[....] Starting enhanced syslogd: rsyslogd[ 14.699627] audit: type=1400 audit(1519296087.494:5): avc: denied { syslog } for pid=3953 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.014274] audit: type=1400 audit(1519296092.809:6): avc: denied { map } for pid=4094 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.211' (ECDSA) to the list of known hosts. [ 40.385138] audit: type=1400 audit(1519296113.179:7): avc: denied { map } for pid=4111 comm="syzkaller762566" path="/root/syzkaller762566018" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.393200] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 40.411093] audit: type=1400 audit(1519296113.180:8): avc: denied { sys_admin } for pid=4111 comm="syzkaller762566" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 40.459315] audit: type=1400 audit(1519296113.254:9): avc: denied { net_admin } for pid=4112 comm="syzkaller762566" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 40.631904] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 40.943334] audit: type=1400 audit(1519296113.738:10): avc: denied { sys_chroot } for pid=4112 comm="syzkaller762566" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 40.968458] xt_connbytes: Forcing CT accounting to be enabled [ 40.975403] [ 40.977025] ===================================== [ 40.981835] WARNING: bad unlock balance detected! [ 40.986651] 4.16.0-rc2+ #323 Not tainted [ 40.990681] ------------------------------------- [ 40.995494] kworker/1:1/24 is trying to release lock (rcu_read_lock_bh) at: [ 41.002585] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 41.009579] but there are no more locks to release! [ 41.014568] [ 41.014568] other info that might help us debug this: [ 41.021205] 5 locks held by kworker/1:1/24: [ 41.025495] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<00000000d865b7e2>] process_one_work+0xaaf/0x1af0 [ 41.036313] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<0000000057e27b94>] process_one_work+0xb01/0x1af0 [ 41.047655] #2: (rtnl_mutex){+.+.}, at: [<000000000a2b235f>] rtnl_lock+0x17/0x20 [ 41.055355] #3: (rcu_read_lock){....}, at: [<000000008f54a79c>] ndisc_send_skb+0x826/0x1370 [ 41.064003] #4: (rcu_read_lock){....}, at: [<000000002f876d3f>] nf_hook.constprop.27+0x0/0x830 [ 41.072907] [ 41.072907] stack backtrace: [ 41.077380] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #323 [ 41.084276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.093613] Workqueue: ipv6_addrconf addrconf_dad_work [ 41.098859] Call Trace: [ 41.101435] dump_stack+0x194/0x257 [ 41.105041] ? arch_local_irq_restore+0x53/0x53 [ 41.109681] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 41.115100] print_unlock_imbalance_bug+0x12f/0x140 [ 41.120098] lock_release+0x6fe/0xa40 [ 41.123886] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 41.129309] ? lock_downgrade+0x980/0x980 [ 41.133426] ? lock_release+0xa40/0xa40 [ 41.137367] ? __raw_spin_lock_init+0x1c/0x100 [ 41.141918] ? do_raw_spin_trylock+0x190/0x190 [ 41.146472] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 41.151722] ? dsthash_find+0x5b0/0x5b0 [ 41.155665] ? __lock_is_held+0xb6/0x140 [ 41.159699] ? rcu_read_lock_held+0xa9/0xc0 [ 41.163994] ? __nf_ct_l4proto_find+0x123/0x1c0 [ 41.168633] ? ip_vs_in+0xb98/0x24d0 [ 41.172315] ? ip_vs_out+0x24a/0x1b30 [ 41.176083] ? ip_vs_in_icmp+0x23c0/0x23c0 [ 41.180287] ? nf_conntrack_in+0x439/0x1450 [ 41.184578] ? __unwind_start+0x169/0x330 [ 41.188698] hashlimit_mt+0x78/0x90 [ 41.192294] ? hashlimit_mt+0x78/0x90 [ 41.196063] ip6t_do_table+0x98d/0x1a30 [ 41.200028] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 41.205189] ? ip6t_error+0x60/0x60 [ 41.208785] ? check_noncircular+0x20/0x20 [ 41.212991] ? lock_acquire+0x1d5/0x580 [ 41.216931] ? lock_acquire+0x1d5/0x580 [ 41.220875] ? pndisc_destructor+0x340/0x340 [ 41.225264] ip6table_filter_hook+0x65/0x80 [ 41.229560] nf_hook_slow+0xba/0x1a0 [ 41.233244] nf_hook.constprop.27+0x3f6/0x830 [ 41.237709] ? pndisc_destructor+0x340/0x340 [ 41.242084] ? find_held_lock+0x35/0x1d0 [ 41.246114] ? lock_acquire+0x1d5/0x580 [ 41.250233] ? lock_acquire+0x1d5/0x580 [ 41.254176] ? ndisc_send_skb+0x826/0x1370 [ 41.258381] ? lock_downgrade+0x980/0x980 [ 41.262508] ? lock_release+0xa40/0xa40 [ 41.266463] ? ndisc_error_report+0x180/0x180 [ 41.270944] ndisc_send_skb+0xa51/0x1370 [ 41.274984] ? nf_hook.constprop.27+0x830/0x830 [ 41.279633] ? check_noncircular+0x20/0x20 [ 41.283849] ? refcount_add_not_zero+0x133/0x200 [ 41.288583] ? refcount_dec_if_one+0x20/0x20 [ 41.292976] ? print_irqtrace_events+0x270/0x270 [ 41.297708] ndisc_send_ns+0x38a/0x870 [ 41.301580] ? ndisc_netdev_event+0x4a0/0x4a0 [ 41.306053] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.311039] ? addrconf_dad_work+0xa5e/0x1320 [ 41.315512] addrconf_dad_work+0xb9e/0x1320 [ 41.319815] ? addrconf_dad_work+0xb9e/0x1320 [ 41.324287] ? addrconf_ifdown+0x14f0/0x14f0 [ 41.328675] ? __lock_is_held+0xb6/0x140 [ 41.332709] process_one_work+0xbbf/0x1af0 [ 41.336913] ? process_one_work+0xbbf/0x1af0 [ 41.341299] ? pwq_dec_nr_in_flight+0x450/0x450 [ 41.345942] ? __schedule+0x90d/0x2070 [ 41.349803] ? __lock_acquire+0x664/0x3e00 [ 41.354007] ? check_noncircular+0x20/0x20 [ 41.358211] ? check_noncircular+0x20/0x20 [ 41.362415] ? lock_acquire+0x1d5/0x580 [ 41.366356] ? lock_acquire+0x1d5/0x580 [ 41.370309] ? worker_thread+0x4a3/0x1990 [ 41.374426] ? lock_downgrade+0x980/0x980 [ 41.378542] ? lock_release+0xa40/0xa40 [ 41.382486] ? pr_cont_work+0x130/0x130 [ 41.386428] ? check_noncircular+0x20/0x20 [ 41.390640] ? do_raw_spin_trylock+0x190/0x190 [ 41.395196] worker_thread+0x223/0x1990 [ 41.399140] ? finish_task_switch+0x1c0/0x860 [ 41.403621] ? process_one_work+0x1af0/0x1af0 [ 41.408092] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.413087] ? trace_hardirqs_on+0xd/0x10 [ 41.417204] ? mmdrop+0x18/0x30 [ 41.420454] ? finish_task_switch+0x279/0x860 [ 41.424924] ? copy_overflow+0x20/0x20 [ 41.428799] ? __schedule+0x90d/0x2070 [ 41.432672] ? check_noncircular+0x20/0x20 [ 41.436876] ? find_held_lock+0x35/0x1d0 [ 41.440909] ? find_held_lock+0x35/0x1d0 [ 41.444942] ? find_held_lock+0x35/0x1d0 [ 41.448975] ? complete+0x62/0x80 [ 41.452402] ? __schedule+0x2070/0x2070 [ 41.456346] ? do_wait_intr_irq+0x3e0/0x3e0 [ 41.460637] ? __lockdep_init_map+0xe4/0x650 [ 41.465021] ? do_raw_spin_trylock+0x190/0x190 [ 41.469571] ? lockdep_init_map+0x9/0x10 [ 41.473603] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 41.478673] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.483658] ? trace_hardirqs_on+0xd/0x10 [ 41.487777] ? __kthread_parkme+0x175/0x240 [ 41.492089] kthread+0x33c/0x400 [ 4