[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.313023][ T6821] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 56.313045][ T6823] [ 56.329520][ T6823] ====================================================== [ 56.336526][ T6823] WARNING: possible circular locking dependency detected [ 56.343543][ T6823] 5.8.0-rc2-next-20200626-syzkaller #0 Not tainted [ 56.350134][ T6823] ------------------------------------------------------ [ 56.350199][ T28] audit: type=1804 audit(1593330407.259:2): pid=6822 uid=0 auid=0 ses=5 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor074" name="/root/bus/file0" dev="overlay" ino=15709 res=1 [ 56.357487][ T6823] syz-executor074/6823 is trying to acquire lock: [ 56.357497][ T6823] ffff8880a7df9e00 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x363/0x1760 [ 56.392809][ T6823] [ 56.392809][ T6823] but task is already holding lock: [ 56.400435][ T6823] ffff888214ab4450 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 [ 56.409111][ T6823] [ 56.409111][ T6823] which lock already depends on the new lock. [ 56.409111][ T6823] [ 56.419489][ T6823] [ 56.419489][ T6823] the existing dependency chain (in reverse order) is: [ 56.428738][ T6823] [ 56.428738][ T6823] -> #1 (sb_writers#4){.+.+}-{0:0}: [ 56.436733][ T6823] __sb_start_write+0x234/0x470 [ 56.442441][ T6823] mnt_want_write+0x3a/0xb0 [ 56.447451][ T6823] ovl_maybe_copy_up+0x11f/0x190 [ 56.452890][ T6823] ovl_open+0xba/0x270 [ 56.457469][ T6823] do_dentry_open+0x4b9/0x11b0 [ 56.462738][ T6823] dentry_open+0x132/0x1d0 [ 56.467664][ T6823] ima_calc_file_hash+0x32b/0x570 [ 56.473180][ T6823] ima_collect_measurement+0x4ca/0x570 [ 56.479130][ T6823] process_measurement+0xca6/0x1760 [ 56.484847][ T6823] ima_file_check+0xb9/0x100 [ 56.489932][ T6823] path_openat+0x156c/0x2750 [ 56.495187][ T6823] do_filp_open+0x17e/0x3c0 [ 56.500211][ T6823] do_sys_openat2+0x16f/0x3b0 [ 56.505379][ T6823] __x64_sys_open+0x119/0x1c0 [ 56.510641][ T6823] do_syscall_64+0x60/0xe0 [ 56.515559][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.521946][ T6823] [ 56.521946][ T6823] -> #0 (&iint->mutex){+.+.}-{3:3}: [ 56.529916][ T6823] __lock_acquire+0x2acb/0x56e0 [ 56.535268][ T6823] lock_acquire+0x1f1/0xad0 [ 56.540294][ T6823] __mutex_lock+0x134/0x10d0 [ 56.545384][ T6823] process_measurement+0x363/0x1760 [ 56.551094][ T6823] ima_file_check+0xb9/0x100 [ 56.556292][ T6823] path_openat+0x156c/0x2750 [ 56.561397][ T6823] do_filp_open+0x17e/0x3c0 [ 56.566424][ T6823] do_sys_openat2+0x16f/0x3b0 [ 56.571696][ T6823] __x64_sys_openat+0x13f/0x1f0 [ 56.577043][ T6823] do_syscall_64+0x60/0xe0 [ 56.581975][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.588442][ T6823] [ 56.588442][ T6823] other info that might help us debug this: [ 56.588442][ T6823] [ 56.599462][ T6823] Possible unsafe locking scenario: [ 56.599462][ T6823] [ 56.606891][ T6823] CPU0 CPU1 [ 56.612240][ T6823] ---- ---- [ 56.617579][ T6823] lock(sb_writers#4); [ 56.621814][ T6823] lock(&iint->mutex); [ 56.628472][ T6823] lock(sb_writers#4); [ 56.635117][ T6823] lock(&iint->mutex); [ 56.639536][ T6823] [ 56.639536][ T6823] *** DEADLOCK *** [ 56.639536][ T6823] [ 56.647934][ T6823] 1 lock held by syz-executor074/6823: [ 56.654180][ T6823] #0: ffff888214ab4450 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 [ 56.663444][ T6823] [ 56.663444][ T6823] stack backtrace: [ 56.669852][ T6823] CPU: 0 PID: 6823 Comm: syz-executor074 Not tainted 5.8.0-rc2-next-20200626-syzkaller #0 [ 56.679726][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.689752][ T6823] Call Trace: [ 56.693023][ T6823] dump_stack+0x18f/0x20d [ 56.697373][ T6823] check_noncircular+0x324/0x3e0 [ 56.703438][ T6823] ? print_circular_bug+0x3a0/0x3a0 [ 56.708695][ T6823] ? __bpf_address_lookup+0x290/0x290 [ 56.714042][ T6823] ? lock_repin_lock+0x450/0x450 [ 56.718950][ T6823] ? mark_lock+0xbc/0x1710 [ 56.723353][ T6823] __lock_acquire+0x2acb/0x56e0 [ 56.728176][ T6823] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.734127][ T6823] ? mark_lock+0xbc/0x1710 [ 56.738514][ T6823] lock_acquire+0x1f1/0xad0 [ 56.742992][ T6823] ? process_measurement+0x363/0x1760 [ 56.748336][ T6823] ? lock_release+0x8d0/0x8d0 [ 56.752985][ T6823] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.758944][ T6823] ? ima_collect_measurement.cold+0x1d/0x1d [ 56.764813][ T6823] ? lock_is_held_type+0xb0/0xe0 [ 56.769738][ T6823] __mutex_lock+0x134/0x10d0 [ 56.774326][ T6823] ? process_measurement+0x363/0x1760 [ 56.779844][ T6823] ? lock_downgrade+0x820/0x820 [ 56.784668][ T6823] ? process_measurement+0x363/0x1760 [ 56.790013][ T6823] ? mutex_lock_io_nested+0xf60/0xf60 [ 56.795373][ T6823] ? up_write+0x191/0x560 [ 56.799687][ T6823] ? downgrade_write+0x3a0/0x3a0 [ 56.804609][ T6823] ? do_raw_read_unlock+0x3b/0x70 [ 56.809612][ T6823] ? _raw_read_unlock+0x24/0x40 [ 56.814438][ T6823] ? integrity_iint_find+0x123/0x150 [ 56.819694][ T6823] process_measurement+0x363/0x1760 [ 56.824874][ T6823] ? mmap_violation_check+0x1e0/0x1e0 [ 56.830217][ T6823] ? lock_downgrade+0x820/0x820 [ 56.835038][ T6823] ? do_raw_spin_lock+0x120/0x2b0 [ 56.840032][ T6823] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.845980][ T6823] ? rwlock_bug.part.0+0x90/0x90 [ 56.850903][ T6823] ? dquot_initialize_needed+0x290/0x290 [ 56.856506][ T6823] ? lock_acquire+0x1f1/0xad0 [ 56.861167][ T6823] ? aa_get_label_rcu+0x400/0x400 [ 56.866161][ T6823] ? find_held_lock+0x2d/0x110 [ 56.870896][ T6823] ? aa_get_task_label+0x25d/0x540 [ 56.875981][ T6823] ? lock_downgrade+0x820/0x820 [ 56.880802][ T6823] ? ext4_file_open+0x1d0/0x6b0 [ 56.885624][ T6823] ? ext4_dio_write_end_io+0x100/0x100 [ 56.891144][ T6823] ? aa_get_task_label+0x27f/0x540 [ 56.896253][ T6823] ? apparmor_task_getsecid+0xc2/0x110 [ 56.901686][ T6823] ima_file_check+0xb9/0x100 [ 56.906250][ T6823] ? process_measurement+0x1760/0x1760 [ 56.911682][ T6823] path_openat+0x156c/0x2750 [ 56.916243][ T6823] ? path_lookupat+0x830/0x830 [ 56.920978][ T6823] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.926933][ T6823] ? lock_is_held_type+0xb0/0xe0 [ 56.931844][ T6823] do_filp_open+0x17e/0x3c0 [ 56.936321][ T6823] ? may_open_dev+0xf0/0xf0 [ 56.940795][ T6823] ? do_raw_spin_lock+0x120/0x2b0 [ 56.945790][ T6823] ? rwlock_bug.part.0+0x90/0x90 [ 56.950715][ T6823] ? _raw_spin_unlock+0x24/0x40 [ 56.955537][ T6823] ? __alloc_fd+0x28d/0x600 [ 56.960023][ T6823] do_sys_openat2+0x16f/0x3b0 [ 56.964674][ T6823] ? finish_task_switch+0x147/0x750 [ 56.969931][ T6823] ? build_open_flags+0x650/0x650 [ 56.974928][ T6823] ? lock_acquire+0x1f1/0xad0 [ 56.979589][ T6823] ? calculate_sigpending+0x42/0xa0 [ 56.984759][ T6823] ? find_held_lock+0x2d/0x110 [ 56.989512][ T6823] __x64_sys_openat+0x13f/0x1f0 [ 56.994349][ T6823] ? __ia32_sys_open+0x1c0/0x1c0 [ 56.999265][ T6823] ? lock_is_held_type+0xb0/0xe0 [ 57.004190][ T6823] ? do_syscall_64+0x1c/0xe0 [ 57.008753][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.014704][ T6823] d