[ 39.621672][ T26] audit: type=1800 audit(1555827756.668:26): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.654391][ T26] audit: type=1800 audit(1555827756.678:27): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 39.683178][ T26] audit: type=1800 audit(1555827756.678:28): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.377416][ T26] audit: type=1800 audit(1555827757.448:29): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. 2019/04/21 06:22:46 parsed 1 programs 2019/04/21 06:22:48 executed programs: 0 syzkaller login: [ 50.978049][ T7960] IPVS: ftp: loaded support on port[0] = 21 [ 51.035751][ T7960] chnl_net:caif_netlink_parms(): no params data found [ 51.066679][ T7960] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.074276][ T7960] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.081998][ T7960] device bridge_slave_0 entered promiscuous mode [ 51.090013][ T7960] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.097076][ T7960] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.104949][ T7960] device bridge_slave_1 entered promiscuous mode [ 51.121533][ T7960] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.131094][ T7960] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.148224][ T7960] team0: Port device team_slave_0 added [ 51.154892][ T7960] team0: Port device team_slave_1 added [ 51.229516][ T7960] device hsr_slave_0 entered promiscuous mode [ 51.297526][ T7960] device hsr_slave_1 entered promiscuous mode [ 51.385541][ T7960] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.392792][ T7960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.400773][ T7960] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.407912][ T7960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.440867][ T7960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.452528][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.462792][ T2941] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.471199][ T2941] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.479964][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.492375][ T7960] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.502521][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.511326][ T3482] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.518419][ T3482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.540178][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.548852][ T2941] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.555891][ T2941] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.564089][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.572833][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.581229][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.589291][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.597807][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.607626][ T7960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.625391][ T7960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.686361][ T7966] [ 51.688724][ T7966] ====================================================== [ 51.695730][ T7966] WARNING: possible circular locking dependency detected [ 51.702733][ T7966] 5.1.0-rc5-next-20190418 #28 Not tainted [ 51.708429][ T7966] ------------------------------------------------------ [ 51.715434][ T7966] syz-executor.0/7966 is trying to acquire lock: [ 51.721745][ T7966] 00000000282c7544 (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 51.729923][ T7966] [ 51.729923][ T7966] but task is already holding lock: [ 51.737282][ T7966] 0000000039a77e11 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 51.746127][ T7966] [ 51.746127][ T7966] which lock already depends on the new lock. [ 51.746127][ T7966] [ 51.756522][ T7966] [ 51.756522][ T7966] the existing dependency chain (in reverse order) is: [ 51.765535][ T7966] [ 51.765535][ T7966] -> #1 (&iint->mutex){+.+.}: [ 51.772397][ T7966] lock_acquire+0x16f/0x3f0 [ 51.777405][ T7966] __mutex_lock+0xf7/0x1310 [ 51.782410][ T7966] mutex_lock_nested+0x16/0x20 [ 51.787680][ T7966] process_measurement+0x354/0x1570 [ 51.793398][ T7966] ima_file_check+0xc5/0x110 [ 51.798491][ T7966] path_openat+0x1142/0x46e0 [ 51.803582][ T7966] do_filp_open+0x1a1/0x280 [ 51.808586][ T7966] do_sys_open+0x3fe/0x5d0 [ 51.813515][ T7966] __x64_sys_open+0x7e/0xc0 [ 51.818540][ T7966] do_syscall_64+0x103/0x670 [ 51.823791][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.830184][ T7966] [ 51.830184][ T7966] -> #0 (sb_writers#3){.+.+}: [ 51.837051][ T7966] __lock_acquire+0x239c/0x3fb0 [ 51.842401][ T7966] lock_acquire+0x16f/0x3f0 [ 51.847421][ T7966] __sb_start_write+0x20b/0x360 [ 51.852787][ T7966] mnt_want_write+0x3f/0xc0 [ 51.857820][ T7966] ovl_want_write+0x76/0xa0 [ 51.862842][ T7966] ovl_open_maybe_copy_up+0x122/0x180 [ 51.868720][ T7966] ovl_open+0xb3/0x270 [ 51.873311][ T7966] do_dentry_open+0x4e2/0x1250 [ 51.878599][ T7966] dentry_open+0x132/0x1d0 [ 51.883525][ T7966] ima_calc_file_hash+0x33f/0x570 [ 51.889044][ T7966] ima_collect_measurement+0x50f/0x5c0 [ 51.894999][ T7966] process_measurement+0xeca/0x1570 [ 51.900783][ T7966] ima_file_check+0xc5/0x110 [ 51.905873][ T7966] path_openat+0x1142/0x46e0 [ 51.910960][ T7966] do_filp_open+0x1a1/0x280 [ 51.915968][ T7966] do_sys_open+0x3fe/0x5d0 [ 51.920908][ T7966] __x64_sys_open+0x7e/0xc0 [ 51.925926][ T7966] do_syscall_64+0x103/0x670 [ 51.931033][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.937508][ T7966] [ 51.937508][ T7966] other info that might help us debug this: [ 51.937508][ T7966] [ 51.947711][ T7966] Possible unsafe locking scenario: [ 51.947711][ T7966] [ 51.955135][ T7966] CPU0 CPU1 [ 51.960492][ T7966] ---- ---- [ 51.965850][ T7966] lock(&iint->mutex); [ 51.969984][ T7966] lock(sb_writers#3); [ 51.976632][ T7966] lock(&iint->mutex); [ 51.983345][ T7966] lock(sb_writers#3); [ 51.987482][ T7966] [ 51.987482][ T7966] *** DEADLOCK *** [ 51.987482][ T7966] [ 51.995616][ T7966] 1 lock held by syz-executor.0/7966: [ 52.000975][ T7966] #0: 0000000039a77e11 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 52.010245][ T7966] [ 52.010245][ T7966] stack backtrace: [ 52.016133][ T7966] CPU: 1 PID: 7966 Comm: syz-executor.0 Not tainted 5.1.0-rc5-next-20190418 #28 [ 52.025143][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.035175][ T7966] Call Trace: [ 52.038477][ T7966] dump_stack+0x172/0x1f0 [ 52.042795][ T7966] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 52.048873][ T7966] check_prev_add.constprop.0+0xf11/0x23c0 [ 52.054675][ T7966] ? __bfs+0x232/0x590 [ 52.058726][ T7966] ? check_usage+0x570/0x570 [ 52.063300][ T7966] ? tomoyo_check_open_permission+0x1b1/0x3f0 [ 52.069360][ T7966] ? find_held_lock+0x35/0x130 [ 52.074102][ T7966] ? graph_lock+0x7b/0x200 [ 52.078514][ T7966] ? __lockdep_reset_lock+0x450/0x450 [ 52.083875][ T7966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.090113][ T7966] __lock_acquire+0x239c/0x3fb0 [ 52.094964][ T7966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.101184][ T7966] ? mark_held_locks+0xf0/0xf0 [ 52.105952][ T7966] lock_acquire+0x16f/0x3f0 [ 52.110444][ T7966] ? mnt_want_write+0x3f/0xc0 [ 52.115134][ T7966] __sb_start_write+0x20b/0x360 [ 52.119979][ T7966] ? mnt_want_write+0x3f/0xc0 [ 52.124636][ T7966] mnt_want_write+0x3f/0xc0 [ 52.129144][ T7966] ovl_want_write+0x76/0xa0 [ 52.133635][ T7966] ovl_open_maybe_copy_up+0x122/0x180 [ 52.138995][ T7966] ovl_open+0xb3/0x270 [ 52.143077][ T7966] do_dentry_open+0x4e2/0x1250 [ 52.147831][ T7966] ? ovl_llseek+0x110/0x110 [ 52.152321][ T7966] ? chown_common+0x5c0/0x5c0 [ 52.156977][ T7966] dentry_open+0x132/0x1d0 [ 52.161375][ T7966] ima_calc_file_hash+0x33f/0x570 [ 52.166374][ T7966] ima_collect_measurement+0x50f/0x5c0 [ 52.171827][ T7966] ? ima_get_action+0xa0/0xa0 [ 52.176488][ T7966] process_measurement+0xeca/0x1570 [ 52.181670][ T7966] ? ima_add_template_entry.cold+0x48/0x48 [ 52.187473][ T7966] ? aa_get_task_label+0x3a6/0x720 [ 52.192562][ T7966] ? find_held_lock+0x35/0x130 [ 52.197305][ T7966] ? aa_get_task_label+0x3a6/0x720 [ 52.202394][ T7966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.208615][ T7966] ? refcount_sub_and_test_checked+0x154/0x200 [ 52.214768][ T7966] ? refcount_dec_not_one+0x1f0/0x1f0 [ 52.220134][ T7966] ? refcount_dec_and_test_checked+0x1b/0x20 [ 52.226118][ T7966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.232365][ T7966] ? apparmor_task_getsecid+0x94/0xd0 [ 52.237817][ T7966] ima_file_check+0xc5/0x110 [ 52.242399][ T7966] ? process_measurement+0x1570/0x1570 [ 52.247851][ T7966] ? inode_permission+0xb4/0x570 [ 52.252783][ T7966] path_openat+0x1142/0x46e0 [ 52.257351][ T7966] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 52.263140][ T7966] ? kasan_slab_alloc+0xf/0x20 [ 52.267888][ T7966] ? kmem_cache_alloc+0x11a/0x6f0 [ 52.272889][ T7966] ? getname_flags+0xd6/0x5b0 [ 52.277628][ T7966] ? getname+0x1a/0x20 [ 52.281699][ T7966] ? do_sys_open+0x2c9/0x5d0 [ 52.286295][ T7966] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 52.291666][ T7966] ? __alloc_fd+0x44d/0x560 [ 52.296175][ T7966] do_filp_open+0x1a1/0x280 [ 52.300673][ T7966] ? may_open_dev+0x100/0x100 [ 52.305335][ T7966] ? kasan_check_read+0x11/0x20 [ 52.310167][ T7966] ? do_raw_spin_unlock+0x57/0x270 [ 52.315255][ T7966] ? _raw_spin_unlock+0x2d/0x50 [ 52.320086][ T7966] ? __alloc_fd+0x44d/0x560 [ 52.324574][ T7966] do_sys_open+0x3fe/0x5d0 [ 52.329000][ T7966] ? filp_open+0x80/0x80 [ 52.333236][ T7966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.338681][ T7966] ? do_syscall_64+0x26/0x670 [ 52.343345][ T7966] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.349413][ T7966] ? do_syscall_64+0x26/0x670 [ 52.354071][ T7966] __x64_sys_open+0x7e/0xc0 [ 52.358555][ T7966] do_syscall_64+0x103/0x670 [ 52.363130][ T7966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.368998][ T7966] RIP: 0033:0x458c29 [ 52.372872][ T7966] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.392475][ T7966] RSP: 002b:00007ffdfd471278 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 52.400866][ T7966] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 52.408817][ T7966] RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000020000040 [ 52.416768][ T7966] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 52.424736][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 00005555568c3914 [ 52.432706][ T7966] R13: 00000000004f6d7f R14: 00000000004d8be8 R15: 00000000f