[ 464.673221][ T21] device bridge_slave_1 left promiscuous mode [ 464.680157][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.734735][ T21] device bridge_slave_0 left promiscuous mode [ 464.740963][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.243485][ T21] device hsr_slave_1 left promiscuous mode [ 466.295644][ T21] device hsr_slave_0 left promiscuous mode [ 466.356350][ T21] team0 (unregistering): Port device team_slave_1 removed [ 466.367024][ T21] team0 (unregistering): Port device team_slave_0 removed [ 466.377999][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 466.416806][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 466.498536][ T21] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. [ 471.293439][ T21] device bridge_slave_1 left promiscuous mode [ 471.299915][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.342250][ T21] device bridge_slave_0 left promiscuous mode [ 471.348692][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.417689][ T21] device bridge_slave_1 left promiscuous mode [ 471.425154][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.492339][ T21] device bridge_slave_0 left promiscuous mode [ 471.498931][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.563984][ T21] device bridge_slave_1 left promiscuous mode [ 471.570444][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.618884][ T21] device bridge_slave_0 left promiscuous mode [ 471.625218][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.663457][ T21] device bridge_slave_1 left promiscuous mode [ 471.669775][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.702568][ T21] device bridge_slave_0 left promiscuous mode [ 471.708945][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.749950][ T21] device bridge_slave_1 left promiscuous mode [ 471.756441][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.782419][ T21] device bridge_slave_0 left promiscuous mode [ 471.788702][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.343582][ T21] device hsr_slave_1 left promiscuous mode [ 480.394133][ T21] device hsr_slave_0 left promiscuous mode [ 480.425560][ T21] team0 (unregistering): Port device team_slave_1 removed [ 480.436830][ T21] team0 (unregistering): Port device team_slave_0 removed [ 480.446886][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 480.486410][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 480.562079][ T21] bond0 (unregistering): Released all slaves [ 480.686521][ T21] device hsr_slave_1 left promiscuous mode [ 480.730704][ T21] device hsr_slave_0 left promiscuous mode [ 480.774177][ T21] team0 (unregistering): Port device team_slave_1 removed [ 480.785835][ T21] team0 (unregistering): Port device team_slave_0 removed [ 480.796077][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 480.854782][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 480.927099][ T21] bond0 (unregistering): Released all slaves [ 481.053941][ T21] device hsr_slave_1 left promiscuous mode [ 481.100631][ T21] device hsr_slave_0 left promiscuous mode [ 481.144695][ T21] team0 (unregistering): Port device team_slave_1 removed [ 481.156817][ T21] team0 (unregistering): Port device team_slave_0 removed [ 481.167262][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 481.205602][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 481.266716][ T21] bond0 (unregistering): Released all slaves [ 481.424231][ T21] device hsr_slave_1 left promiscuous mode [ 481.490381][ T21] device hsr_slave_0 left promiscuous mode [ 481.535518][ T21] team0 (unregistering): Port device team_slave_1 removed [ 481.546040][ T21] team0 (unregistering): Port device team_slave_0 removed [ 481.556843][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 481.604628][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 481.685932][ T21] bond0 (unregistering): Released all slaves [ 481.855738][ T21] device hsr_slave_1 left promiscuous mode [ 481.915423][ T21] device hsr_slave_0 left promiscuous mode [ 481.944801][ T21] team0 (unregistering): Port device team_slave_1 removed [ 481.956712][ T21] team0 (unregistering): Port device team_slave_0 removed [ 481.966914][ T21] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 482.004573][ T21] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 482.077452][ T21] bond0 (unregistering): Released all slaves [ 490.474080][ T7088] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 495.322089][ T7088] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 519.049115][T28244] ================================================================== [ 519.057529][T28244] BUG: KASAN: use-after-free in relay_switch_subbuf+0xb0d/0xc40 [ 519.057550][T28244] Read of size 8 at addr ffff8880a6f62bd8 by task kworker/0:1/28244 [ 519.057551][T28244] [ 519.057561][T28244] CPU: 0 PID: 28244 Comm: kworker/0:1 Not tainted 5.1.0-rc2+ #0 [ 519.057564][T28244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.057616][T28244] Workqueue: events __blk_release_queue [ 519.074256][T28244] Call Trace: [ 519.074351][T28244] dump_stack+0x113/0x167 [ 519.074407][T28244] print_address_description.cold.5+0x9/0x1ff [ 519.084283][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.084290][T28244] kasan_report.cold.6+0x1b/0x39 [ 519.084293][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.084299][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.084305][T28244] __asan_report_load8_noabort+0x14/0x20 [ 519.084310][T28244] relay_switch_subbuf+0xb0d/0xc40 [ 519.084319][T28244] relay_flush+0x183/0x230 [ 519.084380][T28244] __blk_trace_startstop.isra.20+0x3f9/0x540 [ 519.084386][T28244] ? blk_msg_write+0x90/0x90 [ 519.099972][T28244] ? kobject_put.cold.9+0x249/0x27c [ 519.100032][T28244] ? blk_mq_sysfs_deinit+0xe2/0x130 [ 519.100038][T28244] ? blk_mq_release+0xe1/0x160 [ 519.107606][T28244] blk_trace_shutdown+0x4c/0x70 [ 519.107617][T28244] __blk_release_queue+0x17a/0x310 [ 519.107684][T28244] process_one_work+0x830/0x16a0 [ 519.107694][T28244] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 519.113859][T28804] kobject: 'cpu1' (0000000033926b7a): kobject_add_internal: parent: '0', set: '' [ 519.119033][T28244] ? lock_acquire+0x173/0x3d0 [ 519.119046][T28244] worker_thread+0x85/0xb60 [ 519.124093][T28804] kobject: 'queue' (00000000ce59a736): kobject_uevent_env [ 519.129248][T28244] ? __kthread_parkme+0x47/0x190 [ 519.129263][T28244] kthread+0x324/0x3e0 [ 519.129268][T28244] ? process_one_work+0x16a0/0x16a0 [ 519.129272][T28244] ? kthread_cancel_delayed_work_sync+0x10/0x10 [ 519.129358][T28244] ret_from_fork+0x24/0x30 [ 519.129370][T28244] [ 519.134821][T28804] kobject: 'queue' (00000000ce59a736): kobject_uevent_env: filter function caused the event to drop! [ 519.140252][T28244] Allocated by task 28621: [ 519.140265][T28244] save_stack+0x43/0xd0 [ 519.140269][T28244] __kasan_kmalloc.constprop.9+0xc7/0xd0 [ 519.140273][T28244] kasan_slab_alloc+0x12/0x20 [ 519.140277][T28244] kmem_cache_alloc+0x11a/0x720 [ 519.140328][T28244] __d_alloc+0x28/0x8a0 [ 519.140334][T28244] d_alloc+0x43/0x260 [ 519.145617][T28804] kobject: 'iosched' (0000000085bad268): kobject_add_internal: parent: 'queue', set: '' [ 519.149822][T28244] d_alloc_parallel+0xf3/0x1750 [ 519.149870][T28244] __lookup_slow+0x18d/0x400 [ 519.149879][T28244] lookup_one_len+0x132/0x160 [ 519.156081][T28804] kobject: 'iosched' (0000000085bad268): kobject_uevent_env [ 519.160526][T28244] start_creating+0x91/0x190 [ 519.160533][T28244] __debugfs_create_file+0x33/0x390 [ 519.165791][T28804] kobject: 'iosched' (0000000085bad268): kobject_uevent_env: filter function caused the event to drop! [ 519.170883][T28244] debugfs_create_file+0x24/0x30 [ 519.170890][T28244] blk_create_buf_file_callback+0x19/0x20 [ 519.170896][T28244] relay_create_buf_file+0xea/0x160 [ 519.170900][T28244] relay_open_buf.part.10+0x614/0xa00 [ 519.170903][T28244] relay_open+0x48f/0x890 [ 519.170908][T28244] do_blk_trace_setup+0x3b5/0xa70 [ 519.170912][T28244] __blk_trace_setup+0xb4/0x130 [ 519.170916][T28244] blk_trace_ioctl+0x155/0x2a0 [ 519.170925][T28244] blkdev_ioctl+0x7a2/0x1830 [ 519.170965][T28244] block_ioctl+0xd7/0x130 [ 519.175768][T28804] kobject: 'integrity' (00000000a566528b): kobject_add_internal: parent: 'loop0', set: '' [ 519.180504][T28244] do_vfs_ioctl+0x196/0x10c0 [ 519.180508][T28244] ksys_ioctl+0x62/0x90 [ 519.180511][T28244] __x64_sys_ioctl+0x6e/0xb0 [ 519.180519][T28244] do_syscall_64+0xd0/0x4d0 [ 519.180529][T28244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 519.180532][T28244] [ 519.180535][T28244] Freed by task 0: [ 519.180542][T28244] save_stack+0x43/0xd0 [ 519.180545][T28244] __kasan_slab_free+0x102/0x150 [ 519.180548][T28244] kasan_slab_free+0xe/0x10 [ 519.180551][T28244] kmem_cache_free+0x83/0x290 [ 519.180555][T28244] __d_free+0x17/0x20 [ 519.180608][T28244] rcu_core+0x8f4/0x12e0 [ 519.180613][T28244] __do_softirq+0x260/0x958 [ 519.180615][T28244] [ 519.180618][T28244] The buggy address belongs to the object at ffff8880a6f62b80 [ 519.180618][T28244] which belongs to the cache dentry of size 288 [ 519.180622][T28244] The buggy address is located 88 bytes inside of [ 519.180622][T28244] 288-byte region [ffff8880a6f62b80, ffff8880a6f62ca0) [ 519.180625][T28244] The buggy address belongs to the page: [ 519.180630][T28244] page:ffffea00029bd880 count:1 mapcount:0 mapping:ffff88821bc45200 index:0x0 [ 519.180636][T28244] flags: 0x1fffc0000000200(slab) [ 519.180642][T28244] raw: 01fffc0000000200 ffffea0002577b08 ffffea00022c0608 ffff88821bc45200 [ 519.180646][T28244] raw: 0000000000000000 ffff8880a6f62080 000000010000000b 0000000000000000 [ 519.180648][T28244] page dumped because: kasan: bad access detected [ 519.180649][T28244] [ 519.180651][T28244] Memory state around the buggy address: [ 519.180655][T28244] ffff8880a6f62a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.180658][T28244] ffff8880a6f62b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 519.180661][T28244] >ffff8880a6f62b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.180663][T28244] ^ [ 519.180666][T28244] ffff8880a6f62c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.186074][T28804] kobject: 'integrity' (00000000a566528b): kobject_uevent_env [ 519.190788][T28244] ffff8880a6f62c80: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00 [ 519.190791][T28244] ================================================================== [ 519.190793][T28244] Disabling lock debugging due to kernel taint [ 519.193632][T28244] Kernel panic - not syncing: panic_on_warn set ... [ 519.197170][T28804] kobject: 'integrity' (00000000a566528b): kobject_uevent_env: filter function caused the event to drop! [ 519.205939][T28244] CPU: 0 PID: 28244 Comm: kworker/0:1 Tainted: G B 5.1.0-rc2+ #0 [ 519.205943][T28244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.205960][T28244] Workqueue: events __blk_release_queue [ 519.205964][T28244] Call Trace: [ 519.205980][T28244] dump_stack+0x113/0x167 [ 519.205988][T28244] ? relay_switch_subbuf+0xa10/0xc40 [ 519.206065][T28244] panic+0x212/0x40b [ 519.206069][T28244] ? __warn_printk+0xd6/0xd6 [ 519.206080][T28244] ? ___preempt_schedule+0x16/0x18 [ 519.206086][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.206094][T28244] end_report+0x47/0x4f [ 519.206098][T28244] kasan_report.cold.6+0xe/0x39 [ 519.206101][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.206105][T28244] ? relay_switch_subbuf+0xb0d/0xc40 [ 519.206109][T28244] __asan_report_load8_noabort+0x14/0x20 [ 519.206116][T28244] relay_switch_subbuf+0xb0d/0xc40 [ 519.218184][T30669] kobject: 'integrity' (00000000a566528b): kobject_uevent_env [ 519.222360][T28244] relay_flush+0x183/0x230 [ 519.222368][T28244] __blk_trace_startstop.isra.20+0x3f9/0x540 [ 519.222372][T28244] ? blk_msg_write+0x90/0x90 [ 519.222381][T28244] ? kobject_put.cold.9+0x249/0x27c [ 519.222390][T28244] ? blk_mq_sysfs_deinit+0xe2/0x130 [ 519.222397][T28244] ? blk_mq_release+0xe1/0x160 [ 519.227796][T30669] kobject: 'integrity' (00000000a566528b): kobject_uevent_env: filter function caused the event to drop! [ 519.231363][T28244] blk_trace_shutdown+0x4c/0x70 [ 519.231373][T28244] __blk_release_queue+0x17a/0x310 [ 519.231384][T28244] process_one_work+0x830/0x16a0 [ 519.236956][T30669] kobject: 'integrity' (00000000a566528b): kobject_cleanup, parent (null) [ 519.242877][T28244] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 519.242885][T28244] ? lock_acquire+0x173/0x3d0 [ 519.242891][T28244] worker_thread+0x85/0xb60 [ 519.242897][T28244] ? __kthread_parkme+0x47/0x190 [ 519.242903][T28244] kthread+0x324/0x3e0 [ 519.242908][T28244] ? process_one_work+0x16a0/0x16a0 [ 519.247566][T30669] kobject: 'integrity' (00000000a566528b): does not have a release() function, it is broken and must be fixed. See Documentation/kobject.txt. [ 519.249694][T28244] ? kthread_cancel_delayed_work_sync+0x10/0x10 [ 519.249705][T28244] ret_from_fork+0x24/0x30 [ 519.261641][T28244] Kernel Offset: disabled [ 519.858454][T28244] Rebooting in 86400 seconds..