Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 43.257023] audit: type=1800 audit(1561311348.019:33): pid=7599 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.532439] kauditd_printk_skb: 1 callbacks suppressed [ 47.532453] audit: type=1400 audit(1561311352.289:35): avc: denied { map } for pid=7771 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. executing program [ 54.111287] audit: type=1400 audit(1561311358.869:36): avc: denied { map } for pid=7783 comm="syz-executor031" path="/root/syz-executor031309089" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 123.686027] ================================================================== [ 123.693892] BUG: KASAN: use-after-free in debugfs_remove+0x10d/0x130 [ 123.700397] Read of size 8 at addr ffff888076f0c8c0 by task kworker/1:1/24 [ 123.707969] [ 123.709709] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.19.55 #27 [ 123.716203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.725759] Workqueue: events __blk_release_queue [ 123.730706] Call Trace: [ 123.733473] dump_stack+0x172/0x1f0 [ 123.737362] ? debugfs_remove+0x10d/0x130 [ 123.741860] print_address_description.cold+0x7c/0x20d [ 123.747423] ? debugfs_remove+0x10d/0x130 [ 123.751574] kasan_report.cold+0x8c/0x2ba [ 123.756145] __asan_report_load8_noabort+0x14/0x20 [ 123.761681] debugfs_remove+0x10d/0x130 [ 123.765853] blk_trace_free+0x38/0x140 [ 123.770096] __blk_trace_remove+0x78/0xa0 [ 123.774347] blk_trace_shutdown+0x67/0x90 [ 123.778614] __blk_release_queue+0x225/0x4f0 [ 123.783201] process_one_work+0x989/0x1750 [ 123.787551] ? pwq_dec_nr_in_flight+0x320/0x320 [ 123.792226] ? lock_acquire+0x16f/0x3f0 [ 123.796954] ? kasan_check_write+0x14/0x20 [ 123.801343] ? do_raw_spin_lock+0xc8/0x240 [ 123.805774] worker_thread+0x98/0xe40 [ 123.809674] ? trace_hardirqs_on+0x67/0x220 [ 123.814019] kthread+0x354/0x420 [ 123.817626] ? process_one_work+0x1750/0x1750 [ 123.822327] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 123.828452] ret_from_fork+0x24/0x30 [ 123.832793] [ 123.834420] Allocated by task 10219: [ 123.838496] save_stack+0x45/0xd0 [ 123.841947] kasan_kmalloc+0xce/0xf0 [ 123.846022] kasan_slab_alloc+0xf/0x20 [ 123.849914] kmem_cache_alloc+0x12e/0x700 [ 123.854065] __d_alloc+0x2e/0x9c0 [ 123.857741] d_alloc+0x4d/0x280 [ 123.861016] d_alloc_parallel+0xf4/0x1bb0 [ 123.865161] __lookup_slow+0x1ab/0x500 [ 123.869069] lookup_one_len+0x16d/0x1a0 [ 123.873122] start_creating+0xbf/0x1e0 [ 123.877113] __debugfs_create_file+0x65/0x400 [ 123.881897] debugfs_create_file+0x5a/0x70 [ 123.886545] do_blk_trace_setup+0x376/0xb90 [ 123.890881] __blk_trace_setup+0xe3/0x190 [ 123.895040] blk_trace_ioctl+0x170/0x300 [ 123.899329] blkdev_ioctl+0x126/0x1ac0 [ 123.903254] block_ioctl+0xee/0x130 [ 123.906885] do_vfs_ioctl+0xd5f/0x1380 [ 123.910980] ksys_ioctl+0xab/0xd0 [ 123.915298] __x64_sys_ioctl+0x73/0xb0 [ 123.919275] do_syscall_64+0xfd/0x620 [ 123.924342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.929882] [ 123.931504] Freed by task 18: [ 123.934619] save_stack+0x45/0xd0 [ 123.938909] __kasan_slab_free+0x102/0x150 [ 123.943217] kasan_slab_free+0xe/0x10 [ 123.947226] kmem_cache_free+0x86/0x260 [ 123.951214] __d_free+0x20/0x30 [ 123.954502] rcu_process_callbacks+0xba0/0x1a30 [ 123.960364] __do_softirq+0x25c/0x921 [ 123.964778] [ 123.966491] The buggy address belongs to the object at ffff888076f0c880 [ 123.966491] which belongs to the cache dentry of size 288 [ 123.979456] The buggy address is located 64 bytes inside of [ 123.979456] 288-byte region [ffff888076f0c880, ffff888076f0c9a0) [ 123.991641] The buggy address belongs to the page: [ 123.996694] page:ffffea0001dbc300 count:1 mapcount:0 mapping:ffff88812c2a99c0 index:0x0 [ 124.005654] flags: 0x1fffc0000000100(slab) [ 124.009986] raw: 01fffc0000000100 ffffea0001dbd008 ffffea0001dbc388 ffff88812c2a99c0 [ 124.018276] raw: 0000000000000000 ffff888076f0c040 000000010000000b 0000000000000000 [ 124.026249] page dumped because: kasan: bad access detected [ 124.032121] [ 124.034608] Memory state around the buggy address: [ 124.039620] ffff888076f0c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.047394] ffff888076f0c800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 124.055190] >ffff888076f0c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.062719] ^ [ 124.079590] ffff888076f0c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.095961] ffff888076f0c980: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb [ 124.103404] ================================================================== [ 124.110990] Disabling lock debugging due to kernel taint [ 124.117838] Kernel panic - not syncing: panic_on_warn set ... [ 124.117838] [ 124.119371] kobject: '7:0' (000000007561f9f0): kobject_add_internal: parent: 'bdi', set: 'devices' [ 124.125322] CPU: 1 PID: 24 Comm: kworker/1:1 Tainted: G B 4.19.55 #27 [ 124.125331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.125351] Workqueue: events __blk_release_queue [ 124.125357] Call Trace: [ 124.125377] dump_stack+0x172/0x1f0 [ 124.125391] ? debugfs_remove+0x10d/0x130 [ 124.125404] panic+0x263/0x507 [ 124.125422] ? __warn_printk+0xf3/0xf3 [ 124.135210] kobject: '7:0' (000000007561f9f0): kobject_uevent_env [ 124.142592] ? debugfs_remove+0x10d/0x130 [ 124.142611] ? preempt_schedule+0x4b/0x60 [ 124.152729] kobject: '7:0' (000000007561f9f0): fill_kobj_path: path = '/devices/virtual/bdi/7:0' [ 124.157559] ? ___preempt_schedule+0x16/0x18 [ 124.157574] ? trace_hardirqs_on+0x5e/0x220 [ 124.157591] ? debugfs_remove+0x10d/0x130 [ 124.162750] kobject: 'loop0' (00000000e3bdf9ed): kobject_add_internal: parent: 'block', set: 'devices' [ 124.163970] kasan_end_report+0x47/0x4f [ 124.163987] kasan_report.cold+0xa9/0x2ba [ 124.168652] kobject: 'loop0' (00000000e3bdf9ed): kobject_uevent_env [ 124.171341] __asan_report_load8_noabort+0x14/0x20 [ 124.171359] debugfs_remove+0x10d/0x130 [ 124.175354] kobject: 'loop0' (00000000e3bdf9ed): kobject_uevent_env: uevent_suppress caused the event to drop! [ 124.181931] blk_trace_free+0x38/0x140 [ 124.181947] __blk_trace_remove+0x78/0xa0 [ 124.186315] kobject: 'holders' (00000000ceef6cd8): kobject_add_internal: parent: 'loop0', set: '' [ 124.190611] blk_trace_shutdown+0x67/0x90 [ 124.190630] __blk_release_queue+0x225/0x4f0 [ 124.199791] kobject: 'slaves' (000000001b63f88d): kobject_add_internal: parent: 'loop0', set: '' [ 124.204043] process_one_work+0x989/0x1750 [ 124.204060] ? pwq_dec_nr_in_flight+0x320/0x320 [ 124.208483] kobject: 'loop0' (00000000e3bdf9ed): kobject_uevent_env [ 124.212503] ? lock_acquire+0x16f/0x3f0 [ 124.212522] ? kasan_check_write+0x14/0x20 [ 124.222860] kobject: 'loop0' (00000000e3bdf9ed): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 124.226931] ? do_raw_spin_lock+0xc8/0x240 [ 124.226946] worker_thread+0x98/0xe40 [ 124.226964] ? trace_hardirqs_on+0x67/0x220 [ 124.234773] kobject: 'queue' (000000006a09a776): kobject_add_internal: parent: 'loop0', set: '' [ 124.237594] kthread+0x354/0x420 [ 124.237608] ? process_one_work+0x1750/0x1750 [ 124.237619] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 124.237638] ret_from_fork+0x24/0x30 [ 124.243182] kobject: 'mq' (000000004599870c): kobject_add_internal: parent: 'loop0', set: '' [ 124.248470] Kernel Offset: disabled [ 124.400591] Rebooting in 86400 seconds..