[....] Starting enhanced syslogd: rsyslogd[ 15.148978] audit: type=1400 audit(1519197013.905:5): avc: denied { syslog } for pid=3998 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.155343] audit: type=1400 audit(1519197016.912:6): avc: denied { map } for pid=4135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. [ 43.093566] audit: type=1400 audit(1519197041.850:7): avc: denied { map } for pid=4153 comm="syzkaller556422" path="/root/syzkaller556422526" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.101669] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 43.119508] audit: type=1400 audit(1519197041.850:8): avc: denied { sys_admin } for pid=4153 comm="syzkaller556422" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 43.149031] audit: type=1400 audit(1519197041.882:9): avc: denied { net_admin } for pid=4154 comm="syzkaller556422" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 43.289835] ip (4192) used greatest stack depth: 16912 bytes left [ 43.319396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 43.622919] audit: type=1400 audit(1519197042.379:10): avc: denied { sys_chroot } for pid=4154 comm="syzkaller556422" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 43.647626] audit: type=1400 audit(1519197042.381:11): avc: denied { net_raw } for pid=4154 comm="syzkaller556422" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 43.663092] [ 43.673511] ===================================== [ 43.678316] WARNING: bad unlock balance detected! [ 43.683122] 4.16.0-rc2+ #235 Not tainted [ 43.687145] ------------------------------------- [ 43.691955] kworker/0:2/1829 is trying to release lock (rcu_read_lock_bh) at: [ 43.699204] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 43.706179] but there are no more locks to release! [ 43.711157] [ 43.711157] other info that might help us debug this: [ 43.717789] 5 locks held by kworker/0:2/1829: [ 43.722252] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<000000001bbd4e19>] process_one_work+0xaaf/0x1af0 [ 43.733062] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<0000000090f99c1f>] process_one_work+0xb01/0x1af0 [ 43.744385] #2: (rtnl_mutex){+.+.}, at: [<000000008cad11d8>] rtnl_lock+0x17/0x20 [ 43.752062] #3: (rcu_read_lock){....}, at: [<0000000052959a09>] ndisc_send_skb+0x826/0x1370 [ 43.760699] #4: (rcu_read_lock){....}, at: [<000000003745d348>] nf_hook.constprop.27+0x0/0x830 [ 43.769589] [ 43.769589] stack backtrace: [ 43.774053] CPU: 0 PID: 1829 Comm: kworker/0:2 Not tainted 4.16.0-rc2+ #235 [ 43.781114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.790439] Workqueue: ipv6_addrconf addrconf_dad_work [ 43.795686] Call Trace: [ 43.798251] dump_stack+0x194/0x257 [ 43.801846] ? arch_local_irq_restore+0x53/0x53 [ 43.806490] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 43.811909] print_unlock_imbalance_bug+0x12f/0x140 [ 43.816983] lock_release+0x6fe/0xa40 [ 43.820755] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 43.826172] ? lock_downgrade+0x980/0x980 [ 43.830291] ? lock_release+0xa40/0xa40 [ 43.834262] ? __raw_spin_lock_init+0x1c/0x100 [ 43.838817] ? do_raw_spin_trylock+0x190/0x190 [ 43.843368] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 43.848615] ? dsthash_find+0x5b0/0x5b0 [ 43.852556] ? __lock_acquire+0x664/0x3e00 [ 43.856759] ? ret_from_fork+0x3a/0x50 [ 43.860615] ? print_irqtrace_events+0x270/0x270 [ 43.865338] ? __unwind_start+0x169/0x330 [ 43.869455] hashlimit_mt+0x78/0x90 [ 43.873048] ? hashlimit_mt+0x78/0x90 [ 43.876814] ip6t_do_table+0x98d/0x1a30 [ 43.880755] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 43.885912] ? ip6t_error+0x60/0x60 [ 43.889506] ? check_noncircular+0x20/0x20 [ 43.893720] ? lock_acquire+0x1d5/0x580 [ 43.897662] ? lock_acquire+0x1d5/0x580 [ 43.901604] ? pndisc_destructor+0x340/0x340 [ 43.905984] ? lock_release+0xa40/0xa40 [ 43.909930] ip6table_raw_hook+0x65/0x80 [ 43.913965] nf_hook_slow+0xba/0x1a0 [ 43.917654] nf_hook.constprop.27+0x3f6/0x830 [ 43.922118] ? pndisc_destructor+0x340/0x340 [ 43.926501] ? find_held_lock+0x35/0x1d0 [ 43.930533] ? lock_acquire+0x1d5/0x580 [ 43.934475] ? lock_acquire+0x1d5/0x580 [ 43.938419] ? ndisc_send_skb+0x826/0x1370 [ 43.942620] ? lock_downgrade+0x980/0x980 [ 43.946737] ? lock_release+0xa40/0xa40 [ 43.950681] ? ndisc_error_report+0x180/0x180 [ 43.955145] ndisc_send_skb+0xa51/0x1370 [ 43.959175] ? nf_hook.constprop.27+0x830/0x830 [ 43.963809] ? check_noncircular+0x20/0x20 [ 43.968010] ? refcount_add_not_zero+0x133/0x200 [ 43.972730] ? refcount_dec_if_one+0x20/0x20 [ 43.977108] ? print_irqtrace_events+0x270/0x270 [ 43.981834] ndisc_send_ns+0x38a/0x870 [ 43.985689] ? ndisc_netdev_event+0x4a0/0x4a0 [ 43.990149] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 43.995131] ? addrconf_dad_work+0xa5e/0x1320 [ 43.999593] addrconf_dad_work+0xb9e/0x1320 [ 44.003895] ? addrconf_dad_work+0xb9e/0x1320 [ 44.008359] ? addrconf_ifdown+0x14f0/0x14f0 [ 44.012737] ? __lock_is_held+0xb6/0x140 [ 44.016769] process_one_work+0xbbf/0x1af0 [ 44.020973] ? process_one_work+0xbbf/0x1af0 [ 44.025350] ? pwq_dec_nr_in_flight+0x450/0x450 [ 44.029989] ? __schedule+0x90d/0x2070 [ 44.033861] ? __lock_acquire+0x664/0x3e00 [ 44.038067] ? __lock_is_held+0xb6/0x140 [ 44.042096] ? check_noncircular+0x20/0x20 [ 44.046300] ? check_noncircular+0x20/0x20 [ 44.050505] ? lock_acquire+0x1d5/0x580 [ 44.054445] ? lock_acquire+0x1d5/0x580 [ 44.058386] ? worker_thread+0x4a3/0x1990 [ 44.062500] ? lock_downgrade+0x980/0x980 [ 44.066618] ? lock_release+0xa40/0xa40 [ 44.070560] ? retint_kernel+0x10/0x10 [ 44.074419] ? do_raw_spin_trylock+0x190/0x190 [ 44.078971] worker_thread+0x223/0x1990 [ 44.082916] ? finish_task_switch+0x1c0/0x860 [ 44.087386] ? process_one_work+0x1af0/0x1af0 [ 44.091854] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 44.096837] ? trace_hardirqs_on+0xd/0x10 [ 44.100953] ? mmdrop+0x18/0x30 [ 44.104202] ? finish_task_switch+0x279/0x860 [ 44.108665] ? copy_overflow+0x20/0x20 [ 44.112523] ? __schedule+0x90d/0x2070 [ 44.116377] ? check_noncircular+0x20/0x20 [ 44.120581] ? do_raw_spin_trylock+0x190/0x190 [ 44.125128] ? find_held_lock+0x35/0x1d0 [ 44.129156] ? find_held_lock+0x35/0x1d0 [ 44.133182] ? complete+0x62/0x80 [ 44.136602] ? __schedule+0x2070/0x2070 [ 44.140541] ? do_wait_intr_irq+0x3e0/0x3e0 [ 44.144829] ? __lockdep_init_map+0xe4/0x650 [ 44.149201] ? do_raw_spin_trylock+0x190/0x190 [ 44.153751] ? lockdep_init_map+0x9/0x10 [ 44.157782] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 44.162849] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 44.167833] ? trace_hardirqs_on+0xd/0x10 [ 44.171948] ? __kthread_parkme+0x17