[....] Starting enhanced syslogd: rsyslogd[ 16.364756] audit: type=1400 audit(1519147341.352:5): avc: denied { syslog } for pid=4011 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.982829] audit: type=1400 audit(1519147343.970:6): avc: denied { map } for pid=4149 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 30.062062] audit: type=1400 audit(1519147355.049:7): avc: denied { map } for pid=4164 comm="syzkaller381020" path="/root/syzkaller381020037" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 30.073790] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 30.088071] audit: type=1400 audit(1519147355.054:8): avc: denied { sys_admin } for pid=4164 comm="syzkaller381020" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.137318] audit: type=1400 audit(1519147355.124:9): avc: denied { net_admin } for pid=4165 comm="syzkaller381020" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 30.342833] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 30.694382] audit: type=1400 audit(1519147355.682:10): avc: denied { sys_chroot } for pid=4165 comm="syzkaller381020" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.719212] audit: type=1400 audit(1519147355.682:11): avc: denied { net_raw } for pid=4165 comm="syzkaller381020" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.719658] [ 30.745217] ===================================== [ 30.750030] WARNING: bad unlock balance detected! [ 30.754843] 4.16.0-rc2+ #322 Not tainted [ 30.758914] ------------------------------------- [ 30.763735] kworker/1:0/17 is trying to release lock (rcu_read_lock_bh) at: [ 30.770831] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 30.777815] but there are no more locks to release! [ 30.782800] [ 30.782800] other info that might help us debug this: [ 30.789528] 5 locks held by kworker/1:0/17: [ 30.793819] #0: ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: [<00000000a65cc277>] process_one_work+0xaaf/0x1af0 [ 30.805560] #1: ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: [<00000000a4b53079>] process_one_work+0xb01/0x1af0 [ 30.816931] #2: (rtnl_mutex){+.+.}, at: [<00000000a485d206>] rtnl_lock+0x17/0x20 [ 30.824616] #3: (rcu_read_lock){....}, at: [<00000000b3d88d24>] ndisc_send_skb+0x826/0x1370 [ 30.833260] #4: (rcu_read_lock){....}, at: [<00000000f257468f>] nf_hook.constprop.27+0x0/0x830 [ 30.842166] [ 30.842166] stack backtrace: [ 30.846634] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 4.16.0-rc2+ #322 [ 30.853536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.862876] Workqueue: ipv6_addrconf addrconf_dad_work [ 30.868127] Call Trace: [ 30.870687] dump_stack+0x194/0x257 [ 30.874290] ? arch_local_irq_restore+0x53/0x53 [ 30.878934] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 30.885228] print_unlock_imbalance_bug+0x12f/0x140 [ 30.890233] lock_release+0x6fe/0xa40 [ 30.894013] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 30.899441] ? lock_downgrade+0x980/0x980 [ 30.903560] ? lock_release+0xa40/0xa40 [ 30.907507] ? __raw_spin_lock_init+0x1c/0x100 [ 30.912060] ? do_raw_spin_trylock+0x190/0x190 [ 30.916620] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 30.921870] ? dsthash_find+0x5b0/0x5b0 [ 30.925821] ? __lock_acquire+0x664/0x3e00 [ 30.930036] ? ret_from_fork+0x3a/0x50 [ 30.933904] ? print_irqtrace_events+0x270/0x270 [ 30.938638] ? __unwind_start+0x169/0x330 [ 30.942759] hashlimit_mt+0x78/0x90 [ 30.946357] ? hashlimit_mt+0x78/0x90 [ 30.950146] ip6t_do_table+0x98d/0x1a30 [ 30.954109] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 30.959275] ? ip6t_error+0x60/0x60 [ 30.962874] ? check_noncircular+0x20/0x20 [ 30.967080] ? lock_acquire+0x1d5/0x580 [ 30.971038] ? lock_acquire+0x1d5/0x580 [ 30.974991] ? pndisc_destructor+0x340/0x340 [ 30.979374] ? lock_release+0xa40/0xa40 [ 30.983321] ip6table_raw_hook+0x65/0x80 [ 30.987355] nf_hook_slow+0xba/0x1a0 [ 30.991049] nf_hook.constprop.27+0x3f6/0x830 [ 30.995537] ? pndisc_destructor+0x340/0x340 [ 30.999941] ? find_held_lock+0x35/0x1d0 [ 31.003976] ? lock_acquire+0x1d5/0x580 [ 31.007918] ? lock_acquire+0x1d5/0x580 [ 31.011862] ? ndisc_send_skb+0x826/0x1370 [ 31.016067] ? lock_downgrade+0x980/0x980 [ 31.020183] ? lock_release+0xa40/0xa40 [ 31.024125] ? ndisc_error_report+0x180/0x180 [ 31.028594] ndisc_send_skb+0xa51/0x1370 [ 31.032623] ? nf_hook.constprop.27+0x830/0x830 [ 31.037257] ? check_noncircular+0x20/0x20 [ 31.041461] ? refcount_add_not_zero+0x133/0x200 [ 31.046182] ? refcount_dec_if_one+0x20/0x20 [ 31.050557] ? print_irqtrace_events+0x270/0x270 [ 31.055286] ndisc_send_ns+0x38a/0x870 [ 31.059141] ? ndisc_netdev_event+0x4a0/0x4a0 [ 31.063603] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.068591] ? addrconf_dad_work+0xa5e/0x1320 [ 31.073055] addrconf_dad_work+0xb9e/0x1320 [ 31.077342] ? addrconf_dad_work+0xb9e/0x1320 [ 31.081812] ? addrconf_ifdown+0x14f0/0x14f0 [ 31.086190] ? __lock_is_held+0xb6/0x140 [ 31.090225] process_one_work+0xbbf/0x1af0 [ 31.094426] ? process_one_work+0xbbf/0x1af0 [ 31.098813] ? pwq_dec_nr_in_flight+0x450/0x450 [ 31.103471] ? __schedule+0x90d/0x2070 [ 31.107325] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 31.112396] ? check_noncircular+0x20/0x20 [ 31.116597] ? lock_downgrade+0x980/0x980 [ 31.120715] ? do_wait_intr_irq+0x3e0/0x3e0 [ 31.125006] ? lock_acquire+0x1d5/0x580 [ 31.128946] ? lock_acquire+0x1d5/0x580 [ 31.132886] ? worker_thread+0x4a3/0x1990 [ 31.137001] ? lock_downgrade+0x980/0x980 [ 31.141116] ? lock_release+0xa40/0xa40 [ 31.145058] ? try_to_del_timer_sync+0xe0/0x130 [ 31.149692] ? do_raw_spin_trylock+0x190/0x190 [ 31.154243] worker_thread+0x223/0x1990 [ 31.158185] ? finish_task_switch+0x1c0/0x860 [ 31.162661] ? process_one_work+0x1af0/0x1af0 [ 31.167123] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.172106] ? trace_hardirqs_on+0xd/0x10 [ 31.176223] ? mmdrop+0x18/0x30 [ 31.179468] ? finish_task_switch+0x279/0x860 [ 31.183931] ? copy_overflow+0x20/0x20 [ 31.187788] ? __schedule+0x90d/0x2070 [ 31.191644] ? check_noncircular+0x20/0x20 [ 31.195846] ? find_held_lock+0x35/0x1d0 [ 31.199873] ? find_held_lock+0x35/0x1d0 [ 31.203902] ? find_held_lock+0x35/0x1d0 [ 31.207929] ? complete+0x62/0x80 [ 31.211350] ? __schedule+0x2070/0x2070 [ 31.215294] ? do_wait_intr_irq+0x3e0/0x3e0 [ 31.219592] ? __lockdep_init_map+0xe4/0x650 [ 31.223969] ? do_raw_spin_trylock+0x190/0x190 [ 31.228519] ? lockdep_init_map+0x9/0x10 [ 31.232546] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 31.237618] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.242601] ? trace_hardirqs_on+0xd/0x10