[....] Starting enhanced syslogd: rsyslogd[ 15.415399] audit: type=1400 audit(1519197091.671:5): avc: denied { syslog } for pid=4007 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.414960] audit: type=1400 audit(1519197093.670:6): avc: denied { map } for pid=4146 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. [ 23.690940] audit: type=1400 audit(1519197099.946:7): avc: denied { map } for pid=4160 comm="syzkaller426388" path="/root/syzkaller426388903" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.702648] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 23.717197] audit: type=1400 audit(1519197099.951:8): avc: denied { sys_admin } for pid=4160 comm="syzkaller426388" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.752937] audit: type=1400 audit(1519197100.008:9): avc: denied { net_admin } for pid=4161 comm="syzkaller426388" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 23.969907] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 24.288394] audit: type=1400 audit(1519197100.544:10): avc: denied { sys_chroot } for pid=4161 comm="syzkaller426388" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.313163] audit: type=1400 audit(1519197100.546:11): avc: denied { net_raw } for pid=4161 comm="syzkaller426388" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.351691] [ 24.353318] ===================================== [ 24.358125] WARNING: bad unlock balance detected! [ 24.362934] 4.16.0-rc2+ #323 Not tainted [ 24.366959] ------------------------------------- [ 24.371771] kworker/0:1/23 is trying to release lock (rcu_read_lock_bh) at: [ 24.378845] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 24.385820] but there are no more locks to release! [ 24.390799] [ 24.390799] other info that might help us debug this: [ 24.397430] 5 locks held by kworker/0:1/23: [ 24.401714] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<0000000094050c45>] process_one_work+0xaaf/0x1af0 [ 24.412521] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<000000002ae56a00>] process_one_work+0xb01/0x1af0 [ 24.423846] #2: (rtnl_mutex){+.+.}, at: [<000000003ac7fdb5>] rtnl_lock+0x17/0x20 [ 24.431522] #3: (rcu_read_lock){....}, at: [<00000000ee3c5140>] ndisc_send_skb+0x826/0x1370 [ 24.440159] #4: (rcu_read_lock){....}, at: [<00000000353e0caa>] nf_hook.constprop.27+0x0/0x830 [ 24.449052] [ 24.449052] stack backtrace: [ 24.453514] CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 4.16.0-rc2+ #323 [ 24.460403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.469728] Workqueue: ipv6_addrconf addrconf_dad_work [ 24.474970] Call Trace: [ 24.477524] dump_stack+0x194/0x257 [ 24.481122] ? arch_local_irq_restore+0x53/0x53 [ 24.485768] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 24.491184] print_unlock_imbalance_bug+0x12f/0x140 [ 24.496167] lock_release+0x6fe/0xa40 [ 24.499937] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 24.505355] ? lock_downgrade+0x980/0x980 [ 24.509471] ? lock_release+0xa40/0xa40 [ 24.513411] ? __raw_spin_lock_init+0x1c/0x100 [ 24.517959] ? do_raw_spin_trylock+0x190/0x190 [ 24.522517] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 24.527765] ? dsthash_find+0x5b0/0x5b0 [ 24.531704] ? __lock_acquire+0x664/0x3e00 [ 24.535906] ? ret_from_fork+0x3a/0x50 [ 24.539764] ? print_irqtrace_events+0x270/0x270 [ 24.544490] ? __unwind_start+0x169/0x330 [ 24.548606] hashlimit_mt+0x78/0x90 [ 24.552202] ? hashlimit_mt+0x78/0x90 [ 24.555973] ip6t_do_table+0x98d/0x1a30 [ 24.559916] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.565076] ? ip6t_error+0x60/0x60 [ 24.568672] ? check_noncircular+0x20/0x20 [ 24.572872] ? lock_acquire+0x1d5/0x580 [ 24.576811] ? lock_acquire+0x1d5/0x580 [ 24.580754] ? pndisc_destructor+0x340/0x340 [ 24.585128] ? lock_release+0xa40/0xa40 [ 24.589076] ip6table_raw_hook+0x65/0x80 [ 24.593103] nf_hook_slow+0xba/0x1a0 [ 24.596788] nf_hook.constprop.27+0x3f6/0x830 [ 24.601250] ? pndisc_destructor+0x340/0x340 [ 24.605626] ? find_held_lock+0x35/0x1d0 [ 24.609654] ? lock_acquire+0x1d5/0x580 [ 24.613604] ? lock_acquire+0x1d5/0x580 [ 24.617545] ? ndisc_send_skb+0x826/0x1370 [ 24.621751] ? lock_downgrade+0x980/0x980 [ 24.625866] ? lock_release+0xa40/0xa40 [ 24.629808] ? ndisc_error_report+0x180/0x180 [ 24.634270] ndisc_send_skb+0xa51/0x1370 [ 24.638300] ? nf_hook.constprop.27+0x830/0x830 [ 24.642935] ? check_noncircular+0x20/0x20 [ 24.647146] ? refcount_add_not_zero+0x133/0x200 [ 24.651875] ? refcount_dec_if_one+0x20/0x20 [ 24.656250] ? print_irqtrace_events+0x270/0x270 [ 24.660977] ndisc_send_ns+0x38a/0x870 [ 24.664832] ? ndisc_netdev_event+0x4a0/0x4a0 [ 24.669293] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.674278] ? addrconf_dad_work+0xa5e/0x1320 [ 24.678744] addrconf_dad_work+0xb9e/0x1320 [ 24.683033] ? addrconf_dad_work+0xb9e/0x1320 [ 24.687494] ? addrconf_ifdown+0x14f0/0x14f0 [ 24.691869] ? __lock_is_held+0xb6/0x140 [ 24.695902] process_one_work+0xbbf/0x1af0 [ 24.700105] ? process_one_work+0xbbf/0x1af0 [ 24.704486] ? pwq_dec_nr_in_flight+0x450/0x450 [ 24.709129] ? __schedule+0x90d/0x2070 [ 24.713017] ? __lock_acquire+0x664/0x3e00 [ 24.717258] ? check_noncircular+0x20/0x20 [ 24.721624] ? check_noncircular+0x20/0x20 [ 24.725907] ? lock_acquire+0x1d5/0x580 [ 24.729965] ? lock_acquire+0x1d5/0x580 [ 24.733976] ? worker_thread+0x4a3/0x1990 [ 24.738516] ? lock_downgrade+0x980/0x980 [ 24.742709] ? lock_release+0xa40/0xa40 [ 24.746869] ? check_noncircular+0x20/0x20 [ 24.751130] ? do_raw_spin_trylock+0x190/0x190 [ 24.755759] worker_thread+0x223/0x1990 [ 24.760002] ? finish_task_switch+0x1c0/0x860 [ 24.764635] ? process_one_work+0x1af0/0x1af0 [ 24.769158] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.774329] ? trace_hardirqs_on+0xd/0x10 [ 24.778505] ? mmdrop+0x18/0x30 [ 24.781821] ? finish_task_switch+0x279/0x860 [ 24.786343] ? copy_overflow+0x20/0x20 [ 24.790212] ? __schedule+0x90d/0x2070 [ 24.794073] ? check_noncircular+0x20/0x20 [ 24.798286] ? find_held_lock+0x35/0x1d0 [ 24.802332] ? find_held_lock+0x35/0x1d0 [ 24.806372] ? find_held_lock+0x35/0x1d0 [ 24.810406] ? complete+0x62/0x80 [ 24.813832] ? __schedule+0x2070/0x2070 [ 24.817783] ? do_wait_intr_irq+0x3e0/0x3e0 [ 24.822079] ? __lockdep_init_map+0xe4/0x650 [ 24.826462] ? do_raw_spin_trylock+0x190/0x190 [ 24.831018] ? lockdep_init_map+0x9/0x10 [ 24.835060] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 24.840131] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.845114] ? trace_hardirqs_on+0xd/0x10 [ 24.849231] ? __kthread_parkme+0x175/0x240 [