[ 45.286953] audit: type=1800 audit(1556295995.822:30): pid=7747 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.250719] kauditd_printk_skb: 4 callbacks suppressed [ 50.250735] audit: type=1400 audit(1556296000.822:35): avc: denied { map } for pid=7923 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 57.012027] audit: type=1400 audit(1556296007.582:36): avc: denied { map } for pid=7935 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/26 16:26:48 parsed 1 programs [ 57.864696] audit: type=1400 audit(1556296008.432:37): avc: denied { map } for pid=7935 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=65 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/04/26 16:26:50 executed programs: 0 [ 60.045316] IPVS: ftp: loaded support on port[0] = 21 [ 60.113446] chnl_net:caif_netlink_parms(): no params data found [ 60.150262] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.157064] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.164957] device bridge_slave_0 entered promiscuous mode [ 60.172669] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.179141] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.186150] device bridge_slave_1 entered promiscuous mode [ 60.203040] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.212245] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.230240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.237879] team0: Port device team_slave_0 added [ 60.243702] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.251035] team0: Port device team_slave_1 added [ 60.256353] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.264346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.320790] device hsr_slave_0 entered promiscuous mode [ 60.389065] device hsr_slave_1 entered promiscuous mode [ 60.428853] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 60.436149] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 60.451271] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.457789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.465089] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.471563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.506044] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 60.512319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.522033] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.532085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.551962] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.570267] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.577779] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.589480] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.595822] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.606334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.614221] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.620784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.633044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.640913] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.647379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.662323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.671324] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.686608] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.697625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.709174] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 60.716354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.724489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.732878] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.741515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.753770] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 60.765867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.777552] audit: type=1400 audit(1556296011.342:38): avc: denied { associate } for pid=7951 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 60.845492] [ 60.847305] ====================================================== [ 60.854357] WARNING: possible circular locking dependency detected [ 60.860672] 4.19.36 #4 Not tainted [ 60.864224] ------------------------------------------------------ [ 60.870582] syz-executor.0/7957 is trying to acquire lock: [ 60.876332] 000000003520db78 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 60.883872] [ 60.883872] but task is already holding lock: [ 60.890187] 0000000096876583 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 60.898379] [ 60.898379] which lock already depends on the new lock. [ 60.898379] [ 60.906848] [ 60.906848] the existing dependency chain (in reverse order) is: [ 60.914466] [ 60.914466] -> #1 (&iint->mutex){+.+.}: [ 60.920048] __mutex_lock+0xf7/0x1300 [ 60.924414] mutex_lock_nested+0x16/0x20 [ 60.929024] process_measurement+0x354/0x1570 [ 60.934059] ima_file_check+0xc5/0x110 [ 60.938539] path_openat+0x1130/0x4690 [ 60.942992] do_filp_open+0x1a1/0x280 [ 60.947334] do_sys_open+0x3fe/0x550 [ 60.951586] __x64_sys_open+0x7e/0xc0 [ 60.956039] do_syscall_64+0x103/0x610 [ 60.960455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.966351] [ 60.966351] -> #0 (sb_writers#4){.+.+}: [ 60.971865] lock_acquire+0x16f/0x3f0 [ 60.976255] __sb_start_write+0x20b/0x360 [ 60.980940] mnt_want_write+0x3f/0xc0 [ 60.985295] ovl_want_write+0x76/0xa0 [ 60.989909] ovl_open_maybe_copy_up+0x122/0x180 [ 60.995149] ovl_open+0xb3/0x270 [ 60.999046] do_dentry_open+0x4c6/0x1200 [ 61.003634] dentry_open+0x132/0x1d0 [ 61.007905] ima_calc_file_hash+0x68a/0x980 [ 61.012783] ima_collect_measurement+0x50f/0x5c0 [ 61.018063] process_measurement+0xeca/0x1570 [ 61.023140] ima_file_check+0xc5/0x110 [ 61.027585] path_openat+0x1130/0x4690 [ 61.031991] do_filp_open+0x1a1/0x280 [ 61.036303] do_sys_open+0x3fe/0x550 [ 61.040538] __x64_sys_openat+0x9d/0x100 [ 61.045120] do_syscall_64+0x103/0x610 [ 61.049517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.055234] [ 61.055234] other info that might help us debug this: [ 61.055234] [ 61.063406] Possible unsafe locking scenario: [ 61.063406] [ 61.069463] CPU0 CPU1 [ 61.074123] ---- ---- [ 61.078861] lock(&iint->mutex); [ 61.082318] lock(sb_writers#4); [ 61.088285] lock(&iint->mutex); [ 61.094456] lock(sb_writers#4); [ 61.097904] [ 61.097904] *** DEADLOCK *** [ 61.097904] [ 61.103952] 1 lock held by syz-executor.0/7957: [ 61.108604] #0: 0000000096876583 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570 [ 61.117192] [ 61.117192] stack backtrace: [ 61.121686] CPU: 1 PID: 7957 Comm: syz-executor.0 Not tainted 4.19.36 #4 [ 61.128506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.137863] Call Trace: [ 61.140563] dump_stack+0x172/0x1f0 [ 61.144210] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 61.149707] __lock_acquire+0x2e6d/0x48f0 [ 61.153880] ? mark_held_locks+0x100/0x100 [ 61.158135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.163693] ? avc_has_perm+0x404/0x610 [ 61.167749] ? avc_has_perm_noaudit+0x570/0x570 [ 61.172413] ? __lock_is_held+0xb6/0x140 [ 61.176469] lock_acquire+0x16f/0x3f0 [ 61.180288] ? mnt_want_write+0x3f/0xc0 [ 61.184256] __sb_start_write+0x20b/0x360 [ 61.188396] ? mnt_want_write+0x3f/0xc0 [ 61.192383] mnt_want_write+0x3f/0xc0 [ 61.196472] ovl_want_write+0x76/0xa0 [ 61.200278] ovl_open_maybe_copy_up+0x122/0x180 [ 61.204966] ovl_open+0xb3/0x270 [ 61.208350] ? security_file_open+0x89/0x1b0 [ 61.212777] do_dentry_open+0x4c6/0x1200 [ 61.216847] ? check_preemption_disabled+0x48/0x290 [ 61.221891] ? ovl_llseek+0x110/0x110 [ 61.225885] ? chown_common+0x5c0/0x5c0 [ 61.230141] dentry_open+0x132/0x1d0 [ 61.233942] ima_calc_file_hash+0x68a/0x980 [ 61.238273] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 61.243847] ima_collect_measurement+0x50f/0x5c0 [ 61.248750] ? ima_get_action+0xa0/0xa0 [ 61.253215] process_measurement+0xeca/0x1570 [ 61.257734] ? ima_add_template_entry.cold+0x48/0x48 [ 61.262857] ? mark_held_locks+0x100/0x100 [ 61.267219] ? ext4_file_read_iter+0x3c0/0x3c0 [ 61.272661] ? selinux_task_getsecid+0x16f/0x2d0 [ 61.278036] ? find_held_lock+0x35/0x130 [ 61.282116] ? selinux_task_getsecid+0x16f/0x2d0 [ 61.286970] ? lock_downgrade+0x810/0x810 [ 61.291232] ? kasan_check_read+0x11/0x20 [ 61.295637] ? selinux_task_getsecid+0x196/0x2d0 [ 61.300477] ima_file_check+0xc5/0x110 [ 61.304358] ? process_measurement+0x1570/0x1570 [ 61.309379] ? inode_permission+0xb4/0x570 [ 61.313608] path_openat+0x1130/0x4690 [ 61.318325] ? __lock_acquire+0x6eb/0x48f0 [ 61.322681] ? getname_flags+0xd6/0x5b0 [ 61.326654] ? getname+0x1a/0x20 [ 61.330137] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 61.334811] ? __lock_is_held+0xb6/0x140 [ 61.338966] do_filp_open+0x1a1/0x280 [ 61.342774] ? __alloc_fd+0x44d/0x560 [ 61.346605] ? may_open_dev+0x100/0x100 [ 61.350594] ? kasan_check_read+0x11/0x20 [ 61.355114] ? do_raw_spin_unlock+0x57/0x270 [ 61.359704] do_sys_open+0x3fe/0x550 [ 61.363415] ? filp_open+0x80/0x80 [ 61.366955] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.371939] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.376707] ? do_syscall_64+0x26/0x610 [ 61.380787] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.386146] ? do_syscall_64+0x26/0x610 [ 61.390243] __x64_sys_openat+0x9d/0x100 [ 61.394328] do_syscall_64+0x103/0x610 [ 61.398248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.403451] RIP: 0033:0x458da9 [ 61.406632] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.425533] RSP: 002b:00007ffd563910b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 61.433248] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9 [ 61.440596] RDX: 0000000000000003 RSI: 0000000020000200 RDI: ffffffffffffff9c [ 61.