[   35.167805][   T26] audit: type=1800 audit(1556298238.378:28): pid=7454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.887011][   T26] audit: type=1800 audit(1556298239.178:29): pid=7454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.917476][   T26] audit: type=1800 audit(1556298239.188:30): pid=7454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts.
2019/04/26 17:04:07 parsed 1 programs
2019/04/26 17:04:09 executed programs: 0
syzkaller login: [   45.873806][ T7642] IPVS: ftp: loaded support on port[0] = 21
[   45.928335][ T7642] chnl_net:caif_netlink_parms(): no params data found
[   45.957788][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.965853][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.973671][ T7642] device bridge_slave_0 entered promiscuous mode
[   45.981784][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.988851][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.996590][ T7642] device bridge_slave_1 entered promiscuous mode
[   46.012467][ T7642] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   46.021998][ T7642] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   46.038609][ T7642] team0: Port device team_slave_0 added
[   46.045667][ T7642] team0: Port device team_slave_1 added
[   46.101241][ T7642] device hsr_slave_0 entered promiscuous mode
[   46.139596][ T7642] device hsr_slave_1 entered promiscuous mode
[   46.216015][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.223220][ T7642] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.231128][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.238195][ T7642] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.267413][ T7642] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.280849][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.291482][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.300747][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.308672][ T2988] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   46.321587][ T7642] 8021q: adding VLAN 0 to HW filter on device team0
[   46.331488][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.340158][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.347293][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.357217][ T3481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.366089][ T3481] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.373182][ T3481] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.391306][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   46.400415][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   46.408684][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.418049][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   46.430754][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.440889][ T7642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   46.456355][ T7642] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.512631][ T7648] 
[   46.515122][ T7648] ======================================================
[   46.522111][ T7648] WARNING: possible circular locking dependency detected
[   46.529102][ T7648] 5.1.0-rc6+ #86 Not tainted
[   46.533670][ T7648] ------------------------------------------------------
[   46.540666][ T7648] syz-executor.0/7648 is trying to acquire lock:
[   46.546964][ T7648] 00000000ea6860a9 (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0
[   46.555101][ T7648] 
[   46.555101][ T7648] but task is already holding lock:
[   46.562441][ T7648] 0000000077f7c223 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   46.571275][ T7648] 
[   46.571275][ T7648] which lock already depends on the new lock.
[   46.571275][ T7648] 
[   46.581655][ T7648] 
[   46.581655][ T7648] the existing dependency chain (in reverse order) is:
[   46.590734][ T7648] 
[   46.590734][ T7648] -> #1 (&iint->mutex){+.+.}:
[   46.597575][ T7648]        lock_acquire+0x16f/0x3f0
[   46.602578][ T7648]        __mutex_lock+0xf7/0x1310
[   46.607589][ T7648]        mutex_lock_nested+0x16/0x20
[   46.612940][ T7648]        process_measurement+0x354/0x1570
[   46.618637][ T7648]        ima_file_check+0xc5/0x110
[   46.623728][ T7648]        path_openat+0x1142/0x46e0
[   46.628834][ T7648]        do_filp_open+0x1a1/0x280
[   46.633833][ T7648]        do_sys_open+0x3fe/0x5d0
[   46.638742][ T7648]        __x64_sys_open+0x7e/0xc0
[   46.643744][ T7648]        do_syscall_64+0x103/0x610
[   46.648831][ T7648]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.655212][ T7648] 
[   46.655212][ T7648] -> #0 (sb_writers#3){.+.+}:
[   46.662045][ T7648]        __lock_acquire+0x239c/0x3fb0
[   46.667391][ T7648]        lock_acquire+0x16f/0x3f0
[   46.672394][ T7648]        __sb_start_write+0x20b/0x360
[   46.677747][ T7648]        mnt_want_write+0x3f/0xc0
[   46.682753][ T7648]        ovl_want_write+0x76/0xa0
[   46.687750][ T7648]        ovl_open_maybe_copy_up+0x122/0x180
[   46.693621][ T7648]        ovl_open+0xb3/0x270
[   46.698207][ T7648]        do_dentry_open+0x4e2/0x1250
[   46.703466][ T7648]        dentry_open+0x132/0x1d0
[   46.708394][ T7648]        ima_calc_file_hash+0x33f/0x570
[   46.713923][ T7648]        ima_collect_measurement+0x50f/0x5c0
[   46.719875][ T7648]        process_measurement+0xeca/0x1570
[   46.725581][ T7648]        ima_file_check+0xc5/0x110
[   46.730672][ T7648]        path_openat+0x1142/0x46e0
[   46.735760][ T7648]        do_filp_open+0x1a1/0x280
[   46.740765][ T7648]        do_sys_open+0x3fe/0x5d0
[   46.745685][ T7648]        __x64_sys_openat+0x9d/0x100
[   46.750947][ T7648]        do_syscall_64+0x103/0x610
[   46.756037][ T7648]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.762426][ T7648] 
[   46.762426][ T7648] other info that might help us debug this:
[   46.762426][ T7648] 
[   46.772634][ T7648]  Possible unsafe locking scenario:
[   46.772634][ T7648] 
[   46.780150][ T7648]        CPU0                    CPU1
[   46.785490][ T7648]        ----                    ----
[   46.790827][ T7648]   lock(&iint->mutex);
[   46.794967][ T7648]                                lock(sb_writers#3);
[   46.801632][ T7648]                                lock(&iint->mutex);
[   46.808290][ T7648]   lock(sb_writers#3);
[   46.812421][ T7648] 
[   46.812421][ T7648]  *** DEADLOCK ***
[   46.812421][ T7648] 
[   46.820544][ T7648] 1 lock held by syz-executor.0/7648:
[   46.825890][ T7648]  #0: 0000000077f7c223 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   46.835163][ T7648] 
[   46.835163][ T7648] stack backtrace:
[   46.841032][ T7648] CPU: 0 PID: 7648 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #86
[   46.848902][ T7648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.858931][ T7648] Call Trace:
[   46.862214][ T7648]  dump_stack+0x172/0x1f0
[   46.866535][ T7648]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   46.872585][ T7648]  check_prev_add.constprop.0+0xf11/0x23c0
[   46.878370][ T7648]  ? __bfs+0x232/0x590
[   46.882426][ T7648]  ? check_usage+0x570/0x570
[   46.886997][ T7648]  ? tomoyo_check_open_permission+0x1b1/0x3f0
[   46.893057][ T7648]  ? find_held_lock+0x35/0x130
[   46.897805][ T7648]  ? graph_lock+0x7b/0x200
[   46.902195][ T7648]  ? __lockdep_reset_lock+0x450/0x450
[   46.907547][ T7648]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.913778][ T7648]  __lock_acquire+0x239c/0x3fb0
[   46.918630][ T7648]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   46.924844][ T7648]  ? mark_held_locks+0xf0/0xf0
[   46.929593][ T7648]  lock_acquire+0x16f/0x3f0
[   46.934071][ T7648]  ? mnt_want_write+0x3f/0xc0
[   46.938728][ T7648]  __sb_start_write+0x20b/0x360
[   46.943558][ T7648]  ? mnt_want_write+0x3f/0xc0
[   46.948222][ T7648]  mnt_want_write+0x3f/0xc0
[   46.952704][ T7648]  ovl_want_write+0x76/0xa0
[   46.957183][ T7648]  ovl_open_maybe_copy_up+0x122/0x180
[   46.962552][ T7648]  ovl_open+0xb3/0x270
[   46.966603][ T7648]  do_dentry_open+0x4e2/0x1250
[   46.971370][ T7648]  ? ovl_llseek+0x110/0x110
[   46.975853][ T7648]  ? chown_common+0x5c0/0x5c0
[   46.980517][ T7648]  dentry_open+0x132/0x1d0
[   46.984919][ T7648]  ima_calc_file_hash+0x33f/0x570
[   46.989922][ T7648]  ima_collect_measurement+0x50f/0x5c0
[   46.995357][ T7648]  ? ima_get_action+0xa0/0xa0
[   47.000012][ T7648]  process_measurement+0xeca/0x1570
[   47.005187][ T7648]  ? ima_add_template_entry.cold+0x48/0x48
[   47.010974][ T7648]  ? do_dentry_open+0xb9f/0x1250
[   47.015916][ T7648]  ? lockdep_init_map+0x1be/0x6d0
[   47.021091][ T7648]  ? smack_task_getsecid+0x168/0x310
[   47.026356][ T7648]  ? find_held_lock+0x35/0x130
[   47.031106][ T7648]  ? smack_task_getsecid+0x168/0x310
[   47.036371][ T7648]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   47.042589][ T7648]  ? lock_downgrade+0x880/0x880
[   47.047416][ T7648]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.053633][ T7648]  ? kasan_check_read+0x11/0x20
[   47.058478][ T7648]  ? smack_task_getsecid+0x18f/0x310
[   47.063754][ T7648]  ima_file_check+0xc5/0x110
[   47.068329][ T7648]  ? process_measurement+0x1570/0x1570
[   47.073768][ T7648]  ? inode_permission+0xb4/0x570
[   47.078685][ T7648]  path_openat+0x1142/0x46e0
[   47.083261][ T7648]  ? save_stack+0x45/0xd0
[   47.087576][ T7648]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   47.093362][ T7648]  ? kasan_slab_alloc+0xf/0x20
[   47.098116][ T7648]  ? kmem_cache_alloc+0x11a/0x6f0
[   47.103118][ T7648]  ? getname_flags+0xd6/0x5b0
[   47.107782][ T7648]  ? getname+0x1a/0x20
[   47.111947][ T7648]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   47.117299][ T7648]  do_filp_open+0x1a1/0x280
[   47.121781][ T7648]  ? __alloc_fd+0x44d/0x560
[   47.126258][ T7648]  ? may_open_dev+0x100/0x100
[   47.130939][ T7648]  ? kasan_check_read+0x11/0x20
[   47.135778][ T7648]  ? do_raw_spin_unlock+0x57/0x270
[   47.140887][ T7648]  do_sys_open+0x3fe/0x5d0
[   47.145281][ T7648]  ? filp_open+0x80/0x80
[   47.149503][ T7648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.154939][ T7648]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.160390][ T7648]  ? do_syscall_64+0x26/0x610
[   47.165049][ T7648]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.171204][ T7648]  ? do_syscall_64+0x26/0x610
[   47.175873][ T7648]  __x64_sys_openat+0x9d/0x100
[   47.180615][ T7648]  do_syscall_64+0x103/0x610
[   47.185188][ T7648]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.191077][ T7648] RIP: 0033:0x458da9
[   47.194957][ T7648] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.214541]