./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2269700644
<...>
Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts.
execve("./syz-executor2269700644", ["./syz-executor2269700644"], 0x7fffa887c530 /* 10 vars */) = 0
brk(NULL) = 0x555556b3f000
brk(0x555556b3fd00) = 0x555556b3fd00
arch_prctl(ARCH_SET_FS, 0x555556b3f380) = 0
set_tid_address(0x555556b3f650) = 5060
set_robust_list(0x555556b3f660, 24) = 0
rseq(0x555556b3fca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2269700644", 4096) = 28
getrandom("\x4d\x8d\x27\x79\x61\xb8\x81\x62", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556b3fd00
brk(0x555556b60d00) = 0x555556b60d00
brk(0x555556b61000) = 0x555556b61000
mprotect(0x7f3b0eef3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 74.846642][ T27] audit: type=1400 audit(1704022047.721:83): avc: denied { execmem } for pid=5060 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 74.868219][ T27] audit: type=1400 audit(1704022047.741:84): avc: denied { read write } for pid=5060 comm="syz-executor226" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b3f650) = 5061
./strace-static-x86_64: Process 5061 attached
[pid 5061] set_robust_list(0x555556b3f660, 24) = 0
[pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5061] setpgid(0, 0) = 0
[pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5061] write(3, "1000", 4) = 4
[pid 5061] close(3) = 0
[pid 5061] memfd_create("syzkaller", 0) = 3
[pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b06a41000
[pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5061] munmap(0x7f3b06a41000, 138412032) = 0
[pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.893566][ T27] audit: type=1400 audit(1704022047.741:85): avc: denied { open } for pid=5060 comm="syz-executor226" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 74.918631][ T27] audit: type=1400 audit(1704022047.771:86): avc: denied { ioctl } for pid=5060 comm="syz-executor226" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5061] close(3) = 0
[pid 5061] mkdir("./bus", 0777) = 0
[ 74.965704][ T5061] loop0: detected capacity change from 0 to 1024
[pid 5061] mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_NOATIME|MS_POSIXACL, "") = 0
[pid 5061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5061] chdir("./bus") = 0
[pid 5061] ioctl(4, LOOP_CLR_FD) = 0
[pid 5061] close(4) = 0
[pid 5061] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 74.996667][ T27] audit: type=1400 audit(1704022047.871:87): avc: denied { mounton } for pid=5061 comm="syz-executor226" path="/root/bus" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 75.019782][ T27] audit: type=1400 audit(1704022047.881:88): avc: denied { mount } for pid=5061 comm="syz-executor226" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[ 75.076899][ T5061]
[ 75.079264][ T5061] ============================================
[ 75.085417][ T5061] WARNING: possible recursive locking detected
[ 75.091571][ T5061] 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0 Not tainted
[ 75.098569][ T5061] --------------------------------------------
[ 75.104711][ T5061] syz-executor226/5061 is trying to acquire lock:
[ 75.111099][ T5061] ffff8880210e00b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16e/0x200
[ 75.120761][ T5061]
[ 75.120761][ T5061] but task is already holding lock:
[ 75.128113][ T5061] ffff8880210e00b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16e/0x200
[ 75.137774][ T5061]
[ 75.137774][ T5061] other info that might help us debug this:
[ 75.145816][ T5061] Possible unsafe locking scenario:
[ 75.145816][ T5061]
[ 75.153253][ T5061] CPU0
[ 75.156521][ T5061] ----
[ 75.159783][ T5061] lock(&tree->tree_lock/1);
[ 75.164454][ T5061] lock(&tree->tree_lock/1);
[ 75.169129][ T5061]
[ 75.169129][ T5061] *** DEADLOCK ***
[ 75.169129][ T5061]
[ 75.177255][ T5061] May be due to missing lock nesting notation
[ 75.177255][ T5061]
[ 75.185558][ T5061] 5 locks held by syz-executor226/5061:
[ 75.191089][ T5061] #0: ffff888020aca418 (sb_writers#10){.+.+}-{0:0}, at: ksys_write+0x12f/0x250
[ 75.200147][ T5061] #1: ffff88807bd21800 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: generic_file_write_iter+0x92/0x350
[ 75.211462][ T5061] #2: ffff88807bd21608 (&hip->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c1/0x1090
[ 75.221812][ T5061] #3: ffff8880210e00b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16e/0x200
[ 75.231995][ T5061] #4: ffff888020bbf588 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c1/0x1090
[ 75.243469][ T5061]
[ 75.243469][ T5061] stack backtrace:
[ 75.249342][ T5061] CPU: 0 PID: 5061 Comm: syz-executor226 Not tainted 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0
[ 75.259749][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 75.269791][ T5061] Call Trace:
[ 75.273061][ T5061] <TASK>
[ 75.275982][ T5061] dump_stack_lvl+0xd9/0x1b0
[ 75.280579][ T5061] __lock_acquire+0x20f8/0x3b20
[ 75.285430][ T5061] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 75.291411][ T5061] ? hfsplus_find_init+0x95/0x200
[ 75.296427][ T5061] lock_acquire+0x1ae/0x520
[ 75.300926][ T5061] ? hfsplus_find_init+0x16e/0x200
[ 75.306030][ T5061] ? lock_sync+0x190/0x190
[ 75.310448][ T5061] ? preempt_count_sub+0x160/0x160
[ 75.315556][ T5061] __mutex_lock+0x175/0x9d0
[ 75.320063][ T5061] ? hfsplus_find_init+0x16e/0x200
[ 75.325168][ T5061] ? hfsplus_find_init+0x16e/0x200
[ 75.330272][ T5061] ? mutex_trylock+0x130/0x130
[ 75.335037][ T5061] ? hfsplus_find_init+0x16e/0x200
[ 75.340141][ T5061] hfsplus_find_init+0x16e/0x200
[ 75.345074][ T5061] hfsplus_ext_read_extent+0x18f/0x240
[ 75.350523][ T5061] ? __hfsplus_ext_cache_extent+0x9d0/0x9d0
[ 75.356409][ T5061] ? rcu_is_watching+0x12/0xb0
[ 75.361167][ T5061] hfsplus_file_extend+0x695/0x1090
[ 75.366356][ T5061] ? __mutex_trylock_common+0xd0/0x250
[ 75.371808][ T5061] ? hfsplus_free_fork+0x820/0x820
[ 75.376912][ T5061] ? rcu_is_watching+0x12/0xb0
[ 75.381671][ T5061] ? trace_contention_end+0xd6/0x100
[ 75.386950][ T5061] ? hfsplus_brec_find+0x3e8/0x520
[ 75.392065][ T5061] ? __mutex_lock+0x1a6/0x9d0
[ 75.396829][ T5061] ? hfsplus_brec_remove+0x4f0/0x4f0
[ 75.402108][ T5061] hfsplus_bmap_reserve+0x318/0x410
[ 75.407307][ T5061] __hfsplus_ext_write_extent+0x470/0x5e0
[ 75.413019][ T5061] __hfsplus_ext_cache_extent+0x98/0x9d0
[ 75.418644][ T5061] hfsplus_ext_read_extent+0x1fc/0x240
[ 75.424096][ T5061] ? __hfsplus_ext_cache_extent+0x9d0/0x9d0
[ 75.429986][ T5061] ? hfsplus_get_block+0x3b8/0x9e0
[ 75.435088][ T5061] hfsplus_file_extend+0x695/0x1090
[ 75.440281][ T5061] ? hfsplus_free_fork+0x820/0x820
[ 75.445384][ T5061] ? __lock_buffer+0x70/0x70
[ 75.450006][ T5061] ? spin_bug+0x1d0/0x1d0
[ 75.454334][ T5061] hfsplus_get_block+0x1ae/0x9e0
[ 75.459263][ T5061] ? hfsplus_file_extend+0x1090/0x1090
[ 75.464711][ T5061] __block_write_begin_int+0x3c0/0x1560
[ 75.470258][ T5061] ? hfsplus_file_extend+0x1090/0x1090
[ 75.475710][ T5061] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 75.481255][ T5061] block_write_begin+0xb1/0x490
[ 75.486106][ T5061] ? hfsplus_file_extend+0x1090/0x1090
[ 75.491557][ T5061] cont_write_begin+0x530/0x730
[ 75.496440][ T5061] ? hfsplus_file_extend+0x1090/0x1090
[ 75.501894][ T5061] ? block_write_begin+0x490/0x490
[ 75.507003][ T5061] ? fault_in_readable+0x106/0x200
[ 75.512118][ T5061] ? fault_in_readable+0x150/0x200
[ 75.517230][ T5061] ? fault_in_subpage_writeable+0x20/0x20
[ 75.522950][ T5061] hfsplus_write_begin+0x87/0x140
[ 75.527975][ T5061] ? hfsplus_file_extend+0x1090/0x1090
[ 75.533423][ T5061] generic_perform_write+0x278/0x600
[ 75.538709][ T5061] ? folio_add_wait_queue+0x1c0/0x1c0
[ 75.544074][ T5061] ? generic_write_checks+0x2b0/0x3f0
[ 75.549621][ T5061] __generic_file_write_iter+0x1f9/0x240
[ 75.555253][ T5061] generic_file_write_iter+0xe3/0x350
[ 75.560626][ T5061] vfs_write+0x64f/0xdf0
[ 75.564863][ T5061] ? kernel_write+0x6c0/0x6c0
[ 75.569539][ T5061] ? __fget_light+0x1fc/0x260
[ 75.574213][ T5061] ksys_write+0x12f/0x250
[ 75.578536][ T5061] ? __ia32_sys_read+0xb0/0xb0
[ 75.583294][ T5061] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 75.589533][ T5061] do_syscall_64+0x40/0x110
[ 75.594034][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 75.599931][ T5061] RIP: 0033:0x7f3b0ee7fa99
[ 75.604335][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 75.623934][ T5061] RSP: 002b:00007ffc00489608 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.632339][ T5061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3b0ee7fa99
[ 75.640302][ T5061] RDX: 00000000fffffff0 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.648261][ T5061] RBP: 00007f3b0eef35f0 R08: 0000555556b404c0 R09: 0000555556b404c0
[ 75.656223][ T5061] R10: 0000000000000647 R11: 0000000000000246 R12: 00007ffc00489630
[ 75.664185][ T5061] R13: 00007ffc00489858 R14: 431bde82d7b634db R15: 00007f3b0eec803b
[ 75.672148][ T5061] </TASK>
[ 75.676667][ T27] audit: type=1400 audit(1704022048.551:89): avc: denied { append } for pid=4493 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 75.698786][ T27] audit: type=1400 audit(1704022048.551:90): avc: denied { open } for pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 75.721159][ T27] audit: type=1400 audit(1704022048.551:91): avc: denied { getattr } for pid=4493 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid 5061] write(4, "\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967280 <unfinished ...>
[pid 5060] kill(-5061, SIGKILL) = 0
[pid 5060] kill(5061, SIGKILL) = 0
[pid 5060] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid 5060] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid 5060] getdents64(3, 0x555556b406f0 /* 2 entries */, 32768) = 48
[pid 5060] getdents64(3, 0x555556b406f0 /* 0 entries */, 32768) = 0
[pid 5060] close(3) = 0