[....] Starting enhanced syslogd: rsyslogd[   16.899886] audit: type=1400 audit(1519093926.774:5): avc:  denied  { syslog } for  pid=4019 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.623065] audit: type=1400 audit(1519093932.497:6): avc:  denied  { map } for  pid=4159 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts.
[   28.911513] audit: type=1400 audit(1519093938.786:7): avc:  denied  { map } for  pid=4173 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/20 02:32:19 parsed 1 programs
2018/02/20 02:32:19 executed programs: 0
[   29.171750] audit: type=1400 audit(1519093939.045:8): avc:  denied  { map } for  pid=4173 comm="syz-execprog" path="/root/syzkaller-shm311404702" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   29.184742] IPVS: ftp: loaded support on port[0] = 21
[   29.424742] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   30.751629] 
[   30.753288] =====================================
[   30.758099] WARNING: bad unlock balance detected!
[   30.762913] 4.16.0-rc2+ #320 Not tainted
[   30.766943] -------------------------------------
[   30.771757] kworker/1:1/23 is trying to release lock (rcu_read_lock_bh) at:
[   30.778855] [<ffffffff8478ec3b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   30.785839] but there are no more locks to release!
[   30.790824] 
[   30.790824] other info that might help us debug this:
[   30.797473] 5 locks held by kworker/1:1/23:
[   30.801764]  #0:  ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<00000000de6dbe20>] process_one_work+0xaaf/0x1af0
[   30.812585]  #1:  ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<00000000e7237ebe>] process_one_work+0xb01/0x1af0
[   30.823921]  #2:  (rtnl_mutex){+.+.}, at: [<00000000597dd043>] rtnl_lock+0x17/0x20
[   30.831611]  #3:  (rcu_read_lock){....}, at: [<00000000e7e376ae>] mld_sendpack+0x180/0xe70
[   30.839996]  #4:  (rcu_read_lock){....}, at: [<000000001d4626ea>] nf_hook.constprop.37+0x0/0x830
[   30.848915] 
[   30.848915] stack backtrace:
[   30.853385] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #320
[   30.860294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.869635] Workqueue: ipv6_addrconf addrconf_dad_work
[   30.874894] Call Trace:
[   30.877461]  dump_stack+0x194/0x257
[   30.881064]  ? arch_local_irq_restore+0x53/0x53
[   30.885709]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   30.891138]  print_unlock_imbalance_bug+0x12f/0x140
[   30.896129]  lock_release+0x6fe/0xa40
[   30.899905]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   30.905332]  ? lock_downgrade+0x980/0x980
[   30.909458]  ? lock_release+0xa40/0xa40
[   30.913406]  ? __raw_spin_lock_init+0x1c/0x100
[   30.917965]  ? do_raw_spin_trylock+0x190/0x190
[   30.922525]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   30.927784]  ? dsthash_find+0x5b0/0x5b0
[   30.931732]  ? __lock_acquire+0x664/0x3e00
[   30.935942]  ? ret_from_fork+0x3a/0x50
[   30.939809]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.944976]  ? unwind_dump+0x4d0/0x4d0
[   30.948840]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.954010]  ? unwind_next_frame+0x3e/0x50
[   30.958225]  hashlimit_mt+0x78/0x90
[   30.961826]  ? hashlimit_mt+0x78/0x90
[   30.965618]  ip6t_do_table+0x98d/0x1a30
[   30.969571]  ? kmem_cache_alloc_trace+0x136/0x740
[   30.974391]  ? mld_sendpack+0x617/0xe70
[   30.978342]  ? ip6t_error+0x60/0x60
[   30.981947]  ? check_noncircular+0x20/0x20
[   30.986155]  ? lock_acquire+0x1d5/0x580
[   30.990103]  ? lock_acquire+0x1d5/0x580
[   30.994055]  ? igmp6_mcf_seq_next+0x660/0x660
[   30.998527]  ? lock_release+0xa40/0xa40
[   31.002477]  ip6table_raw_hook+0x65/0x80
[   31.006517]  nf_hook_slow+0xba/0x1a0
[   31.010212]  nf_hook.constprop.37+0x3f6/0x830
[   31.014684]  ? igmp6_mcf_seq_next+0x660/0x660
[   31.019152]  ? trace_hardirqs_on+0xd/0x10
[   31.023279]  ? __local_bh_enable_ip+0x121/0x230
[   31.027924]  ? _raw_spin_unlock_bh+0x30/0x40
[   31.032308]  ? rt6_uncached_list_add+0x1b7/0x240
[   31.037041]  ? rt6_fill_node+0x18b0/0x18b0
[   31.041254]  ? icmp6_dst_alloc+0x475/0x660
[   31.045467]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   31.049764]  ? icmpv6_flow_init+0x1f6/0x270
[   31.054061]  mld_sendpack+0x6c2/0xe70
[   31.057841]  ? nf_hook.constprop.37+0x830/0x830
[   31.062486]  ? mark_held_locks+0xaf/0x100
[   31.066612]  ? trace_hardirqs_on+0xd/0x10
[   31.070735]  ? __local_bh_enable_ip+0x121/0x230
[   31.075378]  mld_send_initial_cr.part.25+0x103/0x150
[   31.080457]  ipv6_mc_dad_complete+0x99/0x130
[   31.084842]  addrconf_dad_completed+0x78b/0xb90
[   31.089486]  ? addrconf_verify_work+0x20/0x20
[   31.093957]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.098947]  ? addrconf_dad_work+0x849/0x1320
[   31.103418]  addrconf_dad_work+0x3d6/0x1320
[   31.107711]  ? addrconf_dad_work+0x3d6/0x1320
[   31.112186]  ? addrconf_ifdown+0x14f0/0x14f0
[   31.116571]  ? __lock_is_held+0xb6/0x140
[   31.120612]  process_one_work+0xbbf/0x1af0
[   31.124821]  ? process_one_work+0xbbf/0x1af0
[   31.129207]  ? pwq_dec_nr_in_flight+0x450/0x450
[   31.133854]  ? __schedule+0x90d/0x2070
[   31.137727]  ? __lock_acquire+0x664/0x3e00
[   31.141940]  ? check_noncircular+0x20/0x20
[   31.146154]  ? check_noncircular+0x20/0x20
[   31.150367]  ? lock_acquire+0x1d5/0x580
[   31.154314]  ? lock_acquire+0x1d5/0x580
[   31.158266]  ? worker_thread+0x4a3/0x1990
[   31.162390]  ? lock_downgrade+0x980/0x980
[   31.166514]  ? lock_release+0xa40/0xa40
[   31.170463]  ? check_noncircular+0x20/0x20
[   31.174675]  ? do_raw_spin_trylock+0x190/0x190
[   31.179237]  worker_thread+0x223/0x1990
[   31.183188]  ? finish_task_switch+0x1c0/0x860
[   31.187665]  ? process_one_work+0x1af0/0x1af0
[   31.192136]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.197128]  ? trace_hardirqs_on+0xd/0x10
[   31.201249]  ? mmdrop+0x18/0x30
[   31.204502]  ? finish_task_switch+0x279/0x860
[   31.208976]  ? copy_overflow+0x20/0x20
[   31.212931]  ? __schedule+0x90d/0x2070
[   31.216796]  ? check_noncircular+0x20/0x20
[   31.221009]  ? find_held_lock+0x35/0x1d0
[   31.225050]  ? find_held_lock+0x35/0x1d0
[   31.229086]  ? find_held_lock+0x35/0x1d0
[   31.233123]  ? complete+0x62/0x80
[   31.236553]  ? __schedule+0x2070/0x2070
[   31.240504]  ? do_wait_intr_irq+0x3e0/0x3e0
[   31.244801]  ? __lockdep_init_map+0xe4/0x650
[   31.249183]  ? do_raw_spin_trylock+0x190/0x190
[   31.253741]  ? lockdep_init_map+0x9/0x10
[   31.257780]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   31.262861]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.267851]  ? trace_hardirqs_on+0xd/0x10
[   31.271978]  ? __kthread_parkme+0x175/0x240
[   31.276280]  kthread+0x33c/0x400
[   31.279620]  ? process_one_work+0x1af0/0x1af0
[   31.284087]  ? kthread_stop+0x7a0/0x7a0
[   31.288039]  ret_from_fork+0x3a/0x50
2018/02/20 02:32:24 executed programs: 479
2018/02/20 02:32:29 executed programs: 1180