Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
syzkaller login: [   62.186579] kauditd_printk_skb: 5 callbacks suppressed
[   62.186596] audit: type=1400 audit(1555798497.748:36): avc:  denied  { map } for  pid=8020 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/04/20 22:14:58 parsed 1 programs
[   63.089427] audit: type=1400 audit(1555798498.648:37): avc:  denied  { map } for  pid=8020 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/04/20 22:15:00 executed programs: 0
[   64.984005] IPVS: ftp: loaded support on port[0] = 21
[   65.044093] chnl_net:caif_netlink_parms(): no params data found
[   65.074968] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.081547] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.088935] device bridge_slave_0 entered promiscuous mode
[   65.096458] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.102953] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.110012] device bridge_slave_1 entered promiscuous mode
[   65.125427] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.134546] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.151343] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   65.159380] team0: Port device team_slave_0 added
[   65.165107] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   65.172429] team0: Port device team_slave_1 added
[   65.177642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   65.185048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   65.264104] device hsr_slave_0 entered promiscuous mode
[   65.302584] device hsr_slave_1 entered promiscuous mode
[   65.362450] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   65.369382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   65.383380] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.389804] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.396657] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.403037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.436507] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   65.443509] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.451607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.460188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.480220] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.487669] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.495654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   65.505807] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   65.512236] 8021q: adding VLAN 0 to HW filter on device team0
[   65.521509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.529637] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.536027] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.546099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.553866] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.560247] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.577133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.585485] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.594810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.608527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.618591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.629116] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   65.636400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.644249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.656598] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   65.663500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.675152] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.686209] audit: type=1400 audit(1555798501.248:38): avc:  denied  { associate } for  pid=8036 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   65.754901] 
[   65.756542] ======================================================
[   65.762938] WARNING: possible circular locking dependency detected
[   65.769237] 4.19.36 #4 Not tainted
[   65.772757] ------------------------------------------------------
[   65.779057] syz-executor.0/8042 is trying to acquire lock:
[   65.785213] 00000000b3d4ab27 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0
[   65.793919] 
[   65.793919] but task is already holding lock:
[   65.799967] 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   65.808444] 
[   65.808444] which lock already depends on the new lock.
[   65.808444] 
[   65.816867] 
[   65.816867] the existing dependency chain (in reverse order) is:
[   65.824604] 
[   65.824604] -> #1 (&iint->mutex){+.+.}:
[   65.830144]        __mutex_lock+0xf7/0x1300
[   65.834459]        mutex_lock_nested+0x16/0x20
[   65.839081]        process_measurement+0x354/0x1570
[   65.844095]        ima_file_check+0xc5/0x110
[   65.848518]        path_openat+0x1130/0x4690
[   65.852924]        do_filp_open+0x1a1/0x280
[   65.857530]        do_sys_open+0x3fe/0x550
[   65.861847]        __x64_sys_open+0x7e/0xc0
[   65.866711]        do_syscall_64+0x103/0x610
[   65.871157]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.876857] 
[   65.876857] -> #0 (sb_writers#4){.+.+}:
[   65.882831]        lock_acquire+0x16f/0x3f0
[   65.888690]        __sb_start_write+0x20b/0x360
[   65.893829]        mnt_want_write+0x3f/0xc0
[   65.901515]        ovl_want_write+0x76/0xa0
[   65.906315]        ovl_open_maybe_copy_up+0x122/0x180
[   65.911691]        ovl_open+0xb3/0x270
[   65.915582]        do_dentry_open+0x4c6/0x1200
[   65.920369]        dentry_open+0x132/0x1d0
[   65.924703]        ima_calc_file_hash+0x68a/0x980
[   65.930977]        ima_collect_measurement+0x50f/0x5c0
[   65.936339]        process_measurement+0xeca/0x1570
[   65.941345]        ima_file_check+0xc5/0x110
[   65.945783]        path_openat+0x1130/0x4690
[   65.950177]        do_filp_open+0x1a1/0x280
[   65.954490]        do_sys_open+0x3fe/0x550
[   65.958885]        __x64_sys_open+0x7e/0xc0
[   65.963197]        do_syscall_64+0x103/0x610
[   65.967598]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.973392] 
[   65.973392] other info that might help us debug this:
[   65.973392] 
[   65.981706]  Possible unsafe locking scenario:
[   65.981706] 
[   65.987748]        CPU0                    CPU1
[   65.992396]        ----                    ----
[   65.997046]   lock(&iint->mutex);
[   66.000569]                                lock(sb_writers#4);
[   66.006543]                                lock(&iint->mutex);
[   66.012507]   lock(sb_writers#4);
[   66.015949] 
[   66.015949]  *** DEADLOCK ***
[   66.015949] 
[   66.022058] 1 lock held by syz-executor.0/8042:
[   66.026759]  #0: 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   66.035398] 
[   66.035398] stack backtrace:
[   66.039897] CPU: 0 PID: 8042 Comm: syz-executor.0 Not tainted 4.19.36 #4
[   66.046732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.056176] Call Trace:
[   66.058785]  dump_stack+0x172/0x1f0
[   66.062466]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   66.067914]  __lock_acquire+0x2e6d/0x48f0
[   66.072067]  ? mark_held_locks+0x100/0x100
[   66.076355]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.081964]  ? avc_has_perm+0x404/0x610
[   66.086055]  ? avc_has_perm_noaudit+0x570/0x570
[   66.090774]  ? __lock_is_held+0xb6/0x140
[   66.094893]  lock_acquire+0x16f/0x3f0
[   66.098694]  ? mnt_want_write+0x3f/0xc0
[   66.102664]  __sb_start_write+0x20b/0x360
[   66.106802]  ? mnt_want_write+0x3f/0xc0
[   66.110769]  mnt_want_write+0x3f/0xc0
[   66.114573]  ovl_want_write+0x76/0xa0
[   66.118881]  ovl_open_maybe_copy_up+0x122/0x180
[   66.123595]  ovl_open+0xb3/0x270
[   66.127000]  ? security_file_open+0x89/0x1b0
[   66.143865]  do_dentry_open+0x4c6/0x1200
[   66.147952]  ? check_preemption_disabled+0x48/0x290
[   66.153004]  ? ovl_llseek+0x110/0x110
[   66.156795]  ? chown_common+0x5c0/0x5c0
[   66.160760]  dentry_open+0x132/0x1d0
[   66.164466]  ima_calc_file_hash+0x68a/0x980
[   66.168779]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.174315]  ima_collect_measurement+0x50f/0x5c0
[   66.179099]  ? ima_get_action+0xa0/0xa0
[   66.183069]  process_measurement+0xeca/0x1570
[   66.187644]  ? ima_add_template_entry.cold+0x48/0x48
[   66.192778]  ? mark_held_locks+0x100/0x100
[   66.197034]  ? ext4_file_read_iter+0x3c0/0x3c0
[   66.201609]  ? selinux_task_getsecid+0x16f/0x2d0
[   66.206361]  ? find_held_lock+0x35/0x130
[   66.210409]  ? selinux_task_getsecid+0x16f/0x2d0
[   66.215152]  ? lock_downgrade+0x810/0x810
[   66.219289]  ? kasan_check_read+0x11/0x20
[   66.223422]  ? selinux_task_getsecid+0x196/0x2d0
[   66.228170]  ima_file_check+0xc5/0x110
[   66.232133]  ? process_measurement+0x1570/0x1570
[   66.236876]  ? inode_permission+0xb4/0x570
[   66.241109]  path_openat+0x1130/0x4690
[   66.245032]  ? __lock_acquire+0x6eb/0x48f0
[   66.249259]  ? getname+0x1a/0x20
[   66.252658]  ? do_sys_open+0x2c9/0x550
[   66.256541]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   66.261202]  ? find_held_lock+0x35/0x130
[   66.265258]  ? __alloc_fd+0x44d/0x560
[   66.269054]  do_filp_open+0x1a1/0x280
[   66.272849]  ? may_open_dev+0x100/0x100
[   66.276897]  ? kasan_check_read+0x11/0x20
[   66.281037]  ? do_raw_spin_unlock+0x57/0x270
[   66.285449]  ? _raw_spin_unlock+0x2d/0x50
[   66.289596]  ? __alloc_fd+0x44d/0x560
[   66.293391]  do_sys_open+0x3fe/0x550
[   66.297096]  ? filp_open+0x80/0x80
[   66.300627]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.305377]  ? do_syscall_64+0x26/0x610
[   66.309458]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.314820]  ? do_syscall_64+0x26/0x610
[   66.318798]  __x64_sys_open+0x7e/0xc0
[   66.322599]  do_syscall_64+0x103/0x610
[   66.326513]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.331731] RIP: 0033:0x458c29
[   66.334921] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.353811] RSP: 002b:00007ffc26fde8a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   66.361516] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29
[   66.368768] RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000020000040
[   66.376069] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   66.383434] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015bf914
[   66.390798] R13: 00000000004f6d7f R14: 00000000004d8be8 R15: 00000000ffffffff