[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   38.194745][   T26] audit: type=1800 audit(1556298443.717:25): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   38.223127][   T26] audit: type=1800 audit(1556298443.727:26): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.256626][   T26] audit: type=1800 audit(1556298443.727:27): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts.
2019/04/26 17:07:37 parsed 1 programs
2019/04/26 17:07:38 executed programs: 0
syzkaller login: [   53.444481][ T7783] IPVS: ftp: loaded support on port[0] = 21
[   53.503655][ T7783] chnl_net:caif_netlink_parms(): no params data found
[   53.534722][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.542663][ T7783] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.550893][ T7783] device bridge_slave_0 entered promiscuous mode
[   53.559186][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.566442][ T7783] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.574205][ T7783] device bridge_slave_1 entered promiscuous mode
[   53.591635][ T7783] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   53.601455][ T7783] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   53.620962][ T7783] team0: Port device team_slave_0 added
[   53.628025][ T7783] team0: Port device team_slave_1 added
[   53.707893][ T7783] device hsr_slave_0 entered promiscuous mode
[   53.776759][ T7783] device hsr_slave_1 entered promiscuous mode
[   53.834165][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.841358][ T7783] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.849177][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.856300][ T7783] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.886880][ T7783] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.899511][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.910704][ T2989] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.918923][ T2989] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.932621][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   53.944790][ T7783] 8021q: adding VLAN 0 to HW filter on device team0
[   53.954761][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.963458][   T23] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.970618][   T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.990534][ T7786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.998950][ T7786] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.008166][ T7786] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.022704][ T7786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.033410][ T7786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.042952][ T7786] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.058495][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.067149][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.078854][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.097167][ T7783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.159098][ T7790] 
[   54.161453][ T7790] ======================================================
[   54.168945][ T7790] WARNING: possible circular locking dependency detected
[   54.177147][ T7790] 5.1.0-rc6-next-20190426 #31 Not tainted
[   54.183287][ T7790] ------------------------------------------------------
[   54.190368][ T7790] syz-executor.0/7790 is trying to acquire lock:
[   54.196820][ T7790] 00000000b15a480c (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0
[   54.204986][ T7790] 
[   54.204986][ T7790] but task is already holding lock:
[   54.212354][ T7790] 00000000aed3dea4 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   54.221213][ T7790] 
[   54.221213][ T7790] which lock already depends on the new lock.
[   54.221213][ T7790] 
[   54.232211][ T7790] 
[   54.232211][ T7790] the existing dependency chain (in reverse order) is:
[   54.241243][ T7790] 
[   54.241243][ T7790] -> #1 (&iint->mutex){+.+.}:
[   54.248318][ T7790]        lock_acquire+0x16f/0x3f0
[   54.253335][ T7790]        __mutex_lock+0xf7/0x1310
[   54.258376][ T7790]        mutex_lock_nested+0x16/0x20
[   54.263660][ T7790]        process_measurement+0x354/0x1570
[   54.270063][ T7790]        ima_file_check+0xc5/0x110
[   54.275177][ T7790]        path_openat+0x1142/0x46e0
[   54.280697][ T7790]        do_filp_open+0x1a1/0x280
[   54.286857][ T7790]        do_sys_open+0x3fe/0x5d0
[   54.292024][ T7790]        __x64_sys_open+0x7e/0xc0
[   54.297914][ T7790]        do_syscall_64+0x103/0x670
[   54.303052][ T7790]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.312818][ T7790] 
[   54.312818][ T7790] -> #0 (sb_writers#3){.+.+}:
[   54.319785][ T7790]        __lock_acquire+0x239c/0x3fb0
[   54.325194][ T7790]        lock_acquire+0x16f/0x3f0
[   54.330216][ T7790]        __sb_start_write+0x20b/0x360
[   54.335665][ T7790]        mnt_want_write+0x3f/0xc0
[   54.340713][ T7790]        ovl_want_write+0x76/0xa0
[   54.346035][ T7790]        ovl_open_maybe_copy_up+0x122/0x180
[   54.352026][ T7790]        ovl_open+0xb3/0x270
[   54.356615][ T7790]        do_dentry_open+0x4e2/0x1250
[   54.361907][ T7790]        dentry_open+0x132/0x1d0
[   54.366976][ T7790]        ima_calc_file_hash+0x33f/0x570
[   54.376982][ T7790]        ima_collect_measurement+0x50f/0x5c0
[   54.383612][ T7790]        process_measurement+0xeca/0x1570
[   54.389348][ T7790]        ima_file_check+0xc5/0x110
[   54.394643][ T7790]        path_openat+0x1142/0x46e0
[   54.404413][ T7790]        do_filp_open+0x1a1/0x280
[   54.410326][ T7790]        do_sys_open+0x3fe/0x5d0
[   54.419787][ T7790]        __x64_sys_openat+0x9d/0x100
[   54.425097][ T7790]        do_syscall_64+0x103/0x670
[   54.430228][ T7790]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.441549][ T7790] 
[   54.441549][ T7790] other info that might help us debug this:
[   54.441549][ T7790] 
[   54.451788][ T7790]  Possible unsafe locking scenario:
[   54.451788][ T7790] 
[   54.459235][ T7790]        CPU0                    CPU1
[   54.465108][ T7790]        ----                    ----
[   54.470821][ T7790]   lock(&iint->mutex);
[   54.474963][ T7790]                                lock(sb_writers#3);
[   54.481654][ T7790]                                lock(&iint->mutex);
[   54.488865][ T7790]   lock(sb_writers#3);
[   54.493468][ T7790] 
[   54.493468][ T7790]  *** DEADLOCK ***
[   54.493468][ T7790] 
[   54.501972][ T7790] 1 lock held by syz-executor.0/7790:
[   54.507434][ T7790]  #0: 00000000aed3dea4 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[   54.516990][ T7790] 
[   54.516990][ T7790] stack backtrace:
[   54.523833][ T7790] CPU: 0 PID: 7790 Comm: syz-executor.0 Not tainted 5.1.0-rc6-next-20190426 #31
[   54.533662][ T7790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.544751][ T7790] Call Trace:
[   54.548558][ T7790]  dump_stack+0x172/0x1f0
[   54.558105][ T7790]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[   54.565033][ T7790]  check_prev_add.constprop.0+0xf11/0x23c0
[   54.573837][ T7790]  ? __bfs+0x232/0x590
[   54.580889][ T7790]  ? check_usage+0x5a0/0x5a0
[   54.587291][ T7790]  ? tomoyo_check_open_permission+0x1b1/0x3f0
[   54.594576][ T7790]  ? find_held_lock+0x35/0x130
[   54.600500][ T7790]  ? graph_lock+0x7b/0x200
[   54.604918][ T7790]  ? __lockdep_reset_lock+0x450/0x450
[   54.612303][ T7790]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.622014][ T7790]  __lock_acquire+0x239c/0x3fb0
[   54.631273][ T7790]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   54.646334][ T7790]  ? mark_held_locks+0xf0/0xf0
[   54.653969][ T7790]  lock_acquire+0x16f/0x3f0
[   54.666100][ T7790]  ? mnt_want_write+0x3f/0xc0
[   54.674077][ T7790]  __sb_start_write+0x20b/0x360
[   54.684821][ T7790]  ? mnt_want_write+0x3f/0xc0
[   54.691392][ T7790]  mnt_want_write+0x3f/0xc0
[   54.696770][ T7790]  ovl_want_write+0x76/0xa0
[   54.702151][ T7790]  ovl_open_maybe_copy_up+0x122/0x180
[   54.715509][ T7790]  ovl_open+0xb3/0x270
[   54.731472][ T7790]  do_dentry_open+0x4e2/0x1250
[   54.737477][ T7790]  ? ovl_llseek+0x110/0x110
[   54.756587][ T7790]  ? chown_common+0x5c0/0x5c0
[   54.762313][ T7790]  dentry_open+0x132/0x1d0
[   54.769564][ T7790]  ima_calc_file_hash+0x33f/0x570
[   54.776195][ T7790]  ima_collect_measurement+0x50f/0x5c0
[   54.783977][ T7790]  ? ima_get_action+0xa0/0xa0
[   54.798995][ T7790]  process_measurement+0xeca/0x1570
[   54.813454][ T7790]  ? ima_add_template_entry.cold+0x48/0x48
[   54.819893][ T7790]  ? aa_get_task_label+0x3a6/0x720
[   54.825474][ T7790]  ? find_held_lock+0x35/0x130
[   54.838239][ T7790]  ? aa_get_task_label+0x3a6/0x720
[   54.846105][ T7790]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.853956][ T7790]  ? refcount_sub_and_test_checked+0x154/0x200
[   54.868897][ T7790]  ? refcount_dec_not_one+0x1f0/0x1f0
[   54.881489][ T7790]  ? refcount_dec_and_test_checked+0x1b/0x20
[   54.892653][ T7790]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   54.903669][ T7790]  ? apparmor_task_getsecid+0x94/0xd0
[   54.911129][ T7790]  ima_file_check+0xc5/0x110
[   54.919005][ T7790]  ? process_measurement+0x1570/0x1570
[   54.925214][ T7790]  ? inode_permission+0xb4/0x570
[   54.930590][ T7790]  path_openat+0x1142/0x46e0
[   54.936554][ T7790]  ? save_stack+0x45/0xb0
[   54.945664][ T7790]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[   54.952828][ T7790]  ? kasan_slab_alloc+0xf/0x20
[   54.957604][ T7790]  ? kmem_cache_alloc+0x11a/0x6f0
[   54.962647][ T7790]  ? getname_flags+0xd6/0x5b0
[   54.967319][ T7790]  ? getname+0x1a/0x20
[   54.971908][ T7790]  ? path_lookupat.isra.0+0x8d0/0x8d0
[   54.977278][ T7790]  do_filp_open+0x1a1/0x280
[   54.981827][ T7790]  ? __alloc_fd+0x44d/0x560
[   54.986341][ T7790]  ? may_open_dev+0x100/0x100
[   54.991027][ T7790]  ? kasan_check_read+0x11/0x20
[   54.995873][ T7790]  ? do_raw_spin_unlock+0x57/0x270
[   55.000986][ T7790]  do_sys_open+0x3fe/0x5d0
[   55.005399][ T7790]  ? filp_open+0x80/0x80
[   55.009633][ T7790]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   55.015106][ T7790]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   55.020576][ T7790]  ? do_syscall_64+0x26/0x670
[   55.025259][ T7790]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.031353][ T7790]  ? do_syscall_64+0x26/0x670
[   55.036026][ T7790]  __x64_sys_openat+0x9d/0x100
[   55.040808][ T7790]  do_syscall_64+0x103/0x670
[   55.045507][ T7790]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.051559][ T7790] RIP: 0033:0x458da9
[   55.055810][ T7790] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.085509][ T7790] RSP: 002b:00007ffdd30c23c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   55.094091][ T7790] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9
[   55.102079][ T7790] RDX: 0000000000000003 RSI: 0000000020000200 RDI: ffffffffffffff9c
[   55.110064][ T7790] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[   55.122181][ T7790] R10: 0000000000000000 R11: 0000000000000246 R12: 00005555572a8914
[   55.130171][ T7790] R13: 00000000004c5098 R14: 00000000004d8f78 R15: 00000000ffffffff
[   55.261383][ T7783] kobject: 'batman_adv' (00000000bb5fac05): kobject_uevent_env
[   55.270220][ T7783] kobject: 'batman_adv' (00000000bb5fac05): kobject_uevent_env: filter function caused the event to drop!
[   55.287282][ T7783] kobject: 'batman_adv' (00000000bb5fac05): kobject_cleanup, parent 00000000e83b8bdb
[   55.298760][ T7783] kobject: 'batman_adv' (00000000bb5fac05): calling ktype release
[   55.306729][ T7783] kobject: (00000000bb5fac05): dynamic_kobj_release
[   55.314961][ T7783] kobject: 'batman_adv': free name
[   55.321737][ T7783] kobject: 'rx-0' (00000000cdb7d30e): kobject_cleanup, parent 00000000f31db0e3
[   55.330889][ T7783] kobject: 'rx-0' (00000000cdb7d30e): auto cleanup 'remove' event
[   55.339556][ T7783] kobject: 'rx-0' (00000000cdb7d30e): kobject_uevent_env
[   55.346687][ T7783] kobject: 'rx-0' (00000000cdb7d30e): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0'
[   55.358365][ T7783] kobject: 'rx-0' (0