Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.987971] audit: type=1400 audit(1593327244.921:8): avc: denied { execmem } for pid=6456 comm="syz-executor152" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 38.007844] [ 38.009528] ====================================================== [ 38.015823] WARNING: possible circular locking dependency detected [ 38.022117] 4.19.130-syzkaller #0 Not tainted [ 38.026635] ------------------------------------------------------ [ 38.032926] syz-executor152/6456 is trying to acquire lock: [ 38.038607] 00000000aff70836 (sb_writers#3){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 38.046040] [ 38.046040] but task is already holding lock: [ 38.051982] 00000000c96c2814 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 38.060103] [ 38.060103] which lock already depends on the new lock. [ 38.060103] [ 38.068395] [ 38.068395] the existing dependency chain (in reverse order) is: [ 38.076032] [ 38.076032] -> #1 (&iint->mutex){+.+.}: [ 38.081471] process_measurement+0x316/0x1440 [ 38.086461] ima_file_check+0xb9/0x100 [ 38.090879] path_openat+0x7e4/0x2df0 [ 38.095174] do_filp_open+0x18c/0x3f0 [ 38.099482] do_sys_open+0x3b3/0x520 [ 38.103696] do_syscall_64+0xf9/0x620 [ 38.107996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.113678] [ 38.113678] -> #0 (sb_writers#3){.+.+}: [ 38.119116] __sb_start_write+0x1f3/0x350 [ 38.123761] mnt_want_write+0x3a/0xb0 [ 38.128058] ovl_maybe_copy_up+0x11f/0x190 [ 38.132828] ovl_open+0xb4/0x350 [ 38.136688] do_dentry_open+0x4aa/0x1160 [ 38.141243] dentry_open+0x132/0x1d0 [ 38.145456] ima_calc_file_hash+0x687/0x990 [ 38.150290] ima_collect_measurement+0x4c4/0x570 [ 38.155540] process_measurement+0xddd/0x1440 [ 38.160531] ima_file_check+0xb9/0x100 [ 38.164913] path_openat+0x7e4/0x2df0 [ 38.169206] do_filp_open+0x18c/0x3f0 [ 38.173500] do_sys_open+0x3b3/0x520 [ 38.177707] do_syscall_64+0xf9/0x620 [ 38.182003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.187681] [ 38.187681] other info that might help us debug this: [ 38.187681] [ 38.195794] Possible unsafe locking scenario: [ 38.195794] [ 38.201822] CPU0 CPU1 [ 38.206458] ---- ---- [ 38.211095] lock(&iint->mutex); [ 38.214520] lock(sb_writers#3); [ 38.220462] lock(&iint->mutex); [ 38.226402] lock(sb_writers#3); [ 38.229826] [ 38.229826] *** DEADLOCK *** [ 38.229826] [ 38.235859] 1 lock held by syz-executor152/6456: [ 38.240594] #0: 00000000c96c2814 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 38.249173] [ 38.249173] stack backtrace: [ 38.253655] CPU: 0 PID: 6456 Comm: syz-executor152 Not tainted 4.19.130-syzkaller #0 [ 38.261507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.270865] Call Trace: [ 38.273437] dump_stack+0x1fc/0x2fe [ 38.277041] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 38.282816] __lock_acquire+0x30c9/0x3ff0 [ 38.286944] ? mark_held_locks+0xf0/0xf0 [ 38.290981] ? ima_calc_file_hash+0x687/0x990 [ 38.295453] ? ima_collect_measurement+0x4c4/0x570 [ 38.300357] ? process_measurement+0xddd/0x1440 [ 38.305001] ? do_syscall_64+0xf9/0x620 [ 38.308949] ? ima_file_check+0xb9/0x100 [ 38.312985] ? path_openat+0x7e4/0x2df0 [ 38.316965] lock_acquire+0x170/0x3c0 [ 38.320760] ? mnt_want_write+0x3a/0xb0 [ 38.324709] __sb_start_write+0x1f3/0x350 [ 38.328827] ? mnt_want_write+0x3a/0xb0 [ 38.332775] mnt_want_write+0x3a/0xb0 [ 38.336551] ovl_maybe_copy_up+0x11f/0x190 [ 38.340759] ovl_open+0xb4/0x350 [ 38.344102] do_dentry_open+0x4aa/0x1160 [ 38.348135] ? ovl_mmap+0x2e0/0x2e0 [ 38.351737] ? chown_common+0x550/0x550 [ 38.356490] ? percpu_counter_add_batch+0x126/0x180 [ 38.361483] dentry_open+0x132/0x1d0 [ 38.365173] ima_calc_file_hash+0x687/0x990 [ 38.369469] ? xattr_list_one+0x120/0x120 [ 38.373593] ima_collect_measurement+0x4c4/0x570 [ 38.378349] ? ima_get_action+0x90/0x90 [ 38.382299] ? ima_get_cache_status+0x1d0/0x1d0 [ 38.386943] process_measurement+0xddd/0x1440 [ 38.391414] ? ima_add_template_entry.cold+0x4d/0x4d [ 38.396492] ? mark_held_locks+0xf0/0xf0 [ 38.400528] ? file_ra_state_init+0xc4/0x1e0 [ 38.404910] ? do_dentry_open+0xb22/0x1160 [ 38.409119] ? chown_common+0x550/0x550 [ 38.413069] ? selinux_task_getsecid+0x160/0x2c0 [ 38.417802] ? lock_downgrade+0x720/0x720 [ 38.421923] ? check_preemption_disabled+0x41/0x280 [ 38.426911] ? check_preemption_disabled+0x41/0x280 [ 38.431914] ? selinux_task_getsecid+0x187/0x2c0 [ 38.436644] ima_file_check+0xb9/0x100 [ 38.440504] ? process_measurement+0x1440/0x1440 [ 38.445233] ? inode_permission+0x3d/0x140 [ 38.449441] path_openat+0x7e4/0x2df0 [ 38.453217] ? path_lookupat+0x8d0/0x8d0 [ 38.457254] ? mark_held_locks+0xf0/0xf0 [ 38.461292] do_filp_open+0x18c/0x3f0 [ 38.465066] ? may_open_dev+0xf0/0xf0 [ 38.468849] ? lock_downgrade+0x720/0x720 [ 38.472969] ? lock_acquire+0x170/0x3c0 [ 38.476916] ? __alloc_fd+0x34/0x570 [ 38.480604] ? do_raw_spin_unlock+0x171/0x230 [ 38.485073] ? _raw_spin_unlock+0x29/0x40 [ 38.489196] ? __alloc_fd+0x28d/0x570 [ 38.492971] do_sys_open+0x3b3/0x520 [ 38.496658] ? filp_open+0x70/0x70 [ 38.500175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.505011] ? trace_hardirqs_off_caller+0x69/0x210 [ 38.510001] ? do_syscall_64+0x21/0x620 [ 38.513949] do_syscall_64+0xf9/0x620 [ 38.517725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.522887] RIP: 0033:0x440399 [ 38.526058] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff