./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3927268575 <...> Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. execve("./syz-executor3927268575", ["./syz-executor3927268575"], 0x7ffe8951c6b0 /* 10 vars */) = 0 brk(NULL) = 0x555556a48000 brk(0x555556a48c40) = 0x555556a48c40 arch_prctl(ARCH_SET_FS, 0x555556a48300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3927268575", 4096) = 28 brk(0x555556a69c40) = 0x555556a69c40 brk(0x555556a6a000) = 0x555556a6a000 mprotect(0x7fc31b725000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 mkdirat(AT_FDCWD, "./file0", 000) = 0 openat(AT_FDCWD, "./file0", O_RDONLY) = 5 mknodat(5, "./file0", 000) = 0 mkdirat(AT_FDCWD, "./file1", 000) = 0 mkdirat(AT_FDCWD, "./bus", 000) = 0 mount(NULL, "./bus", "overlay", 0, "workdir=./file1,lowerdir=./file0,upperdir=./bus,index=on") = 0 chdir("./bus") = 0 openat(AT_FDCWD, ".", O_RDONLY) = 6 [ 95.171695][ T5082] [ 95.174068][ T5082] ====================================================== [ 95.181079][ T5082] WARNING: possible circular locking dependency detected [ 95.188087][ T5082] 6.3.0-rc3-syzkaller-00012-g17214b70a159 #0 Not tainted [ 95.195097][ T5082] ------------------------------------------------------ [ 95.202105][ T5082] syz-executor392/5082 is trying to acquire lock: [ 95.208506][ T5082] ffff88814b9b0460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 95.217238][ T5082] [ 95.217238][ T5082] but task is already holding lock: [ 95.224594][ T5082] ffff88801fe5ace0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c0/0x1ce0 [ 95.233998][ T5082] [ 95.233998][ T5082] which lock already depends on the new lock. [ 95.233998][ T5082] [ 95.244396][ T5082] [ 95.244396][ T5082] the existing dependency chain (in reverse order) is: [ 95.253401][ T5082] [ 95.253401][ T5082] -> #1 (&iint->mutex){+.+.}-{3:3}: [ 95.260791][ T5082] lock_acquire+0x1e1/0x520 [ 95.265810][ T5082] __mutex_lock_common+0x1d8/0x2530 [ 95.271528][ T5082] mutex_lock_nested+0x1b/0x20 [ 95.276809][ T5082] process_measurement+0x7c0/0x1ce0 [ 95.282541][ T5082] ima_file_check+0xf1/0x170 [ 95.287663][ T5082] path_openat+0x280a/0x3170 [ 95.292777][ T5082] do_filp_open+0x234/0x490 [ 95.297803][ T5082] do_sys_openat2+0x13f/0x500 [ 95.303004][ T5082] __x64_sys_openat+0x247/0x290 [ 95.308383][ T5082] do_syscall_64+0x41/0xc0 [ 95.313335][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.319760][ T5082] [ 95.319760][ T5082] -> #0 (sb_writers#4){.+.+}-{0:0}: [ 95.327163][ T5082] validate_chain+0x166b/0x58e0 [ 95.332552][ T5082] __lock_acquire+0x125b/0x1f80 [ 95.337924][ T5082] lock_acquire+0x1e1/0x520 [ 95.342959][ T5082] sb_start_write+0x4d/0x1c0 [ 95.348075][ T5082] mnt_want_write+0x3f/0x90 [ 95.353106][ T5082] ovl_maybe_copy_up+0x115/0x180 [ 95.358572][ T5082] ovl_open+0x10c/0x2b0 [ 95.363249][ T5082] do_dentry_open+0x7f9/0x10f0 [ 95.368537][ T5082] dentry_open+0xc5/0x120 [ 95.373387][ T5082] ima_calc_file_hash+0x15d/0x1c00 [ 95.379021][ T5082] ima_collect_measurement+0x3a7/0x880 [ 95.385017][ T5082] process_measurement+0xfdb/0x1ce0 [ 95.390744][ T5082] ima_file_check+0xf1/0x170 [ 95.395855][ T5082] path_openat+0x280a/0x3170 [ 95.400969][ T5082] do_filp_open+0x234/0x490 [ 95.405991][ T5082] do_sys_openat2+0x13f/0x500 [ 95.411206][ T5082] __x64_sys_openat+0x247/0x290 [ 95.416583][ T5082] do_syscall_64+0x41/0xc0 [ 95.421536][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.427960][ T5082] [ 95.427960][ T5082] other info that might help us debug this: [ 95.427960][ T5082] [ 95.438185][ T5082] Possible unsafe locking scenario: [ 95.438185][ T5082] [ 95.445640][ T5082] CPU0 CPU1 [ 95.451004][ T5082] ---- ---- [ 95.456367][ T5082] lock(&iint->mutex); [ 95.460541][ T5082] lock(sb_writers#4); [ 95.467231][ T5082] lock(&iint->mutex); [ 95.473917][ T5082] lock(sb_writers#4); [ 95.478087][ T5082] [ 95.478087][ T5082] *** DEADLOCK *** [ 95.478087][ T5082] [ 95.486242][ T5082] 1 lock held by syz-executor392/5082: [ 95.491718][ T5082] #0: ffff88801fe5ace0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c0/0x1ce0 [ 95.501566][ T5082] [ 95.501566][ T5082] stack backtrace: [ 95.507451][ T5082] CPU: 1 PID: 5082 Comm: syz-executor392 Not tainted 6.3.0-rc3-syzkaller-00012-g17214b70a159 #0 [ 95.517862][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 95.528615][ T5082] Call Trace: [ 95.531897][ T5082] [ 95.534834][ T5082] dump_stack_lvl+0x1e7/0x2d0 [ 95.539615][ T5082] ? nf_tcp_handle_invalid+0x650/0x650 [ 95.545177][ T5082] ? print_circular_bug+0x12b/0x1a0 [ 95.550413][ T5082] check_noncircular+0x2fe/0x3b0 [ 95.555362][ T5082] ? add_chain_block+0x850/0x850 [ 95.560303][ T5082] ? lockdep_lock+0x123/0x2b0 [ 95.564997][ T5082] ? _find_first_zero_bit+0xd4/0x100 [ 95.570292][ T5082] validate_chain+0x166b/0x58e0 [ 95.575148][ T5082] ? _raw_spin_unlock+0x40/0x40 [ 95.580023][ T5082] ? tomoyo_check_open_permission+0x3b7/0x4e0 [ 95.586103][ T5082] ? kasan_set_track+0x61/0x70 [ 95.590875][ T5082] ? reacquire_held_locks+0x660/0x660 [ 95.596259][ T5082] ? __kmem_cache_free+0x264/0x3c0 [ 95.601398][ T5082] ? tomoyo_check_open_permission+0x3b7/0x4e0 [ 95.607469][ T5082] ? security_file_open+0x63/0xa0 [ 95.612495][ T5082] ? do_dentry_open+0x308/0x10f0 [ 95.617439][ T5082] ? dentry_open+0xc5/0x120 [ 95.621947][ T5082] ? ima_calc_file_hash+0x15d/0x1c00 [ 95.627238][ T5082] ? ima_collect_measurement+0x3a7/0x880 [ 95.632877][ T5082] ? process_measurement+0xfdb/0x1ce0 [ 95.638254][ T5082] ? ima_file_check+0xf1/0x170 [ 95.643021][ T5082] ? path_openat+0x280a/0x3170 [ 95.647826][ T5082] ? do_filp_open+0x234/0x490 [ 95.652513][ T5082] ? do_sys_openat2+0x13f/0x500 [ 95.657386][ T5082] ? __x64_sys_openat+0x247/0x290 [ 95.662421][ T5082] ? do_syscall_64+0x41/0xc0 [ 95.667019][ T5082] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.673101][ T5082] ? mark_lock+0x9a/0x340 [ 95.677431][ T5082] ? mark_lock+0x9a/0x340 [ 95.681767][ T5082] __lock_acquire+0x125b/0x1f80 [ 95.686625][ T5082] lock_acquire+0x1e1/0x520 [ 95.691131][ T5082] ? mnt_want_write+0x3f/0x90 [ 95.695809][ T5082] ? read_lock_is_recursive+0x20/0x20 [ 95.701179][ T5082] ? smk_access+0x4b0/0x4b0 [ 95.705715][ T5082] ? __might_sleep+0xc0/0xc0 [ 95.710366][ T5082] ? smk_access+0x477/0x4b0 [ 95.714882][ T5082] sb_start_write+0x4d/0x1c0 [ 95.719480][ T5082] ? mnt_want_write+0x3f/0x90 [ 95.724168][ T5082] mnt_want_write+0x3f/0x90 [ 95.728757][ T5082] ovl_maybe_copy_up+0x115/0x180 [ 95.733718][ T5082] ovl_open+0x10c/0x2b0 [ 95.737880][ T5082] ? ovl_mmap+0x440/0x440 [ 95.742217][ T5082] ? fsnotify_perm+0x42f/0x590 [ 95.747000][ T5082] ? ovl_mmap+0x440/0x440 [ 95.751328][ T5082] do_dentry_open+0x7f9/0x10f0 [ 95.756124][ T5082] dentry_open+0xc5/0x120 [ 95.760483][ T5082] ima_calc_file_hash+0x15d/0x1c00 [ 95.765721][ T5082] ? ext4_get_inode_loc+0x14f/0x1a0 [ 95.770941][ T5082] ? check_xattrs+0xa67/0xbc0 [ 95.775628][ T5082] ? ima_alloc_tfm+0x310/0x310 [ 95.780398][ T5082] ? ext4_xattr_get+0x3ce/0x840 [ 95.785255][ T5082] ? __up_read+0x2bd/0x690 [ 95.789682][ T5082] ? up_read+0x20/0x20 [ 95.793797][ T5082] ? ext4_xattr_get+0x3ce/0x840 [ 95.798686][ T5082] ? ext4_initxattrs+0x110/0x110 [ 95.803647][ T5082] ? __vfs_getxattr+0x436/0x470 [ 95.808516][ T5082] ? vfs_getxattr+0x28e/0x2e0 [ 95.813234][ T5082] ? inode_query_iversion+0x183/0x200 [ 95.818609][ T5082] ? __vfs_getxattr+0x470/0x470 [ 95.823488][ T5082] ? inode_maybe_inc_iversion+0x1f0/0x1f0 [ 95.829234][ T5082] ? revert_creds+0x1a8/0x270 [ 95.833949][ T5082] ima_collect_measurement+0x3a7/0x880 [ 95.839427][ T5082] ? ima_get_action+0xb0/0xb0 [ 95.844117][ T5082] process_measurement+0xfdb/0x1ce0 [ 95.849326][ T5082] ? ima_file_mmap+0x2b0/0x2b0 [ 95.854093][ T5082] ? fsnotify_perm+0x428/0x590 [ 95.858857][ T5082] ? inode_to_bdi+0x69/0xe0 [ 95.863390][ T5082] ? file_ra_state_init+0x3c/0xb0 [ 95.868435][ T5082] ? ovl_open+0x16f/0x2b0 [ 95.872769][ T5082] ? do_raw_spin_unlock+0x13b/0x8b0 [ 95.877974][ T5082] ? smack_current_getsecid_subj+0x22/0xf0 [ 95.883825][ T5082] ima_file_check+0xf1/0x170 [ 95.888437][ T5082] ? do_dentry_open+0xc1d/0x10f0 [ 95.893409][ T5082] ? ima_bprm_check+0x2b0/0x2b0 [ 95.898309][ T5082] path_openat+0x280a/0x3170 [ 95.902955][ T5082] ? do_filp_open+0x490/0x490 [ 95.907660][ T5082] do_filp_open+0x234/0x490 [ 95.912215][ T5082] ? vfs_tmpfile+0x4a0/0x4a0 [ 95.916821][ T5082] ? _raw_spin_unlock+0x28/0x40 [ 95.921685][ T5082] ? alloc_fd+0x59c/0x640 [ 95.926028][ T5082] do_sys_openat2+0x13f/0x500 [ 95.930715][ T5082] ? print_irqtrace_events+0x220/0x220 [ 95.936179][ T5082] ? do_sys_open+0x230/0x230 [ 95.940779][ T5082] ? lockdep_hardirqs_on+0x98/0x140 [ 95.945999][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.951206][ T5082] ? ptrace_notify+0x278/0x380 [ 95.955978][ T5082] __x64_sys_openat+0x247/0x290 [ 95.960834][ T5082] ? __ia32_sys_open+0x270/0x270 [ 95.965779][ T5082] ? syscall_enter_from_user_mode+0x32/0x260 [ 95.971784][ T5082] ? syscall_enter_from_user_mode+0x8c/0x260 [ 95.977768][ T5082] do_syscall_64+0x41/0xc0 [ 95.982211][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.988169][ T5082] RIP: 0033:0x7fc31b6b8d29 [ 95.992603][ T5082] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 96.012218][ T5082] RSP: 002b:00007ffcecef4908 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 openat(6, "./file0", O_ACCMODE) = 7 exit_group(0) = ? +++ exited with 0 +++ [ 96.020729][ T5082] RAX: ffffffffffffffda RBX: 003065