[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.162' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.896658] [ 38.898419] ====================================================== [ 38.904907] WARNING: possible circular locking dependency detected [ 38.911202] 4.19.211-syzkaller #0 Not tainted [ 38.915669] ------------------------------------------------------ [ 38.921970] syz-executor234/8099 is trying to acquire lock: [ 38.927743] 00000000555464bb (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 [ 38.937435] [ 38.937435] but task is already holding lock: [ 38.943381] 00000000080a29cf (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 [ 38.951592] [ 38.951592] which lock already depends on the new lock. [ 38.951592] [ 38.959881] [ 38.959881] the existing dependency chain (in reverse order) is: [ 38.967575] [ 38.967575] -> #1 (&tree->tree_lock){+.+.}: [ 38.973372] hfsplus_file_truncate+0xde7/0x1040 [ 38.978537] hfsplus_setattr+0x1e7/0x310 [ 38.983096] notify_change+0x70b/0xfc0 [ 38.987481] do_truncate+0x134/0x1f0 [ 38.991780] path_openat+0x2308/0x2df0 [ 38.996181] do_filp_open+0x18c/0x3f0 [ 39.000477] do_sys_open+0x3b3/0x520 [ 39.004688] do_syscall_64+0xf9/0x620 [ 39.008983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.014755] [ 39.014755] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: [ 39.021841] __mutex_lock+0xd7/0x1190 [ 39.026143] hfsplus_file_extend+0x1bb/0xf40 [ 39.031051] hfsplus_bmap_reserve+0x298/0x440 [ 39.036043] hfsplus_rename_cat+0x272/0x1490 [ 39.040945] hfsplus_rename+0x119/0x200 [ 39.045518] vfs_rename+0x67e/0x1bc0 [ 39.049746] do_renameat2+0xb59/0xc70 [ 39.054041] __x64_sys_renameat2+0xba/0x150 [ 39.058978] do_syscall_64+0xf9/0x620 [ 39.063279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.069133] [ 39.069133] other info that might help us debug this: [ 39.069133] [ 39.077250] Possible unsafe locking scenario: [ 39.077250] [ 39.083287] CPU0 CPU1 [ 39.087926] ---- ---- [ 39.092570] lock(&tree->tree_lock); [ 39.096353] lock(&HFSPLUS_I(inode)->extents_lock); [ 39.103956] lock(&tree->tree_lock); [ 39.110274] lock(&HFSPLUS_I(inode)->extents_lock); [ 39.115353] [ 39.115353] *** DEADLOCK *** [ 39.115353] [ 39.121391] 7 locks held by syz-executor234/8099: [ 39.126204] #0: 00000000769a8d35 (sb_writers#11){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 39.134168] #1: 000000003e83cdad (&type->s_vfs_rename_key){+.+.}, at: lock_rename+0x54/0x280 [ 39.142994] #2: 00000000a23554ee (&type->i_mutex_dir_key#7/1){+.+.}, at: lock_rename+0xa0/0x280 [ 39.151988] #3: 000000000b866afa (&sb->s_type->i_mutex_key#17/2){+.+.}, at: lock_rename+0xd4/0x280 [ 39.161162] #4: 00000000e1d3d9d7 (&sb->s_type->i_mutex_key#17){+.+.}, at: lock_two_nondirectories+0xec/0x110 [ 39.171200] #5: 00000000f8e11bf9 (&sb->s_type->i_mutex_key#17/4){+.+.}, at: lock_two_nondirectories+0xd1/0x110 [ 39.181504] #6: 00000000080a29cf (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 [ 39.190166] [ 39.190166] stack backtrace: [ 39.194653] CPU: 0 PID: 8099 Comm: syz-executor234 Not tainted 4.19.211-syzkaller #0 [ 39.202593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 39.211921] Call Trace: [ 39.214496] dump_stack+0x1fc/0x2ef [ 39.218108] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 39.223882] __lock_acquire+0x30c9/0x3ff0 [ 39.228007] ? mark_held_locks+0xf0/0xf0 [ 39.232046] ? mark_held_locks+0xf0/0xf0 [ 39.236081] ? is_bpf_text_address+0xd5/0x1b0 [ 39.240556] ? __bfs.part.0+0x1ce/0x450 [ 39.244509] ? check_preemption_disabled+0x41/0x280 [ 39.249501] ? __lock_acquire+0x22f9/0x3ff0 [ 39.253800] lock_acquire+0x170/0x3c0 [ 39.257626] ? hfsplus_file_extend+0x1bb/0xf40 [ 39.262187] ? hfsplus_file_extend+0x1bb/0xf40 [ 39.266747] __mutex_lock+0xd7/0x1190 [ 39.270525] ? hfsplus_file_extend+0x1bb/0xf40 [ 39.275085] ? kasan_kmalloc+0x139/0x160 [ 39.279141] ? hfsplus_file_extend+0x1bb/0xf40 [ 39.283796] ? mutex_trylock+0x1a0/0x1a0 [ 39.287836] ? hfsplus_rename_cat+0x13f/0x1490 [ 39.292430] ? hfsplus_rename+0x119/0x200 [ 39.296648] ? do_renameat2+0xb59/0xc70 [ 39.300596] ? __x64_sys_renameat2+0xba/0x150 [ 39.305077] ? do_syscall_64+0xf9/0x620 [ 39.309028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.314392] ? lock_downgrade+0x720/0x720 [ 39.318523] ? lock_acquire+0x170/0x3c0 [ 39.322667] ? hfsplus_find_init+0x1b7/0x220 [ 39.327074] hfsplus_file_extend+0x1bb/0xf40 [ 39.331466] ? hfsplus_free_fork+0x7e0/0x7e0 [ 39.335852] ? mutex_trylock+0x1a0/0x1a0 [ 39.339892] ? check_preemption_disabled+0x41/0x280 [ 39.344886] hfsplus_bmap_reserve+0x298/0x440 [ 39.349360] hfsplus_rename_cat+0x272/0x1490 [ 39.353765] ? hfsplus_delete_cat+0xe30/0xe30 [ 39.358250] ? vsnprintf+0x2cc/0x14f0 [ 39.362036] ? hfsplus_unlink+0x341/0x820 [ 39.366176] ? lock_downgrade+0x720/0x720 [ 39.370306] ? hfsplus_unlink+0x140/0x820 [ 39.374519] ? __mutex_unlock_slowpath+0xea/0x610 [ 39.379339] ? wait_for_completion_io+0x10/0x10 [ 39.383989] ? hfsplus_unlink+0x346/0x820 [ 39.388114] ? hfsplus_symlink+0x2e0/0x2e0 [ 39.392329] ? lock_acquire+0x170/0x3c0 [ 39.396282] ? lock_two_nondirectories+0xd1/0x110 [ 39.401103] hfsplus_rename+0x119/0x200 [ 39.405063] ? down_write_nested+0x36/0x90 [ 39.409280] ? lock_two_nondirectories+0xd1/0x110 [ 39.414103] vfs_rename+0x67e/0x1bc0 [ 39.417885] ? path_openat+0x2df0/0x2df0 [ 39.421941] ? security_path_rename+0x1ed/0x2e0 [ 39.426587] do_renameat2+0xb59/0xc70 [ 39.430403] ? do_mknodat.part.0+0x480/0x480 [ 39.434797] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 39.439808] ? do_sys_open+0x2bf/0x520 [ 39.443688] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.449033] __x64_sys_renameat2+0xba/0x150 [ 39.453378] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 39.457950] do_syscall_64+0xf9/0x620 [ 39.461775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.467218] RIP: 0033:0x7f597a74aa19 [ 39.471054] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.490114] RSP: 002b:00007ffe754e9738 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 39.497802] RA