./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3360365680 <...> Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. execve("./syz-executor3360365680", ["./syz-executor3360365680"], 0x7ffceb8c6600 /* 10 vars */) = 0 brk(NULL) = 0x55555689a000 brk(0x55555689ac40) = 0x55555689ac40 arch_prctl(ARCH_SET_FS, 0x55555689a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3360365680", 4096) = 28 brk(0x5555568bbc40) = 0x5555568bbc40 brk(0x5555568bc000) = 0x5555568bc000 mprotect(0x7fee44098000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee3bbde000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fee3bbde000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 [ 63.382860][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor336' [ 63.403295][ T4992] loop0: detected capacity change from 0 to 1024 [ 63.413053][ T4992] ======================================================= [ 63.413053][ T4992] WARNING: The mand mount option has been deprecated and mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 63.413053][ T4992] and is ignored by this kernel. Remove the mand [ 63.413053][ T4992] option from the mount to silence this warning. [ 63.413053][ T4992] ======================================================= [ 63.466727][ T4992] [ 63.469097][ T4992] ====================================================== [ 63.476134][ T4992] WARNING: possible circular locking dependency detected [ 63.483173][ T4992] 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 Not tainted [ 63.490213][ T4992] ------------------------------------------------------ [ 63.497241][ T4992] syz-executor336/4992 is trying to acquire lock: [ 63.503676][ T4992] ffff8880132a60b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb40 [ 63.513565][ T4992] [ 63.513565][ T4992] but task is already holding lock: [ 63.520920][ T4992] ffff88807c990108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 63.532068][ T4992] [ 63.532068][ T4992] which lock already depends on the new lock. [ 63.532068][ T4992] [ 63.542464][ T4992] [ 63.542464][ T4992] the existing dependency chain (in reverse order) is: [ 63.551467][ T4992] [ 63.551467][ T4992] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 63.560499][ T4992] lock_acquire+0x1e3/0x520 [ 63.565529][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 63.571283][ T4992] mutex_lock_nested+0x1b/0x20 [ 63.576567][ T4992] hfsplus_file_extend+0x1d6/0x1b10 [ 63.582280][ T4992] hfsplus_bmap_reserve+0x105/0x4e0 [ 63.587991][ T4992] hfsplus_create_cat+0x1ad/0x1bb0 [ 63.593621][ T4992] hfsplus_fill_super+0x13ea/0x1c90 [ 63.599342][ T4992] mount_bdev+0x2d0/0x3f0 [ 63.604282][ T4992] legacy_get_tree+0xef/0x190 [ 63.609478][ T4992] vfs_get_tree+0x8c/0x270 [ 63.614415][ T4992] do_new_mount+0x28f/0xae0 [ 63.619433][ T4992] __se_sys_mount+0x2d9/0x3c0 [ 63.624625][ T4992] do_syscall_64+0x41/0xc0 [ 63.629565][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.635991][ T4992] [ 63.635991][ T4992] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 63.643722][ T4992] validate_chain+0x166b/0x58f0 [ 63.649093][ T4992] __lock_acquire+0x1316/0x2070 [ 63.654471][ T4992] lock_acquire+0x1e3/0x520 [ 63.659513][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 63.665239][ T4992] mutex_lock_nested+0x1b/0x20 [ 63.670526][ T4992] hfsplus_file_truncate+0x811/0xb40 [ 63.676328][ T4992] hfsplus_setattr+0x1bd/0x280 [ 63.681613][ T4992] notify_change+0xc8b/0xf40 [ 63.686722][ T4992] do_truncate+0x220/0x300 [ 63.691654][ T4992] vfs_truncate+0x2e1/0x3a0 [ 63.696686][ T4992] do_sys_truncate+0xde/0x190 [ 63.701880][ T4992] do_syscall_64+0x41/0xc0 [ 63.706819][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.713251][ T4992] [ 63.713251][ T4992] other info that might help us debug this: [ 63.713251][ T4992] [ 63.723477][ T4992] Possible unsafe locking scenario: [ 63.723477][ T4992] [ 63.730919][ T4992] CPU0 CPU1 [ 63.736274][ T4992] ---- ---- [ 63.741629][ T4992] lock(&HFSPLUS_I(inode)->extents_lock); [ 63.747430][ T4992] lock(&tree->tree_lock); [ 63.754549][ T4992] lock(&HFSPLUS_I(inode)->extents_lock); [ 63.762882][ T4992] lock(&tree->tree_lock); [ 63.767385][ T4992] [ 63.767385][ T4992] *** DEADLOCK *** [ 63.767385][ T4992] [ 63.775520][ T4992] 3 locks held by syz-executor336/4992: [ 63.781064][ T4992] #0: ffff88807d9f6460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 63.790208][ T4992] #1: ffff88807c990300 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300 [ 63.800580][ T4992] #2: ffff88807c990108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 63.812151][ T4992] [ 63.812151][ T4992] stack backtrace: [ 63.818033][ T4992] CPU: 1 PID: 4992 Comm: syz-executor336 Not tainted 6.4.0-rc4-syzkaller-00276-ge5282a7d8f6b #0 [ 63.828437][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 63.838490][ T4992] Call Trace: [ 63.841763][ T4992] [ 63.844710][ T4992] dump_stack_lvl+0x1e7/0x2d0 [ 63.849398][ T4992] ? nf_tcp_handle_invalid+0x650/0x650 [ 63.854881][ T4992] ? print_circular_bug+0x12b/0x1a0 [ 63.860082][ T4992] check_noncircular+0x2fe/0x3b0 [ 63.865021][ T4992] ? add_chain_block+0x850/0x850 [ 63.869964][ T4992] ? add_chain_block+0x850/0x850 [ 63.874903][ T4992] ? lockdep_lock+0x123/0x2b0 [ 63.879590][ T4992] ? add_chain_block+0x850/0x850 [ 63.884527][ T4992] ? _find_first_zero_bit+0xd4/0x100 [ 63.889892][ T4992] validate_chain+0x166b/0x58f0 [ 63.894751][ T4992] ? reacquire_held_locks+0x660/0x660 [ 63.900125][ T4992] ? reacquire_held_locks+0x660/0x660 [ 63.905585][ T4992] ? look_up_lock_class+0x77/0x140 [ 63.910693][ T4992] ? register_lock_class+0x104/0x990 [ 63.915975][ T4992] ? mark_lock+0x9a/0x340 [ 63.920303][ T4992] ? is_dynamic_key+0x1f0/0x1f0 [ 63.925155][ T4992] ? mark_lock+0x9a/0x340 [ 63.929506][ T4992] __lock_acquire+0x1316/0x2070 [ 63.934380][ T4992] lock_acquire+0x1e3/0x520 [ 63.938892][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 63.944361][ T4992] ? read_lock_is_recursive+0x20/0x20 [ 63.949771][ T4992] ? __might_sleep+0xc0/0xc0 [ 63.954383][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 63.959680][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 63.965144][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 63.970653][ T4992] ? mutex_lock_io_nested+0x60/0x60 [ 63.975956][ T4992] ? hfsplus_free_extents+0x47e/0xae0 [ 63.981351][ T4992] mutex_lock_nested+0x1b/0x20 [ 63.986134][ T4992] hfsplus_file_truncate+0x811/0xb40 [ 63.991444][ T4992] ? hfsplus_add_extent+0x880/0x880 [ 63.996644][ T4992] ? unmap_mapping_range+0xf8/0x290 [ 64.001847][ T4992] ? unmap_mapping_pages+0x180/0x180 [ 64.007148][ T4992] ? current_time+0x1e0/0x300 [ 64.011846][ T4992] ? truncate_setsize+0xcf/0xf0 [ 64.016711][ T4992] hfsplus_setattr+0x1bd/0x280 [ 64.021484][ T4992] ? hfsplus_fileattr_set+0x330/0x330 [ 64.026862][ T4992] notify_change+0xc8b/0xf40 [ 64.031460][ T4992] do_truncate+0x220/0x300 [ 64.035884][ T4992] ? put_page_bootmem+0x2e0/0x2e0 [ 64.040939][ T4992] ? bpf_lsm_path_truncate+0x9/0x10 [ 64.046137][ T4992] vfs_truncate+0x2e1/0x3a0 [ 64.050690][ T4992] do_sys_truncate+0xde/0x190 [ 64.055374][ T4992] ? break_lease+0xd0/0xd0 [ 64.059795][ T4992] ? syscall_enter_from_user_mode+0x32/0x230 [ 64.065775][ T4992] ? syscall_enter_from_user_mode+0x8c/0x230 [ 64.071844][ T4992] do_syscall_64+0x41/0xc0 [ 64.076269][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.082165][ T4992] RIP: 0033:0x7fee4402a7a9 [ 64.086579][ T4992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 64.106183][ T4992] RSP: 002b:00007ffebf976888 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 64.114614][ T4992] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fee4402a7a9 [ 64.122581][ T4992] RDX: 00007fee43fe8e23 RSI: 0000000000000000 RDI: 0000000020000080 truncate("./file1", 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 64.130566][ T4992] RBP: 00007fee43fea040 R08: 0000000000000