Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
syzkaller login: [ 62.186579] kauditd_printk_skb: 5 callbacks suppressed
[ 62.186596] audit: type=1400 audit(1555798497.748:36): avc: denied { map } for pid=8020 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/04/20 22:14:58 parsed 1 programs
[ 63.089427] audit: type=1400 audit(1555798498.648:37): avc: denied { map } for pid=8020 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=23 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/04/20 22:15:00 executed programs: 0
[ 64.984005] IPVS: ftp: loaded support on port[0] = 21
[ 65.044093] chnl_net:caif_netlink_parms(): no params data found
[ 65.074968] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.081547] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.088935] device bridge_slave_0 entered promiscuous mode
[ 65.096458] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.102953] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.110012] device bridge_slave_1 entered promiscuous mode
[ 65.125427] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 65.134546] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 65.151343] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 65.159380] team0: Port device team_slave_0 added
[ 65.165107] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 65.172429] team0: Port device team_slave_1 added
[ 65.177642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 65.185048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 65.264104] device hsr_slave_0 entered promiscuous mode
[ 65.302584] device hsr_slave_1 entered promiscuous mode
[ 65.362450] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 65.369382] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 65.383380] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.389804] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.396657] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.403037] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.436507] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 65.443509] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.451607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 65.460188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 65.480220] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.487669] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.495654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 65.505807] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 65.512236] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.521509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 65.529637] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.536027] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.546099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 65.553866] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.560247] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.577133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 65.585485] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 65.594810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 65.608527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 65.618591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 65.629116] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 65.636400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 65.644249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 65.656598] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 65.663500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 65.675152] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 65.686209] audit: type=1400 audit(1555798501.248:38): avc: denied { associate } for pid=8036 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[ 65.754901]
[ 65.756542] ======================================================
[ 65.762938] WARNING: possible circular locking dependency detected
[ 65.769237] 4.19.36 #4 Not tainted
[ 65.772757] ------------------------------------------------------
[ 65.779057] syz-executor.0/8042 is trying to acquire lock:
[ 65.785213] 00000000b3d4ab27 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0
[ 65.793919]
[ 65.793919] but task is already holding lock:
[ 65.799967] 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[ 65.808444]
[ 65.808444] which lock already depends on the new lock.
[ 65.808444]
[ 65.816867]
[ 65.816867] the existing dependency chain (in reverse order) is:
[ 65.824604]
[ 65.824604] -> #1 (&iint->mutex){+.+.}:
[ 65.830144] __mutex_lock+0xf7/0x1300
[ 65.834459] mutex_lock_nested+0x16/0x20
[ 65.839081] process_measurement+0x354/0x1570
[ 65.844095] ima_file_check+0xc5/0x110
[ 65.848518] path_openat+0x1130/0x4690
[ 65.852924] do_filp_open+0x1a1/0x280
[ 65.857530] do_sys_open+0x3fe/0x550
[ 65.861847] __x64_sys_open+0x7e/0xc0
[ 65.866711] do_syscall_64+0x103/0x610
[ 65.871157] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 65.876857]
[ 65.876857] -> #0 (sb_writers#4){.+.+}:
[ 65.882831] lock_acquire+0x16f/0x3f0
[ 65.888690] __sb_start_write+0x20b/0x360
[ 65.893829] mnt_want_write+0x3f/0xc0
[ 65.901515] ovl_want_write+0x76/0xa0
[ 65.906315] ovl_open_maybe_copy_up+0x122/0x180
[ 65.911691] ovl_open+0xb3/0x270
[ 65.915582] do_dentry_open+0x4c6/0x1200
[ 65.920369] dentry_open+0x132/0x1d0
[ 65.924703] ima_calc_file_hash+0x68a/0x980
[ 65.930977] ima_collect_measurement+0x50f/0x5c0
[ 65.936339] process_measurement+0xeca/0x1570
[ 65.941345] ima_file_check+0xc5/0x110
[ 65.945783] path_openat+0x1130/0x4690
[ 65.950177] do_filp_open+0x1a1/0x280
[ 65.954490] do_sys_open+0x3fe/0x550
[ 65.958885] __x64_sys_open+0x7e/0xc0
[ 65.963197] do_syscall_64+0x103/0x610
[ 65.967598] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 65.973392]
[ 65.973392] other info that might help us debug this:
[ 65.973392]
[ 65.981706] Possible unsafe locking scenario:
[ 65.981706]
[ 65.987748] CPU0 CPU1
[ 65.992396] ---- ----
[ 65.997046] lock(&iint->mutex);
[ 66.000569] lock(sb_writers#4);
[ 66.006543] lock(&iint->mutex);
[ 66.012507] lock(sb_writers#4);
[ 66.015949]
[ 66.015949] *** DEADLOCK ***
[ 66.015949]
[ 66.022058] 1 lock held by syz-executor.0/8042:
[ 66.026759] #0: 000000005fd42091 (&iint->mutex){+.+.}, at: process_measurement+0x354/0x1570
[ 66.035398]
[ 66.035398] stack backtrace:
[ 66.039897] CPU: 0 PID: 8042 Comm: syz-executor.0 Not tainted 4.19.36 #4
[ 66.046732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.056176] Call Trace:
[ 66.058785] dump_stack+0x172/0x1f0
[ 66.062466] print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 66.067914] __lock_acquire+0x2e6d/0x48f0
[ 66.072067] ? mark_held_locks+0x100/0x100
[ 66.076355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.081964] ? avc_has_perm+0x404/0x610
[ 66.086055] ? avc_has_perm_noaudit+0x570/0x570
[ 66.090774] ? __lock_is_held+0xb6/0x140
[ 66.094893] lock_acquire+0x16f/0x3f0
[ 66.098694] ? mnt_want_write+0x3f/0xc0
[ 66.102664] __sb_start_write+0x20b/0x360
[ 66.106802] ? mnt_want_write+0x3f/0xc0
[ 66.110769] mnt_want_write+0x3f/0xc0
[ 66.114573] ovl_want_write+0x76/0xa0
[ 66.118881] ovl_open_maybe_copy_up+0x122/0x180
[ 66.123595] ovl_open+0xb3/0x270
[ 66.127000] ? security_file_open+0x89/0x1b0
[ 66.143865] do_dentry_open+0x4c6/0x1200
[ 66.147952] ? check_preemption_disabled+0x48/0x290
[ 66.153004] ? ovl_llseek+0x110/0x110
[ 66.156795] ? chown_common+0x5c0/0x5c0
[ 66.160760] dentry_open+0x132/0x1d0
[ 66.164466] ima_calc_file_hash+0x68a/0x980
[ 66.168779] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 66.174315] ima_collect_measurement+0x50f/0x5c0
[ 66.179099] ? ima_get_action+0xa0/0xa0
[ 66.183069] process_measurement+0xeca/0x1570
[ 66.187644] ? ima_add_template_entry.cold+0x48/0x48
[ 66.192778] ? mark_held_locks+0x100/0x100
[ 66.197034] ? ext4_file_read_iter+0x3c0/0x3c0
[ 66.201609] ? selinux_task_getsecid+0x16f/0x2d0
[ 66.206361] ? find_held_lock+0x35/0x130
[ 66.210409] ? selinux_task_getsecid+0x16f/0x2d0
[ 66.215152] ? lock_downgrade+0x810/0x810
[ 66.219289] ? kasan_check_read+0x11/0x20
[ 66.223422] ? selinux_task_getsecid+0x196/0x2d0
[ 66.228170] ima_file_check+0xc5/0x110
[ 66.232133] ? process_measurement+0x1570/0x1570
[ 66.236876] ? inode_permission+0xb4/0x570
[ 66.241109] path_openat+0x1130/0x4690
[ 66.245032] ? __lock_acquire+0x6eb/0x48f0
[ 66.249259] ? getname+0x1a/0x20
[ 66.252658] ? do_sys_open+0x2c9/0x550
[ 66.256541] ? path_lookupat.isra.0+0x8d0/0x8d0
[ 66.261202] ? find_held_lock+0x35/0x130
[ 66.265258] ? __alloc_fd+0x44d/0x560
[ 66.269054] do_filp_open+0x1a1/0x280
[ 66.272849] ? may_open_dev+0x100/0x100
[ 66.276897] ? kasan_check_read+0x11/0x20
[ 66.281037] ? do_raw_spin_unlock+0x57/0x270
[ 66.285449] ? _raw_spin_unlock+0x2d/0x50
[ 66.289596] ? __alloc_fd+0x44d/0x560
[ 66.293391] do_sys_open+0x3fe/0x550
[ 66.297096] ? filp_open+0x80/0x80
[ 66.300627] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 66.305377] ? do_syscall_64+0x26/0x610
[ 66.309458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 66.314820] ? do_syscall_64+0x26/0x610
[ 66.318798] __x64_sys_open+0x7e/0xc0
[ 66.322599] do_syscall_64+0x103/0x610
[ 66.326513] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 66.331731] RIP: 0033:0x458c29
[ 66.334921] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 66.353811] RSP: 002b:00007ffc26fde8a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 66.361516] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29
[ 66.368768] RDX: 0000000000000000 RSI: 0000000000000927 RDI: 0000000020000040
[ 66.376069] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 66.383434] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015bf914
[ 66.390798] R13: 00000000004f6d7f R14: 00000000004d8be8 R15: 00000000ffffffff