[ 468.077463] devpts: called with bogus options [ 468.091096] devpts: called with bogus options [ 468.097328] devpts: called with bogus options [ 468.102303] devpts: called with bogus options [ 468.104564] devpts: called with bogus options [ 468.185946] devpts: called with bogus options [ 468.229086] devpts: called with bogus options [ 468.235435] devpts: called with bogus options [ 468.286573] devpts: called with bogus options [ 468.290775] devpts: called with bogus options [ 468.394933] devpts: called with bogus options [ 468.401427] devpts: called with bogus options [ 468.416833] devpts: called with bogus options [ 468.422871] devpts: called with bogus options [ 468.440438] devpts: called with bogus options [ 468.459439] devpts: called with bogus options [ 468.538308] devpts: called with bogus options [ 468.612414] devpts: called with bogus options [ 468.623729] devpts: called with bogus options [ 468.628504] devpts: called with bogus options [ 468.633793] devpts: called with bogus options [ 468.660752] devpts: called with bogus options [ 468.829673] devpts: called with bogus options [ 468.836388] devpts: called with bogus options [ 468.845209] devpts: called with bogus options [ 468.869018] devpts: called with bogus options [ 468.884539] devpts: called with bogus options [ 468.884850] devpts: called with bogus options [ 468.889479] devpts: called with bogus options [ 468.901091] devpts: called with bogus options [ 468.907285] devpts: called with bogus options [ 468.939919] devpts: called with bogus options [ 469.145759] devpts: called with bogus options [ 469.153490] devpts: called with bogus options [ 469.182518] devpts: called with bogus options [ 469.184353] devpts: called with bogus options [ 469.198280] devpts: called with bogus options [ 469.208720] devpts: called with bogus options [ 469.239599] devpts: called with bogus options [ 469.248684] devpts: called with bogus options [ 469.260154] devpts: called with bogus options [ 469.268820] devpts: called with bogus options [ 469.288826] devpts: called with bogus options [ 469.303110] devpts: called with bogus options [ 469.378085] devpts: called with bogus options [ 469.391736] devpts: called with bogus options [ 469.395775] devpts: called with bogus options [ 469.420270] devpts: called with bogus options [ 469.536568] devpts: called with bogus options [ 469.586445] devpts: called with bogus options [ 469.617820] devpts: called with bogus options [ 469.628155] devpts: called with bogus options [ 469.635134] devpts: called with bogus options [ 469.701066] devpts: called with bogus options [ 469.706549] devpts: called with bogus options [ 469.717451] devpts: called with bogus options [ 469.723265] devpts: called with bogus options [ 469.728587] devpts: called with bogus options [ 469.792608] devpts: called with bogus options [ 469.840536] devpts: called with bogus options [ 469.904020] devpts: called with bogus options [ 469.933791] devpts: called with bogus options [ 469.972128] devpts: called with bogus options [ 469.985215] devpts: called with bogus options [ 470.016281] devpts: called with bogus options [ 470.099608] devpts: called with bogus options [ 470.208267] devpts: called with bogus options [ 470.214103] devpts: called with bogus options [ 470.248069] devpts: called with bogus options [ 470.262979] devpts: called with bogus options Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. [ 473.491515] device bridge_slave_1 left promiscuous mode [ 473.497288] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.572782] device bridge_slave_0 left promiscuous mode [ 473.578269] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.694479] device hsr_slave_1 left promiscuous mode [ 473.744267] device hsr_slave_0 left promiscuous mode [ 473.793976] team0 (unregistering): Port device team_slave_1 removed [ 473.803124] team0 (unregistering): Port device team_slave_0 removed [ 473.813239] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 473.863717] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 473.937425] bond0 (unregistering): Released all slaves [ 474.042344] devpts: called with bogus options [ 474.186324] devpts: called with bogus options [ 474.198337] devpts: called with bogus options [ 474.206122] devpts: called with bogus options [ 474.217458] devpts: called with bogus options [ 474.225333] devpts: called with bogus options [ 474.233164] devpts: called with bogus options [ 474.244947] devpts: called with bogus options [ 474.252686] devpts: called with bogus options [ 474.260878] devpts: called with bogus options [ 474.268576] devpts: called with bogus options [ 474.280672] devpts: called with bogus options [ 474.288355] devpts: called with bogus options [ 474.300176] devpts: called with bogus options [ 474.307849] devpts: called with bogus options [ 474.321370] devpts: called with bogus options [ 474.329492] devpts: called with bogus options [ 474.341405] ================================================================== [ 474.349050] BUG: KASAN: use-after-free in debugfs_remove+0xda/0x100 [ 474.355452] Read of size 8 at addr ffff8880a77bf300 by task kworker/1:4/10648 [ 474.362720] [ 474.364353] CPU: 1 PID: 10648 Comm: kworker/1:4 Not tainted 4.14.173-syzkaller #0 [ 474.372142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.381862] Workqueue: events __blk_release_queue [ 474.387160] Call Trace: [ 474.389864] dump_stack+0xf7/0x13b [ 474.393429] ? debugfs_remove+0xda/0x100 [ 474.397484] print_address_description.cold.7+0x9/0x1c9 [ 474.402873] ? debugfs_remove+0xda/0x100 [ 474.406930] kasan_report.cold.8+0x11a/0x2d3 [ 474.411371] __asan_report_load8_noabort+0x14/0x20 [ 474.416307] debugfs_remove+0xda/0x100 [ 474.420203] blk_trace_free+0x30/0x130 [ 474.424102] blk_trace_remove+0x42/0x70 [ 474.428087] blk_trace_shutdown+0x42/0x50 [ 474.432238] __blk_release_queue+0x1f9/0x470 [ 474.436656] process_one_work+0x79e/0x16c0 [ 474.440897] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 474.445705] worker_thread+0xcc/0xee0 [ 474.449776] kthread+0x338/0x400 [ 474.453146] ? process_one_work+0x16c0/0x16c0 [ 474.457664] ? kthread_create_on_node+0xa0/0xa0 [ 474.462413] ret_from_fork+0x24/0x30 [ 474.466136] [ 474.467847] Allocated by task 10654: [ 474.471584] save_stack_trace+0x16/0x20 [ 474.475657] save_stack+0x43/0xd0 [ 474.479119] kasan_kmalloc+0xc7/0xe0 [ 474.482834] kasan_slab_alloc+0x12/0x20 [ 474.486892] kmem_cache_alloc+0x12e/0x790 [ 474.491383] __d_alloc+0x28/0x9f0 [ 474.494825] d_alloc+0x43/0x260 [ 474.498113] __lookup_hash+0x40/0x160 [ 474.501906] lookup_one_len+0x26e/0x3a0 [ 474.505874] start_creating+0x91/0x190 [ 474.509751] __debugfs_create_file+0x37/0x390 [ 474.514235] debugfs_create_file+0x24/0x30 [ 474.518473] do_blk_trace_setup+0x2fe/0xb10 [ 474.522798] blk_trace_setup+0xa8/0x110 [ 474.526766] blk_trace_ioctl+0x136/0x230 [ 474.530823] blkdev_ioctl+0x6ae/0x16b0 [ 474.534699] block_ioctl+0xd7/0x130 [ 474.538319] do_vfs_ioctl+0x180/0xfb0 [ 474.542122] SyS_ioctl+0x74/0x80 [ 474.545481] do_syscall_64+0x1c7/0x5b0 [ 474.549498] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 474.554686] [ 474.556303] Freed by task 17: [ 474.559405] save_stack_trace+0x16/0x20 [ 474.564162] save_stack+0x43/0xd0 [ 474.567602] kasan_slab_free+0x71/0xc0 [ 474.571497] kmem_cache_free+0x80/0x2d0 [ 474.575478] __d_free+0x17/0x20 [ 474.578773] rcu_process_callbacks+0x7e0/0x11e0 [ 474.583447] __do_softirq+0x246/0x9b0 [ 474.587233] [ 474.588863] The buggy address belongs to the object at ffff8880a77bf2c0 [ 474.588863] which belongs to the cache dentry of size 288 [ 474.601088] The buggy address is located 64 bytes inside of [ 474.601088] 288-byte region [ffff8880a77bf2c0, ffff8880a77bf3e0) [ 474.612872] The buggy address belongs to the page: [ 474.617794] page:ffffea00029defc0 count:1 mapcount:0 mapping:ffff8880a77bf000 index:0x0 [ 474.626138] flags: 0x1fffc0000000100(slab) [ 474.630374] raw: 01fffc0000000100 ffff8880a77bf000 0000000000000000 000000010000000b [ 474.638264] raw: ffffea00029deee0 ffffea0002263360 ffff88821f8b5680 0000000000000000 [ 474.646314] page dumped because: kasan: bad access detected [ 474.652525] [ 474.654404] Memory state around the buggy address: [ 474.659337] ffff8880a77bf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 474.666693] ffff8880a77bf280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 474.674054] >ffff8880a77bf300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 474.681411] ^ [ 474.684782] ffff8880a77bf380: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 474.692146] ffff8880a77bf400: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb [ 474.699504] ================================================================== [ 474.706856] Disabling lock debugging due to kernel taint [ 474.715772] Kernel panic - not syncing: panic_on_warn set ... [ 474.715772] [ 474.723163] CPU: 1 PID: 10648 Comm: kworker/1:4 Tainted: G B 4.14.173-syzkaller #0 [ 474.732546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.741889] Workqueue: events __blk_release_queue [ 474.746721] Call Trace: [ 474.749284] dump_stack+0xf7/0x13b [ 474.753065] ? debugfs_remove+0xda/0x100 [ 474.757105] panic+0x1b0/0x358 [ 474.760291] ? add_taint.cold.5+0x11/0x11 [ 474.764422] ? ___preempt_schedule+0x16/0x18 [ 474.768845] ? debugfs_remove+0xda/0x100 [ 474.772904] kasan_end_report+0x47/0x4f [ 474.776877] kasan_report.cold.8+0x76/0x2d3 [ 474.781191] __asan_report_load8_noabort+0x14/0x20 [ 474.786114] debugfs_remove+0xda/0x100 [ 474.789980] blk_trace_free+0x30/0x130 [ 474.794111] blk_trace_remove+0x42/0x70 [ 474.798211] blk_trace_shutdown+0x42/0x50 [ 474.802391] __blk_release_queue+0x1f9/0x470 [ 474.806779] process_one_work+0x79e/0x16c0 [ 474.811000] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 474.815659] worker_thread+0xcc/0xee0 [ 474.819438] kthread+0x338/0x400 [ 474.822780] ? process_one_work+0x16c0/0x16c0 [ 474.827393] ? kthread_create_on_node+0xa0/0xa0 [ 474.832064] ret_from_fork+0x24/0x30 [ 474.837302] Kernel Offset: disabled [ 474.840965] Rebooting in 86400 seconds..