[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.629735] [ 34.631404] ====================================================== [ 34.638202] WARNING: possible circular locking dependency detected [ 34.644504] 4.19.163-syzkaller #0 Not tainted [ 34.648975] ------------------------------------------------------ [ 34.655298] syz-executor298/8109 is trying to acquire lock: [ 34.661011] 00000000c523b108 (sb_writers#3){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 34.668498] [ 34.668498] but task is already holding lock: [ 34.674467] 00000000212af933 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 34.682622] [ 34.682622] which lock already depends on the new lock. [ 34.682622] [ 34.691202] [ 34.691202] the existing dependency chain (in reverse order) is: [ 34.698817] [ 34.698817] -> #1 (&iint->mutex){+.+.}: [ 34.704450] process_measurement+0x316/0x1440 [ 34.709446] ima_file_check+0xb9/0x100 [ 34.713873] path_openat+0x7e4/0x2df0 [ 34.718198] do_filp_open+0x18c/0x3f0 [ 34.722628] do_sys_open+0x3b3/0x520 [ 34.726854] do_syscall_64+0xf9/0x620 [ 34.731163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.737036] [ 34.737036] -> #0 (sb_writers#3){.+.+}: [ 34.744240] __sb_start_write+0x6e/0x2a0 [ 34.748954] mnt_want_write+0x3a/0xb0 [ 34.753377] ovl_maybe_copy_up+0x11f/0x190 [ 34.758478] ovl_open+0xb4/0x260 [ 34.762384] do_dentry_open+0x4aa/0x1160 [ 34.767548] dentry_open+0x132/0x1d0 [ 34.771800] ima_calc_file_hash+0x687/0x990 [ 34.776663] ima_collect_measurement+0x4c4/0x570 [ 34.782130] process_measurement+0xddd/0x1440 [ 34.787141] ima_file_check+0xb9/0x100 [ 34.793197] path_openat+0x7e4/0x2df0 [ 34.797786] do_filp_open+0x18c/0x3f0 [ 34.802099] do_sys_open+0x3b3/0x520 [ 34.806611] do_syscall_64+0xf9/0x620 [ 34.811623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.817636] [ 34.817636] other info that might help us debug this: [ 34.817636] [ 34.825991] Possible unsafe locking scenario: [ 34.825991] [ 34.832122] CPU0 CPU1 [ 34.836783] ---- ---- [ 34.841444] lock(&iint->mutex); [ 34.844883] lock(sb_writers#3); [ 34.850859] lock(&iint->mutex); [ 34.856813] lock(sb_writers#3); [ 34.860248] [ 34.860248] *** DEADLOCK *** [ 34.860248] [ 34.866831] 1 lock held by syz-executor298/8109: [ 34.873013] #0: 00000000212af933 (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 34.882632] [ 34.882632] stack backtrace: [ 34.887130] CPU: 0 PID: 8109 Comm: syz-executor298 Not tainted 4.19.163-syzkaller #0 [ 34.895189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.904972] Call Trace: [ 34.907567] dump_stack+0x1fc/0x2fe [ 34.911217] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 34.917277] __lock_acquire+0x30c9/0x3ff0 [ 34.921508] ? mark_held_locks+0xf0/0xf0 [ 34.925700] ? kmem_cache_alloc+0x122/0x370 [ 34.930187] ? mark_held_locks+0xf0/0xf0 [ 34.934552] ? path_openat+0x7e4/0x2df0 [ 34.938599] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.944334] ? fs_reclaim_release+0xd0/0x110 [ 34.949359] lock_acquire+0x170/0x3c0 [ 34.953321] ? mnt_want_write+0x3a/0xb0 [ 34.957298] __sb_start_write+0x6e/0x2a0 [ 34.961601] ? mnt_want_write+0x3a/0xb0 [ 34.965575] mnt_want_write+0x3a/0xb0 [ 34.969522] ovl_maybe_copy_up+0x11f/0x190 [ 34.973747] ovl_open+0xb4/0x260 [ 34.977253] do_dentry_open+0x4aa/0x1160 [ 34.982279] ? ovl_fsync+0x220/0x220 [ 34.986787] ? chown_common+0x550/0x550 [ 34.991316] ? percpu_counter_add_batch+0x126/0x180 [ 34.997060] dentry_open+0x132/0x1d0 [ 35.000764] ima_calc_file_hash+0x687/0x990 [ 35.005108] ? xattr_list_one+0x120/0x120 [ 35.009411] ima_collect_measurement+0x4c4/0x570 [ 35.014147] ? ima_get_action+0x90/0x90 [ 35.018193] ? ima_get_cache_status+0x1d0/0x1d0 [ 35.022851] process_measurement+0xddd/0x1440 [ 35.027343] ? ima_add_template_entry.cold+0x4d/0x4d [ 35.032538] ? file_ra_state_init+0xc4/0x1e0 [ 35.037044] ? aa_get_task_label+0x1e6/0x7f0 [ 35.041461] ? lock_downgrade+0x720/0x720 [ 35.045605] ? check_preemption_disabled+0x41/0x280 [ 35.050725] ? check_preemption_disabled+0x41/0x280 [ 35.056156] ? aa_get_task_label+0x20d/0x7f0 [ 35.060609] ? revert_creds+0x326/0x450 [ 35.064648] ? aa_capable+0xb80/0xb80 [ 35.068551] ? ovl_open+0xca/0x260 [ 35.072103] ? apparmor_task_getsecid+0x88/0xc0 [ 35.076870] ima_file_check+0xb9/0x100 [ 35.080844] ? process_measurement+0x1440/0x1440 [ 35.085885] ? inode_permission+0x3d/0x140 [ 35.090280] path_openat+0x7e4/0x2df0 [ 35.094088] ? path_lookupat+0x8d0/0x8d0 [ 35.098302] ? mark_held_locks+0xf0/0xf0 [ 35.102352] ? mark_held_locks+0xf0/0xf0 [ 35.106392] ? __lock_acquire+0x6de/0x3ff0 [ 35.110713] do_filp_open+0x18c/0x3f0 [ 35.114493] ? may_open_dev+0xf0/0xf0 [ 35.118555] ? lock_downgrade+0x720/0x720 [ 35.122682] ? lock_acquire+0x170/0x3c0 [ 35.126638] ? __alloc_fd+0x34/0x570 [ 35.130351] ? do_raw_spin_unlock+0x171/0x230 [ 35.135119] ? _raw_spin_unlock+0x29/0x40 [ 35.139357] ? __alloc_fd+0x28d/0x570 [ 35.143148] do_sys_open+0x3b3/0x520 [ 35.146842] ? filp_open+0x70/0x70 [ 35.150898] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.156262] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.161269] ? do_syscall_64+0x21/0x620 [ 35.165320] do_syscall_64+0xf9/0x620 [ 35.169101] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.174362] RIP: 0033:0x440399 [ 35.177534] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.198224] RSP: 002b:00007ffff9391b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 35.205934] RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 0000000000440399 [ 35.213585] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000040 [ 35.221453] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 35.228899] R10: 0000000020000300 R11