[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.815840] audit: type=1400 audit(1519126704.945:6): avc: denied { map } for pid=4171 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. syzkaller login: [ 25.148656] audit: type=1400 audit(1519126711.278:7): avc: denied { map } for pid=4185 comm="syzkaller015297" path="/root/syzkaller015297295" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.160370] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.174631] audit: type=1400 audit(1519126711.282:8): avc: denied { sys_admin } for pid=4185 comm="syzkaller015297" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.223738] audit: type=1400 audit(1519126711.353:9): avc: denied { net_admin } for pid=4186 comm="syzkaller015297" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.424375] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.761381] audit: type=1400 audit(1519126711.891:10): avc: denied { sys_chroot } for pid=4186 comm="syzkaller015297" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.786131] audit: type=1400 audit(1519126711.892:11): avc: denied { net_raw } for pid=4186 comm="syzkaller015297" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.815293] [ 25.816925] ===================================== [ 25.821735] WARNING: bad unlock balance detected! [ 25.826545] 4.16.0-rc2+ #322 Not tainted [ 25.830579] ------------------------------------- [ 25.835395] syzkaller015297/4186 is trying to release lock (rcu_read_lock_bh) at: [ 25.842995] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.849977] but there are no more locks to release! [ 25.854962] [ 25.854962] other info that might help us debug this: [ 25.861607] 5 locks held by syzkaller015297/4186: [ 25.866420] #0: (rtnl_mutex){+.+.}, at: [<00000000d5e67655>] rtnl_lock+0x17/0x20 [ 25.874111] #1: (rcu_read_lock){....}, at: [<0000000054f82181>] __fib6_clean_all+0x0/0x3a0 [ 25.882665] #2: ((&idev->mc_ifc_timer)){+.-.}, at: [<000000002caff148>] call_timer_fn+0x1c6/0x820 [ 25.891831] #3: (rcu_read_lock){....}, at: [<000000004da3c740>] mld_sendpack+0x180/0xe70 [ 25.900213] #4: (rcu_read_lock){....}, at: [<00000000cc4797e7>] nf_hook.constprop.37+0x0/0x830 [ 25.909113] [ 25.909113] stack backtrace: [ 25.913582] CPU: 1 PID: 4186 Comm: syzkaller015297 Not tainted 4.16.0-rc2+ #322 [ 25.920996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.930324] Call Trace: [ 25.932880] [ 25.935009] dump_stack+0x194/0x257 [ 25.938611] ? arch_local_irq_restore+0x53/0x53 [ 25.943258] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.948682] print_unlock_imbalance_bug+0x12f/0x140 [ 25.953672] lock_release+0x6fe/0xa40 [ 25.957447] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.962871] ? lock_downgrade+0x980/0x980 [ 25.966992] ? lock_release+0xa40/0xa40 [ 25.970942] ? __raw_spin_lock_init+0x1c/0x100 [ 25.975498] ? do_raw_spin_trylock+0x190/0x190 [ 25.980074] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 25.985341] ? dsthash_find+0x5b0/0x5b0 [ 25.989293] ? __lock_acquire+0x664/0x3e00 [ 25.993499] ? is_bpf_text_address+0x7b/0x120 [ 25.997974] ? lock_downgrade+0x980/0x980 [ 26.002105] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.007276] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.012435] ? is_bpf_text_address+0xa4/0x120 [ 26.016907] ? __kernel_text_address+0xd/0x40 [ 26.021375] ? unwind_get_return_address+0x61/0xa0 [ 26.026278] hashlimit_mt+0x78/0x90 [ 26.029880] ? hashlimit_mt+0x78/0x90 [ 26.033653] ip6t_do_table+0x98d/0x1a30 [ 26.037607] ? kmem_cache_alloc_trace+0x136/0x740 [ 26.042426] ? mld_sendpack+0x617/0xe70 [ 26.046376] ? ip6t_error+0x60/0x60 [ 26.049974] ? __tun_detach+0x520/0x10b0 [ 26.054014] ? check_noncircular+0x20/0x20 [ 26.058225] ? lock_acquire+0x1d5/0x580 [ 26.062172] ? lock_acquire+0x1d5/0x580 [ 26.066123] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.070595] ? lock_release+0xa40/0xa40 [ 26.074548] ip6table_raw_hook+0x65/0x80 [ 26.078584] nf_hook_slow+0xba/0x1a0 [ 26.082272] nf_hook.constprop.37+0x3f6/0x830 [ 26.086742] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.091209] ? trace_hardirqs_on+0xd/0x10 [ 26.095330] ? __local_bh_enable_ip+0x121/0x230 [ 26.099974] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.104360] ? rt6_uncached_list_add+0x1b7/0x240 [ 26.109089] ? rt6_fill_node+0x18b0/0x18b0 [ 26.113299] ? icmp6_dst_alloc+0x475/0x660 [ 26.117508] ? ip6_mc_leave_src+0x1d0/0x1d0 [ 26.121807] ? icmpv6_flow_init+0x1f6/0x270 [ 26.126104] mld_sendpack+0x6c2/0xe70 [ 26.129882] ? nf_hook.constprop.37+0x830/0x830 [ 26.134527] ? mark_held_locks+0xaf/0x100 [ 26.138650] ? trace_hardirqs_on+0xd/0x10 [ 26.142772] ? __local_bh_enable_ip+0x121/0x230 [ 26.148166] mld_ifc_timer_expire+0x3d9/0x770 [ 26.152643] call_timer_fn+0x228/0x820 [ 26.156506] ? mld_dad_timer_expire+0x100/0x100 [ 26.161144] ? process_timeout+0x40/0x40 [ 26.165177] ? __run_timers+0x7e3/0xb70 [ 26.169121] ? lock_downgrade+0x980/0x980 [ 26.173242] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 26.178318] ? debug_object_deactivate+0x364/0x560 [ 26.183225] ? mark_held_locks+0xaf/0x100 [ 26.187348] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.192336] ? mld_dad_timer_expire+0x100/0x100 [ 26.196981] ? mld_dad_timer_expire+0x100/0x100 [ 26.201624] __run_timers+0x7ee/0xb70 [ 26.205402] ? trigger_dyntick_cpu.isra.29+0x150/0x150 [ 26.210656] ? lock_downgrade+0x980/0x980 [ 26.214781] ? pvclock_read_flags+0x160/0x160 [ 26.219250] ? find_held_lock+0x35/0x1d0 [ 26.223287] ? print_irqtrace_events+0x270/0x270 [ 26.228020] ? ktime_get+0x26f/0x3a0 [ 26.231711] ? check_noncircular+0x20/0x20 [ 26.235923] ? ktime_get_resolution_ns+0x300/0x300 [ 26.240835] ? __lock_is_held+0xb6/0x140 [ 26.244873] run_timer_softirq+0x4c/0x70 [ 26.248922] __do_softirq+0x2d7/0xb85 [ 26.252707] ? task_prio+0x50/0x50 [ 26.256221] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4 [ 26.261300] ? irq_exit+0xbb/0x200 [ 26.264814] ? smp_apic_timer_interrupt+0x16b/0x700 [ 26.269803] ? smp_reschedule_interrupt+0xe6/0x650 [ 26.274707] ? smp_call_function_single_interrupt+0x640/0x640 [ 26.280564] ? _raw_spin_lock+0x32/0x40 [ 26.284512] ? _raw_spin_unlock+0x22/0x30 [ 26.288633] ? handle_edge_irq+0x2b4/0x7c0 [ 26.292843] ? task_prio+0x50/0x50 [ 26.296360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.301179] do_softirq_own_stack+0x2a/0x40 [ 26.305473] [ 26.307686] do_softirq.part.19+0x14d/0x190 [ 26.311979] ? __fib6_clean_all+0x1fc/0x3a0 [ 26.316288] __local_bh_enable_ip+0x1ee/0x230 [ 26.320758] _raw_spin_unlock_bh+0x30/0x40 [ 26.324964] __fib6_clean_all+0x1fc/0x3a0 [ 26.329089] ? rt6_multipath_rebalance.part.60+0x7b0/0x7b0 [ 26.334686] ? fib6_repair_tree.part.21+0xf10/0xf10 [ 26.339675] ? rcutorture_record_progress+0x10/0x10 [ 26.344751] ? rt6_multipath_rebalance.part.60+0x7b0/0x7b0 [ 26.350350] fib6_clean_all+0x27/0x30 [ 26.354122] rt6_disable_ip+0xfd/0x700 [ 26.357984] ? __save_stack_trace+0x7e/0xd0 [ 26.362281] ? rt6_sync_down_dev+0x140/0x140 [ 26.366664] ? print_lockdep_cache.isra.32+0x109/0x109 [ 26.371913] ? rtnl_is_locked+0x54/0xb0 [ 26.375869] ? save_trace+0xe0/0x2b0 [ 26.379559] addrconf_ifdown+0x14b/0x14f0 [ 26.383683] ? inet6_rtm_newaddr+0xcf0/0xcf0 [ 26.388065] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.393229] ? ip_vs_dst_event+0xc4/0x650 [ 26.397354] ? __mutex_lock+0x16f/0x1a80 [ 26.401388] ? ip_vs_dst_event+0xc4/0x650 [ 26.405520] ? check_noncircular+0x20/0x20 [ 26.409733] ? mutex_lock_io_nested+0x1900/0x1900 [ 26.414548] ? check_noncircular+0x20/0x20 [ 26.418755] ? find_held_lock+0x35/0x1d0 [ 26.422800] ? __lock_is_held+0xb6/0x140 [ 26.426848] addrconf_notify+0x5f8/0x2310 [ 26.430971] ? snmp_helper+0xb10/0xb10 [ 26.434834] ? inet6_ifinfo_notify+0x130/0x130 [ 26.439392] ? rcu_note_context_switch+0x710/0x710 [ 26.444293] ? ip_vs_dst_event+0x23b/0x650 [ 26.448499] ? __might_sleep+0x95/0x190 [ 26.452445] ? _cond_resched+0x14/0x30 [ 26.456306] ? nf_ct_iterate_cleanup_net+0x13e/0x2b0 [ 26.461383] ? ip6mr_device_event+0x8c/0x340 [ 26.465763] ? nf_ct_iterate_cleanup+0x4f0/0x4f0 [ 26.470493] ? mif6_delete+0x620/0x620 [ 26.474355] ? ip_vs_dst_event+0x23b/0x650 [ 26.478562] ? trace_hardirqs_on+0xd/0x10 [ 26.482682] ? mutex_unlock+0xd/0x10 [ 26.486369] ? ip_vs_dst_event+0x24c/0x650 [ 26.490579] notifier_call_chain+0x136/0x2c0 [ 26.494959] ? notifier_call_chain+0x136/0x2c0 [ 26.499532] ? raw_notifier_chain_unregister+0x1b0/0x1b0 [ 26.504957] ? rtmsg_ifinfo_build_skb+0xcc/0x1a0 [ 26.509685] ? rtnl_is_locked+0x54/0xb0 [ 26.513643] ? rtnl_kfree_skbs+0x70/0x70 [ 26.517681] raw_notifier_call_chain+0x2d/0x40 [ 26.522254] call_netdevice_notifiers_info+0x32/0x70 [ 26.527333] dev_close_many+0x3fb/0x850 [ 26.531280] ? lock_downgrade+0x980/0x980 [ 26.535400] ? rps_trigger_softirq+0x210/0x210 [ 26.539955] ? do_raw_spin_trylock+0x190/0x190 [ 26.544510] ? calc_wheel_index+0x200/0x200 [ 26.548806] ? trace_hardirqs_off+0xd/0x10 [ 26.553014] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 26.558106] ? add_timer+0x5a5/0x1450 [ 26.561879] ? __lock_is_held+0xb6/0x140 [ 26.565914] ? rtnl_is_locked+0x54/0xb0 [ 26.569863] ? mod_timer_pending+0x1440/0x1440 [ 26.574420] ? kfree_skbmem+0x1a1/0x1d0 [ 26.578369] rollback_registered_many+0x4d5/0xe20 [ 26.583189] ? dev_xdp_uninstall+0x310/0x310 [ 26.587578] ? check_noncircular+0x20/0x20 [ 26.591784] ? kfree_skb+0x16a/0x4c0 [ 26.595474] ? print_irqtrace_events+0x270/0x270 [ 26.600203] ? print_irqtrace_events+0x270/0x270 [ 26.604936] ? print_irqtrace_events+0x270/0x270 [ 26.609668] rollback_registered+0x1be/0x3c0 [ 26.614053] ? rollback_registered_many+0xe20/0xe20 [ 26.619042] ? __queue_delayed_work+0x226/0x340 [ 26.623688] ? mark_held_locks+0xaf/0x100 [ 26.627808] ? queue_delayed_work_on+0xc9/0x1d0 [ 26.632451] ? rtnl_is_locked+0x54/0xb0 [ 26.636403] ? trace_hardirqs_on+0xd/0x10 [ 26.640525] ? queue_delayed_work_on+0x10d/0x1d0 [ 26.645253] unregister_netdevice_queue+0x2e3/0x5f0 [ 26.650245] ? rollback_registered+0x3c0/0x3c0 [ 26.654801] ? linkwatch_schedule_work+0x130/0x130 [ 26.659707] ? tun_ptr_free+0x3d0/0x3d0 [ 26.663653] ? mark_held_locks+0xaf/0x100 [ 26.667774] ? __local_bh_enable_ip+0x121/0x230 [ 26.672418] ? __tun_detach+0xa4c/0x10b0 [ 26.676453] ? trace_hardirqs_on+0xd/0x10 [ 26.680579] __tun_detach+0x520/0x10b0 [ 26.684442] ? tun_cleanup_tx_ring.part.46+0x550/0x550 [ 26.689693] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 26.695556] ? locks_remove_file+0x3fa/0x5a0 [ 26.699941] ? fcntl_setlk+0x1100/0x1100 [ 26.703975] ? fsnotify+0x7b3/0x1140 [ 26.707670] ? __tun_detach+0x10b0/0x10b0 [ 26.711792] ? __tun_detach+0x10b0/0x10b0 [ 26.715912] tun_chr_close+0x44/0x60 [ 26.719602] __fput+0x327/0x7e0 [ 26.722857] ? fput+0x140/0x140 [ 26.726112] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 26.731971] ____fput+0x15/0x20 [ 26.735227] task_work_run+0x199/0x270 [ 26.739092] ? task_work_cancel+0x210/0x210 [ 26.743387] ? free_nsproxy+0x18b/0x1f0 [ 26.747334] ? switch_task_namespaces+0xa2/0xc0 [ 26.751980] do_exit+0x9bb/0x1ad0 [ 26.755408] ? tun_do_read+0x26c0/0x26c0 [ 26.759443] ? __check_object_size+0x8b/0x530 [ 26.763912] ? mm_update_next_owner+0x930/0x930 [ 26.768554] ? tun_chr_write_iter+0x14d/0x1c0 [ 26.773025] ? fsnotify+0x7b3/0x1140 [ 26.776713] ? do_iter_readv_writev+0x5c7/0x830 [ 26.781359] ? fsnotify_first_mark+0x2b0/0x2b0 [ 26.785915] ? rcu_pm_notify+0xc0/0xc0 [ 26.789778] ? vfs_writev+0x210/0x340 [ 26.793551] ? kfree+0x1f6/0x260 [ 26.796918] ? vfs_writev+0x215/0x340 [ 26.800702] ? __fdget_pos+0x130/0x190 [ 26.804563] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 26.809120] ? __fdget_raw+0x20/0x20 [ 26.812813] do_group_exit+0x149/0x400 [ 26.816675] ? SyS_exit+0x30/0x30 [ 26.820102] ? move_addr_to_kernel+0x60/0x60 [ 26.824484] ? do_syscall_64+0xb6/0x940 [ 26.828432] ? do_group_exit+0x400/0x400 [ 26.832465] SyS_exit_group+0x1d/0x20 [ 26.836240] do_syscall_64+0x280/0x940 [ 26.840101] ? __do_page_fault+0xc90/0xc90 [ 26.844309] ? finish_task_switch+0x1c0/0x860 [ 26.848775] ? finish_task_switch+0x181/0x860 [ 26.853243] ? syscall_return_slowpath+0x550/0x550 [ 26.858145] ? syscall_return_slowpath+0x2ac/0x550 [ 26.863050] ? prepare_exit_to_usermode+0x350/0x350 [ 26.868044] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 26.873382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.878202] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.883369] RIP: 0033:0x4467f9 [ 26.886530] RSP: 002b:00000000007efde8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7 [ 26.894208] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004467f9 [ 26.901452] RDX: 00000000004466f0 RSI: 0000000000000001 RDI: 0000000000000001 [ 26.908694] RBP: 0000000000000068 R08: 0000000120080522 R09: 0000000000000000 [ 26.915935] R10: 00000000000004a8 R11: 00000000000