[....] Starting enhanced syslogd: rsyslogd[   15.741055] audit: type=1400 audit(1519083578.403:5): avc:  denied  { syslog } for  pid=3997 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.055462] audit: type=1400 audit(1519083581.718:6): avc:  denied  { map } for  pid=4137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
[   25.267680] audit: type=1400 audit(1519083587.930:7): avc:  denied  { map } for  pid=4151 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/19 23:39:48 parsed 1 programs
2018/02/19 23:39:48 executed programs: 0
[   25.531760] audit: type=1400 audit(1519083588.194:8): avc:  denied  { map } for  pid=4151 comm="syz-execprog" path="/root/syzkaller-shm289719666" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.545583] IPVS: ftp: loaded support on port[0] = 21
[   25.765561] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   26.337256] 
[   26.338900] =====================================
[   26.343710] WARNING: bad unlock balance detected!
[   26.348531] 4.16.0-rc1+ #232 Not tainted
[   26.352567] -------------------------------------
[   26.357376] syz-executor0/4300 is trying to release lock (rcu_read_lock_bh) at:
[   26.364804] [<ffffffff8478b78b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.371789] but there are no more locks to release!
[   26.376771] 
[   26.376771] other info that might help us debug this:
[   26.383408] 3 locks held by syz-executor0/4300:
[   26.388053]  #0:  ((&idev->mc_dad_timer)){+.-.}, at: [<00000000c5f05dd6>] call_timer_fn+0x1c6/0x820
[   26.397220]  #1:  (rcu_read_lock){....}, at: [<00000000852b6915>] mld_sendpack+0x180/0xe70
[   26.405598]  #2:  (rcu_read_lock){....}, at: [<000000005ae80585>] nf_hook.constprop.37+0x0/0x830
[   26.414495] 
[   26.414495] stack backtrace:
[   26.418962] CPU: 1 PID: 4300 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #232
[   26.426215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.435539] Call Trace:
[   26.438094]  <IRQ>
[   26.440217]  dump_stack+0x194/0x257
[   26.443816]  ? arch_local_irq_restore+0x53/0x53
[   26.448454]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.453874]  print_unlock_imbalance_bug+0x12f/0x140
[   26.458858]  lock_release+0x6fe/0xa40
[   26.462627]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.468047]  ? lock_downgrade+0x980/0x980
[   26.472166]  ? lock_release+0xa40/0xa40
[   26.476108]  ? __raw_spin_lock_init+0x1c/0x100
[   26.480657]  ? do_raw_spin_trylock+0x190/0x190
[   26.485208]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   26.490458]  ? dsthash_find+0x5b0/0x5b0
[   26.494401]  ? __lock_acquire+0x664/0x3e00
[   26.498603]  ? is_bpf_text_address+0x7b/0x120
[   26.503069]  ? lock_downgrade+0x980/0x980
[   26.507189]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.512350]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.517508]  ? is_bpf_text_address+0xa4/0x120
[   26.521972]  ? __kernel_text_address+0xd/0x40
[   26.526441]  ? unwind_get_return_address+0x61/0xa0
[   26.531340]  hashlimit_mt+0x78/0x90
[   26.534938]  ? hashlimit_mt+0x78/0x90
[   26.538706]  ip6t_do_table+0x98d/0x1a30
[   26.542650]  ? kmem_cache_alloc_trace+0x136/0x740
[   26.547464]  ? mld_sendpack+0x617/0xe70
[   26.551419]  ? ip6t_error+0x60/0x60
[   26.555019]  ? exit_mmap+0x23a/0x500
[   26.558709]  ? check_noncircular+0x20/0x20
[   26.562910]  ? lock_acquire+0x1d5/0x580
[   26.566853]  ? lock_acquire+0x1d5/0x580
[   26.570796]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.575260]  ? lock_release+0xa40/0xa40
[   26.579205]  ip6table_raw_hook+0x65/0x80
[   26.583237]  nf_hook_slow+0xba/0x1a0
[   26.586919]  nf_hook.constprop.37+0x3f6/0x830
[   26.591385]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.595851]  ? trace_hardirqs_on+0xd/0x10
[   26.599967]  ? __local_bh_enable_ip+0x121/0x230
[   26.604606]  ? _raw_spin_unlock_bh+0x30/0x40
[   26.608983]  ? rt6_uncached_list_add+0x1b7/0x240
[   26.613713]  ? rt6_fill_node+0x18b0/0x18b0
[   26.617916]  ? icmp6_dst_alloc+0x475/0x660
[   26.622122]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   26.626411]  ? icmpv6_flow_init+0x1f6/0x270
[   26.630703]  mld_sendpack+0x6c2/0xe70
[   26.634474]  ? nf_hook.constprop.37+0x830/0x830
[   26.639115]  ? mark_held_locks+0xaf/0x100
[   26.643236]  ? trace_hardirqs_on+0xd/0x10
[   26.647354]  ? __local_bh_enable_ip+0x121/0x230
[   26.651995]  mld_send_initial_cr.part.25+0x103/0x150
[   26.657073]  mld_dad_timer_expire+0x31/0x100
[   26.661453]  call_timer_fn+0x228/0x820
[   26.665309]  ? mld_send_initial_cr.part.25+0x150/0x150
[   26.670553]  ? process_timeout+0x40/0x40
[   26.674597]  ? __run_timers+0x7e3/0xb70
[   26.678542]  ? lock_downgrade+0x980/0x980
[   26.682658]  ? debug_object_deactivate+0x364/0x560
[   26.687554]  ? lock_release+0xa40/0xa40
[   26.691498]  ? do_raw_spin_trylock+0x190/0x190
[   26.696050]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.701038]  ? mld_send_initial_cr.part.25+0x150/0x150
[   26.706281]  ? mld_send_initial_cr.part.25+0x150/0x150
[   26.711528]  __run_timers+0x7ee/0xb70
[   26.715302]  ? trigger_dyntick_cpu.isra.29+0x150/0x150
[   26.720551]  ? timerqueue_add+0x1e9/0x280
[   26.724671]  ? check_noncircular+0x20/0x20
[   26.728876]  ? enqueue_hrtimer+0x177/0x4b0
[   26.733078]  ? lock_release+0xa40/0xa40
[   26.737030]  ? retrigger_next_event+0x1e0/0x1e0
[   26.741669]  ? find_held_lock+0x35/0x1d0
[   26.745701]  ? clockevents_program_event+0x163/0x2e0
[   26.750777]  ? lock_downgrade+0x980/0x980
[   26.754897]  ? rcu_pm_notify+0xc0/0xc0
[   26.758754]  run_timer_softirq+0x4c/0x70
[   26.762789]  __do_softirq+0x2d7/0xb85
[   26.766557]  ? ktime_get+0x26f/0x3a0
[   26.770243]  ? __irqentry_text_end+0x1f8ee4/0x1f8ee4
[   26.775316]  ? do_timer+0x50/0x50
[   26.778738]  ? native_apic_msr_write+0x5c/0x80
[   26.783290]  ? lapic_next_event+0x54/0x80
[   26.787406]  ? clockevents_program_event+0x108/0x2e0
[   26.792478]  ? tick_program_event+0x83/0x100
[   26.796859]  ? rcu_pm_notify+0xc0/0xc0
[   26.800721]  irq_exit+0x1cc/0x200
[   26.804142]  smp_apic_timer_interrupt+0x16b/0x700
[   26.808952]  ? smp_reschedule_interrupt+0xe6/0x650
[   26.813850]  ? smp_call_function_single_interrupt+0x640/0x640
[   26.819705]  ? _raw_spin_lock+0x32/0x40
[   26.823651]  ? _raw_spin_unlock+0x22/0x30
[   26.827766]  ? handle_edge_irq+0x2b4/0x7c0
[   26.831973]  ? task_prio+0x50/0x50
[   26.835493]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.840307]  apic_timer_interrupt+0xa9/0xb0
[   26.844593]  </IRQ>
[   26.846801] RIP: 0010:_raw_spin_unlock_irqrestore+0x5e/0xba
[   26.852478] RSP: 0018:ffff8801b2595f50 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff12
[   26.860153] RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000000
[   26.867393] RDX: 1ffffffff0d592cd RSI: 0000000000000001 RDI: 0000000000000282
[   26.874631] RBP: ffff8801b2595f60 R08: 0000000000000000 R09: 0000000000000000
[   26.881869] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff881bdb88
[   26.889108] R13: ffff8801b2596118 R14: 0000000000000000 R15: dffffc0000000000
[   26.896360]  debug_check_no_obj_freed+0x3da/0xf1f
[   26.901171]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.906329]  ? find_held_lock+0x35/0x1d0
[   26.910357]  ? free_obj_work+0x690/0x690
[   26.914386]  ? __free_pages_ok+0x12b5/0x31e0
[   26.918769]  ? lock_downgrade+0x980/0x980
[   26.922885]  ? lock_release+0xa40/0xa40
[   26.926827]  ? lock_release+0xa40/0xa40
[   26.930773]  ? __free_pages_ok+0x74d/0x31e0
[   26.935066]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.940070]  __free_pages_ok+0x765/0x31e0
[   26.944202]  ? check_noncircular+0x20/0x20
[   26.948413]  ? drain_local_pages_wq+0x20/0x20
[   26.952878]  ? find_held_lock+0x35/0x1d0
[   26.956909]  ? __mem_cgroup_threshold+0x2d2/0x8f0
[   26.961721]  ? lock_downgrade+0x980/0x980
[   26.965840]  ? lock_release+0xa40/0xa40
[   26.969786]  ? print_irqtrace_events+0x270/0x270
[   26.974513]  ? __mem_cgroup_threshold+0x2f1/0x8f0
[   26.979327]  ? print_irqtrace_events+0x270/0x270
[   26.984053]  ? mem_cgroup_usage.part.60+0x370/0x370
[   26.989038]  ? uncharge_batch+0xa70/0xa70
[   26.993157]  ? __lock_acquire+0x664/0x3e00
[   26.997360]  ? print_irqtrace_events+0x270/0x270
[   27.002087]  ? trace_hardirqs_on+0xd/0x10
[   27.006207]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.011365]  ? memcg_check_events+0x167/0x5d0
[   27.015840]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   27.020661]  ? uncharge_batch+0x556/0xa70
[   27.024781]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.029769]  ? trace_hardirqs_on+0xd/0x10
[   27.033886]  ? mem_cgroup_uncharge+0xce/0xe0
[   27.038262]  ? mem_cgroup_cancel_charge+0x170/0x170
[   27.043248]  ? check_noncircular+0x20/0x20
[   27.047451]  ? trace_hardirqs_on+0xd/0x10
[   27.051567]  ? __page_cache_release+0x761/0xd30
[   27.056208]  ? find_held_lock+0x35/0x1d0
[   27.060240]  ? free_transhuge_page+0x2ca/0x430
[   27.064790]  ? lock_downgrade+0x980/0x980
[   27.068905]  ? lock_release+0xa40/0xa40
[   27.072851]  ? do_raw_spin_trylock+0x190/0x190
[   27.077403]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   27.082473]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.087458]  free_compound_page+0x5c/0x70
[   27.091574]  free_transhuge_page+0x2d2/0x430
[   27.095952]  ? lock_downgrade+0x980/0x980
[   27.100070]  ? split_huge_pages_set+0x6d0/0x6d0
[   27.104709]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.109865]  ? lock_downgrade+0x980/0x980
[   27.113980]  ? do_raw_spin_trylock+0x190/0x190
[   27.118529]  ? lock_release+0xa40/0xa40
[   27.122473]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   27.127545]  __put_compound_page+0x88/0xc0
[   27.131747]  release_pages+0x64b/0x1230
[   27.135696]  ? __put_compound_page+0xc0/0xc0
[   27.140073]  ? check_noncircular+0x20/0x20
[   27.144276]  ? check_noncircular+0x20/0x20
[   27.148481]  ? print_irqtrace_events+0x270/0x270
[   27.153209]  ? reacquire_held_locks+0x1f9/0x3e0
[   27.157851]  ? reacquire_held_locks+0x1f9/0x3e0
[   27.162490]  ? find_held_lock+0x35/0x1d0
[   27.166522]  ? check_noncircular+0x20/0x20
[   27.170730]  ? __unlock_page_memcg+0x53/0x100
[   27.175196]  ? lock_acquire+0x1d5/0x580
[   27.179146]  ? lock_acquire+0x1d5/0x580
[   27.183098]  ? find_held_lock+0x35/0x1d0
[   27.187129]  ? __unlock_page_memcg+0x53/0x100
[   27.191590]  ? lock_downgrade+0x980/0x980
[   27.195711]  ? unlock_page_memcg+0x2c/0x40
[   27.199914]  ? __set_page_dirty_buffers+0x20c/0x390
[   27.204899]  ? PageHuge+0x15c/0x270
[   27.208494]  ? prep_compound_gigantic_page+0x440/0x440
[   27.213747]  ? page_mapping+0x382/0x530
[   27.217705]  ? __mem_cgroup_largest_soft_limit_node+0x780/0x780
[   27.223730]  ? kstrndup+0xd0/0xd0
[   27.227155]  ? __unlock_page_memcg+0x72/0x100
[   27.231625]  ? unlock_page_memcg+0x2c/0x40
[   27.235828]  ? page_remove_rmap+0x191/0xeb0
[   27.240120]  ? check_noncircular+0x20/0x20
[   27.244327]  ? lru_add_drain_cpu+0x18d/0x4a0
[   27.248703]  free_pages_and_swap_cache+0x2ad/0x400
[   27.253604]  ? free_page_and_swap_cache+0x620/0x620
[   27.258590]  ? unmap_page_range+0x1812/0x22e0
[   27.263056]  ? lock_downgrade+0x980/0x980
[   27.267176]  ? flush_tlb_mm_range+0x1b3/0x520
[   27.271642]  ? lock_release+0xa40/0xa40
[   27.275586]  ? native_flush_tlb_others+0x710/0x710
[   27.280485]  ? do_raw_spin_trylock+0x190/0x190
[   27.285038]  ? trace_event_raw_event_sched_switch+0x810/0x810
[   27.290900]  tlb_flush_mmu_free+0xb4/0x160
[   27.295106]  unmap_page_range+0x181e/0x22e0
[   27.299401]  ? vm_normal_page_pmd+0x2c0/0x2c0
[   27.303873]  ? __free_insn_slot+0x5c0/0x5c0
[   27.308165]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.313327]  ? rcutorture_record_progress+0x10/0x10
[   27.318312]  ? is_bpf_text_address+0xa4/0x120
[   27.322778]  ? kernel_text_address+0x102/0x140
[   27.327327]  ? __kernel_text_address+0xd/0x40
[   27.331793]  ? unwind_get_return_address+0x61/0xa0
[   27.336692]  ? __save_stack_trace+0x7e/0xd0
[   27.340989]  ? save_stack+0x43/0xd0
[   27.344587]  ? __kasan_slab_free+0x11a/0x170
[   27.348961]  ? kasan_slab_free+0xe/0x10
[   27.352902]  ? kmem_cache_free+0x83/0x2a0
[   27.357021]  ? mmput+0x54a/0x6c0
[   27.360361]  ? do_exit+0x90a/0x1ad0
[   27.363956]  ? do_group_exit+0x149/0x400
[   27.368039]  ? SyS_exit_group+0x1d/0x20
[   27.371988]  ? do_syscall_64+0x282/0x940
[   27.376023]  ? entry_SYSCALL_64_after_hwframe+0x26/0x9b
[   27.381360]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   27.386347]  ? uprobe_munmap+0x127/0x430
[   27.390377]  ? uprobe_mmap+0xc90/0xc90
[   27.394236]  ? __khugepaged_exit+0x3f7/0x640
[   27.398615]  unmap_single_vma+0x15f/0x2d0
[   27.402733]  unmap_vmas+0xf1/0x1b0
[   27.406245]  exit_mmap+0x23a/0x500
[   27.409755]  ? SyS_munmap+0x30/0x30
[   27.413359]  ? __khugepaged_exit+0x42f/0x640
[   27.417739]  ? __might_sleep+0x95/0x190
[   27.421702]  mmput+0x223/0x6c0
[   27.424863]  ? get_task_exe_file+0xc0/0xc0
[   27.429067]  ? is_current_pgrp_orphaned+0xa0/0xa0
[   27.433876]  ? do_exit+0x8fa/0x1ad0
[   27.437474]  ? lock_downgrade+0x980/0x980
[   27.441591]  ? mark_held_locks+0xaf/0x100
[   27.445709]  ? do_raw_spin_trylock+0x190/0x190
[   27.450258]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.455241]  ? trace_hardirqs_on+0xd/0x10
[   27.459356]  do_exit+0x90a/0x1ad0
[   27.462778]  ? trace_hardirqs_on+0xd/0x10
[   27.466895]  ? mm_update_next_owner+0x930/0x930
[   27.471534]  ? mutex_unlock+0xd/0x10
[   27.475215]  ? xt_table_unlock+0x52/0x60
[   27.479247]  ? __do_replace+0x200/0xa70
[   27.483191]  ? compat_table_info+0x4a0/0x4a0
[   27.487569]  ? kasan_check_write+0x14/0x20
[   27.491773]  ? _copy_from_user+0x99/0x110
[   27.495889]  ? do_ip6t_set_ctl+0x104/0x5f0
[   27.500092]  ? free_modinfo_version+0x70/0x70
[   27.504556]  ? translate_compat_table+0x1c50/0x1c50
[   27.509542]  ? mutex_unlock+0xd/0x10
[   27.513227]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
[   27.518470]  ? nf_setsockopt+0x93/0xc0
[   27.522328]  ? ipv6_setsockopt+0xa8/0x130
[   27.526444]  ? rawv6_setsockopt+0x51/0xf0
[   27.530561]  ? SyS_futex+0x269/0x390
[   27.534243]  ? SyS_setsockopt+0x215/0x360
[   27.538362]  do_group_exit+0x149/0x400
[   27.542219]  ? do_futex+0x22a0/0x22a0
[   27.545987]  ? SyS_exit+0x30/0x30
[   27.549417]  ? move_addr_to_kernel+0x60/0x60
[   27.553793]  ? do_syscall_64+0xb7/0x940
[   27.557734]  ? do_group_exit+0x400/0x400
[   27.561767]  SyS_exit_group+0x1d/0x20
[   27.565534]  do_syscall_64+0x282/0x940
[   27.569389]  ? __do_page_fault+0xc90/0xc90
[   27.573592]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.578315]  ? syscall_return_slowpath+0x550/0x550
[   27.583215]  ? syscall_return_slowpath+0x2ac/0x550
[   27.588114]  ? prepare_exit_to_usermode+0x350/0x350
[   27.593099]  ? entry_SYSCALL_64_after_hwframe+0x36/0x9b
[   27.598430]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.603240]  entry_SYSCALL_64_after_hwframe+0x26/0x9b
[   27.608399] RIP: 0033:0x453da9
[   27.611558] RSP: 002b:00007fff341f1088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   27.619233] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 0000000000453da9
[   27.626473] RDX: 00000000000004d5 RSI: 0000000000735638 RDI: 0000000000000000
[   27.633713] RBP: 00007fff341f1760 R08: 0000000000000000 R09: 0000000000000003
[   27.640949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   27.648189] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000001380
2018/02/19 23:39:53 executed programs: 435
2018/02/19 23:39:58 executed programs: 1129