[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts. 2022/11/30 00:43:19 ignoring optional flag "sandboxArg"="0" 2022/11/30 00:43:19 parsed 1 programs 2022/11/30 00:43:19 executed programs: 0 syzkaller login: [ 34.086323] IPVS: ftp: loaded support on port[0] = 21 [ 34.212835] chnl_net:caif_netlink_parms(): no params data found [ 34.258470] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.265350] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.273014] device bridge_slave_0 entered promiscuous mode [ 34.280814] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.287198] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.294956] device bridge_slave_1 entered promiscuous mode [ 34.312655] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.321532] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.339260] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.346788] team0: Port device team_slave_0 added [ 34.352545] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.360870] team0: Port device team_slave_1 added [ 34.375664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.381962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.407234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.418874] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.425124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.450351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.464057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.471664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.490749] device hsr_slave_0 entered promiscuous mode [ 34.496456] device hsr_slave_1 entered promiscuous mode [ 34.502998] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.510125] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.572766] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.579306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.586078] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.592509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.624442] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.631828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.641126] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.650501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.658989] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.666020] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.673654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.684864] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.691693] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.700637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.708207] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.714609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.724229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.732349] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.738742] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.752457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.760985] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.775875] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.785832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.796409] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 34.803573] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.811431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.819585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.828976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.855987] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 34.864397] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.872032] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.882424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.915329] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 34.925706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.956486] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 34.963908] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 34.971424] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 34.980729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.988214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.996108] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.005012] device veth0_vlan entered promiscuous mode [ 35.013468] device veth1_vlan entered promiscuous mode [ 35.020078] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.028268] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.040475] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.049703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.056894] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.064925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.074086] device veth0_macvtap entered promiscuous mode [ 35.081378] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.090290] device veth1_macvtap entered promiscuous mode [ 35.099654] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.109280] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.119979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.126658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.135129] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.146021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.153167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.261082] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 35.267809] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.283956] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 35.287215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.297355] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.306092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.314545] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.322520] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.371446] hfsplus: xattr searching failed [ 35.376325] [ 35.378043] ============================================ [ 35.383481] WARNING: possible recursive locking detected [ 35.388922] 4.19.211-syzkaller #0 Not tainted [ 35.393398] -------------------------------------------- [ 35.398828] syz-executor.0/8370 is trying to acquire lock: [ 35.404426] 000000001390217b (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_get_block+0x292/0x960 [ 35.413956] [ 35.413956] but task is already holding lock: [ 35.419907] 000000004dd3252d (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 35.429873] [ 35.429873] other info that might help us debug this: [ 35.436513] Possible unsafe locking scenario: [ 35.436513] [ 35.442547] CPU0 [ 35.445116] ---- [ 35.447703] lock(&HFSPLUS_I(inode)->extents_lock); [ 35.452782] lock(&HFSPLUS_I(inode)->extents_lock); [ 35.457872] [ 35.457872] *** DEADLOCK *** [ 35.457872] [ 35.463908] May be due to missing lock nesting notation [ 35.463908] [ 35.470810] 4 locks held by syz-executor.0/8370: [ 35.475537] #0: 00000000d95e1378 (sb_writers#14){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 35.483610] #1: 00000000f04bdabf (&sb->s_type->i_mutex_key#21){+.+.}, at: do_truncate+0x125/0x1f0 [ 35.492701] #2: 000000004dd3252d (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 35.503097] #3: 00000000296099ba (&sbi->alloc_mutex){+.+.}, at: hfsplus_block_free+0xdb/0x5d0 [ 35.511923] [ 35.511923] stack backtrace: [ 35.516404] CPU: 1 PID: 8370 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 [ 35.524171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.533508] Call Trace: [ 35.536081] dump_stack+0x1fc/0x2ef [ 35.539696] __lock_acquire.cold+0x121/0x57e [ 35.544092] ? mark_held_locks+0xf0/0xf0 [ 35.548142] ? add_lock_to_list.constprop.0+0x17d/0x330 [ 35.553493] ? save_trace+0xd6/0x290 [ 35.557188] ? __lock_acquire+0x22f9/0x3ff0 [ 35.561502] lock_acquire+0x170/0x3c0 [ 35.565339] ? hfsplus_get_block+0x292/0x960 [ 35.569748] ? hfsplus_get_block+0x292/0x960 [ 35.574222] __mutex_lock+0xd7/0x1190 [ 35.578013] ? hfsplus_get_block+0x292/0x960 [ 35.582413] ? check_preemption_disabled+0x41/0x280 [ 35.587497] ? hfsplus_get_block+0x292/0x960 [ 35.591893] ? mutex_trylock+0x1a0/0x1a0 [ 35.595939] ? create_page_buffers+0x212/0x350 [ 35.600499] ? alloc_page_buffers+0x2da/0x5c0 [ 35.604974] ? lock_downgrade+0x720/0x720 [ 35.609107] ? do_raw_spin_lock+0xcb/0x220 [ 35.613324] hfsplus_get_block+0x292/0x960 [ 35.617545] block_read_full_page+0x288/0xd10 [ 35.622019] ? hfsplus_file_extend+0xf40/0xf40 [ 35.626582] ? __bread_gfp+0x300/0x300 [ 35.630451] ? add_to_page_cache_locked+0x40/0x40 [ 35.635283] do_read_cache_page+0x533/0x1170 [ 35.639676] ? hfsplus_bmap+0x30/0x30 [ 35.643458] hfsplus_block_free+0x18b/0x5d0 [ 35.647760] ? __mutex_unlock_slowpath+0xea/0x610 [ 35.652583] hfsplus_free_extents+0x228/0x520 [ 35.657060] hfsplus_file_truncate+0xd96/0x1040 [ 35.661717] ? hfsplus_get_block+0x960/0x960 [ 35.666111] ? up_write+0x18/0x150 [ 35.669630] ? unmap_mapping_pages+0x121/0x2b0 [ 35.674193] ? inode_newsize_ok+0x121/0x1e0 [ 35.678497] hfsplus_setattr+0x1e7/0x310 [ 35.682545] ? hfsplus_file_open+0x140/0x140 [ 35.686935] notify_change+0x70b/0xfc0 [ 35.690807] do_truncate+0x134/0x1f0 [ 35.694498] ? dentry_open+0x1d0/0x1d0 [ 35.698365] ? apparmor_path_truncate+0x183/0x200 [ 35.703226] ? inode_permission+0x3d/0x140 [ 35.707441] path_openat+0x2308/0x2df0 [ 35.711327] ? path_lookupat+0x8d0/0x8d0 [ 35.715368] ? mark_held_locks+0xf0/0xf0 [ 35.719405] do_filp_open+0x18c/0x3f0 [ 35.723182] ? may_open_dev+0xf0/0xf0 [ 35.726969] ? lock_downgrade+0x720/0x720 [ 35.731118] ? lock_acquire+0x170/0x3c0 [ 35.735075] ? __alloc_fd+0x34/0x570 [ 35.738767] ? do_raw_spin_unlock+0x171/0x230 [ 35.743254] ? _raw_spin_unlock+0x29/0x40 [ 35.747397] ? __alloc_fd+0x28d/0x570 [ 35.751185] do_sys_open+0x3b3/0x520 [ 35.754880] ? filp_open+0x70/0x70 [ 35.758403] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.763754] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.768752] ? do_syscall_64+0x21/0x620 [ 35.772705] do_syscall_64+0xf9/0x620 [ 35.776520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.781694] RIP: 0033:0x7f17d214d0d9 [ 35.785391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.804277] RSP: 002b:00007f17d14bf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 35.812059] RAX: ffffffffffffffda RBX: 00007f17d226cf80 RCX: 00007f17d214d0d9 [ 35.819489] RDX: 0000000000000000 RSI: 000000