./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4029805515 <...> Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts. execve("./syz-executor4029805515", ["./syz-executor4029805515"], 0x7fff06508e50 /* 10 vars */) = 0 brk(NULL) = 0x555557519000 brk(0x555557519d00) = 0x555557519d00 arch_prctl(ARCH_SET_FS, 0x555557519380) = 0 set_tid_address(0x555557519650) = 5017 set_robust_list(0x555557519660, 24) = 0 rseq(0x555557519ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4029805515", 4096) = 28 getrandom("\x21\xa8\xc8\xcf\x28\xec\x40\x0f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557519d00 brk(0x55555753ad00) = 0x55555753ad00 brk(0x55555753b000) = 0x55555753b000 mprotect(0x7f2f61e5f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2f599af000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7f2f599af000, 32768) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 mount("/dev/loop0", "./bus", "hfs", 0, "") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 57.197291][ T5017] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5017 'syz-executor402' [ 57.211355][ T5017] loop0: detected capacity change from 0 to 64 [ 57.271041][ T5017] [ 57.273364][ T5017] ============================================ [ 57.279490][ T5017] WARNING: possible recursive locking detected [ 57.285608][ T5017] 6.5.0-rc1-syzkaller-00259-g831fe284d827 #0 Not tainted [ 57.292782][ T5017] -------------------------------------------- [ 57.298902][ T5017] syz-executor402/5017 is trying to acquire lock: [ 57.305279][ T5017] ffff88801f85a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 57.314570][ T5017] [ 57.314570][ T5017] but task is already holding lock: [ 57.321905][ T5017] ffff88801f85a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 57.331181][ T5017] [ 57.331181][ T5017] other info that might help us debug this: [ 57.339211][ T5017] Possible unsafe locking scenario: [ 57.339211][ T5017] [ 57.346642][ T5017] CPU0 [ 57.349895][ T5017] ---- [ 57.353150][ T5017] lock(&tree->tree_lock/1); [ 57.357802][ T5017] lock(&tree->tree_lock/1); [ 57.362474][ T5017] [ 57.362474][ T5017] *** DEADLOCK *** [ 57.362474][ T5017] [ 57.370596][ T5017] May be due to missing lock nesting notation [ 57.370596][ T5017] [ 57.378888][ T5017] 5 locks held by syz-executor402/5017: [ 57.384409][ T5017] #0: ffff88801f858410 (sb_writers#9){.+.+}-{0:0}, at: ksys_write+0x12f/0x250 [ 57.393356][ T5017] #1: ffff88802bc29628 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: generic_file_write_iter+0x92/0x350 [ 57.404627][ T5017] #2: ffff88802bc29478 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 57.415207][ T5017] #3: ffff88801f85a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x17f/0x220 [ 57.424922][ T5017] #4: ffff88802bc280f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 57.436021][ T5017] [ 57.436021][ T5017] stack backtrace: [ 57.441881][ T5017] CPU: 1 PID: 5017 Comm: syz-executor402 Not tainted 6.5.0-rc1-syzkaller-00259-g831fe284d827 #0 [ 57.452261][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 57.462289][ T5017] Call Trace: [ 57.465541][ T5017] [ 57.468450][ T5017] dump_stack_lvl+0xd9/0x1b0 [ 57.473025][ T5017] __lock_acquire+0x2971/0x5de0 [ 57.477876][ T5017] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 57.483832][ T5017] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.489025][ T5017] ? __stack_depot_save+0x247/0x510 [ 57.494203][ T5017] lock_acquire+0x1ae/0x510 [ 57.498697][ T5017] ? hfs_find_init+0x17f/0x220 [ 57.503451][ T5017] ? lock_sync+0x190/0x190 [ 57.507848][ T5017] ? generic_file_write_iter+0xe3/0x350 [ 57.513367][ T5017] ? vfs_write+0x650/0xe40 [ 57.517776][ T5017] ? preempt_count_sub+0x150/0x150 [ 57.522865][ T5017] __mutex_lock+0x181/0x1340 [ 57.527432][ T5017] ? hfs_find_init+0x17f/0x220 [ 57.532538][ T5017] ? hfs_find_init+0x17f/0x220 [ 57.537277][ T5017] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 57.542799][ T5017] ? kasan_set_track+0x25/0x30 [ 57.547541][ T5017] ? hfs_find_init+0x17f/0x220 [ 57.552277][ T5017] hfs_find_init+0x17f/0x220 [ 57.556841][ T5017] hfs_ext_read_extent+0x19c/0x9d0 [ 57.561935][ T5017] ? hfs_free_extents+0x2f0/0x2f0 [ 57.567025][ T5017] ? do_raw_spin_unlock+0x173/0x230 [ 57.572205][ T5017] hfs_extend_file+0x4e0/0xb10 [ 57.576947][ T5017] ? hfs_free_fork+0x900/0x900 [ 57.581703][ T5017] hfs_bmap_reserve+0x29c/0x370 [ 57.586533][ T5017] __hfs_ext_write_extent+0x3cb/0x520 [ 57.591883][ T5017] hfs_ext_read_extent+0x805/0x9d0 [ 57.596972][ T5017] ? hfs_free_extents+0x2f0/0x2f0 [ 57.601977][ T5017] ? clean_bdev_aliases+0x514/0x610 [ 57.607155][ T5017] hfs_extend_file+0x4e0/0xb10 [ 57.611895][ T5017] ? reacquire_held_locks+0x4b0/0x4b0 [ 57.617247][ T5017] ? hfs_free_fork+0x900/0x900 [ 57.621989][ T5017] hfs_get_block+0x17f/0x820 [ 57.626559][ T5017] ? hfs_extend_file+0xb10/0xb10 [ 57.631476][ T5017] __block_write_begin_int+0x3c0/0x1470 [ 57.637002][ T5017] ? hfs_extend_file+0xb10/0xb10 [ 57.641917][ T5017] ? invalidate_bh_lrus_cpu+0x170/0x170 [ 57.647441][ T5017] ? __filemap_get_folio+0x1e7/0x990 [ 57.652699][ T5017] block_write_begin+0xb1/0x490 [ 57.657530][ T5017] ? hfs_extend_file+0xb10/0xb10 [ 57.662445][ T5017] cont_write_begin+0x52f/0x730 [ 57.667276][ T5017] ? hfs_extend_file+0xb10/0xb10 [ 57.672192][ T5017] ? block_write_begin+0x490/0x490 [ 57.677282][ T5017] ? fault_in_readable+0x106/0x200 [ 57.682369][ T5017] ? fault_in_readable+0x150/0x200 [ 57.687458][ T5017] ? fault_in_subpage_writeable+0x20/0x20 [ 57.693156][ T5017] hfs_write_begin+0x87/0x140 [ 57.697815][ T5017] ? hfs_extend_file+0xb10/0xb10 [ 57.702730][ T5017] generic_perform_write+0x278/0x600 [ 57.707996][ T5017] ? folio_add_wait_queue+0x1c0/0x1c0 [ 57.713346][ T5017] ? new_inode+0x270/0x270 [ 57.717737][ T5017] ? generic_write_checks_count+0x2d0/0x2d0 [ 57.723608][ T5017] __generic_file_write_iter+0x1f9/0x240 [ 57.729252][ T5017] generic_file_write_iter+0xe3/0x350 [ 57.734622][ T5017] vfs_write+0x650/0xe40 [ 57.738862][ T5017] ? kernel_write+0x6c0/0x6c0 [ 57.743524][ T5017] ? find_held_lock+0x2d/0x110 [ 57.748525][ T5017] ? reacquire_held_locks+0x4b0/0x4b0 [ 57.753876][ T5017] ? __fget_light+0x1fc/0x260 [ 57.758548][ T5017] ksys_write+0x12f/0x250 [ 57.762858][ T5017] ? __ia32_sys_read+0xb0/0xb0 [ 57.767599][ T5017] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.772774][ T5017] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.778040][ T5017] ? ptrace_notify+0xf4/0x130 [ 57.782690][ T5017] do_syscall_64+0x38/0xb0 [ 57.787084][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.792971][ T5017] RIP: 0033:0x7f2f61dec5f9 [ 57.797445][ T5017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.817026][ T5017] RSP: 002b:00007ffc6941f698 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.825423][ T5017] RAX: ffffffffffffffda RBX: 00007ffc6941f868 RCX: 00007f2f61dec5f9 [ 57.833370][ T5017] RDX: 000000000208e24b RSI: 0000000020000180 RDI: 0000000000000004 [ 57.841317][ T5017] RBP: 00007f2f61e5f610 R08: 0000000000000000 R09: 00007ffc6941f868 [ 57.849261][ T5017] R10: 00000000000002ba R11: 0000000000000246 R12: 0000000000000001 [ 57.857204][ T5017] R13: 00007ffc6941f858 R14: 0000000000000001 R15: 0000000000000001 [ 57.865153][ T5017] [ 62.287483][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.287483][ T12] loop0: rw=1048577, sector=95, nr_sectors = 1 limit=64 [ 62.301167][ T12] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 62.309629][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.309629][ T12] loop0: rw=1048577, sector=96, nr_sectors = 1 limit=64 [ 62.323269][ T12] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 62.331749][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.331749][ T12] loop0: rw=1048577, sector=98, nr_sectors = 1 limit=64 [ 62.345513][ T12] Buffer I/O error on dev loop0, logical block 98, lost async page write [ 62.354021][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.354021][ T12] loop0: rw=1048577, sector=100, nr_sectors = 1 limit=64 [ 62.367845][ T12] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 62.376339][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.376339][ T12] loop0: rw=1048577, sector=101, nr_sectors = 1 limit=64 [ 62.390153][ T12] Buffer I/O error on dev loop0, logical block 101, lost async page write [ 62.398684][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.398684][ T12] loop0: rw=1048577, sector=102, nr_sectors = 1 limit=64 [ 62.412429][ T12] Buffer I/O error on dev loop0, logical block 102, lost async page write [ 62.420996][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.420996][ T12] loop0: rw=1048577, sector=103, nr_sectors = 1 limit=64 [ 62.434755][ T12] Buffer I/O error on dev loop0, logical block 103, lost async page write [ 62.443299][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.443299][ T12] loop0: rw=1048577, sector=104, nr_sectors = 1 limit=64 [ 62.457039][ T12] Buffer I/O error on dev loop0, logical block 104, lost async page write [ 62.467396][ T12] kworker/u4:1: attempt to access beyond end of device [ 62.467396][ T12] loop0: rw=1048577, sector=105, nr_sectors = 4064 limit=64