./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3948757501 <...> Warning: Permanently added '10.128.1.190' (ECDSA) to the list of known hosts. execve("./syz-executor3948757501", ["./syz-executor3948757501"], 0x7ffeb29ee9e0 /* 10 vars */) = 0 brk(NULL) = 0x555556638000 brk(0x555556638c40) = 0x555556638c40 arch_prctl(ARCH_SET_FS, 0x555556638300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3948757501", 4096) = 28 brk(0x555556659c40) = 0x555556659c40 brk(0x55555665a000) = 0x55555665a000 mprotect(0x7fca1138a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 mknodat(AT_FDCWD, "./file0", 000) = 0 mkdir("./bus", 000) = 0 mkdir("./file1", 000) = 0 mount(NULL, "./bus", "overlay", 0, "upperdir=./bus,workdir=./file1,lowerdir=.") = 0 chdir("./bus") = 0 syzkaller login: [ 56.854974][ T5078] [ 56.857349][ T5078] ====================================================== [ 56.864403][ T5078] WARNING: possible circular locking dependency detected [ 56.871415][ T5078] 6.1.0-next-20221215-syzkaller #0 Not tainted [ 56.877584][ T5078] ------------------------------------------------------ [ 56.884585][ T5078] syz-executor394/5078 is trying to acquire lock: [ 56.890999][ T5078] ffff88802901c460 (sb_writers#4){.+.+}-{0:0}, at: ovl_maybe_copy_up+0x123/0x190 [ 56.900238][ T5078] [ 56.900238][ T5078] but task is already holding lock: [ 56.907610][ T5078] ffff888021a2d620 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x3ab/0x18b0 [ 56.917032][ T5078] [ 56.917032][ T5078] which lock already depends on the new lock. [ 56.917032][ T5078] [ 56.927437][ T5078] [ 56.927437][ T5078] the existing dependency chain (in reverse order) is: [ 56.936444][ T5078] [ 56.936444][ T5078] -> #1 (&iint->mutex){+.+.}-{3:3}: [ 56.943841][ T5078] __mutex_lock+0x12f/0x1360 [ 56.948970][ T5078] process_measurement+0x3ab/0x18b0 [ 56.954730][ T5078] ima_file_check+0xb0/0x100 [ 56.959875][ T5078] path_openat+0x15f1/0x2a50 [ 56.965010][ T5078] do_filp_open+0x1ba/0x410 [ 56.970044][ T5078] do_sys_openat2+0x16d/0x4c0 [ 56.975253][ T5078] __x64_sys_openat+0x143/0x1f0 [ 56.980629][ T5078] do_syscall_64+0x39/0xb0 [ 56.985577][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.991998][ T5078] [ 56.991998][ T5078] -> #0 (sb_writers#4){.+.+}-{0:0}: [ 56.999397][ T5078] __lock_acquire+0x2a43/0x56d0 [ 57.004772][ T5078] lock_acquire.part.0+0x11a/0x350 [ 57.010417][ T5078] mnt_want_write+0x70/0x3e0 [ 57.015536][ T5078] ovl_maybe_copy_up+0x123/0x190 [ 57.021017][ T5078] ovl_open+0xf5/0x2e0 [ 57.025635][ T5078] do_dentry_open+0x6cc/0x13f0 [ 57.030943][ T5078] dentry_open+0x136/0x1d0 [ 57.035894][ T5078] ima_calc_file_hash+0x2ca/0x4a0 [ 57.041533][ T5078] ima_collect_measurement+0x538/0x650 [ 57.047524][ T5078] process_measurement+0xd23/0x18b0 [ 57.053250][ T5078] ima_file_check+0xb0/0x100 [ 57.058366][ T5078] path_openat+0x15f1/0x2a50 [ 57.063507][ T5078] do_filp_open+0x1ba/0x410 [ 57.068537][ T5078] do_sys_openat2+0x16d/0x4c0 [ 57.073773][ T5078] __x64_sys_open+0x11d/0x1c0 [ 57.078972][ T5078] do_syscall_64+0x39/0xb0 [ 57.083954][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.090372][ T5078] [ 57.090372][ T5078] other info that might help us debug this: [ 57.090372][ T5078] [ 57.100619][ T5078] Possible unsafe locking scenario: [ 57.100619][ T5078] [ 57.108065][ T5078] CPU0 CPU1 [ 57.113422][ T5078] ---- ---- [ 57.118786][ T5078] lock(&iint->mutex); [ 57.122942][ T5078] lock(sb_writers#4); [ 57.129625][ T5078] lock(&iint->mutex); [ 57.136303][ T5078] lock(sb_writers#4); [ 57.140463][ T5078] [ 57.140463][ T5078] *** DEADLOCK *** [ 57.140463][ T5078] [ 57.148599][ T5078] 1 lock held by syz-executor394/5078: [ 57.154072][ T5078] #0: ffff888021a2d620 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x3ab/0x18b0 [ 57.163924][ T5078] [ 57.163924][ T5078] stack backtrace: [ 57.169818][ T5078] CPU: 0 PID: 5078 Comm: syz-executor394 Not tainted 6.1.0-next-20221215-syzkaller #0 [ 57.179370][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.189441][ T5078] Call Trace: [ 57.192776][ T5078] [ 57.195762][ T5078] dump_stack_lvl+0xd1/0x138 [ 57.200368][ T5078] check_noncircular+0x25f/0x2e0 [ 57.205310][ T5078] ? print_circular_bug+0x1e0/0x1e0 [ 57.210544][ T5078] ? mark_held_locks+0x9f/0xe0 [ 57.215344][ T5078] ? mark_held_locks+0x9f/0xe0 [ 57.220111][ T5078] __lock_acquire+0x2a43/0x56d0 [ 57.224988][ T5078] ? __kmem_cache_free+0xaf/0x3b0 [ 57.230036][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 57.236038][ T5078] ? tomoyo_check_open_permission+0x1f6/0x3a0 [ 57.242327][ T5078] lock_acquire.part.0+0x11a/0x350 [ 57.247494][ T5078] ? ovl_maybe_copy_up+0x123/0x190 [ 57.252626][ T5078] ? lock_release+0x810/0x810 [ 57.257310][ T5078] ? ovl_maybe_copy_up+0x123/0x190 [ 57.262424][ T5078] ? rcu_read_lock_sched_held+0x3e/0x70 [ 57.267971][ T5078] ? trace_lock_acquire+0x1d1/0x290 [ 57.273171][ T5078] ? ovl_maybe_copy_up+0x123/0x190 [ 57.278286][ T5078] ? lock_acquire+0x32/0xc0 [ 57.282786][ T5078] ? ovl_maybe_copy_up+0x123/0x190 [ 57.287904][ T5078] mnt_want_write+0x70/0x3e0 [ 57.292547][ T5078] ? ovl_maybe_copy_up+0x123/0x190 [ 57.297712][ T5078] ovl_maybe_copy_up+0x123/0x190 [ 57.302664][ T5078] ovl_open+0xf5/0x2e0 [ 57.306747][ T5078] ? __mnt_want_write+0x3f/0x2e0 [ 57.311697][ T5078] ? ovl_llseek+0x350/0x350 [ 57.316216][ T5078] ? fsnotify_perm.part.0+0x221/0x610 [ 57.321607][ T5078] do_dentry_open+0x6cc/0x13f0 [ 57.326383][ T5078] ? ovl_llseek+0x350/0x350 [ 57.330899][ T5078] dentry_open+0x136/0x1d0 [ 57.335329][ T5078] ima_calc_file_hash+0x2ca/0x4a0 [ 57.340380][ T5078] ima_collect_measurement+0x538/0x650 [ 57.345937][ T5078] ? ima_get_action+0xa0/0xa0 [ 57.350715][ T5078] ? ima_get_cache_status+0x1e0/0x1e0 [ 57.356103][ T5078] process_measurement+0xd23/0x18b0 [ 57.361313][ T5078] ? mmap_violation_check+0x1f0/0x1f0 [ 57.366708][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 57.371595][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 57.376566][ T5078] ? file_ra_state_init+0x39/0xd0 [ 57.381608][ T5078] ? do_dentry_open+0xd1f/0x13f0 [ 57.386556][ T5078] ? ext4_file_write_iter+0x1710/0x1710 [ 57.392107][ T5078] ? __alloc_file+0x1e8/0x270 [ 57.396829][ T5078] ? revert_creds+0x190/0x1f0 [ 57.401513][ T5078] ? ovl_open_realfile+0x17b/0x360 [ 57.406641][ T5078] ? ovl_open+0x10b/0x2e0 [ 57.411011][ T5078] ? ovl_llseek+0x350/0x350 [ 57.415570][ T5078] ? apparmor_current_getsecid_subj+0x1f9/0x570 [ 57.421972][ T5078] ima_file_check+0xb0/0x100 [ 57.426594][ T5078] ? do_dentry_open+0xd1f/0x13f0 [ 57.431550][ T5078] ? process_measurement+0x18b0/0x18b0 [ 57.437029][ T5078] ? ovl_llseek+0x350/0x350 [ 57.441566][ T5078] ? may_open+0x1f6/0x420 [ 57.445941][ T5078] path_openat+0x15f1/0x2a50 [ 57.450550][ T5078] ? path_lookupat+0x840/0x840 [ 57.455441][ T5078] do_filp_open+0x1ba/0x410 [ 57.459998][ T5078] ? may_open_dev+0xf0/0xf0 [ 57.464513][ T5078] ? find_held_lock+0x2d/0x110 [ 57.469293][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 57.474318][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 57.479262][ T5078] ? _raw_spin_unlock+0x28/0x40 [ 57.484116][ T5078] ? alloc_fd+0x2d8/0x6d0 [ 57.488450][ T5078] do_sys_openat2+0x16d/0x4c0 [ 57.493134][ T5078] ? build_open_flags+0x6f0/0x6f0 [ 57.498249][ T5078] ? ptrace_notify+0xfe/0x140 [ 57.503058][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 57.507919][ T5078] __x64_sys_open+0x11d/0x1c0 [ 57.512600][ T5078] ? do_sys_open+0x150/0x150 [ 57.517193][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.522406][ T5078] ? ptrace_notify+0xfe/0x140 [ 57.527094][ T5078] do_syscall_64+0x39/0xb0 [ 57.531522][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.537420][ T5078] RIP: 0033:0x7fca1131dc69 [ 57.541839][ T5078] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.561460][ T5078] RSP: 002b:00007ffd2dd98558 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 57.569877][ T5078] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fca1131dc69 [ 57.577847][ T5078] RDX: 0000000000000000 RSI: 000000000000007f RDI: 0000000020000180 [ 57.585817][ T5078] RBP: 00007fca112e1e10 R08: 0000000000000000 R09: 0000000000000000 [ 57.593785][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca112e1ea0 open("./file0", O_ACCMODE|O_CREAT|0x3c, 000) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 57.601932][ T5078] R13: 0000000000000000 R14: 0000000000000000 R15: 00