./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2163817783 <...> Warning: Permanently added '10.128.15.194' (ED25519) to the list of known hosts. execve("./syz-executor2163817783", ["./syz-executor2163817783"], 0x7ffd83f92650 /* 10 vars */) = 0 brk(NULL) = 0x555556213000 brk(0x555556213d00) = 0x555556213d00 arch_prctl(ARCH_SET_FS, 0x555556213380) = 0 set_tid_address(0x555556213650) = 5033 set_robust_list(0x555556213660, 24) = 0 rseq(0x555556213ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2163817783", 4096) = 28 getrandom("\x3d\xfe\x2d\x2c\xf4\xf3\x8e\xdd", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556213d00 brk(0x555556234d00) = 0x555556234d00 brk(0x555556235000) = 0x555556235000 mprotect(0x7f90eb24c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 [ 73.226857][ T27] audit: type=1400 audit(1696064608.250:83): avc: denied { write } for pid=5030 comm="strace-static-x" path="pipe:[3762]" dev="pipefs" ino=3762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556213650) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x555556213660, 24) = 0 [pid 5034] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setsid() = 1 [pid 5034] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5034] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5034] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5034] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5034] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5034] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5034] unshare(CLONE_NEWNS) = 0 [pid 5034] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5034] unshare(CLONE_NEWIPC) = 0 [pid 5034] unshare(CLONE_NEWCGROUP) = 0 [pid 5034] unshare(CLONE_NEWUTS) = 0 [pid 5034] unshare(CLONE_SYSVSEM) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "16777216", 8) = 8 [ 73.258839][ T27] audit: type=1400 audit(1696064608.280:84): avc: denied { execmem } for pid=5033 comm="syz-executor216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 73.282842][ T27] audit: type=1400 audit(1696064608.300:85): avc: denied { mounton } for pid=5034 comm="syz-executor216" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "536870912", 9) = 9 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1024", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "8192", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1024", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1024", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5034] close(3) = 0 [pid 5034] getpid() = 1 [pid 5034] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 73.618997][ T10] [ 73.618997][ T10] but task is already holding lock: [ 73.626335][ T10] ffff88802587e0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 73.635621][ T10] [ 73.635621][ T10] other info that might help us debug this: [ 73.643656][ T10] Possible unsafe locking scenario: [ 73.643656][ T10] [ 73.651099][ T10] CPU0 [ 73.654355][ T10] ---- [ 73.657613][ T10] lock(&tree->tree_lock/1); [ 73.662271][ T10] lock(&tree->tree_lock/1); [ 73.666935][ T10] [ 73.666935][ T10] *** DEADLOCK *** [ 73.666935][ T10] [ 73.675051][ T10] May be due to missing lock nesting notation [ 73.675051][ T10] [ 73.683345][ T10] 4 locks held by kworker/u4:0/10: [ 73.688434][ T10] #0: ffff888143665538 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x787/0x15c0 [ 73.699041][ T10] #1: ffffc9000030fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7e9/0x15c0 [ 73.710846][ T10] #2: ffff88802587e0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 73.720588][ T10] #3: ffff8880251b94b8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 73.731701][ T10] [ 73.731701][ T10] stack backtrace: [ 73.737564][ T10] CPU: 1 PID: 10 Comm: kworker/u4:0 Not tainted 6.6.0-rc3-syzkaller-00096-g71e58659bfc0 #0 [ 73.747528][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 73.757562][ T10] Workqueue: writeback wb_workfn (flush-7:0) [ 73.763531][ T10] Call Trace: [ 73.766793][ T10] [ 73.769704][ T10] dump_stack_lvl+0xd9/0x1b0 [ 73.774281][ T10] __lock_acquire+0x2971/0x5de0 [ 73.779116][ T10] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 73.785079][ T10] ? lockdep_hardirqs_on+0x7d/0x100 [ 73.790261][ T10] ? __stack_depot_save+0x247/0x510 [ 73.795444][ T10] lock_acquire+0x1ae/0x510 [ 73.799938][ T10] ? hfs_find_init+0x17f/0x220 [ 73.804683][ T10] ? lock_sync+0x190/0x190 [ 73.809084][ T10] ? ret_from_fork+0x45/0x80 [ 73.813654][ T10] ? ret_from_fork_asm+0x11/0x20 [ 73.818576][ T10] ? preempt_count_sub+0x150/0x150 [ 73.823674][ T10] __mutex_lock+0x181/0x1340 [ 73.828251][ T10] ? hfs_find_init+0x17f/0x220 [ 73.832997][ T10] ? hfs_find_init+0x17f/0x220 [ 73.837744][ T10] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 73.843272][ T10] ? kasan_set_track+0x25/0x30 [ 73.848019][ T10] ? hfs_find_init+0x17f/0x220 [ 73.852766][ T10] hfs_find_init+0x17f/0x220 [ 73.857338][ T10] hfs_ext_read_extent+0x19c/0x9d0 [ 73.862434][ T10] ? hfs_free_extents+0x2f0/0x2f0 [ 73.867443][ T10] ? do_raw_spin_unlock+0x173/0x230 [ 73.872623][ T10] hfs_extend_file+0x4e0/0xb10 [ 73.877372][ T10] ? hfs_free_fork+0x900/0x900 [ 73.882118][ T10] hfs_bmap_reserve+0x29c/0x370 [ 73.886969][ T10] __hfs_ext_write_extent+0x3cb/0x520 [ 73.892325][ T10] hfs_ext_write_extent+0x1b3/0x1f0 [ 73.897524][ T10] ? hfs_ext_keycmp+0x310/0x310 [ 73.902359][ T10] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 73.908336][ T10] hfs_write_inode+0xc4/0x9f0 [ 73.912998][ T10] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 73.918962][ T10] ? hfs_inode_write_fork+0x1c0/0x1c0 [ 73.924319][ T10] ? spin_bug+0x1d0/0x1d0 [ 73.928632][ T10] ? reacquire_held_locks+0x4b0/0x4b0 [ 73.933987][ T10] __writeback_single_inode+0xa81/0xe70 [ 73.939517][ T10] ? __mark_inode_dirty+0xd50/0xd50 [ 73.944695][ T10] ? _raw_spin_unlock+0x28/0x40 [ 73.949523][ T10] ? wbc_attach_and_unlock_inode+0x561/0x910 [ 73.955501][ T10] writeback_sb_inodes+0x599/0x1070 [ 73.960684][ T10] ? _raw_spin_unlock+0x28/0x40 [ 73.965511][ T10] ? sync_inode_metadata+0xe0/0xe0 [ 73.970609][ T10] ? rcu_is_watching+0x12/0xb0 [ 73.975358][ T10] ? queue_io+0x3ed/0x4e0 [ 73.979683][ T10] wb_writeback+0x2a5/0xa90 [ 73.984168][ T10] ? __writeback_inodes_wb+0x2d0/0x2d0 [ 73.989608][ T10] ? reacquire_held_locks+0x4b0/0x4b0 [ 73.994964][ T10] ? mark_held_locks+0x9f/0xe0 [ 73.999712][ T10] wb_workfn+0x29c/0xfd0 [ 74.003937][ T10] ? inode_wait_for_writeback+0x30/0x30 [ 74.009467][ T10] ? lock_sync+0x190/0x190 [ 74.013864][ T10] ? lock_sync+0x190/0x190 [ 74.018266][ T10] ? reacquire_held_locks+0x4b0/0x4b0 [ 74.023620][ T10] process_one_work+0x884/0x15c0 [ 74.028539][ T10] ? lock_sync+0x190/0x190 [ 74.032939][ T10] ? init_worker_pool+0x770/0x770 [ 74.037960][ T10] ? assign_work+0x1a0/0x240 [ 74.042530][ T10] worker_thread+0x8b9/0x1290 [ 74.047189][ T10] ? process_one_work+0x15c0/0x15c0 [ 74.052366][ T10] kthread+0x33c/0x440 [ 74.056411][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.061589][ T10] ? kthread_complete_and_exit+0x40/0x40 [ 74.067202][ T10] ret_from_fork+0x45/0x80 [ 74.071599][ T10] ? kthread_complete_and_exit+0x40/0x40 [ 74.077210][ T10] ret_from_fork_asm+0x11/0x20 [ 74.081960][ T10]