[....] Starting enhanced syslogd: rsyslogd[   16.082689] audit: type=1400 audit(1519153887.188:5): avc:  denied  { syslog } for  pid=3999 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.276901] audit: type=1400 audit(1519153889.382:6): avc:  denied  { map } for  pid=4136 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   27.263686] audit: type=1400 audit(1519153898.369:7): avc:  denied  { map } for  pid=4151 comm="syzkaller154779" path="/root/syzkaller154779607" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   27.636008] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   27.967278] 
[   27.968935] =====================================
[   27.973758] WARNING: bad unlock balance detected!
[   27.978587] 4.16.0-rc2+ #322 Not tainted
[   27.982635] -------------------------------------
[   27.987458] kworker/1:1/23 is trying to release lock (rcu_read_lock_bh) at:
[   27.994724] [<ffffffff8478edcb>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[   28.001712] but there are no more locks to release!
[   28.006703] 
[   28.006703] other info that might help us debug this:
[   28.013349] 5 locks held by kworker/1:1/23:
[   28.017648]  #0:  ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<00000000598915e1>] process_one_work+0xaaf/0x1af0
[   28.028480]  #1:  ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<0000000026ab10ae>] process_one_work+0xb01/0x1af0
[   28.039827]  #2:  (rtnl_mutex){+.+.}, at: [<000000009042442b>] rtnl_lock+0x17/0x20
[   28.047511]  #3:  (rcu_read_lock){....}, at: [<00000000ce254b90>] ndisc_send_skb+0x826/0x1370
[   28.056154]  #4:  (rcu_read_lock){....}, at: [<0000000096799967>] nf_hook.constprop.27+0x0/0x830
[   28.065070] 
[   28.065070] stack backtrace:
[   28.069545] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #322
[   28.076434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.085775] Workqueue: ipv6_addrconf addrconf_dad_work
[   28.091028] Call Trace:
[   28.093596]  dump_stack+0x194/0x257
[   28.097193]  ? arch_local_irq_restore+0x53/0x53
[   28.101837]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   28.107264]  print_unlock_imbalance_bug+0x12f/0x140
[   28.112266]  lock_release+0x6fe/0xa40
[   28.116041]  ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[   28.121466]  ? lock_downgrade+0x980/0x980
[   28.125590]  ? lock_release+0xa40/0xa40
[   28.129546]  ? __raw_spin_lock_init+0x1c/0x100
[   28.134103]  ? do_raw_spin_trylock+0x190/0x190
[   28.138669]  hashlimit_mt_common.isra.10+0x1c08/0x2610
[   28.143924]  ? dsthash_find+0x5b0/0x5b0
[   28.147876]  ? __lock_acquire+0x664/0x3e00
[   28.152090]  ? ret_from_fork+0x3a/0x50
[   28.155958]  ? print_irqtrace_events+0x270/0x270
[   28.160689]  ? __unwind_start+0x169/0x330
[   28.164809]  hashlimit_mt+0x78/0x90
[   28.168411]  ? hashlimit_mt+0x78/0x90
[   28.172187]  ip6t_do_table+0x98d/0x1a30
[   28.176140]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.181306]  ? ip6t_error+0x60/0x60
[   28.184904]  ? check_noncircular+0x20/0x20
[   28.189113]  ? lock_acquire+0x1d5/0x580
[   28.193062]  ? lock_acquire+0x1d5/0x580
[   28.197011]  ? pndisc_destructor+0x340/0x340
[   28.201396]  ? lock_release+0xa40/0xa40
[   28.205346]  ip6table_raw_hook+0x65/0x80
[   28.209383]  nf_hook_slow+0xba/0x1a0
[   28.213067]  nf_hook.constprop.27+0x3f6/0x830
[   28.217539]  ? pndisc_destructor+0x340/0x340
[   28.221920]  ? find_held_lock+0x35/0x1d0
[   28.225961]  ? lock_acquire+0x1d5/0x580
[   28.229911]  ? lock_acquire+0x1d5/0x580
[   28.233864]  ? ndisc_send_skb+0x826/0x1370
[   28.238076]  ? lock_downgrade+0x980/0x980
[   28.242199]  ? lock_release+0xa40/0xa40
[   28.246148]  ? ndisc_error_report+0x180/0x180
[   28.250622]  ndisc_send_skb+0xa51/0x1370
[   28.254654]  ? nf_hook.constprop.27+0x830/0x830
[   28.259304]  ? check_noncircular+0x20/0x20
[   28.263516]  ? refcount_add_not_zero+0x133/0x200
[   28.268246]  ? refcount_dec_if_one+0x20/0x20
[   28.272630]  ? print_irqtrace_events+0x270/0x270
[   28.277356]  ndisc_send_ns+0x38a/0x870
[   28.281219]  ? ndisc_netdev_event+0x4a0/0x4a0
[   28.285688]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.290671]  ? addrconf_dad_work+0xa5e/0x1320
[   28.295143]  addrconf_dad_work+0xb9e/0x1320
[   28.299439]  ? addrconf_dad_work+0xb9e/0x1320
[   28.303902]  ? addrconf_ifdown+0x14f0/0x14f0
[   28.308284]  ? __lock_is_held+0xb6/0x140
[   28.312325]  process_one_work+0xbbf/0x1af0
[   28.316532]  ? process_one_work+0xbbf/0x1af0
[   28.320926]  ? pwq_dec_nr_in_flight+0x450/0x450
[   28.325569]  ? __schedule+0x90d/0x2070
[   28.329432]  ? __lock_acquire+0x664/0x3e00
[   28.333654]  ? check_noncircular+0x20/0x20
[   28.337868]  ? check_noncircular+0x20/0x20
[   28.342079]  ? lock_acquire+0x1d5/0x580
[   28.346028]  ? lock_acquire+0x1d5/0x580
[   28.349974]  ? worker_thread+0x4a3/0x1990
[   28.354093]  ? lock_downgrade+0x980/0x980
[   28.358216]  ? lock_release+0xa40/0xa40
[   28.362166]  ? retint_kernel+0x10/0x10
[   28.366025]  ? do_raw_spin_trylock+0x190/0x190
[   28.370588]  worker_thread+0x223/0x1990
[   28.374537]  ? finish_task_switch+0x1c0/0x860
[   28.379016]  ? process_one_work+0x1af0/0x1af0
[   28.383489]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.388473]  ? trace_hardirqs_on+0xd/0x10
[   28.392592]  ? mmdrop+0x18/0x30
[   28.395845]  ? finish_task_switch+0x279/0x860
[   28.400313]  ? copy_overflow+0x20/0x20
[   28.404180]  ? __schedule+0x90d/0x2070
[   28.408046]  ? check_noncircular+0x20/0x20
[   28.412255]  ? find_held_lock+0x35/0x1d0
[   28.416284]  ? find_held_lock+0x35/0x1d0
[   28.420322]  ? find_held_lock+0x35/0x1d0
[   28.424359]  ? complete+0x62/0x80
[   28.427788]  ? __schedule+0x2070/0x2070
[   28.431737]  ? do_wait_intr_irq+0x3e0/0x3e0
[   28.436031]  ? __lockdep_init_map+0xe4/0x650
[   28.440413]  ? do_raw_spin_trylock+0x190/0x190
[   28.444964]  ? lockdep_init_map+0x9/0x10
[   28.449003]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   28.454083]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.459067]  ? trace_hardirqs_on+0xd/0x10
[   28.463188]  ? __kthread_parkme+0x175/0x240
[   28.467484]  kthread+0x