Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2018/10/21 06:09:53 parsed 1 programs 2018/10/21 06:09:56 executed programs: 0 [ 52.579708] IPVS: ftp: loaded support on port[0] = 21 [ 52.592642] IPVS: ftp: loaded support on port[0] = 21 [ 52.592831] IPVS: ftp: loaded support on port[0] = 21 [ 52.609752] IPVS: ftp: loaded support on port[0] = 21 [ 52.610426] IPVS: ftp: loaded support on port[0] = 21 [ 52.626621] IPVS: ftp: loaded support on port[0] = 21 [ 53.962475] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.977473] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.991429] device bridge_slave_0 entered promiscuous mode [ 54.021315] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.028496] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.043344] device bridge_slave_0 entered promiscuous mode [ 54.075739] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.083010] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.094103] device bridge_slave_0 entered promiscuous mode [ 54.104940] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.111304] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.118810] device bridge_slave_0 entered promiscuous mode [ 54.125989] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.132351] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.141194] device bridge_slave_1 entered promiscuous mode [ 54.150793] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.158666] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.166437] device bridge_slave_0 entered promiscuous mode [ 54.185453] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.191813] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.208286] device bridge_slave_1 entered promiscuous mode [ 54.217983] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.224464] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.232785] device bridge_slave_1 entered promiscuous mode [ 54.241286] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.248128] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.257264] device bridge_slave_1 entered promiscuous mode [ 54.268165] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.277986] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.284341] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.299335] device bridge_slave_0 entered promiscuous mode [ 54.308062] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.317922] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.324286] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.333853] device bridge_slave_1 entered promiscuous mode [ 54.342691] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.350261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.363876] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.371546] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.385761] device bridge_slave_1 entered promiscuous mode [ 54.392969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.403024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.413303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.428960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.445297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.457536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.477201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.548029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.619999] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.672773] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.698593] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.725121] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.734393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.750918] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.773816] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.802077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.813464] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.829880] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.841788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.859405] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.871770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.883205] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.917517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.936412] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.946459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.963249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.982381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.018222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.109716] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.118422] team0: Port device team_slave_0 added [ 55.214421] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.231624] team0: Port device team_slave_1 added [ 55.253675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.264513] team0: Port device team_slave_0 added [ 55.270187] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.280114] team0: Port device team_slave_0 added [ 55.290990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.299346] team0: Port device team_slave_0 added [ 55.314128] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.326122] team0: Port device team_slave_0 added [ 55.338717] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.355516] team0: Port device team_slave_1 added [ 55.360853] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.372555] team0: Port device team_slave_1 added [ 55.385198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.399474] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.407448] team0: Port device team_slave_0 added [ 55.423906] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.432208] team0: Port device team_slave_1 added [ 55.438684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.451295] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.471136] team0: Port device team_slave_1 added [ 55.483232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.504201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.512985] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.520783] team0: Port device team_slave_1 added [ 55.531994] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.551689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.565403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.596039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.604055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.611850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.622650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.632827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.643142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.653083] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.665475] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.672604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.689799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.705490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.713463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.721450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.729398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.737052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.744911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.752605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.760527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.770918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.780373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.791155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.801290] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.817145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.830242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.845472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.860655] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.868644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.876861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.884540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.892673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.902404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.911507] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.926196] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.939735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.950406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.965617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.975865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.983659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.991627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.001688] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.012446] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.029607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.042403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.055672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.063639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.079010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.101169] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.111345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.125675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.135344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.143879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.750613] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.757163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.764165] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.770596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.785769] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.800212] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.806618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.813293] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.819728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.829347] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.838504] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.844927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.851585] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.858017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.882771] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.898674] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.905080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.911722] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.918149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.950128] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.958734] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.965253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.971910] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.978342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.985789] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.998854] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.005273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.011943] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.018379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.026245] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.655017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.662294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.688166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.695414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.702435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.709637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.554861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.722697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.749634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.863706] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.944135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.991851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.002500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.020707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.045761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.158376] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.170102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.178516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.239607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.279307] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.289520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.297782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.313111] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.324414] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.343618] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.357617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.368847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.468079] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.525314] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.531548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.541743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.569069] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.584834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.591926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.636504] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.644384] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.651308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.660783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.679343] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.798015] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.909731] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.954585] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/21 06:10:06 executed programs: 6 [ 63.309203] [ 63.310852] ===================================== [ 63.315671] WARNING: bad unlock balance detected! [ 63.320492] 4.19.0-rc8+ #197 Not tainted [ 63.324537] ------------------------------------- [ 63.329405] syz-executor4/7206 is trying to release lock (&file->mut) at: [ 63.336343] [] ucma_destroy_id+0x2cb/0x550 [ 63.342147] but there are no more locks to release! [ 63.347141] [ 63.347141] other info that might help us debug this: [ 63.353787] 1 lock held by syz-executor4/7206: [ 63.358343] #0: 000000006df71a31 (&file->mut){+.+.}, at: ucma_destroy_id+0x26b/0x550 [ 63.366326] [ 63.366326] stack backtrace: [ 63.370829] CPU: 0 PID: 7206 Comm: syz-executor4 Not tainted 4.19.0-rc8+ #197 [ 63.378082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.387423] Call Trace: [ 63.390170] dump_stack+0x1c4/0x2b6 [ 63.393786] ? dump_stack_print_info.cold.1+0x20/0x20 [ 63.398970] ? vprintk_func+0x85/0x181 [ 63.402848] ? ucma_destroy_id+0x2cb/0x550 [ 63.407082] print_unlock_imbalance_bug.cold.48+0xcc/0xd8 [ 63.412625] lock_release+0x785/0x970 [ 63.416431] ? ucma_destroy_id+0x2cb/0x550 [ 63.420652] ? lock_downgrade+0x900/0x900 [ 63.424792] ? radix_tree_descend+0x2e0/0x2e0 [ 63.429288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.434819] ? node_tag_set+0xc6/0x170 [ 63.438708] __mutex_unlock_slowpath+0x102/0x8c0 [ 63.443465] ? wait_for_completion+0x8a0/0x8a0 [ 63.448052] ? radix_tree_delete_item+0x188/0x350 [ 63.452879] ? radix_tree_lookup+0x30/0x30 [ 63.457123] mutex_unlock+0xd/0x10 [ 63.458496] kobject: 'loop0' (000000005f5aee05): kobject_uevent_env [ 63.460676] ucma_destroy_id+0x2cb/0x550 [ 63.471123] ? ucma_close+0x310/0x310 [ 63.474937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.475203] kobject: 'loop0' (000000005f5aee05): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 63.480479] ? _copy_from_user+0xdf/0x150 [ 63.480494] ? ucma_close+0x310/0x310 [ 63.480510] ucma_write+0x365/0x460 [ 63.480526] ? ucma_open+0x3f0/0x3f0 [ 63.480549] __vfs_write+0x119/0x9f0 [ 63.508946] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 63.513884] ? ucma_open+0x3f0/0x3f0 [ 63.517591] ? kernel_read+0x120/0x120 [ 63.521476] ? apparmor_path_rmdir+0x30/0x30 [ 63.525895] ? apparmor_file_permission+0x24/0x30 [ 63.530742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.533787] kobject: 'loop1' (00000000aa3a0686): kobject_uevent_env [ 63.536286] ? security_file_permission+0x1c2/0x230 [ 63.536303] ? rw_verify_area+0x118/0x360 [ 63.536318] vfs_write+0x1fc/0x560 [ 63.536334] ksys_write+0x101/0x260 [ 63.536352] ? __ia32_sys_read+0xb0/0xb0 [ 63.542955] kobject: 'loop1' (00000000aa3a0686): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 63.547783] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 63.547802] __ia32_sys_write+0x71/0xb0 [ 63.547818] do_fast_syscall_32+0x34d/0xfb2 [ 63.547833] ? do_int80_syscall_32+0x890/0x890 [ 63.547848] ? entry_SYSENTER_compat+0x68/0x7f [ 63.547866] ? trace_hardirqs_off_caller+0xbb/0x310 [ 63.567921] kobject: 'loop3' (000000005959ac3c): kobject_uevent_env [ 63.572655] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.572671] ? trace_hardirqs_on_caller+0x310/0x310 [ 63.572686] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 63.572700] ? recalc_sigpending_tsk+0x180/0x180 [ 63.572720] ? kasan_check_write+0x14/0x20 [ 63.583173] kobject: 'loop3' (000000005959ac3c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 63.586446] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.586466] entry_SYSENTER_compat+0x70/0x7f [ 63.586477] RIP: 0023:0xf7f6bca9 [ 63.586492] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 63.586499] RSP: 002b:00000000f7f250cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 63.586512] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000280 [ 63.586526] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 63.610782] kobject: 'loop5' (0000000017644e80): kobject_uevent_env [ 63.611898] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 63.611912] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 63.623204] kobject: 'loop5' (0000000017644e80): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 63.626666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 63.641810] ================================================================== [ 63.671122] kobject: 'loop2' (00000000e6d170d3): kobject_uevent_env [ 63.672162] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x10f/0x8c0 [ 63.684820] kobject: 'loop2' (00000000e6d170d3): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 63.687110] Read of size 8 at addr ffff8801cd0c0000 by task syz-executor4/7206 [ 63.687114] [ 63.687129] CPU: 0 PID: 7206 Comm: syz-executor4 Not tainted 4.19.0-rc8+ #197 [ 63.687137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.687142] Call Trace: [ 63.687161] dump_stack+0x1c4/0x2b6 [ 63.687181] ? dump_stack_print_info.cold.1+0x20/0x20 [ 63.799329] ? printk+0xa7/0xcf [ 63.802612] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 63.807354] print_address_description.cold.8+0x9/0x1ff [ 63.812726] kasan_report.cold.9+0x242/0x309 [ 63.817138] ? __mutex_unlock_slowpath+0x10f/0x8c0 [ 63.820490] kobject: 'loop0' (000000005f5aee05): kobject_uevent_env [ 63.822085] check_memory_region+0x13e/0x1b0 [ 63.822102] kasan_check_read+0x11/0x20 [ 63.822121] __mutex_unlock_slowpath+0x10f/0x8c0 [ 63.833596] kobject: 'loop0' (000000005f5aee05): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 63.836896] ? wait_for_completion+0x8a0/0x8a0 [ 63.836915] ? radix_tree_delete_item+0x188/0x350 [ 63.836931] ? radix_tree_lookup+0x30/0x30 [ 63.836956] mutex_unlock+0xd/0x10 [ 63.836978] ucma_destroy_id+0x2cb/0x550 [ 63.872373] ? ucma_close+0x310/0x310 [ 63.876179] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.881701] ? _copy_from_user+0xdf/0x150 [ 63.885833] ? ucma_close+0x310/0x310 [ 63.889626] ucma_write+0x365/0x460 [ 63.893268] ? ucma_open+0x3f0/0x3f0 [ 63.896973] __vfs_write+0x119/0x9f0 [ 63.900672] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 63.905592] ? ucma_open+0x3f0/0x3f0 [ 63.909303] ? kernel_read+0x120/0x120 [ 63.913190] ? apparmor_path_rmdir+0x30/0x30 [ 63.917589] ? apparmor_file_permission+0x24/0x30 [ 63.922418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.927954] ? security_file_permission+0x1c2/0x230 [ 63.929596] kobject: 'loop1' (00000000aa3a0686): kobject_uevent_env [ 63.932979] ? rw_verify_area+0x118/0x360 [ 63.932996] vfs_write+0x1fc/0x560 [ 63.933015] ksys_write+0x101/0x260 [ 63.944032] kobject: 'loop1' (00000000aa3a0686): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 63.947093] ? __ia32_sys_read+0xb0/0xb0 [ 63.947112] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 63.947130] __ia32_sys_write+0x71/0xb0 [ 63.947148] do_fast_syscall_32+0x34d/0xfb2 [ 63.947166] ? do_int80_syscall_32+0x890/0x890 [ 63.982506] ? entry_SYSENTER_compat+0x68/0x7f [ 63.987075] ? trace_hardirqs_off_caller+0xbb/0x310 [ 63.992090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.996941] ? trace_hardirqs_on_caller+0x310/0x310 [ 64.001976] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 64.005302] kobject: 'loop5' (0000000017644e80): kobject_uevent_env [ 64.006998] ? recalc_sigpending_tsk+0x180/0x180 [ 64.007017] ? kasan_check_write+0x14/0x20 [ 64.007036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.022498] kobject: 'loop5' (0000000017644e80): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 64.027249] entry_SYSENTER_compat+0x70/0x7f [ 64.027260] RIP: 0023:0xf7f6bca9 [ 64.027275] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 64.027282] RSP: 002b:00000000f7f250cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 64.027296] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000280 [ 64.027310] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.041799] kobject: 'loop3' (000000005959ac3c): kobject_uevent_env [ 64.044498] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 64.044506] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 64.044514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 64.044528] [ 64.064965] kobject: 'loop3' (000000005959ac3c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 64.071121] Allocated by task 7163: [ 64.071137] save_stack+0x43/0xd0 [ 64.071153] kasan_kmalloc+0xc7/0xe0 [ 64.135686] kmem_cache_alloc_trace+0x152/0x750 [ 64.140339] ucma_open+0xb5/0x3f0 [ 64.143780] misc_open+0x3ca/0x560 [ 64.147302] chrdev_open+0x25a/0x710 [ 64.150998] do_dentry_open+0x499/0x1250 [ 64.155041] vfs_open+0xa0/0xd0 [ 64.158303] path_openat+0x12bf/0x5160 [ 64.162171] do_filp_open+0x255/0x380 [ 64.165970] do_sys_open+0x568/0x700 [ 64.169667] __ia32_compat_sys_openat+0x98/0xf0 [ 64.174317] do_fast_syscall_32+0x34d/0xfb2 [ 64.178621] entry_SYSENTER_compat+0x70/0x7f [ 64.183007] [ 64.184631] Freed by task 7150: [ 64.187894] save_stack+0x43/0xd0 [ 64.191331] __kasan_slab_free+0x102/0x150 [ 64.195555] kasan_slab_free+0xe/0x10 [ 64.199348] kfree+0xcf/0x230 [ 64.202462] ucma_close+0x27e/0x310 [ 64.206073] __fput+0x385/0xa30 [ 64.209330] ____fput+0x15/0x20 [ 64.212609] task_work_run+0x1e8/0x2a0 [ 64.216482] exit_to_usermode_loop+0x318/0x380 [ 64.221046] do_fast_syscall_32+0xcd5/0xfb2 [ 64.225358] entry_SYSENTER_compat+0x70/0x7f [ 64.229807] [ 64.231426] The buggy address belongs to the object at ffff8801cd0c0000 [ 64.231426] which belongs to the cache kmalloc-256 of size 256 [ 64.244071] The buggy address is located 0 bytes inside of [ 64.244071] 256-byte region [ffff8801cd0c0000, ffff8801cd0c0100) [ 64.255780] The buggy address belongs to the page: [ 64.260693] page:ffffea0007343000 count:1 mapcount:0 mapping:ffff8801da8007c0 index:0x0 [ 64.268816] flags: 0x2fffc0000000100(slab) [ 64.273035] raw: 02fffc0000000100 ffffea000739cd08 ffffea0007635cc8 ffff8801da8007c0 [ 64.280900] raw: 0000000000000000 ffff8801cd0c0000 000000010000000c 0000000000000000 [ 64.288758] page dumped because: kasan: bad access detected [ 64.294449] [ 64.296062] Memory state around the buggy address: [ 64.300985] ffff8801cd0bff00: fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb fb [ 64.308326] ffff8801cd0bff80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 64.315668] >ffff8801cd0c0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.323007] ^ [ 64.326355] ffff8801cd0c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.333708] ffff8801cd0c0100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 64.341046] ================================================================== [ 64.349916] Kernel panic - not syncing: panic_on_warn set ... [ 64.349916] [ 64.357296] CPU: 0 PID: 7206 Comm: syz-executor4 Tainted: G B 4.19.0-rc8+ #197 [ 64.365938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.375274] Call Trace: [ 64.377847] dump_stack+0x1c4/0x2b6 [ 64.381611] ? dump_stack_print_info.cold.1+0x20/0x20 [ 64.386790] panic+0x238/0x4e7 [ 64.389966] ? add_taint.cold.5+0x16/0x16 [ 64.394099] ? preempt_schedule+0x4d/0x60 [ 64.398237] ? ___preempt_schedule+0x16/0x18 [ 64.402632] ? trace_hardirqs_on+0xb4/0x310 [ 64.406940] kasan_end_report+0x47/0x4f [ 64.410898] kasan_report.cold.9+0x76/0x309 [ 64.415208] ? __mutex_unlock_slowpath+0x10f/0x8c0 [ 64.420124] check_memory_region+0x13e/0x1b0 [ 64.424518] kasan_check_read+0x11/0x20 [ 64.428479] __mutex_unlock_slowpath+0x10f/0x8c0 [ 64.433222] ? wait_for_completion+0x8a0/0x8a0 [ 64.437788] ? radix_tree_delete_item+0x188/0x350 [ 64.442628] ? radix_tree_lookup+0x30/0x30 [ 64.446868] mutex_unlock+0xd/0x10 [ 64.450412] ucma_destroy_id+0x2cb/0x550 [ 64.454462] ? ucma_close+0x310/0x310 [ 64.458251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.463771] ? _copy_from_user+0xdf/0x150 [ 64.467945] ? ucma_close+0x310/0x310 [ 64.471760] ucma_write+0x365/0x460 [ 64.475403] ? ucma_open+0x3f0/0x3f0 [ 64.479109] __vfs_write+0x119/0x9f0 [ 64.482808] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 64.487722] ? ucma_open+0x3f0/0x3f0 [ 64.491419] ? kernel_read+0x120/0x120 [ 64.495291] ? apparmor_path_rmdir+0x30/0x30 [ 64.499688] ? apparmor_file_permission+0x24/0x30 [ 64.504518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.510042] ? security_file_permission+0x1c2/0x230 [ 64.515045] ? rw_verify_area+0x118/0x360 [ 64.519177] vfs_write+0x1fc/0x560 [ 64.522716] ksys_write+0x101/0x260 [ 64.526332] ? __ia32_sys_read+0xb0/0xb0 [ 64.530406] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 64.535851] __ia32_sys_write+0x71/0xb0 [ 64.539813] do_fast_syscall_32+0x34d/0xfb2 [ 64.544129] ? do_int80_syscall_32+0x890/0x890 [ 64.548702] ? entry_SYSENTER_compat+0x68/0x7f [ 64.553285] ? trace_hardirqs_off_caller+0xbb/0x310 [ 64.558286] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.563129] ? trace_hardirqs_on_caller+0x310/0x310 [ 64.568133] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 64.573135] ? recalc_sigpending_tsk+0x180/0x180 [ 64.577876] ? kasan_check_write+0x14/0x20 [ 64.582097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 64.586925] entry_SYSENTER_compat+0x70/0x7f [ 64.591315] RIP: 0023:0xf7f6bca9 [ 64.594669] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 64.613568] RSP: 002b:00000000f7f250cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 64.621260] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000280 [ 64.628512] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.635762] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 64.643013] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 64.650267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 64.658315] Kernel Offset: disabled [ 64.661939] Rebooting in 86400 seconds..