[ 467.365953] devpts: called with bogus options [ 467.386775] devpts: called with bogus options [ 467.506555] devpts: called with bogus options [ 467.562058] devpts: called with bogus options [ 467.636817] devpts: called with bogus options [ 467.654356] devpts: called with bogus options [ 467.655042] devpts: called with bogus options [ 467.667318] devpts: called with bogus options [ 467.670910] devpts: called with bogus options [ 467.701032] devpts: called with bogus options [ 467.718188] devpts: called with bogus options [ 467.728883] devpts: called with bogus options [ 467.751877] devpts: called with bogus options [ 467.796093] devpts: called with bogus options [ 467.801662] devpts: called with bogus options [ 467.816503] devpts: called with bogus options [ 467.898778] devpts: called with bogus options [ 467.972612] devpts: called with bogus options [ 467.992266] devpts: called with bogus options [ 468.148412] devpts: called with bogus options [ 468.155336] devpts: called with bogus options [ 468.163236] devpts: called with bogus options [ 468.170971] devpts: called with bogus options [ 468.187769] devpts: called with bogus options [ 468.253238] devpts: called with bogus options [ 468.264369] devpts: called with bogus options [ 468.269037] devpts: called with bogus options [ 468.275517] devpts: called with bogus options [ 468.405254] devpts: called with bogus options [ 468.515797] devpts: called with bogus options [ 468.528464] devpts: called with bogus options [ 468.535641] devpts: called with bogus options [ 468.544695] devpts: called with bogus options [ 468.674424] devpts: called with bogus options [ 468.772876] devpts: called with bogus options [ 468.779024] devpts: called with bogus options [ 468.788217] devpts: called with bogus options [ 468.845426] devpts: called with bogus options [ 468.867900] devpts: called with bogus options [ 468.875245] devpts: called with bogus options [ 468.876835] devpts: called with bogus options [ 468.883176] devpts: called with bogus options [ 468.887671] devpts: called with bogus options [ 468.929915] devpts: called with bogus options [ 472.272020] device bridge_slave_1 left promiscuous mode [ 472.277921] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.332559] device bridge_slave_0 left promiscuous mode [ 472.338197] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.461552] device hsr_slave_1 left promiscuous mode [ 472.512273] device hsr_slave_0 left promiscuous mode [ 472.553081] team0 (unregistering): Port device team_slave_1 removed [ 472.563479] team0 (unregistering): Port device team_slave_0 removed [ 472.574137] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 472.624267] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 472.687610] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. [ 472.901792] devpts: called with bogus options [ 473.065820] devpts: called with bogus options [ 473.077758] devpts: called with bogus options [ 473.086070] devpts: called with bogus options [ 473.098306] devpts: called with bogus options [ 473.106577] devpts: called with bogus options [ 473.117997] devpts: called with bogus options [ 473.732904] devpts: called with bogus options [ 473.748190] devpts: called with bogus options [ 473.756457] devpts: called with bogus options [ 474.106189] devpts: called with bogus options [ 474.338276] devpts: called with bogus options [ 474.347007] devpts: called with bogus options [ 474.697132] devpts: called with bogus options [ 474.852376] ================================================================== [ 474.860198] BUG: KASAN: use-after-free in debugfs_remove+0xda/0x100 [ 474.866623] Read of size 8 at addr ffff8880321f5e80 by task kworker/1:2/7775 [ 474.873807] [ 474.875424] CPU: 1 PID: 7775 Comm: kworker/1:2 Not tainted 4.14.168-syzkaller #0 [ 474.883045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.892525] Workqueue: events __blk_release_queue [ 474.897438] Call Trace: [ 474.900089] dump_stack+0xf7/0x13b [ 474.904325] ? debugfs_remove+0xda/0x100 [ 474.908487] print_address_description.cold.7+0x9/0x1c9 [ 474.913857] ? debugfs_remove+0xda/0x100 [ 474.918026] kasan_report.cold.8+0x11a/0x2d3 [ 474.922439] __asan_report_load8_noabort+0x14/0x20 [ 474.927452] debugfs_remove+0xda/0x100 [ 474.931358] blk_trace_free+0x30/0x130 [ 474.935253] blk_trace_remove+0x42/0x70 [ 474.939266] blk_trace_shutdown+0x42/0x50 [ 474.946640] __blk_release_queue+0x1f9/0x470 [ 474.951061] process_one_work+0x79e/0x16c0 [ 474.955296] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 474.959977] worker_thread+0xcc/0xee0 [ 474.963975] kthread+0x338/0x400 [ 474.967334] ? process_one_work+0x16c0/0x16c0 [ 474.971822] ? kthread_create_on_node+0xa0/0xa0 [ 474.976559] ret_from_fork+0x24/0x30 [ 474.980276] [ 474.981953] Allocated by task 7812: [ 474.985697] save_stack_trace+0x16/0x20 [ 474.989796] save_stack+0x43/0xd0 [ 474.993249] kasan_kmalloc+0xc7/0xe0 [ 474.996964] kasan_slab_alloc+0x12/0x20 [ 475.001142] kmem_cache_alloc+0x12e/0x790 [ 475.005383] __d_alloc+0x28/0x9f0 [ 475.008837] d_alloc+0x43/0x260 [ 475.012115] __lookup_hash+0x40/0x160 [ 475.015916] lookup_one_len+0x26e/0x3a0 [ 475.019978] start_creating+0x91/0x190 [ 475.023866] __debugfs_create_file+0x37/0x390 [ 475.028388] debugfs_create_file+0x24/0x30 [ 475.032627] do_blk_trace_setup+0x2fe/0xb10 [ 475.036939] blk_trace_setup+0xa8/0x110 [ 475.040913] blk_trace_ioctl+0x136/0x230 [ 475.044964] blkdev_ioctl+0x6ae/0x16b0 [ 475.048846] block_ioctl+0xd7/0x130 [ 475.052500] do_vfs_ioctl+0x180/0xfb0 [ 475.056318] SyS_ioctl+0x74/0x80 [ 475.059682] do_syscall_64+0x1c7/0x5b0 [ 475.066278] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 475.071460] [ 475.073082] Freed by task 7: [ 475.076101] save_stack_trace+0x16/0x20 [ 475.080074] save_stack+0x43/0xd0 [ 475.083634] kasan_slab_free+0x71/0xc0 [ 475.087521] kmem_cache_free+0x80/0x2d0 [ 475.091493] __d_free+0x17/0x20 [ 475.094942] rcu_process_callbacks+0x7e0/0x11e0 [ 475.099718] __do_softirq+0x246/0x9b0 [ 475.103939] [ 475.105562] The buggy address belongs to the object at ffff8880321f5e40 [ 475.105562] which belongs to the cache dentry of size 288 [ 475.117886] The buggy address is located 64 bytes inside of [ 475.117886] 288-byte region [ffff8880321f5e40, ffff8880321f5f60) [ 475.130191] The buggy address belongs to the page: [ 475.135117] page:ffffea0000c87d40 count:1 mapcount:0 mapping:ffff8880321f5080 index:0x0 [ 475.143248] flags: 0x1fffc0000000100(slab) [ 475.147477] raw: 01fffc0000000100 ffff8880321f5080 0000000000000000 000000010000000b [ 475.155349] raw: ffffea0001728020 ffffea0002037ba0 ffff88821f8b5680 0000000000000000 [ 475.163237] page dumped because: kasan: bad access detected [ 475.168950] [ 475.170580] Memory state around the buggy address: [ 475.175504] ffff8880321f5d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 475.182853] ffff8880321f5e00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 475.190207] >ffff8880321f5e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 475.197560] ^ [ 475.200921] ffff8880321f5f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 475.208266] ffff8880321f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 475.215622] ================================================================== [ 475.222981] Disabling lock debugging due to kernel taint [ 475.229789] Kernel panic - not syncing: panic_on_warn set ... [ 475.229789] [ 475.237169] CPU: 1 PID: 7775 Comm: kworker/1:2 Tainted: G B 4.14.168-syzkaller #0 [ 475.245909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.255277] Workqueue: events __blk_release_queue [ 475.260113] Call Trace: [ 475.262697] dump_stack+0xf7/0x13b [ 475.266340] ? debugfs_remove+0xda/0x100 [ 475.270392] panic+0x1b0/0x358 [ 475.273578] ? add_taint.cold.5+0x11/0x11 [ 475.277724] ? ___preempt_schedule+0x16/0x18 [ 475.282225] ? debugfs_remove+0xda/0x100 [ 475.286285] kasan_end_report+0x47/0x4f [ 475.290258] kasan_report.cold.8+0x76/0x2d3 [ 475.294616] __asan_report_load8_noabort+0x14/0x20 [ 475.299545] debugfs_remove+0xda/0x100 [ 475.303439] blk_trace_free+0x30/0x130 [ 475.307316] blk_trace_remove+0x42/0x70 [ 475.311286] blk_trace_shutdown+0x42/0x50 [ 475.315430] __blk_release_queue+0x1f9/0x470 [ 475.319833] process_one_work+0x79e/0x16c0 [ 475.324070] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 475.328765] worker_thread+0xcc/0xee0 [ 475.332601] kthread+0x338/0x400 [ 475.335962] ? process_one_work+0x16c0/0x16c0 [ 475.340447] ? kthread_create_on_node+0xa0/0xa0 [ 475.345115] ret_from_fork+0x24/0x30 [ 475.350533] Kernel Offset: disabled [ 475.354162] Rebooting in 86400 seconds..