./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3284025653 <...> Warning: Permanently added '10.128.1.85' (ED25519) to the list of known hosts. execve("./syz-executor3284025653", ["./syz-executor3284025653"], 0x7ffedc8b3e60 /* 10 vars */) = 0 brk(NULL) = 0x555556d20000 brk(0x555556d20d00) = 0x555556d20d00 arch_prctl(ARCH_SET_FS, 0x555556d20380) = 0 set_tid_address(0x555556d20650) = 5068 set_robust_list(0x555556d20660, 24) = 0 rseq(0x555556d20ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3284025653", 4096) = 28 getrandom("\x88\x7b\xad\x24\x0a\x12\x49\xd9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556d20d00 brk(0x555556d41d00) = 0x555556d41d00 brk(0x555556d42000) = 0x555556d42000 mprotect(0x7fd3bb529000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3b3079000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fd3b3079000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NOATIME|MS_SILENT|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 70.852474][ T5068] loop0: detected capacity change from 0 to 1024 creat("./file1", 000) = 4 open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 6 [ 70.921334][ T28] audit: type=1800 audit(1703748058.032:2): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor328" name="bus" dev="loop0" ino=25 res=0 errno=0 [ 70.963648][ T5068] [ 70.966016][ T5068] ====================================================== [ 70.973045][ T5068] WARNING: possible circular locking dependency detected [ 70.980061][ T5068] 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 Not tainted [ 70.987076][ T5068] ------------------------------------------------------ [ 70.994085][ T5068] syz-executor328/5068 is trying to acquire lock: [ 71.000511][ T5068] ffff8880781c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 71.011666][ T5068] [ 71.011666][ T5068] but task is already holding lock: [ 71.019024][ T5068] ffff88807fa200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 71.028521][ T5068] [ 71.028521][ T5068] which lock already depends on the new lock. [ 71.028521][ T5068] [ 71.038932][ T5068] [ 71.038932][ T5068] the existing dependency chain (in reverse order) is: [ 71.047938][ T5068] [ 71.047938][ T5068] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 71.055691][ T5068] lock_acquire+0x1e3/0x530 [ 71.060719][ T5068] __mutex_lock+0x136/0xd60 [ 71.065761][ T5068] hfsplus_file_truncate+0x811/0xb40 [ 71.071570][ T5068] hfsplus_setattr+0x1bd/0x260 [ 71.076857][ T5068] notify_change+0xb99/0xe60 [ 71.081992][ T5068] do_truncate+0x220/0x300 [ 71.086930][ T5068] path_openat+0x29e1/0x3290 [ 71.092061][ T5068] do_filp_open+0x234/0x490 [ 71.097110][ T5068] do_sys_openat2+0x13e/0x1d0 [ 71.102362][ T5068] __x64_sys_creat+0x123/0x160 [ 71.107662][ T5068] do_syscall_64+0x45/0x110 [ 71.112709][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.119154][ T5068] [ 71.119154][ T5068] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 71.128239][ T5068] validate_chain+0x1909/0x5ab0 [ 71.133624][ T5068] __lock_acquire+0x1345/0x1fd0 [ 71.139024][ T5068] lock_acquire+0x1e3/0x530 [ 71.144059][ T5068] __mutex_lock+0x136/0xd60 [ 71.149096][ T5068] hfsplus_file_extend+0x21b/0x1b70 [ 71.154822][ T5068] hfsplus_bmap_reserve+0x105/0x4e0 [ 71.160560][ T5068] hfsplus_rename_cat+0x1d0/0x1050 [ 71.166200][ T5068] hfsplus_rename+0x12e/0x1c0 [ 71.171422][ T5068] vfs_rename+0xaba/0xde0 [ 71.176272][ T5068] do_renameat2+0xd5a/0x1390 [ 71.181468][ T5068] __x64_sys_rename+0x86/0x90 [ 71.186669][ T5068] do_syscall_64+0x45/0x110 [ 71.191695][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.198827][ T5068] [ 71.198827][ T5068] other info that might help us debug this: [ 71.198827][ T5068] [ 71.209051][ T5068] Possible unsafe locking scenario: [ 71.209051][ T5068] [ 71.216494][ T5068] CPU0 CPU1 [ 71.221869][ T5068] ---- ---- [ 71.227230][ T5068] lock(&tree->tree_lock); [ 71.231732][ T5068] lock(&HFSPLUS_I(inode)->extents_lock); [ 71.240052][ T5068] lock(&tree->tree_lock); [ 71.247073][ T5068] lock(&HFSPLUS_I(inode)->extents_lock); [ 71.252879][ T5068] [ 71.252879][ T5068] *** DEADLOCK *** [ 71.252879][ T5068] [ 71.261049][ T5068] 5 locks held by syz-executor328/5068: [ 71.266607][ T5068] #0: ffff88801cb6e418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 71.275790][ T5068] #1: ffff8880781c9e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x601/0x1390 [ 71.286285][ T5068] #2: ffff88801e9a09c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_inodes+0x100/0x180 [ 71.297016][ T5068] #3: ffff88801e9a1080 (&sb->s_type->i_mutex_key#14/4){+.+.}-{3:3}, at: vfs_rename+0x5eb/0xde0 [ 71.307482][ T5068] #4: ffff88807fa200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 71.317525][ T5068] [ 71.317525][ T5068] stack backtrace: [ 71.323409][ T5068] CPU: 1 PID: 5068 Comm: syz-executor328 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 [ 71.333833][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 71.343932][ T5068] Call Trace: [ 71.347218][ T5068] [ 71.350148][ T5068] dump_stack_lvl+0x1e7/0x2d0 [ 71.354843][ T5068] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.360319][ T5068] ? print_circular_bug+0x12b/0x1a0 [ 71.365562][ T5068] check_noncircular+0x366/0x490 [ 71.370506][ T5068] ? __read_once_word_nocheck+0x9/0x10 [ 71.375998][ T5068] ? print_deadlock_bug+0x610/0x610 [ 71.381199][ T5068] ? lockdep_lock+0x123/0x2b0 [ 71.385886][ T5068] ? is_bpf_text_address+0x28d/0x2a0 [ 71.391198][ T5068] ? is_bpf_text_address+0x26/0x2a0 [ 71.396422][ T5068] ? _find_first_zero_bit+0xd4/0x100 [ 71.401712][ T5068] validate_chain+0x1909/0x5ab0 [ 71.406577][ T5068] ? stack_trace_save+0x117/0x1c0 [ 71.411607][ T5068] ? check_noncircular+0x259/0x490 [ 71.416723][ T5068] ? reacquire_held_locks+0x690/0x690 [ 71.422112][ T5068] ? print_deadlock_bug+0x610/0x610 [ 71.427314][ T5068] ? lockdep_unlock+0x169/0x300 [ 71.432161][ T5068] ? lockdep_lock+0x2b0/0x2b0 [ 71.436838][ T5068] ? add_lock_to_list+0x1de/0x2e0 [ 71.441858][ T5068] ? look_up_lock_class+0x77/0x160 [ 71.446979][ T5068] ? register_lock_class+0x102/0x970 [ 71.452287][ T5068] ? validate_chain+0x15c6/0x5ab0 [ 71.457312][ T5068] ? is_dynamic_key+0x260/0x260 [ 71.462161][ T5068] ? mark_lock+0x9a/0x350 [ 71.466496][ T5068] __lock_acquire+0x1345/0x1fd0 [ 71.471358][ T5068] lock_acquire+0x1e3/0x530 [ 71.475868][ T5068] ? hfsplus_file_extend+0x21b/0x1b70 [ 71.481267][ T5068] ? read_lock_is_recursive+0x20/0x20 [ 71.486649][ T5068] ? __might_sleep+0xe0/0xe0 [ 71.491239][ T5068] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 71.497217][ T5068] ? print_irqtrace_events+0x220/0x220 [ 71.502681][ T5068] __mutex_lock+0x136/0xd60 [ 71.507191][ T5068] ? hfsplus_file_extend+0x21b/0x1b70 [ 71.512573][ T5068] ? hfsplus_file_extend+0x21b/0x1b70 [ 71.517947][ T5068] ? mutex_lock_nested+0x20/0x20 [ 71.522902][ T5068] hfsplus_file_extend+0x21b/0x1b70 [ 71.528126][ T5068] ? hfsplus_get_block+0x14e0/0x14e0 [ 71.533427][ T5068] ? rcu_is_watching+0x15/0xb0 [ 71.538203][ T5068] ? trace_contention_end+0x3c/0x100 [ 71.543507][ T5068] ? __mutex_lock+0x2ee/0xd60 [ 71.548207][ T5068] ? hfsplus_find_init+0x14a/0x1c0 [ 71.553331][ T5068] ? mutex_lock_nested+0x20/0x20 [ 71.558280][ T5068] hfsplus_bmap_reserve+0x105/0x4e0 [ 71.563497][ T5068] hfsplus_rename_cat+0x1d0/0x1050 [ 71.568620][ T5068] ? reacquire_held_locks+0x3eb/0x690 [ 71.573992][ T5068] ? __mark_inode_dirty+0x4d4/0xda0 [ 71.579195][ T5068] ? hfsplus_subfolders_dec+0x110/0x110 [ 71.584765][ T5068] ? print_unlock_imbalance_bug+0x2c0/0x2c0 [ 71.590688][ T5068] ? hfsplus_link+0x800/0x800 [ 71.595374][ T5068] ? clear_nonspinnable+0x60/0x60 [ 71.600396][ T5068] hfsplus_rename+0x12e/0x1c0 [ 71.605073][ T5068] ? hfsplus_mknod+0x2a0/0x2a0 [ 71.609842][ T5068] vfs_rename+0xaba/0xde0 [ 71.614209][ T5068] ? __ia32_sys_link+0x90/0x90 [ 71.618979][ T5068] ? security_path_rename+0x183/0x210 [ 71.624370][ T5068] do_renameat2+0xd5a/0x1390 [ 71.628991][ T5068] ? fsnotify_move+0x4f0/0x4f0 [ 71.633771][ T5068] ? __check_object_size+0x4bb/0xa00 [ 71.639072][ T5068] ? getname_flags+0x1fd/0x4f0 [ 71.643937][ T5068] __x64_sys_rename+0x86/0x90 [ 71.648624][ T5068] do_syscall_64+0x45/0x110 [ 71.653140][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.659068][ T5068] RIP: 0033:0x7fd3bb4b66f9 [ 71.663512][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.683121][ T5068] RSP: 002b:00007fffa897bd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 71.691561][ T5068] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fd3bb4b66f9 [ 71.699534][ T5068] RDX: 00007fd3bb4b66f9 RSI: 0000000020000300 RDI: 0000000020000b00 [ 71.707542][ T5068] RBP: 00007fd3bb529610 R08: 0000000000000000 R09: 0000000000000000 rename("./bus", "./file2") = -1 ENOENT (No such file or directory) exit_group(0) = ? +++ exited with 0 +++ [ 71.715510][ T5