[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.437639] audit: type=1400 audit(1519194133.746:6): avc: denied { map } for pid=4157 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. syzkaller login: [ 38.437190] audit: type=1400 audit(1519194153.745:7): avc: denied { map } for pid=4175 comm="syzkaller066274" path="/root/syzkaller066274850" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 38.445778] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 38.463139] audit: type=1400 audit(1519194153.750:8): avc: denied { sys_admin } for pid=4175 comm="syzkaller066274" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 38.511272] audit: type=1400 audit(1519194153.819:9): avc: denied { net_admin } for pid=4176 comm="syzkaller066274" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 38.692494] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 39.010360] audit: type=1400 audit(1519194154.319:10): avc: denied { sys_chroot } for pid=4176 comm="syzkaller066274" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 39.035126] audit: type=1400 audit(1519194154.319:11): avc: denied { net_raw } for pid=4176 comm="syzkaller066274" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 39.060339] [ 39.061973] ===================================== [ 39.066783] WARNING: bad unlock balance detected! [ 39.071596] 4.16.0-rc2+ #323 Not tainted [ 39.075626] ------------------------------------- [ 39.080435] kworker/1:1/23 is trying to release lock (rcu_read_lock_bh) at: [ 39.087510] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.094488] but there are no more locks to release! [ 39.099479] [ 39.099479] other info that might help us debug this: [ 39.106116] 5 locks held by kworker/1:1/23: [ 39.110403] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<000000001ef99fa4>] process_one_work+0xaaf/0x1af0 [ 39.121216] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<00000000953e820d>] process_one_work+0xb01/0x1af0 [ 39.132557] #2: (rtnl_mutex){+.+.}, at: [<00000000ae51c68e>] rtnl_lock+0x17/0x20 [ 39.140239] #3: (rcu_read_lock){....}, at: [<00000000a2a61963>] ndisc_send_skb+0x826/0x1370 [ 39.148876] #4: (rcu_read_lock){....}, at: [<00000000c3875c57>] nf_hook.constprop.27+0x0/0x830 [ 39.157775] [ 39.157775] stack backtrace: [ 39.162241] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #323 [ 39.169144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.178476] Workqueue: ipv6_addrconf addrconf_dad_work [ 39.183720] Call Trace: [ 39.186278] dump_stack+0x194/0x257 [ 39.189872] ? arch_local_irq_restore+0x53/0x53 [ 39.194516] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.199936] print_unlock_imbalance_bug+0x12f/0x140 [ 39.204922] lock_release+0x6fe/0xa40 [ 39.208692] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.214109] ? lock_downgrade+0x980/0x980 [ 39.218794] ? lock_release+0xa40/0xa40 [ 39.222737] ? __raw_spin_lock_init+0x1c/0x100 [ 39.227289] ? do_raw_spin_trylock+0x190/0x190 [ 39.231845] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 39.237090] ? dsthash_find+0x5b0/0x5b0 [ 39.241031] ? __lock_acquire+0x664/0x3e00 [ 39.245233] ? ret_from_fork+0x3a/0x50 [ 39.249090] ? print_irqtrace_events+0x270/0x270 [ 39.253817] ? __unwind_start+0x169/0x330 [ 39.257935] hashlimit_mt+0x78/0x90 [ 39.261532] ? hashlimit_mt+0x78/0x90 [ 39.265304] ip6t_do_table+0x98d/0x1a30 [ 39.269248] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 39.274408] ? ip6t_error+0x60/0x60 [ 39.278002] ? check_noncircular+0x20/0x20 [ 39.282203] ? lock_acquire+0x1d5/0x580 [ 39.286144] ? lock_acquire+0x1d5/0x580 [ 39.290086] ? pndisc_destructor+0x340/0x340 [ 39.294464] ? lock_release+0xa40/0xa40 [ 39.298407] ip6table_raw_hook+0x65/0x80 [ 39.302435] nf_hook_slow+0xba/0x1a0 [ 39.306116] nf_hook.constprop.27+0x3f6/0x830 [ 39.310578] ? pndisc_destructor+0x340/0x340 [ 39.314958] ? find_held_lock+0x35/0x1d0 [ 39.318985] ? lock_acquire+0x1d5/0x580 [ 39.322924] ? lock_acquire+0x1d5/0x580 [ 39.326864] ? ndisc_send_skb+0x826/0x1370 [ 39.331071] ? lock_downgrade+0x980/0x980 [ 39.335192] ? lock_release+0xa40/0xa40 [ 39.339134] ? ndisc_error_report+0x180/0x180 [ 39.343596] ndisc_send_skb+0xa51/0x1370 [ 39.347625] ? nf_hook.constprop.27+0x830/0x830 [ 39.352259] ? check_noncircular+0x20/0x20 [ 39.356462] ? refcount_add_not_zero+0x133/0x200 [ 39.361185] ? refcount_dec_if_one+0x20/0x20 [ 39.365564] ? print_irqtrace_events+0x270/0x270 [ 39.370290] ndisc_send_ns+0x38a/0x870 [ 39.374146] ? ndisc_netdev_event+0x4a0/0x4a0 [ 39.378609] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 39.383596] ? addrconf_dad_work+0xa5e/0x1320 [ 39.388057] addrconf_dad_work+0xb9e/0x1320 [ 39.392345] ? addrconf_dad_work+0xb9e/0x1320 [ 39.396812] ? addrconf_ifdown+0x14f0/0x14f0 [ 39.401192] ? __lock_is_held+0xb6/0x140 [ 39.405225] process_one_work+0xbbf/0x1af0 [ 39.409426] ? process_one_work+0xbbf/0x1af0 [ 39.413807] ? pwq_dec_nr_in_flight+0x450/0x450 [ 39.418457] ? __schedule+0x90d/0x2070 [ 39.422315] ? __lock_acquire+0x664/0x3e00 [ 39.426529] ? retint_kernel+0x10/0x10 [ 39.430384] ? check_noncircular+0x20/0x20 [ 39.434588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.439315] ? lock_acquire+0x1d5/0x580 [ 39.443258] ? lock_acquire+0x1d5/0x580 [ 39.447199] ? worker_thread+0x4a3/0x1990 [ 39.451316] ? lock_downgrade+0x980/0x980 [ 39.455442] ? lock_release+0xa40/0xa40 [ 39.459394] ? check_noncircular+0x20/0x20 [ 39.463599] ? do_raw_spin_trylock+0x190/0x190 [ 39.468151] worker_thread+0x223/0x1990 [ 39.472093] ? finish_task_switch+0x1c0/0x860 [ 39.476558] ? process_one_work+0x1af0/0x1af0 [ 39.481022] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 39.486005] ? trace_hardirqs_on+0xd/0x10 [ 39.490119] ? mmdrop+0x18/0x30 [ 39.493370] ? finish_task_switch+0x279/0x860 [ 39.497836] ? copy_overflow+0x20/0x20 [ 39.501694] ? __schedule+0x90d/0x2070 [ 39.505551] ? check_noncircular+0x20/0x20 [ 39.509764] ? find_held_lock+0x35/0x1d0 [ 39.513793] ? find_held_lock+0x35/0x1d0 [ 39.517825] ? find_held_lock+0x35/0x1d0 [ 39.521857] ? complete+0x62/0x80 [ 39.525279] ? __schedule+0x2070/0x2070 [ 39.529220] ? do_wait_intr_irq+0x3e0/0x3e0 [ 39.533510] ? __lockdep_init_map+0xe4/0x650 [ 39.537884] ? do_raw_spin_trylock+0x190/0x190 [ 39.542432] ? lockdep_init_map+0x9/0x10 [ 39.546459] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 39.551530] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 39.556512] ? trace_hardirqs_on+0xd/0x10 [ 39.560628] ? __kthread