Starting System Logging Service... [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.467340] [ 32.468971] ====================================================== [ 32.475287] WARNING: possible circular locking dependency detected [ 32.481604] 4.19.206-syzkaller #0 Not tainted [ 32.486079] ------------------------------------------------------ [ 32.492375] syz-executor678/8093 is trying to acquire lock: [ 32.498071] 000000006df09afe (sb_writers#3){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 32.505510] [ 32.505510] but task is already holding lock: [ 32.511468] 00000000d5b3aa6b (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 32.519679] [ 32.519679] which lock already depends on the new lock. [ 32.519679] [ 32.527969] [ 32.527969] the existing dependency chain (in reverse order) is: [ 32.535563] [ 32.535563] -> #1 (&iint->mutex){+.+.}: [ 32.541002] process_measurement+0x316/0x1440 [ 32.546004] ima_file_check+0xb9/0x100 [ 32.550392] path_openat+0x7e4/0x2df0 [ 32.554689] do_filp_open+0x18c/0x3f0 [ 32.558988] do_sys_open+0x3b3/0x520 [ 32.563202] do_syscall_64+0xf9/0x620 [ 32.567512] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.573194] [ 32.573194] -> #0 (sb_writers#3){.+.+}: [ 32.578638] __sb_start_write+0x6e/0x2a0 [ 32.583195] mnt_want_write+0x3a/0xb0 [ 32.587580] ovl_maybe_copy_up+0x11f/0x190 [ 32.592313] ovl_open+0xb4/0x260 [ 32.596186] do_dentry_open+0x4aa/0x1160 [ 32.600741] dentry_open+0x132/0x1d0 [ 32.604973] ima_calc_file_hash+0x628/0x8a0 [ 32.609798] ima_collect_measurement+0x4c4/0x570 [ 32.615073] process_measurement+0xddd/0x1440 [ 32.620093] ima_file_check+0xb9/0x100 [ 32.624500] path_openat+0x7e4/0x2df0 [ 32.628824] do_filp_open+0x18c/0x3f0 [ 32.633145] do_sys_open+0x3b3/0x520 [ 32.637466] do_syscall_64+0xf9/0x620 [ 32.641780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.647469] [ 32.647469] other info that might help us debug this: [ 32.647469] [ 32.655603] Possible unsafe locking scenario: [ 32.655603] [ 32.661640] CPU0 CPU1 [ 32.666284] ---- ---- [ 32.670923] lock(&iint->mutex); [ 32.674356] lock(sb_writers#3); [ 32.680305] lock(&iint->mutex); [ 32.686250] lock(sb_writers#3); [ 32.689677] [ 32.689677] *** DEADLOCK *** [ 32.689677] [ 32.695714] 1 lock held by syz-executor678/8093: [ 32.700452] #0: 00000000d5b3aa6b (&iint->mutex){+.+.}, at: process_measurement+0x316/0x1440 [ 32.709131] [ 32.709131] stack backtrace: [ 32.713610] CPU: 1 PID: 8093 Comm: syz-executor678 Not tainted 4.19.206-syzkaller #0 [ 32.721466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.730923] Call Trace: [ 32.733496] dump_stack+0x1fc/0x2ef [ 32.737102] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 32.742880] __lock_acquire+0x30c9/0x3ff0 [ 32.747008] ? mark_held_locks+0xf0/0xf0 [ 32.751047] ? kmem_cache_alloc+0x122/0x370 [ 32.755353] ? mark_held_locks+0xf0/0xf0 [ 32.759393] ? path_openat+0x7e4/0x2df0 [ 32.763348] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.768690] ? fs_reclaim_release+0xd0/0x110 [ 32.773078] lock_acquire+0x170/0x3c0 [ 32.776969] ? mnt_want_write+0x3a/0xb0 [ 32.780932] __sb_start_write+0x6e/0x2a0 [ 32.784970] ? mnt_want_write+0x3a/0xb0 [ 32.788927] mnt_want_write+0x3a/0xb0 [ 32.792713] ovl_maybe_copy_up+0x11f/0x190 [ 32.796931] ovl_open+0xb4/0x260 [ 32.800273] do_dentry_open+0x4aa/0x1160 [ 32.804316] ? ovl_fsync+0x220/0x220 [ 32.808026] ? chown_common+0x550/0x550 [ 32.811978] ? percpu_counter_add_batch+0x126/0x180 [ 32.816970] dentry_open+0x132/0x1d0 [ 32.820670] ima_calc_file_hash+0x628/0x8a0 [ 32.824976] ? xattr_list_one+0x120/0x120 [ 32.829099] ima_collect_measurement+0x4c4/0x570 [ 32.833830] ? ima_get_action+0x90/0x90 [ 32.837781] ? ima_get_cache_status+0x1d0/0x1d0 [ 32.842434] process_measurement+0xddd/0x1440 [ 32.847078] ? ima_restore_measurement_entry+0x40/0x40 [ 32.852329] ? file_ra_state_init+0xc4/0x1e0 [ 32.856724] ? aa_get_task_label+0x1e6/0x7f0 [ 32.861163] ? lock_downgrade+0x720/0x720 [ 32.865300] ? check_preemption_disabled+0x41/0x280 [ 32.870300] ? check_preemption_disabled+0x41/0x280 [ 32.875299] ? aa_get_task_label+0x20d/0x7f0 [ 32.879695] ? revert_creds+0x326/0x450 [ 32.883643] ? aa_capable+0xb80/0xb80 [ 32.887425] ? ovl_open+0xca/0x260 [ 32.890944] ? apparmor_task_getsecid+0x88/0xc0 [ 32.895611] ima_file_check+0xb9/0x100 [ 32.899489] ? process_measurement+0x1440/0x1440 [ 32.904235] ? inode_permission+0x3d/0x140 [ 32.908446] path_openat+0x7e4/0x2df0 [ 32.912229] ? path_lookupat+0x8d0/0x8d0 [ 32.916273] ? mark_held_locks+0xf0/0xf0 [ 32.920306] ? __lock_acquire+0x6de/0x3ff0 [ 32.924516] do_filp_open+0x18c/0x3f0 [ 32.928291] ? may_open_dev+0xf0/0xf0 [ 32.932081] ? lock_downgrade+0x720/0x720 [ 32.936204] ? lock_acquire+0x170/0x3c0 [ 32.940169] ? __alloc_fd+0x34/0x570 [ 32.944033] ? do_raw_spin_unlock+0x171/0x230 [ 32.948503] ? _raw_spin_unlock+0x29/0x40 [ 32.952623] ? __alloc_fd+0x28d/0x570 [ 32.956405] do_sys_open+0x3b3/0x520 [ 32.960097] ? filp_open+0x70/0x70 [ 32.963612] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.968951] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.973946] ? do_syscall_64+0x21/0x620 [ 32.977895] do_syscall_64+0xf9/0x620 [ 32.981676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.986848] RIP: 0033:0x43ef59 [ 32.990019] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.008902] RSP: 002b:00007ffc9de5ecc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 33.016594] RAX: ffffffffffffffda