Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts.
syzkaller login: [   62.055311][   T27] kauditd_printk_skb: 5 callbacks suppressed
[   62.055327][   T27] audit: type=1400 audit(1556298346.271:36): avc:  denied  { map } for  pid=8331 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/04/26 17:05:47 parsed 1 programs
[   63.149148][   T27] audit: type=1400 audit(1556298347.371:37): avc:  denied  { map } for  pid=8331 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15700 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/04/26 17:05:49 executed programs: 0
[   65.156986][ T8345] IPVS: ftp: loaded support on port[0] = 21
[   65.221520][ T8345] chnl_net:caif_netlink_parms(): no params data found
[   65.255547][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.264090][ T8345] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.272505][ T8345] device bridge_slave_0 entered promiscuous mode
[   65.281447][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.288720][ T8345] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.296778][ T8345] device bridge_slave_1 entered promiscuous mode
[   65.313274][ T8345] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.323767][ T8345] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.351374][ T8345] team0: Port device team_slave_0 added
[   65.358705][ T8345] team0: Port device team_slave_1 added
[   65.418655][ T8345] device hsr_slave_0 entered promiscuous mode
[   65.476728][ T8345] device hsr_slave_1 entered promiscuous mode
[   65.554577][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.561926][ T8345] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.570176][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.577345][ T8345] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.613686][ T8345] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.627742][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.640240][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.650853][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.660049][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   65.672539][ T8345] 8021q: adding VLAN 0 to HW filter on device team0
[   65.683400][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.692250][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.699550][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.718071][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.727193][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.734328][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.743005][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.752362][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.762900][ T2945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.778223][ T8345] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.789799][ T8345] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.803069][ T8347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.812202][ T8347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.821419][ T8347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.839935][ T8345] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.852805][   T27] audit: type=1400 audit(1556298350.071:38): avc:  denied  { associate } for  pid=8345 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   65.925192][ T8351] 
[   65.927671][ T8351] ======================================================
[   65.934678][ T8351] WARNING: possible circular locking dependency detected
[   65.941694][ T8351] 5.1.0-rc6+ #85 Not tainted
[   65.946298][ T8351] ------------------------------------------------------
[   65.953324][ T8351] syz-executor.0/8351 is trying to acquire lock:
[   65.959887][ T8351] 0000000050bf6a28 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0
[   65.968280][ T8351] 
[   65.968280][ T8351] but task is already holding lock:
[   65.975672][ T8351] 00000000bbf6320a (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   65.984582][ T8351] 
[   65.984582][ T8351] which lock already depends on the new lock.
[   65.984582][ T8351] 
[   65.996024][ T8351] 
[   65.996024][ T8351] the existing dependency chain (in reverse order) is:
[   66.005058][ T8351] 
[   66.005058][ T8351] -> #1 (&iint->mutex){+.+.}:
[   66.012124][ T8351]        lock_acquire+0x16f/0x3f0
[   66.017221][ T8351]        __mutex_lock+0xf7/0x1310
[   66.023244][ T8351]        mutex_lock_nested+0x16/0x20
[   66.034791][ T8351]        process_measurement+0x354/0x1570
[   66.041855][ T8351]        ima_file_check+0xc5/0x110
[   66.050435][ T8351]        path_openat+0x1142/0x46e0
[   66.055898][ T8351]        do_filp_open+0x1a1/0x280
[   66.060946][ T8351]        do_sys_open+0x3fe/0x5d0
[   66.065895][ T8351]        __x64_sys_open+0x7e/0xc0
[   66.071163][ T8351]        do_syscall_64+0x103/0x610
[   66.076280][ T8351]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.083449][ T8351] 
[   66.083449][ T8351] -> #0 (sb_writers#4){.+.+}:
[   66.090418][ T8351]        __lock_acquire+0x239c/0x3fb0
[   66.096329][ T8351]        lock_acquire+0x16f/0x3f0
[   66.102256][ T8351]        __sb_start_write+0x20b/0x360
[   66.108729][ T8351]        mnt_want_write+0x3f/0xc0
[   66.114060][ T8351]        ovl_want_write+0x76/0xa0
[   66.123208][ T8351]        ovl_open_maybe_copy_up+0x122/0x180
[   66.129752][ T8351]        ovl_open+0xb3/0x270
[   66.134339][ T8351]        do_dentry_open+0x4e2/0x1250
[   66.140163][ T8351]        dentry_open+0x132/0x1d0
[   66.145324][ T8351]        ima_calc_file_hash+0x33f/0x570
[   66.151612][ T8351]        ima_collect_measurement+0x50f/0x5c0
[   66.158192][ T8351]        process_measurement+0xeca/0x1570
[   66.163926][ T8351]        ima_file_check+0xc5/0x110
[   66.169269][ T8351]        path_openat+0x1142/0x46e0
[   66.175017][ T8351]        do_filp_open+0x1a1/0x280
[   66.180335][ T8351]        do_sys_open+0x3fe/0x5d0
[   66.185361][ T8351]        __x64_sys_openat+0x9d/0x100
[   66.190966][ T8351]        do_syscall_64+0x103/0x610
[   66.197435][ T8351]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.204428][ T8351] 
[   66.204428][ T8351] other info that might help us debug this:
[   66.204428][ T8351] 
[   66.216375][ T8351]  Possible unsafe locking scenario:
[   66.216375][ T8351] 
[   66.225337][ T8351]        CPU0                    CPU1
[   66.230852][ T8351]        ----                    ----
[   66.236215][ T8351]   lock(&iint->mutex);
[   66.240386][ T8351]                                lock(sb_writers#4);
[   66.247102][ T8351]                                lock(&iint->mutex);
[   66.253795][ T8351]   lock(sb_writers#4);
[   66.258042][ T8351] 
[   66.258042][ T8351]  *** DEADLOCK ***
[   66.258042][ T8351] 
[   66.266190][ T8351] 1 lock held by syz-executor.0/8351:
[   66.271545][ T8351]  #0: 00000000bbf6320a (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   66.281151][ T8351] 
[   66.281151][ T8351] stack backtrace:
[   66.287044][ T8351] CPU: 0 PID: 8351 Comm: syz-executor.0 Not tainted 5.1.0-rc6+ #85
[   66.295039][ T8351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.305108][ T8351] Call Trace:
[   66.308424][ T8351]  dump_stack+0x172/0x1f0
[   66.312756][ T8351]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   66.318856][ T8351]  check_prev_add.constprop.0+0xf11/0x23c0
[   66.325380][ T8351]  ? check_usage+0x570/0x570
[   66.332960][ T8351]  ? tomoyo_check_open_permission+0x1b1/0x3f0
[   66.339038][ T8351]  ? find_held_lock+0x35/0x130
[   66.343801][ T8351]  ? graph_lock+0x7b/0x200
[   66.348242][ T8351]  ? __lockdep_reset_lock+0x450/0x450
[   66.353644][ T8351]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   66.359891][ T8351]  __lock_acquire+0x239c/0x3fb0
[   66.364786][ T8351]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.371055][ T8351]  ? mark_held_locks+0xf0/0xf0
[   66.375822][ T8351]  lock_acquire+0x16f/0x3f0
[   66.380324][ T8351]  ? mnt_want_write+0x3f/0xc0
[   66.385007][ T8351]  __sb_start_write+0x20b/0x360
[   66.389887][ T8351]  ? mnt_want_write+0x3f/0xc0
[   66.394573][ T8351]  mnt_want_write+0x3f/0xc0
[   66.399081][ T8351]  ovl_want_write+0x76/0xa0
[   66.403584][ T8351]  ovl_open_maybe_copy_up+0x122/0x180
[   66.409086][ T8351]  ovl_open+0xb3/0x270
[   66.413322][ T8351]  do_dentry_open+0x4e2/0x1250
[   66.418108][ T8351]  ? ovl_llseek+0x110/0x110
[   66.422624][ T8351]  ? chown_common+0x5c0/0x5c0
[   66.427322][ T8351]  dentry_open+0x132/0x1d0
[   66.431953][ T8351]  ima_calc_file_hash+0x33f/0x570
[   66.436984][ T8351]  ima_collect_measurement+0x50f/0x5c0
[   66.442468][ T8351]  ? ima_get_action+0xa0/0xa0
[   66.447161][ T8351]  process_measurement+0xeca/0x1570
[   66.452364][ T8351]  ? ima_add_template_entry.cold+0x48/0x48
[   66.458178][ T8351]  ? do_dentry_open+0xb9f/0x1250
[   66.463124][ T8351]  ? lockdep_init_map+0x1be/0x6d0
[   66.468159][ T8351]  ? selinux_task_getsecid+0x176/0x2e0
[   66.473639][ T8351]  ? find_held_lock+0x35/0x130
[   66.478412][ T8351]  ? selinux_task_getsecid+0x176/0x2e0
[   66.483903][ T8351]  ? lock_downgrade+0x880/0x880
[   66.488780][ T8351]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.495027][ T8351]  ? kasan_check_read+0x11/0x20
[   66.499914][ T8351]  ? selinux_task_getsecid+0x19d/0x2e0
[   66.505874][ T8351]  ima_file_check+0xc5/0x110
[   66.510602][ T8351]  ? process_measurement+0x1570/0x1570
[   66.516098][ T8351]  ? inode_permission+0xb4/0x570
[   66.521056][ T8351]  path_openat+0x1142/0x46e0
[   66.525648][ T8351]  ? save_stack+0x45/0xd0
[   66.529978][ T8351]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   66.535786][ T8351]  ? kasan_slab_alloc+0xf/0x20
[   66.540578][ T8351]  ? kmem_cache_alloc+0x11a/0x6f0
[   66.545632][ T8351]  ? getname_flags+0xd6/0x5b0
[   66.550318][ T8351]  ? getname+0x1a/0x20
[   66.555503][ T8351]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   66.560881][ T8351]  do_filp_open+0x1a1/0x280
[   66.565396][ T8351]  ? __alloc_fd+0x44d/0x560
[   66.569910][ T8351]  ? may_open_dev+0x100/0x100
[   66.574634][ T8351]  ? kasan_check_read+0x11/0x20
[   66.579506][ T8351]  ? do_raw_spin_unlock+0x57/0x270
[   66.584629][ T8351]  do_sys_open+0x3fe/0x5d0
[   66.589049][ T8351]  ? filp_open+0x80/0x80
[   66.593324][ T8351]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.599024][ T8351]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.604522][ T8351]  ? do_syscall_64+0x26/0x610
[   66.609469][ T8351]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.615570][ T8351]  ? do_syscall_64+0x26/0x610
[   66.620262][ T8351]  __x64_sys_openat+0x9d/0x100
[   66.625032][ T8351]  do_syscall_64+0x103/0x610
[   66.629648][ T8351]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.635545][ T8351] RIP: 0033:0x458da9
[   66.639437][ T8351] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.659522][ T8351] RSP: 002b:00007ffd75e58c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   66.667966][ T8351] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9
[   66.675935][ T8351] RDX: 0000000000000003 RSI: 0000000020000200 RDI: ffffffffffffff9c
[   66.683923][ T8351] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   66.691904][ T8351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001729914
[   66.700091][ T8351] R13: 00000000004c5098 R14: 00000000004d8f78 R15: 00000000ffffffff
[   66.823151][ T8345] kobject: 'batman_adv' (000000005d57bef2): kobject_uevent_env
[   66.830871][ T8345] kobject: 'batman_adv' (000000005d57bef2): kobject_uevent_env: filter function caused the event to drop!
[   66.842685][ T8345] kobject: 'batman_adv' (000000005d57bef2): kobject_cleanup, parent           (null)
[   66.852854][ T8345] kobject: 'batman_adv' (000000005d57bef2): calling ktype release
[   66.861377][ T8345] kobject: (000000005d57bef2): dynamic_kobj_release
[   66.868429][ T8345] kobject: 'batman_adv': free name
[   66.877728][ T8345] kobject: 'rx-0' (00000000c6af8fb8): kobject_cleanup, parent 0000000025ad9dda
[   66.886883][ T8345] kobject: 'rx-0' (00000000c6af8fb8): auto cleanup 'remove' event
[   66.894852][ T8345] kobject: 'rx-0' (00000000c6af8fb8): kobject_uevent_env
[   66.902261][ T8345] kobject: 'rx-0' (00000000c6af8fb8): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
[   66.915360][ T8345] kobject: 'rx-0' (00000000c6af8fb8): auto cleanup kobject_del
[   66.927245][ T8345] kobject: 'rx-0' (00000000c6af8fb8): calling ktype release
[   66.934761][ T8345] kobject: 'rx-0': free name
[   66.940789][ T8345] kobject: 'tx-0' (00000000f2333abb): kobject_cleanup, parent 0000000025ad9dda
[   66.950923][ T8345] kobject: 'tx-0' (00000000f2333abb): auto cleanup 'remove' event
[   66.966369][ T8345] kobject: 'tx-0' (00000000f2333abb): kobject_uevent_env
[   66.974032][ T8345] kobject: 'tx-0' (00000000