[....] Starting enhanced syslogd: rsyslogd[ 15.085568] audit: type=1400 audit(1519205101.904:5): avc: denied { syslog } for pid=3998 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.888060] audit: type=1400 audit(1519205105.706:6): avc: denied { map } for pid=4139 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.192106] audit: type=1400 audit(1519205112.010:7): avc: denied { map } for pid=4152 comm="syzkaller620697" path="/root/syzkaller620697810" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 25.572496] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 25.908233] [ 25.909905] ===================================== [ 25.914725] WARNING: bad unlock balance detected! [ 25.919552] 4.16.0-rc2+ #235 Not tainted [ 25.923591] ------------------------------------- [ 25.928414] kworker/0:2/1829 is trying to release lock (rcu_read_lock_bh) at: [ 25.935683] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 25.942673] but there are no more locks to release! [ 25.947668] [ 25.947668] other info that might help us debug this: [ 25.954313] 5 locks held by kworker/0:2/1829: [ 25.958771] #0: ((wq_completion)"events_power_efficient"){+.+.}, at: [<00000000860d554b>] process_one_work+0xaaf/0x1af0 [ 25.969842] #1: ((work_completion)(&(&hinfo->gc_work)->work)){+.+.}, at: [<000000004ec1ed42>] process_one_work+0xb01/0x1af0 [ 25.981255] #2: ((&idev->mc_ifc_timer)){+.-.}, at: [<00000000d8af0f7e>] call_timer_fn+0x1c6/0x820 [ 25.990411] #3: (rcu_read_lock){....}, at: [<000000004c4ca4c9>] mld_sendpack+0x180/0xe70 [ 25.998786] #4: (rcu_read_lock){....}, at: [<000000002dc060b7>] nf_hook.constprop.37+0x0/0x830 [ 26.007682] [ 26.007682] stack backtrace: [ 26.012146] CPU: 0 PID: 1829 Comm: kworker/0:2 Not tainted 4.16.0-rc2+ #235 [ 26.019211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.028538] Workqueue: events_power_efficient htable_gc [ 26.033869] Call Trace: [ 26.036422] [ 26.038541] dump_stack+0x194/0x257 [ 26.042137] ? arch_local_irq_restore+0x53/0x53 [ 26.046776] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.052195] print_unlock_imbalance_bug+0x12f/0x140 [ 26.057180] lock_release+0x6fe/0xa40 [ 26.060947] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.066364] ? lock_downgrade+0x980/0x980 [ 26.070479] ? lock_release+0xa40/0xa40 [ 26.074420] ? __raw_spin_lock_init+0x1c/0x100 [ 26.078968] ? do_raw_spin_trylock+0x190/0x190 [ 26.083521] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 26.088768] ? dsthash_find+0x5b0/0x5b0 [ 26.092708] ? __lock_acquire+0x664/0x3e00 [ 26.096931] ? ret_from_fork+0x3a/0x50 [ 26.100789] ? memset+0x31/0x40 [ 26.104042] ? unwind_dump+0x4d0/0x4d0 [ 26.107902] ? __unwind_start+0x169/0x330 [ 26.112024] hashlimit_mt+0x78/0x90 [ 26.115631] ? hashlimit_mt+0x78/0x90 [ 26.119407] ip6t_do_table+0x98d/0x1a30 [ 26.123352] ? kmem_cache_alloc_trace+0x136/0x740 [ 26.128173] ? mld_sendpack+0x617/0xe70 [ 26.132122] ? ip6t_error+0x60/0x60 [ 26.135717] ? check_noncircular+0x20/0x20 [ 26.139919] ? lock_acquire+0x1d5/0x580 [ 26.143860] ? lock_acquire+0x1d5/0x580 [ 26.147811] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.152277] ? lock_release+0xa40/0xa40 [ 26.156222] ip6table_raw_hook+0x65/0x80 [ 26.160252] nf_hook_slow+0xba/0x1a0 [ 26.163937] nf_hook.constprop.37+0x3f6/0x830 [ 26.168400] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.172862] ? trace_hardirqs_on+0xd/0x10 [ 26.176982] ? __local_bh_enable_ip+0x121/0x230 [ 26.181620] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.185998] ? rt6_uncached_list_add+0x1b7/0x240 [ 26.190726] ? rt6_fill_node+0x18b0/0x18b0 [ 26.194931] ? icmp6_dst_alloc+0x475/0x660 [ 26.199135] ? ip6_mc_leave_src+0x1d0/0x1d0 [ 26.203423] ? icmpv6_flow_init+0x1f6/0x270 [ 26.207715] mld_sendpack+0x6c2/0xe70 [ 26.211494] ? nf_hook.constprop.37+0x830/0x830 [ 26.216131] ? mark_held_locks+0xaf/0x100 [ 26.220249] ? trace_hardirqs_on+0xd/0x10 [ 26.224374] ? __local_bh_enable_ip+0x121/0x230 [ 26.229016] mld_ifc_timer_expire+0x3d9/0x770 [ 26.233484] call_timer_fn+0x228/0x820 [ 26.237341] ? mld_dad_timer_expire+0x100/0x100 [ 26.241978] ? process_timeout+0x40/0x40 [ 26.246011] ? __run_timers+0x7e3/0xb70 [ 26.249955] ? lock_downgrade+0x980/0x980 [ 26.254076] ? debug_object_deactivate+0x364/0x560 [ 26.258975] ? lock_release+0xa40/0xa40 [ 26.262920] ? mark_held_locks+0xaf/0x100 [ 26.267038] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 26.272024] ? mld_dad_timer_expire+0x100/0x100 [ 26.276662] ? mld_dad_timer_expire+0x100/0x100 [ 26.281298] __run_timers+0x7ee/0xb70 [ 26.285070] ? trigger_dyntick_cpu.isra.29+0x150/0x150 [ 26.290318] ? timerqueue_add+0x1e9/0x280 [ 26.294437] ? check_noncircular+0x20/0x20 [ 26.298641] ? enqueue_hrtimer+0x177/0x4b0 [ 26.302843] ? lock_release+0xa40/0xa40 [ 26.306787] ? retrigger_next_event+0x1e0/0x1e0 [ 26.311424] ? print_irqtrace_events+0x270/0x270 [ 26.316148] ? check_noncircular+0x20/0x20 [ 26.320352] ? clockevents_program_event+0x163/0x2e0 [ 26.325423] ? lock_downgrade+0x980/0x980 [ 26.329539] ? __lock_is_held+0xb6/0x140 [ 26.333569] run_timer_softirq+0x4c/0x70 [ 26.337597] __do_softirq+0x2d7/0xb85 [ 26.341364] ? ktime_get+0x26f/0x3a0 [ 26.345045] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4 [ 26.350117] ? check_noncircular+0x20/0x20 [ 26.354329] ? native_apic_msr_write+0x5c/0x80 [ 26.358883] ? lapic_next_event+0x54/0x80 [ 26.363002] ? clockevents_program_event+0x108/0x2e0 [ 26.368086] ? tick_program_event+0x83/0x100 [ 26.372463] ? __lock_is_held+0xb6/0x140 [ 26.376496] irq_exit+0x1cc/0x200 [ 26.379916] smp_apic_timer_interrupt+0x16b/0x700 [ 26.384724] ? smp_call_function_single_interrupt+0x124/0x640 [ 26.390574] ? smp_call_function_single_interrupt+0x640/0x640 [ 26.396426] ? _raw_spin_lock+0x32/0x40 [ 26.400369] ? _raw_spin_unlock+0x22/0x30 [ 26.404484] ? handle_edge_irq+0x2b4/0x7c0 [ 26.408686] ? task_prio+0x50/0x50 [ 26.412198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.417014] apic_timer_interrupt+0x8e/0xa0 [ 26.421304] [ 26.423509] RIP: 0010:lock_is_held_type+0x18b/0x210 [ 26.428488] RSP: 0018:ffff8801d25173e8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff12 [ 26.436163] RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000006 [ 26.443400] RDX: 1ffffffff0d592d5 RSI: ffffffff86b42680 RDI: 0000000000000282 [ 26.450639] RBP: ffff8801d2517408 R08: 1ffff1003a4a2e5b R09: 0000000000000000 [ 26.457877] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d24dc000 [ 26.465115] R13: 0000000000000000 R14: 000000000000017d R15: 0000000000000000 [ 26.472362] ? mark_held_locks+0xaf/0x100 [ 26.476477] ___might_sleep+0x3d8/0x470 [ 26.480422] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 26.486277] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.491270] ? htable_selective_cleanup+0x289/0x3d0 [ 26.496254] ? trace_hardirqs_on+0xd/0x10 [ 26.500380] ? __local_bh_enable_ip+0x121/0x230 [ 26.505024] ? select_all+0x10/0x10 [ 26.508621] htable_selective_cleanup+0x29c/0x3d0 [ 26.513431] ? hashlimit_ipv6_mask+0x3b0/0x3b0 [ 26.517979] ? __lock_is_held+0xb6/0x140 [ 26.522011] htable_gc+0x2e/0xc0 [ 26.525350] process_one_work+0xbbf/0x1af0 [ 26.529557] ? pwq_dec_nr_in_flight+0x450/0x450 [ 26.534196] ? __schedule+0x90d/0x2070 [ 26.538053] ? __lock_acquire+0x664/0x3e00 [ 26.542257] ? __lock_is_held+0xb6/0x140 [ 26.546285] ? check_noncircular+0x20/0x20 [ 26.550488] ? check_noncircular+0x20/0x20 [ 26.554694] ? lock_acquire+0x1d5/0x580 [ 26.558637] ? lock_acquire+0x1d5/0x580 [ 26.562577] ? worker_thread+0x4a3/0x1990 [ 26.566694] ? lock_downgrade+0x980/0x980 [ 26.570811] ? lock_release+0xa40/0xa40 [ 26.574752] ? retint_kernel+0x10/0x10 [ 26.578607] ? do_raw_spin_trylock+0x190/0x190 [ 26.583159] worker_thread+0x223/0x1990 [ 26.587100] ? finish_task_switch+0x1c0/0x860 [ 26.591568] ? process_one_work+0x1af0/0x1af0 [ 26.596032] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.601023] ? trace_hardirqs_on+0xd/0x10 [ 26.605138] ? mmdrop+0x18/0x30 [ 26.608384] ? finish_task_switch+0x279/0x860 [ 26.612845] ? copy_overflow+0x20/0x20 [ 26.616701] ? __schedule+0x90d/0x2070 [ 26.620556] ? check_noncircular+0x20/0x20 [ 26.624756] ? find_held_lock+0x35/0x1d0 [ 26.628786] ? find_held_lock+0x35/0x1d0 [ 26.632817] ? find_held_lock+0x35/0x1d0 [ 26.636849] ? complete+0x62/0x80 [ 26.640273] ? __schedule+0x2070/0x2070 [ 26.644214] ? do_wait_intr_irq+0x3e0/0x3e0 [ 26.648501] ? __lockdep_init_map+0xe4/0x650 [ 26.652877] ? do_raw_spin_trylock+0x190/0x190 [ 26.657425] ? lockdep_init_map+0x9/0x10 [