./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3284025653

<...>
Warning: Permanently added '10.128.1.85' (ED25519) to the list of known hosts.
execve("./syz-executor3284025653", ["./syz-executor3284025653"], 0x7ffedc8b3e60 /* 10 vars */) = 0
brk(NULL)                               = 0x555556d20000
brk(0x555556d20d00)                     = 0x555556d20d00
arch_prctl(ARCH_SET_FS, 0x555556d20380) = 0
set_tid_address(0x555556d20650)         = 5068
set_robust_list(0x555556d20660, 24)     = 0
rseq(0x555556d20ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3284025653", 4096) = 28
getrandom("\x88\x7b\xad\x24\x0a\x12\x49\xd9", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556d20d00
brk(0x555556d41d00)                     = 0x555556d41d00
brk(0x555556d42000)                     = 0x555556d42000
mprotect(0x7fd3bb529000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3b3079000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7fd3b3079000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file1", 0777)                  = 0
mount("/dev/loop0", "./file1", "hfsplus", MS_NOATIME|MS_SILENT|MS_STRICTATIME, "") = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   70.852474][ T5068] loop0: detected capacity change from 0 to 1024
creat("./file1", 000)                   = 4
open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 6
[   70.921334][   T28] audit: type=1800 audit(1703748058.032:2): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor328" name="bus" dev="loop0" ino=25 res=0 errno=0
[   70.963648][ T5068] 
[   70.966016][ T5068] ======================================================
[   70.973045][ T5068] WARNING: possible circular locking dependency detected
[   70.980061][ T5068] 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 Not tainted
[   70.987076][ T5068] ------------------------------------------------------
[   70.994085][ T5068] syz-executor328/5068 is trying to acquire lock:
[   71.000511][ T5068] ffff8880781c87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70
[   71.011666][ T5068] 
[   71.011666][ T5068] but task is already holding lock:
[   71.019024][ T5068] ffff88807fa200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0
[   71.028521][ T5068] 
[   71.028521][ T5068] which lock already depends on the new lock.
[   71.028521][ T5068] 
[   71.038932][ T5068] 
[   71.038932][ T5068] the existing dependency chain (in reverse order) is:
[   71.047938][ T5068] 
[   71.047938][ T5068] -> #1 (&tree->tree_lock){+.+.}-{3:3}:
[   71.055691][ T5068]        lock_acquire+0x1e3/0x530
[   71.060719][ T5068]        __mutex_lock+0x136/0xd60
[   71.065761][ T5068]        hfsplus_file_truncate+0x811/0xb40
[   71.071570][ T5068]        hfsplus_setattr+0x1bd/0x260
[   71.076857][ T5068]        notify_change+0xb99/0xe60
[   71.081992][ T5068]        do_truncate+0x220/0x300
[   71.086930][ T5068]        path_openat+0x29e1/0x3290
[   71.092061][ T5068]        do_filp_open+0x234/0x490
[   71.097110][ T5068]        do_sys_openat2+0x13e/0x1d0
[   71.102362][ T5068]        __x64_sys_creat+0x123/0x160
[   71.107662][ T5068]        do_syscall_64+0x45/0x110
[   71.112709][ T5068]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   71.119154][ T5068] 
[   71.119154][ T5068] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
[   71.128239][ T5068]        validate_chain+0x1909/0x5ab0
[   71.133624][ T5068]        __lock_acquire+0x1345/0x1fd0
[   71.139024][ T5068]        lock_acquire+0x1e3/0x530
[   71.144059][ T5068]        __mutex_lock+0x136/0xd60
[   71.149096][ T5068]        hfsplus_file_extend+0x21b/0x1b70
[   71.154822][ T5068]        hfsplus_bmap_reserve+0x105/0x4e0
[   71.160560][ T5068]        hfsplus_rename_cat+0x1d0/0x1050
[   71.166200][ T5068]        hfsplus_rename+0x12e/0x1c0
[   71.171422][ T5068]        vfs_rename+0xaba/0xde0
[   71.176272][ T5068]        do_renameat2+0xd5a/0x1390
[   71.181468][ T5068]        __x64_sys_rename+0x86/0x90
[   71.186669][ T5068]        do_syscall_64+0x45/0x110
[   71.191695][ T5068]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   71.198827][ T5068] 
[   71.198827][ T5068] other info that might help us debug this:
[   71.198827][ T5068] 
[   71.209051][ T5068]  Possible unsafe locking scenario:
[   71.209051][ T5068] 
[   71.216494][ T5068]        CPU0                    CPU1
[   71.221869][ T5068]        ----                    ----
[   71.227230][ T5068]   lock(&tree->tree_lock);
[   71.231732][ T5068]                                lock(&HFSPLUS_I(inode)->extents_lock);
[   71.240052][ T5068]                                lock(&tree->tree_lock);
[   71.247073][ T5068]   lock(&HFSPLUS_I(inode)->extents_lock);
[   71.252879][ T5068] 
[   71.252879][ T5068]  *** DEADLOCK ***
[   71.252879][ T5068] 
[   71.261049][ T5068] 5 locks held by syz-executor328/5068:
[   71.266607][ T5068]  #0: ffff88801cb6e418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[   71.275790][ T5068]  #1: ffff8880781c9e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x601/0x1390
[   71.286285][ T5068]  #2: ffff88801e9a09c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_inodes+0x100/0x180
[   71.297016][ T5068]  #3: ffff88801e9a1080 (&sb->s_type->i_mutex_key#14/4){+.+.}-{3:3}, at: vfs_rename+0x5eb/0xde0
[   71.307482][ T5068]  #4: ffff88807fa200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0
[   71.317525][ T5068] 
[   71.317525][ T5068] stack backtrace:
[   71.323409][ T5068] CPU: 1 PID: 5068 Comm: syz-executor328 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
[   71.333833][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   71.343932][ T5068] Call Trace:
[   71.347218][ T5068]  <TASK>
[   71.350148][ T5068]  dump_stack_lvl+0x1e7/0x2d0
[   71.354843][ T5068]  ? nf_tcp_handle_invalid+0x650/0x650
[   71.360319][ T5068]  ? print_circular_bug+0x12b/0x1a0
[   71.365562][ T5068]  check_noncircular+0x366/0x490
[   71.370506][ T5068]  ? __read_once_word_nocheck+0x9/0x10
[   71.375998][ T5068]  ? print_deadlock_bug+0x610/0x610
[   71.381199][ T5068]  ? lockdep_lock+0x123/0x2b0
[   71.385886][ T5068]  ? is_bpf_text_address+0x28d/0x2a0
[   71.391198][ T5068]  ? is_bpf_text_address+0x26/0x2a0
[   71.396422][ T5068]  ? _find_first_zero_bit+0xd4/0x100
[   71.401712][ T5068]  validate_chain+0x1909/0x5ab0
[   71.406577][ T5068]  ? stack_trace_save+0x117/0x1c0
[   71.411607][ T5068]  ? check_noncircular+0x259/0x490
[   71.416723][ T5068]  ? reacquire_held_locks+0x690/0x690
[   71.422112][ T5068]  ? print_deadlock_bug+0x610/0x610
[   71.427314][ T5068]  ? lockdep_unlock+0x169/0x300
[   71.432161][ T5068]  ? lockdep_lock+0x2b0/0x2b0
[   71.436838][ T5068]  ? add_lock_to_list+0x1de/0x2e0
[   71.441858][ T5068]  ? look_up_lock_class+0x77/0x160
[   71.446979][ T5068]  ? register_lock_class+0x102/0x970
[   71.452287][ T5068]  ? validate_chain+0x15c6/0x5ab0
[   71.457312][ T5068]  ? is_dynamic_key+0x260/0x260
[   71.462161][ T5068]  ? mark_lock+0x9a/0x350
[   71.466496][ T5068]  __lock_acquire+0x1345/0x1fd0
[   71.471358][ T5068]  lock_acquire+0x1e3/0x530
[   71.475868][ T5068]  ? hfsplus_file_extend+0x21b/0x1b70
[   71.481267][ T5068]  ? read_lock_is_recursive+0x20/0x20
[   71.486649][ T5068]  ? __might_sleep+0xe0/0xe0
[   71.491239][ T5068]  ? lockdep_hardirqs_on_prepare+0x43c/0x780
[   71.497217][ T5068]  ? print_irqtrace_events+0x220/0x220
[   71.502681][ T5068]  __mutex_lock+0x136/0xd60
[   71.507191][ T5068]  ? hfsplus_file_extend+0x21b/0x1b70
[   71.512573][ T5068]  ? hfsplus_file_extend+0x21b/0x1b70
[   71.517947][ T5068]  ? mutex_lock_nested+0x20/0x20
[   71.522902][ T5068]  hfsplus_file_extend+0x21b/0x1b70
[   71.528126][ T5068]  ? hfsplus_get_block+0x14e0/0x14e0
[   71.533427][ T5068]  ? rcu_is_watching+0x15/0xb0
[   71.538203][ T5068]  ? trace_contention_end+0x3c/0x100
[   71.543507][ T5068]  ? __mutex_lock+0x2ee/0xd60
[   71.548207][ T5068]  ? hfsplus_find_init+0x14a/0x1c0
[   71.553331][ T5068]  ? mutex_lock_nested+0x20/0x20
[   71.558280][ T5068]  hfsplus_bmap_reserve+0x105/0x4e0
[   71.563497][ T5068]  hfsplus_rename_cat+0x1d0/0x1050
[   71.568620][ T5068]  ? reacquire_held_locks+0x3eb/0x690
[   71.573992][ T5068]  ? __mark_inode_dirty+0x4d4/0xda0
[   71.579195][ T5068]  ? hfsplus_subfolders_dec+0x110/0x110
[   71.584765][ T5068]  ? print_unlock_imbalance_bug+0x2c0/0x2c0
[   71.590688][ T5068]  ? hfsplus_link+0x800/0x800
[   71.595374][ T5068]  ? clear_nonspinnable+0x60/0x60
[   71.600396][ T5068]  hfsplus_rename+0x12e/0x1c0
[   71.605073][ T5068]  ? hfsplus_mknod+0x2a0/0x2a0
[   71.609842][ T5068]  vfs_rename+0xaba/0xde0
[   71.614209][ T5068]  ? __ia32_sys_link+0x90/0x90
[   71.618979][ T5068]  ? security_path_rename+0x183/0x210
[   71.624370][ T5068]  do_renameat2+0xd5a/0x1390
[   71.628991][ T5068]  ? fsnotify_move+0x4f0/0x4f0
[   71.633771][ T5068]  ? __check_object_size+0x4bb/0xa00
[   71.639072][ T5068]  ? getname_flags+0x1fd/0x4f0
[   71.643937][ T5068]  __x64_sys_rename+0x86/0x90
[   71.648624][ T5068]  do_syscall_64+0x45/0x110
[   71.653140][ T5068]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   71.659068][ T5068] RIP: 0033:0x7fd3bb4b66f9
[   71.663512][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.683121][ T5068] RSP: 002b:00007fffa897bd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[   71.691561][ T5068] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fd3bb4b66f9
[   71.699534][ T5068] RDX: 00007fd3bb4b66f9 RSI: 0000000020000300 RDI: 0000000020000b00
[   71.707542][ T5068] RBP: 00007fd3bb529610 R08: 0000000000000000 R09: 0000000000000000
rename("./bus", "./file2")              = -1 ENOENT (No such file or directory)
exit_group(0)                           = ?
+++ exited with 0 +++
[   71.715510][ T5