Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. syzkaller login: [ 62.186579] kauditd_printk_skb: 5 callbacks suppressed [ 62.186596] audit: type=1400 audit(1555798497.748:36): avc: denied { map } for pid=8020 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/20 22:14:58 parsed 1 programs [ 63.089427] audit: type=1400 audit(1555798498.648:37): avc: denied { map } for pid=8020 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/04/20 22:15:00 executed programs: 0 [ 64.984005] IPVS: ftp: loaded support on port[0] = 21 [ 65.044093] chnl_net:caif_netlink_parms(): no params data found [ 65.074968] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.081547] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.088935] device bridge_slave_0 entered promiscuous mode [ 65.096458] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.102953] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.110012] device bridge_slave_1 entered promiscuous mode [ 65.125427] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 65.134546] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 65.151343] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 65.159380] team0: Port device team_slave_0 added [ 65.165107] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 65.172429] team0: Port device team_slave_1 added [ 65.177642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 65.185048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 65.264104] device hsr_slave_0 entered promiscuous mode [ 65.302584] device hsr_slave_1 entered promiscuous mode [ 65.362450] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 65.369382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 65.383380] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.389804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.396657] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.403037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.436507] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 65.443509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.451607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.460188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.480220] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.487669] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.495654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 65.505807] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.512236] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.521509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.529637] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.536027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.546099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.553866] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.560247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.577133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.585485] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.594810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.608527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.618591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.629116] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 65.636400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.644249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.656598] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 65.663500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.675152] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.686209] audit: type=1400 audit(1555798501.248:38): avc: denied { associate } for pid=8036 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 65.754901] [ 65.756542] ====================================================== [ 65.762938] WARNING: possible circular locking dependency detected [ 65.769237] 4.19.36 #4 Not tainted [ 65.772757] ------------------------------------------------------ [ 65.779057] syz-executor.0/8042 is trying to acquire lock: [ 65.785213] 00000000b3d4ab27 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 65.793919] [ 65.793919] but task is already holding lock: [ 65.799967] 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 65.808444] [ 65.808444] which lock already depends on the new lock. [ 65.808444] [ 65.816867] [ 65.816867] the existing dependency chain (in reverse order) is: [ 65.824604] [ 65.824604] -> #1 (&iint->mutex){+.+.}: [ 65.830144] __mutex_lock+0xf7/0x1300 [ 65.834459] mutex_lock_nested+0x16/0x20 [ 65.839081] process_measurement+0x354/0x1570 [ 65.844095] ima_file_check+0xc5/0x110 [ 65.848518] path_openat+0x1130/0x4690 [ 65.852924] do_filp_open+0x1a1/0x280 [ 65.857530] do_sys_open+0x3fe/0x550 [ 65.861847] __x64_sys_open+0x7e/0xc0 [ 65.866711] do_syscall_64+0x103/0x610 [ 65.871157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.876857] [ 65.876857] -> #0 (sb_writers#4){.+.+}: [ 65.882831] lock_acquire+0x16f/0x3f0 [ 65.888690] __sb_start_write+0x20b/0x360 [ 65.893829] mnt_want_write+0x3f/0xc0 [ 65.901515] ovl_want_write+0x76/0xa0 [ 65.906315] ovl_open_maybe_copy_up+0x122/0x180 [ 65.911691] ovl_open+0xb3/0x270 [ 65.915582] do_dentry_open+0x4c6/0x1200 [ 65.920369] dentry_open+0x132/0x1d0 [ 65.924703] ima_calc_file_hash+0x68a/0x980 [ 65.930977] ima_collect_measurement+0x50f/0x5c0 [ 65.936339] process_measurement+0xeca/0x1570 [ 65.941345] ima_file_check+0xc5/0x110 [ 65.945783] path_openat+0x1130/0x4690 [ 65.950177] do_filp_open+0x1a1/0x280 [ 65.954490] do_sys_open+0x3fe/0x550 [ 65.958885] __x64_sys_open+0x7e/0xc0 [ 65.963197] do_syscall_64+0x103/0x610 [ 65.967598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.973392] [ 65.973392] other info that might help us debug this: [ 65.973392] [ 65.981706] Possible unsafe locking scenario: [ 65.981706] [ 65.987748] CPU0 CPU1 [ 65.992396] ---- ---- [ 65.997046] lock(&iint->mutex); [ 66.000569] lock(sb_writers#4); [ 66.006543] lock(&iint->mutex); [ 66.012507] lock(sb_writers#4); [ 66.015949] [ 66.015949] *** DEADLOCK *** [ 66.015949] [ 66.022058] 1 lock held by syz-executor.0/8042: [ 66.026759] #0: 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 66.035398] [ 66.035398] stack backtrace: [ 66.039897] CPU: 0 PID: 8042 Comm: syz-executor.0 Not tainted 4.19.36 #4 [ 66.046732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.056176] Call Trace: [ 66.058785] dump_stack+0x172/0x1f0 [ 66.062466] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 66.067914] __lock_acquire+0x2e6d/0x48f0 [ 66.072067] ? mark_held_locks+0x100/0x100 [ 66.076355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.081964] ? avc_has_perm+0x404/0x610 [ 66.086055] ? avc_has_perm_noaudit+0x570/0x570 [ 66.090774] ? __lock_is_held+0xb6/0x140 [ 66.094893] lock_acquire+0x16f/0x3f0 [ 66.098694] ? mnt_want_write+0x3f/0xc0 [ 66.102664] __sb_start_write+0x20b/0x360 [ 66.106802] ? mnt_want_write+0x3f/0xc0 [ 66.110769] mnt_want_write+0x3f/0xc0 [ 66.114573] ovl_want_write+0x76/0xa0 [ 66.118881] ovl_open_maybe_copy_up+0x122/0x180 [ 66.123595] ovl_open+0xb3/0x270 [ 66.127000] ? security_file_open+0x89/0x1b0 [ 66.143865] do_dentry_open+0x4c6/0x1200 [ 66.147952] ? check_preemption_disabled+0x48/0x290 [ 66.153004] ? ovl_llseek+0x110/0x110 [ 66.156795] ? chown_common+0x5c0/0x5c0 [ 66.160760] dentry_open+0x132/0x1d0 [ 66.164466] ima_calc_file_hash+0x68a/0x980 [ 66.168779] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 66.174315] ima_collect_measurement+0x50f/0x5c0 [ 66.179099] ? ima_get_action+0xa0/0xa0 [ 66.183069] process_measurement+0xeca/0x1570 [ 66.187644] ? ima_add_template_entry.cold+0x48/0x48 [ 66.192778] ? mark_held_locks+0x100/0x100 [ 66.197034] ? ext4_file_read_iter+0x3c0/0x3c0 [ 66.201609] ? selinux_task_getsecid+0x16f/0x2d0 [ 66.206361] ? find_held_lock+0x35/0x130 [ 66.210409] ? selinux_task_getsecid+0x16f/0x2d0 [ 66.215152] ? lock_downgrade+0x810/0x810 [ 66.219289] ? kasan_check_read+0x11/0x20 [ 66.223422] ? selinux_task_getsecid+0x196/0x2d0 [ 66.228170] ima_file_check+0xc5/0x110 [ 66.232133] ? process_measurement+0x1570/0x1570 [ 66.236876] ? inode_permission+0xb4/0x570 [ 66.241109] path_openat+0x1130/0x4690 [ 66.245032] ? __lock_acquire+0x6eb/0x48f0 [ 66.249259] ? getname+0x1a/0x20 [ 66.252658] ? do_sys_open+0x2c9/0x550 [ 66.256541] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 66.261202] ? find_held_lock+0x35/0x130 [ 66.265258] ? __alloc_fd+0x44d/0x560 [ 66.269054] do_filp_open+0x1a1/0x280 [ 66.272849] ? may_open_dev+0x100/0x100 [ 66.276897] ? kasan_check_read+0x11/0x20 [ 66.281037] ? do_raw_spin_unlock+0x57/0x270 [ 66.285449] ? _raw_spin_unlock+0x2d/0x50 [ 66.289596] ? __alloc_fd+0x44d/0x560 [ 66.293391] do_sys_open+0x3fe/0x550 [ 66.297096] ? filp_open+0x80/0x80 [ 66.300627] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 66.305377] ? do_syscall_64+0x26/0x610 [ 66.309458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.314820] ? do_syscall_64+0x26/0x610 [ 66.318798] __x64_sys_open+0x7e/0xc0 [ 66.322599] do_syscall_64+0x103/0x610 [ 66.326513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.331731] RIP: 0033:0x458c29 [ 66.334921] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.353811] RSP: 002b:00007ffc26fde8a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 66.361516] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 66.368768] RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000020000040 [ 66.376069] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 66.383434] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015bf914 [ 66.390798] R13: 00000000004f6d7f R14: 00000000004d8be8 R15: 00000000ffffffff