[ 23.949117] audit: type=1800 audit(1540210047.336:21): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.968928] audit: type=1800 audit(1540210047.356:22): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 25.153394] sshd (5241) used greatest stack depth: 15688 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. 2018/10/22 12:08:54 parsed 1 programs 2018/10/22 12:08:56 executed programs: 0 syzkaller login: [ 112.814636] IPVS: ftp: loaded support on port[0] = 21 [ 112.818264] IPVS: ftp: loaded support on port[0] = 21 [ 112.842460] IPVS: ftp: loaded support on port[0] = 21 [ 112.843572] IPVS: ftp: loaded support on port[0] = 21 [ 112.858876] IPVS: ftp: loaded support on port[0] = 21 [ 112.862175] IPVS: ftp: loaded support on port[0] = 21 [ 113.947115] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.958641] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.965624] device bridge_slave_0 entered promiscuous mode [ 113.987925] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.994364] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.002005] device bridge_slave_1 entered promiscuous mode [ 114.014478] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.022635] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.029985] device bridge_slave_0 entered promiscuous mode [ 114.043917] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.051027] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.058943] device bridge_slave_0 entered promiscuous mode [ 114.066922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.080935] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.087292] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.095658] device bridge_slave_0 entered promiscuous mode [ 114.105975] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.114989] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.122991] device bridge_slave_1 entered promiscuous mode [ 114.133254] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.140998] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.151800] device bridge_slave_1 entered promiscuous mode [ 114.160132] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.170217] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.176579] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.185286] device bridge_slave_0 entered promiscuous mode [ 114.195105] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.202182] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.209990] device bridge_slave_0 entered promiscuous mode [ 114.219039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.226586] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.237647] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.253616] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.262052] device bridge_slave_1 entered promiscuous mode [ 114.288092] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.294562] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.302950] device bridge_slave_1 entered promiscuous mode [ 114.311681] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.319495] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.326858] device bridge_slave_1 entered promiscuous mode [ 114.334309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.343857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.368080] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.380927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.396013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 114.419912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.453667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.489760] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.500237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 114.567329] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.592725] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.614950] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.635297] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.701739] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.717228] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.730680] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.745356] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 114.755166] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 114.768206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 114.775062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.785989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 114.799996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.808562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 114.833846] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.843748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.869042] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 114.879030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 114.887669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 114.910881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 114.919839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 114.926667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.938653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 114.948937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 114.974147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 114.990425] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 114.998538] team0: Port device team_slave_0 added [ 115.004344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 115.015198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 115.025966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 115.043056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 115.054354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 115.080474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 115.093727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 115.109020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 115.118777] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.126085] team0: Port device team_slave_1 added [ 115.159454] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.170457] team0: Port device team_slave_0 added [ 115.206025] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.222508] team0: Port device team_slave_0 added [ 115.236758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.268130] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.279039] team0: Port device team_slave_0 added [ 115.285054] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.293286] team0: Port device team_slave_1 added [ 115.301296] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.310709] team0: Port device team_slave_1 added [ 115.334623] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.343892] team0: Port device team_slave_0 added [ 115.357612] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.372918] team0: Port device team_slave_1 added [ 115.388683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.404542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.419647] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 115.427019] team0: Port device team_slave_0 added [ 115.439271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.453193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.472401] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.481894] team0: Port device team_slave_1 added [ 115.490219] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 115.500552] team0: Port device team_slave_1 added [ 115.506697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.520163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.527553] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.547616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.559236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.578071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.588869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.597288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.605459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.617232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.629901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.639649] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.654518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.662893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 115.671055] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.680681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.706743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.719294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.727173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.747674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.756301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.764180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 115.774803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.785000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.796522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.808336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.822004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.830993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.839382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.848028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.855820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.864136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.873579] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 115.890802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 115.907110] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.920455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.950741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.958754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.966424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.974272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.991215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 116.012608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.027217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.554833] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.561377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.568304] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.574689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.589512] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 116.646925] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.653352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.660072] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.666453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.676802] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 116.686854] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.693262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.699972] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.706344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.716717] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 116.724083] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.730567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.737244] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.743682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.752970] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 116.763427] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.769833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.776487] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.782887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.792644] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 116.803607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.815909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.829723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.836804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.844851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.865510] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.871914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.878626] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.884999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.896285] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 117.859597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.415858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.442366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.459840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.519027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.552564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.606562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.668558] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.721990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.743587] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.761271] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.809905] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.858470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.961197] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 119.967375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.983505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.998441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.008347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.015444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.042494] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.061444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.071935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.087426] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.099615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.113202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.130088] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.145570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.158772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.245874] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.256293] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.274563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.283120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.298218] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.313039] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.369373] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.421190] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.517500] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/22 12:09:05 executed programs: 6 [ 122.107369] hrtimer: interrupt took 44788 ns 2018/10/22 12:09:10 executed programs: 53 2018/10/22 12:09:16 executed programs: 82 2018/10/22 12:09:22 executed programs: 90 2018/10/22 12:09:29 executed programs: 100 2018/10/22 12:09:34 executed programs: 115 2018/10/22 12:09:39 executed programs: 135 2018/10/22 12:09:45 executed programs: 154 [ 167.343592] ================================================================== [ 167.351158] BUG: KASAN: use-after-free in debugfs_remove+0x10b/0x130 [ 167.351173] Read of size 8 at addr ffff8801cb686900 by task kworker/1:0/19 [ 167.351183] [ 167.351199] CPU: 1 PID: 19 Comm: kworker/1:0 Not tainted 4.19.0-rc8+ #296 [ 167.364770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.364792] Workqueue: events __blk_release_queue [ 167.387548] Call Trace: [ 167.390152] dump_stack+0x1c4/0x2b6 [ 167.393802] ? dump_stack_print_info.cold.1+0x20/0x20 [ 167.399001] ? printk+0xa7/0xcf [ 167.399020] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 167.399043] print_address_description.cold.8+0x9/0x1ff [ 167.407074] kasan_report.cold.9+0x242/0x309 [ 167.407091] ? debugfs_remove+0x10b/0x130 [ 167.407109] __asan_report_load8_noabort+0x14/0x20 [ 167.421009] debugfs_remove+0x10b/0x130 [ 167.429917] blk_trace_free+0x35/0x130 [ 167.433819] __blk_trace_remove+0x7a/0xa0 [ 167.437978] blk_trace_shutdown+0x63/0x80 [ 167.437997] __blk_release_queue+0x22d/0x500 [ 167.438014] process_one_work+0xc90/0x1c40 [ 167.438028] ? mark_held_locks+0x130/0x130 [ 167.438051] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 167.438064] ? __switch_to_asm+0x40/0x70 [ 167.438080] ? __switch_to_asm+0x34/0x70 [ 167.467828] ? __switch_to_asm+0x40/0x70 [ 167.471899] ? __switch_to_asm+0x34/0x70 [ 167.475972] ? __switch_to_asm+0x40/0x70 [ 167.480034] ? __switch_to_asm+0x34/0x70 [ 167.484099] ? __switch_to_asm+0x40/0x70 [ 167.488168] ? __switch_to_asm+0x34/0x70 [ 167.492243] ? __switch_to_asm+0x40/0x70 [ 167.496320] ? __schedule+0x874/0x1ed0 [ 167.500225] ? check_preemption_disabled+0x48/0x280 [ 167.505299] ? graph_lock+0x170/0x170 [ 167.509109] ? lock_downgrade+0x900/0x900 [ 167.513271] ? trace_hardirqs_off+0xb8/0x310 [ 167.517687] ? kasan_check_read+0x11/0x20 [ 167.521849] ? do_raw_spin_unlock+0xa7/0x330 [ 167.526265] ? find_held_lock+0x36/0x1c0 [ 167.530339] ? lock_acquire+0x1ed/0x520 [ 167.534324] ? worker_thread+0x3e0/0x1390 [ 167.538494] ? lock_release+0x970/0x970 [ 167.542473] ? trace_hardirqs_off+0xb8/0x310 [ 167.546887] ? kasan_check_read+0x11/0x20 [ 167.551055] ? worker_thread+0x3e0/0x1390 [ 167.555210] ? trace_hardirqs_on+0x310/0x310 [ 167.559643] ? kasan_check_write+0x14/0x20 [ 167.563882] ? do_raw_spin_lock+0xc1/0x230 [ 167.568129] worker_thread+0x17f/0x1390 [ 167.572105] ? __switch_to_asm+0x34/0x70 [ 167.576180] ? process_one_work+0x1c40/0x1c40 [ 167.580686] ? graph_lock+0x170/0x170 [ 167.584497] ? __sched_text_start+0x8/0x8 [ 167.588658] ? find_held_lock+0x36/0x1c0 [ 167.592734] ? __kthread_parkme+0xce/0x1a0 [ 167.596976] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 167.602088] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 167.607205] ? lockdep_hardirqs_on+0x421/0x5c0 [ 167.611792] ? trace_hardirqs_on+0xbd/0x310 [ 167.616119] ? kasan_check_read+0x11/0x20 [ 167.620269] ? __kthread_parkme+0xce/0x1a0 [ 167.624513] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 167.629977] ? kasan_check_write+0x14/0x20 [ 167.634223] ? do_raw_spin_lock+0xc1/0x230 [ 167.638474] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 167.643584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 167.649131] ? __kthread_parkme+0xfb/0x1a0 [ 167.653389] kthread+0x35a/0x420 [ 167.656770] ? process_one_work+0x1c40/0x1c40 [ 167.661271] ? kthread_bind+0x40/0x40 [ 167.665080] ret_from_fork+0x3a/0x50 [ 167.668804] [ 167.670447] Allocated by task 7319: [ 167.674077] save_stack+0x43/0xd0 [ 167.677531] kasan_kmalloc+0xc7/0xe0 [ 167.681245] kasan_slab_alloc+0x12/0x20 [ 167.685225] kmem_cache_alloc+0x12e/0x730 [ 167.689403] __d_alloc+0xc8/0xcc0 [ 167.692853] d_alloc+0x96/0x380 [ 167.696134] d_alloc_parallel+0x15a/0x1f40 [ 167.700379] __lookup_slow+0x1e6/0x540 [ 167.704271] lookup_one_len+0x1d8/0x220 [ 167.708248] start_creating+0xc6/0x200 [ 167.712137] __debugfs_create_file+0x63/0x400 [ 167.716633] debugfs_create_file+0x57/0x70 [ 167.720872] do_blk_trace_setup+0x454/0xda0 [ 167.725197] __blk_trace_setup+0xd5/0x180 [ 167.729361] blk_trace_ioctl+0x17a/0x2f0 [ 167.733425] blkdev_ioctl+0x8bc/0x2010 [ 167.737316] block_ioctl+0xee/0x130 [ 167.740950] do_vfs_ioctl+0x1de/0x1720 [ 167.744839] ksys_ioctl+0xa9/0xd0 [ 167.748297] __x64_sys_ioctl+0x73/0xb0 [ 167.752184] do_syscall_64+0x1b9/0x820 [ 167.756451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.761633] [ 167.763260] Freed by task 5357: [ 167.766546] save_stack+0x43/0xd0 [ 167.770001] __kasan_slab_free+0x102/0x150 [ 167.774240] kasan_slab_free+0xe/0x10 [ 167.778044] kmem_cache_free+0x83/0x290 [ 167.782017] __d_free+0x20/0x30 [ 167.785302] rcu_process_callbacks+0xf23/0x2670 [ 167.789974] __do_softirq+0x30c/0xb03 [ 167.793767] [ 167.795393] The buggy address belongs to the object at ffff8801cb6868c0 [ 167.795393] which belongs to the cache dentry(65:syz5) of size 288 [ 167.808404] The buggy address is located 64 bytes inside of [ 167.808404] 288-byte region [ffff8801cb6868c0, ffff8801cb6869e0) [ 167.820188] The buggy address belongs to the page: [ 167.825120] page:ffffea00072da180 count:1 mapcount:0 mapping:ffff8801d8d98e00 index:0x0 [ 167.833265] flags: 0x2fffc0000000100(slab) [ 167.837506] raw: 02fffc0000000100 ffffea00071ac988 ffffea00071272c8 ffff8801d8d98e00 [ 167.845397] raw: 0000000000000000 ffff8801cb686080 000000010000000b ffff8801b8a1c2c0 [ 167.853268] page dumped because: kasan: bad access detected [ 167.858971] page->mem_cgroup:ffff8801b8a1c2c0 [ 167.863459] [ 167.865082] Memory state around the buggy address: [ 167.870388] ffff8801cb686800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 167.877747] ffff8801cb686880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 167.885105] >ffff8801cb686900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.892964] ^ [ 167.896330] ffff8801cb686980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 167.903694] ffff8801cb686a00: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb [ 167.911046] ================================================================== [ 167.918402] Disabling lock debugging due to kernel taint [ 167.926598] Kernel panic - not syncing: panic_on_warn set ... [ 167.926598] [ 167.927925] kobject: 'loop4' (0000000046ffb0ca): kobject_uevent_env [ 167.933988] CPU: 1 PID: 19 Comm: kworker/1:0 Tainted: G B 4.19.0-rc8+ #296 [ 167.941213] kobject: 'loop4' (0000000046ffb0ca): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 167.948681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.948703] Workqueue: events __blk_release_queue [ 167.948711] Call Trace: [ 167.948730] dump_stack+0x1c4/0x2b6 [ 167.948749] ? dump_stack_print_info.cold.1+0x20/0x20 [ 167.983701] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 167.988444] panic+0x238/0x4e7 [ 167.991645] ? add_taint.cold.5+0x16/0x16 [ 167.995782] ? preempt_schedule+0x4d/0x60 [ 167.999921] ? ___preempt_schedule+0x16/0x18 [ 168.004329] ? trace_hardirqs_on+0xb4/0x310 [ 168.008663] kasan_end_report+0x47/0x4f [ 168.012622] kasan_report.cold.9+0x76/0x309 [ 168.016939] ? debugfs_remove+0x10b/0x130 [ 168.021073] __asan_report_load8_noabort+0x14/0x20 [ 168.025987] debugfs_remove+0x10b/0x130 [ 168.029961] blk_trace_free+0x35/0x130 [ 168.033832] __blk_trace_remove+0x7a/0xa0 [ 168.037968] blk_trace_shutdown+0x63/0x80 [ 168.042111] __blk_release_queue+0x22d/0x500 [ 168.046504] process_one_work+0xc90/0x1c40 [ 168.050725] ? mark_held_locks+0x130/0x130 [ 168.054959] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 168.059620] ? __switch_to_asm+0x40/0x70 [ 168.063665] ? __switch_to_asm+0x34/0x70 [ 168.067715] ? __switch_to_asm+0x40/0x70 [ 168.071765] ? __switch_to_asm+0x34/0x70 [ 168.075814] ? __switch_to_asm+0x40/0x70 [ 168.079867] ? __switch_to_asm+0x34/0x70 [ 168.083916] ? __switch_to_asm+0x40/0x70 [ 168.087962] ? __switch_to_asm+0x34/0x70 [ 168.092004] ? __switch_to_asm+0x40/0x70 [ 168.096052] ? __schedule+0x874/0x1ed0 [ 168.099939] ? check_preemption_disabled+0x48/0x280 [ 168.104954] ? graph_lock+0x170/0x170 [ 168.108746] ? lock_downgrade+0x900/0x900 [ 168.112880] ? trace_hardirqs_off+0xb8/0x310 [ 168.117272] ? kasan_check_read+0x11/0x20 [ 168.121425] ? do_raw_spin_unlock+0xa7/0x330 [ 168.125821] ? find_held_lock+0x36/0x1c0 [ 168.129867] ? lock_acquire+0x1ed/0x520 [ 168.133823] ? worker_thread+0x3e0/0x1390 [ 168.137957] ? lock_release+0x970/0x970 [ 168.141920] ? trace_hardirqs_off+0xb8/0x310 [ 168.146315] ? kasan_check_read+0x11/0x20 [ 168.150460] ? worker_thread+0x3e0/0x1390 [ 168.154593] ? trace_hardirqs_on+0x310/0x310 [ 168.158988] ? kasan_check_write+0x14/0x20 [ 168.163205] ? do_raw_spin_lock+0xc1/0x230 [ 168.167430] worker_thread+0x17f/0x1390 [ 168.171392] ? __switch_to_asm+0x34/0x70 [ 168.175443] ? process_one_work+0x1c40/0x1c40 [ 168.179927] ? graph_lock+0x170/0x170 [ 168.183715] ? __sched_text_start+0x8/0x8 [ 168.187867] ? find_held_lock+0x36/0x1c0 [ 168.191920] ? __kthread_parkme+0xce/0x1a0 [ 168.196142] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 168.201232] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 168.206318] ? lockdep_hardirqs_on+0x421/0x5c0 [ 168.210884] ? trace_hardirqs_on+0xbd/0x310 [ 168.215188] ? kasan_check_read+0x11/0x20 [ 168.219319] ? __kthread_parkme+0xce/0x1a0 [ 168.223538] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 168.228972] ? kasan_check_write+0x14/0x20 [ 168.233190] ? do_raw_spin_lock+0xc1/0x230 [ 168.237413] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 168.242504] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 168.248041] ? __kthread_parkme+0xfb/0x1a0 [ 168.252261] kthread+0x35a/0x420 [ 168.255611] ? process_one_work+0x1c40/0x1c40 [ 168.260089] ? kthread_bind+0x40/0x40 [ 168.263876] ret_from_fork+0x3a/0x50 [ 168.268493] Kernel Offset: disabled [ 168.272118] Rebooting in 86400 seconds..