[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.537589] audit: type=1400 audit(1519126727.017:6): avc: denied { map } for pid=4159 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. syzkaller login: [ 24.850449] audit: type=1400 audit(1519126733.330:7): avc: denied { map } for pid=4173 comm="syzkaller260927" path="/root/syzkaller260927766" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.863272] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 24.876494] audit: type=1400 audit(1519126733.330:8): avc: denied { sys_admin } for pid=4173 comm="syzkaller260927" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.926631] audit: type=1400 audit(1519126733.406:9): avc: denied { net_admin } for pid=4174 comm="syzkaller260927" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 25.126691] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.467358] audit: type=1400 audit(1519126733.947:10): avc: denied { sys_chroot } for pid=4174 comm="syzkaller260927" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.492180] audit: type=1400 audit(1519126733.948:11): avc: denied { net_raw } for pid=4174 comm="syzkaller260927" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 25.535256] [ 25.536902] ===================================== [ 25.541715] WARNING: bad unlock balance detected! [ 25.546527] 4.16.0-rc2+ #234 Not tainted [ 25.550554] ------------------------------------- [ 25.555363] kworker/1:1/24 is trying to release lock (rcu_read_lock_bh) at: [ 25.562444] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.569424] but there are no more locks to release! [ 25.574416] [ 25.574416] other info that might help us debug this: [ 25.581051] 5 locks held by kworker/1:1/24: [ 25.585339] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<000000005033de23>] process_one_work+0xaaf/0x1af0 [ 25.596153] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<00000000dbed187e>] process_one_work+0xb01/0x1af0 [ 25.607491] #2: (rtnl_mutex){+.+.}, at: [<00000000f44e8591>] rtnl_lock+0x17/0x20 [ 25.615182] #3: (rcu_read_lock){....}, at: [<00000000ecfa48c3>] ndisc_send_skb+0x826/0x1370 [ 25.623831] #4: (rcu_read_lock){....}, at: [<000000000336e811>] nf_hook.constprop.27+0x0/0x830 [ 25.632739] [ 25.632739] stack backtrace: [ 25.637206] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #234 [ 25.644105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.653440] Workqueue: ipv6_addrconf addrconf_dad_work [ 25.658691] Call Trace: [ 25.661250] dump_stack+0x194/0x257 [ 25.664848] ? arch_local_irq_restore+0x53/0x53 [ 25.669490] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.674915] print_unlock_imbalance_bug+0x12f/0x140 [ 25.679904] lock_release+0x6fe/0xa40 [ 25.683675] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.689096] ? lock_downgrade+0x980/0x980 [ 25.693218] ? lock_release+0xa40/0xa40 [ 25.697163] ? __raw_spin_lock_init+0x1c/0x100 [ 25.701714] ? do_raw_spin_trylock+0x190/0x190 [ 25.706279] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 25.711529] ? dsthash_find+0x5b0/0x5b0 [ 25.715482] ? __lock_acquire+0x664/0x3e00 [ 25.719689] ? ret_from_fork+0x3a/0x50 [ 25.723551] ? print_irqtrace_events+0x270/0x270 [ 25.728280] ? __unwind_start+0x169/0x330 [ 25.732399] hashlimit_mt+0x78/0x90 [ 25.735996] ? hashlimit_mt+0x78/0x90 [ 25.739773] ip6t_do_table+0x98d/0x1a30 [ 25.743721] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.748884] ? ip6t_error+0x60/0x60 [ 25.752482] ? check_noncircular+0x20/0x20 [ 25.756694] ? lock_acquire+0x1d5/0x580 [ 25.760639] ? lock_acquire+0x1d5/0x580 [ 25.764584] ? pndisc_destructor+0x340/0x340 [ 25.768963] ? lock_release+0xa40/0xa40 [ 25.772907] ip6table_raw_hook+0x65/0x80 [ 25.776943] nf_hook_slow+0xba/0x1a0 [ 25.780630] nf_hook.constprop.27+0x3f6/0x830 [ 25.785103] ? pndisc_destructor+0x340/0x340 [ 25.789483] ? find_held_lock+0x35/0x1d0 [ 25.793523] ? lock_acquire+0x1d5/0x580 [ 25.797466] ? lock_acquire+0x1d5/0x580 [ 25.801416] ? ndisc_send_skb+0x826/0x1370 [ 25.805628] ? lock_downgrade+0x980/0x980 [ 25.809748] ? lock_release+0xa40/0xa40 [ 25.813694] ? ndisc_error_report+0x180/0x180 [ 25.818160] ndisc_send_skb+0xa51/0x1370 [ 25.822194] ? nf_hook.constprop.27+0x830/0x830 [ 25.826834] ? check_noncircular+0x20/0x20 [ 25.831047] ? refcount_add_not_zero+0x133/0x200 [ 25.835776] ? refcount_dec_if_one+0x20/0x20 [ 25.840157] ? print_irqtrace_events+0x270/0x270 [ 25.844888] ndisc_send_ns+0x38a/0x870 [ 25.848747] ? ndisc_netdev_event+0x4a0/0x4a0 [ 25.853217] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.858204] ? addrconf_dad_work+0xa5e/0x1320 [ 25.862669] addrconf_dad_work+0xb9e/0x1320 [ 25.866960] ? addrconf_dad_work+0xb9e/0x1320 [ 25.871425] ? addrconf_ifdown+0x14f0/0x14f0 [ 25.875807] ? __lock_is_held+0xb6/0x140 [ 25.879848] process_one_work+0xbbf/0x1af0 [ 25.884052] ? process_one_work+0xbbf/0x1af0 [ 25.888432] ? pwq_dec_nr_in_flight+0x450/0x450 [ 25.893073] ? __schedule+0x90d/0x2070 [ 25.896953] ? __lock_acquire+0x664/0x3e00 [ 25.901167] ? check_noncircular+0x20/0x20 [ 25.905463] ? check_noncircular+0x20/0x20 [ 25.909670] ? lock_acquire+0x1d5/0x580 [ 25.913621] ? lock_acquire+0x1d5/0x580 [ 25.917568] ? worker_thread+0x4a3/0x1990 [ 25.921684] ? lock_downgrade+0x980/0x980 [ 25.925802] ? lock_release+0xa40/0xa40 [ 25.929761] ? retint_kernel+0x10/0x10 [ 25.933620] ? do_raw_spin_trylock+0x190/0x190 [ 25.938174] worker_thread+0x223/0x1990 [ 25.942121] ? finish_task_switch+0x1c0/0x860 [ 25.946593] ? process_one_work+0x1af0/0x1af0 [ 25.951059] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.956050] ? trace_hardirqs_on+0xd/0x10 [ 25.960171] ? mmdrop+0x18/0x30 [ 25.963423] ? finish_task_switch+0x279/0x860 [ 25.967895] ? copy_overflow+0x20/0x20 [ 25.971757] ? __schedule+0x90d/0x2070 [ 25.975615] ? check_noncircular+0x20/0x20 [ 25.979822] ? find_held_lock+0x35/0x1d0 [ 25.983854] ? find_held_lock+0x35/0x1d0 [ 25.987886] ? find_held_lock+0x35/0x1d0 [ 25.991921] ? complete+0x62/0x80 [ 25.995353] ? __schedule+0x2070/0x2070 [ 25.999297] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.003596] ? __lockdep_init_map+0xe4/0x650 [ 26.007977] ? do_raw_spin_trylock+0x190/0x190 [ 26.012529] ? lockdep_init_map+0x9/0x10 [ 26.016561] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 26.021636] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.026621] ? trace_hardirqs_on+0xd/0x10 [ 26.030747] ? __kthread_parkme+0x175/0x240 [ 26.035042] kthread+0x33c/