Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.717168] audit: type=1400 audit(1599002331.610:8): avc: denied { execmem } for pid=6460 comm="syz-executor843" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program executing program executing program [ 42.839513] blktrace: Concurrent blktraces are not allowed on loop0 [ 42.896122] ================================================================== [ 42.903593] BUG: KASAN: use-after-free in debugfs_remove+0x1c1/0x210 [ 42.910086] Read of size 8 at addr ffff88808379c900 by task kworker/0:1/14 [ 42.917089] [ 42.918696] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.19.142-syzkaller #0 [ 42.926033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.935398] Workqueue: events __blk_release_queue [ 42.940222] Call Trace: [ 42.942810] dump_stack+0x1fc/0x2fe [ 42.946435] print_address_description.cold+0x54/0x219 [ 42.951693] kasan_report_error.cold+0x8a/0x1c7 [ 42.956366] ? debugfs_remove+0x1c1/0x210 [ 42.960492] __asan_report_load8_noabort+0x88/0x90 [ 42.965418] ? debugfs_remove+0x1c1/0x210 [ 42.969559] debugfs_remove+0x1c1/0x210 [ 42.973524] blk_trace_free+0x31/0x130 [ 42.977387] __blk_trace_remove+0x8b/0x100 [ 42.981611] blk_trace_shutdown+0x92/0x100 [ 42.985821] __blk_release_queue+0x235/0x4e0 [ 42.990207] process_one_work+0x864/0x1570 [ 42.994419] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 42.999082] worker_thread+0x64c/0x1130 [ 43.003043] ? __kthread_parkme+0x133/0x1e0 [ 43.007363] ? process_one_work+0x1570/0x1570 [ 43.011940] kthread+0x33f/0x460 [ 43.015303] ? kthread_park+0x180/0x180 [ 43.019259] ret_from_fork+0x24/0x30 [ 43.022950] [ 43.024552] Allocated by task 6470: [ 43.028155] kmem_cache_alloc+0x122/0x370 [ 43.032277] __d_alloc+0x2b/0xa10 [ 43.035705] d_alloc+0x4a/0x230 [ 43.038959] d_alloc_parallel+0xeb/0x19e0 [ 43.043087] __lookup_slow+0x18d/0x4a0 [ 43.046951] lookup_one_len+0x163/0x190 [ 43.050905] start_creating.part.0+0x62/0x160 [ 43.055373] __debugfs_create_file+0xb8/0x4e0 [ 43.059841] do_blk_trace_setup+0x3a5/0xc30 [ 43.064137] __blk_trace_setup+0xca/0x180 [ 43.068260] blk_trace_ioctl+0x155/0x290 [ 43.072295] blkdev_ioctl+0x112/0x1a7e [ 43.076197] block_ioctl+0xe9/0x130 [ 43.079832] do_vfs_ioctl+0xcdb/0x12e0 [ 43.083744] ksys_ioctl+0x9b/0xc0 [ 43.087189] __x64_sys_ioctl+0x6f/0xb0 [ 43.091083] do_syscall_64+0xf9/0x620 [ 43.094873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.100055] [ 43.101658] Freed by task 18: [ 43.104754] kmem_cache_free+0x7f/0x260 [ 43.108705] rcu_process_callbacks+0x8ff/0x18b0 [ 43.113350] __do_softirq+0x26c/0x9a0 [ 43.117149] [ 43.118755] The buggy address belongs to the object at ffff88808379c8c0 [ 43.118755] which belongs to the cache dentry of size 288 [ 43.130974] The buggy address is located 64 bytes inside of [ 43.130974] 288-byte region [ffff88808379c8c0, ffff88808379c9e0) [ 43.142733] The buggy address belongs to the page: [ 43.147748] page:ffffea00020de700 count:1 mapcount:0 mapping:ffff88821bc44c80 index:0xffff88808379c4a0 [ 43.157179] flags: 0xfffe0000000100(slab) [ 43.161322] raw: 00fffe0000000100 ffffea00020de748 ffffea00020bf248 ffff88821bc44c80 [ 43.169197] raw: ffff88808379c4a0 ffff88808379c080 0000000100000007 0000000000000000 [ 43.177058] page dumped because: kasan: bad access detected [ 43.182741] [ 43.184359] Memory state around the buggy address: [ 43.189267] ffff88808379c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 43.196616] ffff88808379c880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 43.203949] >ffff88808379c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.211281] ^ [ 43.214625] ffff88808379c980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 43.221974] ffff88808379ca00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.229323] ================================================================== [ 43.236656] Disabling lock debugging due to kernel taint executing program [ 43.260614] blktrace: Concurrent blktraces are not allowed on loop0 [ 43.265430] Kernel panic - not syncing: panic_on_warn set ... [ 43.265430] [ 43.274497] CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G B 4.19.142-syzkaller #0 [ 43.283337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.292690] Workqueue: events __blk_release_queue [ 43.297509] Call Trace: [ 43.300111] dump_stack+0x1fc/0x2fe [ 43.303716] panic+0x26a/0x50e [ 43.306885] ? __warn_printk+0xf3/0xf3 [ 43.310747] ? preempt_schedule_common+0x45/0xc0 [ 43.315482] ? ___preempt_schedule+0x16/0x18 [ 43.319880] ? trace_hardirqs_on+0x55/0x210 [ 43.324181] kasan_end_report+0x43/0x49 [ 43.328129] kasan_report_error.cold+0xa7/0x1c7 [ 43.332777] ? debugfs_remove+0x1c1/0x210 [ 43.336928] __asan_report_load8_noabort+0x88/0x90 [ 43.341857] ? debugfs_remove+0x1c1/0x210 [ 43.345981] debugfs_remove+0x1c1/0x210 [ 43.349942] blk_trace_free+0x31/0x130 [ 43.353838] __blk_trace_remove+0x8b/0x100 [ 43.358084] blk_trace_shutdown+0x92/0x100 [ 43.362297] __blk_release_queue+0x235/0x4e0 [ 43.366712] process_one_work+0x864/0x1570 [ 43.370927] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 43.375573] worker_thread+0x64c/0x1130 [ 43.379536] ? __kthread_parkme+0x133/0x1e0 [ 43.383829] ? process_one_work+0x1570/0x1570 [ 43.388398] kthread+0x33f/0x460 [ 43.391736] ? kthread_park+0x180/0x180 [ 43.395684] ret_from_fork+0x24/0x30 [ 43.400587] Kernel Offset: disabled [ 43.404202] Rebooting in 86400 seconds..