Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. [ 53.655028] audit: type=1400 audit(1582023876.719:36): avc: denied { map } for pid=8224 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/02/18 11:04:36 parsed 1 programs [ 55.518263] audit: type=1400 audit(1582023878.579:37): avc: denied { map } for pid=8224 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1113 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/02/18 11:04:38 executed programs: 0 [ 55.722625] IPVS: ftp: loaded support on port[0] = 21 [ 55.778358] chnl_net:caif_netlink_parms(): no params data found [ 55.826678] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.834042] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.841776] device bridge_slave_0 entered promiscuous mode [ 55.849208] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.855916] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.863029] device bridge_slave_1 entered promiscuous mode [ 55.880147] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.889118] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.905913] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.913479] team0: Port device team_slave_0 added [ 55.919140] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.926649] team0: Port device team_slave_1 added [ 55.940111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.946481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.971937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.983566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.989914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.015182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.026287] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.033912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.091979] device hsr_slave_0 entered promiscuous mode [ 56.130094] device hsr_slave_1 entered promiscuous mode [ 56.170710] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.177966] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.226998] audit: type=1400 audit(1582023879.289:38): avc: denied { create } for pid=8240 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 56.247684] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.252319] audit: type=1400 audit(1582023879.289:39): avc: denied { write } for pid=8240 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 56.257657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.282993] audit: type=1400 audit(1582023879.289:40): avc: denied { read } for pid=8240 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 56.288938] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.318694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.355030] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 56.361820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.371541] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.382965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.392465] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.400003] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.407359] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.417835] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.424231] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.433752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.441704] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.448253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.458826] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.467275] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.473715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.491654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.507128] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.518101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.529393] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.536453] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.543776] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.551973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.560266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.568151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.582593] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 56.590796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.597576] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.609409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.623855] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 56.633828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.676358] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 56.683751] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 56.691027] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 56.700931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.708607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.716687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.726060] device veth0_vlan entered promiscuous mode [ 56.737307] device veth1_vlan entered promiscuous mode [ 56.743593] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 56.753413] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 56.765617] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 56.773400] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.780917] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.791570] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 56.798530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.807061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.817641] device veth0_macvtap entered promiscuous mode [ 56.824251] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 56.833669] device veth1_macvtap entered promiscuous mode [ 56.840260] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 56.849200] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 56.859229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 56.869127] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 56.876723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.883766] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.891549] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.898701] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.906783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.918249] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 56.925863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.932745] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.941520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.057542] audit: type=1400 audit(1582023880.119:41): avc: denied { associate } for pid=8240 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 58.657887] [ 58.659664] ===================================== [ 58.664521] WARNING: bad unlock balance detected! [ 58.669367] 4.19.104-syzkaller #0 Not tainted [ 58.673848] ------------------------------------- [ 58.678759] syz-executor.0/8705 is trying to release lock (&file->mut) at: [ 58.685779] [] ucma_destroy_id+0x24c/0x4a0 [ 58.691674] but there are no more locks to release! [ 58.696682] [ 58.696682] other info that might help us debug this: [ 58.703359] 1 lock held by syz-executor.0/8705: [ 58.708014] #0: 0000000041874434 (&file->mut){+.+.}, at: ucma_destroy_id+0x1e9/0x4a0 [ 58.716802] [ 58.716802] stack backtrace: [ 58.721294] CPU: 1 PID: 8705 Comm: syz-executor.0 Not tainted 4.19.104-syzkaller #0 [ 58.729191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.738543] Call Trace: [ 58.741127] dump_stack+0x197/0x210 [ 58.744752] ? ucma_destroy_id+0x24c/0x4a0 [ 58.749076] print_unlock_imbalance_bug.cold+0x114/0x123 [ 58.754537] ? ucma_destroy_id+0x24c/0x4a0 [ 58.758761] lock_release+0x6cd/0xa30 [ 58.762559] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.768609] ? lock_downgrade+0x880/0x880 [ 58.772762] ? mutex_trylock+0x1e0/0x1e0 [ 58.776826] __mutex_unlock_slowpath+0x8e/0x6b0 [ 58.781488] ? wait_for_completion+0x440/0x440 [ 58.786130] mutex_unlock+0xd/0x10 [ 58.789668] ucma_destroy_id+0x24c/0x4a0 [ 58.793735] ? ucma_close+0x320/0x320 [ 58.797533] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.803088] ? _copy_from_user+0xdd/0x150 [ 58.807265] ucma_write+0x2d7/0x3c0 [ 58.810942] ? ucma_close+0x320/0x320 [ 58.814757] ? ucma_open+0x290/0x290 [ 58.818477] __vfs_write+0x114/0x810 [ 58.822190] ? ucma_open+0x290/0x290 [ 58.826053] ? kernel_read+0x120/0x120 [ 58.829932] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.835572] ? __inode_security_revalidate+0xda/0x120 [ 58.840749] ? avc_policy_seqno+0xd/0x70 [ 58.844808] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 58.849868] ? selinux_file_permission+0x92/0x550 [ 58.854711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.860250] ? security_file_permission+0x89/0x230 [ 58.865187] ? rw_verify_area+0x118/0x360 [ 58.869341] vfs_write+0x20c/0x560 [ 58.873033] ksys_write+0x14f/0x2d0 [ 58.876644] ? __ia32_sys_read+0xb0/0xb0 [ 58.880699] ? do_syscall_64+0x26/0x620 [ 58.884675] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.890157] ? do_syscall_64+0x26/0x620 [ 58.894150] __x64_sys_write+0x73/0xb0 [ 58.898046] do_syscall_64+0xfd/0x620 [ 58.903121] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.908420] RIP: 0033:0x45c6b9 [ 58.911596] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.930584] RSP: 002b:00007fbc1e9a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.938291] RAX: ffffffffffffffda RBX: 00007fbc1e9aa6d4 RCX: 000000000045c6b9 [ 58.945560] RDX: 0000000000000018 RSI: 0000000020001380 RDI: 0000000000000003 [ 58.952887] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 58.960161] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.967427] R13: 0000000000000c8a R14: 00000000004d78f0 R15: 000000000076bfcc