[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.960065] [ 34.961821] ====================================================== [ 34.968354] WARNING: possible circular locking dependency detected [ 34.974671] 4.19.193-syzkaller #0 Not tainted [ 34.979145] ------------------------------------------------------ [ 34.985456] syz-executor508/8077 is trying to acquire lock: [ 34.991318] 000000007df356f2 (sb_writers#3){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 34.999044] [ 34.999044] but task is already holding lock: [ 35.005009] 0000000065534110 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 35.013151] [ 35.013151] which lock already depends on the new lock. [ 35.013151] [ 35.021461] [ 35.021461] the existing dependency chain (in reverse order) is: [ 35.029075] [ 35.029075] -> #1 (&iint->mutex){+.+.}: [ 35.034524] process_measurement+0x316/0x1440 [ 35.039637] ima_file_check+0xb9/0x100 [ 35.044172] path_openat+0x7e4/0x2df0 [ 35.048500] do_filp_open+0x18c/0x3f0 [ 35.052815] do_sys_open+0x3b3/0x520 [ 35.057210] do_syscall_64+0xf9/0x620 [ 35.061541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.067442] [ 35.067442] -> #0 (sb_writers#3){.+.+}: [ 35.072892] __sb_start_write+0x6e/0x2a0 [ 35.077472] mnt_want_write+0x3a/0xb0 [ 35.081787] ovl_maybe_copy_up+0x11f/0x190 [ 35.086822] ovl_open+0xb4/0x260 [ 35.090697] do_dentry_open+0x4aa/0x1160 [ 35.095615] dentry_open+0x132/0x1d0 [ 35.099830] ima_calc_file_hash+0x628/0x8a0 [ 35.104678] ima_collect_measurement+0x4c4/0x570 [ 35.109941] process_measurement+0xddd/0x1440 [ 35.114948] ima_file_check+0xb9/0x100 [ 35.119349] path_openat+0x7e4/0x2df0 [ 35.123687] do_filp_open+0x18c/0x3f0 [ 35.127988] do_sys_open+0x3b3/0x520 [ 35.132203] do_syscall_64+0xf9/0x620 [ 35.136526] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.142307] [ 35.142307] other info that might help us debug this: [ 35.142307] [ 35.150443] Possible unsafe locking scenario: [ 35.150443] [ 35.156489] CPU0 CPU1 [ 35.161134] ---- ---- [ 35.165779] lock(&iint->mutex); [ 35.169302] lock(sb_writers#3); [ 35.175266] lock(&iint->mutex); [ 35.181231] lock(sb_writers#3); [ 35.184664] [ 35.184664] *** DEADLOCK *** [ 35.184664] [ 35.190704] 1 lock held by syz-executor508/8077: [ 35.195435] #0: 0000000065534110 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 35.204016] [ 35.204016] stack backtrace: [ 35.208606] CPU: 0 PID: 8077 Comm: syz-executor508 Not tainted 4.19.193-syzkaller #0 [ 35.216468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.225806] Call Trace: [ 35.228396] dump_stack+0x1fc/0x2ef [ 35.232012] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.237795] __lock_acquire+0x30c9/0x3ff0 [ 35.241981] ? mark_held_locks+0xf0/0xf0 [ 35.246044] ? kmem_cache_alloc+0x122/0x370 [ 35.250466] ? mark_held_locks+0xf0/0xf0 [ 35.254521] ? path_openat+0x7e4/0x2df0 [ 35.258483] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.263835] ? fs_reclaim_release+0xd0/0x110 [ 35.268254] lock_acquire+0x170/0x3c0 [ 35.272056] ? mnt_want_write+0x3a/0xb0 [ 35.276028] __sb_start_write+0x6e/0x2a0 [ 35.280082] ? mnt_want_write+0x3a/0xb0 [ 35.284048] mnt_want_write+0x3a/0xb0 [ 35.287835] ovl_maybe_copy_up+0x11f/0x190 [ 35.292054] ovl_open+0xb4/0x260 [ 35.295497] do_dentry_open+0x4aa/0x1160 [ 35.299677] ? ovl_fsync+0x220/0x220 [ 35.303464] ? chown_common+0x550/0x550 [ 35.307436] ? percpu_counter_add_batch+0x126/0x180 [ 35.312434] dentry_open+0x132/0x1d0 [ 35.316147] ima_calc_file_hash+0x628/0x8a0 [ 35.320496] ? xattr_list_one+0x120/0x120 [ 35.324726] ima_collect_measurement+0x4c4/0x570 [ 35.329477] ? ima_get_action+0x90/0x90 [ 35.333542] ? ima_get_cache_status+0x1d0/0x1d0 [ 35.338268] process_measurement+0xddd/0x1440 [ 35.342751] ? ima_restore_measurement_entry+0x40/0x40 [ 35.348013] ? file_ra_state_init+0xc4/0x1e0 [ 35.352530] ? aa_get_task_label+0x1e6/0x7f0 [ 35.356920] ? lock_downgrade+0x720/0x720 [ 35.361051] ? check_preemption_disabled+0x41/0x280 [ 35.366051] ? check_preemption_disabled+0x41/0x280 [ 35.371054] ? aa_get_task_label+0x20d/0x7f0 [ 35.375441] ? revert_creds+0x326/0x450 [ 35.379395] ? aa_capable+0xb80/0xb80 [ 35.383280] ? ovl_open+0xca/0x260 [ 35.386807] ? apparmor_task_getsecid+0x88/0xc0 [ 35.391600] ima_file_check+0xb9/0x100 [ 35.395469] ? process_measurement+0x1440/0x1440 [ 35.400313] ? inode_permission+0x3d/0x140 [ 35.404531] path_openat+0x7e4/0x2df0 [ 35.408328] ? path_lookupat+0x8d0/0x8d0 [ 35.412380] ? mark_held_locks+0xf0/0xf0 [ 35.416618] ? mark_held_locks+0xf0/0xf0 [ 35.420873] ? mark_held_locks+0xf0/0xf0 [ 35.424927] do_filp_open+0x18c/0x3f0 [ 35.429598] ? may_open_dev+0xf0/0xf0 [ 35.433590] ? lock_downgrade+0x720/0x720 [ 35.437748] ? lock_acquire+0x170/0x3c0 [ 35.444006] ? __alloc_fd+0x34/0x570 [ 35.447723] ? do_raw_spin_unlock+0x171/0x230 [ 35.452228] ? _raw_spin_unlock+0x29/0x40 [ 35.456459] ? __alloc_fd+0x28d/0x570 [ 35.460248] do_sys_open+0x3b3/0x520 [ 35.463966] ? filp_open+0x70/0x70 [ 35.467508] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.473303] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.478313] ? do_syscall_64+0x21/0x620 [ 35.482391] do_syscall_64+0xf9/0x620 [ 35.486224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.491450] RIP: 0033:0x43ef79 [ 35.494728] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 6