[....] Starting enhanced syslogd: rsyslogd[   16.430936] audit: type=1400 audit(1519092452.267:5): avc:  denied  { syslog } for  pid=4009 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.296299] audit: type=1400 audit(1519092458.133:6): avc:  denied  { map } for  pid=4151 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts.
[   28.583693] audit: type=1400 audit(1519092464.420:7): avc:  denied  { map } for  pid=4165 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/20 02:07:44 parsed 1 programs
2018/02/20 02:07:44 executed programs: 0
[   28.854206] audit: type=1400 audit(1519092464.690:8): avc:  denied  { map } for  pid=4165 comm="syz-execprog" path="/root/syzkaller-shm089422687" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   28.871546] IPVS: ftp: loaded support on port[0] = 21
[   29.086786] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.551331] 
[   29.552978] =====================================
[   29.557795] WARNING: bad unlock balance detected!
[   29.562608] 4.16.0-rc2+ #320 Not tainted
[   29.566637] -------------------------------------
[   29.571446] kworker/1:1/24 is trying to release lock (rcu_read_lock_bh) at:
[   29.578524] [<ffffffff8478ec3b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.585503] but there are no more locks to release!
[   29.590486] 
[   29.590486] other info that might help us debug this:
[   29.597120] 5 locks held by kworker/1:1/24:
[   29.601405]  #0:  ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<000000003d7b38e2>] process_one_work+0xaaf/0x1af0
[   29.612217]  #1:  ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<00000000406fa1f0>] process_one_work+0xb01/0x1af0
[   29.623547]  #2:  (rtnl_mutex){+.+.}, at: [<00000000825db7cb>] rtnl_lock+0x17/0x20
[   29.631228]  #3:  (rcu_read_lock){....}, at: [<000000003370b3ae>] ndisc_send_skb+0x826/0x1370
[   29.639865]  #4:  (rcu_read_lock){....}, at: [<0000000057229235>] nf_hook.constprop.27+0x0/0x830
[   29.648761] 
[   29.648761] stack backtrace:
[   29.653227] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #320
[   29.660119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.669450] Workqueue: ipv6_addrconf addrconf_dad_work
[   29.674696] Call Trace:
[   29.677260]  dump_stack+0x194/0x257
[   29.680856]  ? arch_local_irq_restore+0x53/0x53
[   29.685497]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.690918]  print_unlock_imbalance_bug+0x12f/0x140
[   29.695906]  lock_release+0x6fe/0xa40
[   29.699681]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   29.705102]  ? lock_downgrade+0x980/0x980
[   29.709221]  ? lock_release+0xa40/0xa40
[   29.713164]  ? __raw_spin_lock_init+0x1c/0x100
[   29.717717]  ? do_raw_spin_trylock+0x190/0x190
[   29.722272]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   29.727521]  ? dsthash_find+0x5b0/0x5b0
[   29.731467]  ? __lock_acquire+0x664/0x3e00
[   29.735675]  ? ret_from_fork+0x3a/0x50
[   29.739539]  ? print_irqtrace_events+0x270/0x270
[   29.744270]  ? __unwind_start+0x169/0x330
[   29.748388]  hashlimit_mt+0x78/0x90
[   29.751984]  ? hashlimit_mt+0x78/0x90
[   29.755756]  ip6t_do_table+0x98d/0x1a30
[   29.759705]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   29.764866]  ? ip6t_error+0x60/0x60
[   29.768472]  ? check_noncircular+0x20/0x20
[   29.772678]  ? lock_acquire+0x1d5/0x580
[   29.776623]  ? lock_acquire+0x1d5/0x580
[   29.780572]  ? pndisc_destructor+0x340/0x340
[   29.784953]  ? lock_release+0xa40/0xa40
[   29.788900]  ip6table_raw_hook+0x65/0x80
[   29.792936]  nf_hook_slow+0xba/0x1a0
[   29.796620]  nf_hook.constprop.27+0x3f6/0x830
[   29.801084]  ? pndisc_destructor+0x340/0x340
[   29.805464]  ? find_held_lock+0x35/0x1d0
[   29.809497]  ? lock_acquire+0x1d5/0x580
[   29.813439]  ? lock_acquire+0x1d5/0x580
[   29.817384]  ? ndisc_send_skb+0x826/0x1370
[   29.821591]  ? lock_downgrade+0x980/0x980
[   29.825708]  ? lock_release+0xa40/0xa40
[   29.829664]  ? ndisc_error_report+0x180/0x180
[   29.834133]  ndisc_send_skb+0xa51/0x1370
[   29.838168]  ? nf_hook.constprop.27+0x830/0x830
[   29.842810]  ? check_noncircular+0x20/0x20
[   29.847017]  ? refcount_add_not_zero+0x133/0x200
[   29.851746]  ? refcount_dec_if_one+0x20/0x20
[   29.856127]  ? print_irqtrace_events+0x270/0x270
[   29.860856]  ndisc_send_ns+0x38a/0x870
[   29.864799]  ? ndisc_netdev_event+0x4a0/0x4a0
[   29.869266]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.874252]  ? addrconf_dad_work+0xa5e/0x1320
[   29.878720]  addrconf_dad_work+0xb9e/0x1320
[   29.883012]  ? addrconf_dad_work+0xb9e/0x1320
[   29.887481]  ? addrconf_ifdown+0x14f0/0x14f0
[   29.891869]  ? __lock_is_held+0xb6/0x140
[   29.895903]  process_one_work+0xbbf/0x1af0
[   29.900110]  ? process_one_work+0xbbf/0x1af0
[   29.904493]  ? pwq_dec_nr_in_flight+0x450/0x450
[   29.909134]  ? __schedule+0x90d/0x2070
[   29.912991]  ? __lock_acquire+0x664/0x3e00
[   29.917200]  ? check_noncircular+0x20/0x20
[   29.921407]  ? check_noncircular+0x20/0x20
[   29.925615]  ? lock_acquire+0x1d5/0x580
[   29.929558]  ? lock_acquire+0x1d5/0x580
[   29.933501]  ? worker_thread+0x4a3/0x1990
[   29.937617]  ? lock_downgrade+0x980/0x980
[   29.941736]  ? lock_release+0xa40/0xa40
[   29.945681]  ? pr_cont_work+0x130/0x130
[   29.949626]  ? check_noncircular+0x20/0x20
[   29.953832]  ? do_raw_spin_trylock+0x190/0x190
[   29.958385]  worker_thread+0x223/0x1990
[   29.962328]  ? finish_task_switch+0x1c0/0x860
[   29.966797]  ? process_one_work+0x1af0/0x1af0
[   29.971263]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.976252]  ? trace_hardirqs_on+0xd/0x10
[   29.980374]  ? mmdrop+0x18/0x30
[   29.983626]  ? finish_task_switch+0x279/0x860
[   29.988089]  ? copy_overflow+0x20/0x20
[   29.991949]  ? __schedule+0x90d/0x2070
[   29.995811]  ? check_noncircular+0x20/0x20
[   30.000017]  ? find_held_lock+0x35/0x1d0
[   30.004049]  ? find_held_lock+0x35/0x1d0
[   30.008082]  ? find_held_lock+0x35/0x1d0
[   30.012114]  ? complete+0x62/0x80
[   30.015538]  ? __schedule+0x2070/0x2070
[   30.019483]  ? do_wait_intr_irq+0x3e0/0x3e0
[   30.023776]  ? __lockdep_init_map+0xe4/0x650
[   30.028153]  ? do_raw_spin_trylock+0x190/0x190
[   30.032707]  ? lockdep_init_map+0x9/0x10
[   30.036737]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   30.041809]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.046797]  ? trace_hardirqs_on+0xd/0x10
[   30.050917]  ? __kthread_parkme+0x175/0x240
[   30.055207]  kthread+0x33c/0x400
[   30.058544]  ? process_one_work+0x1af0/0x1af0
[   30.063010]  ? kthread_stop+0x7a0/0x7a0
[   30.066954]  ret_from_fork+0x3a/0x50
2018/02/20 02:07:49 executed programs: 632
2018/02/20 02:07:54 executed programs: 1457