Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.773096] audit: type=1800 audit(1560690071.085:33): pid=7313 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.516946] kauditd_printk_skb: 1 callbacks suppressed [ 44.516960] audit: type=1400 audit(1560690077.825:35): avc: denied { map } for pid=7491 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. [ 51.176008] audit: type=1400 audit(1560690084.485:36): avc: denied { map } for pid=7503 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/16 13:01:25 parsed 1 programs [ 52.000779] audit: type=1400 audit(1560690085.315:37): avc: denied { map } for pid=7503 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14980 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/16 13:01:27 executed programs: 0 [ 53.709602] IPVS: ftp: loaded support on port[0] = 21 [ 53.770405] chnl_net:caif_netlink_parms(): no params data found [ 53.803001] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.809874] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.817074] device bridge_slave_0 entered promiscuous mode [ 53.825061] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.834654] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.841654] device bridge_slave_1 entered promiscuous mode [ 53.858747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.867476] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.884030] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.891992] team0: Port device team_slave_0 added [ 53.897631] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.905604] team0: Port device team_slave_1 added [ 53.910991] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.918304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.000098] device hsr_slave_0 entered promiscuous mode [ 54.068312] device hsr_slave_1 entered promiscuous mode [ 54.108382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.115454] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.130038] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.136613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.143642] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.150046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.180662] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 54.186761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.194733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.203261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.222928] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.230456] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.237509] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.248509] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.254616] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.264167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.272445] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.278851] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.290228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.299070] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.305417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.325558] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.335562] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.346340] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.354097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.362155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.370096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.378434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.386466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.393842] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.405643] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.415348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.426576] audit: type=1400 audit(1560690087.735:38): avc: denied { associate } for pid=7520 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 54.481401] [ 54.483078] ====================================================== [ 54.489487] WARNING: possible circular locking dependency detected [ 54.495850] 4.19.51 #23 Not tainted [ 54.499468] ------------------------------------------------------ [ 54.505779] syz-executor.0/7526 is trying to acquire lock: [ 54.511392] 00000000b84a34f1 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 54.518847] [ 54.518847] but task is already holding lock: [ 54.524802] 00000000098e59ca (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1560 [ 54.533214] [ 54.533214] which lock already depends on the new lock. [ 54.533214] [ 54.541630] [ 54.541630] the existing dependency chain (in reverse order) is: [ 54.549237] [ 54.549237] -> #1 (&iint->mutex){+.+.}: [ 54.554801] __mutex_lock+0xf7/0x1300 [ 54.559112] mutex_lock_nested+0x16/0x20 [ 54.563687] process_measurement+0x354/0x1560 [ 54.568808] ima_file_check+0xc5/0x110 [ 54.573221] path_openat+0x1130/0x4690 [ 54.577627] do_filp_open+0x1a1/0x280 [ 54.581943] do_sys_open+0x3fe/0x550 [ 54.586166] __x64_sys_open+0x7e/0xc0 [ 54.590482] do_syscall_64+0xfd/0x620 [ 54.594792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.600490] [ 54.600490] -> #0 (sb_writers#4){.+.+}: [ 54.606063] lock_acquire+0x16f/0x3f0 [ 54.610375] __sb_start_write+0x20b/0x360 [ 54.615029] mnt_want_write+0x3f/0xc0 [ 54.619449] ovl_want_write+0x76/0xa0 [ 54.623762] ovl_maybe_copy_up+0x122/0x180 [ 54.628516] ovl_open+0xb8/0x270 [ 54.632392] do_dentry_open+0x4c3/0x1200 [ 54.636957] dentry_open+0x132/0x1d0 [ 54.641192] ima_calc_file_hash+0x684/0x970 [ 54.646027] ima_collect_measurement+0x50f/0x5c0 [ 54.651359] process_measurement+0xeca/0x1560 [ 54.656369] ima_file_check+0xc5/0x110 [ 54.660766] path_openat+0x1130/0x4690 [ 54.665161] do_filp_open+0x1a1/0x280 [ 54.669475] do_sys_open+0x3fe/0x550 [ 54.673774] __x64_sys_open+0x7e/0xc0 [ 54.678108] do_syscall_64+0xfd/0x620 [ 54.682423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.688123] [ 54.688123] other info that might help us debug this: [ 54.688123] [ 54.696355] Possible unsafe locking scenario: [ 54.696355] [ 54.702408] CPU0 CPU1 [ 54.707067] ---- ---- [ 54.711718] lock(&iint->mutex); [ 54.715166] lock(sb_writers#4); [ 54.721291] lock(&iint->mutex); [ 54.727256] lock(sb_writers#4); [ 54.730699] [ 54.730699] *** DEADLOCK *** [ 54.730699] [ 54.736852] 1 lock held by syz-executor.0/7526: [ 54.741507] #0: 00000000098e59ca (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1560 [ 54.750110] [ 54.750110] stack backtrace: [ 54.754607] CPU: 0 PID: 7526 Comm: syz-executor.0 Not tainted 4.19.51 #23 [ 54.761931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.771281] Call Trace: [ 54.773859] dump_stack+0x172/0x1f0 [ 54.777470] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 54.782832] __lock_acquire+0x2e6d/0x48f0 [ 54.786992] ? mark_held_locks+0x100/0x100 [ 54.791225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.796760] ? avc_has_perm+0x404/0x610 [ 54.800723] ? avc_has_perm_noaudit+0x570/0x570 [ 54.805381] ? hash_netport4_uadt+0x160/0xff0 [ 54.809933] lock_acquire+0x16f/0x3f0 [ 54.813754] ? mnt_want_write+0x3f/0xc0 [ 54.817725] __sb_start_write+0x20b/0x360 [ 54.821854] ? mnt_want_write+0x3f/0xc0 [ 54.825811] mnt_want_write+0x3f/0xc0 [ 54.829598] ovl_want_write+0x76/0xa0 [ 54.833381] ovl_maybe_copy_up+0x122/0x180 [ 54.837675] ovl_open+0xb8/0x270 [ 54.841058] do_dentry_open+0x4c3/0x1200 [ 54.845126] ? check_preemption_disabled+0x48/0x290 [ 54.850140] ? ovl_llseek+0x3b0/0x3b0 [ 54.853932] ? chown_common+0x5c0/0x5c0 [ 54.857902] dentry_open+0x132/0x1d0 [ 54.861608] ima_calc_file_hash+0x684/0x970 [ 54.865938] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.871477] ima_collect_measurement+0x50f/0x5c0 [ 54.876352] ? ima_get_action+0xa0/0xa0 [ 54.880333] process_measurement+0xeca/0x1560 [ 54.884823] ? ima_add_template_entry.cold+0x48/0x48 [ 54.890042] ? mark_held_locks+0x100/0x100 [ 54.894279] ? chown_common+0x5c0/0x5c0 [ 54.898293] ? selinux_task_getsecid+0x16f/0x2d0 [ 54.903160] ? find_held_lock+0x35/0x130 [ 54.907210] ? selinux_task_getsecid+0x16f/0x2d0 [ 54.911954] ? lock_downgrade+0x810/0x810 [ 54.916345] ? kasan_check_read+0x11/0x20 [ 54.920495] ? selinux_task_getsecid+0x196/0x2d0 [ 54.925238] ima_file_check+0xc5/0x110 [ 54.929113] ? process_measurement+0x1560/0x1560 [ 54.933871] ? inode_permission+0xb4/0x560 [ 54.938339] path_openat+0x1130/0x4690 [ 54.942218] ? __lock_acquire+0x6eb/0x48f0 [ 54.946443] ? getname+0x1a/0x20 [ 54.949797] ? do_sys_open+0x2c9/0x550 [ 54.953671] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 54.958325] ? __alloc_fd+0x44d/0x560 [ 54.962109] do_filp_open+0x1a1/0x280 [ 54.965889] ? may_open_dev+0x100/0x100 [ 54.969849] ? kasan_check_read+0x11/0x20 [ 54.973977] ? do_raw_spin_unlock+0x57/0x270 [ 54.978364] ? _raw_spin_unlock+0x2d/0x50 [ 54.982491] ? __alloc_fd+0x44d/0x560 [ 54.986277] do_sys_open+0x3fe/0x550 [ 54.989972] ? filp_open+0x80/0x80 [ 54.993495] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.998328] ? do_syscall_64+0x26/0x620 [ 55.002308] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.007658] ? do_syscall_64+0x26/0x620 [ 55.011631] __x64_sys_open+0x7e/0xc0 [ 55.015419] do_syscall_64+0xfd/0x620 [ 55.019207] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.024375] RIP: 0033:0x4592c9 [ 55.027548] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.046501] RSP: 002b:00007fffce77c1d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 55.054212] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9 [ 55.061638] RDX: ffffffffffffffff RSI: 0000000000000003 RDI: 0000000020000080 [ 55.068908] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 55.076228] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015af914 [ 55.083490]