[ 36.990827] IPVS: ftp: loaded support on port[0] = 21 [ 38.139062] can: request_module (can-proto-0) failed. [ 38.148703] can: request_module (can-proto-0) failed. [ 38.157759] can: request_module (can-proto-0) failed. [ 38.322815] audit: type=1400 audit(1577661072.924:38): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 38.346675] audit: type=1400 audit(1577661072.924:39): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 38.371493] audit: type=1400 audit(1577661072.924:40): avc: denied { create } for pid=6727 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 38.538007] random: sshd: uninitialized urandom read (32 bytes read) [ 39.327552] random: sshd: uninitialized urandom read (32 bytes read) [ 39.513602] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. 2019/12/29 23:11:19 parsed 1 programs 2019/12/29 23:11:20 executed programs: 0 [ 45.760958] IPVS: ftp: loaded support on port[0] = 21 [ 46.556885] chnl_net:caif_netlink_parms(): no params data found [ 46.564510] IPVS: ftp: loaded support on port[0] = 21 [ 46.612262] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.619198] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.626136] device bridge_slave_0 entered promiscuous mode [ 46.635171] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.641599] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.648787] device bridge_slave_1 entered promiscuous mode [ 46.676769] IPVS: ftp: loaded support on port[0] = 21 [ 46.684428] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.693445] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.736322] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.743892] team0: Port device team_slave_0 added [ 46.758269] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.765700] team0: Port device team_slave_1 added [ 46.770820] chnl_net:caif_netlink_parms(): no params data found [ 46.786487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.796784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.851886] device hsr_slave_0 entered promiscuous mode [ 46.890308] device hsr_slave_1 entered promiscuous mode [ 46.932667] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.941469] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.957549] IPVS: ftp: loaded support on port[0] = 21 [ 46.974138] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.980825] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.988140] device bridge_slave_0 entered promiscuous mode [ 46.998157] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.006246] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.013130] device bridge_slave_1 entered promiscuous mode [ 47.040699] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.054967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.102834] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.109569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.116507] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.122914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.132300] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.139420] team0: Port device team_slave_0 added [ 47.161668] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.168831] team0: Port device team_slave_1 added [ 47.176647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.183866] chnl_net:caif_netlink_parms(): no params data found [ 47.198007] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.234958] IPVS: ftp: loaded support on port[0] = 21 [ 47.262337] device hsr_slave_0 entered promiscuous mode [ 47.310346] device hsr_slave_1 entered promiscuous mode [ 47.352612] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.378387] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.396247] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.402873] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.409813] device bridge_slave_0 entered promiscuous mode [ 47.417189] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.423602] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.431025] device bridge_slave_1 entered promiscuous mode [ 47.467394] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.508913] chnl_net:caif_netlink_parms(): no params data found [ 47.521931] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.529981] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.536530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.543251] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.552549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.592873] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.600937] IPVS: ftp: loaded support on port[0] = 21 [ 47.606365] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.616230] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.623321] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.644244] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.651559] team0: Port device team_slave_0 added [ 47.659762] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.666864] team0: Port device team_slave_1 added [ 47.684678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.703863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.735496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.802200] device hsr_slave_0 entered promiscuous mode [ 47.840355] device hsr_slave_1 entered promiscuous mode [ 47.881131] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.887418] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.896103] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.902533] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.909437] device bridge_slave_0 entered promiscuous mode [ 47.918579] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.925006] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.932295] device bridge_slave_1 entered promiscuous mode [ 47.958392] chnl_net:caif_netlink_parms(): no params data found [ 47.968029] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.992772] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.008301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.015884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.024692] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.038542] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.044905] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.053589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.063273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.072102] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.084538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.092862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.102053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.109739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.117420] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.123952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.131837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.139697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.147596] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.153979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.161271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.184286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.199194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.213001] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.219380] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.226499] device bridge_slave_0 entered promiscuous mode [ 48.236659] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.243735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.253155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.259918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.272828] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.279201] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.286944] device bridge_slave_1 entered promiscuous mode [ 48.295058] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.304345] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.310677] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.317694] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.325913] team0: Port device team_slave_0 added [ 48.331741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.352481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.359854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.368414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.375901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.383877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.391789] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.398240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.405147] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.412331] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.419341] team0: Port device team_slave_1 added [ 48.425148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.436601] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.445911] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.454603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.486481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 48.496401] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 48.504700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.543496] device hsr_slave_0 entered promiscuous mode [ 48.580392] device hsr_slave_1 entered promiscuous mode [ 48.620905] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.628244] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.644820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 48.654384] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.661979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.669417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.677063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.684820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.692789] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.699117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.708806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 48.719081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.748516] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.756217] team0: Port device team_slave_0 added [ 48.761798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.769374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.776803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.785635] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 48.791969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.820821] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.827944] team0: Port device team_slave_1 added [ 48.834977] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.843382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.853869] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 48.865676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.874377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.881472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.897267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.905952] chnl_net:caif_netlink_parms(): no params data found [ 48.926239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.934691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.942707] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 48.948996] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.955960] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.962712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.979779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.988326] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.053497] device hsr_slave_0 entered promiscuous mode [ 49.090335] device hsr_slave_1 entered promiscuous mode [ 49.134598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.141498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.149397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.161538] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.169561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 49.185179] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.196289] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.203465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.213943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.221693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.228452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.238022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 49.255235] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.264235] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.271245] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.278181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.289515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.299779] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.305896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.313035] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.319375] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.327529] device bridge_slave_0 entered promiscuous mode [ 49.335833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.358964] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 49.368096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.375956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.383796] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.390434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.397915] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.404439] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.411727] device bridge_slave_1 entered promiscuous mode [ 49.419525] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.432474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.442681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.451253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.466100] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 49.481079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.488252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.496849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.504560] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.510949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.517666] audit: type=1400 audit(1577661084.104:41): avc: denied { write } for pid=6851 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 49.518149] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.546508] audit: type=1400 audit(1577661084.114:42): avc: denied { read } for pid=6851 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 49.548954] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.581609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.597448] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.614237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.631333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.642882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.652597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.659635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.671072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.679413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.690007] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.700747] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.707406] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.718660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.727729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.741103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.758845] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.774117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.786314] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.793257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.801033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.808456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.816297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.824551] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.830954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.843280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.857984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 49.868494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.876960] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.884562] team0: Port device team_slave_0 added [ 49.892507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.900806] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.908231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.916473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.925381] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.931779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.945016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.954935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 49.967446] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.976029] team0: Port device team_slave_1 added [ 49.982097] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.998403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.008897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.016606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.037150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.045207] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.051916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.060544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.075117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.096653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.107922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.114941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.122715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.135233] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.193606] device hsr_slave_0 entered promiscuous mode [ 50.230502] device hsr_slave_1 entered promiscuous mode [ 50.264585] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.272897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.285774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.295939] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.304887] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.312193] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.319638] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.329549] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 50.346818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.361339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.370985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.381732] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.398398] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.405156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.412815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.420305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.427102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.435194] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.442255] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.452304] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.458332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.467414] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.473720] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.482971] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.495403] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.503257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.511235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.518726] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.525104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.532078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.545852] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 50.554050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.563573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.572208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.584487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.592576] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.598910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.607688] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.618556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.629204] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.636797] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.644545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.654620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.663787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.672158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.682382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.696116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.709041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.716924] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.725365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.742955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.751094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.761281] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.773111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.781287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.795074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.809418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.817650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.826122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.836385] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.843526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.856866] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.868080] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.875054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.884478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.898338] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 50.907402] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.914426] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.926434] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.933455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.941894] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.951811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.961765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.971571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.979680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.988185] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.994593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.001959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.010166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 2019/12/29 23:11:25 executed programs: 16 [ 51.017861] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.024419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.032296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.042780] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.050282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.062776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.079107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.102793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.110979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.119382] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.131044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.139756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.148589] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.156063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.163810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.173894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.184099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.192647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.203968] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.212380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.220231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.234418] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.240961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.254976] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 51.264369] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.272071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.278800] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.291303] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/12/29 23:11:30 executed programs: 131 2019/12/29 23:11:35 executed programs: 286 2019/12/29 23:11:40 executed programs: 445 2019/12/29 23:11:45 executed programs: 601 2019/12/29 23:11:50 executed programs: 757 2019/12/29 23:11:55 executed programs: 915 2019/12/29 23:12:00 executed programs: 1072 2019/12/29 23:12:05 executed programs: 1229 2019/12/29 23:12:10 executed programs: 1387 2019/12/29 23:12:15 executed programs: 1540 [ 104.257254] [ 104.259036] ===================================== [ 104.263969] WARNING: bad unlock balance detected! [ 104.268794] 4.14.160-syzkaller #0 Not tainted [ 104.273264] ------------------------------------- [ 104.278083] syz-executor.2/25221 is trying to release lock (&file->mut) at: [ 104.285180] [] ucma_destroy_id+0x236/0x400 [ 104.290974] but there are no more locks to release! [ 104.295977] [ 104.295977] other info that might help us debug this: [ 104.302626] 1 lock held by syz-executor.2/25221: [ 104.308532] #0: (&file->mut){+.+.}, at: [] ucma_destroy_id+0x1d3/0x400 [ 104.317034] [ 104.317034] stack backtrace: [ 104.321524] CPU: 1 PID: 25221 Comm: syz-executor.2 Not tainted 4.14.160-syzkaller #0 [ 104.329392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.338749] Call Trace: [ 104.341323] dump_stack+0xf7/0x13b [ 104.344847] ? ucma_destroy_id+0x236/0x400 [ 104.349076] print_unlock_imbalance_bug.cold.62+0x114/0x123 [ 104.354777] lock_release+0x623/0x830 [ 104.358555] ? ucma_destroy_id+0x236/0x400 [ 104.362770] ? lock_downgrade+0x7f0/0x7f0 [ 104.366905] __mutex_unlock_slowpath+0x7d/0x7e0 [ 104.371547] ? wait_for_completion+0x440/0x440 [ 104.376111] mutex_unlock+0xd/0x10 [ 104.379639] ucma_destroy_id+0x236/0x400 [ 104.383727] ? ucma_close+0x2e0/0x2e0 [ 104.387506] ? kasan_check_write+0x14/0x20 [ 104.391715] ucma_write+0x1f1/0x2c0 [ 104.395316] ? ucma_open+0x260/0x260 [ 104.399005] ? trace_hardirqs_off+0x10/0x10 [ 104.403306] __vfs_write+0xdb/0x840 [ 104.406910] ? kernel_read+0x130/0x130 [ 104.410774] ? __might_sleep+0x93/0xb0 [ 104.414638] ? __inode_security_revalidate+0xd3/0x100 [ 104.419813] ? selinux_file_permission+0x31f/0x3e0 [ 104.424735] ? security_file_permission+0x6e/0x1c0 [ 104.429642] ? rw_verify_area+0xb8/0x2b0 [ 104.433688] vfs_write+0x150/0x4f0 [ 104.437270] SyS_write+0x100/0x250 [ 104.440817] ? SyS_read+0x250/0x250 [ 104.444629] ? do_syscall_64+0x4c/0x5b0 [ 104.448596] ? SyS_read+0x250/0x250 [ 104.452205] do_syscall_64+0x1c7/0x5b0 [ 104.456073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 104.461852] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 104.467068] RIP: 0033:0x45a679 [ 104.470237] RSP: 002b:00007feb5813ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.477924] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 104.485175] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 104.492431] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 104.499798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb5813b6d4 [ 104.507064] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 104.516393] kobject: 'loop3' (ffff8880a4b9c420): kobject_uevent_env [ 104.526160] ================================================================== [ 104.526853] kobject: 'loop3' (ffff8880a4b9c420): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 104.533537] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.533541] Read of size 8 at addr ffff88808e15e040 by task syz-executor.2/25221 [ 104.533542] [ 104.533548] CPU: 1 PID: 25221 Comm: syz-executor.2 Not tainted 4.14.160-syzkaller #0 [ 104.533551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.533553] Call Trace: [ 104.533562] dump_stack+0xf7/0x13b [ 104.533566] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.533578] print_address_description.cold.7+0x9/0x1c9 [ 104.533581] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.533585] kasan_report.cold.8+0x11a/0x2d3 [ 104.533590] __asan_report_load8_noabort+0x14/0x20 [ 104.533593] __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.533603] ? wait_for_completion+0x440/0x440 [ 104.533610] mutex_unlock+0xd/0x10 [ 104.533614] ucma_destroy_id+0x236/0x400 [ 104.533618] ? ucma_close+0x2e0/0x2e0 [ 104.533625] ? kasan_check_write+0x14/0x20 [ 104.533630] ucma_write+0x1f1/0x2c0 [ 104.533634] ? ucma_open+0x260/0x260 [ 104.533640] ? trace_hardirqs_off+0x10/0x10 [ 104.533647] __vfs_write+0xdb/0x840 [ 104.533653] ? kernel_read+0x130/0x130 [ 104.533657] ? __might_sleep+0x93/0xb0 [ 104.533664] ? __inode_security_revalidate+0xd3/0x100 [ 104.533670] ? selinux_file_permission+0x31f/0x3e0 [ 104.533677] ? security_file_permission+0x6e/0x1c0 [ 104.533682] ? rw_verify_area+0xb8/0x2b0 [ 104.533686] vfs_write+0x150/0x4f0 [ 104.533691] SyS_write+0x100/0x250 [ 104.533694] ? SyS_read+0x250/0x250 [ 104.533700] ? do_syscall_64+0x4c/0x5b0 [ 104.533704] ? SyS_read+0x250/0x250 [ 104.533708] do_syscall_64+0x1c7/0x5b0 [ 104.533711] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 104.533718] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 104.533722] RIP: 0033:0x45a679 [ 104.533725] RSP: 002b:00007feb5813ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.533730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 104.533732] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 104.533736] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 104.554160] kobject: 'loop1' (ffff8880a4aea320): kobject_uevent_env [ 104.557969] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb5813b6d4 [ 104.557971] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 104.557980] [ 104.557984] Allocated by task 25241: [ 104.557993] save_stack_trace+0x16/0x20 [ 104.558000] save_stack+0x43/0xd0 [ 104.564813] kobject: 'loop1' (ffff8880a4aea320): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 104.568271] kasan_kmalloc+0xc7/0xe0 [ 104.568277] kmem_cache_alloc_trace+0x152/0x7a0 [ 104.568281] ucma_open+0x4d/0x260 [ 104.568289] misc_open+0x31b/0x4d0 [ 104.591097] kobject: 'loop5' (ffff8880a442cda0): kobject_uevent_env [ 104.594156] chrdev_open+0x1e9/0x5b0 [ 104.594162] do_dentry_open+0x620/0xdb0 [ 104.594166] vfs_open+0xfc/0x240 [ 104.594170] path_openat+0xe6d/0x3b50 [ 104.594172] do_filp_open+0x16b/0x220 [ 104.594175] do_sys_open+0x1c2/0x340 [ 104.594180] SyS_openat+0xf/0x20 [ 104.603747] kobject: 'loop5' (ffff8880a442cda0): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 104.608409] do_syscall_64+0x1c7/0x5b0 [ 104.608415] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 104.608417] [ 104.608421] Freed by task 25183: [ 104.616000] kobject: 'loop4' (ffff8880a4bf6d20): kobject_uevent_env [ 104.618433] save_stack_trace+0x16/0x20 [ 104.618438] save_stack+0x43/0xd0 [ 104.618442] kasan_slab_free+0x71/0xc0 [ 104.618444] kfree+0xcc/0x270 [ 104.618449] ucma_close+0x246/0x2e0 [ 104.618452] __fput+0x232/0x750 [ 104.618457] ____fput+0x9/0x10 [ 104.623675] kobject: 'loop4' (ffff8880a4bf6d20): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 104.626139] task_work_run+0xe5/0x170 [ 104.626145] exit_to_usermode_loop+0x16a/0x1b0 [ 104.626148] do_syscall_64+0x416/0x5b0 [ 104.626153] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 104.626156] [ 104.656211] kobject: 'loop0' (ffff8880a4a902a0): kobject_uevent_env [ 104.659272] The buggy address belongs to the object at ffff88808e15e040 [ 104.659272] which belongs to the cache kmalloc-256 of size 256 [ 104.673815] kobject: 'loop0' (ffff8880a4a902a0): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 104.675490] The buggy address is located 0 bytes inside of [ 104.675490] 256-byte region [ffff88808e15e040, ffff88808e15e140) [ 104.675492] The buggy address belongs to the page: [ 104.675496] page:ffffea0002385780 count:1 mapcount:0 mapping:ffff88808e15e040 index:0x0 [ 104.675501] flags: 0xfffe0000000100(slab) [ 104.675506] raw: 00fffe0000000100 ffff88808e15e040 0000000000000000 000000010000000c [ 104.752014] kobject: 'loop5' (ffff8880a442cda0): kobject_uevent_env [ 104.758199] raw: ffffea0002320e20 ffffea000254d1a0 ffff8880aa8007c0 0000000000000000 [ 104.758201] page dumped because: kasan: bad access detected [ 104.758203] [ 104.758204] Memory state around the buggy address: [ 104.758207] ffff88808e15df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.758210] ffff88808e15df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.758214] >ffff88808e15e000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 104.770257] kobject: 'loop5' (ffff8880a442cda0): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 104.770804] ^ [ 104.770808] ffff88808e15e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 104.770811] ffff88808e15e100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.770813] ================================================================== [ 104.774452] Kernel panic - not syncing: panic_on_warn set ... [ 104.774452] [ 104.779886] kobject: 'loop3' (ffff8880a4b9c420): kobject_uevent_env [ 104.787665] CPU: 1 PID: 25221 Comm: syz-executor.2 Tainted: G B 4.14.160-syzkaller #0 [ 104.787667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.787669] Call Trace: [ 104.787680] dump_stack+0xf7/0x13b [ 104.787685] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.787690] panic+0x1b0/0x358 [ 104.787694] ? add_taint.cold.5+0x11/0x11 [ 104.787701] ? ___preempt_schedule+0x16/0x18 [ 104.787705] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.787711] kasan_end_report+0x47/0x4f [ 104.787715] kasan_report.cold.8+0x76/0x2d3 [ 104.787720] __asan_report_load8_noabort+0x14/0x20 [ 104.787723] __mutex_unlock_slowpath+0x6c7/0x7e0 [ 104.787726] ? wait_for_completion+0x440/0x440 [ 104.787732] mutex_unlock+0xd/0x10 [ 104.787737] ucma_destroy_id+0x236/0x400 [ 104.787740] ? ucma_close+0x2e0/0x2e0 [ 104.787747] ? kasan_check_write+0x14/0x20 [ 104.787750] ucma_write+0x1f1/0x2c0 [ 104.787754] ? ucma_open+0x260/0x260 [ 104.787760] ? trace_hardirqs_off+0x10/0x10 [ 104.787768] __vfs_write+0xdb/0x840 [ 104.787773] ? kernel_read+0x130/0x130 [ 104.787778] ? __might_sleep+0x93/0xb0 [ 104.787785] ? __inode_security_revalidate+0xd3/0x100 [ 104.787790] ? selinux_file_permission+0x31f/0x3e0 [ 104.787796] ? security_file_permission+0x6e/0x1c0 [ 104.787801] ? rw_verify_area+0xb8/0x2b0 [ 104.787807] vfs_write+0x150/0x4f0 [ 104.787812] SyS_write+0x100/0x250 [ 104.787815] ? SyS_read+0x250/0x250 [ 104.787820] ? do_syscall_64+0x4c/0x5b0 [ 104.787824] ? SyS_read+0x250/0x250 [ 104.787828] do_syscall_64+0x1c7/0x5b0 [ 104.787831] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 104.787838] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 104.787841] RIP: 0033:0x45a679 [ 104.787844] RSP: 002b:00007feb5813ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.787849] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 104.787851] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 104.787854] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 104.787856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb5813b6d4 [ 104.787858] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 104.789215] Kernel Offset: disabled [ 105.300219] Rebooting in 86400 seconds..