Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. executing program executing program executing program executing program syzkaller login: [ 65.391099][ T8685] debugfs: Directory 'loop0' with parent 'block' already present! [ 65.490498][ T12] ================================================================== [ 65.498687][ T12] BUG: KASAN: use-after-free in debugfs_remove+0x10d/0x130 [ 65.498703][ T12] Read of size 8 at addr ffff8880a6a194a0 by task kworker/0:1/12 [ 65.498706][ T12] [ 65.498722][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0+ #90 [ 65.498730][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.498746][ T12] Workqueue: events __blk_release_queue [ 65.498754][ T12] Call Trace: [ 65.498770][ T12] dump_stack+0x172/0x1f0 [ 65.498788][ T12] ? debugfs_remove+0x10d/0x130 [ 65.498808][ T12] print_address_description.cold+0xd4/0x306 [ 65.513731][ T12] ? debugfs_remove+0x10d/0x130 [ 65.513747][ T12] ? debugfs_remove+0x10d/0x130 [ 65.523679][ T12] __kasan_report.cold+0x1b/0x36 [ 65.523706][ T12] ? __sanitizer_cov_trace_cmp4+0x20/0x20 [ 65.539798][ T12] ? debugfs_remove+0x10d/0x130 [ 65.539819][ T12] kasan_report+0x12/0x17 [ 65.539835][ T12] __asan_report_load8_noabort+0x14/0x20 [ 65.539846][ T12] debugfs_remove+0x10d/0x130 [ 65.539864][ T12] blk_trace_free+0x38/0x140 [ 65.547443][ T12] __blk_trace_remove+0x78/0xa0 [ 65.547465][ T12] blk_trace_shutdown+0x67/0x90 [ 65.563093][ T12] __blk_release_queue+0x1de/0x340 [ 65.563118][ T12] process_one_work+0x9af/0x1740 [ 65.572862][ T12] ? pwq_dec_nr_in_flight+0x320/0x320 [ 65.572880][ T12] ? lock_acquire+0x190/0x410 [ 65.583408][ T12] worker_thread+0x98/0xe40 [ 65.583429][ T12] ? trace_hardirqs_on+0x67/0x240 [ 65.593350][ T12] kthread+0x361/0x430 [ 65.593368][ T12] ? process_one_work+0x1740/0x1740 [ 65.602592][ T12] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 65.602610][ T12] ret_from_fork+0x24/0x30 [ 65.602629][ T12] [ 65.612270][ T12] Allocated by task 8685: [ 65.612288][ T12] save_stack+0x23/0x90 [ 65.612305][ T12] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 65.627679][ T12] kasan_slab_alloc+0xf/0x20 [ 65.627690][ T12] kmem_cache_alloc+0x121/0x710 [ 65.627704][ T12] __d_alloc+0x2e/0x8c0 [ 65.627714][ T12] d_alloc+0x4d/0x280 [ 65.627727][ T12] d_alloc_parallel+0xf4/0x1c30 [ 65.627741][ T12] __lookup_slow+0x1ab/0x500 [ 65.627750][ T12] lookup_one_len+0x16d/0x1a0 [ 65.627762][ T12] start_creating+0xc5/0x1d0 [ 65.627773][ T12] __debugfs_create_file+0x65/0x3c0 [ 65.627781][ T12] debugfs_create_file+0x5a/0x70 [ 65.627798][ T12] do_blk_trace_setup+0x361/0xb50 [ 65.627809][ T12] __blk_trace_setup+0xe3/0x190 [ 65.637141][ T8687] kobject: 'mq' (000000008dc5275b): kobject_add_internal: parent: 'loop0', set: '' [ 65.642006][ T12] blk_trace_ioctl+0x170/0x300 [ 65.642022][ T12] blkdev_ioctl+0x126/0x1c1a [ 65.642040][ T12] block_ioctl+0xee/0x130 [ 65.647080][ T8687] kobject: 'mq' (000000008dc5275b): kobject_uevent_env [ 65.651262][ T12] do_vfs_ioctl+0xdb6/0x13e0 [ 65.651273][ T12] ksys_ioctl+0xab/0xd0 [ 65.651288][ T12] __x64_sys_ioctl+0x73/0xb0 [ 65.657939][ T8687] kobject: 'mq' (000000008dc5275b): kobject_uevent_env: filter function caused the event to drop! [ 65.661898][ T12] do_syscall_64+0xfd/0x6a0 [ 65.661914][ T12] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.661922][ T12] [ 65.664317][ T8687] kobject: '0' (000000004adf7457): kobject_add_internal: parent: 'mq', set: '' [ 65.668560][ T12] Freed by task 0: [ 65.668574][ T12] save_stack+0x23/0x90 [ 65.668585][ T12] __kasan_slab_free+0x102/0x150 [ 65.668596][ T12] kasan_slab_free+0xe/0x10 [ 65.668607][ T12] kmem_cache_free+0x86/0x320 [ 65.668619][ T12] __d_free+0x20/0x30 [ 65.668632][ T12] rcu_core+0x67f/0x1580 [ 65.668647][ T12] rcu_core_si+0x9/0x10 [ 65.675116][ T8687] kobject: 'cpu0' (000000007675c70d): kobject_add_internal: parent: '0', set: '' [ 65.678386][ T12] __do_softirq+0x262/0x98c [ 65.678391][ T12] [ 65.678408][ T12] The buggy address belongs to the object at ffff8880a6a19460 [ 65.678408][ T12] which belongs to the cache dentry of size 288 [ 65.683051][ T8687] kobject: 'cpu1' (000000001244718c): kobject_add_internal: parent: '0', set: '' [ 65.687821][ T12] The buggy address is located 64 bytes inside of [ 65.687821][ T12] 288-byte region [ffff8880a6a19460, ffff8880a6a19580) [ 65.687826][ T12] The buggy address belongs to the page: [ 65.687838][ T12] page:ffffea00029a8640 refcount:1 mapcount:0 mapping:ffff88821bc46540 index:0x0 [ 65.687850][ T12] flags: 0x1fffc0000000200(slab) [ 65.687870][ T12] raw: 01fffc0000000200 ffffea0002254608 ffffea00022534c8 ffff88821bc46540 [ 65.687885][ T12] raw: 0000000000000000 ffff8880a6a19040 000000010000000b 0000000000000000 [ 65.687895][ T12] page dumped because: kasan: bad access detected [ 65.694125][ T8687] kobject: 'queue' (000000006537ff85): kobject_uevent_env [ 65.695973][ T12] [ 65.695978][ T12] Memory state around the buggy address: [ 65.695991][ T12] ffff8880a6a19380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.696000][ T12] ffff8880a6a19400: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb [ 65.696010][ T12] >ffff8880a6a19480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.696016][ T12] ^ [ 65.696026][ T12] ffff8880a6a19500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.696036][ T12] ffff8880a6a19580: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 65.696040][ T12] ================================================================== [ 65.696044][ T12] Disabling lock debugging due to kernel taint [ 65.704764][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 65.705800][ T8687] kobject: 'queue' (000000006537ff85): kobject_uevent_env: filter function caused the event to drop! [ 65.710147][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0+ #90 [ 65.710160][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.716516][ T8687] kobject: 'iosched' (000000007d4eb3a2): kobject_add_internal: parent: 'queue', set: '' [ 65.719904][ T12] Workqueue: events __blk_release_queue [ 65.725165][ T8687] kobject: 'iosched' (000000007d4eb3a2): kobject_uevent_env [ 65.729818][ T12] Call Trace: [ 65.729839][ T12] dump_stack+0x172/0x1f0 [ 65.729860][ T12] panic+0x2dc/0x755 [ 65.734700][ T8687] kobject: 'iosched' (000000007d4eb3a2): kobject_uevent_env: filter function caused the event to drop! [ 65.744447][ T12] ? add_taint.cold+0x16/0x16 [ 65.744462][ T12] ? debugfs_remove+0x10d/0x130 [ 65.744477][ T12] ? preempt_schedule+0x4b/0x60 [ 65.744492][ T12] ? ___preempt_schedule+0x16/0x18 [ 65.744513][ T12] ? trace_hardirqs_on+0x5e/0x240 [ 65.749745][ T8687] kobject: 'integrity' (00000000021e72f4): kobject_add_internal: parent: 'loop0', set: '' [ 65.753815][ T12] ? debugfs_remove+0x10d/0x130 [ 65.753834][ T12] end_report+0x47/0x4f [ 65.758463][ T8687] kobject: 'integrity' (00000000021e72f4): kobject_uevent_env [ 65.764950][ T12] ? debugfs_remove+0x10d/0x130 [ 65.764965][ T12] __kasan_report.cold+0xe/0x36 [ 65.764984][ T12] ? __sanitizer_cov_trace_cmp4+0x20/0x20 [ 65.764993][ T12] ? debugfs_remove+0x10d/0x130 [ 65.765004][ T12] kasan_report+0x12/0x17 [ 65.765017][ T12] __asan_report_load8_noabort+0x14/0x20 [ 65.765032][ T12] debugfs_remove+0x10d/0x130 [ 65.770187][ T8687] kobject: 'integrity' (00000000021e72f4): kobject_uevent_env: filter function caused the event to drop! [ 65.773825][ T12] blk_trace_free+0x38/0x140 [ 65.773841][ T12] __blk_trace_remove+0x78/0xa0 [ 66.203634][ T12] blk_trace_shutdown+0x67/0x90 [ 66.208557][ T12] __blk_release_queue+0x1de/0x340 [ 66.213646][ T12] process_one_work+0x9af/0x1740 [ 66.218566][ T12] ? pwq_dec_nr_in_flight+0x320/0x320 [ 66.223917][ T12] ? lock_acquire+0x190/0x410 [ 66.228576][ T12] worker_thread+0x98/0xe40 [ 66.233061][ T12] ? trace_hardirqs_on+0x67/0x240 [ 66.238072][ T12] kthread+0x361/0x430 [ 66.242118][ T12] ? process_one_work+0x1740/0x1740 [ 66.247295][ T12] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 66.253513][ T12] ret_from_fork+0x24/0x30 [ 66.259018][ T12] Kernel Offset: disabled [ 66.263351][ T12] Rebooting in 86400 seconds..