[ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.693672] [ 33.695333] ====================================================== [ 33.701640] WARNING: possible circular locking dependency detected [ 33.707937] 4.19.206-syzkaller #0 Not tainted [ 33.712413] ------------------------------------------------------ [ 33.718721] syz-executor211/8117 is trying to acquire lock: [ 33.724406] 000000006a0da170 (sb_writers#3){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 33.731842] [ 33.731842] but task is already holding lock: [ 33.737834] 0000000052435a1e (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 33.745996] [ 33.745996] which lock already depends on the new lock. [ 33.745996] [ 33.754303] [ 33.754303] the existing dependency chain (in reverse order) is: [ 33.761995] [ 33.761995] -> #1 (&iint->mutex){+.+.}: [ 33.767433] process_measurement+0x316/0x1440 [ 33.772427] ima_file_check+0xb9/0x100 [ 33.776814] path_openat+0x7e4/0x2df0 [ 33.781111] do_filp_open+0x18c/0x3f0 [ 33.785412] do_sys_open+0x3b3/0x520 [ 33.789625] do_syscall_64+0xf9/0x620 [ 33.793924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.799607] [ 33.799607] -> #0 (sb_writers#3){.+.+}: [ 33.805049] __sb_start_write+0x6e/0x2a0 [ 33.809621] mnt_want_write+0x3a/0xb0 [ 33.813935] ovl_maybe_copy_up+0x11f/0x190 [ 33.818677] ovl_open+0xb4/0x260 [ 33.822545] do_dentry_open+0x4aa/0x1160 [ 33.827103] dentry_open+0x132/0x1d0 [ 33.831585] ima_calc_file_hash+0x628/0x8a0 [ 33.836403] ima_collect_measurement+0x4c4/0x570 [ 33.841654] process_measurement+0xddd/0x1440 [ 33.846652] ima_file_check+0xb9/0x100 [ 33.851038] path_openat+0x7e4/0x2df0 [ 33.855340] do_filp_open+0x18c/0x3f0 [ 33.859636] do_sys_open+0x3b3/0x520 [ 33.863847] do_syscall_64+0xf9/0x620 [ 33.868148] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.873853] [ 33.873853] other info that might help us debug this: [ 33.873853] [ 33.881988] Possible unsafe locking scenario: [ 33.881988] [ 33.888286] CPU0 CPU1 [ 33.893104] ---- ---- [ 33.897753] lock(&iint->mutex); [ 33.901186] lock(sb_writers#3); [ 33.907148] lock(&iint->mutex); [ 33.913106] lock(sb_writers#3); [ 33.916533] [ 33.916533] *** DEADLOCK *** [ 33.916533] [ 33.922578] 1 lock held by syz-executor211/8117: [ 33.927304] #0: 0000000052435a1e (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 33.935868] [ 33.935868] stack backtrace: [ 33.940357] CPU: 1 PID: 8117 Comm: syz-executor211 Not tainted 4.19.206-syzkaller #0 [ 33.948207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.957541] Call Trace: [ 33.960153] dump_stack+0x1fc/0x2ef [ 33.963767] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 33.969565] __lock_acquire+0x30c9/0x3ff0 [ 33.973703] ? mark_held_locks+0xf0/0xf0 [ 33.977744] ? kmem_cache_alloc+0x122/0x370 [ 33.982043] ? mark_held_locks+0xf0/0xf0 [ 33.986082] ? path_openat+0x7e4/0x2df0 [ 33.990037] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.995551] ? fs_reclaim_release+0xd0/0x110 [ 33.999935] lock_acquire+0x170/0x3c0 [ 34.003868] ? mnt_want_write+0x3a/0xb0 [ 34.007840] __sb_start_write+0x6e/0x2a0 [ 34.011893] ? mnt_want_write+0x3a/0xb0 [ 34.015919] mnt_want_write+0x3a/0xb0 [ 34.019709] ovl_maybe_copy_up+0x11f/0x190 [ 34.023936] ovl_open+0xb4/0x260 [ 34.027309] do_dentry_open+0x4aa/0x1160 [ 34.031443] ? ovl_fsync+0x220/0x220 [ 34.035135] ? chown_common+0x550/0x550 [ 34.039085] ? percpu_counter_add_batch+0x126/0x180 [ 34.044077] dentry_open+0x132/0x1d0 [ 34.047774] ima_calc_file_hash+0x628/0x8a0 [ 34.052075] ? xattr_list_one+0x120/0x120 [ 34.056201] ima_collect_measurement+0x4c4/0x570 [ 34.060948] ? ima_get_action+0x90/0x90 [ 34.064899] ? ima_get_cache_status+0x1d0/0x1d0 [ 34.069550] process_measurement+0xddd/0x1440 [ 34.074024] ? ima_restore_measurement_entry+0x40/0x40 [ 34.079277] ? file_ra_state_init+0xc4/0x1e0 [ 34.083661] ? aa_get_task_label+0x1e6/0x7f0 [ 34.088046] ? lock_downgrade+0x720/0x720 [ 34.092169] ? check_preemption_disabled+0x41/0x280 [ 34.097162] ? check_preemption_disabled+0x41/0x280 [ 34.102155] ? aa_get_task_label+0x20d/0x7f0 [ 34.106633] ? revert_creds+0x326/0x450 [ 34.110660] ? aa_capable+0xb80/0xb80 [ 34.114506] ? ovl_open+0xca/0x260 [ 34.118115] ? apparmor_task_getsecid+0x88/0xc0 [ 34.122769] ima_file_check+0xb9/0x100 [ 34.126636] ? process_measurement+0x1440/0x1440 [ 34.131370] ? inode_permission+0x3d/0x140 [ 34.135588] path_openat+0x7e4/0x2df0 [ 34.139444] ? path_lookupat+0x8d0/0x8d0 [ 34.144021] ? mark_held_locks+0xf0/0xf0 [ 34.148065] ? __lock_acquire+0x6de/0x3ff0 [ 34.152296] do_filp_open+0x18c/0x3f0 [ 34.156104] ? may_open_dev+0xf0/0xf0 [ 34.159885] ? lock_downgrade+0x720/0x720 [ 34.164009] ? lock_acquire+0x170/0x3c0 [ 34.167958] ? __alloc_fd+0x34/0x570 [ 34.171659] ? do_raw_spin_unlock+0x171/0x230 [ 34.176132] ? _raw_spin_unlock+0x29/0x40 [ 34.180258] ? __alloc_fd+0x28d/0x570 [ 34.184039] do_sys_open+0x3b3/0x520 [ 34.187729] ? filp_open+0x70/0x70 [ 34.191255] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.196595] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.201590] ? do_syscall_64+0x21/0x620 [ 34.205539] do_syscall_64+0xf9/0x620 [ 34.209320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.214497] RIP: 0033:0x43ef59 [ 34.217689] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.236692] RSP: 002b:00007fff75a2f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 34.244389] RAX: