[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 56.118331][ T27] audit: type=1800 audit(1561978368.113:25): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 56.155439][ T27] audit: type=1800 audit(1561978368.113:26): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 56.176352][ T27] audit: type=1800 audit(1561978368.113:27): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 67.606036][ T12] ==================================================================
[ 67.614441][ T12] BUG: KASAN: use-after-free in debugfs_remove+0x10d/0x130
[ 67.622082][ T12] Read of size 8 at addr ffff8880a6a20bc0 by task kworker/0:1/12
[ 67.629865][ T12]
[ 67.632182][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6-next-20190628 #25
[ 67.640963][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 67.651188][ T12] Workqueue: events __blk_release_queue
[ 67.656738][ T12] Call Trace:
[ 67.660022][ T12] dump_stack+0x172/0x1f0
[ 67.664334][ T12] ? debugfs_remove+0x10d/0x130
[ 67.669165][ T12] print_address_description.cold+0xd4/0x306
[ 67.675267][ T12] ? debugfs_remove+0x10d/0x130
[ 67.680134][ T12] ? debugfs_remove+0x10d/0x130
[ 67.685069][ T12] __kasan_report.cold+0x1b/0x36
[ 67.690023][ T12] ? write_comp_data+0x70/0x70
[ 67.694790][ T12] ? debugfs_remove+0x10d/0x130
[ 67.699697][ T12] kasan_report+0x12/0x17
[ 67.704103][ T12] __asan_report_load8_noabort+0x14/0x20
[ 67.709809][ T12] debugfs_remove+0x10d/0x130
[ 67.714581][ T12] blk_trace_free+0x38/0x140
[ 67.719519][ T12] __blk_trace_remove+0x78/0xa0
[ 67.724358][ T12] blk_trace_shutdown+0x67/0x90
[ 67.729193][ T12] __blk_release_queue+0x1de/0x340
[ 67.734295][ T12] process_one_work+0x9af/0x1740
[ 67.739347][ T12] ? pwq_dec_nr_in_flight+0x320/0x320
[ 67.744735][ T12] ? lock_acquire+0x190/0x410
[ 67.749410][ T12] worker_thread+0x98/0xe40
[ 67.753989][ T12] ? trace_hardirqs_on+0x67/0x240
[ 67.759016][ T12] kthread+0x361/0x430
[ 67.763075][ T12] ? process_one_work+0x1740/0x1740
[ 67.768382][ T12] ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 67.774716][ T12] ret_from_fork+0x24/0x30
[ 67.779242][ T12]
[ 67.781551][ T12] Allocated by task 8801:
[ 67.785863][ T12] save_stack+0x23/0x90
[ 67.789994][ T12] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 67.795694][ T12] kasan_slab_alloc+0xf/0x20
[ 67.800262][ T12] kmem_cache_alloc+0x121/0x710
[ 67.805100][ T12] __d_alloc+0x2e/0x8c0
[ 67.809246][ T12] d_alloc+0x4d/0x280
[ 67.814221][ T12] d_alloc_parallel+0xf4/0x1c30
[ 67.819076][ T12] __lookup_slow+0x1ab/0x500
[ 67.823644][ T12] lookup_one_len+0x16d/0x1a0
[ 67.828295][ T12] start_creating+0xbf/0x1e0
[ 67.832878][ T12] __debugfs_create_file+0x65/0x3d0
[ 67.838171][ T12] debugfs_create_file+0x5a/0x70
[ 67.843110][ T12] do_blk_trace_setup+0x361/0xb50
[ 67.848226][ T12] __blk_trace_setup+0xe3/0x190
[ 67.853319][ T12] blk_trace_ioctl+0x170/0x300
[ 67.858166][ T12] blkdev_ioctl+0x126/0x1c1a
[ 67.862910][ T12] block_ioctl+0xee/0x130
[ 67.867421][ T12] do_vfs_ioctl+0xdb6/0x13e0
[ 67.872252][ T12] ksys_ioctl+0xab/0xd0
[ 67.876393][ T12] __x64_sys_ioctl+0x73/0xb0
[ 67.881065][ T12] do_syscall_64+0xfd/0x6a0
[ 67.885556][ T12] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 67.891420][ T12]
[ 67.893723][ T12] Freed by task 0:
[ 67.897525][ T12] save_stack+0x23/0x90
[ 67.901706][ T12] __kasan_slab_free+0x102/0x150
[ 67.906620][ T12] kasan_slab_free+0xe/0x10
[ 67.911110][ T12] kmem_cache_free+0x86/0x320
[ 67.915872][ T12] __d_free+0x20/0x30
[ 67.919921][ T12] rcu_core+0x67f/0x1580
[ 67.924144][ T12] rcu_core_si+0x9/0x10
[ 67.928276][ T12] __do_softirq+0x262/0x98c
[ 67.932766][ T12]
[ 67.935075][ T12] The buggy address belongs to the object at ffff8880a6a20b80
[ 67.935075][ T12] which belongs to the cache dentry of size 288
[ 67.948680][ T12] The buggy address is located 64 bytes inside of
[ 67.948680][ T12] 288-byte region [ffff8880a6a20b80, ffff8880a6a20ca0)
[ 67.961971][ T12] The buggy address belongs to the page:
[ 67.967588][ T12] page:ffffea00029a8800 refcount:1 mapcount:0 mapping:ffff88821bc47540 index:0x0
[ 67.976691][ T12] flags: 0x1fffc0000000200(slab)
[ 67.981616][ T12] raw: 01fffc0000000200 ffffea0002a84d48 ffffea0002261888 ffff88821bc47540
[ 67.990217][ T12] raw: 0000000000000000 ffff8880a6a20080 000000010000000b 0000000000000000
[ 67.998910][ T12] page dumped because: kasan: bad access detected
[ 68.005298][ T12]
[ 68.007610][ T12] Memory state around the buggy address:
[ 68.013225][ T12] ffff8880a6a20a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.021449][ T12] ffff8880a6a20b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 68.029643][ T12] >ffff8880a6a20b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.037687][ T12] ^
[ 68.043842][ T12] ffff8880a6a20c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
[ 68.052017][ T12] ffff8880a6a20c80: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00
[ 68.060080][ T12] ==================================================================
[ 68.068230][ T12] Disabling lock debugging due to kernel taint
[ 68.075730][ T12] Kernel panic - not syncing: panic_on_warn set ...
[ 68.079431][ T8804] kobject: '7:0' (00000000f3c65e39): kobject_add_internal: parent: 'bdi', set: 'devices'
[ 68.082328][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0-rc6-next-20190628 #25
[ 68.082340][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.092568][ T8804] kobject: '7:0' (00000000f3c65e39): kobject_uevent_env
[ 68.102356][ T12] Workqueue: events __blk_release_queue
[ 68.102363][ T12] Call Trace:
[ 68.102380][ T12] dump_stack+0x172/0x1f0
[ 68.102395][ T12] panic+0x2dc/0x755
[ 68.102411][ T12] ? add_taint.cold+0x16/0x16
[ 68.114165][ T8804] kobject: '7:0' (00000000f3c65e39): fill_kobj_path: path = '/devices/virtual/bdi/7:0'
[ 68.119449][ T12] ? debugfs_remove+0x10d/0x130
[ 68.119465][ T12] ? preempt_schedule+0x4b/0x60
[ 68.119478][ T12] ? ___preempt_schedule+0x16/0x18
[ 68.119497][ T12] ? trace_hardirqs_on+0x5e/0x240
[ 68.127183][ T8804] kobject: 'loop0' (000000003504fae6): kobject_add_internal: parent: 'block', set: 'devices'
[ 68.128456][ T12] ? debugfs_remove+0x10d/0x130
[ 68.128473][ T12] end_report+0x47/0x4f
[ 68.144970][ T8804] kobject: 'loop0' (000000003504fae6): kobject_uevent_env
[ 68.151103][ T12] ? debugfs_remove+0x10d/0x130
[ 68.151121][ T12] __kasan_report.cold+0xe/0x36
[ 68.156007][ T8804] kobject: 'loop0' (000000003504fae6): kobject_uevent_env: uevent_suppress caused the event to drop!
[ 68.160771][ T12] ? write_comp_data+0x70/0x70
[ 68.160788][ T12] ? debugfs_remove+0x10d/0x130
[ 68.166368][ T8804] kobject: 'holders' (00000000f8a9d899): kobject_add_internal: parent: 'loop0', set: '<NULL>'
[ 68.170953][ T12] kasan_report+0x12/0x17
[ 68.170970][ T12] __asan_report_load8_noabort+0x14/0x20
[ 68.181540][ T8804] kobject: 'slaves' (000000006352b251): kobject_add_internal: parent: 'loop0', set: '<NULL>'
[ 68.186023][ T12] debugfs_remove+0x10d/0x130
[ 68.186036][ T12] blk_trace_free+0x38/0x140
[ 68.186047][ T12] __blk_trace_remove+0x78/0xa0
[ 68.186060][ T12] blk_trace_shutdown+0x67/0x90
[ 68.186081][ T12] __blk_release_queue+0x1de/0x340
[ 68.190561][ T8804] kobject: 'loop0' (000000003504fae6): kobject_uevent_env
[ 68.197379][ T12] process_one_work+0x9af/0x1740
[ 68.197397][ T12] ? pwq_dec_nr_in_flight+0x320/0x320
[ 68.197410][ T12] ? lock_acquire+0x190/0x410
[ 68.197428][ T12] worker_thread+0x98/0xe40
[ 68.202534][ T8804] kobject: 'loop0' (000000003504fae6): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 68.207076][ T12] ? trace_hardirqs_on+0x67/0x240
[ 68.207094][ T12] kthread+0x361/0x430
[ 68.207107][ T12] ? process_one_work+0x1740/0x1740
[ 68.207123][ T12] ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 68.223750][ T8804] kobject: 'queue' (00000000ae909bca): kobject_add_internal: parent: 'loop0', set: '<NULL>'
[ 68.227811][ T12] ret_from_fork+0x24/0x30
[ 68.230183][ T12] Kernel Offset: disabled
[ 68.372462][ T12] Rebooting in 86400 seconds..