[....] Starting enhanced syslogd: rsyslogd[   15.544390] audit: type=1400 audit(1519118437.390:5): avc:  denied  { syslog } for  pid=3948 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.955453] audit: type=1400 audit(1519118440.800:6): avc:  denied  { map } for  pid=4087 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
[   25.263563] audit: type=1400 audit(1519118447.109:7): avc:  denied  { map } for  pid=4101 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/20 09:20:47 parsed 1 programs
2018/02/20 09:20:47 executed programs: 0
[   25.531509] audit: type=1400 audit(1519118447.377:8): avc:  denied  { map } for  pid=4101 comm="syz-execprog" path="/root/syzkaller-shm754023049" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.548855] IPVS: ftp: loaded support on port[0] = 21
[   25.786685] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   26.183400] 
[   26.185060] =====================================
[   26.189868] WARNING: bad unlock balance detected!
[   26.194679] 4.16.0-rc1+ #232 Not tainted
[   26.198706] -------------------------------------
[   26.203516] syz-executor0/4109 is trying to release lock (rcu_read_lock_bh) at:
[   26.210945] [<ffffffff8478b78b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.217924] but there are no more locks to release!
[   26.222906] 
[   26.222906] other info that might help us debug this:
[   26.229543] 6 locks held by syz-executor0/4109:
[   26.234176]  #0:  (sb_writers#4){.+.+}, at: [<00000000d32dbed3>] mnt_want_write+0x3f/0xb0
[   26.242472]  #1:  (&type->i_mutex_dir_key/1){+.+.}, at: [<00000000c7b44eef>] do_rmdir+0x380/0x5f0
[   26.251459]  #2:  (sb_internal){.+.+}, at: [<00000000e0df12a5>] ext4_evict_inode+0x5e3/0x17d0
[   26.260099]  #3:  ((&idev->mc_ifc_timer)){+.-.}, at: [<000000008de23c89>] call_timer_fn+0x1c6/0x820
[   26.269259]  #4:  (rcu_read_lock){....}, at: [<000000001b46c3f8>] mld_sendpack+0x180/0xe70
[   26.277636]  #5:  (rcu_read_lock){....}, at: [<0000000007e38dd3>] nf_hook.constprop.37+0x0/0x830
[   26.286536] 
[   26.286536] stack backtrace:
[   26.291004] CPU: 0 PID: 4109 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #232
[   26.298252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.307583] Call Trace:
[   26.310140]  <IRQ>
[   26.312276]  dump_stack+0x194/0x257
[   26.315993]  ? arch_local_irq_restore+0x53/0x53
[   26.320657]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.326091]  print_unlock_imbalance_bug+0x12f/0x140
[   26.331081]  lock_release+0x6fe/0xa40
[   26.334854]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.340293]  ? lock_downgrade+0x980/0x980
[   26.344411]  ? lock_release+0xa40/0xa40
[   26.348356]  ? __raw_spin_lock_init+0x1c/0x100
[   26.352907]  ? do_raw_spin_trylock+0x190/0x190
[   26.357461]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   26.362709]  ? lock_downgrade+0x980/0x980
[   26.366832]  ? dsthash_find+0x5b0/0x5b0
[   26.370780]  ? __lock_acquire+0x664/0x3e00
[   26.374985]  ? is_bpf_text_address+0x7b/0x120
[   26.379450]  ? lock_downgrade+0x8da/0x980
[   26.383574]  ? rcutorture_record_progress+0x10/0x10
[   26.388564]  ? __kernel_text_address+0xd/0x40
[   26.393030]  ? unwind_get_return_address+0x61/0xa0
[   26.397932]  hashlimit_mt+0x78/0x90
[   26.401530]  ? hashlimit_mt+0x78/0x90
[   26.405302]  ip6t_do_table+0x98d/0x1a30
[   26.409250]  ? kmem_cache_alloc_trace+0x136/0x740
[   26.414065]  ? mld_sendpack+0x617/0xe70
[   26.418013]  ? ip6t_error+0x60/0x60
[   26.421611]  ? check_noncircular+0x20/0x20
[   26.425816]  ? lock_acquire+0x1d5/0x580
[   26.429760]  ? lock_acquire+0x1d5/0x580
[   26.433710]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.438175]  ? lock_release+0xa40/0xa40
[   26.442122]  ip6table_raw_hook+0x65/0x80
[   26.446157]  nf_hook_slow+0xba/0x1a0
[   26.449845]  nf_hook.constprop.37+0x3f6/0x830
[   26.454312]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.458780]  ? trace_hardirqs_on+0xd/0x10
[   26.462901]  ? __local_bh_enable_ip+0x121/0x230
[   26.467542]  ? _raw_spin_unlock_bh+0x30/0x40
[   26.471920]  ? rt6_uncached_list_add+0x1b7/0x240
[   26.476646]  ? rt6_fill_node+0x18b0/0x18b0
[   26.480856]  ? icmp6_dst_alloc+0x475/0x660
[   26.485064]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   26.489357]  ? icmpv6_flow_init+0x1f6/0x270
[   26.493648]  mld_sendpack+0x6c2/0xe70
[   26.497420]  ? nf_hook.constprop.37+0x830/0x830
[   26.502061]  ? mark_held_locks+0xaf/0x100
[   26.506179]  ? trace_hardirqs_on+0xd/0x10
[   26.510382]  ? __local_bh_enable_ip+0x121/0x230
[   26.515022]  mld_ifc_timer_expire+0x3d9/0x770
[   26.519488]  call_timer_fn+0x228/0x820
[   26.523347]  ? mld_dad_timer_expire+0x100/0x100
[   26.527986]  ? process_timeout+0x40/0x40
[   26.532017]  ? __run_timers+0x7e3/0xb70
[   26.535964]  ? lock_downgrade+0x980/0x980
[   26.540086]  ? debug_object_deactivate+0x364/0x560
[   26.544986]  ? lock_release+0xa40/0xa40
[   26.548932]  ? mark_held_locks+0xaf/0x100
[   26.553051]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.558734]  ? mld_dad_timer_expire+0x100/0x100
[   26.563370]  ? mld_dad_timer_expire+0x100/0x100
[   26.568012]  __run_timers+0x7ee/0xb70
[   26.571786]  ? trigger_dyntick_cpu.isra.29+0x150/0x150
[   26.577045]  ? timerqueue_add+0x1e9/0x280
[   26.581164]  ? check_noncircular+0x20/0x20
[   26.585371]  ? enqueue_hrtimer+0x177/0x4b0
[   26.589586]  ? lock_release+0xa40/0xa40
[   26.593529]  ? retrigger_next_event+0x1e0/0x1e0
[   26.598345]  ? print_irqtrace_events+0x270/0x270
[   26.603070]  ? check_noncircular+0x20/0x20
[   26.607275]  ? clockevents_program_event+0x163/0x2e0
[   26.612347]  ? lock_downgrade+0x980/0x980
[   26.616466]  ? __lock_is_held+0xb6/0x140
[   26.620511]  run_timer_softirq+0x4c/0x70
[   26.624547]  __do_softirq+0x2d7/0xb85
[   26.628317]  ? ktime_get+0x26f/0x3a0
[   26.632005]  ? __irqentry_text_end+0x1f8ee4/0x1f8ee4
[   26.637081]  ? check_noncircular+0x20/0x20
[   26.641291]  ? native_apic_msr_write+0x5c/0x80
[   26.645843]  ? lapic_next_event+0x54/0x80
[   26.649964]  ? clockevents_program_event+0x108/0x2e0
[   26.655039]  ? tick_program_event+0x83/0x100
[   26.659432]  ? __lock_is_held+0xb6/0x140
[   26.663467]  irq_exit+0x1cc/0x200
[   26.666892]  smp_apic_timer_interrupt+0x16b/0x700
[   26.671801]  ? smp_reschedule_interrupt+0xe6/0x650
[   26.676699]  ? smp_call_function_single_interrupt+0x640/0x640
[   26.682567]  ? _raw_spin_lock+0x32/0x40
[   26.686512]  ? _raw_spin_unlock+0x22/0x30
[   26.690631]  ? handle_edge_irq+0x2b4/0x7c0
[   26.694842]  ? task_prio+0x50/0x50
[   26.698443]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.703258]  ? jbd2_journal_stop+0x482/0x1490
[   26.707724]  apic_timer_interrupt+0xa9/0xb0
[   26.712015]  </IRQ>
[   26.714226] RIP: 0010:kmem_cache_free+0xf2/0x2a0
[   26.718960] RSP: 0018:ffff8801befff2c8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff12
[   26.726639] RAX: 0000000000000007 RBX: ffff8801d50eb800 RCX: 0000000000000006
[   26.733879] RDX: 0000000000000000 RSI: 1ffff10037b8ed65 RDI: 0000000000000282
[   26.741121] RBP: ffff8801befff2e8 R08: 1ffff10037dffe27 R09: 0000000000000000
[   26.748361] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b07d67c0
[   26.755602] R13: 0000000000000282 R14: ffffffff81f0f2a2 R15: ffff8801bdc76240
[   26.762849]  ? jbd2_journal_stop+0x482/0x1490
[   26.767317]  jbd2_journal_stop+0x482/0x1490
[   26.771610]  ? ext4_free_inode+0x21b/0x1740
[   26.775903]  ? jbd2_buffer_abort_trigger+0x90/0x90
[   26.780808]  ? ext4_mark_bitmap_end+0x40/0x40
[   26.785277]  ? ext4_mark_inode_dirty+0x21d/0xa10
[   26.790005]  ? ext4_unlink+0x1100/0x1100
[   26.794035]  ? ext4_evict_inode+0xbfd/0x17d0
[   26.798430]  ? ext4_expand_extra_isize+0x580/0x580
[   26.803330]  ? ext4_xattr_ensure_credits+0x6e/0x2a0
[   26.808316]  ? ext4_xattr_delete_inode+0x24d/0xdf0
[   26.813216]  ? ext4_expand_extra_isize_ea+0x1910/0x1910
[   26.818553]  __ext4_journal_stop+0x12c/0x1c0
[   26.822935]  ext4_evict_inode+0xc2b/0x17d0
[   26.827146]  ? ext4_da_write_begin+0x1020/0x1020
[   26.831876]  ? inode_wait_for_writeback+0x2f/0x40
[   26.836691]  ? lock_downgrade+0x980/0x980
[   26.840810]  ? lock_release+0xa40/0xa40
[   26.844761]  ? __inode_wait_for_writeback+0x292/0x330
[   26.849922]  ? do_raw_spin_trylock+0x190/0x190
[   26.854477]  ? bit_waitqueue+0x30/0x30
[   26.860941]  ? _raw_spin_unlock+0x22/0x30
[   26.865059]  ? ext4_da_write_begin+0x1020/0x1020
[   26.869786]  evict+0x481/0x920
[   26.872949]  ? destroy_inode+0x200/0x200
[   26.876981]  ? iput+0x7b1/0xaf0
[   26.880323]  ? lock_downgrade+0x980/0x980
[   26.884442]  ? rcu_read_lock_sched_held+0x108/0x120
[   26.889429]  ? ext4_drop_inode+0x10c/0x390
[   26.893635]  ? ext4_sync_fs+0x9f0/0x9f0
[   26.897582]  ? do_raw_spin_trylock+0x190/0x190
[   26.902136]  ? cpumask_local_spread+0x260/0x260
[   26.906785]  ? lock_downgrade+0x980/0x980
[   26.910904]  iput+0x7b9/0xaf0
[   26.913979]  ? ext4_sync_fs+0x9f0/0x9f0
[   26.917923]  ? dispose_list+0x3f0/0x3f0
[   26.921872]  ? fsnotify_grab_connector+0x17f/0x270
[   26.926771]  ? fsnotify_recalc_mask.part.6+0xa0/0xa0
[   26.931844]  ? find_held_lock+0x35/0x1d0
[   26.935875]  ? do_raw_spin_trylock+0x190/0x190
[   26.940429]  ? fsnotify_first_mark+0x2b0/0x2b0
[   26.944983]  ? fsnotify_destroy_marks+0x13e/0x190
[   26.949798]  dentry_unlink_inode+0x4b0/0x5e0
[   26.954173]  ? d_delete+0x66/0x280
[   26.957684]  ? release_dentry_name_snapshot+0x70/0x70
[   26.962845]  ? lock_release+0xa40/0xa40
[   26.966796]  d_delete+0x1ca/0x280
[   26.970220]  vfs_rmdir+0x32d/0x410
[   26.973734]  do_rmdir+0x4c8/0x5f0
[   26.977171]  ? user_path_create+0x40/0x40
[   26.981296]  ? exit_to_usermode_loop+0x198/0x2f0
[   26.986022]  ? fillonedir+0x250/0x250
[   26.989796]  ? do_syscall_64+0xb7/0x940
[   26.993745]  ? SyS_mkdir+0x2a0/0x2a0
[   26.997428]  SyS_rmdir+0x1a/0x20
[   27.000770]  do_syscall_64+0x282/0x940
[   27.004631]  ? __do_page_fault+0xc90/0xc90
[   27.008839]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.013566]  ? syscall_return_slowpath+0x550/0x550
[   27.018467]  ? syscall_return_slowpath+0x2ac/0x550
[   27.023366]  ? prepare_exit_to_usermode+0x350/0x350
[   27.028356]  ? entry_SYSCALL_64_after_hwframe+0x36/0x9b
[   27.033691]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.038506]  entry_SYSCALL_64_after_hwframe+0x26/0x9b
[   27.043668] RIP: 0033:0x453b37
[   27.046830] RSP: 002b:00007ffe1da37098 EFLAGS: 00000202 ORIG_RAX: 0000000000000054
[   27.054509] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 0000000000453b37
[   27.061749] RDX: 0000000000000000 RSI: 00007ffe1da38e50 RDI: 00007ffe1da38e50
[   27.068990] RBP: 00007ffe1da38e50 R08: 0000000000000001 R09: 0000000000000001
[   27.076229] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000027e1940
[   27.083468] R13: 0000000000000000 R14: 0000000000000003 R15: 00000000027e0914
2018/02/20 09:20:52 executed programs: 468
2018/02/20 09:20:57 executed programs: 1141