[....] Starting enhanced syslogd: rsyslogd[ 15.544390] audit: type=1400 audit(1519118437.390:5): avc: denied { syslog } for pid=3948 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 18.955453] audit: type=1400 audit(1519118440.800:6): avc: denied { map } for pid=4087 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
[ 25.263563] audit: type=1400 audit(1519118447.109:7): avc: denied { map } for pid=4101 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/02/20 09:20:47 parsed 1 programs
2018/02/20 09:20:47 executed programs: 0
[ 25.531509] audit: type=1400 audit(1519118447.377:8): avc: denied { map } for pid=4101 comm="syz-execprog" path="/root/syzkaller-shm754023049" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 25.548855] IPVS: ftp: loaded support on port[0] = 21
[ 25.786685] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 26.183400]
[ 26.185060] =====================================
[ 26.189868] WARNING: bad unlock balance detected!
[ 26.194679] 4.16.0-rc1+ #232 Not tainted
[ 26.198706] -------------------------------------
[ 26.203516] syz-executor0/4109 is trying to release lock (rcu_read_lock_bh) at:
[ 26.210945] [<ffffffff8478b78b>] hashlimit_mt_common.isra.10+0x1beb/0x2610
[ 26.217924] but there are no more locks to release!
[ 26.222906]
[ 26.222906] other info that might help us debug this:
[ 26.229543] 6 locks held by syz-executor0/4109:
[ 26.234176] #0: (sb_writers#4){.+.+}, at: [<00000000d32dbed3>] mnt_want_write+0x3f/0xb0
[ 26.242472] #1: (&type->i_mutex_dir_key/1){+.+.}, at: [<00000000c7b44eef>] do_rmdir+0x380/0x5f0
[ 26.251459] #2: (sb_internal){.+.+}, at: [<00000000e0df12a5>] ext4_evict_inode+0x5e3/0x17d0
[ 26.260099] #3: ((&idev->mc_ifc_timer)){+.-.}, at: [<000000008de23c89>] call_timer_fn+0x1c6/0x820
[ 26.269259] #4: (rcu_read_lock){....}, at: [<000000001b46c3f8>] mld_sendpack+0x180/0xe70
[ 26.277636] #5: (rcu_read_lock){....}, at: [<0000000007e38dd3>] nf_hook.constprop.37+0x0/0x830
[ 26.286536]
[ 26.286536] stack backtrace:
[ 26.291004] CPU: 0 PID: 4109 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #232
[ 26.298252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.307583] Call Trace:
[ 26.310140] <IRQ>
[ 26.312276] dump_stack+0x194/0x257
[ 26.315993] ? arch_local_irq_restore+0x53/0x53
[ 26.320657] ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[ 26.326091] print_unlock_imbalance_bug+0x12f/0x140
[ 26.331081] lock_release+0x6fe/0xa40
[ 26.334854] ? hashlimit_mt_common.isra.10+0x1beb/0x2610
[ 26.340293] ? lock_downgrade+0x980/0x980
[ 26.344411] ? lock_release+0xa40/0xa40
[ 26.348356] ? __raw_spin_lock_init+0x1c/0x100
[ 26.352907] ? do_raw_spin_trylock+0x190/0x190
[ 26.357461] hashlimit_mt_common.isra.10+0x1c08/0x2610
[ 26.362709] ? lock_downgrade+0x980/0x980
[ 26.366832] ? dsthash_find+0x5b0/0x5b0
[ 26.370780] ? __lock_acquire+0x664/0x3e00
[ 26.374985] ? is_bpf_text_address+0x7b/0x120
[ 26.379450] ? lock_downgrade+0x8da/0x980
[ 26.383574] ? rcutorture_record_progress+0x10/0x10
[ 26.388564] ? __kernel_text_address+0xd/0x40
[ 26.393030] ? unwind_get_return_address+0x61/0xa0
[ 26.397932] hashlimit_mt+0x78/0x90
[ 26.401530] ? hashlimit_mt+0x78/0x90
[ 26.405302] ip6t_do_table+0x98d/0x1a30
[ 26.409250] ? kmem_cache_alloc_trace+0x136/0x740
[ 26.414065] ? mld_sendpack+0x617/0xe70
[ 26.418013] ? ip6t_error+0x60/0x60
[ 26.421611] ? check_noncircular+0x20/0x20
[ 26.425816] ? lock_acquire+0x1d5/0x580
[ 26.429760] ? lock_acquire+0x1d5/0x580
[ 26.433710] ? igmp6_mcf_seq_next+0x660/0x660
[ 26.438175] ? lock_release+0xa40/0xa40
[ 26.442122] ip6table_raw_hook+0x65/0x80
[ 26.446157] nf_hook_slow+0xba/0x1a0
[ 26.449845] nf_hook.constprop.37+0x3f6/0x830
[ 26.454312] ? igmp6_mcf_seq_next+0x660/0x660
[ 26.458780] ? trace_hardirqs_on+0xd/0x10
[ 26.462901] ? __local_bh_enable_ip+0x121/0x230
[ 26.467542] ? _raw_spin_unlock_bh+0x30/0x40
[ 26.471920] ? rt6_uncached_list_add+0x1b7/0x240
[ 26.476646] ? rt6_fill_node+0x18b0/0x18b0
[ 26.480856] ? icmp6_dst_alloc+0x475/0x660
[ 26.485064] ? ip6_mc_leave_src+0x1d0/0x1d0
[ 26.489357] ? icmpv6_flow_init+0x1f6/0x270
[ 26.493648] mld_sendpack+0x6c2/0xe70
[ 26.497420] ? nf_hook.constprop.37+0x830/0x830
[ 26.502061] ? mark_held_locks+0xaf/0x100
[ 26.506179] ? trace_hardirqs_on+0xd/0x10
[ 26.510382] ? __local_bh_enable_ip+0x121/0x230
[ 26.515022] mld_ifc_timer_expire+0x3d9/0x770
[ 26.519488] call_timer_fn+0x228/0x820
[ 26.523347] ? mld_dad_timer_expire+0x100/0x100
[ 26.527986] ? process_timeout+0x40/0x40
[ 26.532017] ? __run_timers+0x7e3/0xb70
[ 26.535964] ? lock_downgrade+0x980/0x980
[ 26.540086] ? debug_object_deactivate+0x364/0x560
[ 26.544986] ? lock_release+0xa40/0xa40
[ 26.548932] ? mark_held_locks+0xaf/0x100
[ 26.553051] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 26.558734] ? mld_dad_timer_expire+0x100/0x100
[ 26.563370] ? mld_dad_timer_expire+0x100/0x100
[ 26.568012] __run_timers+0x7ee/0xb70
[ 26.571786] ? trigger_dyntick_cpu.isra.29+0x150/0x150
[ 26.577045] ? timerqueue_add+0x1e9/0x280
[ 26.581164] ? check_noncircular+0x20/0x20
[ 26.585371] ? enqueue_hrtimer+0x177/0x4b0
[ 26.589586] ? lock_release+0xa40/0xa40
[ 26.593529] ? retrigger_next_event+0x1e0/0x1e0
[ 26.598345] ? print_irqtrace_events+0x270/0x270
[ 26.603070] ? check_noncircular+0x20/0x20
[ 26.607275] ? clockevents_program_event+0x163/0x2e0
[ 26.612347] ? lock_downgrade+0x980/0x980
[ 26.616466] ? __lock_is_held+0xb6/0x140
[ 26.620511] run_timer_softirq+0x4c/0x70
[ 26.624547] __do_softirq+0x2d7/0xb85
[ 26.628317] ? ktime_get+0x26f/0x3a0
[ 26.632005] ? __irqentry_text_end+0x1f8ee4/0x1f8ee4
[ 26.637081] ? check_noncircular+0x20/0x20
[ 26.641291] ? native_apic_msr_write+0x5c/0x80
[ 26.645843] ? lapic_next_event+0x54/0x80
[ 26.649964] ? clockevents_program_event+0x108/0x2e0
[ 26.655039] ? tick_program_event+0x83/0x100
[ 26.659432] ? __lock_is_held+0xb6/0x140
[ 26.663467] irq_exit+0x1cc/0x200
[ 26.666892] smp_apic_timer_interrupt+0x16b/0x700
[ 26.671801] ? smp_reschedule_interrupt+0xe6/0x650
[ 26.676699] ? smp_call_function_single_interrupt+0x640/0x640
[ 26.682567] ? _raw_spin_lock+0x32/0x40
[ 26.686512] ? _raw_spin_unlock+0x22/0x30
[ 26.690631] ? handle_edge_irq+0x2b4/0x7c0
[ 26.694842] ? task_prio+0x50/0x50
[ 26.698443] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 26.703258] ? jbd2_journal_stop+0x482/0x1490
[ 26.707724] apic_timer_interrupt+0xa9/0xb0
[ 26.712015] </IRQ>
[ 26.714226] RIP: 0010:kmem_cache_free+0xf2/0x2a0
[ 26.718960] RSP: 0018:ffff8801befff2c8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff12
[ 26.726639] RAX: 0000000000000007 RBX: ffff8801d50eb800 RCX: 0000000000000006
[ 26.733879] RDX: 0000000000000000 RSI: 1ffff10037b8ed65 RDI: 0000000000000282
[ 26.741121] RBP: ffff8801befff2e8 R08: 1ffff10037dffe27 R09: 0000000000000000
[ 26.748361] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b07d67c0
[ 26.755602] R13: 0000000000000282 R14: ffffffff81f0f2a2 R15: ffff8801bdc76240
[ 26.762849] ? jbd2_journal_stop+0x482/0x1490
[ 26.767317] jbd2_journal_stop+0x482/0x1490
[ 26.771610] ? ext4_free_inode+0x21b/0x1740
[ 26.775903] ? jbd2_buffer_abort_trigger+0x90/0x90
[ 26.780808] ? ext4_mark_bitmap_end+0x40/0x40
[ 26.785277] ? ext4_mark_inode_dirty+0x21d/0xa10
[ 26.790005] ? ext4_unlink+0x1100/0x1100
[ 26.794035] ? ext4_evict_inode+0xbfd/0x17d0
[ 26.798430] ? ext4_expand_extra_isize+0x580/0x580
[ 26.803330] ? ext4_xattr_ensure_credits+0x6e/0x2a0
[ 26.808316] ? ext4_xattr_delete_inode+0x24d/0xdf0
[ 26.813216] ? ext4_expand_extra_isize_ea+0x1910/0x1910
[ 26.818553] __ext4_journal_stop+0x12c/0x1c0
[ 26.822935] ext4_evict_inode+0xc2b/0x17d0
[ 26.827146] ? ext4_da_write_begin+0x1020/0x1020
[ 26.831876] ? inode_wait_for_writeback+0x2f/0x40
[ 26.836691] ? lock_downgrade+0x980/0x980
[ 26.840810] ? lock_release+0xa40/0xa40
[ 26.844761] ? __inode_wait_for_writeback+0x292/0x330
[ 26.849922] ? do_raw_spin_trylock+0x190/0x190
[ 26.854477] ? bit_waitqueue+0x30/0x30
[ 26.860941] ? _raw_spin_unlock+0x22/0x30
[ 26.865059] ? ext4_da_write_begin+0x1020/0x1020
[ 26.869786] evict+0x481/0x920
[ 26.872949] ? destroy_inode+0x200/0x200
[ 26.876981] ? iput+0x7b1/0xaf0
[ 26.880323] ? lock_downgrade+0x980/0x980
[ 26.884442] ? rcu_read_lock_sched_held+0x108/0x120
[ 26.889429] ? ext4_drop_inode+0x10c/0x390
[ 26.893635] ? ext4_sync_fs+0x9f0/0x9f0
[ 26.897582] ? do_raw_spin_trylock+0x190/0x190
[ 26.902136] ? cpumask_local_spread+0x260/0x260
[ 26.906785] ? lock_downgrade+0x980/0x980
[ 26.910904] iput+0x7b9/0xaf0
[ 26.913979] ? ext4_sync_fs+0x9f0/0x9f0
[ 26.917923] ? dispose_list+0x3f0/0x3f0
[ 26.921872] ? fsnotify_grab_connector+0x17f/0x270
[ 26.926771] ? fsnotify_recalc_mask.part.6+0xa0/0xa0
[ 26.931844] ? find_held_lock+0x35/0x1d0
[ 26.935875] ? do_raw_spin_trylock+0x190/0x190
[ 26.940429] ? fsnotify_first_mark+0x2b0/0x2b0
[ 26.944983] ? fsnotify_destroy_marks+0x13e/0x190
[ 26.949798] dentry_unlink_inode+0x4b0/0x5e0
[ 26.954173] ? d_delete+0x66/0x280
[ 26.957684] ? release_dentry_name_snapshot+0x70/0x70
[ 26.962845] ? lock_release+0xa40/0xa40
[ 26.966796] d_delete+0x1ca/0x280
[ 26.970220] vfs_rmdir+0x32d/0x410
[ 26.973734] do_rmdir+0x4c8/0x5f0
[ 26.977171] ? user_path_create+0x40/0x40
[ 26.981296] ? exit_to_usermode_loop+0x198/0x2f0
[ 26.986022] ? fillonedir+0x250/0x250
[ 26.989796] ? do_syscall_64+0xb7/0x940
[ 26.993745] ? SyS_mkdir+0x2a0/0x2a0
[ 26.997428] SyS_rmdir+0x1a/0x20
[ 27.000770] do_syscall_64+0x282/0x940
[ 27.004631] ? __do_page_fault+0xc90/0xc90
[ 27.008839] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 27.013566] ? syscall_return_slowpath+0x550/0x550
[ 27.018467] ? syscall_return_slowpath+0x2ac/0x550
[ 27.023366] ? prepare_exit_to_usermode+0x350/0x350
[ 27.028356] ? entry_SYSCALL_64_after_hwframe+0x36/0x9b
[ 27.033691] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 27.038506] entry_SYSCALL_64_after_hwframe+0x26/0x9b
[ 27.043668] RIP: 0033:0x453b37
[ 27.046830] RSP: 002b:00007ffe1da37098 EFLAGS: 00000202 ORIG_RAX: 0000000000000054
[ 27.054509] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 0000000000453b37
[ 27.061749] RDX: 0000000000000000 RSI: 00007ffe1da38e50 RDI: 00007ffe1da38e50
[ 27.068990] RBP: 00007ffe1da38e50 R08: 0000000000000001 R09: 0000000000000001
[ 27.076229] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000027e1940
[ 27.083468] R13: 0000000000000000 R14: 0000000000000003 R15: 00000000027e0914
2018/02/20 09:20:52 executed programs: 468
2018/02/20 09:20:57 executed programs: 1141