Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. syzkaller login: [ 62.136153] kauditd_printk_skb: 2 callbacks suppressed [ 62.136169] audit: type=1400 audit(1572985915.879:36): avc: denied { map } for pid=7526 comm="syz-executor131" path="/root/syz-executor131845579" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 62.183474] IPVS: ftp: loaded support on port[0] = 21 [ 62.209693] IPVS: ftp: loaded support on port[0] = 21 [ 62.217968] IPVS: ftp: loaded support on port[0] = 21 [ 62.228490] IPVS: ftp: loaded support on port[0] = 21 [ 62.238056] IPVS: ftp: loaded support on port[0] = 21 [ 62.250875] IPVS: ftp: loaded support on port[0] = 21 [ 62.251566] audit: type=1400 audit(1572985915.989:37): avc: denied { create } for pid=7537 comm="syz-executor131" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.313402] audit: type=1400 audit(1572985916.029:38): avc: denied { write } for pid=7537 comm="syz-executor131" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.343142] audit: type=1400 audit(1572985916.029:39): avc: denied { read } for pid=7537 comm="syz-executor131" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 62.381182] audit: type=1400 audit(1572985916.029:40): avc: denied { associate } for pid=7537 comm="syz-executor131" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 executing program [ 62.468779] devpts: called with bogus options executing program executing program executing program [ 62.520216] devpts: called with bogus options executing program [ 62.544357] devpts: called with bogus options [ 62.550340] devpts: called with bogus options executing program executing program executing program [ 62.585783] devpts: called with bogus options [ 62.596377] devpts: called with bogus options [ 62.596829] devpts: called with bogus options [ 62.611365] devpts: called with bogus options executing program [ 62.683679] devpts: called with bogus options executing program executing program executing program executing program [ 62.828400] devpts: called with bogus options [ 62.830252] devpts: called with bogus options [ 62.843232] devpts: called with bogus options [ 62.858111] devpts: called with bogus options executing program [ 63.065078] devpts: called with bogus options executing program [ 63.184961] devpts: called with bogus options executing program [ 63.333118] devpts: called with bogus options executing program executing program [ 63.685008] devpts: called with bogus options executing program executing program executing program [ 63.707779] devpts: called with bogus options [ 63.712625] devpts: called with bogus options [ 63.733437] devpts: called with bogus options [ 63.789839] devpts: called with bogus options executing program [ 63.942254] devpts: called with bogus options executing program [ 64.061532] devpts: called with bogus options executing program executing program [ 64.169711] devpts: called with bogus options [ 64.186668] devpts: called with bogus options executing program [ 64.459129] devpts: called with bogus options executing program executing program [ 64.578194] devpts: called with bogus options [ 64.580085] devpts: called with bogus options executing program [ 64.727402] devpts: called with bogus options executing program executing program executing program executing program executing program executing program executing program [ 65.367770] devpts: called with bogus options [ 65.379355] devpts: called with bogus options [ 65.385881] devpts: called with bogus options [ 65.394014] devpts: called with bogus options [ 65.401874] devpts: called with bogus options [ 65.408800] devpts: called with bogus options [ 65.423150] devpts: called with bogus options [ 65.508434] ================================================================== [ 65.516064] BUG: KASAN: use-after-free in debugfs_remove+0x10d/0x130 [ 65.516075] Read of size 8 at addr ffff88808d915300 by task kworker/1:2/3204 [ 65.516078] [ 65.516092] CPU: 1 PID: 3204 Comm: kworker/1:2 Not tainted 4.19.81 #0 [ 65.516100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.516115] Workqueue: events __blk_release_queue [ 65.516122] Call Trace: [ 65.516140] dump_stack+0x172/0x1f0 [ 65.516155] ? debugfs_remove+0x10d/0x130 [ 65.516199] print_address_description.cold+0x7c/0x20d [ 65.516214] ? debugfs_remove+0x10d/0x130 [ 65.516225] kasan_report.cold+0x8c/0x2ba [ 65.530561] __asan_report_load8_noabort+0x14/0x20 [ 65.530575] debugfs_remove+0x10d/0x130 [ 65.530590] blk_trace_free+0x38/0x140 [ 65.530602] __blk_trace_remove+0x78/0xa0 [ 65.530617] blk_trace_shutdown+0x67/0x90 [ 65.538903] __blk_release_queue+0x260/0x540 [ 65.538922] process_one_work+0x989/0x1750 [ 65.538946] ? pwq_dec_nr_in_flight+0x320/0x320 [ 65.538960] ? lock_acquire+0x16f/0x3f0 [ 65.538977] ? kasan_check_write+0x14/0x20 [ 65.548547] kobject: 'iosched' (00000000ae720b42): kobject_uevent_env [ 65.553753] ? do_raw_spin_lock+0xc8/0x240 [ 65.553774] worker_thread+0x98/0xe40 [ 65.553792] ? trace_hardirqs_on+0x67/0x220 [ 65.553816] kthread+0x354/0x420 [ 65.553831] ? process_one_work+0x1750/0x1750 [ 65.556529] kobject: 'iosched' (00000000ae720b42): kobject_uevent_env: filter function caused the event to drop! [ 65.560185] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 65.560203] ret_from_fork+0x24/0x30 [ 65.560223] [ 65.560231] Allocated by task 7599: [ 65.560244] save_stack+0x45/0xd0 [ 65.560253] kasan_kmalloc+0xce/0xf0 [ 65.560267] kasan_slab_alloc+0xf/0x20 [ 65.564644] kobject: 'integrity' (00000000b9618528): kobject_add_internal: parent: 'loop0', set: '' [ 65.569728] kmem_cache_alloc+0x12e/0x700 [ 65.569741] __d_alloc+0x2e/0x9c0 [ 65.569752] d_alloc+0x4d/0x280 [ 65.569763] d_alloc_parallel+0xf4/0x1bb0 [ 65.569773] __lookup_slow+0x1ab/0x500 [ 65.569787] lookup_one_len+0x16d/0x1a0 [ 65.569796] start_creating+0xbf/0x1e0 [ 65.569803] __debugfs_create_file+0x65/0x400 [ 65.569811] debugfs_create_file+0x5a/0x70 [ 65.569821] do_blk_trace_setup+0x376/0xb90 [ 65.569829] __blk_trace_setup+0xe3/0x190 [ 65.569838] blk_trace_ioctl+0x170/0x300 [ 65.569849] blkdev_ioctl+0x126/0x1ab6 [ 65.569859] block_ioctl+0xee/0x130 [ 65.569870] do_vfs_ioctl+0xd5f/0x1380 [ 65.574347] kobject: 'integrity' (00000000b9618528): kobject_uevent_env [ 65.578253] ksys_ioctl+0xab/0xd0 [ 65.578266] __x64_sys_ioctl+0x73/0xb0 [ 65.578290] do_syscall_64+0xfd/0x620 [ 65.578307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.583370] kobject: 'integrity' (00000000b9618528): kobject_uevent_env: filter function caused the event to drop! [ 65.587165] [ 65.587171] Freed by task 7617: [ 65.587185] save_stack+0x45/0xd0 [ 65.587197] __kasan_slab_free+0x102/0x150 [ 65.587208] kasan_slab_free+0xe/0x10 [ 65.587217] kmem_cache_free+0x86/0x260 [ 65.587229] __d_free+0x20/0x30 [ 65.591257] kobject: 'integrity' (00000000b9618528): kobject_uevent_env [ 65.595256] rcu_process_callbacks+0xba0/0x1a30 [ 65.595270] __do_softirq+0x25c/0x921 [ 65.595274] [ 65.595288] The buggy address belongs to the object at ffff88808d9152c0 [ 65.595288] which belongs to the cache dentry(71:syz5) of size 288 [ 65.595299] The buggy address is located 64 bytes inside of [ 65.595299] 288-byte region [ffff88808d9152c0, ffff88808d9153e0) [ 65.595303] The buggy address belongs to the page: [ 65.595314] page:ffffea0002364540 count:1 mapcount:0 mapping:ffff8880a14271c0 index:0x0 [ 65.599559] kobject: 'integrity' (00000000b9618528): kobject_uevent_env: filter function caused the event to drop! [ 65.603853] flags: 0x1fffc0000000100(slab) [ 65.603870] raw: 01fffc0000000100 ffffea00025e84c8 ffffea00025e9148 ffff8880a14271c0 [ 65.603886] raw: 0000000000000000 ffff88808d915000 000000010000000b ffff8880961c2e00 [ 65.603891] page dumped because: kasan: bad access detected [ 65.603897] page->mem_cgroup:ffff8880961c2e00 [ 65.603900] [ 65.603904] Memory state around the buggy address: [ 65.603914] ffff88808d915200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.608300] kobject: 'integrity' (00000000b9618528): kobject_cleanup, parent (null) [ 65.612781] ffff88808d915280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 65.612791] >ffff88808d915300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.612796] ^ [ 65.612806] ffff88808d915380: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 65.612816] ffff88808d915400: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb [ 65.612820] ================================================================== [ 65.612824] Disabling lock debugging due to kernel taint [ 65.614179] Kernel panic - not syncing: panic_on_warn set ... [ 65.614179] [ 65.619976] kobject: 'integrity' (00000000b9618528): does not have a release() function, it is broken and must be fixed. [ 65.621056] CPU: 1 PID: 3204 Comm: kworker/1:2 Tainted: G B 4.19.81 #0 [ 65.621064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.621080] Workqueue: events __blk_release_queue [ 65.628110] kobject: 'integrity': free name [ 65.631883] Call Trace: [ 65.631906] dump_stack+0x172/0x1f0 [ 65.631921] ? debugfs_remove+0x10d/0x130 [ 66.030783] panic+0x26a/0x50e [ 66.033999] ? __warn_printk+0xf3/0xf3 [ 66.037897] ? debugfs_remove+0x10d/0x130 [ 66.042149] ? preempt_schedule+0x4b/0x60 [ 66.046399] ? ___preempt_schedule+0x16/0x18 [ 66.050808] ? trace_hardirqs_on+0x5e/0x220 [ 66.055141] ? debugfs_remove+0x10d/0x130 [ 66.059280] kasan_end_report+0x47/0x4f [ 66.063244] kasan_report.cold+0xa9/0x2ba [ 66.067389] __asan_report_load8_noabort+0x14/0x20 [ 66.072413] debugfs_remove+0x10d/0x130 [ 66.076377] blk_trace_free+0x38/0x140 [ 66.080256] __blk_trace_remove+0x78/0xa0 [ 66.084399] blk_trace_shutdown+0x67/0x90 [ 66.088550] __blk_release_queue+0x260/0x540 [ 66.092972] process_one_work+0x989/0x1750 [ 66.097577] ? pwq_dec_nr_in_flight+0x320/0x320 [ 66.102394] ? lock_acquire+0x16f/0x3f0 [ 66.106364] ? kasan_check_write+0x14/0x20 [ 66.110600] ? do_raw_spin_lock+0xc8/0x240 [ 66.114927] worker_thread+0x98/0xe40 [ 66.118724] ? trace_hardirqs_on+0x67/0x220 [ 66.123145] kthread+0x354/0x420 [ 66.126500] ? process_one_work+0x1750/0x1750 [ 66.131079] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 66.136612] ret_from_fork+0x24/0x30 [ 66.141821] Kernel Offset: disabled [ 66.145472] Rebooting in 86400 seconds..