./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3097882819 <...> Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts. execve("./syz-executor3097882819", ["./syz-executor3097882819"], 0x7ffd7885a240 /* 10 vars */) = 0 brk(NULL) = 0x5555688ea000 brk(0x5555688ead00) = 0x5555688ead00 arch_prctl(ARCH_SET_FS, 0x5555688ea380) = 0 set_tid_address(0x5555688ea650) = 5091 set_robust_list(0x5555688ea660, 24) = 0 rseq(0x5555688eaca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3097882819", 4096) = 28 getrandom("\x76\x5a\x86\x87\x28\xa1\xad\x8a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555688ead00 brk(0x55556890bd00) = 0x55556890bd00 brk(0x55556890c000) = 0x55556890c000 mprotect(0x7fc40c592000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x5555688ea650) = 5092 [pid 5092] set_robust_list(0x5555688ea660, 24) = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] write(1, "executing program\n", 18executing program ) = 18 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc404000000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5092] munmap(0x7fc404000000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5092] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "hfs", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, "quiet,codepage=iso8859-15,part=0x0000000") = 0 [pid 5092] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 54.839848][ T5092] loop0: detected capacity change from 0 to 64 [pid 5092] openat(AT_FDCWD, "cpuset.memory_pressure_enabled", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5092] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 5092] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [ 55.412007][ T5092] [ 55.412017][ T5092] ============================================ [ 55.412021][ T5092] WARNING: possible recursive locking detected [ 55.412025][ T5092] 6.10.0-rc1-next-20240531-syzkaller #0 Not tainted [ 55.412032][ T5092] -------------------------------------------- [ 55.412035][ T5092] syz-executor309/5092 is trying to acquire lock: [ 55.412041][ T5092] ffff8880229be0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x16e/0x1f0 [ 55.412097][ T5092] [ 55.412097][ T5092] but task is already holding lock: [ 55.412102][ T5092] ffff8880229be0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x16e/0x1f0 [ 55.412144][ T5092] [ 55.412144][ T5092] other info that might help us debug this: [ 55.412149][ T5092] Possible unsafe locking scenario: [ 55.412149][ T5092] [ 55.412153][ T5092] CPU0 [ 55.412157][ T5092] ---- [ 55.412161][ T5092] lock(&tree->tree_lock/1); [ 55.412175][ T5092] lock(&tree->tree_lock/1); [ 55.412189][ T5092] [ 55.412189][ T5092] *** DEADLOCK *** [ 55.412189][ T5092] [ 55.412193][ T5092] May be due to missing lock nesting notation [ 55.412193][ T5092] [ 55.412199][ T5092] 5 locks held by syz-executor309/5092: [ 55.412209][ T5092] #0: ffff888022a9c420 (sb_writers#9){.+.+}-{0:0}, at: do_ftruncate+0x294/0x590 [ 55.412258][ T5092] #1: ffff888076e28920 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: do_ftruncate+0x457/0x590 [ 55.412306][ T5092] #2: ffff888076e28778 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1450 [ 55.412345][ T5092] #3: ffff8880229be0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x16e/0x1f0 [ 55.412376][ T5092] #4: ffff8880226a80f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1450 [ 55.412399][ T5092] [ 55.412399][ T5092] stack backtrace: [ 55.412407][ T5092] CPU: 1 PID: 5092 Comm: syz-executor309 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0 [ 55.412418][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 55.412427][ T5092] Call Trace: [ 55.412434][ T5092] [ 55.412438][ T5092] dump_stack_lvl+0x241/0x360 [ 55.412455][ T5092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 55.412466][ T5092] ? __pfx__printk+0x10/0x10 [ 55.412476][ T5092] ? lockdep_unlock+0x16a/0x300 [ 55.412494][ T5092] print_deadlock_bug+0x483/0x620 [ 55.412508][ T5092] validate_chain+0x15e2/0x5920 [ 55.412525][ T5092] ? __pfx_validate_chain+0x10/0x10 [ 55.412541][ T5092] ? mark_lock+0x9a/0x360 [ 55.412552][ T5092] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 55.412563][ T5092] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 55.412575][ T5092] ? mark_lock+0x9a/0x360 [ 55.412585][ T5092] ? lockdep_hardirqs_on+0x99/0x150 [ 55.412596][ T5092] __lock_acquire+0x1359/0x2000 [ 55.412610][ T5092] lock_acquire+0x1ed/0x550 [ 55.412620][ T5092] ? hfs_find_init+0x16e/0x1f0 [ 55.412634][ T5092] ? __pfx_lock_acquire+0x10/0x10 [ 55.412644][ T5092] ? block_write_begin+0x9b/0x1e0 [ 55.412656][ T5092] ? cont_write_begin+0x645/0x890 [ 55.412669][ T5092] ? __pfx___might_resched+0x10/0x10 [ 55.412679][ T5092] ? hfs_inode_setattr+0x458/0x620 [ 55.412689][ T5092] ? notify_change+0xb9d/0xe70 [ 55.412700][ T5092] ? do_ftruncate+0x46b/0x590 [ 55.412712][ T5092] ? __x64_sys_ftruncate+0x95/0xf0 [ 55.412724][ T5092] ? do_syscall_64+0xf3/0x230 [ 55.412734][ T5092] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.412751][ T5092] __mutex_lock+0x136/0xd70 [ 55.412761][ T5092] ? hfs_find_init+0x16e/0x1f0 [ 55.412774][ T5092] ? hfs_find_init+0x16e/0x1f0 [ 55.412787][ T5092] ? __pfx___mutex_lock+0x10/0x10 [ 55.412797][ T5092] ? hfs_find_init+0x90/0x1f0 [ 55.412808][ T5092] ? rcu_is_watching+0x15/0xb0 [ 55.412820][ T5092] ? hfs_find_init+0x90/0x1f0 [ 55.412832][ T5092] ? __kmalloc_noprof+0x217/0x400 [ 55.412844][ T5092] hfs_find_init+0x16e/0x1f0 [ 55.412857][ T5092] hfs_extend_file+0x31b/0x1450 [ 55.412868][ T5092] ? __pfx_hfs_ext_keycmp+0x10/0x10 [ 55.412879][ T5092] ? __pfx_hfs_extend_file+0x10/0x10 [ 55.412890][ T5092] ? __pfx___hfs_brec_find+0x10/0x10 [ 55.412902][ T5092] ? do_raw_spin_unlock+0x13c/0x8b0 [ 55.412913][ T5092] ? hfs_brec_find+0x40f/0x580 [ 55.412927][ T5092] hfs_bmap_reserve+0xd9/0x400 [ 55.412939][ T5092] __hfs_ext_write_extent+0x22e/0x4f0 [ 55.412951][ T5092] __hfs_ext_cache_extent+0x6a/0x990 [ 55.412961][ T5092] ? hfs_find_init+0x16e/0x1f0 [ 55.412974][ T5092] hfs_extend_file+0x344/0x1450 [ 55.412986][ T5092] ? __pfx_hfs_extend_file+0x10/0x10 [ 55.412998][ T5092] ? clean_bdev_aliases+0x654/0x7e0 [ 55.413012][ T5092] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 55.413026][ T5092] hfs_get_block+0x3e4/0xb60 [ 55.413039][ T5092] ? __pfx_hfs_get_block+0x10/0x10 [ 55.413050][ T5092] ? create_empty_buffers+0x53e/0x740 [ 55.413062][ T5092] ? folio_batch_add_and_move+0x165/0x2b0 [ 55.413075][ T5092] __block_write_begin_int+0x50c/0x1a70 [ 55.413098][ T5092] ? __pfx_hfs_get_block+0x10/0x10 [ 55.413112][ T5092] ? __pfx___block_write_begin_int+0x10/0x10 [ 55.413134][ T5092] ? __pfx_hfs_get_block+0x10/0x10 [ 55.413147][ T5092] block_write_begin+0x9b/0x1e0 [ 55.413161][ T5092] cont_write_begin+0x645/0x890 [ 55.413176][ T5092] ? __pfx_cont_write_begin+0x10/0x10 [ 55.413189][ T5092] ? __block_commit_write+0x245/0x360 [ 55.413208][ T5092] ? put_page+0xe0/0x260 [ 55.413221][ T5092] hfs_write_begin+0x8a/0xd0 [ 55.413231][ T5092] ? __pfx_hfs_get_block+0x10/0x10 [ 55.413241][ T5092] cont_write_begin+0x319/0x890 [ 55.413257][ T5092] ? __pfx_cont_write_begin+0x10/0x10 [ 55.413273][ T5092] hfs_write_begin+0x8a/0xd0 [ 55.413283][ T5092] ? __pfx_hfs_get_block+0x10/0x10 [ 55.413294][ T5092] hfs_file_truncate+0x1ed/0xa20 [ 55.413306][ T5092] ? __pfx___up_read+0x10/0x10 [ 55.413319][ T5092] ? __pfx_hfs_file_truncate+0x10/0x10 [ 55.413330][ T5092] ? unmap_mapping_range+0xf8/0x290 [ 55.413340][ T5092] ? __pfx_unmap_mapping_range+0x10/0x10 [ 55.413350][ T5092] ? pagecache_isize_extended+0x14c/0x2a0 [ 55.413364][ T5092] ? truncate_setsize+0xcf/0xf0 [ 55.413385][ T5092] hfs_inode_setattr+0x458/0x620 [ 55.413404][ T5092] ? security_inode_setattr+0xd7/0x120 [ 55.413429][ T5092] ? __pfx_hfs_inode_setattr+0x10/0x10 [ 55.413449][ T5092] notify_change+0xb9d/0xe70 [ 55.413474][ T5092] do_ftruncate+0x46b/0x590 [ 55.413500][ T5092] ? lockdep_hardirqs_on+0x99/0x150 [ 55.413511][ T5092] ? __pfx_do_ftruncate+0x10/0x10 [ 55.413526][ T5092] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 55.413539][ T5092] __x64_sys_ftruncate+0x95/0xf0 [ 55.413552][ T5092] do_syscall_64+0xf3/0x230 [ 55.413563][ T5092] ? clear_bhb_loop+0x35/0x90 [ 55.413576][ T5092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.413592][ T5092] RIP: 0033:0x7fc40c51eb19 [ 55.413605][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.413613][ T5092] RSP: 002b:00007ffdbb446b88 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 55.413624][ T5092] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc40c51eb19 [ 55.413631][ T5092] RDX: 00007fc40c51eb19 RSI: 000000000100c17a RDI: 0000000000000004 [ 55.413638][ T5092] RBP: 00007fc40c5925f0 R08: 00005555688eb4c0 R09: 00005555688eb4c0 [ 55.413644][ T5092] R10: 00005555688eb4c0 R11: 0000000000000246 R12: 00007ffdbb446bb0 [ 55.413651][ T5092] R13: 00007ffdbb446dd8 R14: 431bde82d7b634db R15: 00007fc40c56703b [ 55.413661][ T5092] [ 56.117419][ C1] sched: RT throttling activated [pid 5092] ftruncate(4, 16826746 [pid 5091] kill(-5092, SIGKILL) = 0 [pid 5091] kill(5092, SIGKILL) = 0 [ 59.917314][ T2894] kworker/u8:11: attempt to access beyond end of device [ 59.917314][ T2894] loop0: rw=1048577, sector=4169, nr_sectors = 1 limit=64 [ 59.931259][ T2894] Buffer I/O error on dev loop0, logical block 4169, lost async page write [ 59.939899][ T2894] kworker/u8:11: attempt to access beyond end of device [ 59.939899][ T2894] loop0: rw=1048577, sector=4170, nr_sectors = 1 limit=64 [ 59.953818][ T2894] Buffer I/O error on dev loop0, logical block 4170, lost async page write [pid 5091] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5091] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [ 59.962458][ T2894] kworker/u8:11: attempt to access beyond end of device [ 59.962458][ T2894] loop0: rw=1048577, sector=4172, nr_sectors = 1 limit=64 [ 59.976467][ T2894] Buffer I/O error on dev loop0, logical block 4172, lost async page write [ 59.985104][ T2894] kworker/u8:11: attempt to access beyond end of device [ 59.985104][ T2894] loop0: rw=1048577, sector=4173, nr_sectors = 1 limit=64 [ 59.999044][ T2894] Buffer I/O error on dev loop0, logical block 4173, lost async page write [ 60.007753][ T2894] kworker/u8:11: attempt to access beyond end of device [pid 5091] getdents64(3, 0x5555688eb6f0 /* 2 entries */, 32768) = 48 [pid 5091] getdents64(3, 0x5555688eb6f0 /* 0 entries */, 32768) = 0 [pid 5091] close(3) = 0 [ 60.007753][ T2894] loop0: rw=1048577, sector=4174, nr_sectors = 1 limit=64 [ 60.021706][ T2894] Buffer I/O error on dev loop0, logical block 4174, lost async page write [ 60.030371][ T2894] kworker/u8:11: attempt to access beyond end of device [ 60.030371][ T2894] loop0: rw=1048577, sector=4175, nr_sectors = 1 limit=64 [ 60.044355][ T2894] Buffer I/O error on dev loop0, logical block 4175, lost async page write [ 60.052987][ T2894] kworker/u8:11: attempt to access beyond end of device [ 60.052987][ T2894] loop0: rw=1048577, sector=4176, nr_sectors = 1 limit=64 [ 60.066912][ T2894] Buffer I/O error on dev loop0, logical block 4176, lost async page write [ 60.075560][ T2894] kworker/u8:11: attempt to access beyond end of device [ 60.075560][ T2894] loop0: rw=1048577, sector=4177, nr_sectors = 1 limit=64 [ 60.089486][ T2894] Buffer I/O error on dev loop0, logical block 4177, lost async page write [ 60.098168][ T2894] kworker/u8:11: attempt to access beyond end of device [ 60.098168][ T2894] loop0: rw=1048577, sector=4178, nr_sectors = 16 limit=64 [ 60.112342][ T2894] kworker/u8:11: attempt to access beyond end of device [ 60.112342][ T2894] loop0: rw=1048577, sector=4196, nr_sectors = 160 limit=64 [ 60.126596][ T2894] Buffer I/O error on dev loop0, logical block 4356, lost async page write [ 60.135244][ T2894] Buffer I/O error on dev loop0, logical block 4357, lost async page write