576011] ^
[ 39.576011] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.576011] ffff88001114e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.576011] ==================================================================
[ 39.686175] ==================================================================
[ 39.686857] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e038
[ 39.687011] Read of size 4 by task mdadm/245
[ 39.687011] =============================================================================
[ 39.687011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.687011] -----------------------------------------------------------------------------
[ 39.687011]
[ 39.687011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.687011] INFO: Object 0xffff88001114e000 @offset=0 fp=0xffff88001114e540
[ 39.687011]
[ 39.687011] Object ffff88001114e000: 40 e5 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff @.........B.....
[ 39.687011] Object ffff88001114e010: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.687011] Object ffff88001114e020: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.687011] Object ffff88001114e030: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.687011] Object ffff88001114e040: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 39.687011] Object ffff88001114e050: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.687011] Object ffff88001114e060: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 39.687011] Object ffff88001114e070: 80 e0 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.......
[ 39.687011] Object ffff88001114e080: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a..............
[ 39.687011] Object ffff88001114e090: 80 fb 09 83 ff ff ff ff f0 c8 9d 10 00 88 ff ff ................
[ 39.687011] Object ffff88001114e0a0: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.687011] Object ffff88001114e0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.687011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.687011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.687011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.687011] ffffea0000445380 ffff88001114e000 ffff880000090800 ffff88000efef868
[ 39.687011] Call Trace:
[ 39.687011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.687011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.687011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.687011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.687011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.687011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.687011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.687011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.687011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.687011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.687011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.687011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.687011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.687011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.687011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.687011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.687011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.687011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.687011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.687011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.687011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.687011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.687011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.687011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.687011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.687011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.687011] Memory state around the buggy address:
[ 39.687011] ffff88001114df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 39.687011] ffff88001114df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.687011] >ffff88001114e000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.687011] ^
[ 39.687011] ffff88001114e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.687011] ffff88001114e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.687011] ==================================================================
[ 39.781368] ==================================================================
[ 39.782015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed521b8
[ 39.782015] Read of size 4 by task mdadm/245
[ 39.782015] =============================================================================
[ 39.782015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.782015] -----------------------------------------------------------------------------
[ 39.782015]
[ 39.782015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.782015] INFO: Object 0xffff88000ed52180 @offset=384 fp=0xffff88000ed52240
[ 39.782015]
[ 39.782015] Bytes b4 ffff88000ed52170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.782015] Object ffff88000ed52180: 40 22 d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff @"........B.....
[ 39.782015] Object ffff88000ed52190: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.782015] Object ffff88000ed521a0: 88 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.782015] Object ffff88000ed521b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.782015] Object ffff88000ed521c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.782015] Object ffff88000ed521d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.782015] Object ffff88000ed521e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.782015] Object ffff88000ed521f0: 00 22 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ."......@.......
[ 39.782015] Object ffff88000ed52200: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a..............
[ 39.782015] Object ffff88000ed52210: 80 fb 09 83 ff ff ff ff d8 e8 14 11 00 88 ff ff ................
[ 39.782015] Object ffff88000ed52220: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.782015] Object ffff88000ed52230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.782015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.782015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.782015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.782015] ffffea00003b5480 ffff88000ed52180 ffff880000090800 ffff88000efef868
[ 39.782015] Call Trace:
[ 39.782015] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.782015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.782015] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.782015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.782015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.782015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.782015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.782015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.782015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.782015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.782015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.782015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.782015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.782015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.782015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.782015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.782015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.782015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.782015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.782015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.782015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.782015] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.782015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.782015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.782015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.782015] Memory state around the buggy address:
[ 39.782015] ffff88000ed52080: 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb fb
[ 39.782015] ffff88000ed52100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.782015] >ffff88000ed52180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.782015] ^
[ 39.782015] ffff88000ed52200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.782015] ffff88000ed52280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.782015] ==================================================================
[ 39.871266] ==================================================================
[ 39.872017] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed521b8
[ 39.872017] Read of size 4 by task mdadm/245
[ 39.872017] =============================================================================
[ 39.872017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.872017] -----------------------------------------------------------------------------
[ 39.872017]
[ 39.872017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.872017] INFO: Object 0xffff88000ed52180 @offset=384 fp=0xffff88000ed52c00
[ 39.872017]
[ 39.872017] Bytes b4 ffff88000ed52170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.872017] Object ffff88000ed52180: 00 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B.....
[ 39.872017] Object ffff88000ed52190: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.872017] Object ffff88000ed521a0: f8 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.872017] Object ffff88000ed521b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.872017] Object ffff88000ed521c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.872017] Object ffff88000ed521d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.872017] Object ffff88000ed521e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.872017] Object ffff88000ed521f0: 00 22 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ."......@.......
[ 39.872017] Object ffff88000ed52200: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 39.872017] Object ffff88000ed52210: 80 fb 09 83 ff ff ff ff 40 9a 18 0e 00 88 ff ff ........@.......
[ 39.872017] Object ffff88000ed52220: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 39.872017] Object ffff88000ed52230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.872017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.872017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.872017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.872017] ffffea00003b5480 ffff88000ed52180 ffff880000090800 ffff88000efef868
[ 39.872017] Call Trace:
[ 39.872017] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.872017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.872017] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.872017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.872017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.872017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.872017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.872017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.872017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.872017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.872017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.872017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.872017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.872017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.872017] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.872017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.872017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.872017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.872017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.872017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.872017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.872017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.872017] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.872017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.872017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.872017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.872017] Memory state around the buggy address:
[ 39.872017] ffff88000ed52080: 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb fb
[ 39.872017] ffff88000ed52100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.872017] >ffff88000ed52180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.872017] ^
[ 39.872017] ffff88000ed52200: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 39.872017] ffff88000ed52280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.872017] ==================================================================
[ 39.923703] scsi_id (258) used greatest stack depth: 29192 bytes left
[ 39.967224] ==================================================================
[ 39.967933] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed524b8
[ 39.968015] Read of size 4 by task mdadm/245
[ 39.968015] =============================================================================
[ 39.968015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 39.968015] -----------------------------------------------------------------------------
[ 39.968015]
[ 39.968015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 39.968015] INFO: Object 0xffff88000ed52480 @offset=1152 fp=0xffff88000ed52e40
[ 39.968015]
[ 39.968015] Bytes b4 ffff88000ed52470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.968015] Object ffff88000ed52480: 40 2e d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff @.........B.....
[ 39.968015] Object ffff88000ed52490: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 39.968015] Object ffff88000ed524a0: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.968015] Object ffff88000ed524b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 39.968015] Object ffff88000ed524c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 39.968015] Object ffff88000ed524d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 39.968015] Object ffff88000ed524e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 39.968015] Object ffff88000ed524f0: 00 25 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .%......@.......
[ 39.968015] Object ffff88000ed52500: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 39.968015] Object ffff88000ed52510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.968015] Object ffff88000ed52520: 3c 47 ea 82 ff ff ff ff 00 00 00 00 00 00 00 00 <G..............
[ 39.968015] Object ffff88000ed52530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 39.968015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 39.968015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 39.968015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 39.968015] ffffea00003b5480 ffff88000ed52480 ffff880000090800 ffff88000efef868
[ 39.968015] Call Trace:
[ 39.968015] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 39.968015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 39.968015] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 39.968015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 39.968015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 39.968015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 39.968015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 39.968015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.968015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 39.968015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 39.968015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 39.968015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 39.968015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 39.968015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 39.968015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 39.968015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 39.968015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 39.968015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 39.968015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 39.968015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 39.968015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 39.968015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 39.968015] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 39.968015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 39.968015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 39.968015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 39.968015] Memory state around the buggy address:
[ 39.968015] ffff88000ed52380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.968015] ffff88000ed52400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 39.968015] >ffff88000ed52480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.968015] ^
[ 39.968015] ffff88000ed52500: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 39.968015] ffff88000ed52580: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 39.968015] ==================================================================
[ 40.060183] ==================================================================
[ 40.060880] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.061011] Read of size 4 by task mdadm/245
[ 40.061011] =============================================================================
[ 40.061011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.061011] -----------------------------------------------------------------------------
[ 40.061011]
[ 40.061011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.061011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.061011]
[ 40.061011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.061011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B.....
[ 40.061011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.061011] Object ffff88000ed527a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.061011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.061011] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 40.061011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.061011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 40.061011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.061011] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 40.061011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.061011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.061011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.061011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.061011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.061011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.061011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.061011] Call Trace:
[ 40.061011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.061011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.061011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.061011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.061011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.061011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.061011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.061011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.061011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.061011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.061011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.061011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.061011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.061011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.061011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 40.061011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.061011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.061011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.061011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.061011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.061011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.061011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.061011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.061011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.061011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.061011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.061011] Memory state around the buggy address:
[ 40.061011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.061011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.061011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.061011] ^
[ 40.061011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.061011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.061011] ==================================================================
[ 40.158198] ==================================================================
[ 40.158898] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.159011] Read of size 4 by task mdadm/245
[ 40.159011] =============================================================================
[ 40.159011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.159011] -----------------------------------------------------------------------------
[ 40.159011]
[ 40.159011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.159011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.159011]
[ 40.159011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.159011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B.....
[ 40.159011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.159011] Object ffff88000ed527a0: ff 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.159011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.159011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 40.159011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.159011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 40.159011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.159011] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a..............
[ 40.159011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.159011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.159011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.159011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.159011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.159011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.159011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.159011] Call Trace:
[ 40.159011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.159011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.159011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.159011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.159011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.159011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.159011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.159011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.159011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.159011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.159011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.159011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.159011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.159011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.159011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 40.159011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.159011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.159011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.159011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.159011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.159011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.159011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.159011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.159011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.159011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.159011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.159011] Memory state around the buggy address:
[ 40.159011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.159011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.159011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.159011] ^
[ 40.159011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.159011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.159011] ==================================================================
[ 40.250179] ==================================================================
[ 40.250870] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.251011] Read of size 4 by task mdadm/245
[ 40.251011] =============================================================================
[ 40.251011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.251011] -----------------------------------------------------------------------------
[ 40.251011]
[ 40.251011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.251011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.251011]
[ 40.251011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.251011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B.....
[ 40.251011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.251011] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.251011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.251011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 40.251011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.251011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 40.251011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.251011] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a..............
[ 40.251011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.251011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.251011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.251011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.251011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.251011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.251011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.251011] Call Trace:
[ 40.251011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.251011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.251011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.251011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.251011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.251011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.251011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.251011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.251011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.251011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.251011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.251011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.251011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.251011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.251011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 40.251011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.251011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.251011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.251011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.251011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.251011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.251011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.251011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.251011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.251011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.251011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.251011] Memory state around the buggy address:
[ 40.251011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.251011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.251011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.251011] ^
[ 40.251011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.251011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.251011] ==================================================================
[ 40.331251] ==================================================================
[ 40.332016] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.332016] Read of size 4 by task mdadm/245
[ 40.332016] =============================================================================
[ 40.332016] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.332016] -----------------------------------------------------------------------------
[ 40.332016]
[ 40.332016] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.332016] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.332016]
[ 40.332016] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.332016] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B.....
[ 40.332016] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.332016] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.332016] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.332016] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 40.332016] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.332016] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 40.332016] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.332016] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a..............
[ 40.332016] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.332016] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.332016] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.332016] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.332016] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.332016] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.332016] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.332016] Call Trace:
[ 40.332016] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.332016] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.332016] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.332016] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.332016] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.332016] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.332016] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.332016] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.332016] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.332016] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.332016] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.332016] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.332016] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.332016] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.332016] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30
[ 40.332016] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.332016] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.332016] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.332016] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.332016] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.332016] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.332016] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.332016] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.332016] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.332016] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.332016] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.332016] Memory state around the buggy address:
[ 40.332016] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.332016] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.332016] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.332016] ^
[ 40.332016] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.332016] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.332016] ==================================================================
[ 40.445097] ==================================================================
[ 40.445805] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.446010] Read of size 4 by task mdadm/245
[ 40.446010] =============================================================================
[ 40.446010] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.446010] -----------------------------------------------------------------------------
[ 40.446010]
[ 40.446010] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.446010] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.446010]
[ 40.446010] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.446010] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 40.446010] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.446010] Object ffff88000ed527a0: 88 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?..............
[ 40.446010] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.446010] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 40.446010] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.446010] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 40.446010] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.446010] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a..............
[ 40.446010] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.446010] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.446010] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.446010] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.446010] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.446010] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.446010] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.446010] Call Trace:
[ 40.446010] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.446010] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.446010] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.446010] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.446010] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.446010] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.446010] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.446010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.446010] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.446010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.446010] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.446010] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.446010] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.446010] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.446010] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.446010] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.446010] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.446010] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.446010] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.446010] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.446010] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.446010] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.446010] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.446010] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.446010] Memory state around the buggy address:
[ 40.446010] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.446010] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.446010] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.446010] ^
[ 40.446010] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.446010] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.446010] ==================================================================
[ 40.598193] ==================================================================
[ 40.599015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.599015] Read of size 4 by task mdadm/245
[ 40.599015] =============================================================================
[ 40.599015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.599015] -----------------------------------------------------------------------------
[ 40.599015]
[ 40.599015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.599015] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.599015]
[ 40.599015] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.599015] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 40.599015] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.599015] Object ffff88000ed527a0: f8 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?..............
[ 40.599015] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.599015] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 40.599015] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.599015] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 40.599015] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.599015] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 40.599015] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.599015] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.599015] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.599015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.599015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.599015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.599015] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.599015] Call Trace:
[ 40.599015] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.599015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.599015] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.599015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.599015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.599015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.599015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.599015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.599015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.599015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.599015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.599015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.599015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.599015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.599015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.599015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.599015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.599015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.599015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.599015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.599015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.599015] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.599015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.599015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.599015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.599015] Memory state around the buggy address:
[ 40.599015] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.599015] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.599015] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.599015] ^
[ 40.599015] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.599015] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.599015] ==================================================================
[ 40.829890] ==================================================================
[ 40.830011] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 40.830011] Read of size 4 by task mdadm/245
[ 40.830011] =============================================================================
[ 40.830011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 40.830011] -----------------------------------------------------------------------------
[ 40.830011]
[ 40.830011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 40.830011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 40.830011]
[ 40.830011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.830011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 40.830011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 40.830011] Object ffff88000ed527a0: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.830011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 40.830011] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 40.830011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 40.830011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 40.830011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 40.830011] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 40.830011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 40.830011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 40.830011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 40.830011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 40.830011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 40.830011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 40.830011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 40.830011] Call Trace:
[ 40.830011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 40.830011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 40.830011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 40.830011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 40.830011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 40.830011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 40.830011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 40.830011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.830011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 40.830011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 40.830011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 40.830011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 40.830011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 40.830011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 40.830011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 40.830011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 40.830011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 40.830011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 40.830011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 40.830011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 40.830011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 40.830011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 40.830011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 40.830011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 40.830011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 40.830011] Memory state around the buggy address:
[ 40.830011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.830011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 40.830011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.830011] ^
[ 40.830011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 40.830011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.830011] ==================================================================
[ 41.027126] ==================================================================
[ 41.027952] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 41.028017] Read of size 4 by task mdadm/245
[ 41.028017] =============================================================================
[ 41.028017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 41.028017] -----------------------------------------------------------------------------
[ 41.028017]
[ 41.028017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 41.028017] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 41.028017]
[ 41.028017] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.028017] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 41.028017] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 41.028017] Object ffff88000ed527a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.028017] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.028017] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................
[ 41.028017] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 41.028017] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................
[ 41.028017] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 41.028017] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:.............
[ 41.028017] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 41.028017] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 41.028017] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.028017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 41.028017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 41.028017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 41.028017] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 41.028017] Call Trace:
[ 41.028017] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 41.028017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 41.028017] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 41.028017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 41.028017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 41.028017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 41.028017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 41.028017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.028017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 41.028017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.028017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 41.028017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 41.028017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 41.028017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 41.028017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 41.028017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 41.028017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 41.028017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 41.028017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 41.028017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 41.028017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 41.028017] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 41.028017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 41.028017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 41.028017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 41.028017] Memory state around the buggy address:
[ 41.028017] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.028017] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 41.028017] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.028017] ^
[ 41.028017] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 41.028017] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.028017] ==================================================================
[ 41.211139] ==================================================================
[ 41.211836] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 41.212012] Read of size 4 by task mdadm/245
[ 41.212012] =============================================================================
[ 41.212012] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 41.212012] -----------------------------------------------------------------------------
[ 41.212012]
[ 41.212012] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 41.212012] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 41.212012]
[ 41.212012] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.212012] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 41.212012] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 41.212012] Object ffff88000ed527a0: ff 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?..............
[ 41.212012] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.212012] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 41.212012] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 41.212012] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 41.212012] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 41.212012] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a..............
[ 41.212012] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 41.212012] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 41.212012] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.212012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 41.212012] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 41.212012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 41.212012] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 41.212012] Call Trace:
[ 41.212012] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 41.212012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 41.212012] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 41.212012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 41.212012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 41.212012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 41.212012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 41.212012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.212012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 41.212012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.212012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 41.212012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 41.212012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 41.212012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 41.212012] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 41.212012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 41.212012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 41.212012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 41.212012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 41.212012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 41.212012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 41.212012] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 41.212012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 41.212012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 41.212012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 41.212012] Memory state around the buggy address:
[ 41.212012] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.212012] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 41.212012] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.212012] ^
[ 41.212012] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 41.212012] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.212012] ==================================================================
[ 41.361178] ==================================================================
[ 41.362017] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 41.362017] Read of size 4 by task mdadm/245
[ 41.362017] =============================================================================
[ 41.362017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 41.362017] -----------------------------------------------------------------------------
[ 41.362017]
[ 41.362017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 41.362017] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 41.362017]
[ 41.362017] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.362017] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 41.362017] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 41.362017] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.362017] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.362017] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 41.362017] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 41.362017] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 41.362017] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 41.362017] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a..............
[ 41.362017] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 41.362017] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 41.362017] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.362017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 41.362017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 41.362017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 41.362017] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 41.362017] Call Trace:
[ 41.362017] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 41.362017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 41.362017] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 41.362017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 41.362017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 41.362017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 41.362017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 41.362017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.362017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 41.362017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.362017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 41.362017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 41.362017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 41.362017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 41.362017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 41.362017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 41.362017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 41.362017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 41.362017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 41.362017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 41.362017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 41.362017] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 41.362017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 41.362017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 41.362017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 41.362017] Memory state around the buggy address:
[ 41.362017] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.362017] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 41.362017] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.362017] ^
[ 41.362017] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 41.362017] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.362017] ==================================================================
[ 41.476621] ==================================================================
[ 41.477011] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8
[ 41.477011] Read of size 4 by task mdadm/245
[ 41.477011] =============================================================================
[ 41.477011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected
[ 41.477011] -----------------------------------------------------------------------------
[ 41.477011]
[ 41.477011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080
[ 41.477011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0
[ 41.477011]
[ 41.477011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.477011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.......
[ 41.477011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................
[ 41.477011] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.477011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
[ 41.477011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................
[ 41.477011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@.............
[ 41.477011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................
[ 41.477011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.......
[ 41.477011] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a..............
[ 41.477011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................
[ 41.477011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#..............
[ 41.477011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 41.477011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1
[ 41.477011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0
[ 41.477011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800
[ 41.477011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868
[ 41.477011] Call Trace:
[ 41.477011] [<ffffffff8276de85>] dump_stack+0x84/0xb9
[ 41.477011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0
[ 41.477011] [<ffffffff8136d9ba>] object_err+0x4a/0x60
[ 41.477011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0
[ 41.477011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0
[ 41.477011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680
[ 41.477011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30
[ 41.477011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.477011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0
[ 41.477011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190
[ 41.477011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0
[ 41.477011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0
[ 41.477011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190
[ 41.477011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0
[ 41.477011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90
[ 41.477011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140
[ 41.477011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0
[ 41.477011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0
[ 41.477011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50
[ 41.477011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330
[ 41.477011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0
[ 41.477011] [<ffffffff8138df13>] __vfs_read+0x173/0x240
[ 41.477011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260
[ 41.477011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110
[ 41.477011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 41.477011] Memory state around the buggy address:
[ 41.477011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.477011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 41.477011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.477011] ^
[ 41.477011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
[ 41.477011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.477011] ==================================================================
Thanks,
Ying Huang
View attachment "config-4.2.0-rc2-00195-gbcf2843" of type "text/plain" (95978 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (33668 bytes)
Powered by blists - more mailing lists