[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   41.968865][   T26] audit: type=1800 audit(1546625056.195:25): pid=7982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   42.007194][   T26] audit: type=1800 audit(1546625056.205:26): pid=7982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   42.034274][   T26] audit: type=1800 audit(1546625056.205:27): pid=7982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts.
2019/01/04 18:04:58 parsed 1 programs
2019/01/04 18:04:59 executed programs: 0
syzkaller login: [   85.246526][ T8146] IPVS: ftp: loaded support on port[0] = 21
[   85.311418][ T8146] chnl_net:caif_netlink_parms(): no params data found
[   85.342755][ T8146] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.351021][ T8146] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.358933][ T8146] device bridge_slave_0 entered promiscuous mode
[   85.367239][ T8146] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.374402][ T8146] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.382166][ T8146] device bridge_slave_1 entered promiscuous mode
[   85.398620][ T8146] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   85.408094][ T8146] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   85.425122][ T8146] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   85.433272][ T8146] team0: Port device team_slave_0 added
[   85.439403][ T8146] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   85.447196][ T8146] team0: Port device team_slave_1 added
[   85.453177][ T8146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   85.461096][ T8146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   85.521634][ T8146] device hsr_slave_0 entered promiscuous mode
[   85.559428][ T8146] device hsr_slave_1 entered promiscuous mode
[   85.599647][ T8146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   85.607196][ T8146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   85.621482][ T8146] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.628594][ T8146] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.636133][ T8146] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.643186][ T8146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.674393][ T8146] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   85.682344][ T8146] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.691404][ T8146] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   85.700938][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.720668][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.728633][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.737551][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   85.748835][ T8146] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   85.755906][ T8146] 8021q: adding VLAN 0 to HW filter on device team0
[   85.765152][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.773544][ T2850] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.780630][ T2850] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.790780][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.799008][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.806121][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.821179][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   85.838768][ T8146] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   85.850461][ T8146] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   85.862399][ T8146] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   85.869849][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   85.877954][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   85.886575][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.895456][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   85.903970][ T2850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   85.916588][ T8146] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   85.927421][ T8146] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.248443][ T8861] 
[   88.250800][ T8861] =====================================
[   88.256341][ T8861] WARNING: bad unlock balance detected!
[   88.261858][ T8861] 4.20.0-next-20190103 #5 Not tainted
[   88.267199][ T8861] -------------------------------------
[   88.272728][ T8861] syz-executor0/8861 is trying to release lock (&file->mut) at:
[   88.280339][ T8861] [<ffffffff85adb379>] ucma_destroy_id+0x269/0x540
[   88.286816][ T8861] but there are no more locks to release!
[   88.292505][ T8861] 
[   88.292505][ T8861] other info that might help us debug this:
[   88.300552][ T8861] 1 lock held by syz-executor0/8861:
[   88.305803][ T8861]  #0: 00000000247e351f (&file->mut){+.+.}, at: ucma_destroy_id+0x209/0x540
[   88.314454][ T8861] 
[   88.314454][ T8861] stack backtrace:
[   88.320366][ T8861] CPU: 0 PID: 8861 Comm: syz-executor0 Not tainted 4.20.0-next-20190103 #5
[   88.328919][ T8861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   88.338964][ T8861] Call Trace:
[   88.342231][ T8861]  dump_stack+0x1db/0x2d0
[   88.346537][ T8861]  ? dump_stack_print_info.cold+0x20/0x20
[   88.352228][ T8861]  ? ucma_destroy_id+0x269/0x540
[   88.357144][ T8861]  ? print_tainted+0x176/0x1e0
[   88.361887][ T8861]  ? vprintk_func+0x86/0x189
[   88.366452][ T8861]  ? ucma_destroy_id+0x269/0x540
[   88.371366][ T8861]  print_unlock_imbalance_bug.cold+0xd0/0xdf
[   88.377323][ T8861]  ? ucma_destroy_id+0x269/0x540
[   88.382233][ T8861]  lock_release+0x77a/0xc40
[   88.386714][ T8861]  ? lock_downgrade+0x910/0x910
[   88.391571][ T8861]  ? __radix_tree_delete+0x27e/0x4e0
[   88.396846][ T8861]  ? idr_preload+0x50/0x50
[   88.401234][ T8861]  ? __radix_tree_lookup+0x3aa/0x4f0
[   88.406497][ T8861]  __mutex_unlock_slowpath+0xe9/0x870
[   88.411848][ T8861]  ? wait_for_completion+0x810/0x810
[   88.417111][ T8861]  mutex_unlock+0xd/0x10
[   88.421337][ T8861]  ucma_destroy_id+0x269/0x540
[   88.426089][ T8861]  ? ucma_close+0x320/0x320
[   88.430602][ T8861]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   88.436858][ T8861]  ? _copy_from_user+0xdd/0x150
[   88.441700][ T8861]  ucma_write+0x36b/0x480
[   88.446039][ T8861]  ? ucma_close+0x320/0x320
[   88.450516][ T8861]  ? ucma_open+0x400/0x400
[   88.454907][ T8861]  ? __might_fault+0x12b/0x1e0
[   88.459646][ T8861]  ? find_held_lock+0x35/0x120
[   88.464387][ T8861]  __vfs_write+0x116/0xb40
[   88.468780][ T8861]  ? ucma_open+0x400/0x400
[   88.473174][ T8861]  ? kernel_read+0x120/0x120
[   88.477738][ T8861]  ? fget_raw+0x20/0x20
[   88.481877][ T8861]  ? trace_hardirqs_off_caller+0x300/0x300
[   88.487673][ T8861]  ? apparmor_file_permission+0x25/0x30
[   88.493193][ T8861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.499431][ T8861]  ? security_file_permission+0x94/0x320
[   88.505061][ T8861]  ? rw_verify_area+0x118/0x360
[   88.509901][ T8861]  vfs_write+0x20c/0x580
[   88.514120][ T8861]  ksys_write+0x105/0x260
[   88.518427][ T8861]  ? __ia32_sys_read+0xb0/0xb0
[   88.523164][ T8861]  ? trace_hardirqs_off_caller+0x300/0x300
[   88.528944][ T8861]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   88.534379][ T8861]  __x64_sys_write+0x73/0xb0
[   88.538959][ T8861]  do_syscall_64+0x1a3/0x800
[   88.543525][ T8861]  ? syscall_return_slowpath+0x5f0/0x5f0
[   88.549138][ T8861]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   88.554844][ T8861]  ? __switch_to_asm+0x34/0x70
[   88.559588][ T8861]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   88.565111][ T8861]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.570977][ T8861] RIP: 0033:0x457ec9
[   88.574847][ T8861] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   88.594456][ T8861] RSP: 002b:00007f684847ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.602839][ T8861] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[   88.610790][ T8861] RDX: 0000000000000018 RSI: 00000000200002c0 RDI: 0000000000000005
[   88.618741][ T8861] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[   88.626684][ T8861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f684847b6d4
[   88.634631][ T8861] R13: 00000000004cd3c8 R14: 00000000004dc1c0 R15: 00000000ffffffff