
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   64.241919] IPVS: Creating netns size=2664 id=1
[   64.242997] IPVS: ftp: loaded support on port[0] = 21
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
2019/04/11 06:39:20 parsed 1 programs
2019/04/11 06:39:20 executed programs: 0
[   72.900201] IPVS: Creating netns size=2664 id=2
[   72.904928] IPVS: ftp: loaded support on port[0] = 21
[   72.914983] IPVS: Creating netns size=2664 id=3
[   72.920410] IPVS: ftp: loaded support on port[0] = 21
[   72.932275] IPVS: Creating netns size=2664 id=4
[   72.937197] IPVS: ftp: loaded support on port[0] = 21
[   72.949645] IPVS: Creating netns size=2664 id=5
[   72.954381] IPVS: ftp: loaded support on port[0] = 21
[   72.971115] IPVS: Creating netns size=2664 id=6
[   72.975867] IPVS: ftp: loaded support on port[0] = 21
[   72.997612] IPVS: Creating netns size=2664 id=7
[   73.004370] IPVS: ftp: loaded support on port[0] = 21
[   73.082247] device bridge_slave_0 entered promiscuous mode
[   73.092962] device bridge_slave_0 entered promiscuous mode
[   73.102618] device bridge_slave_1 entered promiscuous mode
[   73.113252] device bridge_slave_1 entered promiscuous mode
[   73.119483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.129711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.145572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.153140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.192797] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.199881] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.208446] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.215527] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.230841] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.237898] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.245852] device bridge_slave_0 entered promiscuous mode
[   73.251705] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.258781] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.267636] device bridge_slave_0 entered promiscuous mode
[   73.275882] device bridge_slave_0 entered promiscuous mode
[   73.283522] device bridge_slave_1 entered promiscuous mode
[   73.289931] device bridge_slave_1 entered promiscuous mode
[   73.298382] device bridge_slave_1 entered promiscuous mode
[   73.310571] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.317877] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.328218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.336941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.345774] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.356145] device bridge_slave_0 entered promiscuous mode
[   73.362343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.373667] device bridge_slave_1 entered promiscuous mode
[   73.385692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   73.393721] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.400804] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.410967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   73.418730] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.426294] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.434588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.444903] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.451745] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.460175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.467952] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.475266] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.483657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.490822] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.497723] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.508461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.517600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.526287] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.533418] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.542633] IPv6: ADDRCONF(NETDEV_UP): bond_slave_0: link is not ready
[   73.549491] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   73.559748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.567223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.578934] IPv6: ADDRCONF(NETDEV_UP): bond_slave_1: link is not ready
[   73.587807] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   73.595826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.663227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.670932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.680104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.689301] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.697476] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.705902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.714353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.722805] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.731687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   73.740768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.750444] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.757298] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.763928] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.770437] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.779411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   73.786397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.794333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.805123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   73.813926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.825697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   73.837415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.843941] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.850603] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.857104] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.926760] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.933307] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.939835] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.946367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.963144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.969691] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.976206] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.982970] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.997581] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.004123] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.010890] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.017415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.041364] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.047917] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.054430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.060943] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.439325] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.471730] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.478929] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.504429] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.512871] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.529771] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.537430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.557387] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.569415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.580435] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.588962] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.601486] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.620975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.630965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.639077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.650590] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   74.693298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.701837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.241101] 
[   75.242780] =====================================
[   75.247601] [ BUG: bad unlock balance detected! ]
[   75.252422] 4.2.0-rc8+ #1 Not tainted
[   75.256206] -------------------------------------
[   75.261033] syz-executor4/6152 is trying to release lock (&file->mut) at:
[   75.268186] [<ffffffff8224e0c9>] mutex_unlock+0x9/0x10
[   75.273431] but there are no more locks to release!
[   75.278417] 
[   75.278417] other info that might help us debug this:
[   75.285058] 1 lock held by syz-executor4/6152:
[   75.289612]  #0:  (&file->mut){+.+.+.}, at: [<ffffffff81c863f9>] ucma_destroy_id+0xf9/0x1d0
[   75.298793] 
[   75.298793] stack backtrace:
[   75.303263] CPU: 0 PID: 6152 Comm: syz-executor4 Not tainted 4.2.0-rc8+ #1
[   75.310268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.319596]  ffffffff8224e0c9 ffff8800b7857c88 ffffffff82244b96 0000000000000011
[   75.327634]  ffff880213efe7c0 ffff8800b7857cb8 ffffffff811b2c60 0000000000000006
[   75.335631]  ffff88020f847c60 ffffffff8224e0c9 ffff880213efef38 ffff8800b7857d58
[   75.343721] Call Trace:
[   75.346280]  [<ffffffff8224e0c9>] ? mutex_unlock+0x9/0x10
[   75.351787]  [<ffffffff82244b96>] dump_stack+0x4c/0x65
[   75.357046]  [<ffffffff811b2c60>] print_unlock_imbalance_bug+0xe0/0xf0
[   75.363690]  [<ffffffff8224e0c9>] ? mutex_unlock+0x9/0x10
[   75.369199]  [<ffffffff811b7bac>] lock_release+0x36c/0x550
[   75.374798]  [<ffffffff8224d91f>] ? mutex_lock_nested+0x3af/0x460
[   75.381003]  [<ffffffff811b48ed>] ? trace_hardirqs_on_caller+0x13d/0x1d0
[   75.387906]  [<ffffffff811b498d>] ? trace_hardirqs_on+0xd/0x10
[   75.393849]  [<ffffffff81c863f9>] ? ucma_destroy_id+0xf9/0x1d0
[   75.399805]  [<ffffffff8224df74>] __mutex_unlock_slowpath+0x94/0x1e0
[   75.406288]  [<ffffffff8224e0c9>] mutex_unlock+0x9/0x10
[   75.411631]  [<ffffffff81c8640c>] ucma_destroy_id+0x10c/0x1d0
[   75.417494]  [<ffffffff8128f458>] ? __might_fault+0x48/0xa0
[   75.423265]  [<ffffffff81c85329>] ucma_write+0x79/0xb0
[   75.428526]  [<ffffffff812dab83>] __vfs_write+0x23/0xe0
[   75.433865]  [<ffffffff817922f3>] ? apparmor_file_permission+0x13/0x20
[   75.440509]  [<ffffffff81767c68>] ? security_file_permission+0x38/0xc0
[   75.447151]  [<ffffffff812dafea>] ? rw_verify_area+0x4a/0xe0
[   75.452945]  [<ffffffff812db251>] vfs_write+0xa1/0x1a0
[   75.458204]  [<ffffffff811f361d>] ? SyS_futex+0x6d/0x160
[   75.463636]  [<ffffffff812dbe74>] SyS_write+0x44/0xa0
[   75.468810]  [<ffffffff822519f2>] entry_SYSCALL_64_fastpath+0x16/0x7a
[   75.476350] ------------[ cut here ]------------
[   75.481174] WARNING: CPU: 0 PID: 6130 at lib/idr.c:505 idr_remove+0x154/0x240()
[   75.488638] idr_remove called for id=5 which is not allocated.
[   75.494603] Kernel panic - not syncing: panic_on_warn set ...
[   75.494603] 
[   75.501935] CPU: 0 PID: 6130 Comm: syz-executor4 Not tainted 4.2.0-rc8+ #1
[   75.509015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.518342]  ffffffff8296226c ffff88020f933ce8 ffffffff82244b96 0000000000000032
[   75.526366]  ffffffff8290a00e ffff88020f933d68 ffffffff82240afc 0000000000000000
[   75.534371]  ffffffff00000008 ffff88020f933d78 ffff88020f933d18 0000000000000000
[   75.542368] Call Trace:
[   75.544927]  [<ffffffff82244b96>] dump_stack+0x4c/0x65
[   75.550173]  [<ffffffff82240afc>] panic+0xcb/0x214
[   75.555173]  [<ffffffff81163f05>] warn_slowpath_common+0xb5/0xc0
[   75.561297]  [<ffffffff81163f51>] warn_slowpath_fmt+0x41/0x50
[   75.567151]  [<ffffffff811b498d>] ? trace_hardirqs_on+0xd/0x10
[   75.573097]  [<ffffffff8181d9f4>] idr_remove+0x154/0x240
[   75.578567]  [<ffffffff811b498d>] ? trace_hardirqs_on+0xd/0x10
[   75.584514]  [<ffffffff81c84f8c>] ucma_close+0xac/0x120
[   75.589848]  [<ffffffff812dcaaa>] __fput+0xea/0x1f0
[   75.594835]  [<ffffffff812dcbe9>] ____fput+0x9/0x10
[   75.599822]  [<ffffffff81187ee8>] task_work_run+0x88/0xb0
[   75.605334]  [<ffffffff81079f99>] do_notify_resume+0x59/0x60
[   75.611118]  [<ffffffff82251beb>] int_signal+0x12/0x17
[   75.617300] Kernel Offset: disabled