[....] Starting enhanced syslogd: rsyslogd[ 15.821594] audit: type=1400 audit(1519111499.992:5): avc: denied { syslog } for pid=4017 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.772190] audit: type=1400 audit(1519111502.942:6): avc: denied { map } for pid=4154 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.226' (ECDSA) to the list of known hosts. [ 25.055863] audit: type=1400 audit(1519111509.226:7): avc: denied { map } for pid=4168 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/20 07:25:09 parsed 1 programs 2018/02/20 07:25:09 executed programs: 0 [ 25.328350] audit: type=1400 audit(1519111509.499:8): avc: denied { map } for pid=4168 comm="syz-execprog" path="/root/syzkaller-shm436274392" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 25.343410] IPVS: ftp: loaded support on port[0] = 21 [ 25.590412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.463321] [ 26.465109] ===================================== [ 26.469920] WARNING: bad unlock balance detected! [ 26.474738] 4.16.0-rc2+ #320 Not tainted [ 26.478773] ------------------------------------- [ 26.483586] syz-executor0/4177 is trying to release lock (rcu_read_lock_bh) at: [ 26.491023] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.498008] but there are no more locks to release! [ 26.503000] [ 26.503000] other info that might help us debug this: [ 26.509639] 3 locks held by syz-executor0/4177: [ 26.514276] #0: ((&idev->mc_ifc_timer)){+.-.}, at: [<00000000c908501e>] call_timer_fn+0x1c6/0x820 [ 26.523441] #1: (rcu_read_lock){....}, at: [<00000000d61b63e8>] mld_sendpack+0x180/0xe70 [ 26.531824] #2: (rcu_read_lock){....}, at: [<00000000caaf6436>] nf_hook.constprop.37+0x0/0x830 [ 26.540875] [ 26.540875] stack backtrace: [ 26.545350] CPU: 0 PID: 4177 Comm: syz-executor0 Not tainted 4.16.0-rc2+ #320 [ 26.552586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.561915] Call Trace: [ 26.564470] [ 26.566598] dump_stack+0x194/0x257 [ 26.570197] ? arch_local_irq_restore+0x53/0x53 [ 26.574841] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.580264] print_unlock_imbalance_bug+0x12f/0x140 [ 26.585250] lock_release+0x6fe/0xa40 [ 26.589018] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.594437] ? lock_downgrade+0x980/0x980 [ 26.598554] ? lock_release+0xa40/0xa40 [ 26.602497] ? __raw_spin_lock_init+0x1c/0x100 [ 26.607049] ? do_raw_spin_trylock+0x190/0x190 [ 26.611603] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 26.616849] ? lock_downgrade+0x980/0x980 [ 26.620971] ? dsthash_find+0x5b0/0x5b0 [ 26.624916] ? __lock_acquire+0x664/0x3e00 [ 26.629124] ? is_bpf_text_address+0x7b/0x120 [ 26.633588] ? lock_downgrade+0x95a/0x980 [ 26.637708] ? rcutorture_record_progress+0x10/0x10 [ 26.642698] ? __kernel_text_address+0xd/0x40 [ 26.647165] ? unwind_get_return_address+0x61/0xa0 [ 26.652064] hashlimit_mt+0x78/0x90 [ 26.655657] ? hashlimit_mt+0x78/0x90 [ 26.659428] ip6t_do_table+0x98d/0x1a30 [ 26.663375] ? kmem_cache_alloc_trace+0x136/0x740 [ 26.668189] ? mld_sendpack+0x617/0xe70 [ 26.672135] ? ip6t_error+0x60/0x60 [ 26.675732] ? check_noncircular+0x20/0x20 [ 26.679935] ? lock_acquire+0x1d5/0x580 [ 26.683879] ? lock_acquire+0x1d5/0x580 [ 26.687820] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.692283] ? lock_release+0xa40/0xa40 [ 26.696228] ip6table_raw_hook+0x65/0x80 [ 26.700261] nf_hook_slow+0xba/0x1a0 [ 26.703944] nf_hook.constprop.37+0x3f6/0x830 [ 26.708409] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.712876] ? trace_hardirqs_on+0xd/0x10 [ 26.717007] ? __local_bh_enable_ip+0x121/0x230 [ 26.721647] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.726028] ? rt6_uncached_list_add+0x1b7/0x240 [ 26.730749] ? rt6_fill_node+0x18b0/0x18b0 [ 26.734953] ? icmp6_dst_alloc+0x475/0x660 [ 26.739156] ? ip6_mc_leave_src+0x1d0/0x1d0 [ 26.743445] ? icmpv6_flow_init+0x1f6/0x270 [ 26.747735] mld_sendpack+0x6c2/0xe70 [ 26.751507] ? nf_hook.constprop.37+0x830/0x830 [ 26.756158] ? mark_held_locks+0xaf/0x100 [ 26.760289] ? trace_hardirqs_on+0xd/0x10 [ 26.764407] ? __local_bh_enable_ip+0x121/0x230 [ 26.769055] mld_ifc_timer_expire+0x3d9/0x770 [ 26.773524] call_timer_fn+0x228/0x820 [ 26.777379] ? mld_dad_timer_expire+0x100/0x100 [ 26.782018] ? process_timeout+0x40/0x40 [ 26.786047] ? __run_timers+0x7e3/0xb70 [ 26.790183] ? lock_downgrade+0x980/0x980 [ 26.794301] ? debug_object_deactivate+0x364/0x560 [ 26.799218] ? lock_release+0xa40/0xa40 [ 26.803163] ? do_raw_spin_trylock+0x190/0x190 [ 26.807716] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.812704] ? mld_dad_timer_expire+0x100/0x100 [ 26.817342] ? mld_dad_timer_expire+0x100/0x100 [ 26.821986] __run_timers+0x7ee/0xb70 [ 26.825760] ? trigger_dyntick_cpu.isra.29+0x150/0x150 [ 26.831009] ? timerqueue_add+0x1e9/0x280 [ 26.835124] ? check_noncircular+0x20/0x20 [ 26.839711] ? enqueue_hrtimer+0x177/0x4b0 [ 26.844032] ? lock_release+0xa40/0xa40 [ 26.847986] ? retrigger_next_event+0x1e0/0x1e0 [ 26.852629] ? find_held_lock+0x35/0x1d0 [ 26.856676] ? clockevents_program_event+0x163/0x2e0 [ 26.861751] ? lock_downgrade+0x980/0x980 [ 26.865877] ? rcu_pm_notify+0xc0/0xc0 [ 26.869742] run_timer_softirq+0x4c/0x70 [ 26.873778] __do_softirq+0x2d7/0xb85 [ 26.877550] ? ktime_get+0x26f/0x3a0 [ 26.881235] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4 [ 26.886306] ? do_timer+0x50/0x50 [ 26.889731] ? native_apic_msr_write+0x5c/0x80 [ 26.894285] ? lapic_next_event+0x54/0x80 [ 26.898402] ? clockevents_program_event+0x108/0x2e0 [ 26.903476] ? tick_program_event+0x83/0x100 [ 26.907853] ? rcu_pm_notify+0xc0/0xc0 [ 26.911714] irq_exit+0x1cc/0x200 [ 26.915134] smp_apic_timer_interrupt+0x16b/0x700 [ 26.919941] ? smp_reschedule_interrupt+0xe6/0x650 [ 26.924839] ? smp_call_function_single_interrupt+0x640/0x640 [ 26.930693] ? _raw_spin_lock+0x32/0x40 [ 26.934636] ? _raw_spin_unlock+0x22/0x30 [ 26.938755] ? handle_edge_irq+0x2b4/0x7c0 [ 26.942960] ? task_prio+0x50/0x50 [ 26.946475] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.951306] apic_timer_interrupt+0x8e/0xa0 [ 26.955595] [ 26.957805] RIP: 0010:percpu_counter_add_batch+0x49/0x130 [ 26.963307] RSP: 0018:ffff8801b245f7e8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff12 [ 26.970985] RAX: 000000000002fd04 RBX: ffff8801ae3fcc80 RCX: ffffffff8264893f [ 26.978223] RDX: 1ffffffff0d424c2 RSI: 0000000000000001 RDI: ffffffff86a125c0 [ 26.985463] RBP: ffff8801b245f818 R08: 000000000000000b R09: ffff8801b245f540 [ 26.992701] R10: 000000007686e333 R11: 000000009c8fbb98 R12: 0000000000000001 [ 26.999939] R13: ffffffff86a12610 R14: 0000000000000020 R15: ffffffff86a125c0 [ 27.007183] ? percpu_counter_add_batch+0x1f/0x130 [ 27.012083] ? percpu_counter_add_batch+0x1f/0x130 [ 27.016984] get_empty_filp+0x154/0x4f0 [ 27.020926] ? proc_nr_files+0x60/0x60 [ 27.024780] ? rcutorture_record_progress+0x10/0x10 [ 27.029765] ? __lock_is_held+0xb6/0x140 [ 27.033794] ? check_noncircular+0x20/0x20 [ 27.038002] ? unwind_get_return_address+0x61/0xa0 [ 27.042900] path_openat+0xed/0x3530 [ 27.046584] ? find_held_lock+0x35/0x1d0 [ 27.050614] ? path_lookupat+0xba0/0xba0 [ 27.054643] ? lock_downgrade+0x980/0x980 [ 27.058761] ? do_sys_open+0x2e7/0x6d0 [ 27.062618] ? lock_release+0xa40/0xa40 [ 27.066559] ? find_held_lock+0x35/0x1d0 [ 27.070587] ? do_raw_spin_trylock+0x190/0x190 [ 27.075137] ? __lock_is_held+0xb6/0x140 [ 27.079171] ? _raw_spin_unlock+0x22/0x30 [ 27.083287] ? __alloc_fd+0x29b/0x750 [ 27.087062] do_filp_open+0x25b/0x3b0 [ 27.090832] ? may_open_dev+0xe0/0xe0 [ 27.094603] ? strncpy_from_user+0x323/0x430 [ 27.098982] ? mpi_resize+0x200/0x200 [ 27.102753] ? get_unused_fd_flags+0x121/0x190 [ 27.107308] ? __alloc_fd+0x750/0x750 [ 27.111077] ? getname_flags+0x256/0x580 [ 27.115111] do_sys_open+0x502/0x6d0 [ 27.118792] ? do_sys_open+0x502/0x6d0 [ 27.122650] ? filp_open+0x70/0x70 [ 27.126159] ? mm_fault_error+0x2c0/0x2c0 [ 27.130276] ? SyS_read+0x220/0x220 [ 27.133873] ? do_sys_open+0x6d0/0x6d0 [ 27.137728] SyS_open+0x2d/0x40 [ 27.140981] do_syscall_64+0x280/0x940 [ 27.144840] ? __do_page_fault+0xc90/0xc90 [ 27.149043] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.153768] ? syscall_return_slowpath+0x550/0x550 [ 27.158665] ? syscall_return_slowpath+0x2ac/0x550 [ 27.164171] ? prepare_exit_to_usermode+0x350/0x350 [ 27.169158] ? retint_user+0x18/0x18 [ 27.172840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.177655] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.182830] RIP: 0033:0x451f10 [ 27.185993] RSP: 002b:00007ffc05a75520 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 27.193670] RAX: ffffffffffffffda RBX: 000000000000001d RCX: 0000000000451f10 [ 27.200912] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffc05a77380 [ 27.208152] RBP: 00007ffc05a77380 R08: 0000000000000001 R09: 0000000000d92940 [ 27.215392] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000009d [ 27.222632] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000d92914 2018/02/20 07:25:14 executed programs: 448 2018/02/20 07:25:19 executed programs: 1131