[ 40.618689][ T27] audit: type=1800 audit(1555817718.324:26): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 40.652920][ T27] audit: type=1800 audit(1555817718.334:27): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 40.675894][ T27] audit: type=1800 audit(1555817718.334:28): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.452062][ T27] audit: type=1800 audit(1555817719.194:29): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. 2019/04/21 03:35:30 parsed 1 programs 2019/04/21 03:35:32 executed programs: 0 syzkaller login: [ 54.825482][ T7869] IPVS: ftp: loaded support on port[0] = 21 [ 54.886776][ T7869] chnl_net:caif_netlink_parms(): no params data found [ 54.921981][ T7869] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.929958][ T7869] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.938480][ T7869] device bridge_slave_0 entered promiscuous mode [ 54.946898][ T7869] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.954165][ T7869] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.962040][ T7869] device bridge_slave_1 entered promiscuous mode [ 54.978380][ T7869] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.988247][ T7869] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.005519][ T7869] team0: Port device team_slave_0 added [ 55.013106][ T7869] team0: Port device team_slave_1 added [ 55.079895][ T7869] device hsr_slave_0 entered promiscuous mode [ 55.138206][ T7869] device hsr_slave_1 entered promiscuous mode [ 55.196459][ T7869] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.203741][ T7869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.211669][ T7869] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.218825][ T7869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.255530][ T7869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.269506][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.292679][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.301747][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.315697][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.327581][ T7869] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.349394][ T2995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.359359][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.366450][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.389582][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.398630][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.405726][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.414495][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.424480][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.433946][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.442522][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.451506][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.461518][ T7869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.479570][ T7869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.541650][ T7876] [ 55.544000][ T7876] ====================================================== [ 55.551024][ T7876] WARNING: possible circular locking dependency detected [ 55.558443][ T7876] 5.1.0-rc5+ #78 Not tainted [ 55.563073][ T7876] ------------------------------------------------------ [ 55.570089][ T7876] syz-executor.0/7876 is trying to acquire lock: [ 55.576437][ T7876] 0000000087ca1920 (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 55.584749][ T7876] [ 55.584749][ T7876] but task is already holding lock: [ 55.592169][ T7876] 0000000051ba1f5f (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 55.601052][ T7876] [ 55.601052][ T7876] which lock already depends on the new lock. [ 55.601052][ T7876] [ 55.611442][ T7876] [ 55.611442][ T7876] the existing dependency chain (in reverse order) is: [ 55.620445][ T7876] [ 55.620445][ T7876] -> #1 (&iint->mutex){+.+.}: [ 55.627354][ T7876] lock_acquire+0x16f/0x3f0 [ 55.632413][ T7876] __mutex_lock+0xf7/0x1310 [ 55.637430][ T7876] mutex_lock_nested+0x16/0x20 [ 55.642736][ T7876] process_measurement+0x354/0x1570 [ 55.648457][ T7876] ima_file_check+0xc5/0x110 [ 55.653592][ T7876] path_openat+0x1142/0x46e0 [ 55.658698][ T7876] do_filp_open+0x1a1/0x280 [ 55.663732][ T7876] do_sys_open+0x3fe/0x5d0 [ 55.668663][ T7876] __x64_sys_open+0x7e/0xc0 [ 55.673696][ T7876] do_syscall_64+0x103/0x610 [ 55.678803][ T7876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.685223][ T7876] [ 55.685223][ T7876] -> #0 (sb_writers#3){.+.+}: [ 55.692080][ T7876] __lock_acquire+0x239c/0x3fb0 [ 55.697455][ T7876] lock_acquire+0x16f/0x3f0 [ 55.702484][ T7876] __sb_start_write+0x20b/0x360 [ 55.707897][ T7876] mnt_want_write+0x3f/0xc0 [ 55.712956][ T7876] ovl_want_write+0x76/0xa0 [ 55.717988][ T7876] ovl_open_maybe_copy_up+0x122/0x180 [ 55.724105][ T7876] ovl_open+0xb3/0x270 [ 55.729085][ T7876] do_dentry_open+0x4e2/0x1250 [ 55.734383][ T7876] dentry_open+0x132/0x1d0 [ 55.739353][ T7876] ima_calc_file_hash+0x33f/0x570 [ 55.744927][ T7876] ima_collect_measurement+0x50f/0x5c0 [ 55.757794][ T7876] process_measurement+0xeca/0x1570 [ 55.763520][ T7876] ima_file_check+0xc5/0x110 [ 55.768644][ T7876] path_openat+0x1142/0x46e0 [ 55.773952][ T7876] do_filp_open+0x1a1/0x280 [ 55.779352][ T7876] do_sys_open+0x3fe/0x5d0 [ 55.784282][ T7876] __x64_sys_open+0x7e/0xc0 [ 55.789312][ T7876] do_syscall_64+0x103/0x610 [ 55.794420][ T7876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.800834][ T7876] [ 55.800834][ T7876] other info that might help us debug this: [ 55.800834][ T7876] [ 55.812522][ T7876] Possible unsafe locking scenario: [ 55.812522][ T7876] [ 55.819984][ T7876] CPU0 CPU1 [ 55.825339][ T7876] ---- ---- [ 55.830899][ T7876] lock(&iint->mutex); [ 55.835045][ T7876] lock(sb_writers#3); [ 55.841711][ T7876] lock(&iint->mutex); [ 55.848528][ T7876] lock(sb_writers#3); [ 55.852673][ T7876] [ 55.852673][ T7876] *** DEADLOCK *** [ 55.852673][ T7876] [ 55.860836][ T7876] 1 lock held by syz-executor.0/7876: [ 55.866719][ T7876] #0: 0000000051ba1f5f (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 55.876003][ T7876] [ 55.876003][ T7876] stack backtrace: [ 55.882082][ T7876] CPU: 0 PID: 7876 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #78 [ 55.889992][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.900141][ T7876] Call Trace: [ 55.903452][ T7876] dump_stack+0x172/0x1f0 [ 55.907793][ T7876] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 55.913900][ T7876] check_prev_add.constprop.0+0xf11/0x23c0 [ 55.919718][ T7876] ? __bfs+0x232/0x590 [ 55.923798][ T7876] ? check_usage+0x570/0x570 [ 55.928396][ T7876] ? tomoyo_check_open_permission+0x1b1/0x3f0 [ 55.934483][ T7876] ? find_held_lock+0x35/0x130 [ 55.939238][ T7876] ? graph_lock+0x7b/0x200 [ 55.943658][ T7876] ? __lockdep_reset_lock+0x450/0x450 [ 55.949045][ T7876] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.955380][ T7876] __lock_acquire+0x239c/0x3fb0 [ 55.960225][ T7876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.966806][ T7876] ? mark_held_locks+0xf0/0xf0 [ 55.971566][ T7876] lock_acquire+0x16f/0x3f0 [ 55.976058][ T7876] ? mnt_want_write+0x3f/0xc0 [ 55.980835][ T7876] __sb_start_write+0x20b/0x360 [ 55.985700][ T7876] ? mnt_want_write+0x3f/0xc0 [ 55.990412][ T7876] mnt_want_write+0x3f/0xc0 [ 55.994918][ T7876] ovl_want_write+0x76/0xa0 [ 55.999527][ T7876] ovl_open_maybe_copy_up+0x122/0x180 [ 56.004919][ T7876] ovl_open+0xb3/0x270 [ 56.009012][ T7876] do_dentry_open+0x4e2/0x1250 [ 56.013764][ T7876] ? ovl_llseek+0x110/0x110 [ 56.018254][ T7876] ? chown_common+0x5c0/0x5c0 [ 56.022923][ T7876] dentry_open+0x132/0x1d0 [ 56.027416][ T7876] ima_calc_file_hash+0x33f/0x570 [ 56.032436][ T7876] ima_collect_measurement+0x50f/0x5c0 [ 56.037900][ T7876] ? ima_get_action+0xa0/0xa0 [ 56.042569][ T7876] process_measurement+0xeca/0x1570 [ 56.047755][ T7876] ? ima_add_template_entry.cold+0x48/0x48 [ 56.053556][ T7876] ? aa_get_task_label+0x3a6/0x720 [ 56.058656][ T7876] ? find_held_lock+0x35/0x130 [ 56.063409][ T7876] ? aa_get_task_label+0x3a6/0x720 [ 56.068514][ T7876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.074772][ T7876] ? refcount_sub_and_test_checked+0x154/0x200 [ 56.080928][ T7876] ? refcount_dec_not_one+0x1f0/0x1f0 [ 56.086382][ T7876] ? refcount_dec_and_test_checked+0x1b/0x20 [ 56.092353][ T7876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.098606][ T7876] ? apparmor_task_getsecid+0x94/0xd0 [ 56.104135][ T7876] ima_file_check+0xc5/0x110 [ 56.109440][ T7876] ? process_measurement+0x1570/0x1570 [ 56.116987][ T7876] ? inode_permission+0xb4/0x570 [ 56.122470][ T7876] path_openat+0x1142/0x46e0 [ 56.127413][ T7876] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 56.133239][ T7876] ? kasan_slab_alloc+0xf/0x20 [ 56.139650][ T7876] ? kmem_cache_alloc+0x11a/0x6f0 [ 56.144702][ T7876] ? getname_flags+0xd6/0x5b0 [ 56.149375][ T7876] ? getname+0x1a/0x20 [ 56.153546][ T7876] ? do_sys_open+0x2c9/0x5d0 [ 56.159406][ T7876] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 56.164861][ T7876] ? __alloc_fd+0x44d/0x560 [ 56.169584][ T7876] do_filp_open+0x1a1/0x280 [ 56.174439][ T7876] ? may_open_dev+0x100/0x100 [ 56.179120][ T7876] ? kasan_check_read+0x11/0x20 [ 56.184097][ T7876] ? do_raw_spin_unlock+0x57/0x270 [ 56.189200][ T7876] ? _raw_spin_unlock+0x2d/0x50 [ 56.194058][ T7876] ? __alloc_fd+0x44d/0x560 [ 56.200064][ T7876] do_sys_open+0x3fe/0x5d0 [ 56.205891][ T7876] ? filp_open+0x80/0x80 [ 56.210131][ T7876] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.215846][ T7876] ? do_syscall_64+0x26/0x610 [ 56.220512][ T7876] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.226581][ T7876] ? do_syscall_64+0x26/0x610 [ 56.231274][ T7876] __x64_sys_open+0x7e/0xc0 [ 56.235856][ T7876] do_syscall_64+0x103/0x610 [ 56.240446][ T7876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.246324][ T7876] RIP: 0033:0x458c29 [ 56.250202][ T7876] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.269908][ T7876] RSP: 002b:00007fff3249fc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 56.278333][ T7876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 56.286315][ T7876] RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000020000040 [ 56.2