./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor946574043 <...> Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. execve("./syz-executor946574043", ["./syz-executor946574043"], 0x7ffcd7db5cd0 /* 10 vars */) = 0 brk(NULL) = 0x55555647b000 brk(0x55555647bd00) = 0x55555647bd00 arch_prctl(ARCH_SET_FS, 0x55555647b380) = 0 set_tid_address(0x55555647b650) = 5059 set_robust_list(0x55555647b660, 24) = 0 rseq(0x55555647bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor946574043", 4096) = 27 getrandom("\xdd\x43\xf1\x3b\x51\x03\x5b\x7d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555647bd00 brk(0x55555649cd00) = 0x55555649cd00 brk(0x55555649d000) = 0x55555649d000 mprotect(0x7f74aca25000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74a4400000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f74a4400000, 138412032) = 0 [ 80.568178][ T28] audit: type=1400 audit(1709679617.315:86): avc: denied { execmem } for pid=5059 comm="syz-executor946" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 [ 80.638968][ T28] audit: type=1400 audit(1709679617.385:87): avc: denied { read write } for pid=5059 comm="syz-executor946" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.642574][ T5059] loop0: detected capacity change from 0 to 1024 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [ 80.671105][ T28] audit: type=1400 audit(1709679617.385:88): avc: denied { open } for pid=5059 comm="syz-executor946" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 80.698721][ T28] audit: type=1400 audit(1709679617.385:89): avc: denied { ioctl } for pid=5059 comm="syz-executor946" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 openat(AT_FDCWD, "./file0", O_RDONLY) = 5 linkat(4, "./file0", 5, "./bus", 0) = 0 openat(AT_FDCWD, "./file0", O_RDONLY) = 6 mknodat(6, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 openat(AT_FDCWD, ".", O_RDONLY) = 7 [ 80.726013][ T28] audit: type=1400 audit(1709679617.455:90): avc: denied { mounton } for pid=5059 comm="syz-executor946" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 80.751575][ T28] audit: type=1400 audit(1709679617.475:91): avc: denied { mount } for pid=5059 comm="syz-executor946" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 openat2(4, "./bus", {flags=O_RDONLY|O_TRUNC|O_CLOEXEC|FASYNC, resolve=RESOLVE_BENEATH}, 24) = 8 [ 80.809396][ T28] audit: type=1800 audit(1709679617.555:92): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz-executor946" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 80.832227][ T5059] [ 80.834668][ T5059] ====================================================== [ 80.841941][ T5059] WARNING: possible circular locking dependency detected [ 80.849036][ T5059] 6.8.0-rc7-syzkaller #0 Not tainted [ 80.854299][ T5059] ------------------------------------------------------ [ 80.861293][ T5059] syz-executor946/5059 is trying to acquire lock: [ 80.867683][ T5059] ffff88807e2d87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c1/0x1090 [ 80.878726][ T5059] [ 80.878726][ T5059] but task is already holding lock: [ 80.886065][ T5059] ffff8880295640b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x1a7/0x200 [ 80.895531][ T5059] [ 80.895531][ T5059] which lock already depends on the new lock. [ 80.895531][ T5059] [ 80.905908][ T5059] [ 80.905908][ T5059] the existing dependency chain (in reverse order) is: [ 80.914900][ T5059] [ 80.914900][ T5059] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 80.922605][ T5059] __mutex_lock+0x175/0x9d0 [ 80.927626][ T5059] hfsplus_file_truncate+0x886/0x9e0 [ 80.933504][ T5059] hfsplus_setattr+0x1eb/0x310 [ 80.938788][ T5059] notify_change+0x742/0x11c0 [ 80.943969][ T5059] do_truncate+0x15c/0x220 [ 80.948917][ T5059] path_openat+0x24c0/0x29a0 [ 80.954735][ T5059] do_filp_open+0x1de/0x440 [ 80.959768][ T5059] do_sys_openat2+0x17a/0x1e0 [ 80.965138][ T5059] __do_sys_openat2+0x1a4/0x2a0 [ 80.970532][ T5059] do_syscall_64+0xd5/0x270 [ 80.976266][ T5059] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 80.982869][ T5059] [ 80.982869][ T5059] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 80.991899][ T5059] __lock_acquire+0x244f/0x3b40 [ 80.997276][ T5059] lock_acquire+0x1ae/0x520 [ 81.002289][ T5059] __mutex_lock+0x175/0x9d0 [ 81.007385][ T5059] hfsplus_file_extend+0x1c1/0x1090 [ 81.013097][ T5059] hfsplus_bmap_reserve+0x31c/0x410 [ 81.018826][ T5059] hfsplus_rename_cat+0x2b1/0x1240 [ 81.024446][ T5059] hfsplus_rename+0x118/0x200 [ 81.029628][ T5059] vfs_rename+0xf87/0x20b0 [ 81.034552][ T5059] do_renameat2+0xc54/0xdc0 [ 81.039561][ T5059] __x64_sys_renameat2+0xeb/0x130 [ 81.045085][ T5059] do_syscall_64+0xd5/0x270 [ 81.050094][ T5059] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 81.056501][ T5059] [ 81.056501][ T5059] other info that might help us debug this: [ 81.056501][ T5059] [ 81.066713][ T5059] Possible unsafe locking scenario: [ 81.066713][ T5059] [ 81.074140][ T5059] CPU0 CPU1 [ 81.080224][ T5059] ---- ---- [ 81.085654][ T5059] lock(&tree->tree_lock); [ 81.090137][ T5059] lock(&HFSPLUS_I(inode)->extents_lock); [ 81.099224][ T5059] lock(&tree->tree_lock); [ 81.106247][ T5059] lock(&HFSPLUS_I(inode)->extents_lock); [ 81.112054][ T5059] [ 81.112054][ T5059] *** DEADLOCK *** [ 81.112054][ T5059] [ 81.120457][ T5059] 3 locks held by syz-executor946/5059: [ 81.125992][ T5059] #0: ffff8880285a8420 (sb_writers#10){.+.+}-{0:0}, at: do_renameat2+0x3d6/0xdc0 [ 81.135215][ T5059] #1: ffff88807e2d9e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0xad9/0xdc0 [ 81.145558][ T5059] #2: ffff8880295640b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x1a7/0x200 [ 81.155466][ T5059] [ 81.155466][ T5059] stack backtrace: [ 81.161336][ T5059] CPU: 1 PID: 5059 Comm: syz-executor946 Not tainted 6.8.0-rc7-syzkaller #0 [ 81.169991][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 81.180027][ T5059] Call Trace: [ 81.183290][ T5059] [ 81.186212][ T5059] dump_stack_lvl+0xd9/0x1b0 [ 81.190807][ T5059] check_noncircular+0x31b/0x400 [ 81.195733][ T5059] ? __pfx_check_noncircular+0x10/0x10 [ 81.201196][ T5059] ? register_lock_class+0xb1/0x1230 [ 81.206516][ T5059] ? hlock_class+0x4e/0x130 [ 81.211018][ T5059] ? lockdep_lock+0xc6/0x200 [ 81.215599][ T5059] ? __pfx_lockdep_lock+0x10/0x10 [ 81.220637][ T5059] __lock_acquire+0x244f/0x3b40 [ 81.225576][ T5059] ? __pfx___lock_acquire+0x10/0x10 [ 81.230773][ T5059] ? find_held_lock+0x2d/0x110 [ 81.235526][ T5059] lock_acquire+0x1ae/0x520 [ 81.240021][ T5059] ? hfsplus_file_extend+0x1c1/0x1090 [ 81.245383][ T5059] ? __pfx_lock_acquire+0x10/0x10 [ 81.250395][ T5059] ? __pfx___might_resched+0x10/0x10 [ 81.255675][ T5059] __mutex_lock+0x175/0x9d0 [ 81.260166][ T5059] ? hfsplus_file_extend+0x1c1/0x1090 [ 81.265522][ T5059] ? kasan_save_stack+0x42/0x60 [ 81.270355][ T5059] ? kasan_save_stack+0x33/0x60 [ 81.275203][ T5059] ? kasan_save_track+0x14/0x30 [ 81.280066][ T5059] ? __kmalloc+0x1f9/0x440 [ 81.284471][ T5059] ? hfsplus_file_extend+0x1c1/0x1090 [ 81.290001][ T5059] ? __pfx___mutex_lock+0x10/0x10 [ 81.295009][ T5059] ? __mutex_trylock_common+0xeb/0x250 [ 81.300461][ T5059] ? hfsplus_file_extend+0x1c1/0x1090 [ 81.305817][ T5059] hfsplus_file_extend+0x1c1/0x1090 [ 81.311004][ T5059] ? __mutex_lock+0x1a6/0x9d0 [ 81.315670][ T5059] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 81.321287][ T5059] ? hfsplus_find_init+0x1a7/0x200 [ 81.326398][ T5059] ? __pfx___mutex_lock+0x10/0x10 [ 81.331517][ T5059] ? rcu_is_watching+0x12/0xc0 [ 81.336924][ T5059] hfsplus_bmap_reserve+0x31c/0x410 [ 81.342641][ T5059] hfsplus_rename_cat+0x2b1/0x1240 [ 81.347829][ T5059] ? hlock_class+0x4e/0x130 [ 81.352405][ T5059] ? __lock_acquire+0xc77/0x3b40 [ 81.357336][ T5059] ? __pfx_hfsplus_rename_cat+0x10/0x10 [ 81.362863][ T5059] ? mark_lock+0xb5/0xc60 [ 81.367250][ T5059] ? find_held_lock+0x2d/0x110 [ 81.373118][ T5059] ? find_held_lock+0x2d/0x110 [ 81.378578][ T5059] ? vfs_rename+0x4ea/0x20b0 [ 81.383266][ T5059] ? __pfx_lock_release+0x10/0x10 [ 81.388384][ T5059] ? do_raw_spin_lock+0x12e/0x2c0 [ 81.393408][ T5059] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 81.398891][ T5059] hfsplus_rename+0x118/0x200 [ 81.403855][ T5059] ? __pfx_hfsplus_rename+0x10/0x10 [ 81.409758][ T5059] vfs_rename+0xf87/0x20b0 [ 81.414175][ T5059] ? __pfx_vfs_rename+0x10/0x10 [ 81.419016][ T5059] ? security_path_rename+0x164/0x240 [ 81.424384][ T5059] do_renameat2+0xc54/0xdc0 [ 81.428879][ T5059] ? __pfx_do_renameat2+0x10/0x10 [ 81.433889][ T5059] ? __check_object_size+0x323/0x730 [ 81.439163][ T5059] ? strncpy_from_user+0x214/0x300 [ 81.444293][ T5059] ? getname_flags.part.0+0x1e2/0x4f0 [ 81.449739][ T5059] __x64_sys_renameat2+0xeb/0x130 [ 81.454747][ T5059] do_syscall_64+0xd5/0x270 [ 81.459240][ T5059] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 81.465129][ T5059] RIP: 0033:0x7f74ac9b17b9 [ 81.469528][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.489125][ T5059] RSP: 002b:00007ffc2bdb2cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 81.497522][ T5059] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f74ac9b17b9 renameat2(7, "./file0", 7, "./bus", 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 81.505483][ T5059] RDX: 0000000000000007 RSI: 00000000200001c0 RDI: 000000000