[....] Starting enhanced syslogd: rsyslogd[   14.949387] audit: type=1400 audit(1519377562.747:5): avc:  denied  { syslog } for  pid=4058 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.666902] audit: type=1400 audit(1519377566.464:6): avc:  denied  { map } for  pid=4197 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.957542] audit: type=1400 audit(1519377572.755:7): avc:  denied  { map } for  pid=4211 comm="syzkaller357161" path="/root/syzkaller357161123" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.576505] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   25.924654] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   25.930760] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   25.967318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   26.003884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.010754] 
[   26.010756] =====================================
[   26.010757] WARNING: bad unlock balance detected!
[   26.010762] 4.16.0-rc2+ #238 Not tainted
[   26.010763] -------------------------------------
[   26.010766] kworker/0:2/1892 is trying to release lock (rcu_read_lock_bh) at:
[   26.010782] [<ffffffff84a358bb>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.010784] but there are no more locks to release!
[   26.010785] 
[   26.010785] other info that might help us debug this:
[   26.010788] 7 locks held by kworker/0:2/1892:
[   26.010790]  #0:  ((wq_completion)"events"){+.+.}, at: [<0000000046444781>] process_one_work+0xaaf/0x1af0
[   26.010804]  #1:  ((linkwatch_work).work){+.+.}, at: [<00000000378eb899>] process_one_work+0xb01/0x1af0
[   26.010814]  #2:  (rtnl_mutex){+.+.}, at: [<00000000770b76cd>] rtnl_lock+0x17/0x20
[   26.010826]  #3:  (console_lock){+.+.}, at: [<00000000228c3cdc>] vprintk_emit+0x5b5/0xb90
[   26.010836]  #4:  ((&idev->mc_ifc_timer)){+.-.}, at: [<0000000055289d28>] call_timer_fn+0x1c6/0x820
[   26.010847]  #5:  (rcu_read_lock){....}, at: [<00000000b8d6ab93>] mld_sendpack+0x180/0xe70
[   26.010857]  #6:  (rcu_read_lock){....}, at: [<0000000006c24dad>] nf_hook.constprop.37+0x0/0x830
[   26.010867] 
[   26.010867] stack backtrace:
[   26.010873] CPU: 0 PID: 1892 Comm: kworker/0:2 Not tainted 4.16.0-rc2+ #238
[   26.010875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.010883] Workqueue: events linkwatch_event
[   26.010886] Call Trace:
[   26.010888]  <IRQ>
[   26.010897]  dump_stack+0x194/0x24d
[   26.010904]  ? arch_local_irq_restore+0x53/0x53
[   26.010911]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.010919]  print_unlock_imbalance_bug+0x12f/0x140
[   26.010925]  lock_release+0x6fe/0xa40
[   26.010931]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   26.010937]  ? lock_downgrade+0x980/0x980
[   26.010942]  ? lock_release+0xa40/0xa40
[   26.010948]  ? __raw_spin_lock_init+0x1c/0x100
[   26.010954]  ? do_raw_spin_trylock+0x190/0x190
[   26.010963]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   26.010972]  ? dsthash_find+0x5b0/0x5b0
[   26.010978]  ? __lock_acquire+0x664/0x3e00
[   26.010983]  ? ret_from_fork+0x3a/0x50
[   26.010990]  ? memset+0x31/0x40
[   26.011009]  ? unwind_dump+0x4d0/0x4d0
[   26.011019]  ? __unwind_start+0x169/0x330
[   26.011033]  hashlimit_mt+0x78/0x90
[   26.011037]  ? hashlimit_mt+0x78/0x90
[   26.011045]  ip6t_do_table+0x98d/0x1a30
[   26.011056]  ? kmem_cache_alloc_trace+0x136/0x740
[   26.011062]  ? mld_sendpack+0x617/0xe70
[   26.011072]  ? ip6t_error+0x60/0x60
[   26.011078]  ? process_one_work+0xbbf/0x1af0
[   26.011085]  ? check_noncircular+0x20/0x20
[   26.011091]  ? lock_acquire+0x1d5/0x580
[   26.011096]  ? lock_acquire+0x1d5/0x580
[   26.011101]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.011110]  ? lock_release+0xa40/0xa40
[   26.011118]  ip6table_raw_hook+0x65/0x80
[   26.011125]  nf_hook_slow+0xba/0x1a0
[   26.011133]  nf_hook.constprop.37+0x3f6/0x830
[   26.011139]  ? igmp6_mcf_seq_next+0x660/0x660
[   26.011142]  ? trace_hardirqs_on+0xd/0x10
[   26.011149]  ? __local_bh_enable_ip+0x121/0x230
[   26.011156]  ? _raw_spin_unlock_bh+0x30/0x40
[   26.011162]  ? rt6_uncached_list_add+0x1b7/0x240
[   26.011166]  ? rt6_fill_node+0x18b0/0x18b0
[   26.011174]  ? icmp6_dst_alloc+0x475/0x660
[   26.011179]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   26.011183]  ? icmpv6_flow_init+0x1f6/0x270
[   26.011189]  mld_sendpack+0x6c2/0xe70
[   26.011195]  ? nf_hook.constprop.37+0x830/0x830
[   26.011200]  ? mark_held_locks+0xaf/0x100
[   26.011207]  ? trace_hardirqs_on+0xd/0x10
[   26.011211]  ? __local_bh_enable_ip+0x121/0x230
[   26.011217]  mld_ifc_timer_expire+0x3d9/0x770
[   26.011224]  call_timer_fn+0x228/0x820
[   26.011229]  ? mld_dad_timer_expire+0x100/0x100
[   26.011233]  ? process_timeout+0x40/0x40
[   26.011238]  ? __run_timers+0x7e3/0xb70
[   26.011243]  ? lock_downgrade+0x980/0x980
[   26.011250]  ? debug_object_deactivate+0x364/0x560
[   26.011254]  ? lock_release+0xa40/0xa40
[   26.011260]  ? mark_held_locks+0xaf/0x100
[   26.011266]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.011270]  ? mld_dad_timer_expire+0x100/0x100
[   26.011274]  ? mld_dad_timer_expire+0x100/0x100
[   26.011278]  __run_timers+0x7ee/0xb70
[   26.011286]  ? trigger_dyntick_cpu.isra.29+0x150/0x150
[   26.011291]  ? print_irqtrace_events+0x270/0x270
[   26.011296]  ? handle_irq_event_percpu+0x141/0x1b0
[   26.011299]  ? do_raw_spin_trylock+0x190/0x190
[   26.011303]  ? __handle_irq_event_percpu+0x9d0/0x9d0
[   26.011310]  ? rcu_idle_enter+0x530/0x530
[   26.011315]  ? _raw_spin_lock+0x32/0x40
[   26.011320]  ? _raw_spin_unlock+0x22/0x30
[   26.011326]  ? check_noncircular+0x20/0x20
[   26.011330]  ? retint_kernel+0x10/0x10
[   26.011335]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   26.011342]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.011348]  ? __lock_is_held+0xb6/0x140
[   26.011356]  run_timer_softirq+0x4c/0x70
[   26.011360]  __do_softirq+0x2d7/0xb85
[   26.011364]  ? ktime_get+0x26f/0x3a0
[   26.011371]  ? __irqentry_text_end+0x1f8ad4/0x1f8ad4
[   26.011377]  ? check_noncircular+0x20/0x20
[   26.011381]  ? native_apic_msr_write+0x5c/0x80
[   26.011386]  ? lapic_next_event+0x54/0x80
[   26.011392]  ? clockevents_program_event+0x108/0x2e0
[   26.011397]  ? tick_program_event+0x83/0x100
[   26.011402]  ? __lock_is_held+0xb6/0x140
[   26.011409]  irq_exit+0x1cc/0x200
[   26.011414]  smp_apic_timer_interrupt+0x16b/0x700
[   26.011418]  ? smp_reschedule_interrupt+0xe6/0x650
[   26.011423]  ? smp_call_function_single_interrupt+0x640/0x640
[   26.011427]  ? _raw_spin_lock+0x32/0x40
[   26.011432]  ? _raw_spin_unlock+0x22/0x30
[   26.011437]  ? handle_edge_irq+0x2b4/0x7c0
[   26.011442]  ? task_prio+0x50/0x50
[   26.011448]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.011454]  apic_timer_interrupt+0x8e/0xa0
[   26.011456]  </IRQ>
[   26.011462] RIP: 0010:console_unlock+0xb18/0xfb0
[   26.011464] RSP: 0018:ffff8801d2366a20 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[   26.011469] RAX: ffff8801d23040c0 RBX: 0000000000000200 RCX: ffffffff815a7a4f
[   26.011472] RDX: 0000000000000000 RSI: 1ffff1003a46093a RDI: 0000000000000293
[   26.011474] RBP: ffff8801d2366b88 R08: 1ffff1003a46cd12 R09: 0000000000000000
[   26.011476] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.011479] R13: 0000000000000000 R14: ffffffff83ba2660 R15: dffffc0000000000
[   26.011486]  ? netconsole_netdev_event+0x2b0/0x2b0
[   26.011492]  ? console_unlock+0xb0f/0xfb0
[   26.011501]  ? wake_up_klogd+0x100/0x100
[   26.011506]  ? parse_no_kvmclock+0x10/0x20
[   26.011513]  ? __down_trylock_console_sem+0xb9/0x1e0
[   26.011516]  ? vprintk_emit+0x5b5/0xb90
[   26.011520]  ? vprintk_emit+0x5b5/0xb90
[   26.011527]  ? __down_trylock_console_sem+0x10d/0x1e0
[   26.011531]  vprintk_emit+0x5c3/0xb90
[   26.011538]  ? console_unlock+0xfb0/0xfb0
[   26.011544]  ? __lock_acquire+0x664/0x3e00
[   26.011548]  ? print_irqtrace_events+0x270/0x270
[   26.011552]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.011557]  ? print_irqtrace_events+0x270/0x270
[   26.011563]  ? check_noncircular+0x20/0x20
[   26.011568]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.011572]  vprintk_default+0x28/0x30
[   26.011576]  vprintk_func+0x57/0xc0
[   26.011580]  printk+0xaa/0xca
[   26.011584]  ? show_regs_print_info+0x18/0x18
[   26.011592]  ? addrconf_notify+0x1f60/0x2310
[   26.011598]  addrconf_notify+0x1f6f/0x2310
[   26.011603]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   26.011610]  ? inet6_ifinfo_notify+0x130/0x130
[   26.011616]  ? check_noncircular+0x20/0x20
[   26.011622]  ? tun_device_event+0xce/0xf30
[   26.011629]  ? nfqnl_rcv_dev_event+0x9a/0x600
[   26.011633]  ? bond_netdev_event+0x131/0xb70
[   26.011638]  ? netdevice_event+0x133/0xe10
[   26.011642]  ? fib_sync_up+0x350/0x900
[   26.011647]  ? ip6mr_device_event+0x8c/0x340
[   26.011652]  ? igmp_netdev_event+0x87/0x760
[   26.011657]  ? mif6_delete+0x620/0x620
[   26.011664]  ? nft_do_chain_inet+0x740/0x740
[   26.011671]  ? ip_vs_dst_event+0x24c/0x650
[   26.011676]  ? rt_cache_flush+0xd/0x20
[   26.011682]  notifier_call_chain+0x136/0x2c0
[   26.011686]  ? notifier_call_chain+0x136/0x2c0
[   26.011692]  ? raw_notifier_chain_unregister+0x1b0/0x1b0
[   26.011699]  ? rtnl_is_locked+0x54/0xb0
[   26.011703]  ? rtnl_kfree_skbs+0x70/0x70
[   26.011708]  ? dev_activate+0x46c/0xb50
[   26.011713]  raw_notifier_call_chain+0x2d/0x40
[   26.011719]  call_netdevice_notifiers_info+0x32/0x70
[   26.011723]  netdev_state_change+0x11e/0x180
[   26.011727]  ? dev_valid_name+0x1b0/0x1b0
[   26.011731]  ? trace_hardirqs_on+0xd/0x10
[   26.011736]  ? _raw_write_unlock_bh+0x30/0x40
[   26.011741]  linkwatch_do_dev+0x8d/0xf0
[   26.011745]  ? linkwatch_do_dev+0x8d/0xf0
[   26.011750]  __linkwatch_run_queue+0x472/0x7b0
[   26.011756]  ? linkwatch_fire_event+0x330/0x330
[   26.011762]  ? find_held_lock+0x35/0x1d0
[   26.011767]  ? check_noncircular+0x20/0x20
[   26.011772]  ? debug_object_deactivate+0x364/0x560
[   26.011776]  ? lock_downgrade+0x980/0x980
[   26.011781]  ? lock_release+0xa40/0xa40
[   26.011786]  ? find_held_lock+0x35/0x1d0
[   26.011792]  ? check_noncircular+0x20/0x20
[   26.011801]  linkwatch_event+0x90/0xc0
[   26.011806]  ? __linkwatch_run_queue+0x7b0/0x7b0
[   26.011813]  process_one_work+0xbbf/0x1af0
[   26.011821]  ? pwq_dec_nr_in_flight+0x450/0x450
[   26.011828]  ? __schedule+0x90d/0x2070
[   26.011834]  ? __lock_acquire+0x664/0x3e00
[   26.011839]  ? __lock_is_held+0xb6/0x140
[   26.011844]  ? check_noncircular+0x20/0x20
[   26.011851]  ? check_noncircular+0x20/0x20
[   26.011858]  ? lock_acquire+0x1d5/0x580
[   26.011862]  ? lock_acquire+0x1d5/0x580
[   26.011866]  ? worker_thread+0x4a3/0x1990
[   26.011871]  ? lock_downgrade+0x980/0x980
[   26.011876]  ? lock_release+0xa40/0xa40
[   26.011880]  ? retint_kernel+0x10/0x10
[   26.011885]  ? do_raw_spin_trylock+0x190/0x190
[   26.011893]  worker_thread+0x223/0x1990
[   26.011896]  ? finish_task_switch+0x1c0/0x860
[   26.011906]  ? process_one_work+0x1af0/0x1af0
[   26.011911]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.011915]  ? trace_hardirqs_on+0xd/0x10
[   26.011919]  ? mmdrop+0x18/0x30
[   26.011923]  ? finish_task_switch+0x279/0x860
[   26.011928]  ? copy_overflow+0x20/0x20
[   26.011937]  ? __schedule+0x90d/0x2070
[   26.011944]  ? check_noncircular+0x20/0x20
[   26.011948]  ? find_held_lock+0x35/0x1d0
[   26.011954]  ? find_held_lock+0x35/0x1d0
[   26.011960]  ? find_held_lock+0x35/0x1d0
[   26.011966]  ? complete+0x62/0x80
[   26.011972]  ? __schedule+0x2070/0x2070
[   26.011978]  ? do_wait_intr_irq+0x3e0/0x3e0
[   26.011982]  ? __lockdep_init_map+0xe4/0x650
[   26.011986]  ? do_raw_spin_trylock+0x190/0x190
[   26.011991]  ? lockdep_init_map+0x9/0x10
[   26.011995]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   26.012000]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.012005]  ? trace_hardirqs_on+0xd/0x10
[   26.012011]  ? __kthread_parkme+0x175/0x240
[   26.012017]  kthread+0x33c/0x400