[....] Starting enhanced syslogd: rsyslogd[ 16.537347] audit: type=1400 audit(1519157012.747:5): avc: denied { syslog } for pid=4019 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.309742] audit: type=1400 audit(1519157015.519:6): avc: denied { map } for pid=4158 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. [ 25.626802] audit: type=1400 audit(1519157021.836:7): avc: denied { map } for pid=4172 comm="syzkaller281926" path="/root/syzkaller281926584" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.638751] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.652759] audit: type=1400 audit(1519157021.836:8): avc: denied { sys_admin } for pid=4172 comm="syzkaller281926" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.686482] audit: type=1400 audit(1519157021.896:9): avc: denied { net_admin } for pid=4173 comm="syzkaller281926" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.895978] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.240381] audit: type=1400 audit(1519157022.450:10): avc: denied { sys_chroot } for pid=4173 comm="syzkaller281926" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.265240] audit: type=1400 audit(1519157022.450:11): avc: denied { net_raw } for pid=4173 comm="syzkaller281926" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.303348] [ 26.305023] ===================================== [ 26.309858] WARNING: bad unlock balance detected! [ 26.314682] 4.16.0-rc2+ #234 Not tainted [ 26.318707] ------------------------------------- [ 26.323531] kworker/0:2/1827 is trying to release lock (rcu_read_lock_bh) at: [ 26.330791] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.337790] but there are no more locks to release! [ 26.342772] [ 26.342772] other info that might help us debug this: [ 26.349445] 5 locks held by kworker/0:2/1827: [ 26.353904] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<00000000573b566c>] process_one_work+0xaaf/0x1af0 [ 26.364722] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<0000000032c77a6a>] process_one_work+0xb01/0x1af0 [ 26.376050] #2: (rtnl_mutex){+.+.}, at: [<00000000cd02068e>] rtnl_lock+0x17/0x20 [ 26.383739] #3: (rcu_read_lock){....}, at: [<00000000f51812bf>] ndisc_send_skb+0x826/0x1370 [ 26.392380] #4: (rcu_read_lock){....}, at: [<00000000f0e99397>] nf_hook.constprop.27+0x0/0x830 [ 26.401277] [ 26.401277] stack backtrace: [ 26.405742] CPU: 0 PID: 1827 Comm: kworker/0:2 Not tainted 4.16.0-rc2+ #234 [ 26.412810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.422146] Workqueue: ipv6_addrconf addrconf_dad_work [ 26.427393] Call Trace: [ 26.429955] dump_stack+0x194/0x257 [ 26.433549] ? arch_local_irq_restore+0x53/0x53 [ 26.438193] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.443614] print_unlock_imbalance_bug+0x12f/0x140 [ 26.448598] lock_release+0x6fe/0xa40 [ 26.452367] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.457785] ? lock_downgrade+0x980/0x980 [ 26.461899] ? lock_release+0xa40/0xa40 [ 26.465841] ? __raw_spin_lock_init+0x1c/0x100 [ 26.470390] ? do_raw_spin_trylock+0x190/0x190 [ 26.474949] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 26.480211] ? dsthash_find+0x5b0/0x5b0 [ 26.484160] ? __lock_acquire+0x664/0x3e00 [ 26.488366] ? ret_from_fork+0x3a/0x50 [ 26.492233] ? print_irqtrace_events+0x270/0x270 [ 26.496960] ? __unwind_start+0x169/0x330 [ 26.501085] hashlimit_mt+0x78/0x90 [ 26.504681] ? hashlimit_mt+0x78/0x90 [ 26.508450] ip6t_do_table+0x98d/0x1a30 [ 26.512396] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.517643] ? ip6t_error+0x60/0x60 [ 26.521243] ? check_noncircular+0x20/0x20 [ 26.525449] ? lock_acquire+0x1d5/0x580 [ 26.529395] ? lock_acquire+0x1d5/0x580 [ 26.533339] ? pndisc_destructor+0x340/0x340 [ 26.537715] ? lock_release+0xa40/0xa40 [ 26.541660] ip6table_raw_hook+0x65/0x80 [ 26.545695] nf_hook_slow+0xba/0x1a0 [ 26.549381] nf_hook.constprop.27+0x3f6/0x830 [ 26.553845] ? pndisc_destructor+0x340/0x340 [ 26.558223] ? find_held_lock+0x35/0x1d0 [ 26.562253] ? lock_acquire+0x1d5/0x580 [ 26.566197] ? lock_acquire+0x1d5/0x580 [ 26.570148] ? ndisc_send_skb+0x826/0x1370 [ 26.574355] ? lock_downgrade+0x980/0x980 [ 26.578473] ? lock_release+0xa40/0xa40 [ 26.582416] ? ndisc_error_report+0x180/0x180 [ 26.586880] ndisc_send_skb+0xa51/0x1370 [ 26.590915] ? nf_hook.constprop.27+0x830/0x830 [ 26.595552] ? check_noncircular+0x20/0x20 [ 26.599757] ? refcount_add_not_zero+0x133/0x200 [ 26.604490] ? refcount_dec_if_one+0x20/0x20 [ 26.608869] ? print_irqtrace_events+0x270/0x270 [ 26.613596] ndisc_send_ns+0x38a/0x870 [ 26.617452] ? ndisc_netdev_event+0x4a0/0x4a0 [ 26.621916] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.626914] ? addrconf_dad_work+0xa5e/0x1320 [ 26.631378] addrconf_dad_work+0xb9e/0x1320 [ 26.635667] ? addrconf_dad_work+0xb9e/0x1320 [ 26.640133] ? addrconf_ifdown+0x14f0/0x14f0 [ 26.644509] ? __lock_is_held+0xb6/0x140 [ 26.648542] process_one_work+0xbbf/0x1af0 [ 26.652745] ? process_one_work+0xbbf/0x1af0 [ 26.657126] ? pwq_dec_nr_in_flight+0x450/0x450 [ 26.661769] ? __schedule+0x90d/0x2070 [ 26.665629] ? __lock_acquire+0x664/0x3e00 [ 26.669846] ? check_noncircular+0x20/0x20 [ 26.674053] ? check_noncircular+0x20/0x20 [ 26.678271] ? lock_acquire+0x1d5/0x580 [ 26.682216] ? lock_acquire+0x1d5/0x580 [ 26.686165] ? worker_thread+0x4a3/0x1990 [ 26.690284] ? lock_downgrade+0x980/0x980 [ 26.694401] ? lock_release+0xa40/0xa40 [ 26.698360] ? check_noncircular+0x20/0x20 [ 26.702565] ? do_raw_spin_trylock+0x190/0x190 [ 26.707293] worker_thread+0x223/0x1990 [ 26.711238] ? finish_task_switch+0x1c0/0x860 [ 26.715707] ? process_one_work+0x1af0/0x1af0 [ 26.720175] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.725164] ? trace_hardirqs_on+0xd/0x10 [ 26.729280] ? mmdrop+0x18/0x30 [ 26.732528] ? finish_task_switch+0x279/0x860 [ 26.736994] ? copy_overflow+0x20/0x20 [ 26.740860] ? __schedule+0x90d/0x2070 [ 26.744721] ? check_noncircular+0x20/0x20 [ 26.748926] ? find_held_lock+0x35/0x1d0 [ 26.752960] ? find_held_lock+0x35/0x1d0 [ 26.757010] ? find_held_lock+0x35/0x1d0 [ 26.761043] ? complete+0x62/0x80 [ 26.764468] ? __schedule+0x2070/0x2070 [ 26.768415] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.772703] ? __lockdep_init_map+0xe4/0x650 [ 26.777083] ? do_raw_spin_trylock+0x190/0x190 [ 26.781637] ? lockdep_init_map+0x9/0x10 [ 26.785667] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 26.790738] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.795724] ? trace_hardirqs_on+0xd/0x10 [ 26.799853] ? __kthread_parkme+0x175/0x240 [ 26.804146] kt