./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1207067579 <...> Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. execve("./syz-executor1207067579", ["./syz-executor1207067579"], 0x7fffaa6272a0 /* 10 vars */) = 0 brk(NULL) = 0x555592993000 brk(0x555592993d00) = 0x555592993d00 arch_prctl(ARCH_SET_FS, 0x555592993380) = 0 set_tid_address(0x555592993650) = 5062 set_robust_list(0x555592993660, 24) = 0 rseq(0x555592993ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1207067579", 4096) = 28 getrandom("\x76\xab\xab\x81\xda\x6a\xb1\x1d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555592993d00 brk(0x5555929b4d00) = 0x5555929b4d00 brk(0x5555929b5000) = 0x5555929b5000 mprotect(0x7f0a7736e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a6ee00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7f0a6ee00000, 138412032) = 0 [ 79.523801][ T28] audit: type=1400 audit(1713107134.989:87): avc: denied { execmem } for pid=5062 comm="syz-executor120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 79.582528][ T28] audit: type=1400 audit(1713107135.049:88): avc: denied { read write } for pid=5062 comm="syz-executor120" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.586834][ T5062] loop0: detected capacity change from 0 to 64 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 79.614770][ T28] audit: type=1400 audit(1713107135.049:89): avc: denied { open } for pid=5062 comm="syz-executor120" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.614829][ T28] audit: type=1400 audit(1713107135.049:90): avc: denied { ioctl } for pid=5062 comm="syz-executor120" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 mount("/dev/loop0", "./file1", "hfs", MS_REC|MS_POSIXACL, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 79.688739][ T28] audit: type=1400 audit(1713107135.149:91): avc: denied { mounton } for pid=5062 comm="syz-executor120" path="/root/file1" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 79.710897][ T5062] hfs: unable to locate alternate MDB [ 79.717422][ T5062] hfs: continuing without an alternate MDB chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 79.729012][ T28] audit: type=1400 audit(1713107135.199:92): avc: denied { mount } for pid=5062 comm="syz-executor120" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 79.755692][ T28] audit: type=1800 audit(1713107135.219:93): pid=5062 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor120" name="file2" dev="loop0" ino=19 res=0 errno=0 [ 79.774991][ T5062] [ 79.781038][ T5062] ============================================ [ 79.787734][ T5062] WARNING: possible recursive locking detected [ 79.794258][ T5062] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 79.801132][ T5062] -------------------------------------------- [ 79.807649][ T5062] syz-executor120/5062 is trying to acquire lock: [ 79.814147][ T5062] ffff88807fc020b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 79.823604][ T5062] [ 79.823604][ T5062] but task is already holding lock: [ 79.830979][ T5062] ffff88807fc020b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 79.840526][ T5062] [ 79.840526][ T5062] other info that might help us debug this: [ 79.848579][ T5062] Possible unsafe locking scenario: [ 79.848579][ T5062] [ 79.856114][ T5062] CPU0 [ 79.859384][ T5062] ---- [ 79.862652][ T5062] lock(&tree->tree_lock/1); [ 79.867334][ T5062] lock(&tree->tree_lock/1); [ 79.872009][ T5062] [ 79.872009][ T5062] *** DEADLOCK *** [ 79.872009][ T5062] [ 79.880344][ T5062] May be due to missing lock nesting notation [ 79.880344][ T5062] [ 79.889364][ T5062] 5 locks held by syz-executor120/5062: [ 79.895359][ T5062] #0: ffff88802a5d4420 (sb_writers#10){.+.+}-{0:0}, at: ksys_write+0x12f/0x260 [ 79.904440][ T5062] #1: ffff888029c91ca8 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: generic_file_write_iter+0x92/0x350 [ 79.915858][ T5062] #2: ffff888029c91af8 (&HFS_I(inode)->extents_lock#2){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 79.926747][ T5062] #3: ffff88807fc020b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 79.936506][ T5062] #4: ffff888029c900f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 79.947662][ T5062] [ 79.947662][ T5062] stack backtrace: [ 79.953547][ T5062] CPU: 1 PID: 5062 Comm: syz-executor120 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 79.964041][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 79.976474][ T5062] Call Trace: [ 79.979785][ T5062] [ 79.982944][ T5062] dump_stack_lvl+0x116/0x1f0 [ 79.988021][ T5062] __lock_acquire+0x20e6/0x3b30 [ 79.993094][ T5062] ? __pfx___lock_acquire+0x10/0x10 [ 79.998499][ T5062] ? hfs_find_init+0x95/0x220 [ 80.004518][ T5062] ? kasan_save_stack+0x42/0x60 [ 80.009481][ T5062] ? kasan_save_stack+0x33/0x60 [ 80.014350][ T5062] ? kasan_save_track+0x14/0x30 [ 80.019225][ T5062] ? __kasan_kmalloc+0xaa/0xb0 [ 80.024008][ T5062] ? __kmalloc+0x1f9/0x440 [ 80.028448][ T5062] lock_acquire+0x1b1/0x540 [ 80.032971][ T5062] ? hfs_find_init+0x183/0x220 [ 80.037740][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 80.042770][ T5062] ? __pfx___might_resched+0x10/0x10 [ 80.048058][ T5062] __mutex_lock+0x175/0x9c0 [ 80.052589][ T5062] ? hfs_find_init+0x183/0x220 [ 80.057368][ T5062] ? hfs_find_init+0x183/0x220 [ 80.062137][ T5062] ? __pfx___mutex_lock+0x10/0x10 [ 80.067965][ T5062] ? rcu_is_watching+0x12/0xc0 [ 80.074492][ T5062] ? trace_kmalloc+0x2d/0xc0 [ 80.079106][ T5062] ? __kmalloc+0x218/0x440 [ 80.083755][ T5062] ? hfs_find_init+0x183/0x220 [ 80.088642][ T5062] hfs_find_init+0x183/0x220 [ 80.093613][ T5062] hfs_ext_read_extent+0x19c/0x9e0 [ 80.099041][ T5062] ? __pfx___mutex_lock+0x10/0x10 [ 80.104178][ T5062] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 80.109831][ T5062] hfs_extend_file+0x4e4/0xb10 [ 80.114595][ T5062] ? __pfx_hfs_extend_file+0x10/0x10 [ 80.119884][ T5062] ? __pfx___mutex_lock+0x10/0x10 [ 80.124934][ T5062] hfs_bmap_reserve+0x29c/0x380 [ 80.129812][ T5062] __hfs_ext_write_extent+0x3cf/0x520 [ 80.135183][ T5062] ? hfs_find_init+0x183/0x220 [ 80.139960][ T5062] hfs_ext_read_extent+0x809/0x9e0 [ 80.145079][ T5062] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 80.150732][ T5062] ? clean_bdev_aliases+0x51a/0x620 [ 80.155944][ T5062] hfs_extend_file+0x4e4/0xb10 [ 80.160708][ T5062] ? __pfx_lock_release+0x10/0x10 [ 80.165745][ T5062] ? __pfx_hfs_extend_file+0x10/0x10 [ 80.171029][ T5062] hfs_get_block+0x17f/0x830 [ 80.175621][ T5062] ? __pfx_hfs_get_block+0x10/0x10 [ 80.180742][ T5062] __block_write_begin_int+0x4fb/0x16e0 [ 80.186299][ T5062] ? __pfx_hfs_get_block+0x10/0x10 [ 80.191409][ T5062] ? __pfx___block_write_begin_int+0x10/0x10 [ 80.197594][ T5062] block_write_begin+0xb1/0x4a0 [ 80.202462][ T5062] ? __pfx_hfs_get_block+0x10/0x10 [ 80.207591][ T5062] cont_write_begin+0x53d/0x740 [ 80.212519][ T5062] ? __pfx_hfs_get_block+0x10/0x10 [ 80.217636][ T5062] ? __pfx_cont_write_begin+0x10/0x10 [ 80.223019][ T5062] ? fault_in_readable+0x150/0x200 [ 80.228132][ T5062] ? __pfx_fault_in_readable+0x10/0x10 [ 80.233683][ T5062] hfs_write_begin+0x87/0x150 [ 80.238362][ T5062] ? __pfx_hfs_get_block+0x10/0x10 [ 80.243469][ T5062] generic_perform_write+0x272/0x620 [ 80.248760][ T5062] ? __pfx_generic_perform_write+0x10/0x10 [ 80.254575][ T5062] ? generic_write_checks+0x2f3/0x460 [ 80.260066][ T5062] __generic_file_write_iter+0x1fd/0x240 [ 80.271538][ T5062] generic_file_write_iter+0xe7/0x350 [ 80.276919][ T5062] vfs_write+0x6db/0x1100 [ 80.281528][ T5062] ? __pfx_vfs_write+0x10/0x10 [ 80.287438][ T5062] ? find_held_lock+0x2d/0x110 [ 80.292535][ T5062] ? __pfx_lock_release+0x10/0x10 [ 80.298734][ T5062] ? __fget_light+0x176/0x210 [ 80.303912][ T5062] ksys_write+0x12f/0x260 [ 80.308510][ T5062] ? __pfx_ksys_write+0x10/0x10 [ 80.313361][ T5062] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.318567][ T5062] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.323792][ T5062] ? ptrace_notify+0xf1/0x130 [ 80.328476][ T5062] do_syscall_64+0xd2/0x260 [ 80.333086][ T5062] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 80.338988][ T5062] RIP: 0033:0x7f0a772fb679 [ 80.343514][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.363923][ T5062] RSP: 002b:00007ffc5fa95378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 80.372351][ T5062] RAX: ffffffffffffffda RBX: 00007ffc5fa95548 RCX: 00007f0a772fb679 [ 80.380427][ T5062] RDX: 000000000208e24b RSI: 00000000200004c0 RDI: 0000000000000005 [ 80.388493][ T5062] RBP: 00007f0a7736e610 R08: 0000000000000000 R09: 00007ffc5fa95548 [ 80.396465][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.404432][ T5062] R13: 00007ffc5fa95538 R14: 0000000000000001 R15: 0000000000000001 [ 80.412666][ T5062] [ 87.469035][ T24] cfg80211: failed to load regulatory.db