[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.584663] kauditd_printk_skb: 7 callbacks suppressed [ 26.584675] audit: type=1800 audit(1540147954.252:29): pid=5446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.609929] audit: type=1800 audit(1540147954.262:30): pid=5446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. 2018/10/21 18:53:39 parsed 1 programs 2018/10/21 18:53:42 executed programs: 0 syzkaller login: [ 94.465057] IPVS: ftp: loaded support on port[0] = 21 [ 94.472429] IPVS: ftp: loaded support on port[0] = 21 [ 94.482635] IPVS: ftp: loaded support on port[0] = 21 [ 94.484128] IPVS: ftp: loaded support on port[0] = 21 [ 94.492854] IPVS: ftp: loaded support on port[0] = 21 [ 94.502486] IPVS: ftp: loaded support on port[0] = 21 [ 95.764183] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.781889] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.791331] device bridge_slave_0 entered promiscuous mode [ 95.833379] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.847597] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.854983] device bridge_slave_1 entered promiscuous mode [ 95.880463] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.888225] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.896742] device bridge_slave_0 entered promiscuous mode [ 95.914356] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 95.939879] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.952072] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.967556] device bridge_slave_0 entered promiscuous mode [ 95.978228] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.984596] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.992259] device bridge_slave_0 entered promiscuous mode [ 96.000880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.014660] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.022124] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.030583] device bridge_slave_1 entered promiscuous mode [ 96.049333] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.057794] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.066370] device bridge_slave_1 entered promiscuous mode [ 96.075426] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.082481] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.090763] device bridge_slave_1 entered promiscuous mode [ 96.097746] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.104111] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.113392] device bridge_slave_0 entered promiscuous mode [ 96.122381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.133000] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.142765] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.150709] device bridge_slave_0 entered promiscuous mode [ 96.169600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.181453] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.192031] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.209628] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.219097] device bridge_slave_1 entered promiscuous mode [ 96.227149] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.233532] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.243307] device bridge_slave_1 entered promiscuous mode [ 96.251421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.262453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.272605] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.283998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.320446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.363516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.375158] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.402300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.437429] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.479842] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.518009] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.536073] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 96.546183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.572377] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.589423] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.620886] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.634517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 96.655245] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.668240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.681412] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.694573] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.705718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 96.716232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 96.731148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.746920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.759058] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.786753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.892637] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.916923] team0: Port device team_slave_0 added [ 96.998163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.007606] team0: Port device team_slave_1 added [ 97.019451] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.029054] team0: Port device team_slave_0 added [ 97.045626] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.053009] team0: Port device team_slave_0 added [ 97.114845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.132142] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.140189] team0: Port device team_slave_1 added [ 97.149040] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.156649] team0: Port device team_slave_0 added [ 97.172975] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.182693] team0: Port device team_slave_1 added [ 97.191543] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.199512] team0: Port device team_slave_0 added [ 97.211424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.227585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.253482] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.261907] team0: Port device team_slave_1 added [ 97.269956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.280927] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.290499] team0: Port device team_slave_1 added [ 97.304004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.314636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.330020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.338374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.351907] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.359293] team0: Port device team_slave_0 added [ 97.372127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.386715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.395994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.403976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.421636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.430160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.438101] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.450890] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.464633] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.480376] team0: Port device team_slave_1 added [ 97.485816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.495254] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.512155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.522674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.531112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.539131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.551025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.560884] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.577168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.584063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.594436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.610680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.619298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.627481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.635130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.646175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.653401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.661512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.676140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.688996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.700148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.711567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.731283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.745312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.759072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.768226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.778242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.787388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.795326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.808820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.824283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.833265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.842022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.868252] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.886691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.899066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.915674] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.926990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.941711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.978147] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.985633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.993641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.382657] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.389233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.396260] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.402720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.418753] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.427007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.524880] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.531320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.538047] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.544415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.554694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.578049] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.584458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.591184] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.597616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.624314] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.695835] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.702238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.708962] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.715343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.726360] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.742559] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.748987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.755681] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.762058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.787637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.862321] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.868754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.875837] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.882233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.901703] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.446276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.454484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.470886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.486860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.494095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.329336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.373882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.455740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.543490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.587005] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.601607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.633296] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.731820] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.744171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.796903] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.885426] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 101.892998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.903347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.917264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 101.924739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.936263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.953727] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.033297] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.046475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.053646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.076915] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.084914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.096036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.129398] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.164520] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.193652] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.276106] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.282326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.293536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.362233] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.370969] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.382340] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.395680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.402816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.526924] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.611217] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/21 18:53:51 executed programs: 6 2018/10/21 18:53:56 executed programs: 59 2018/10/21 18:54:02 executed programs: 108 2018/10/21 18:54:07 executed programs: 145 2018/10/21 18:54:12 executed programs: 209 [ 125.068232] ================================================================== [ 125.075786] BUG: KASAN: use-after-free in debugfs_remove+0x10b/0x130 [ 125.075801] Read of size 8 at addr ffff8801c67dc1a0 by task kworker/0:3/3113 [ 125.075805] [ 125.075821] CPU: 0 PID: 3113 Comm: kworker/0:3 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 125.075829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.075848] Workqueue: events __blk_release_queue [ 125.075856] Call Trace: [ 125.075876] dump_stack+0x244/0x39d [ 125.075897] ? dump_stack_print_info.cold.1+0x20/0x20 [ 125.075915] ? printk+0xa7/0xcf [ 125.075929] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 125.089694] print_address_description.cold.7+0x9/0x1ff [ 125.089713] kasan_report.cold.8+0x242/0x309 [ 125.089730] ? debugfs_remove+0x10b/0x130 [ 125.089748] __asan_report_load8_noabort+0x14/0x20 [ 125.089764] debugfs_remove+0x10b/0x130 [ 125.089782] blk_trace_free+0x35/0x130 [ 125.089800] __blk_trace_remove+0x7a/0xa0 [ 125.099646] blk_trace_shutdown+0x63/0x80 [ 125.099667] __blk_release_queue+0x22d/0x500 [ 125.099688] process_one_work+0xc8b/0x1c40 [ 125.099704] ? mark_held_locks+0x130/0x130 [ 125.099729] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 125.099753] ? __switch_to_asm+0x40/0x70 [ 125.099770] ? __switch_to_asm+0x34/0x70 [ 125.113962] ? __switch_to_asm+0x40/0x70 [ 125.113976] ? __switch_to_asm+0x34/0x70 [ 125.113989] ? __switch_to_asm+0x40/0x70 [ 125.114002] ? __switch_to_asm+0x34/0x70 [ 125.114015] ? __switch_to_asm+0x40/0x70 [ 125.114027] ? __switch_to_asm+0x34/0x70 [ 125.114044] ? __switch_to_asm+0x40/0x70 [ 125.120252] ? __schedule+0x8d7/0x21d0 [ 125.120280] ? lock_downgrade+0x900/0x900 [ 125.120300] ? zap_class+0x640/0x640 [ 125.120323] ? find_held_lock+0x36/0x1c0 [ 125.126039] kobject: 'loop0' (00000000c6fa7511): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 125.128774] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 125.128807] ? lock_acquire+0x1ed/0x520 [ 125.128822] ? worker_thread+0x3e0/0x1390 [ 125.128854] ? kasan_check_read+0x11/0x20 [ 125.128867] ? do_raw_spin_lock+0x14f/0x350 [ 125.128886] ? kasan_check_read+0x11/0x20 [ 125.140574] kobject: 'queue' (0000000077b3fe2d): kobject_add_internal: parent: 'loop0', set: '' [ 125.143740] ? rwlock_bug.part.2+0x90/0x90 [ 125.143757] ? trace_hardirqs_on+0x310/0x310 [ 125.143786] worker_thread+0x17f/0x1390 [ 125.143800] ? __switch_to_asm+0x34/0x70 [ 125.143826] ? process_one_work+0x1c40/0x1c40 [ 125.143849] ? zap_class+0x640/0x640 [ 125.148790] kobject: 'mq' (00000000ae5ce67b): kobject_add_internal: parent: 'loop0', set: '' [ 125.153033] ? __kthread_parkme+0xce/0x1a0 [ 125.153053] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 125.153067] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 125.153088] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 125.157888] kobject: 'mq' (00000000ae5ce67b): kobject_uevent_env [ 125.160934] ? trace_hardirqs_on+0xbd/0x310 [ 125.160952] ? kasan_check_read+0x11/0x20 [ 125.160969] ? __kthread_parkme+0xce/0x1a0 [ 125.160985] ? trace_hardirqs_off_caller+0x300/0x300 [ 125.161004] ? trace_hardirqs_off_caller+0x300/0x300 [ 125.161026] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 125.165927] kobject: 'mq' (00000000ae5ce67b): kobject_uevent_env: filter function caused the event to drop! [ 125.169477] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 125.169494] ? __kthread_parkme+0xfb/0x1a0 [ 125.169513] ? process_one_work+0x1c40/0x1c40 [ 125.169528] kthread+0x35a/0x440 [ 125.169545] ? kthread_stop+0x8f0/0x8f0 [ 125.169563] ret_from_fork+0x3a/0x50 [ 125.174134] kobject: '0' (000000000c49c0fe): kobject_add_internal: parent: 'mq', set: '' [ 125.178191] [ 125.178200] Allocated by task 8469: [ 125.178229] save_stack+0x43/0xd0 [ 125.178240] kasan_kmalloc+0xc7/0xe0 [ 125.178252] kasan_slab_alloc+0x12/0x20 [ 125.178265] kmem_cache_alloc+0x12e/0x730 [ 125.178278] __d_alloc+0xc8/0xb90 [ 125.178291] d_alloc+0x96/0x380 [ 125.178305] d_alloc_parallel+0x15a/0x1f40 [ 125.178320] __lookup_slow+0x1e6/0x540 [ 125.184587] kobject: 'cpu0' (000000003d34cf1d): kobject_add_internal: parent: '0', set: '' [ 125.187203] lookup_one_len+0x1d8/0x220 [ 125.187229] start_creating+0xc6/0x200 [ 125.187244] __debugfs_create_file+0x63/0x400 [ 125.187257] debugfs_create_file+0x57/0x70 [ 125.187273] do_blk_trace_setup+0x45d/0xdb0 [ 125.187286] __blk_trace_setup+0xd5/0x180 [ 125.187301] blk_trace_ioctl+0x17a/0x2f0 [ 125.187313] blkdev_ioctl+0x8bc/0x2010 [ 125.187332] block_ioctl+0xee/0x130 [ 125.187349] do_vfs_ioctl+0x1de/0x1720 [ 125.192054] kobject: 'cpu1' (000000004829aecd): kobject_add_internal: parent: '0', set: '' [ 125.195457] ksys_ioctl+0xa9/0xd0 [ 125.195470] __x64_sys_ioctl+0x73/0xb0 [ 125.195486] do_syscall_64+0x1b9/0x820 [ 125.195501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.195505] [ 125.195512] Freed by task 0: [ 125.195527] save_stack+0x43/0xd0 [ 125.195540] __kasan_slab_free+0x102/0x150 [ 125.195552] kasan_slab_free+0xe/0x10 [ 125.195564] kmem_cache_free+0x83/0x290 [ 125.195576] __d_free+0x20/0x30 [ 125.195596] rcu_process_callbacks+0x1006/0x1ac0 [ 125.202838] kobject: 'queue' (0000000077b3fe2d): kobject_uevent_env [ 125.203694] __do_softirq+0x308/0xb7e [ 125.203699] [ 125.203711] The buggy address belongs to the object at ffff8801c67dc160 [ 125.203711] which belongs to the cache dentry(81:syz1) of size 288 [ 125.203724] The buggy address is located 64 bytes inside of [ 125.203724] 288-byte region [ffff8801c67dc160, ffff8801c67dc280) [ 125.203729] The buggy address belongs to the page: [ 125.203742] page:ffffea000719f700 count:1 mapcount:0 mapping:ffff8801bbb58600 index:0x0 [ 125.203754] flags: 0x2fffc0000000200(slab) [ 125.203778] raw: 02fffc0000000200 ffffea000730c648 ffffea0006b55948 ffff8801bbb58600 [ 125.211711] kobject: 'queue' (0000000077b3fe2d): kobject_uevent_env: filter function caused the event to drop! [ 125.211885] raw: 0000000000000000 ffff8801c67dc000 000000010000000b ffff8801cc56a680 [ 125.216601] kobject: 'iosched' (00000000d12fd823): kobject_add_internal: parent: 'queue', set: '' [ 125.219975] page dumped because: kasan: bad access detected [ 125.219982] page->mem_cgroup:ffff8801cc56a680 [ 125.219986] [ 125.219991] Memory state around the buggy address: [ 125.220004] ffff8801c67dc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.220015] ffff8801c67dc100: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb [ 125.220027] >ffff8801c67dc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.220033] ^ [ 125.220045] ffff8801c67dc200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 125.220055] ffff8801c67dc280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 125.220061] ================================================================== [ 125.220070] Disabling lock debugging due to kernel taint [ 125.224320] kobject: 'iosched' (00000000d12fd823): kobject_uevent_env [ 125.235506] Kernel panic - not syncing: panic_on_warn set ... [ 125.238230] kobject: 'iosched' (00000000d12fd823): kobject_uevent_env: filter function caused the event to drop! [ 125.240018] CPU: 0 PID: 3113 Comm: kworker/0:3 Tainted: G B 4.19.0-rc8-next-20181019+ #98 [ 125.240027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.240049] Workqueue: events __blk_release_queue [ 125.249938] kobject: 'integrity' (00000000678c1c53): kobject_add_internal: parent: 'loop0', set: '' [ 125.254058] Call Trace: [ 125.254080] dump_stack+0x244/0x39d [ 125.254099] ? dump_stack_print_info.cold.1+0x20/0x20 [ 125.254122] panic+0x2ad/0x55c [ 125.258618] kobject: 'integrity' (00000000678c1c53): kobject_uevent_env [ 125.262274] ? add_taint.cold.5+0x16/0x16 [ 125.262292] ? preempt_schedule+0x4d/0x60 [ 125.262308] ? ___preempt_schedule+0x16/0x18 [ 125.262334] ? trace_hardirqs_on+0xb4/0x310 [ 125.266853] kobject: 'integrity' (00000000678c1c53): kobject_uevent_env: filter function caused the event to drop! [ 125.270779] kasan_end_report+0x47/0x4f [ 125.270793] kasan_report.cold.8+0x76/0x309 [ 125.270809] ? debugfs_remove+0x10b/0x130 [ 125.270826] __asan_report_load8_noabort+0x14/0x20 [ 125.284884] kobject: 'integrity' (00000000678c1c53): kobject_uevent_env [ 125.288546] debugfs_remove+0x10b/0x130 [ 125.288565] blk_trace_free+0x35/0x130 [ 125.288579] __blk_trace_remove+0x7a/0xa0 [ 125.288598] blk_trace_shutdown+0x63/0x80 [ 125.296131] kobject: 'integrity' (00000000678c1c53): kobject_uevent_env: filter function caused the event to drop! [ 125.296963] __blk_release_queue+0x22d/0x500 [ 125.296981] process_one_work+0xc8b/0x1c40 [ 125.306086] kobject: 'integrity' (00000000678c1c53): kobject_cleanup, parent (null) [ 125.309229] ? mark_held_locks+0x130/0x130 [ 125.309251] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 125.309265] ? __switch_to_asm+0x40/0x70 [ 125.309281] ? __switch_to_asm+0x34/0x70 [ 125.321094] kobject: 'integrity' (00000000678c1c53): does not have a release() function, it is broken and must be fixed. [ 125.322600] ? __switch_to_asm+0x40/0x70 [ 125.322614] ? __switch_to_asm+0x34/0x70 [ 125.322626] ? __switch_to_asm+0x40/0x70 [ 125.322638] ? __switch_to_asm+0x34/0x70 [ 125.322655] ? __switch_to_asm+0x40/0x70 [ 125.328162] kobject: 'integrity': free name [ 125.332838] ? __switch_to_asm+0x34/0x70 [ 125.332851] ? __switch_to_asm+0x40/0x70 [ 125.332870] ? __schedule+0x8d7/0x21d0 [ 125.332891] ? lock_downgrade+0x900/0x900 [ 125.332908] ? zap_class+0x640/0x640 [ 125.352583] kobject: 'loop1' (000000004fd4ce9f): kobject_uevent_env [ 125.356276] ? find_held_lock+0x36/0x1c0 [ 125.356295] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 125.356317] ? lock_acquire+0x1ed/0x520 [ 125.356338] ? worker_thread+0x3e0/0x1390 [ 125.356358] ? kasan_check_read+0x11/0x20 [ 125.361614] kobject: 'loop1' (000000004fd4ce9f): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 125.366544] ? do_raw_spin_lock+0x14f/0x350 [ 125.366560] ? kasan_check_read+0x11/0x20 [ 125.366573] ? rwlock_bug.part.2+0x90/0x90 [ 125.366588] ? trace_hardirqs_on+0x310/0x310 [ 125.366608] worker_thread+0x17f/0x1390 [ 125.366627] ? __switch_to_asm+0x34/0x70 [ 126.018777] ? process_one_work+0x1c40/0x1c40 [ 126.023261] ? zap_class+0x640/0x640 [ 126.027142] ? __kthread_parkme+0xce/0x1a0 [ 126.031366] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 126.036459] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 126.041553] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 126.046121] ? trace_hardirqs_on+0xbd/0x310 [ 126.050428] ? kasan_check_read+0x11/0x20 [ 126.054559] ? __kthread_parkme+0xce/0x1a0 [ 126.058778] ? trace_hardirqs_off_caller+0x300/0x300 [ 126.063876] ? trace_hardirqs_off_caller+0x300/0x300 [ 126.068966] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 126.074055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 126.079591] ? __kthread_parkme+0xfb/0x1a0 [ 126.083813] ? process_one_work+0x1c40/0x1c40 [ 126.088300] kthread+0x35a/0x440 [ 126.091652] ? kthread_stop+0x8f0/0x8f0 [ 126.095610] ret_from_fork+0x3a/0x50 [ 126.100060] Kernel Offset: disabled [ 126.103698] Rebooting in 86400 seconds..