[ 38.820859] IPVS: ftp: loaded support on port[0] = 21 [ 39.978573] can: request_module (can-proto-0) failed. [ 39.988114] can: request_module (can-proto-0) failed. [ 39.997074] can: request_module (can-proto-0) failed. [ 40.153033] audit: type=1400 audit(1580255043.699:38): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 40.176859] audit: type=1400 audit(1580255043.699:39): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 40.200543] audit: type=1400 audit(1580255043.699:40): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 40.362610] random: sshd: uninitialized urandom read (32 bytes read) [ 41.180729] random: sshd: uninitialized urandom read (32 bytes read) [ 41.377324] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. 2020/01/28 23:44:10 parsed 1 programs 2020/01/28 23:44:10 executed programs: 0 [ 47.580922] IPVS: ftp: loaded support on port[0] = 21 [ 48.336405] IPVS: ftp: loaded support on port[0] = 21 [ 48.380909] chnl_net:caif_netlink_parms(): no params data found [ 48.448478] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.455706] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.456635] IPVS: ftp: loaded support on port[0] = 21 [ 48.462986] device bridge_slave_0 entered promiscuous mode [ 48.476656] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.483073] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.490188] device bridge_slave_1 entered promiscuous mode [ 48.496487] chnl_net:caif_netlink_parms(): no params data found [ 48.522807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.533018] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.557399] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.564537] team0: Port device team_slave_0 added [ 48.573945] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.581374] team0: Port device team_slave_1 added [ 48.588348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.601772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.614547] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.621101] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.628034] device bridge_slave_0 entered promiscuous mode [ 48.645866] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.652672] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.659850] device bridge_slave_1 entered promiscuous mode [ 48.673606] IPVS: ftp: loaded support on port[0] = 21 [ 48.722108] device hsr_slave_0 entered promiscuous mode [ 48.780375] device hsr_slave_1 entered promiscuous mode [ 48.850938] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.865100] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.876650] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.884958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.913848] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.921001] team0: Port device team_slave_0 added [ 48.941166] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.948288] team0: Port device team_slave_1 added [ 48.955888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.987371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.998522] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.005015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.012006] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.018388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.035153] chnl_net:caif_netlink_parms(): no params data found [ 49.048922] IPVS: ftp: loaded support on port[0] = 21 [ 49.092549] device hsr_slave_0 entered promiscuous mode [ 49.140311] device hsr_slave_1 entered promiscuous mode [ 49.212375] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.235674] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.305276] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.311868] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.318994] device bridge_slave_0 entered promiscuous mode [ 49.327741] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.334505] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.341914] device bridge_slave_1 entered promiscuous mode [ 49.348177] chnl_net:caif_netlink_parms(): no params data found [ 49.357157] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.363542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.370231] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.376655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.404780] IPVS: ftp: loaded support on port[0] = 21 [ 49.428673] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.443817] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.449911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.468585] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.476021] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.483948] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.491758] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.498452] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.506756] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.518412] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.595237] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.602221] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.609444] team0: Port device team_slave_0 added [ 49.615478] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.624048] team0: Port device team_slave_1 added [ 49.647444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.654382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.661964] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.668315] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.675451] device bridge_slave_0 entered promiscuous mode [ 49.682047] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.698150] chnl_net:caif_netlink_parms(): no params data found [ 49.707697] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.716331] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.723320] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.730239] device bridge_slave_1 entered promiscuous mode [ 49.743580] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.749670] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.786253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.796187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.804853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.815382] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.863112] device hsr_slave_0 entered promiscuous mode [ 49.900315] device hsr_slave_1 entered promiscuous mode [ 49.942090] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.957635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.965508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.973505] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.979973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.990263] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.004403] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.012647] team0: Port device team_slave_0 added [ 50.018190] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.027142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.036672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.045043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.052888] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.059237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.072234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.079760] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.087262] team0: Port device team_slave_1 added [ 50.139036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.148710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.156246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.164845] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.174164] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.180949] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.187853] device bridge_slave_0 entered promiscuous mode [ 50.194443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.202268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.209070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.219331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.226714] chnl_net:caif_netlink_parms(): no params data found [ 50.236245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.249175] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.256644] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.263700] device bridge_slave_1 entered promiscuous mode [ 50.270156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.277905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.285658] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.293294] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.305307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.313423] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.319504] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.373475] device hsr_slave_0 entered promiscuous mode [ 50.410299] device hsr_slave_1 entered promiscuous mode [ 50.455183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.463079] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.473688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.482632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.494774] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.504262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.511961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.519597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.527676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.535427] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.541828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.551475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.563310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.571853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.591192] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.598416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.606436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.614055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.622085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.629729] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.636127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.643522] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.649552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.664122] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.678317] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.685005] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.694152] device bridge_slave_0 entered promiscuous mode [ 50.701225] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.707599] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.714875] device bridge_slave_1 entered promiscuous mode [ 50.727220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.734908] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 50.749918] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.764212] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.772334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.782514] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.789202] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.798409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.813753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.825437] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.834519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.842485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.850135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.857859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.866809] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.874432] team0: Port device team_slave_0 added [ 50.880451] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.887536] team0: Port device team_slave_1 added [ 50.902798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.912890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.919915] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.932795] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.939889] team0: Port device team_slave_0 added [ 50.948974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.956131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.965279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.972953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.980832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.991975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.001291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.008878] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.016643] team0: Port device team_slave_1 added [ 51.022783] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.032128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.039702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.102846] device hsr_slave_0 entered promiscuous mode [ 51.151290] device hsr_slave_1 entered promiscuous mode [ 51.190981] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.197031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.206236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.214060] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.226484] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.247152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.255827] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.284032] device hsr_slave_0 entered promiscuous mode [ 51.310308] device hsr_slave_1 entered promiscuous mode [ 51.352285] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.365658] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.373450] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 51.381512] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.388930] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.396179] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.409649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.417569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.426456] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.441168] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.447276] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.463022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.470510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.477677] audit: type=1400 audit(1580255055.019:41): avc: denied { write } for pid=7125 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 51.502105] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.503170] audit: type=1400 audit(1580255055.019:42): avc: denied { read } for pid=7125 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 51.508820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.543899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.551676] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.558033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.567305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.578542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.592719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.602600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.615375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.623950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.631874] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.638252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.658541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.675457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.704101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.723470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.731400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.741581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.751780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.769056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.777802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.787002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.796023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.809994] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.823172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.832712] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.841360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.848910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.858763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.873388] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.891662] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.899493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.910224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.917584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.925246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.934284] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.947198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.955570] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.971239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.988402] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.996606] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.014505] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.030960] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.040688] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.049056] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.056230] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.064021] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.073229] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.079488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.090097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.097710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.111366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.121111] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.128179] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.140533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.148607] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.158769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.168557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.175907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.184352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.192093] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.198442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.205551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.213465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.221209] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.227534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.234511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.242565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.250111] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.256570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.263586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.271661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.279186] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.285553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.293733] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.299801] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.308763] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.319308] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.327172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.334270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.341424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.348926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.358625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.368744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.377816] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.386908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.396735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.404593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.412989] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.419379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.426386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.436136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.445543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.457114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.465460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.473507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.482414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.489906] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.496258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.503294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.511105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.518745] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.529175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.538097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.546599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.556833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.565015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.573623] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.583549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.592620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.602544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.611568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.619108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.626792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.637525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.646589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.655939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.663107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.671381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.678817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.686678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.694315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.703729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.716914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.724901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.746173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.755023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.763048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.773582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.781387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.788852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 2020/01/28 23:44:16 executed programs: 14 [ 52.799171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.808763] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.818402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.827740] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.839157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.847116] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.856168] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.864201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.875777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.887415] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.894660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.902599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.914521] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.926018] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.933230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.939939] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.946939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.954466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.964258] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.973842] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.981778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.988646] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.997374] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.004059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.014977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.023959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.045573] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.060917] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.067255] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.074783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.086444] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/01/28 23:44:21 executed programs: 124 2020/01/28 23:44:26 executed programs: 281 2020/01/28 23:44:31 executed programs: 434 2020/01/28 23:44:36 executed programs: 587 2020/01/28 23:44:41 executed programs: 737 2020/01/28 23:44:46 executed programs: 892 2020/01/28 23:44:51 executed programs: 1045 2020/01/28 23:44:56 executed programs: 1203 [ 97.622838] [ 97.624608] ===================================== [ 97.629435] WARNING: bad unlock balance detected! [ 97.634260] 4.14.168-syzkaller #0 Not tainted [ 97.638824] ------------------------------------- [ 97.643652] syz-executor.4/22292 is trying to release lock (&file->mut) at: [ 97.650744] [] ucma_destroy_id+0x236/0x400 [ 97.656526] but there are no more locks to release! [ 97.661529] [ 97.661529] other info that might help us debug this: [ 97.668185] 1 lock held by syz-executor.4/22292: [ 97.672934] #0: (&file->mut){+.+.}, at: [] ucma_destroy_id+0x1d3/0x400 [ 97.681518] [ 97.681518] stack backtrace: [ 97.686018] CPU: 1 PID: 22292 Comm: syz-executor.4 Not tainted 4.14.168-syzkaller #0 [ 97.693883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.703516] Call Trace: [ 97.706130] dump_stack+0xf7/0x13b [ 97.709801] ? ucma_destroy_id+0x236/0x400 [ 97.714033] print_unlock_imbalance_bug.cold.62+0x114/0x123 [ 97.719746] lock_release+0x623/0x830 [ 97.723536] ? ucma_destroy_id+0x236/0x400 [ 97.727770] ? lock_downgrade+0x7f0/0x7f0 [ 97.731917] __mutex_unlock_slowpath+0x7d/0x7e0 [ 97.736585] ? wait_for_completion+0x440/0x440 [ 97.741293] mutex_unlock+0xd/0x10 [ 97.744818] ucma_destroy_id+0x236/0x400 [ 97.748885] ? ucma_close+0x2e0/0x2e0 [ 97.752766] ? kasan_check_write+0x14/0x20 [ 97.756991] ucma_write+0x1f1/0x2c0 [ 97.760620] ? ucma_open+0x260/0x260 [ 97.764340] ? trace_hardirqs_off+0x10/0x10 [ 97.768666] __vfs_write+0xdb/0x840 [ 97.772295] ? kernel_read+0x130/0x130 [ 97.776194] ? __might_sleep+0x93/0xb0 [ 97.780080] ? __inode_security_revalidate+0xd3/0x100 [ 97.785275] ? selinux_file_permission+0x31f/0x3e0 [ 97.790209] ? security_file_permission+0x6e/0x1c0 [ 97.795144] ? rw_verify_area+0xb8/0x2b0 [ 97.799220] vfs_write+0x150/0x4f0 [ 97.802848] SyS_write+0x100/0x250 [ 97.806468] ? SyS_read+0x250/0x250 [ 97.810140] ? do_syscall_64+0x4c/0x5b0 [ 97.814134] ? SyS_read+0x250/0x250 [ 97.817759] do_syscall_64+0x1c7/0x5b0 [ 97.821638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 97.826466] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 97.831643] RIP: 0033:0x45a679 [ 97.834828] RSP: 002b:00007f2d2d9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 97.842534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 97.849803] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 97.857272] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 97.864534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d2d9d16d4 [ 97.871806] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 97.882452] ================================================================== [ 97.889853] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x6c7/0x7e0 [ 97.897284] Read of size 8 at addr ffff8880a8dd2780 by task syz-executor.4/22292 [ 97.904929] [ 97.906562] CPU: 1 PID: 22292 Comm: syz-executor.4 Not tainted 4.14.168-syzkaller #0 [ 97.914629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.923978] Call Trace: [ 97.926628] dump_stack+0xf7/0x13b [ 97.930170] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 97.935106] print_address_description.cold.7+0x9/0x1c9 [ 97.940486] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 97.945421] kasan_report.cold.8+0x11a/0x2d3 [ 97.949829] __asan_report_load8_noabort+0x14/0x20 [ 97.954803] __mutex_unlock_slowpath+0x6c7/0x7e0 [ 97.959557] ? wait_for_completion+0x440/0x440 [ 97.964142] mutex_unlock+0xd/0x10 [ 97.967681] ucma_destroy_id+0x236/0x400 [ 97.971759] ? ucma_close+0x2e0/0x2e0 [ 97.975555] ? kasan_check_write+0x14/0x20 [ 97.979833] ucma_write+0x1f1/0x2c0 [ 97.983448] ? ucma_open+0x260/0x260 [ 97.987159] ? trace_hardirqs_off+0x10/0x10 [ 97.991483] __vfs_write+0xdb/0x840 [ 97.995119] ? kernel_read+0x130/0x130 [ 97.999005] ? __might_sleep+0x93/0xb0 [ 98.002900] ? __inode_security_revalidate+0xd3/0x100 [ 98.008090] ? selinux_file_permission+0x31f/0x3e0 [ 98.013013] ? security_file_permission+0x6e/0x1c0 [ 98.017935] ? rw_verify_area+0xb8/0x2b0 [ 98.021993] vfs_write+0x150/0x4f0 [ 98.025523] SyS_write+0x100/0x250 [ 98.029059] ? SyS_read+0x250/0x250 [ 98.032686] ? do_syscall_64+0x4c/0x5b0 [ 98.036697] ? SyS_read+0x250/0x250 [ 98.040324] do_syscall_64+0x1c7/0x5b0 [ 98.044280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.049127] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 98.054320] RIP: 0033:0x45a679 [ 98.057506] RSP: 002b:00007f2d2d9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 98.065295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 98.072920] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 98.080225] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 98.087492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d2d9d16d4 [ 98.094765] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 98.102043] [ 98.103654] Allocated by task 22323: [ 98.107357] save_stack_trace+0x16/0x20 [ 98.111315] save_stack+0x43/0xd0 [ 98.114763] kasan_kmalloc+0xc7/0xe0 [ 98.118462] kmem_cache_alloc_trace+0x152/0x7a0 [ 98.123118] ucma_open+0x4d/0x260 [ 98.126593] misc_open+0x31b/0x4d0 [ 98.130170] chrdev_open+0x1e9/0x5b0 [ 98.133921] do_dentry_open+0x620/0xdb0 [ 98.137886] vfs_open+0xfc/0x240 [ 98.141232] path_openat+0xe6d/0x3b50 [ 98.145054] do_filp_open+0x16b/0x220 [ 98.148847] do_sys_open+0x1c2/0x340 [ 98.152545] SyS_openat+0xf/0x20 [ 98.156003] do_syscall_64+0x1c7/0x5b0 [ 98.159880] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 98.165103] [ 98.166747] Freed by task 22274: [ 98.170103] save_stack_trace+0x16/0x20 [ 98.174068] save_stack+0x43/0xd0 [ 98.177512] kasan_slab_free+0x71/0xc0 [ 98.181385] kfree+0xcc/0x270 [ 98.184491] ucma_close+0x246/0x2e0 [ 98.188134] __fput+0x232/0x750 [ 98.191513] ____fput+0x9/0x10 [ 98.194684] task_work_run+0xe5/0x170 [ 98.198463] exit_to_usermode_loop+0x16a/0x1b0 [ 98.203031] do_syscall_64+0x416/0x5b0 [ 98.206896] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 98.212063] [ 98.213678] The buggy address belongs to the object at ffff8880a8dd2780 [ 98.213678] which belongs to the cache kmalloc-256 of size 256 [ 98.226336] The buggy address is located 0 bytes inside of [ 98.226336] 256-byte region [ffff8880a8dd2780, ffff8880a8dd2880) [ 98.238193] The buggy address belongs to the page: [ 98.243119] page:ffffea0002a37480 count:1 mapcount:0 mapping:ffff8880a8dd2000 index:0x0 [ 98.251293] flags: 0xfffe0000000100(slab) [ 98.255480] raw: 00fffe0000000100 ffff8880a8dd2000 0000000000000000 000000010000000c [ 98.263359] raw: ffffea0002a5f620 ffffea00025bfea0 ffff8880aa8007c0 0000000000000000 [ 98.271461] page dumped because: kasan: bad access detected [ 98.277147] [ 98.278750] Memory state around the buggy address: [ 98.283660] ffff8880a8dd2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 98.291044] ffff8880a8dd2700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 98.298395] >ffff8880a8dd2780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.305831] ^ [ 98.309244] ffff8880a8dd2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.316600] ffff8880a8dd2880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 98.323950] ================================================================== [ 98.331626] Kernel panic - not syncing: panic_on_warn set ... [ 98.331626] [ 98.339068] CPU: 1 PID: 22292 Comm: syz-executor.4 Tainted: G B 4.14.168-syzkaller #0 [ 98.348201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.357543] Call Trace: [ 98.360238] dump_stack+0xf7/0x13b [ 98.363825] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 98.368732] panic+0x1b0/0x358 [ 98.371913] ? add_taint.cold.5+0x11/0x11 [ 98.376096] ? ___preempt_schedule+0x16/0x18 [ 98.380545] ? __mutex_unlock_slowpath+0x6c7/0x7e0 [ 98.385488] kasan_end_report+0x47/0x4f [ 98.389480] kasan_report.cold.8+0x76/0x2d3 [ 98.393789] __asan_report_load8_noabort+0x14/0x20 [ 98.398730] __mutex_unlock_slowpath+0x6c7/0x7e0 [ 98.403478] ? wait_for_completion+0x440/0x440 [ 98.408048] mutex_unlock+0xd/0x10 [ 98.411572] ucma_destroy_id+0x236/0x400 [ 98.415626] ? ucma_close+0x2e0/0x2e0 [ 98.419479] ? kasan_check_write+0x14/0x20 [ 98.423732] ucma_write+0x1f1/0x2c0 [ 98.427363] ? ucma_open+0x260/0x260 [ 98.431066] ? trace_hardirqs_off+0x10/0x10 [ 98.435383] __vfs_write+0xdb/0x840 [ 98.438996] ? kernel_read+0x130/0x130 [ 98.442920] ? __might_sleep+0x93/0xb0 [ 98.446813] ? __inode_security_revalidate+0xd3/0x100 [ 98.452022] ? selinux_file_permission+0x31f/0x3e0 [ 98.456953] ? security_file_permission+0x6e/0x1c0 [ 98.461875] ? rw_verify_area+0xb8/0x2b0 [ 98.465933] vfs_write+0x150/0x4f0 [ 98.469641] SyS_write+0x100/0x250 [ 98.473170] ? SyS_read+0x250/0x250 [ 98.476803] ? do_syscall_64+0x4c/0x5b0 [ 98.480774] ? SyS_read+0x250/0x250 [ 98.484395] do_syscall_64+0x1c7/0x5b0 [ 98.488273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.493106] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 98.498275] RIP: 0033:0x45a679 [ 98.502432] RSP: 002b:00007f2d2d9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 98.510152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 98.517418] RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003 [ 98.524673] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 98.531978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d2d9d16d4 [ 98.539320] R13: 00000000004d2b20 R14: 00000000004e3ba8 R15: 00000000ffffffff [ 98.548249] Kernel Offset: disabled [ 98.551909] Rebooting in 86400 seconds..