[....] Starting enhanced syslogd: rsyslogd[   16.809556] audit: type=1400 audit(1519132505.674:5): avc:  denied  { syslog } for  pid=4017 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.892488] audit: type=1400 audit(1519132511.757:6): avc:  denied  { map } for  pid=4157 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   29.180594] audit: type=1400 audit(1519132518.045:7): avc:  denied  { map } for  pid=4171 comm="syzkaller664491" path="/root/syzkaller664491914" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.187770] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   29.404213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   29.723388] 
[   29.725047] =====================================
[   29.729855] WARNING: bad unlock balance detected!
[   29.734663] 4.16.0-rc2+ #234 Not tainted
[   29.738689] -------------------------------------
[   29.743495] kworker/0:2/1828 is trying to release lock (rcu_read_lock_bh) at:
[   29.750757] [<ffffffff8478e91b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.757733] but there are no more locks to release!
[   29.762714] 
[   29.762714] other info that might help us debug this:
[   29.769348] 5 locks held by kworker/0:2/1828:
[   29.773806]  #0:  ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<000000000faa19fc>] process_one_work+0xaaf/0x1af0
[   29.784614]  #1:  ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<000000009e9324f6>] process_one_work+0xb01/0x1af0
[   29.795941]  #2:  (rtnl_mutex){+.+.}, at: [<000000007f08073d>] rtnl_lock+0x17/0x20
[   29.803621]  #3:  (rcu_read_lock){....}, at: [<00000000b1255831>] ndisc_send_skb+0x826/0x1370
[   29.812254]  #4:  (rcu_read_lock){....}, at: [<0000000047c41480>] nf_hook.constprop.27+0x0/0x830
[   29.821158] 
[   29.821158] stack backtrace:
[   29.825624] CPU: 0 PID: 1828 Comm: kworker/0:2 Not tainted 4.16.0-rc2+ #234
[   29.832690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.842021] Workqueue: ipv6_addrconf addrconf_dad_work
[   29.847458] Call Trace:
[   29.850015]  dump_stack+0x194/0x257
[   29.853612]  ? arch_local_irq_restore+0x53/0x53
[   29.858250]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.863668]  print_unlock_imbalance_bug+0x12f/0x140
[   29.868652]  lock_release+0x6fe/0xa40
[   29.872433]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.877854]  ? lock_downgrade+0x980/0x980
[   29.881969]  ? lock_release+0xa40/0xa40
[   29.885911]  ? __raw_spin_lock_init+0x1c/0x100
[   29.890459]  ? do_raw_spin_trylock+0x190/0x190
[   29.895014]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   29.900261]  ? dsthash_find+0x5b0/0x5b0
[   29.904205]  ? __lock_acquire+0x664/0x3e00
[   29.908410]  ? ret_from_fork+0x3a/0x50
[   29.912268]  ? print_irqtrace_events+0x270/0x270
[   29.916994]  ? __unwind_start+0x169/0x330
[   29.921113]  hashlimit_mt+0x78/0x90
[   29.924707]  ? hashlimit_mt+0x78/0x90
[   29.928476]  ip6t_do_table+0x98d/0x1a30
[   29.932421]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   29.937579]  ? ip6t_error+0x60/0x60
[   29.941174]  ? check_noncircular+0x20/0x20
[   29.945376]  ? lock_acquire+0x1d5/0x580
[   29.949316]  ? lock_acquire+0x1d5/0x580
[   29.953259]  ? pndisc_destructor+0x340/0x340
[   29.957638]  ? lock_release+0xa40/0xa40
[   29.961592]  ip6table_raw_hook+0x65/0x80
[   29.965623]  nf_hook_slow+0xba/0x1a0
[   29.969305]  nf_hook.constprop.27+0x3f6/0x830
[   29.973769]  ? pndisc_destructor+0x340/0x340
[   29.978147]  ? find_held_lock+0x35/0x1d0
[   29.982176]  ? lock_acquire+0x1d5/0x580
[   29.986120]  ? lock_acquire+0x1d5/0x580
[   29.990064]  ? ndisc_send_skb+0x826/0x1370
[   29.994265]  ? lock_downgrade+0x980/0x980
[   29.998380]  ? lock_release+0xa40/0xa40
[   30.002327]  ? ndisc_error_report+0x180/0x180
[   30.006792]  ndisc_send_skb+0xa51/0x1370
[   30.010822]  ? nf_hook.constprop.27+0x830/0x830
[   30.015459]  ? check_noncircular+0x20/0x20
[   30.019663]  ? refcount_add_not_zero+0x133/0x200
[   30.024399]  ? refcount_dec_if_one+0x20/0x20
[   30.028775]  ? print_irqtrace_events+0x270/0x270
[   30.033503]  ndisc_send_ns+0x38a/0x870
[   30.037358]  ? ndisc_netdev_event+0x4a0/0x4a0
[   30.041822]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.046816]  ? addrconf_dad_work+0xa5e/0x1320
[   30.051280]  addrconf_dad_work+0xb9e/0x1320
[   30.055569]  ? addrconf_dad_work+0xb9e/0x1320
[   30.060034]  ? addrconf_ifdown+0x14f0/0x14f0
[   30.064410]  ? __lock_is_held+0xb6/0x140
[   30.068445]  process_one_work+0xbbf/0x1af0
[   30.072647]  ? process_one_work+0xbbf/0x1af0
[   30.077028]  ? pwq_dec_nr_in_flight+0x450/0x450
[   30.081669]  ? __schedule+0x90d/0x2070
[   30.085529]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.090515]  ? check_noncircular+0x20/0x20
[   30.094722]  ? retint_kernel+0x10/0x10
[   30.098582]  ? lock_acquire+0x1d5/0x580
[   30.102525]  ? lock_acquire+0x1d5/0x580
[   30.106469]  ? worker_thread+0x4a3/0x1990
[   30.110587]  ? lock_downgrade+0x980/0x980
[   30.114702]  ? lock_release+0xa40/0xa40
[   30.118646]  ? do_raw_spin_trylock+0x190/0x190
[   30.123198]  worker_thread+0x223/0x1990
[   30.127142]  ? finish_task_switch+0x1c0/0x860
[   30.131610]  ? process_one_work+0x1af0/0x1af0
[   30.136085]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.141073]  ? trace_hardirqs_on+0xd/0x10
[   30.145190]  ? mmdrop+0x18/0x30
[   30.148439]  ? finish_task_switch+0x279/0x860
[   30.152903]  ? copy_overflow+0x20/0x20
[   30.156761]  ? __schedule+0x90d/0x2070
[   30.160618]  ? check_noncircular+0x20/0x20
[   30.164819]  ? find_held_lock+0x35/0x1d0
[   30.168849]  ? find_held_lock+0x35/0x1d0
[   30.172877]  ? find_held_lock+0x35/0x1d0
[   30.176905]  ? complete+0x62/0x80
[   30.180326]  ? __schedule+0x2070/0x2070
[   30.184269]  ? do_wait_intr_irq+0x3e0/0x3e0
[   30.188557]  ? __lockdep_init_map+0xe4/0x650
[   30.192931]  ? do_raw_spin_trylock+0x190/0x190
[   30.197480]  ? lockdep_init_map+0x9/0x10
[   30.201508]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   30.206589]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.211575]  ? trace_hardirqs_on+0xd/0x10
[   30.215690]  ? __kthread_parkme+0x175/0x240
[   30.219981]  kthread+0x33c/0x400
[   30.223316]  ? process_on