./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor396225714 <...> Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. execve("./syz-executor396225714", ["./syz-executor396225714"], 0x7fff7ab40cb0 /* 10 vars */) = 0 brk(NULL) = 0x55556d349000 brk(0x55556d349d00) = 0x55556d349d00 arch_prctl(ARCH_SET_FS, 0x55556d349380) = 0 set_tid_address(0x55556d349650) = 5088 set_robust_list(0x55556d349660, 24) = 0 rseq(0x55556d349ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor396225714", 4096) = 27 getrandom("\xc7\xbd\xcc\xe3\x2e\xdc\x4f\x08", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556d349d00 brk(0x55556d36ad00) = 0x55556d36ad00 brk(0x55556d36b000) = 0x55556d36b000 mprotect(0x7fa9b3048000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x55556d349650) = 5089 [pid 5089] set_robust_list(0x55556d349660, 24) = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa9aaa00000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5089] munmap(0x7fa9aaa00000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] close(4) = 0 [pid 5089] mkdir("./file2", 0777) = 0 [ 109.620703][ T5089] loop0: detected capacity change from 0 to 64 [pid 5089] mount("/dev/loop0", "./file2", "hfs", 0, "") = 0 [pid 5089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file2") = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5089] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [ 109.725082][ T5089] [ 109.727431][ T5089] ============================================ [ 109.733573][ T5089] WARNING: possible recursive locking detected [ 109.739739][ T5089] 6.9.0-rc6-syzkaller-00005-gb947cc5bf6d7 #0 Not tainted [ 109.746777][ T5089] -------------------------------------------- [ 109.752919][ T5089] syz-executor396/5089 is trying to acquire lock: [ 109.759325][ T5089] ffff8880234ce0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 109.768724][ T5089] [ 109.768724][ T5089] but task is already holding lock: [ 109.776086][ T5089] ffff8880234ce0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 109.785466][ T5089] [ 109.785466][ T5089] other info that might help us debug this: [ 109.793526][ T5089] Possible unsafe locking scenario: [ 109.793526][ T5089] [ 109.800974][ T5089] CPU0 [ 109.804278][ T5089] ---- [ 109.807555][ T5089] lock(&tree->tree_lock/1); [ 109.812256][ T5089] lock(&tree->tree_lock/1); [ 109.816954][ T5089] [ 109.816954][ T5089] *** DEADLOCK *** [ 109.816954][ T5089] [ 109.825129][ T5089] May be due to missing lock nesting notation [ 109.825129][ T5089] [ 109.833532][ T5089] 5 locks held by syz-executor396/5089: [ 109.839082][ T5089] #0: ffff8880234ca420 (sb_writers#9){.+.+}-{0:0}, at: ksys_write+0x12f/0x260 [ 109.848109][ T5089] #1: ffff88807c930fa8 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: generic_file_write_iter+0x92/0x350 [ 109.859496][ T5089] #2: ffff88807c930df8 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 109.870179][ T5089] #3: ffff8880234ce0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 109.879999][ T5089] #4: ffff8880233b80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 109.891212][ T5089] [ 109.891212][ T5089] stack backtrace: [ 109.897099][ T5089] CPU: 1 PID: 5089 Comm: syz-executor396 Not tainted 6.9.0-rc6-syzkaller-00005-gb947cc5bf6d7 #0 [ 109.907528][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 109.917597][ T5089] Call Trace: [ 109.920884][ T5089] [ 109.923820][ T5089] dump_stack_lvl+0x116/0x1f0 [ 109.928544][ T5089] __lock_acquire+0x20e6/0x3b30 [ 109.933427][ T5089] ? __pfx___lock_acquire+0x10/0x10 [ 109.938648][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 109.944315][ T5089] ? kasan_save_stack+0x42/0x60 [ 109.949193][ T5089] ? kasan_save_stack+0x33/0x60 [ 109.954065][ T5089] ? kasan_save_track+0x14/0x30 [ 109.959132][ T5089] ? __kasan_kmalloc+0xaa/0xb0 [ 109.963915][ T5089] ? __kmalloc+0x1f9/0x440 [ 109.968370][ T5089] lock_acquire+0x1b1/0x560 [ 109.972900][ T5089] ? hfs_find_init+0x183/0x220 [ 109.977694][ T5089] ? __pfx_lock_acquire+0x10/0x10 [ 109.982742][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 109.988400][ T5089] ? __pfx___might_resched+0x10/0x10 [ 109.993719][ T5089] __mutex_lock+0x175/0x9c0 [ 109.998343][ T5089] ? hfs_find_init+0x183/0x220 [ 110.003338][ T5089] ? hfs_find_init+0x183/0x220 [ 110.008133][ T5089] ? __pfx___mutex_lock+0x10/0x10 [ 110.013195][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.018851][ T5089] ? rcu_is_watching+0x12/0xc0 [ 110.023722][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.029377][ T5089] ? trace_kmalloc+0x2d/0xe0 [ 110.033985][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.039640][ T5089] ? __kmalloc+0x218/0x440 [ 110.044088][ T5089] ? hfs_find_init+0x183/0x220 [ 110.048878][ T5089] hfs_find_init+0x183/0x220 [ 110.053499][ T5089] hfs_ext_read_extent+0x19c/0x9e0 [ 110.058651][ T5089] ? __pfx___mutex_lock+0x10/0x10 [ 110.063712][ T5089] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 110.069386][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.075045][ T5089] ? do_raw_spin_unlock+0x172/0x230 [ 110.080280][ T5089] hfs_extend_file+0x4e4/0xb10 [ 110.085090][ T5089] ? __pfx_hfs_extend_file+0x10/0x10 [ 110.090410][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.096066][ T5089] ? __pfx___mutex_lock+0x10/0x10 [ 110.101129][ T5089] hfs_bmap_reserve+0x29c/0x380 [ 110.106019][ T5089] __hfs_ext_write_extent+0x3cf/0x520 [ 110.111430][ T5089] ? hfs_find_init+0x183/0x220 [ 110.116225][ T5089] hfs_ext_read_extent+0x809/0x9e0 [ 110.121387][ T5089] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 110.127065][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.132729][ T5089] hfs_extend_file+0x4e4/0xb10 [ 110.137535][ T5089] ? __pfx_hfs_extend_file+0x10/0x10 [ 110.142866][ T5089] hfs_get_block+0x17f/0x830 [ 110.147497][ T5089] ? __pfx_hfs_get_block+0x10/0x10 [ 110.152651][ T5089] __block_write_begin_int+0x4fe/0x16e0 [ 110.158246][ T5089] ? __pfx_hfs_get_block+0x10/0x10 [ 110.163398][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.169054][ T5089] ? __pfx___block_write_begin_int+0x10/0x10 [ 110.175168][ T5089] block_write_begin+0xb1/0x4a0 [ 110.180063][ T5089] ? __pfx_hfs_get_block+0x10/0x10 [ 110.185217][ T5089] cont_write_begin+0x53d/0x740 [ 110.190113][ T5089] ? __pfx_hfs_get_block+0x10/0x10 [ 110.195269][ T5089] ? __pfx_cont_write_begin+0x10/0x10 [ 110.200688][ T5089] ? fault_in_readable+0x150/0x200 [ 110.205847][ T5089] ? __pfx_fault_in_readable+0x10/0x10 [ 110.211331][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.216999][ T5089] hfs_write_begin+0x87/0x150 [ 110.221696][ T5089] ? __pfx_hfs_get_block+0x10/0x10 [ 110.226850][ T5089] generic_perform_write+0x275/0x620 [ 110.232163][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.237827][ T5089] ? __pfx_generic_perform_write+0x10/0x10 [ 110.243660][ T5089] ? __mark_inode_dirty+0x5c1/0xe70 [ 110.248881][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.254539][ T5089] ? generic_update_time+0xcf/0xf0 [ 110.259673][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.265328][ T5089] ? mnt_put_write_access_file+0x45/0xf0 [ 110.271003][ T5089] __generic_file_write_iter+0x1fd/0x240 [ 110.276674][ T5089] generic_file_write_iter+0xe7/0x350 [ 110.282084][ T5089] vfs_write+0x6de/0x1100 [ 110.286441][ T5089] ? __pfx_vfs_write+0x10/0x10 [ 110.291225][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.296883][ T5089] ? find_held_lock+0x2d/0x110 [ 110.301689][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.307348][ T5089] ? __fget_light+0x176/0x210 [ 110.312072][ T5089] ksys_write+0x12f/0x260 [ 110.316424][ T5089] ? __pfx_ksys_write+0x10/0x10 [ 110.321291][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.326955][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.332615][ T5089] ? _raw_spin_unlock_irq+0x2e/0x50 [ 110.337843][ T5089] ? srso_alias_return_thunk+0x5/0xfbef5 [ 110.343672][ T5089] ? ptrace_notify+0xf1/0x130 [ 110.348392][ T5089] do_syscall_64+0xcf/0x260 [ 110.352922][ T5089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.358862][ T5089] RIP: 0033:0x7fa9b2fd4a99 [ 110.363288][ T5089] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 110.382924][ T5089] RSP: 002b:00007fff5f96d858 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.391363][ T5089] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007fa9b2fd4a99 [ 110.399354][ T5089] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004 [ 110.407337][ T5089] RBP: 00007fa9b30485f0 R08: 000055556d34a4c0 R09: 000055556d34a4c0 [ 110.415327][ T5089] R10: 00000000000002a0 R11: 0000000000000246 R12: 00007fff5f96d880 [ 110.423490][ T5089] R13: 00007fff5f96daa8 R14: 431bde82d7b634db R15: 00007fa9b301d03b [ 110.431486][ T5089] [pid 5089] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\xbb\xa7\x28\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064 [pid 5088] kill(-5089, SIGKILL) = 0 [pid 5088] kill(5089, SIGKILL) = 0 [pid 5088] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5088] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5088] getdents64(3, 0x55556d34a6f0 /* 2 entries */, 32768) = 48 [pid 5088] getdents64(3, 0x55556d34a6f0 /* 0 entries */, 32768) = 0 [pid 5088] close(3) = 0