[ 23.516074] audit: type=1400 audit(1576065238.712:41): avc: denied { map } for pid=4441 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 29.650852] audit: type=1400 audit(1576065244.847:42): avc: denied { map } for pid=4452 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 31.094564] IPVS: ftp: loaded support on port[0] = 21 [ 31.117281] audit: type=1400 audit(1576065246.313:43): avc: denied { associate } for pid=4468 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 31.235242] tipc: TX() has been purged, node left! [ 56.446607] can: request_module (can-proto-0) failed. [ 56.456627] can: request_module (can-proto-0) failed. [ 56.586706] audit: type=1400 audit(1576065271.783:44): avc: denied { create } for pid=4452 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 56.610480] audit: type=1400 audit(1576065271.783:45): avc: denied { create } for pid=4452 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 56.634214] audit: type=1400 audit(1576065271.784:46): avc: denied { create } for pid=4452 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. 2019/12/11 11:54:40 parsed 1 programs 2019/12/11 11:54:40 executed programs: 0 [ 65.470375] IPVS: ftp: loaded support on port[0] = 21 [ 65.488376] IPVS: ftp: loaded support on port[0] = 21 [ 65.540261] IPVS: ftp: loaded support on port[0] = 21 [ 65.547676] IPVS: ftp: loaded support on port[0] = 21 [ 65.569778] IPVS: ftp: loaded support on port[0] = 21 [ 65.589058] IPVS: ftp: loaded support on port[0] = 21 [ 66.243581] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.250184] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.261986] device bridge_slave_0 entered promiscuous mode [ 66.291628] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.298062] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.316803] device bridge_slave_0 entered promiscuous mode [ 66.324356] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.330906] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.338431] device bridge_slave_1 entered promiscuous mode [ 66.374533] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.380977] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.396416] device bridge_slave_1 entered promiscuous mode [ 66.422603] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.429046] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.437443] device bridge_slave_0 entered promiscuous mode [ 66.472746] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.479196] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.489355] device bridge_slave_0 entered promiscuous mode [ 66.507477] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.513939] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.527308] device bridge_slave_1 entered promiscuous mode [ 66.534902] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.541338] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.549661] device bridge_slave_0 entered promiscuous mode [ 66.558531] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.564934] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.572957] device bridge_slave_0 entered promiscuous mode [ 66.593934] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.601659] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.618096] device bridge_slave_1 entered promiscuous mode [ 66.625524] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.632029] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.640207] device bridge_slave_1 entered promiscuous mode [ 66.659514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.671237] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.677693] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.686021] device bridge_slave_1 entered promiscuous mode [ 66.706939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.722344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.779564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.802649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.891625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.910731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.924618] team0: Port device team_slave_0 added [ 66.944117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.967343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.977669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.993920] team0: Port device team_slave_1 added [ 67.018811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.028856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.043664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.059288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.083987] team0: Port device team_slave_0 added [ 67.090088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.102837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.114519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.138399] team0: Port device team_slave_1 added [ 67.150236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.169081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.177892] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.185625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.203246] team0: Port device team_slave_0 added [ 67.212042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.228718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.238725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.260997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.273838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.285779] team0: Port device team_slave_1 added [ 67.304518] team0: Port device team_slave_0 added [ 67.316209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.330316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.339668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.347840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.357202] team0: Port device team_slave_0 added [ 67.368326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.378077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.393220] team0: Port device team_slave_1 added [ 67.404090] team0: Port device team_slave_1 added [ 67.422555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.433107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.445763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.463992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.479498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.491107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.501961] team0: Port device team_slave_0 added [ 67.514268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.536878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.553384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.565065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.583616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.606920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.614780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.622731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.633409] team0: Port device team_slave_1 added [ 67.650022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.665257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.685863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.698286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.715517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.727854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.743442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.766216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.821883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.830837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.861954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.876794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.995434] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.001999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.008983] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.015362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.030060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.049843] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.056259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.062938] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.069358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.171567] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.178021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.184706] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.191101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.265561] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.271982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.278614] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.285058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.348111] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.355070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.361760] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.368187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.416260] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.422719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.429407] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.435811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.080262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.094698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.113983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.121352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.128764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.926058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.952006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.985819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.017710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.129831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.147116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.165191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.178675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.306114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.317701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.334038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.352106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.364365] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.406927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.419629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.481962] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.491355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.500467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.522770] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.566925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.578980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.592455] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.648623] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.721602] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.424634] audit: type=1400 audit(1576065286.621:47): avc: denied { open } for pid=6085 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 71.479145] hrtimer: interrupt took 22636 ns 2019/12/11 11:54:46 executed programs: 6 2019/12/11 11:54:51 executed programs: 209 2019/12/11 11:54:56 executed programs: 419 2019/12/11 11:55:01 executed programs: 629 2019/12/11 11:55:06 executed programs: 839 2019/12/11 11:55:11 executed programs: 1045 2019/12/11 11:55:16 executed programs: 1251 2019/12/11 11:55:21 executed programs: 1455 2019/12/11 11:55:26 executed programs: 1660 2019/12/11 11:55:31 executed programs: 1869 2019/12/11 11:55:36 executed programs: 2076 2019/12/11 11:55:41 executed programs: 2283 2019/12/11 11:55:46 executed programs: 2489 2019/12/11 11:55:51 executed programs: 2694 2019/12/11 11:55:56 executed programs: 2898 2019/12/11 11:56:01 executed programs: 3104 2019/12/11 11:56:06 executed programs: 3307 2019/12/11 11:56:11 executed programs: 3512 2019/12/11 11:56:17 executed programs: 3716 2019/12/11 11:56:22 executed programs: 3919 2019/12/11 11:56:27 executed programs: 4124 2019/12/11 11:56:32 executed programs: 4329 2019/12/11 11:56:37 executed programs: 4533 2019/12/11 11:56:42 executed programs: 4738 2019/12/11 11:56:47 executed programs: 4945 2019/12/11 11:56:52 executed programs: 5152 2019/12/11 11:56:57 executed programs: 5358 2019/12/11 11:57:02 executed programs: 5567 2019/12/11 11:57:07 executed programs: 5773 2019/12/11 11:57:12 executed programs: 5980 2019/12/11 11:57:17 executed programs: 6188 2019/12/11 11:57:22 executed programs: 6385 2019/12/11 11:57:27 executed programs: 6591 2019/12/11 11:57:32 executed programs: 6799 2019/12/11 11:57:37 executed programs: 7007 2019/12/11 11:57:42 executed programs: 7213 2019/12/11 11:57:47 executed programs: 7420 [ 256.048418] [ 256.050100] ===================================== [ 256.054942] WARNING: bad unlock balance detected! [ 256.059817] 5.5.0-rc1-syzkaller #0 Not tainted [ 256.064384] ------------------------------------- [ 256.069209] kworker/u4:0/7 is trying to release lock (&file->mut) at: [ 256.075885] [] ucma_event_handler+0x675/0xf90 [ 256.081921] but there are no more locks to release! [ 256.087008] [ 256.087008] other info that might help us debug this: [ 256.093664] 4 locks held by kworker/u4:0/7: [ 256.098189] #0: ffff8881d56a5928 ((wq_completion)ib_addr){+.+.}, at: process_one_work+0x76f/0x15d0 [ 256.107628] #1: ffff8881da2ffdf0 ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0x79f/0x15d0 [ 256.118321] #2: ffff8881c7140390 (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xac/0x300 [ 256.127179] #3: ffff8881bcf81260 (&file->mut){+.+.}, at: ucma_event_handler+0xa8/0xf90 [ 256.135313] [ 256.135313] stack backtrace: [ 256.139803] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.5.0-rc1-syzkaller #0 [ 256.147225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.156656] Workqueue: ib_addr process_one_req [ 256.161223] Call Trace: [ 256.163831] dump_stack+0x12f/0x187 [ 256.167436] ? ucma_event_handler+0x675/0xf90 [ 256.171905] ? ucma_event_handler+0x675/0xf90 [ 256.176438] print_unlock_imbalance_bug.cold.53+0x114/0x123 [ 256.182172] lock_release+0x5f6/0x900 [ 256.185951] ? lock_downgrade+0x900/0x900 [ 256.190117] ? __wake_up_common_lock+0xf3/0x140 [ 256.194766] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 256.199431] ? _raw_spin_unlock_irqrestore+0x6f/0xc0 [ 256.204586] ? trace_hardirqs_on+0x28/0x180 [ 256.208894] __mutex_unlock_slowpath+0x87/0x6a0 [ 256.213560] ? __wake_up_common+0x600/0x600 [ 256.217857] ? wait_for_completion+0x460/0x460 [ 256.222431] mutex_unlock+0x1b/0x30 [ 256.226051] ucma_event_handler+0x675/0xf90 [ 256.230364] addr_handler+0x23a/0x300 [ 256.234145] ? cma_work_handler+0x1c0/0x1c0 [ 256.238456] ? cma_work_handler+0x1c0/0x1c0 [ 256.242753] process_one_req+0xdf/0x610 [ 256.246707] process_one_work+0x852/0x15d0 [ 256.250920] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 256.255591] ? lock_acquire+0x194/0x3e0 [ 256.259543] worker_thread+0x81/0xb80 [ 256.263334] kthread+0x334/0x3f0 [ 256.266704] ? process_one_work+0x15d0/0x15d0 [ 256.271174] ? kthread_mod_delayed_work+0x190/0x190 [ 256.276182] ret_from_fork+0x3a/0x50