[ 99.929737][ T27] audit: type=1800 audit(1583222263.789:40): pid=10580 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 103.885280][ T27] audit: type=1400 audit(1583222267.769:41): avc: denied { map } for pid=10757 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. executing program [ 110.806600][ T27] audit: type=1400 audit(1583222274.689:42): avc: denied { map } for pid=10769 comm="syz-executor058" path="/root/syz-executor058299008" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 111.123945][T10771] [ 111.126333][T10771] ===================================== [ 111.131998][T10771] WARNING: bad unlock balance detected! [ 111.137650][T10771] 5.6.0-rc3-syzkaller #0 Not tainted [ 111.143010][T10771] ------------------------------------- [ 111.148585][T10771] syz-executor058/10771 is trying to release lock (&ovl_i_lock_key[depth]) at: [ 111.157641][T10771] [] ovl_llseek+0x29d/0x3b0 [ 111.163685][T10771] but there are no more locks to release! [ 111.169385][T10771] [ 111.169385][T10771] other info that might help us debug this: [ 111.177429][T10771] 1 lock held by syz-executor058/10771: [ 111.182945][T10771] #0: ffff8880a774bde0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 111.192086][T10771] [ 111.192086][T10771] stack backtrace: [ 111.198007][T10771] CPU: 0 PID: 10771 Comm: syz-executor058 Not tainted 5.6.0-rc3-syzkaller #0 [ 111.207880][T10771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.218514][T10771] Call Trace: [ 111.221815][T10771] dump_stack+0x197/0x210 [ 111.226142][T10771] ? ovl_llseek+0x29d/0x3b0 [ 111.230665][T10771] print_unlock_imbalance_bug.cold+0x114/0x123 [ 111.236828][T10771] ? ovl_llseek+0x29d/0x3b0 [ 111.241369][T10771] lock_release+0x5f2/0x960 [ 111.245915][T10771] ? lock_downgrade+0x920/0x920 [ 111.250857][T10771] ? __kasan_check_write+0x14/0x20 [ 111.256042][T10771] ? up_read+0x1cd/0x810 [ 111.260397][T10771] ? iomap_seek_hole+0x16f/0x1d0 [ 111.265513][T10771] __mutex_unlock_slowpath+0x86/0x6a0 [ 111.274976][T10771] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 111.280782][T10771] ? wait_for_completion+0x440/0x440 [ 111.286058][T10771] ? ext4_llseek+0x193/0x2f0 [ 111.290639][T10771] mutex_unlock+0xd/0x10 [ 111.294866][T10771] ovl_llseek+0x29d/0x3b0 [ 111.299180][T10771] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 111.304707][T10771] ? ovl_aio_rw_complete+0x80/0x80 [ 111.309805][T10771] ? mutex_lock_nested+0x16/0x20 [ 111.314727][T10771] ? ovl_aio_rw_complete+0x80/0x80 [ 111.319823][T10771] ksys_lseek+0x116/0x1b0 [ 111.324130][T10771] __x64_sys_lseek+0x73/0xb0 [ 111.328709][T10771] do_syscall_64+0xfa/0x790 [ 111.333203][T10771] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.339203][T10771] RIP: 0033:0x4459b9 [ 111.343123][T10771] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.362723][T10771] RSP: 002b:00007f2b78befdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 111.371156][T10771] RAX: ffffffffffffffda R