[....] Starting enhanced syslogd: rsyslogd[ 15.765039] audit: type=1400 audit(1519133441.981:5): avc: denied { syslog } for pid=3959 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.068122] audit: type=1400 audit(1519133459.284:6): avc: denied { map } for pid=4103 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. executing program [ 39.138157] audit: type=1400 audit(1519133465.354:7): avc: denied { map } for pid=4116 comm="syzkaller243518" path="/root/syzkaller243518916" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.164366] [ 39.165998] ===================================== [ 39.170807] WARNING: bad unlock balance detected! [ 39.175621] 4.16.0-rc2+ #234 Not tainted [ 39.179653] ------------------------------------- [ 39.184463] syzkaller243518/4116 is trying to release lock (rcu_read_lock_bh) at: [ 39.192063] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.199041] but there are no more locks to release! [ 39.204022] [ 39.204022] other info that might help us debug this: [ 39.210666] 3 locks held by syzkaller243518/4116: [ 39.215472] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000022a8e3fb>] inet_stream_connect+0x44/0xa0 [ 39.224555] #1: (rcu_read_lock){....}, at: [<000000009f9b4d79>] inet6_csk_xmit+0x114/0x580 [ 39.233107] #2: (rcu_read_lock){....}, at: [<00000000f3656805>] ip6_xmit+0xe9d/0x2260 [ 39.241229] [ 39.241229] stack backtrace: [ 39.245698] CPU: 0 PID: 4116 Comm: syzkaller243518 Not tainted 4.16.0-rc2+ #234 [ 39.253110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.262433] Call Trace: [ 39.264991] dump_stack+0x194/0x257 [ 39.268588] ? arch_local_irq_restore+0x53/0x53 [ 39.273225] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.278650] print_unlock_imbalance_bug+0x12f/0x140 [ 39.283640] lock_release+0x6fe/0xa40 [ 39.287410] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 39.292828] ? lock_downgrade+0x980/0x980 [ 39.296945] ? lock_release+0xa40/0xa40 [ 39.300888] ? __raw_spin_lock_init+0x1c/0x100 [ 39.305435] ? do_raw_spin_trylock+0x190/0x190 [ 39.309998] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 39.315241] ? __lock_acquire+0x664/0x3e00 [ 39.319446] ? dsthash_find+0x5b0/0x5b0 [ 39.323391] ? __lock_acquire+0x664/0x3e00 [ 39.327594] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 39.332750] ? __lock_acquire+0x664/0x3e00 [ 39.336954] ? __lock_acquire+0x664/0x3e00 [ 39.341156] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 39.346318] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 39.351478] ? check_noncircular+0x20/0x20 [ 39.355693] ? print_irqtrace_events+0x270/0x270 [ 39.360418] hashlimit_mt+0x78/0x90 [ 39.364012] ? hashlimit_mt+0x78/0x90 [ 39.367779] ip6t_do_table+0x98d/0x1a30 [ 39.371723] ? rt6_check+0x199/0x310 [ 39.375407] ? __lock_acquire+0x664/0x3e00 [ 39.379627] ? ip6t_error+0x60/0x60 [ 39.383224] ? rt6_check+0x1e2/0x310 [ 39.386923] ? check_noncircular+0x20/0x20 [ 39.391127] ? lock_acquire+0x1d5/0x580 [ 39.395070] ? lock_acquire+0x1d5/0x580 [ 39.399011] ? ip6_xmit+0xe9d/0x2260 [ 39.402695] ? lock_release+0xa40/0xa40 [ 39.406638] ip6table_raw_hook+0x65/0x80 [ 39.410670] nf_hook_slow+0xba/0x1a0 [ 39.414351] ip6_xmit+0x10ec/0x2260 [ 39.417946] ? __sk_dst_check+0x1a5/0x380 [ 39.422063] ? ip6_finish_output2+0x23a0/0x23a0 [ 39.426700] ? fl6_update_dst+0x127/0x2b0 [ 39.430818] ? inet6_csk_route_socket+0x691/0xe80 [ 39.435628] ? check_noncircular+0x20/0x20 [ 39.439828] ? lock_acquire+0x1d5/0x580 [ 39.443786] ? lock_acquire+0x1d5/0x580 [ 39.447726] ? inet6_csk_xmit+0x114/0x580 [ 39.451843] ? ip6_forward_finish+0x140/0x140 [ 39.456315] ? lock_release+0xa40/0xa40 [ 39.460266] ? __lock_is_held+0xb6/0x140 [ 39.464305] inet6_csk_xmit+0x2fc/0x580 [ 39.468251] ? inet6_csk_update_pmtu+0x160/0x160 [ 39.472977] ? refcount_add_not_zero+0x133/0x200 [ 39.477708] tcp_transmit_skb+0x1b12/0x38b0 [ 39.481999] ? memset+0x31/0x40 [ 39.485246] ? __tcp_select_window+0x900/0x900 [ 39.489811] ? ip6_mtu+0x369/0x4d0 [ 39.493322] ? lock_downgrade+0x980/0x980 [ 39.497436] ? lock_release+0xa40/0xa40 [ 39.501380] ? __lock_is_held+0xb6/0x140 [ 39.505408] ? check_noncircular+0x20/0x20 [ 39.509617] ? pvclock_read_flags+0x160/0x160 [ 39.514080] ? tcp_init_transfer+0x3e0/0x3e0 [ 39.518459] ? tcp_rbtree_insert+0x135/0x190 [ 39.522837] tcp_connect+0x2d1e/0x40f0 [ 39.526695] ? tcp_push_one+0x100/0x100 [ 39.530636] ? lock_downgrade+0x927/0x980 [ 39.534751] ? do_raw_spin_trylock+0x190/0x190 [ 39.539303] ? __inet_hash_connect+0x8c1/0xed0 [ 39.543855] ? pvclock_read_flags+0x160/0x160 [ 39.548328] ? mark_held_locks+0xaf/0x100 [ 39.552446] ? ktime_get_with_offset+0x188/0x420 [ 39.557170] ? kvm_clock_get_cycles+0x25/0x30 [ 39.561636] ? ktime_get_with_offset+0x2c1/0x420 [ 39.566363] ? do_gettimeofday+0x190/0x190 [ 39.570568] ? __siphash_aligned+0x1b9/0x330 [ 39.574945] ? siphash_4u64+0x25/0x3a0 [ 39.578802] ? secure_tcpv6_ts_off+0x1e0/0x420 [ 39.583352] ? secure_tcpv6_seq+0x23c/0x350 [ 39.587642] ? secure_tcpv6_seq+0x350/0x350 [ 39.591934] ? tcp_fastopen_defer_connect+0x163/0x4a0 [ 39.597094] ? secure_dccpv6_sequence_number+0x360/0x360 [ 39.602517] tcp_v6_connect+0x2083/0x26c0 [ 39.606637] ? tcp_v6_syn_recv_sock+0x23f0/0x23f0 [ 39.611449] ? avc_has_perm+0x43e/0x680 [ 39.615392] ? avc_has_perm_noaudit+0x520/0x520 [ 39.620029] ? __lockdep_init_map+0xe4/0x650 [ 39.624406] ? check_noncircular+0x20/0x20 [ 39.628613] ? sock_has_perm+0x2a4/0x420 [ 39.633140] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 39.638490] __inet_stream_connect+0x2d4/0xf00 [ 39.643043] ? __inet_stream_connect+0x2d4/0xf00 [ 39.647770] ? lock_acquire+0x1d5/0x580 [ 39.651714] ? lock_sock_nested+0xa3/0x110 [ 39.655916] ? lock_acquire+0x1d5/0x580 [ 39.659868] ? inet_bind+0x930/0x930 [ 39.663641] ? mark_held_locks+0xaf/0x100 [ 39.667769] ? do_raw_spin_trylock+0x190/0x190 [ 39.672322] ? __local_bh_enable_ip+0x121/0x230 [ 39.676959] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 39.681944] ? lock_sock_nested+0x91/0x110 [ 39.686147] ? trace_hardirqs_on+0xd/0x10 [ 39.690264] ? __local_bh_enable_ip+0x121/0x230 [ 39.694902] inet_stream_connect+0x58/0xa0 [ 39.699108] SYSC_connect+0x213/0x4a0 [ 39.702889] ? SYSC_bind+0x410/0x410 [ 39.706575] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 39.711129] ? vmacache_find+0x5f/0x280 [ 39.715195] ? mm_fault_error+0x2c0/0x2c0 [ 39.719311] ? move_addr_to_kernel+0x60/0x60 [ 39.723689] ? SyS_accept+0x30/0x30 [ 39.727286] SyS_connect+0x24/0x30 [ 39.730806] do_syscall_64+0x280/0x940 [ 39.734671] ? __do_page_fault+0xc90/0xc90 [ 39.738877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.743605] ? syscall_return_slowpath+0x550/0x550 [ 39.748515] ? syscall_return_slowpath+0x2ac/0x550 [ 39.753427] ? prepare_exit_to_usermode+0x350/0x350 [ 39.758421] ? retint_user+0x18/0x18 [ 39.762105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.766919] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 39.772079] RIP: 0033:0x4411a9 [ 39.775325] RSP: 002b:00007ffcdf14dcb8 EFLAGS: 00000207 ORIG_RAX: 000000000000002a [ 39.783002] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004411a9 [ 39.790