[....] Starting enhanced syslogd: rsyslogd[   15.653381] audit: type=1400 audit(1519116547.409:5): avc:  denied  { syslog } for  pid=3976 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.233691] audit: type=1400 audit(1519116551.989:6): avc:  denied  { map } for  pid=4115 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts.
[   26.524582] audit: type=1400 audit(1519116558.280:7): avc:  denied  { map } for  pid=4129 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/20 08:49:18 parsed 1 programs
2018/02/20 08:49:18 executed programs: 0
[   26.788589] audit: type=1400 audit(1519116558.544:8): avc:  denied  { map } for  pid=4129 comm="syz-execprog" path="/root/syzkaller-shm144233282" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   26.802637] IPVS: ftp: loaded support on port[0] = 21
[   27.025366] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   27.432349] 
[   27.434000] =====================================
[   27.438815] WARNING: bad unlock balance detected!
[   27.443623] 4.16.0-rc1+ #232 Not tainted
[   27.447649] -------------------------------------
[   27.452455] syz-executor0/4136 is trying to release lock (rcu_read_lock_bh) at:
[   27.459876] [<ffffffff8478b78b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   27.466850] but there are no more locks to release!
[   27.471832] 
[   27.471832] other info that might help us debug this:
[   27.478463] 7 locks held by syz-executor0/4136:
[   27.483094]  #0:  (sb_writers#4){.+.+}, at: [<00000000c9d26389>] mnt_want_write+0x3f/0xb0
[   27.491390]  #1:  (&type->i_mutex_dir_key/1){+.+.}, at: [<00000000e78b3d28>] do_rmdir+0x380/0x5f0
[   27.500372]  #2:  (&type->i_mutex_dir_key){++++}, at: [<00000000978153ed>] vfs_rmdir+0xd6/0x410
[   27.509178]  #3:  (jbd2_handle){.+.+}, at: [<0000000028e13203>] start_this_handle+0x488/0x1080
[   27.517898]  #4:  ((&idev->mc_ifc_timer)){+.-.}, at: [<000000009d006bb4>] call_timer_fn+0x1c6/0x820
[   27.527052]  #5:  (rcu_read_lock){....}, at: [<000000007642cac5>] mld_sendpack+0x180/0xe70
[   27.535423]  #6:  (rcu_read_lock){....}, at: [<00000000632df73f>] nf_hook.constprop.37+0x0/0x830
[   27.544317] 
[   27.544317] stack backtrace:
[   27.548784] CPU: 0 PID: 4136 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #232
[   27.556022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.565348] Call Trace:
[   27.567898]  <IRQ>
[   27.570024]  dump_stack+0x194/0x257
[   27.573621]  ? arch_local_irq_restore+0x53/0x53
[   27.578262]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   27.583684]  print_unlock_imbalance_bug+0x12f/0x140
[   27.588668]  lock_release+0x6fe/0xa40
[   27.592435]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   27.597853]  ? lock_downgrade+0x980/0x980
[   27.601969]  ? lock_release+0xa40/0xa40
[   27.605911]  ? __raw_spin_lock_init+0x1c/0x100
[   27.610459]  ? do_raw_spin_trylock+0x190/0x190
[   27.615018]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   27.620262]  ? lock_downgrade+0x980/0x980
[   27.624378]  ? dsthash_find+0x5b0/0x5b0
[   27.628319]  ? __lock_acquire+0x664/0x3e00
[   27.632523]  ? is_bpf_text_address+0x7b/0x120
[   27.636987]  ? lock_downgrade+0x8da/0x980
[   27.641106]  ? rcutorture_record_progress+0x10/0x10
[   27.646091]  ? __kernel_text_address+0xd/0x40
[   27.650556]  ? unwind_get_return_address+0x61/0xa0
[   27.655452]  hashlimit_mt+0x78/0x90
[   27.659048]  ? hashlimit_mt+0x78/0x90
[   27.662818]  ip6t_do_table+0x98d/0x1a30
[   27.666763]  ? kmem_cache_alloc_trace+0x136/0x740
[   27.671572]  ? mld_sendpack+0x617/0xe70
[   27.675516]  ? ip6t_error+0x60/0x60
[   27.679113]  ? check_noncircular+0x20/0x20
[   27.683322]  ? lock_acquire+0x1d5/0x580
[   27.687264]  ? lock_acquire+0x1d5/0x580
[   27.691205]  ? igmp6_mcf_seq_next+0x660/0x660
[   27.695667]  ? lock_release+0xa40/0xa40
[   27.699611]  ip6table_raw_hook+0x65/0x80
[   27.703641]  nf_hook_slow+0xba/0x1a0
[   27.707324]  nf_hook.constprop.37+0x3f6/0x830
[   27.711786]  ? igmp6_mcf_seq_next+0x660/0x660
[   27.716249]  ? trace_hardirqs_on+0xd/0x10
[   27.720369]  ? __local_bh_enable_ip+0x121/0x230
[   27.725008]  ? _raw_spin_unlock_bh+0x30/0x40
[   27.729391]  ? rt6_uncached_list_add+0x1b7/0x240
[   27.734114]  ? rt6_fill_node+0x18b0/0x18b0
[   27.738326]  ? icmp6_dst_alloc+0x475/0x660
[   27.742531]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   27.746819]  ? icmpv6_flow_init+0x1f6/0x270
[   27.751108]  mld_sendpack+0x6c2/0xe70
[   27.754894]  ? nf_hook.constprop.37+0x830/0x830
[   27.759529]  ? mark_held_locks+0xaf/0x100
[   27.763646]  ? trace_hardirqs_on+0xd/0x10
[   27.767763]  ? __local_bh_enable_ip+0x121/0x230
[   27.772399]  mld_ifc_timer_expire+0x3d9/0x770
[   27.776863]  call_timer_fn+0x228/0x820
[   27.780718]  ? mld_dad_timer_expire+0x100/0x100
[   27.785353]  ? process_timeout+0x40/0x40
[   27.789381]  ? __run_timers+0x7e3/0xb70
[   27.793323]  ? lock_downgrade+0x980/0x980
[   27.797448]  ? debug_object_deactivate+0x364/0x560
[   27.802345]  ? lock_release+0xa40/0xa40
[   27.806287]  ? mark_held_locks+0xaf/0x100
[   27.810402]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   27.815382]  ? mld_dad_timer_expire+0x100/0x100
[   27.820024]  ? mld_dad_timer_expire+0x100/0x100
[   27.824660]  __run_timers+0x7ee/0xb70
[   27.828430]  ? trigger_dyntick_cpu.isra.29+0x150/0x150
[   27.833675]  ? timerqueue_add+0x1e9/0x280
[   27.837796]  ? check_noncircular+0x20/0x20
[   27.841998]  ? enqueue_hrtimer+0x177/0x4b0
[   27.846203]  ? lock_release+0xa40/0xa40
[   27.850145]  ? retrigger_next_event+0x1e0/0x1e0
[   27.854785]  ? print_irqtrace_events+0x270/0x270
[   27.859509]  ? check_noncircular+0x20/0x20
[   27.863714]  ? clockevents_program_event+0x163/0x2e0
[   27.868785]  ? lock_downgrade+0x980/0x980
[   27.872900]  ? __lock_is_held+0xb6/0x140
[   27.876929]  run_timer_softirq+0x4c/0x70
[   27.880958]  __do_softirq+0x2d7/0xb85
[   27.884725]  ? ktime_get+0x26f/0x3a0
[   27.888410]  ? __irqentry_text_end+0x1f8ee4/0x1f8ee4
[   27.893478]  ? check_noncircular+0x20/0x20
[   27.897680]  ? native_apic_msr_write+0x5c/0x80
[   27.902230]  ? lapic_next_event+0x54/0x80
[   27.906347]  ? clockevents_program_event+0x108/0x2e0
[   27.911417]  ? tick_program_event+0x83/0x100
[   27.915795]  ? __lock_is_held+0xb6/0x140
[   27.919828]  irq_exit+0x1cc/0x200
[   27.923247]  smp_apic_timer_interrupt+0x16b/0x700
[   27.928054]  ? smp_reschedule_interrupt+0xe6/0x650
[   27.932959]  ? smp_call_function_single_interrupt+0x640/0x640
[   27.938818]  ? _raw_spin_lock+0x32/0x40
[   27.942759]  ? _raw_spin_unlock+0x22/0x30
[   27.946877]  ? handle_edge_irq+0x2b4/0x7c0
[   27.951083]  ? task_prio+0x50/0x50
[   27.954591]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.959406]  apic_timer_interrupt+0xa9/0xb0
[   27.963691]  </IRQ>
[   27.965898] RIP: 0010:__find_get_block+0x27a/0xd90
[   27.970791] RSP: 0018:ffff8801ba66f458 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[   27.978473] RAX: ffff8801b95b2700 RBX: 0000000000000000 RCX: ffffffff81c0e5a3
[   27.985712] RDX: 0000000000000000 RSI: 1ffff100372b6602 RDI: ffff8801b95b2f74
[   27.992954] RBP: ffff8801ba66f5e0 R08: 1ffff100374cde59 R09: 0000000000000000
[   28.000192] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.007432] R13: ffff8801ae2bf498 R14: ffff8801ae2bf498 R15: 0000000000029060
[   28.014682]  ? __find_get_block+0x273/0xd90
[   28.018981]  ? __find_get_block+0x273/0xd90
[   28.023270]  ? try_to_free_buffers+0x590/0x590
[   28.027824]  ? trace_event_raw_event_sched_switch+0x810/0x810
[   28.033675]  ? ext4_orphan_add+0x3f0/0xd20
[   28.037875]  ? check_noncircular+0x20/0x20
[   28.042080]  ? check_noncircular+0x20/0x20
[   28.046281]  ? __might_sleep+0x95/0x190
[   28.050224]  __getblk_gfp+0xd0/0xb80
[   28.053905]  ? __lock_is_held+0xb6/0x140
[   28.057936]  ? __find_get_block+0xd90/0xd90
[   28.062223]  ? trace_event_raw_event_sched_switch+0x810/0x810
[   28.068077]  ? rcu_note_context_switch+0x710/0x710
[   28.072974]  ? map_id_up+0x23b/0x420
[   28.076656]  ? jbd2_journal_dirty_metadata+0x269/0xc90
[   28.081899]  ? __brelse+0xda/0x130
[   28.085406]  ? block_commit_write+0x30/0x30
[   28.089693]  ? __ext4_handle_dirty_metadata+0xdd/0x5d0
[   28.094941]  ? check_noncircular+0x20/0x20
[   28.099145]  ? ext4_get_group_desc+0x1bd/0x2b0
[   28.103692]  ? ext4_mark_iloc_dirty+0x1967/0x2bc0
[   28.108503]  __ext4_get_inode_loc+0x43c/0x12e0
[   28.113052]  ? check_noncircular+0x20/0x20
[   28.117257]  ? other_inode_match+0xb60/0xb60
[   28.121631]  ? __lock_is_held+0xb6/0x140
[   28.125662]  ext4_reserve_inode_write+0xe1/0x230
[   28.130394]  ext4_mark_inode_dirty+0x166/0xa10
[   28.134946]  ? ext4_rmdir+0x95c/0xdc0
[   28.138727]  ? ext4_expand_extra_isize+0x580/0x580
[   28.143631]  ? mark_held_locks+0xaf/0x100
[   28.147750]  ? current_kernel_time64+0x122/0x2f0
[   28.152475]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.157460]  ? trace_hardirqs_on+0xd/0x10
[   28.161574]  ? ktime_get_raw+0x380/0x380
[   28.165605]  ? ext4_generic_delete_entry+0x470/0x470
[   28.170675]  ? timespec_trunc+0x79/0xe0
[   28.174617]  ext4_rmdir+0x95c/0xdc0
[   28.178212]  ? ext4_rename2+0x1f0/0x1f0
[   28.182153]  ? path_has_submounts+0x1a0/0x1a0
[   28.186615]  ? down_write+0x87/0x120
[   28.190305]  ? vfs_rmdir+0xd6/0x410
[   28.193902]  vfs_rmdir+0x216/0x410
[   28.197409]  do_rmdir+0x4c8/0x5f0
[   28.200832]  ? user_path_create+0x40/0x40
[   28.204948]  ? exit_to_usermode_loop+0x198/0x2f0
[   28.209671]  ? fillonedir+0x250/0x250
[   28.213438]  ? do_syscall_64+0xb7/0x940
[   28.217380]  ? SyS_mkdir+0x2a0/0x2a0
[   28.221059]  SyS_rmdir+0x1a/0x20
[   28.224393]  do_syscall_64+0x282/0x940
[   28.228250]  ? __do_page_fault+0xc90/0xc90
[   28.232451]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.237172]  ? syscall_return_slowpath+0x550/0x550
[   28.242068]  ? syscall_return_slowpath+0x2ac/0x550
[   28.246964]  ? prepare_exit_to_usermode+0x350/0x350
[   28.251947]  ? entry_SYSCALL_64_after_hwframe+0x36/0x9b
[   28.257280]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.262092]  entry_SYSCALL_64_after_hwframe+0x26/0x9b
[   28.267247] RIP: 0033:0x453b37
[   28.270404] RSP: 002b:00007ffcf2af3bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000054
[   28.278079] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 0000000000453b37
[   28.285324] RDX: 0000000000000000 RSI: 00007ffcf2af5990 RDI: 00007ffcf2af5990
[   28.292560] RBP: 00007ffcf2af5990 R08: 0000000000000001 R09: 0000000000000001
[   28.299795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000eac940
[   28.307031] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000eab914
2018/02/20 08:49:23 executed programs: 556
2018/02/20 08:49:28 executed programs: 1319