[ 93.617915][ T27] audit: type=1800 audit(1577928823.470:40): pid=9683 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 97.539287][ T27] audit: type=1400 audit(1577928827.430:41): avc: denied { map } for pid=9860 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 133.301761][ T27] audit: type=1400 audit(1577928863.190:42): avc: denied { map } for pid=9872 comm="syz-executor076" path="/root/syz-executor076070988" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 135.817870][ T761] [ 135.820248][ T761] ===================================== [ 135.825879][ T761] WARNING: bad unlock balance detected! [ 135.831413][ T761] 5.5.0-rc4-syzkaller #0 Not tainted [ 135.836682][ T761] ------------------------------------- [ 135.842411][ T761] kworker/u4:5/761 is trying to release lock (&file->mut) at: [ 135.849971][ T761] [] ucma_event_handler+0x711/0xef0 [ 135.856708][ T761] but there are no more locks to release! [ 135.862405][ T761] [ 135.862405][ T761] other info that might help us debug this: [ 135.870453][ T761] 4 locks held by kworker/u4:5/761: [ 135.876580][ T761] #0: ffff88821946c128 ((wq_completion)ib_addr){+.+.}, at: process_one_work+0x88b/0x1740 [ 135.886480][ T761] #1: ffffc90003777dc0 ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 135.897770][ T761] #2: ffff888092e12390 (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xaf/0x3d0 [ 135.907244][ T761] #3: ffff8880a37bf460 (&file->mut){+.+.}, at: ucma_event_handler+0xb3/0xef0 [ 135.916091][ T761] [ 135.916091][ T761] stack backtrace: [ 135.921997][ T761] CPU: 1 PID: 761 Comm: kworker/u4:5 Not tainted 5.5.0-rc4-syzkaller #0 [ 135.930322][ T761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.940404][ T761] Workqueue: ib_addr process_one_req [ 135.945687][ T761] Call Trace: [ 135.948983][ T761] dump_stack+0x197/0x210 [ 135.953295][ T761] ? ucma_event_handler+0x711/0xef0 [ 135.958475][ T761] print_unlock_imbalance_bug.cold+0x114/0x123 [ 135.964628][ T761] ? ucma_event_handler+0x711/0xef0 [ 135.969928][ T761] lock_release+0x5f2/0x960 [ 135.974504][ T761] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 135.980394][ T761] ? lock_downgrade+0x920/0x920 [ 135.985245][ T761] ? trace_hardirqs_on+0x67/0x240 [ 135.990264][ T761] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 135.996062][ T761] __mutex_unlock_slowpath+0x86/0x6a0 [ 136.001416][ T761] ? wait_for_completion+0x440/0x440 [ 136.006693][ T761] ? lockdep_hardirqs_on+0x421/0x5e0 [ 136.011975][ T761] mutex_unlock+0xd/0x10 [ 136.016196][ T761] ucma_event_handler+0x711/0xef0 [ 136.021206][ T761] addr_handler+0x2e9/0x3d0 [ 136.025690][ T761] ? cma_work_handler+0x1f0/0x1f0 [ 136.030709][ T761] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 136.036928][ T761] ? addr_resolve+0x3b0/0x1ad0 [ 136.041846][ T761] ? rdma_translate_ip+0x2f0/0x2f0 [ 136.047653][ T761] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 136.053807][ T761] process_one_req+0x106/0x680 [ 136.058565][ T761] process_one_work+0x9af/0x1740 [ 136.063505][ T761] ? pwq_dec_nr_in_flight+0x320/0x320 [ 136.068882][ T761] ? lock_acquire+0x190/0x410 [ 136.073545][ T761] worker_thread+0x98/0xe40 [ 136.078045][ T761] ? trace_hardirqs_on+0x67/0x240 [ 136.083050][ T761] kthread+0x361/0x430 [ 136.087119][ T761] ? process_one_work+0x1740/0x1740 [ 136.092298][ T761] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 136.098099][ T761] ret_from_fork+0x24/0x30