[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 28.192890] [ 28.194528] ===================================== [ 28.199339] WARNING: bad unlock balance detected! [ 28.204157] 4.14.292-syzkaller #0 Not tainted [ 28.208620] ------------------------------------- [ 28.213435] syz-executor956/8126 is trying to release lock (&file->mut) at: [ 28.220621] [] ucma_destroy_id+0x1eb/0x420 [ 28.226387] but there are no more locks to release! [ 28.231378] [ 28.231378] other info that might help us debug this: [ 28.238018] 1 lock held by syz-executor956/8126: [ 28.242742] #0: (&file->mut){+.+.}, at: [] ucma_destroy_id+0x18c/0x420 [ 28.251130] [ 28.251130] stack backtrace: [ 28.255624] CPU: 1 PID: 8126 Comm: syz-executor956 Not tainted 4.14.292-syzkaller #0 [ 28.263477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 28.272806] Call Trace: [ 28.275373] dump_stack+0x1b2/0x281 [ 28.278985] ? ucma_destroy_id+0x1eb/0x420 [ 28.283197] lock_release.cold+0x70/0xbf [ 28.287248] ? lock_downgrade+0x740/0x740 [ 28.291374] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.296799] __mutex_unlock_slowpath+0x75/0x770 [ 28.301442] ? radix_tree_lookup+0x20/0x20 [ 28.305649] ? __radix_tree_lookup+0x1b5/0x2e0 [ 28.310205] ? wait_for_completion_io+0x10/0x10 [ 28.314858] ucma_destroy_id+0x1eb/0x420 [ 28.318893] ? ucma_join_ip_multicast+0x180/0x180 [ 28.323713] ? __might_fault+0x177/0x1b0 [ 28.327755] ? _copy_from_user+0x96/0x100 [ 28.331876] ? ucma_join_ip_multicast+0x180/0x180 [ 28.336690] ucma_write+0x206/0x2c0 [ 28.340290] ? ucma_set_ib_path+0x510/0x510 [ 28.344588] __vfs_write+0xe4/0x630 [ 28.348187] ? ucma_set_ib_path+0x510/0x510 [ 28.352486] ? kernel_read+0x110/0x110 [ 28.356360] ? common_file_perm+0x3ee/0x580 [ 28.360657] ? security_file_permission+0x82/0x1e0 [ 28.365559] ? rw_verify_area+0xe1/0x2a0 [ 28.369591] vfs_write+0x17f/0x4d0 [ 28.373112] SyS_write+0xf2/0x210 [ 28.376548] ? SyS_read+0x210/0x210 [ 28.380168] ? do_syscall_64+0x4c/0x640 [ 28.384131] ? SyS_read+0x210/0x210 [ 28.387736] do_syscall_64+0x1d5/0x640 [ 28.391605] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.396771] RIP: 0033:0x7f45d87c9a69 [ 28.400457] RSP: 002b:00007f45d875a308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.408138] RAX: ffffffffffffffda RBX: 00007f45d8851418 RCX: 00007f45d87c9a69 [ 28.415405] RDX: 0000000000000018 RSI: 0000000020000180 RDI: 0000000000000003 [ 28.422657] RBP: 00007f45d8851410 R08: 00007f45d875a700 R09: 0000000000000000 [ 28.429907] R10: 00007f45d875a700 R11: 0000000000000246 R12: 00007f45d885141c [ 28.437155] R13: 00007f45d881f074 R14: 006d635f616d6472 R15: 0000000000022000