Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.947041] ====================================================== [ 37.947041] WARNING: the mand mount option is being deprecated and [ 37.947041] will be removed in v5.15! [ 37.947041] ====================================================== [ 37.979208] audit: type=1800 audit(1672578591.604:2): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="bus" dev="loop0" ino=25 res=0 [ 38.007304] [ 38.008952] ====================================================== [ 38.012163] audit: type=1800 audit(1672578591.634:3): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="file1" dev="loop0" ino=20 res=0 [ 38.015432] WARNING: possible circular locking dependency detected [ 38.041245] 4.19.211-syzkaller #0 Not tainted [ 38.045811] ------------------------------------------------------ [ 38.052207] syz-executor950/8106 is trying to acquire lock: [ 38.057905] 0000000014babfec (&tree->tree_lock/1){+.+.}, at: hfsplus_find_init+0x170/0x220 [ 38.066561] [ 38.066561] but task is already holding lock: [ 38.072529] 00000000a7fe7b0f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 38.082491] [ 38.082491] which lock already depends on the new lock. [ 38.082491] [ 38.090796] [ 38.090796] the existing dependency chain (in reverse order) is: [ 38.098393] [ 38.098393] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: [ 38.105486] hfsplus_file_extend+0x1bb/0xf40 [ 38.110393] hfsplus_bmap_reserve+0x298/0x440 [ 38.115396] __hfsplus_ext_write_extent+0x45b/0x5a0 [ 38.120909] hfsplus_ext_read_extent+0x910/0xab0 [ 38.126161] hfsplus_file_extend+0x672/0xf40 [ 38.131070] hfsplus_get_block+0x196/0x960 [ 38.135810] __block_write_begin_int+0x46c/0x17b0 [ 38.141154] block_write_begin+0x58/0x2e0 [ 38.145808] cont_write_begin+0x55a/0x820 [ 38.150458] hfsplus_write_begin+0x87/0x150 [ 38.155275] cont_write_begin+0x2ee/0x820 [ 38.159930] hfsplus_write_begin+0x87/0x150 [ 38.164763] generic_cont_expand_simple+0x106/0x170 [ 38.170297] hfsplus_setattr+0x18b/0x310 [ 38.174868] notify_change+0x70b/0xfc0 [ 38.179253] do_truncate+0x134/0x1f0 [ 38.183476] do_sys_ftruncate+0x492/0x560 [ 38.188125] do_syscall_64+0xf9/0x620 [ 38.192428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.198195] [ 38.198195] -> #0 (&tree->tree_lock/1){+.+.}: [ 38.204150] __mutex_lock+0xd7/0x1190 [ 38.208448] hfsplus_find_init+0x170/0x220 [ 38.213185] hfsplus_file_truncate+0x297/0x1040 [ 38.218348] hfsplus_setattr+0x1e7/0x310 [ 38.222915] notify_change+0x70b/0xfc0 [ 38.227312] do_truncate+0x134/0x1f0 [ 38.231529] do_sys_ftruncate+0x492/0x560 [ 38.236177] do_syscall_64+0xf9/0x620 [ 38.240478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.246185] [ 38.246185] other info that might help us debug this: [ 38.246185] [ 38.254312] Possible unsafe locking scenario: [ 38.254312] [ 38.260345] CPU0 CPU1 [ 38.264987] ---- ---- [ 38.269625] lock(&HFSPLUS_I(inode)->extents_lock); [ 38.274707] lock(&tree->tree_lock/1); [ 38.281171] lock(&HFSPLUS_I(inode)->extents_lock); [ 38.288762] lock(&tree->tree_lock/1); [ 38.292713] [ 38.292713] *** DEADLOCK *** [ 38.292713] [ 38.298749] 3 locks held by syz-executor950/8106: [ 38.303564] #0: 000000006bb158e5 (sb_writers#11){.+.+}, at: do_sys_ftruncate+0x297/0x560 [ 38.311951] #1: 00000000a653ec8e (&sb->s_type->i_mutex_key#17){+.+.}, at: do_truncate+0x125/0x1f0 [ 38.321027] #2: 00000000a7fe7b0f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 38.331491] [ 38.331491] stack backtrace: [ 38.335964] CPU: 0 PID: 8106 Comm: syz-executor950 Not tainted 4.19.211-syzkaller #0 [ 38.343814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 38.353140] Call Trace: [ 38.355718] dump_stack+0x1fc/0x2ef [ 38.359329] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 38.365107] __lock_acquire+0x30c9/0x3ff0 [ 38.369232] ? mark_held_locks+0xf0/0xf0 [ 38.373272] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 38.378350] ? depot_save_stack+0x258/0x410 [ 38.382649] ? kasan_kmalloc+0x139/0x160 [ 38.386687] ? hfsplus_setattr+0x1e7/0x310 [ 38.390902] ? do_truncate+0x134/0x1f0 [ 38.394765] ? do_sys_ftruncate+0x492/0x560 [ 38.399064] ? do_syscall_64+0xf9/0x620 [ 38.403015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.408353] ? __kernel_text_address+0x9/0x30 [ 38.412824] lock_acquire+0x170/0x3c0 [ 38.416601] ? hfsplus_find_init+0x170/0x220 [ 38.420988] ? hfsplus_find_init+0x170/0x220 [ 38.425371] __mutex_lock+0xd7/0x1190 [ 38.429148] ? hfsplus_find_init+0x170/0x220 [ 38.433530] ? __mutex_lock+0x368/0x1190 [ 38.437568] ? hfsplus_find_init+0x170/0x220 [ 38.441966] ? mutex_trylock+0x1a0/0x1a0 [ 38.446003] ? lock_acquire+0x170/0x3c0 [ 38.449956] ? check_preemption_disabled+0x41/0x280 [ 38.454948] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.459940] ? __kmalloc+0x38e/0x3c0 [ 38.463629] ? hfsplus_find_init+0x91/0x220 [ 38.467927] hfsplus_find_init+0x170/0x220 [ 38.472140] hfsplus_file_truncate+0x297/0x1040 [ 38.476786] ? lock_acquire+0x170/0x3c0 [ 38.480823] ? hfsplus_get_block+0x960/0x960 [ 38.485207] ? up_write+0x18/0x150 [ 38.488725] ? unmap_mapping_pages+0x121/0x2b0 [ 38.493287] ? inode_newsize_ok+0x121/0x1e0 [ 38.497587] hfsplus_setattr+0x1e7/0x310 [ 38.501630] ? hfsplus_file_open+0x140/0x140 [ 38.506022] notify_change+0x70b/0xfc0 [ 38.509890] do_truncate+0x134/0x1f0 [ 38.513579] ? dentry_open+0x1d0/0x1d0 [ 38.517447] ? apparmor_path_truncate+0x183/0x200 [ 38.522280] do_sys_ftruncate+0x492/0x560 [ 38.526415] do_syscall_64+0xf9/0x620 [ 38.530194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.535362] RIP: 0033:0x7fce51aec7e9 [ 38.539051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.557929] RSP: 002b:00007ffed9e28f78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 38.566219] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce51aec7e9 [ 38.573465] RDX: 00007fce51aec7e9 RSI: 0000000000000000 RDI: 0000000000000005 [ 38.580711] RBP: 00007fce51aac080 R08: 0000000000000000 R09: 0000000000000000 [ 38.587956] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce51aac110 [ 38.595199] R13: 0000000000000000 R14: 00000000000000