[ 81.712612][ T27] audit: type=1800 audit(1582019368.240:26): pid=9700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.624284][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 82.624296][ T27] audit: type=1800 audit(1582019369.190:29): pid=9700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 82.650897][ T27] audit: type=1800 audit(1582019369.190:30): pid=9700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts. 2020/02/18 09:49:38 parsed 1 programs 2020/02/18 09:49:40 executed programs: 0 syzkaller login: [ 93.897047][ T9870] IPVS: ftp: loaded support on port[0] = 21 [ 93.954318][ T9870] chnl_net:caif_netlink_parms(): no params data found [ 93.991080][ T9870] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.998810][ T9870] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.006809][ T9870] device bridge_slave_0 entered promiscuous mode [ 94.015719][ T9870] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.023387][ T9870] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.031381][ T9870] device bridge_slave_1 entered promiscuous mode [ 94.048320][ T9870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.059228][ T9870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.080639][ T9870] team0: Port device team_slave_0 added [ 94.088067][ T9870] team0: Port device team_slave_1 added [ 94.101863][ T9870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.108872][ T9870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.135318][ T9870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.148250][ T9870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.155427][ T9870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.181488][ T9870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.285140][ T9870] device hsr_slave_0 entered promiscuous mode [ 94.333003][ T9870] device hsr_slave_1 entered promiscuous mode [ 94.463878][ T9870] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.505433][ T9870] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.555616][ T9870] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.604844][ T9870] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.688200][ T9870] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.695411][ T9870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.703327][ T9870] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.710457][ T9870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.755514][ T9870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.768780][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.779219][ T2854] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.788741][ T2854] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.797517][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 94.810731][ T9870] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.821881][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.830461][ T2849] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.837679][ T2849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.849503][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.858762][ T2854] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.866148][ T2854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.885276][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.894808][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.907718][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.919826][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.934557][ T9870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.947095][ T9870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.955478][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.973143][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.980607][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.994391][ T9870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.013245][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.024042][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.042849][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.051624][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.061729][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.070197][ T2869] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.078646][ T9870] device veth0_vlan entered promiscuous mode [ 95.091028][ T9870] device veth1_vlan entered promiscuous mode [ 95.111878][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.120674][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.129365][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.138543][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.150073][ T9870] device veth0_macvtap entered promiscuous mode [ 95.161213][ T9870] device veth1_macvtap entered promiscuous mode [ 95.178069][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.189373][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.197868][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.205979][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.214863][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.228115][ T9870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.236018][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.244921][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.279072][T10329] [ 98.281561][T10329] ===================================== [ 98.287197][T10329] WARNING: bad unlock balance detected! [ 98.292731][T10329] 5.6.0-rc2-syzkaller #0 Not tainted [ 98.298025][T10329] ------------------------------------- [ 98.303755][T10329] syz-executor.0/10329 is trying to release lock (&file->mut) at: [ 98.311600][T10329] [] ucma_destroy_id+0x24a/0x490 [ 98.318103][T10329] but there are no more locks to release! [ 98.324251][T10329] [ 98.324251][T10329] other info that might help us debug this: [ 98.332386][T10329] 1 lock held by syz-executor.0/10329: [ 98.337839][T10329] #0: ffff8880868dfe60 (&file->mut){+.+.}, at: ucma_destroy_id+0x1e7/0x490 [ 98.346594][T10329] [ 98.346594][T10329] stack backtrace: [ 98.352654][T10329] CPU: 1 PID: 10329 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 98.361570][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.372250][T10329] Call Trace: [ 98.375706][T10329] dump_stack+0x197/0x210 [ 98.380084][T10329] ? ucma_destroy_id+0x24a/0x490 [ 98.385386][T10329] print_unlock_imbalance_bug.cold+0x114/0x123 [ 98.391540][T10329] ? ucma_destroy_id+0x24a/0x490 [ 98.396571][T10329] lock_release+0x5f2/0x960 [ 98.401063][T10329] ? lock_downgrade+0x920/0x920 [ 98.406045][T10329] ? ucma_destroy_id+0x1e7/0x490 [ 98.410983][T10329] ? ucma_destroy_id+0x1c0/0x490 [ 98.416210][T10329] ? mutex_trylock+0x2d0/0x2d0 [ 98.420961][T10329] ? ucma_destroy_id+0x1c0/0x490 [ 98.425894][T10329] __mutex_unlock_slowpath+0x86/0x6a0 [ 98.431273][T10329] ? lock_downgrade+0x920/0x920 [ 98.436388][T10329] ? wait_for_completion+0x440/0x440 [ 98.441774][T10329] mutex_unlock+0xd/0x10 [ 98.446137][T10329] ucma_destroy_id+0x24a/0x490 [ 98.451014][T10329] ? ucma_close+0x310/0x310 [ 98.455519][T10329] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.461837][T10329] ? _copy_from_user+0x12c/0x1a0 [ 98.466766][T10329] ucma_write+0x2d7/0x3c0 [ 98.471277][T10329] ? ucma_close+0x310/0x310 [ 98.475789][T10329] ? ucma_open+0x290/0x290 [ 98.480401][T10329] ? apparmor_file_permission+0x27/0x30 [ 98.485930][T10329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.492161][T10329] ? security_file_permission+0x8f/0x380 [ 98.497788][T10329] __vfs_write+0x8a/0x110 [ 98.502240][T10329] ? ucma_open+0x290/0x290 [ 98.506798][T10329] vfs_write+0x268/0x5d0 [ 98.511056][T10329] ksys_write+0x220/0x290 [ 98.515488][T10329] ? __ia32_sys_read+0xb0/0xb0 [ 98.520428][T10329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.525924][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 98.531037][T10329] ? entry_SYSENTER_compat+0x70/0x7f [ 98.536426][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 98.541535][T10329] __ia32_sys_write+0x71/0xb0 [ 98.546208][T10329] do_fast_syscall_32+0x27b/0xe16 [ 98.551236][T10329] entry_SYSENTER_compat+0x70/0x7f [ 98.556358][T10329] RIP: 0023:0xf7f1fe39 [ 98.561036][T10329] Code: 1d 00 00 00 89 d3 5b 5e 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 98.580815][T10329] RSP: 002b:00000000f7ef90cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 98.589540][T10329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001380 [ 98.597636][T10329] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.605650][T10329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.613612][T10329] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 98.621570][T10329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.631245][T10329] ================================================================== [ 98.639410][T10329] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x93/0x6a0 [ 98.647299][T10329] Read of size 8 at addr ffff88808c9fd800 by task syz-executor.0/10329 [ 98.655539][T10329] [ 98.658143][T10329] CPU: 1 PID: 10329 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 98.666837][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.676883][T10329] Call Trace: [ 98.680165][T10329] dump_stack+0x197/0x210 [ 98.684595][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 98.690136][T10329] print_address_description.constprop.0.cold+0xd4/0x30b [ 98.697430][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 98.703098][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 98.708632][T10329] __kasan_report.cold+0x1b/0x32 [ 98.713593][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 98.719135][T10329] kasan_report+0x12/0x20 [ 98.723458][T10329] check_memory_region+0x134/0x1a0 [ 98.728564][T10329] __kasan_check_read+0x11/0x20 [ 98.733541][T10329] __mutex_unlock_slowpath+0x93/0x6a0 [ 98.738973][T10329] ? lock_downgrade+0x920/0x920 [ 98.743815][T10329] ? wait_for_completion+0x440/0x440 [ 98.749107][T10329] mutex_unlock+0xd/0x10 [ 98.753341][T10329] ucma_destroy_id+0x24a/0x490 [ 98.758328][T10329] ? ucma_close+0x310/0x310 [ 98.762831][T10329] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.769171][T10329] ? _copy_from_user+0x12c/0x1a0 [ 98.774101][T10329] ucma_write+0x2d7/0x3c0 [ 98.778601][T10329] ? ucma_close+0x310/0x310 [ 98.783153][T10329] ? ucma_open+0x290/0x290 [ 98.787813][T10329] ? apparmor_file_permission+0x27/0x30 [ 98.793573][T10329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.800102][T10329] ? security_file_permission+0x8f/0x380 [ 98.805757][T10329] __vfs_write+0x8a/0x110 [ 98.810101][T10329] ? ucma_open+0x290/0x290 [ 98.814528][T10329] vfs_write+0x268/0x5d0 [ 98.818834][T10329] ksys_write+0x220/0x290 [ 98.823214][T10329] ? __ia32_sys_read+0xb0/0xb0 [ 98.827974][T10329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.833443][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 98.838551][T10329] ? entry_SYSENTER_compat+0x70/0x7f [ 98.843835][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 98.848935][T10329] __ia32_sys_write+0x71/0xb0 [ 98.853935][T10329] do_fast_syscall_32+0x27b/0xe16 [ 98.858955][T10329] entry_SYSENTER_compat+0x70/0x7f [ 98.864051][T10329] RIP: 0023:0xf7f1fe39 [ 98.868209][T10329] Code: 1d 00 00 00 89 d3 5b 5e 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 98.887802][T10329] RSP: 002b:00000000f7ef90cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 98.896207][T10329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001380 [ 98.904279][T10329] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.912355][T10329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 98.920314][T10329] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 98.928270][T10329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.936237][T10329] [ 98.938546][T10329] Allocated by task 10329: [ 98.943152][T10329] save_stack+0x23/0x90 [ 98.947314][T10329] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 98.952948][T10329] kasan_kmalloc+0x9/0x10 [ 98.957265][T10329] kmem_cache_alloc_trace+0x158/0x790 [ 98.962624][T10329] ucma_open+0x4f/0x290 [ 98.966902][T10329] misc_open+0x395/0x4c0 [ 98.971138][T10329] chrdev_open+0x245/0x6b0 [ 98.975544][T10329] do_dentry_open+0x4e6/0x1380 [ 98.980294][T10329] vfs_open+0xa0/0xd0 [ 98.984271][T10329] path_openat+0x12ee/0x3490 [ 98.989197][T10329] do_filp_open+0x192/0x260 [ 98.993689][T10329] do_sys_openat2+0x5eb/0x7e0 [ 98.998397][T10329] do_sys_open+0xf2/0x180 [ 99.002802][T10329] __ia32_compat_sys_openat+0x98/0xf0 [ 99.008164][T10329] do_fast_syscall_32+0x27b/0xe16 [ 99.013176][T10329] entry_SYSENTER_compat+0x70/0x7f [ 99.018267][T10329] [ 99.020654][T10329] Freed by task 10324: [ 99.024711][T10329] save_stack+0x23/0x90 [ 99.028869][T10329] __kasan_slab_free+0x102/0x150 [ 99.033798][T10329] kasan_slab_free+0xe/0x10 [ 99.038289][T10329] kfree+0x10a/0x2c0 [ 99.042320][T10329] ucma_close+0x275/0x310 [ 99.046760][T10329] __fput+0x2ff/0x890 [ 99.050725][T10329] ____fput+0x16/0x20 [ 99.054726][T10329] task_work_run+0x145/0x1c0 [ 99.059361][T10329] exit_to_usermode_loop+0x316/0x380 [ 99.064648][T10329] do_fast_syscall_32+0xbbd/0xe16 [ 99.069855][T10329] entry_SYSENTER_compat+0x70/0x7f [ 99.074956][T10329] [ 99.077278][T10329] The buggy address belongs to the object at ffff88808c9fd800 [ 99.077278][T10329] which belongs to the cache kmalloc-256 of size 256 [ 99.091316][T10329] The buggy address is located 0 bytes inside of [ 99.091316][T10329] 256-byte region [ffff88808c9fd800, ffff88808c9fd900) [ 99.104416][T10329] The buggy address belongs to the page: [ 99.110043][T10329] page:ffffea0002327f40 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0 [ 99.119291][T10329] flags: 0xfffe0000000200(slab) [ 99.125084][T10329] raw: 00fffe0000000200 ffffea00029a1bc8 ffffea00021a37c8 ffff8880aa4008c0 [ 99.133658][T10329] raw: 0000000000000000 ffff88808c9fd000 0000000100000008 0000000000000000 [ 99.142230][T10329] page dumped because: kasan: bad access detected [ 99.148780][T10329] [ 99.151094][T10329] Memory state around the buggy address: [ 99.156743][T10329] ffff88808c9fd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.164862][T10329] ffff88808c9fd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.172921][T10329] >ffff88808c9fd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.181169][T10329] ^ [ 99.185228][T10329] ffff88808c9fd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.193328][T10329] ffff88808c9fd900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.201387][T10329] ================================================================== [ 99.213086][T10329] Kernel panic - not syncing: panic_on_warn set ... [ 99.219707][T10329] CPU: 1 PID: 10329 Comm: syz-executor.0 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 99.229795][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.239974][T10329] Call Trace: [ 99.243271][T10329] dump_stack+0x197/0x210 [ 99.247754][T10329] panic+0x2e3/0x75c [ 99.251765][T10329] ? add_taint.cold+0x16/0x16 [ 99.256607][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 99.262757][T10329] ? preempt_schedule+0x4b/0x60 [ 99.267733][T10329] ? ___preempt_schedule+0x16/0x18 [ 99.272861][T10329] ? trace_hardirqs_on+0x5e/0x240 [ 99.278037][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 99.283709][T10329] end_report+0x47/0x4f [ 99.288025][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 99.293657][T10329] __kasan_report.cold+0xe/0x32 [ 99.298527][T10329] ? __mutex_unlock_slowpath+0x93/0x6a0 [ 99.304064][T10329] kasan_report+0x12/0x20 [ 99.308394][T10329] check_memory_region+0x134/0x1a0 [ 99.313570][T10329] __kasan_check_read+0x11/0x20 [ 99.318528][T10329] __mutex_unlock_slowpath+0x93/0x6a0 [ 99.323893][T10329] ? lock_downgrade+0x920/0x920 [ 99.328756][T10329] ? wait_for_completion+0x440/0x440 [ 99.334250][T10329] mutex_unlock+0xd/0x10 [ 99.338486][T10329] ucma_destroy_id+0x24a/0x490 [ 99.343247][T10329] ? ucma_close+0x310/0x310 [ 99.347843][T10329] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.354105][T10329] ? _copy_from_user+0x12c/0x1a0 [ 99.359035][T10329] ucma_write+0x2d7/0x3c0 [ 99.363456][T10329] ? ucma_close+0x310/0x310 [ 99.368070][T10329] ? ucma_open+0x290/0x290 [ 99.372482][T10329] ? apparmor_file_permission+0x27/0x30 [ 99.378019][T10329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.384251][T10329] ? security_file_permission+0x8f/0x380 [ 99.389881][T10329] __vfs_write+0x8a/0x110 [ 99.394200][T10329] ? ucma_open+0x290/0x290 [ 99.398743][T10329] vfs_write+0x268/0x5d0 [ 99.403009][T10329] ksys_write+0x220/0x290 [ 99.407331][T10329] ? __ia32_sys_read+0xb0/0xb0 [ 99.412116][T10329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 99.417588][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 99.422699][T10329] ? entry_SYSENTER_compat+0x70/0x7f [ 99.427973][T10329] ? do_fast_syscall_32+0xd1/0xe16 [ 99.433256][T10329] __ia32_sys_write+0x71/0xb0 [ 99.438038][T10329] do_fast_syscall_32+0x27b/0xe16 [ 99.443247][T10329] entry_SYSENTER_compat+0x70/0x7f [ 99.448349][T10329] RIP: 0023:0xf7f1fe39 [ 99.452407][T10329] Code: 1d 00 00 00 89 d3 5b 5e 5d c3 8b 04 24 c3 8b 1c 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 99.472145][T10329] RSP: 002b:00000000f7ef90cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 99.480840][T10329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001380 [ 99.488804][T10329] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.496939][T10329] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.505131][T10329] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 99.513092][T10329] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 99.522824][T10329] Kernel Offset: disabled [ 99.527258][T10329] Rebooting in 86400 seconds..