./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor240400162 <...> Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. execve("./syz-executor240400162", ["./syz-executor240400162"], 0x7ffcf1e895d0 /* 10 vars */) = 0 brk(NULL) = 0x555556987000 brk(0x555556987d00) = 0x555556987d00 arch_prctl(ARCH_SET_FS, 0x555556987380) = 0 set_tid_address(0x555556987650) = 5032 set_robust_list(0x555556987660, 24) = 0 rseq(0x555556987ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor240400162", 4096) = 27 getrandom("\xf2\x68\xf2\x02\xfc\x3d\x9c\x52", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556987d00 brk(0x5555569a8d00) = 0x5555569a8d00 brk(0x5555569a9000) = 0x5555569a9000 mprotect(0x7f2c659e1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached , child_tidptr=0x555556987650) = 5033 [pid 5033] set_robust_list(0x555556987660, 24) = 0 [pid 5033] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setsid() = 1 [pid 5033] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5033] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5033] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5033] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5033] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5033] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5033] unshare(CLONE_NEWNS) = 0 [pid 5033] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5033] unshare(CLONE_NEWIPC) = 0 [pid 5033] unshare(CLONE_NEWCGROUP) = 0 [pid 5033] unshare(CLONE_NEWUTS) = 0 [pid 5033] unshare(CLONE_SYSVSEM) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "16777216", 8) = 8 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "536870912", 9) = 9 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1024", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "8192", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1024", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1024", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5033] close(3) = 0 [pid 5033] getpid() = 1 [pid 5033] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16d/0x200 [ 76.525251][ T2863] [ 76.525251][ T2863] but task is already holding lock: [ 76.532623][ T2863] ffff88807ef2c0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16d/0x200 [ 76.542329][ T2863] [ 76.542329][ T2863] other info that might help us debug this: [ 76.550393][ T2863] Possible unsafe locking scenario: [ 76.550393][ T2863] [ 76.557958][ T2863] CPU0 [ 76.561254][ T2863] ---- [ 76.564546][ T2863] lock(&tree->tree_lock/1); [ 76.569245][ T2863] lock(&tree->tree_lock/1); [ 76.573944][ T2863] [ 76.573944][ T2863] *** DEADLOCK *** [ 76.573944][ T2863] [ 76.582088][ T2863] May be due to missing lock nesting notation [ 76.582088][ T2863] [ 76.590416][ T2863] 5 locks held by kworker/u4:5/2863: [ 76.595727][ T2863] #0: ffff888144e76138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0 [ 76.606387][ T2863] #1: ffffc9000c5bfd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0 [ 76.618256][ T2863] #2: ffff88807e042548 (&hip->extents_lock){+.+.}-{3:3}, at: hfsplus_ext_write_extent+0x82/0x200 [ 76.628909][ T2863] #3: ffff88807ef2c0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16d/0x200 [ 76.639053][ T2863] #4: ffff88807e040108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c5/0xf90 [ 76.650485][ T2863] [ 76.650485][ T2863] stack backtrace: [ 76.656375][ T2863] CPU: 0 PID: 2863 Comm: kworker/u4:5 Not tainted 6.5.0-rc1-next-20230714-syzkaller #0 [ 76.666019][ T2863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 76.676090][ T2863] Workqueue: writeback wb_workfn (flush-7:0) [ 76.682112][ T2863] Call Trace: [ 76.685422][ T2863] [ 76.688373][ T2863] dump_stack_lvl+0xd9/0x1b0 [ 76.693016][ T2863] __lock_acquire+0x2971/0x5de0 [ 76.697923][ T2863] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.703953][ T2863] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 76.709792][ T2863] ? __stack_depot_save+0x247/0x510 [ 76.715137][ T2863] lock_acquire+0x1ae/0x510 [ 76.719671][ T2863] ? hfsplus_find_init+0x16d/0x200 [ 76.724812][ T2863] ? lock_sync+0x190/0x190 [ 76.729260][ T2863] ? ret_from_fork_asm+0x11/0x20 [ 76.734240][ T2863] ? preempt_count_sub+0x150/0x150 [ 76.739404][ T2863] __mutex_lock+0x181/0x1340 [ 76.744039][ T2863] ? hfsplus_find_init+0x16d/0x200 [ 76.749198][ T2863] ? hfsplus_find_init+0x16d/0x200 [ 76.754350][ T2863] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 76.759941][ T2863] ? kasan_set_track+0x25/0x30 [ 76.764744][ T2863] ? hfsplus_find_init+0x16d/0x200 [ 76.769885][ T2863] hfsplus_find_init+0x16d/0x200 [ 76.774858][ T2863] hfsplus_ext_read_extent+0x199/0xb00 [ 76.780344][ T2863] ? _raw_spin_unlock+0x28/0x40 [ 76.785218][ T2863] ? hfsplus_free_extents+0x510/0x510 [ 76.790619][ T2863] ? rcu_is_watching+0x12/0xb0 [ 76.795418][ T2863] hfsplus_file_extend+0x699/0xf90 [ 76.800558][ T2863] ? hfsplus_free_fork+0x820/0x820 [ 76.805694][ T2863] ? hfsplus_find_init+0x16d/0x200 [ 76.810920][ T2863] ? hfsplus_brec_find+0x3e8/0x520 [ 76.816076][ T2863] ? hfsplus_brec_remove+0x4f0/0x4f0 [ 76.821406][ T2863] hfsplus_bmap_reserve+0x318/0x410 [ 76.826645][ T2863] __hfsplus_ext_write_extent+0x470/0x5e0 [ 76.832395][ T2863] hfsplus_ext_write_extent+0x1c5/0x200 [ 76.837969][ T2863] ? hfsplus_ext_cmp_key+0x300/0x300 [ 76.843285][ T2863] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.848687][ T2863] ? do_raw_spin_lock+0x12e/0x2b0 [ 76.853762][ T2863] hfsplus_write_inode+0x22/0x4f0 [ 76.858811][ T2863] __writeback_single_inode+0xa81/0xe70 [ 76.864391][ T2863] ? __mark_inode_dirty+0xd50/0xd50 [ 76.869620][ T2863] ? _raw_spin_unlock+0x28/0x40 [ 76.874488][ T2863] ? wbc_attach_and_unlock_inode+0x568/0x910 [ 76.880506][ T2863] writeback_sb_inodes+0x599/0x1010 [ 76.885746][ T2863] ? sync_inode_metadata+0xe0/0xe0 [ 76.890896][ T2863] ? rcu_is_watching+0x12/0xb0 [ 76.895693][ T2863] ? queue_io+0x3ed/0x4e0 [ 76.900055][ T2863] wb_writeback+0x2a5/0xa90 [ 76.904592][ T2863] ? __writeback_inodes_wb+0x2d0/0x2d0 [ 76.910083][ T2863] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.915488][ T2863] ? mark_held_locks+0x9f/0xe0 [ 76.920291][ T2863] wb_workfn+0x29c/0xfd0 [ 76.924569][ T2863] ? inode_wait_for_writeback+0x30/0x30 [ 76.930152][ T2863] ? lock_sync+0x190/0x190 [ 76.934599][ T2863] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.940037][ T2863] ? spin_bug+0x1d0/0x1d0 [ 76.944440][ T2863] process_one_work+0xaa2/0x16f0 [ 76.949410][ T2863] ? lock_sync+0x190/0x190 [ 76.953852][ T2863] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 76.959268][ T2863] ? spin_bug+0x1d0/0x1d0 [ 76.963631][ T2863] worker_thread+0x687/0x1110 [ 76.968337][ T2863] ? __kthread_parkme+0x152/0x220 [ 76.973379][ T2863] ? process_one_work+0x16f0/0x16f0 [ 76.978604][ T2863] kthread+0x33a/0x430 [ 76.982695][ T2863] ? kthread_complete_and_exit+0x40/0x40 [ 76.988349][ T2863] ret_from_fork+0x2c/0x70 [ 76.992809][ T2863] ? kthread_complete_and_exit+0x40/0x40 [ 76.998465][ T2863] ret_from_fork_asm+0x11/0x20 [ 77.003265][ T2863] RIP: 0000:0x0 [ 77.006743][ T2863] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 77.014115][ T2863] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 77.022546][ T2863] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 77.030535][ T2863] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.038525][ T2863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 77.046508][ T2863] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 77.054498][ T2863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.062497][ T2863]