[....] Starting enhanced syslogd: rsyslogd[ 16.545771] audit: type=1400 audit(1519179554.867:5): avc: denied { syslog } for pid=4018 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.077226] audit: type=1400 audit(1519179557.399:6): avc: denied { map } for pid=4155 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.345668] audit: type=1400 audit(1519179563.667:7): avc: denied { map } for pid=4169 comm="syzkaller216442" path="/root/syzkaller216442274" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.717363] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.036238] [ 26.037889] ===================================== [ 26.042696] WARNING: bad unlock balance detected! [ 26.047515] 4.16.0-rc2+ #323 Not tainted [ 26.051543] ------------------------------------- [ 26.056349] syzkaller216442/4169 is trying to release lock (rcu_read_lock_bh) at: [ 26.063945] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.070922] but there are no more locks to release! [ 26.075901] [ 26.075901] other info that might help us debug this: [ 26.082541] 5 locks held by syzkaller216442/4169: [ 26.087364] #0: (&xt[i].mutex){+.+.}, at: [<00000000801e7685>] xt_find_table_lock+0x3e/0x3e0 [ 26.096128] #1: (&mm->mmap_sem){++++}, at: [<00000000c12750ac>] __do_page_fault+0x32d/0xc90 [ 26.104803] #2: ((&idev->mc_ifc_timer)){+.-.}, at: [<000000005a0acd53>] call_timer_fn+0x1c6/0x820 [ 26.113992] #3: (rcu_read_lock){....}, at: [<00000000902072d7>] mld_sendpack+0x180/0xe70 [ 26.122386] #4: (rcu_read_lock){....}, at: [<000000007c5af173>] nf_hook.constprop.37+0x0/0x830 [ 26.131285] [ 26.131285] stack backtrace: [ 26.135752] CPU: 0 PID: 4169 Comm: syzkaller216442 Not tainted 4.16.0-rc2+ #323 [ 26.143164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.152484] Call Trace: [ 26.155039] [ 26.157164] dump_stack+0x194/0x257 [ 26.160761] ? arch_local_irq_restore+0x53/0x53 [ 26.165400] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.170821] print_unlock_imbalance_bug+0x12f/0x140 [ 26.175804] lock_release+0x6fe/0xa40 [ 26.179574] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.184998] ? lock_downgrade+0x980/0x980 [ 26.189120] ? lock_release+0xa40/0xa40 [ 26.193063] ? __raw_spin_lock_init+0x1c/0x100 [ 26.197613] ? do_raw_spin_trylock+0x190/0x190 [ 26.202165] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 26.207408] ? lock_downgrade+0x980/0x980 [ 26.211536] ? dsthash_find+0x5b0/0x5b0 [ 26.215480] ? __lock_acquire+0x664/0x3e00 [ 26.219681] ? is_bpf_text_address+0x7b/0x120 [ 26.224152] ? lock_downgrade+0x95a/0x980 [ 26.228279] ? rcutorture_record_progress+0x10/0x10 [ 26.233268] ? __kernel_text_address+0xd/0x40 [ 26.237731] ? unwind_get_return_address+0x61/0xa0 [ 26.242629] hashlimit_mt+0x78/0x90 [ 26.246225] ? hashlimit_mt+0x78/0x90 [ 26.249994] ip6t_do_table+0x98d/0x1a30 [ 26.253947] ? kmem_cache_alloc_trace+0x136/0x740 [ 26.258758] ? mld_sendpack+0x617/0xe70 [ 26.262705] ? ip6t_error+0x60/0x60 [ 26.266302] ? rawv6_setsockopt+0x4a/0xf0 [ 26.270429] ? check_noncircular+0x20/0x20 [ 26.274638] ? lock_acquire+0x1d5/0x580 [ 26.278579] ? lock_acquire+0x1d5/0x580 [ 26.282522] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.286986] ? lock_release+0xa40/0xa40 [ 26.290930] ip6table_raw_hook+0x65/0x80 [ 26.294959] nf_hook_slow+0xba/0x1a0 [ 26.298641] nf_hook.constprop.37+0x3f6/0x830 [ 26.303108] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.307570] ? trace_hardirqs_on+0xd/0x10 [ 26.311686] ? __local_bh_enable_ip+0x121/0x230 [ 26.316324] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.320700] ? rt6_uncached_list_add+0x1b7/0x240 [ 26.325424] ? rt6_fill_node+0x18b0/0x18b0 [ 26.329627] ? icmp6_dst_alloc+0x475/0x660 [ 26.333830] ? ip6_mc_leave_src+0x1d0/0x1d0 [ 26.338124] ? icmpv6_flow_init+0x1f6/0x270 [ 26.342412] mld_sendpack+0x6c2/0xe70 [ 26.346185] ? nf_hook.constprop.37+0x830/0x830 [ 26.350822] ? mark_held_locks+0xaf/0x100 [ 26.354939] ? trace_hardirqs_on+0xd/0x10 [ 26.359054] ? __local_bh_enable_ip+0x121/0x230 [ 26.363688] mld_ifc_timer_expire+0x3d9/0x770 [ 26.368154] call_timer_fn+0x228/0x820 [ 26.372012] ? mld_dad_timer_expire+0x100/0x100 [ 26.376656] ? process_timeout+0x40/0x40 [ 26.380686] ? __run_timers+0x7e3/0xb70 [ 26.384628] ? lock_downgrade+0x980/0x980 [ 26.388744] ? debug_object_deactivate+0x364/0x560 [ 26.393639] ? lock_release+0xa40/0xa40 [ 26.397582] ? mark_held_locks+0xaf/0x100 [ 26.401700] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.406683] ? mld_dad_timer_expire+0x100/0x100 [ 26.411326] ? mld_dad_timer_expire+0x100/0x100 [ 26.415963] __run_timers+0x7ee/0xb70 [ 26.419734] ? trigger_dyntick_cpu.isra.29+0x150/0x150 [ 26.424979] ? timerqueue_add+0x1e9/0x280 [ 26.429097] ? check_noncircular+0x20/0x20 [ 26.433301] ? enqueue_hrtimer+0x177/0x4b0 [ 26.437503] ? lock_release+0xa40/0xa40 [ 26.441446] ? retrigger_next_event+0x1e0/0x1e0 [ 26.446089] ? print_irqtrace_events+0x270/0x270 [ 26.450815] ? check_noncircular+0x20/0x20 [ 26.455024] ? clockevents_program_event+0x163/0x2e0 [ 26.460099] ? lock_downgrade+0x980/0x980 [ 26.464218] ? __lock_is_held+0xb6/0x140 [ 26.468248] run_timer_softirq+0x4c/0x70 [ 26.472280] __do_softirq+0x2d7/0xb85 [ 26.476051] ? ktime_get+0x26f/0x3a0 [ 26.479735] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4 [ 26.484808] ? check_noncircular+0x20/0x20 [ 26.489016] ? native_apic_msr_write+0x5c/0x80 [ 26.493573] ? lapic_next_event+0x54/0x80 [ 26.497688] ? clockevents_program_event+0x108/0x2e0 [ 26.502761] ? tick_program_event+0x83/0x100 [ 26.507137] ? __lock_is_held+0xb6/0x140 [ 26.511172] irq_exit+0x1cc/0x200 [ 26.514595] smp_apic_timer_interrupt+0x16b/0x700 [ 26.519406] ? smp_call_function_single_interrupt+0x640/0x640 [ 26.525257] ? _raw_spin_lock+0x32/0x40 [ 26.529201] ? _raw_spin_unlock+0x22/0x30 [ 26.533322] ? handle_edge_irq+0x2b4/0x7c0 [ 26.537526] ? task_prio+0x50/0x50 [ 26.541039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.545850] apic_timer_interrupt+0x8e/0xa0 [ 26.550138] [ 26.552347] RIP: 0010:___might_sleep+0x15/0x470 [ 26.556984] RSP: 0018:ffff8801b15e7030 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12 [ 26.564659] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff819dd382 [ 26.571897] RDX: 0000000000000000 RSI: 0000000000001205 RDI: ffffffff85f0dca0 [ 26.579134] RBP: ffff8801b15e7050 R08: 000000000002fc50 R09: 0000000000000000 [ 26.586371] R10: ffffffffffffffe8 R11: 0000000000000000 R12: ffffea0006e40000 [ 26.593610] R13: 0000000000000092 R14: 0000000000000049 R15: 00000000000001ea [ 26.600856] ? clear_huge_page+0x92/0x730 [ 26.604974] clear_huge_page+0xa5/0x730 [ 26.608917] ? __raw_spin_lock_init+0x2d/0x100 [ 26.613482] do_huge_pmd_anonymous_page+0x599/0x1b00 [ 26.618555] ? __thp_get_unmapped_area+0x130/0x130 [ 26.623453] ? __lock_acquire+0x664/0x3e00 [ 26.627654] ? __lock_acquire+0x664/0x3e00 [ 26.631856] ? kernel_text_address+0x102/0x140 [ 26.636416] ? __is_insn_slot_addr+0x1fc/0x330 [ 26.640972] ? lock_downgrade+0x980/0x980 [ 26.645095] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 26.650254] ? modules_open+0xa0/0xa0 [ 26.654028] ? trace_raw_output_xdp_redirect_map_err+0x440/0x440 [ 26.660144] ? is_bpf_text_address+0x7b/0x120 [ 26.664619] ? lock_downgrade+0x980/0x980 [ 26.668734] ? lock_release+0xa40/0xa40 [ 26.672677] ? __free_insn_slot+0x5c0/0x5c0 [ 26.676968] ? rcutorture_record_progress+0x10/0x10 [ 26.681961] ? is_bpf_text_address+0xa4/0x120 [ 26.686424] ? kernel_text_address+0x102/0x140 [ 26.690976] __handle_mm_fault+0x1a0c/0x3ce0 [ 26.695354] ? __pmd_alloc+0x4e0/0x4e0 [ 26.699207] ? check_noncircular+0x20/0x20 [ 26.703410] ? print_lockdep_cache.isra.32+0x109/0x109 [ 26.708657] ? find_held_lock+0x35/0x1d0 [ 26.712689] ? handle_mm_fault+0x270/0x970 [ 26.716890] ? lock_downgrade+0x980/0x980 [ 26.721015] handle_mm_fault+0x35c/0x970 [ 26.725049] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 26.729608] ? vmacache_find+0x5f/0x280 [ 26.733550] ? find_vma+0x30/0x150 [ 26.737066] __do_page_fault+0x5c9/0xc90 [ 26.741098] ? mm_fault_error+0x2c0/0x2c0 [ 26.745213] ? kfree+0xd9/0x260 [ 26.748461] ? xt_free_table_info+0x110/0x170 [ 26.752924] ? __do_replace+0x810/0xa70 [ 26.756865] ? check_noncircular+0x20/0x20 [ 26.761070] ? rawv6_setsockopt+0x4a/0xf0 [ 26.765186] ? sock_common_setsockopt+0x95/0xd0 [ 26.769822] do_page_fault+0xee/0x730 [ 26.773591] ? __do_page_fault+0xc90/0xc90 [ 26.777797] ? find_held_lock+0x35/0x1d0 [ 26.781827] ? __might_fault+0x110/0x1d0 [ 26.785860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.790676] page_fault+0x62/0x90 [ 26.794101] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 26.799689] RSP: 0018:ffff8801b15e79b8 EFLAGS: 00010206 [ 26.805025] RAX: fffff5200027b806 RBX: 0000000000000030 RCX: 0000000000000006 [ 26.812273] RDX: 0000000000000000 RSI: ffffc900013dc000 RDI: 0000000020849fd0 [ 26.819510] RBP: ffff8801b15e79e8 R08: 0000000000000000 R09: fffff5200027b806 [ 26.826748] R10: 0000000000000006 R11: fffff5200027b805 R12: 0000000020849fd0 [ 26.833993] R13: ffffc900013dc000 R14: 00007ffffffff000 R15: 000000002084a000 [ 26.841242] ? _copy_to_user+0x9b/0xc0 [ 26.845099] __do_replace+0x840/0xa70 [ 26.848871] ? compat_table_info+0x4a0/0x4a0 [ 26.853249] ? kasan_check_write+0x14/0x20 [ 26.857850] ? _copy_from_user+0x99/0x110 [ 26.861966] do_ip6t_set_ctl+0x40f/0x5f0 [ 26.865996] ? translate_compat_table+0x1c50/0x1c50 [ 26.870987] ? mutex_unlock+0xd/0x10 [ 26.874672] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 26.879917] nf_setsockopt+0x67/0xc0 [ 26.883600] ipv6_setsockopt+0x10b/0x130 [ 26.887628] rawv6_setsockopt+0x4a/0xf0 [ 26.891571] sock_common_setsockopt+0x95/0xd0 [ 26.896039] SyS_setsockopt+0x189/0x360 [ 26.899989] ? SyS_recv+0x40/0x40 [ 26.903414] ? mm_fault_error+0x2c0/0x2c0 [ 26.907529] ? move_addr_to_kernel+0x60/0x60 [ 26.911907] ? do_syscall_64+0xb6/0x940 [ 26.915850] ? SyS_recv+0x40/0x40 [ 26.919270] do_syscall_64+0x280/0x940 [ 26.923127] ? __do_page_fault+0xc90/0xc90 [ 26.927329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.932059] ? syscall_return_slowpath+0x550/0x550 [ 26.936956] ? syscall_return_slowpath+0x2ac/0x550 [ 26.941852] ? prepare_exit_to_usermode+0x350/0x350 [ 26.946835] ? retint_user+0x18/0x18 [ 26.950528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.955342] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.960506] RIP: 0033:0x44ca19 [ 26.963663] RSP: 002b:00007ffe05efab38 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 26.971337] RAX: ffffffffffffffda RBX: 00000000004ae824 RCX: 000000000044ca19 [ 26.978575] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 26.985812] RBP: 00007ffe05efabd8 R08: 00000000000