syzkaller login: [ 33.381593] kauditd_printk_skb: 9 callbacks suppressed [ 33.381600] audit: type=1400 audit(1577662633.717:35): avc: denied { map } for pid=7047 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.787279] audit: type=1400 audit(1577662640.127:36): avc: denied { map } for pid=7058 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.528680] IPVS: ftp: loaded support on port[0] = 21 [ 40.913632] can: request_module (can-proto-0) failed. [ 41.991577] can: request_module (can-proto-0) failed. [ 42.000297] can: request_module (can-proto-0) failed. [ 42.146274] audit: type=1400 audit(1577662642.487:37): avc: denied { create } for pid=7058 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 42.169865] audit: type=1400 audit(1577662642.487:38): avc: denied { create } for pid=7058 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.193518] audit: type=1400 audit(1577662642.487:39): avc: denied { create } for pid=7058 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. 2019/12/29 23:37:29 parsed 1 programs 2019/12/29 23:37:29 executed programs: 0 [ 49.396794] IPVS: ftp: loaded support on port[0] = 21 [ 49.402765] IPVS: ftp: loaded support on port[0] = 21 [ 49.408044] IPVS: ftp: loaded support on port[0] = 21 [ 49.458307] IPVS: ftp: loaded support on port[0] = 21 [ 49.478960] IPVS: ftp: loaded support on port[0] = 21 [ 49.509998] IPVS: ftp: loaded support on port[0] = 21 [ 49.615985] chnl_net:caif_netlink_parms(): no params data found [ 49.625822] chnl_net:caif_netlink_parms(): no params data found [ 49.725910] chnl_net:caif_netlink_parms(): no params data found [ 49.733950] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.740904] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.748780] device bridge_slave_0 entered promiscuous mode [ 49.757621] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.764618] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.771412] device bridge_slave_1 entered promiscuous mode [ 49.815744] chnl_net:caif_netlink_parms(): no params data found [ 49.841100] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.853169] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.883977] chnl_net:caif_netlink_parms(): no params data found [ 49.898808] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.905875] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.912702] device bridge_slave_0 entered promiscuous mode [ 49.932724] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.940910] team0: Port device team_slave_0 added [ 49.946692] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.956594] team0: Port device team_slave_1 added [ 49.962219] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.968712] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.975946] device bridge_slave_1 entered promiscuous mode [ 49.986195] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.992546] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.999572] device bridge_slave_0 entered promiscuous mode [ 50.008884] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.015325] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.022202] device bridge_slave_1 entered promiscuous mode [ 50.028570] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.072260] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.078692] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.085931] device bridge_slave_0 entered promiscuous mode [ 50.093097] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.126704] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.134552] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.141040] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.148589] device bridge_slave_1 entered promiscuous mode [ 50.170566] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.183244] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.192201] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.226691] device hsr_slave_0 entered promiscuous mode [ 50.274499] device hsr_slave_1 entered promiscuous mode [ 50.316662] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.340973] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.347811] chnl_net:caif_netlink_parms(): no params data found [ 50.356549] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.366865] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.373214] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.380134] device bridge_slave_0 entered promiscuous mode [ 50.386913] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.394110] team0: Port device team_slave_0 added [ 50.403033] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.410424] team0: Port device team_slave_1 added [ 50.415670] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.422481] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.433537] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.448623] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.456035] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.463011] device bridge_slave_1 entered promiscuous mode [ 50.469802] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.477081] team0: Port device team_slave_0 added [ 50.482768] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.490308] team0: Port device team_slave_1 added [ 50.500119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.510278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.566629] device hsr_slave_0 entered promiscuous mode [ 50.604391] device hsr_slave_1 entered promiscuous mode [ 50.657493] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.664941] team0: Port device team_slave_0 added [ 50.672738] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.680812] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.691360] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.703190] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.710375] team0: Port device team_slave_1 added [ 50.720385] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.728021] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.775599] device hsr_slave_0 entered promiscuous mode [ 50.814366] device hsr_slave_1 entered promiscuous mode [ 50.854847] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.862133] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.873887] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.891295] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.900953] team0: Port device team_slave_0 added [ 50.907867] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.915683] team0: Port device team_slave_1 added [ 50.920812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.933397] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.940020] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.947158] device bridge_slave_0 entered promiscuous mode [ 50.953784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.971495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.984707] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.991101] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.998843] device bridge_slave_1 entered promiscuous mode [ 51.045663] device hsr_slave_0 entered promiscuous mode [ 51.084358] device hsr_slave_1 entered promiscuous mode [ 51.144942] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.152054] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.181082] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.191168] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.236642] device hsr_slave_0 entered promiscuous mode [ 51.274750] device hsr_slave_1 entered promiscuous mode [ 51.315391] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.323536] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.330813] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.346125] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.381096] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.397151] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.409908] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.417265] team0: Port device team_slave_0 added [ 51.422894] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.430525] team0: Port device team_slave_1 added [ 51.444875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.460346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.468357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.479718] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.493112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.508307] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.518045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.530040] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.547661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.555901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.586791] device hsr_slave_0 entered promiscuous mode [ 51.624520] device hsr_slave_1 entered promiscuous mode [ 51.668054] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.677766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.685846] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.691927] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.698351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.705911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.713238] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.723793] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.730400] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.739985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.753244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.760755] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.769350] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.776016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.783887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.791603] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.798072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.805840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.813533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.821503] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.827881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.834719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.841503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.848832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.857000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.864857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.871631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.882881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.893485] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.902259] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.909269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.919586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.927614] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.933943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.940796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.948912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.959518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.968432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.977453] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.987267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.995314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.003045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.011050] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.017429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.024532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.032081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.039063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.046524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.055063] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.062495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.073495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.082005] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.090418] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.097869] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.103935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.111772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.120120] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.127620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.139593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.147436] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.153764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.162620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.178495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.187815] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.196471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.203450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.210996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.218013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.226812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.234421] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.240804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.248196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.256428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.273895] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.281926] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.288766] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.296908] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.304807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.311924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.319772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.327608] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.333945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.340747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.348868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.356657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.364299] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.370630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.377575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.385430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.392905] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.399283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.407060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.414877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.421930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.429597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.437889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.449416] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.458619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.468190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.477162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.485769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.493384] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.501252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.509130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.517315] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.523664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.530702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.538215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.545848] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.555119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.565847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.573511] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.584622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.595434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.604420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.611892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.620573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.628148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.636258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.643844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.651990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.659885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.667581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.675193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.682787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.690315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.698193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.705882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.714152] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.722408] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.732652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.743938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.753526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.764044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.771846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.779728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.787633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.795130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.802710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.810590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.818407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.831089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.840013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.849788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.860365] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.867334] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.874751] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.881536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.889321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.896887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.904382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.911714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.919470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.928212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.937668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.945314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.954675] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.960730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.969738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.977460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.986513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.994293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.006538] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.012585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.022420] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.029901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.039179] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.048313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.058423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.066798] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.074195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.080850] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.088364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.096077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.106400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.119676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.127576] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.137163] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.145826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.152567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.160308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.167945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.174910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.181666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.189702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.198408] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.206110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.218584] audit: type=1400 audit(1577662653.557:40): avc: denied { associate } for pid=7154 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 53.226731] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.256786] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.262865] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.270697] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.278692] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.293082] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.299824] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.309096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.316311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.322999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.335953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.348392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.371453] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.398078] audit: type=1400 audit(1577662653.737:41): avc: denied { write } for pid=7174 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.408884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.433644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.443681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.457837] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.458319] audit: type=1400 audit(1577662653.797:42): avc: denied { read } for pid=7174 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.464263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.469410] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.509766] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.518407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.537812] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.543849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.559436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.576333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.586703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.595657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.603336] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.609731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.619620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.644284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.668649] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.682023] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.697154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.708341] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.725352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.736419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.755519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.764676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.772384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.802513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.817210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.827193] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.838328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.847049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.862488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.885713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.893238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.948198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.959854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.978123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.991095] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.998772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.021496] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 54.035970] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.042350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 54.050476] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 54.069747] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/12/29 23:37:34 executed programs: 21 2019/12/29 23:37:39 executed programs: 169 2019/12/29 23:37:44 executed programs: 319 2019/12/29 23:37:49 executed programs: 466 2019/12/29 23:37:54 executed programs: 615 [ 75.062152] [ 75.063797] ===================================== [ 75.068661] WARNING: bad unlock balance detected! [ 75.073484] 4.19.91-syzkaller #0 Not tainted [ 75.078561] ------------------------------------- [ 75.083380] syz-executor.5/14346 is trying to release lock (&file->mut) at: [ 75.090479] [] ucma_destroy_id+0x240/0x400 [ 75.096267] but there are no more locks to release! [ 75.101265] [ 75.101265] other info that might help us debug this: [ 75.107918] 1 lock held by syz-executor.5/14346: [ 75.112649] #0: 0000000070a9d74f (&file->mut){+.+.}, at: ucma_destroy_id+0x1e0/0x400 [ 75.120614] [ 75.120614] stack backtrace: [ 75.125100] CPU: 0 PID: 14346 Comm: syz-executor.5 Not tainted 4.19.91-syzkaller #0 [ 75.132919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.142255] Call Trace: [ 75.144828] dump_stack+0x123/0x177 [ 75.148124] kobject: 'loop2' (00000000f3e63f51): kobject_uevent_env [ 75.148467] ? ucma_destroy_id+0x240/0x400 [ 75.159091] print_unlock_imbalance_bug.cold.50+0x114/0x123 [ 75.159357] kobject: 'loop2' (00000000f3e63f51): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 75.164799] lock_release+0x685/0x850 [ 75.164806] ? ucma_destroy_id+0x240/0x400 [ 75.164809] ? lock_downgrade+0x860/0x860 [ 75.164813] ? mutex_trylock+0x1e0/0x1e0 [ 75.164818] __mutex_unlock_slowpath+0x8e/0x6a0 [ 75.164823] ? wait_for_completion+0x460/0x460 [ 75.164828] mutex_unlock+0xd/0x10 [ 75.164831] ucma_destroy_id+0x240/0x400 [ 75.164835] ? ucma_close+0x2e0/0x2e0 [ 75.164842] ? kasan_check_write+0x14/0x20 [ 75.164846] ucma_write+0x203/0x2d0 [ 75.164849] ? ucma_open+0x260/0x260 [ 75.164852] ? find_held_lock+0x36/0x1d0 [ 75.164858] __vfs_write+0xe3/0x890 [ 75.164862] ? kernel_read+0x130/0x130 [ 75.164868] ? __might_sleep+0x95/0x190 [ 75.164874] ? __inode_security_revalidate+0x9d/0xc0 [ 75.164878] ? selinux_file_permission+0x326/0x3f0 [ 75.164884] ? security_file_permission+0x46/0x190 [ 75.164887] ? rw_verify_area+0xb8/0x2b0 [ 75.164893] vfs_write+0x150/0x4d0 [ 75.260684] ksys_write+0x103/0x260 [ 75.267332] ? __ia32_sys_read+0xa0/0xa0 [ 75.271560] ? do_syscall_64+0x21/0x4e0 [ 75.275532] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.280886] __x64_sys_write+0x6e/0xb0 [ 75.284756] do_syscall_64+0xd0/0x4e0 [ 75.288574] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.293764] RIP: 0033:0x45a679 [ 75.296974] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 75.300263] kobject: 'loop0' (00000000ea81aeed): kobject_uevent_env [ 75.315869] RSP: 002b:00007f1f73b56c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.315875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 75.315877] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 75.315878] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 75.315880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f73b576d4 [ 75.315882] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 75.324238] ================================================================== [ 75.334217] kobject: 'loop0' (00000000ea81aeed): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 75.337305] BUG: KASAN: use-after-free in ucma_destroy_id+0x3ce/0x400 [ 75.347317] kobject: 'loop1' (00000000ef44d078): kobject_uevent_env [ 75.351837] Read of size 8 at addr ffff8880a45ab0e8 by task syz-executor.5/14346 [ 75.364582] kobject: 'loop1' (00000000ef44d078): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 75.366368] [ 75.374750] kobject: 'loop4' (00000000315f64f1): kobject_uevent_env [ 75.383327] CPU: 0 PID: 14346 Comm: syz-executor.5 Not tainted 4.19.91-syzkaller #0 [ 75.383330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.383332] Call Trace: [ 75.383341] dump_stack+0x123/0x177 [ 75.383349] print_address_description.cold.8+0x9/0x1ff [ 75.383354] kasan_report.cold.9+0x242/0x309 [ 75.383362] ? ucma_destroy_id+0x3ce/0x400 [ 75.390915] kobject: 'loop4' (00000000315f64f1): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 75.396325] __asan_report_load8_noabort+0x14/0x20 [ 75.396331] ucma_destroy_id+0x3ce/0x400 [ 75.396335] ? ucma_close+0x2e0/0x2e0 [ 75.396372] ? kasan_check_write+0x14/0x20 [ 75.485718] ucma_write+0x203/0x2d0 [ 75.489338] ? ucma_open+0x260/0x260 [ 75.493041] ? find_held_lock+0x36/0x1d0 [ 75.497108] __vfs_write+0xe3/0x890 [ 75.500717] ? kernel_read+0x130/0x130 [ 75.504585] ? __might_sleep+0x95/0x190 [ 75.508547] ? __inode_security_revalidate+0x9d/0xc0 [ 75.513640] ? selinux_file_permission+0x326/0x3f0 [ 75.518627] ? security_file_permission+0x46/0x190 [ 75.523584] ? rw_verify_area+0xb8/0x2b0 [ 75.527628] vfs_write+0x150/0x4d0 [ 75.531150] ksys_write+0x103/0x260 [ 75.534761] ? __ia32_sys_read+0xa0/0xa0 [ 75.538808] ? do_syscall_64+0x21/0x4e0 [ 75.542765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.548571] __x64_sys_write+0x6e/0xb0 [ 75.552447] do_syscall_64+0xd0/0x4e0 [ 75.556250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.561623] RIP: 0033:0x45a679 [ 75.564834] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 75.583899] RSP: 002b:00007f1f73b56c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.591602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 75.598864] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 75.606121] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 75.613371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f73b576d4 [ 75.620621] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 75.627887] [ 75.629500] Allocated by task 14346: [ 75.633202] save_stack+0x43/0xd0 [ 75.636648] kasan_kmalloc+0xc7/0xe0 [ 75.640358] kmem_cache_alloc_trace+0x152/0x740 [ 75.645015] ucma_alloc_ctx+0x4c/0x490 [ 75.648883] ucma_create_id+0xeb/0x560 [ 75.652308] kobject: 'loop1' (00000000ef44d078): kobject_uevent_env [ 75.652757] ucma_write+0x203/0x2d0 [ 75.652762] __vfs_write+0xe3/0x890 [ 75.652767] vfs_write+0x150/0x4d0 [ 75.663026] kobject: 'loop1' (00000000ef44d078): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 75.666371] ksys_write+0x103/0x260 [ 75.666375] __x64_sys_write+0x6e/0xb0 [ 75.666380] do_syscall_64+0xd0/0x4e0 [ 75.666387] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.666389] [ 75.666391] Freed by task 14309: [ 75.666397] save_stack+0x43/0xd0 [ 75.666400] __kasan_slab_free+0x102/0x150 [ 75.666404] kasan_slab_free+0xe/0x10 [ 75.712235] kfree+0xcf/0x220 [ 75.715329] ucma_free_ctx+0x750/0xcd0 [ 75.719194] ucma_close+0x109/0x2e0 [ 75.722805] __fput+0x249/0x7f0 [ 75.726064] ____fput+0x9/0x10 [ 75.728556] kobject: 'loop4' (00000000315f64f1): kobject_uevent_env [ 75.729249] task_work_run+0x108/0x180 [ 75.738567] kobject: 'loop4' (00000000315f64f1): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 75.739503] exit_to_usermode_loop+0x1a9/0x200 [ 75.739507] do_syscall_64+0x413/0x4e0 [ 75.739514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.739516] [ 75.739521] The buggy address belongs to the object at ffff8880a45ab080 [ 75.739521] which belongs to the cache kmalloc-256 of size 256 [ 75.776850] The buggy address is located 104 bytes inside of [ 75.776850] 256-byte region [ffff8880a45ab080, ffff8880a45ab180) [ 75.788726] The buggy address belongs to the page: [ 75.793649] page:ffffea0002916ac0 count:1 mapcount:0 mapping:ffff88812c31c7c0 index:0xffff8880a45ab1c0 [ 75.798226] kobject: 'loop1' (00000000ef44d078): kobject_uevent_env [ 75.803076] flags: 0xfffe0000000100(slab) [ 75.803082] raw: 00fffe0000000100 ffffea0002952588 ffffea0002487448 ffff88812c31c7c0 [ 75.816077] kobject: 'loop1' (00000000ef44d078): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 75.821518] raw: ffff8880a45ab1c0 ffff8880a45ab080 000000010000000b 0000000000000000 [ 75.821521] page dumped because: kasan: bad access detected [ 75.821523] [ 75.821524] Memory state around the buggy address: [ 75.821528] ffff8880a45aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.821531] ffff8880a45ab000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.821534] >ffff8880a45ab080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.821536] ^ [ 75.821541] ffff8880a45ab100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.887179] ffff8880a45ab180: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 75.894530] ================================================================== [ 75.904544] kobject: 'loop2' (00000000f3e63f51): kobject_uevent_env [ 75.908440] Kernel panic - not syncing: panic_on_warn set ... [ 75.908440] [ 75.911003] kobject: 'loop2' (00000000f3e63f51): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 75.918460] CPU: 0 PID: 14346 Comm: syz-executor.5 Tainted: G B 4.19.91-syzkaller #0 [ 75.918463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.918466] Call Trace: [ 75.918478] dump_stack+0x123/0x177 [ 75.918486] panic+0x1cd/0x375 [ 75.918490] ? __warn_printk+0xd6/0xd6 [ 75.918496] ? ___preempt_schedule+0x16/0x18 [ 75.918504] kasan_end_report+0x47/0x4f [ 75.918508] kasan_report.cold.9+0x76/0x309 [ 75.918514] ? ucma_destroy_id+0x3ce/0x400 [ 75.918522] __asan_report_load8_noabort+0x14/0x20 [ 75.933537] kobject: 'loop3' (00000000784fb03a): kobject_uevent_env [ 75.937220] ucma_destroy_id+0x3ce/0x400 [ 75.937225] ? ucma_close+0x2e0/0x2e0 [ 75.937235] ? kasan_check_write+0x14/0x20 [ 75.937239] ucma_write+0x203/0x2d0 [ 75.937243] ? ucma_open+0x260/0x260 [ 75.937248] ? find_held_lock+0x36/0x1d0 [ 75.937255] __vfs_write+0xe3/0x890 [ 75.937260] ? kernel_read+0x130/0x130 [ 75.937266] ? __might_sleep+0x95/0x190 [ 75.937274] ? __inode_security_revalidate+0x9d/0xc0 [ 75.937279] ? selinux_file_permission+0x326/0x3f0 [ 75.937292] ? security_file_permission+0x46/0x190 [ 75.937296] ? rw_verify_area+0xb8/0x2b0 [ 75.937302] vfs_write+0x150/0x4d0 [ 75.937307] ksys_write+0x103/0x260 [ 75.937311] ? __ia32_sys_read+0xa0/0xa0 [ 75.937318] ? do_syscall_64+0x21/0x4e0 [ 75.937324] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.937330] __x64_sys_write+0x6e/0xb0 [ 75.937334] do_syscall_64+0xd0/0x4e0 [ 75.937340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.937349] RIP: 0033:0x45a679 [ 75.937354] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 75.937356] RSP: 002b:00007f1f73b56c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.937361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 75.937364] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 75.937366] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 75.937368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f73b576d4 [ 75.937371] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 75.938675] Kernel Offset: disabled [ 76.149861] Rebooting in 86400 seconds..