./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3359000083 <...> Warning: Permanently added '10.128.10.42' (ED25519) to the list of known hosts. execve("./syz-executor3359000083", ["./syz-executor3359000083"], 0x7ffc0f163930 /* 10 vars */) = 0 brk(NULL) = 0x555594617000 brk(0x555594617d00) = 0x555594617d00 arch_prctl(ARCH_SET_FS, 0x555594617380) = 0 set_tid_address(0x555594617650) = 5069 set_robust_list(0x555594617660, 24) = 0 rseq(0x555594617ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3359000083", 4096) = 28 getrandom("\xab\xcc\xb8\xf3\xf1\xe6\xd6\x6a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555594617d00 brk(0x555594638d00) = 0x555594638d00 brk(0x555594639000) = 0x555594639000 mprotect(0x7fdb5de48000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb55800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fdb55800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_NOEXEC|MS_I_VERSION, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 [ 62.350846][ T5069] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) chdir("./file0") = 0 [ 62.432608][ T5069] [ 62.434996][ T5069] ====================================================== [ 62.442020][ T5069] WARNING: possible circular locking dependency detected [ 62.449061][ T5069] 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Not tainted [ 62.456077][ T5069] ------------------------------------------------------ [ 62.463075][ T5069] syz-executor335/5069 is trying to acquire lock: [ 62.469467][ T5069] ffff888024b240b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb50 [ 62.479319][ T5069] [ 62.479319][ T5069] but task is already holding lock: [ 62.486690][ T5069] ffff888011053048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 62.497923][ T5069] [ 62.497923][ T5069] which lock already depends on the new lock. [ 62.497923][ T5069] [ 62.508422][ T5069] [ 62.508422][ T5069] the existing dependency chain (in reverse order) is: [ 62.517446][ T5069] [ 62.517446][ T5069] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 62.526476][ T5069] lock_acquire+0x1ed/0x550 [ 62.531520][ T5069] __mutex_lock+0x136/0xd70 [ 62.536547][ T5069] hfsplus_file_extend+0x21b/0x1b70 [ 62.542269][ T5069] hfsplus_bmap_reserve+0x105/0x4e0 [ 62.548086][ T5069] hfsplus_create_cat+0x1b0/0x1b60 [ 62.553707][ T5069] hfsplus_fill_super+0x13ee/0x1ca0 [ 62.559970][ T5069] mount_bdev+0x20a/0x2d0 [ 62.564836][ T5069] legacy_get_tree+0xee/0x190 [ 62.570034][ T5069] vfs_get_tree+0x90/0x2a0 [ 62.574965][ T5069] do_new_mount+0x2be/0xb40 [ 62.579977][ T5069] __se_sys_mount+0x2d9/0x3c0 [ 62.585162][ T5069] do_syscall_64+0xf5/0x240 [ 62.590380][ T5069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.596806][ T5069] [ 62.596806][ T5069] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 62.604532][ T5069] validate_chain+0x18cb/0x58e0 [ 62.609896][ T5069] __lock_acquire+0x1346/0x1fd0 [ 62.615287][ T5069] lock_acquire+0x1ed/0x550 [ 62.620363][ T5069] __mutex_lock+0x136/0xd70 [ 62.625410][ T5069] hfsplus_file_truncate+0x811/0xb50 [ 62.631256][ T5069] hfsplus_delete_inode+0x174/0x220 [ 62.637007][ T5069] hfsplus_unlink+0x512/0x790 [ 62.642274][ T5069] vfs_unlink+0x365/0x600 [ 62.647150][ T5069] do_unlinkat+0x4ae/0x830 [ 62.652129][ T5069] __x64_sys_unlink+0x49/0x60 [ 62.657454][ T5069] do_syscall_64+0xf5/0x240 [ 62.662593][ T5069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.669013][ T5069] [ 62.669013][ T5069] other info that might help us debug this: [ 62.669013][ T5069] [ 62.679231][ T5069] Possible unsafe locking scenario: [ 62.679231][ T5069] [ 62.686768][ T5069] CPU0 CPU1 [ 62.692137][ T5069] ---- ---- [ 62.698277][ T5069] lock(&HFSPLUS_I(inode)->extents_lock); [ 62.704076][ T5069] lock(&tree->tree_lock); [ 62.711089][ T5069] lock(&HFSPLUS_I(inode)->extents_lock); [ 62.719482][ T5069] lock(&tree->tree_lock); [ 62.723994][ T5069] [ 62.723994][ T5069] *** DEADLOCK *** [ 62.723994][ T5069] [ 62.732211][ T5069] 5 locks held by syz-executor335/5069: [ 62.737742][ T5069] #0: ffff888024b26420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 62.747143][ T5069] #1: ffff888011052b80 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_unlinkat+0x26a/0x830 [ 62.757410][ T5069] #2: ffff888011053240 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: vfs_unlink+0xe4/0x600 [ 62.767581][ T5069] #3: ffff888021f3a998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 [ 62.777061][ T5069] #4: ffff888011053048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 62.788891][ T5069] [ 62.788891][ T5069] stack backtrace: [ 62.794766][ T5069] CPU: 0 PID: 5069 Comm: syz-executor335 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 [ 62.805685][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 62.815835][ T5069] Call Trace: [ 62.820418][ T5069] [ 62.823452][ T5069] dump_stack_lvl+0x241/0x360 [ 62.828135][ T5069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.833420][ T5069] ? print_circular_bug+0x130/0x1a0 [ 62.838615][ T5069] check_noncircular+0x36a/0x4a0 [ 62.843546][ T5069] ? __pfx_check_noncircular+0x10/0x10 [ 62.848995][ T5069] ? lockdep_lock+0x123/0x2b0 [ 62.853662][ T5069] ? lockdep_unlock+0x16a/0x300 [ 62.858514][ T5069] ? __pfx_lockdep_unlock+0x10/0x10 [ 62.863705][ T5069] ? _find_first_zero_bit+0xd4/0x100 [ 62.868995][ T5069] validate_chain+0x18cb/0x58e0 [ 62.873856][ T5069] ? __pfx_validate_chain+0x10/0x10 [ 62.879047][ T5069] ? __pfx_validate_chain+0x10/0x10 [ 62.884239][ T5069] ? look_up_lock_class+0x77/0x160 [ 62.889344][ T5069] ? register_lock_class+0x102/0x980 [ 62.894626][ T5069] ? __pfx_register_lock_class+0x10/0x10 [ 62.900774][ T5069] ? mark_lock+0x9a/0x350 [ 62.905097][ T5069] __lock_acquire+0x1346/0x1fd0 [ 62.909945][ T5069] lock_acquire+0x1ed/0x550 [ 62.914444][ T5069] ? hfsplus_file_truncate+0x811/0xb50 [ 62.920028][ T5069] ? __pfx_lock_acquire+0x10/0x10 [ 62.925041][ T5069] ? __pfx___might_resched+0x10/0x10 [ 62.930319][ T5069] ? __mutex_unlock_slowpath+0x21d/0x750 [ 62.935945][ T5069] ? hfsplus_block_free+0x3da/0x4e0 [ 62.941243][ T5069] __mutex_lock+0x136/0xd70 [ 62.945734][ T5069] ? hfsplus_file_truncate+0x811/0xb50 [ 62.951195][ T5069] ? hfsplus_file_truncate+0x811/0xb50 [ 62.956668][ T5069] ? __pfx___mutex_lock+0x10/0x10 [ 62.961770][ T5069] ? hfsplus_free_extents+0x47e/0xae0 [ 62.967136][ T5069] hfsplus_file_truncate+0x811/0xb50 [ 62.972594][ T5069] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 62.978395][ T5069] ? smk_access+0x4ab/0x4e0 [ 62.982995][ T5069] ? hfsplus_unlink+0x161/0x790 [ 62.987870][ T5069] hfsplus_delete_inode+0x174/0x220 [ 62.993096][ T5069] hfsplus_unlink+0x512/0x790 [ 62.997781][ T5069] ? __pfx_smack_inode_unlink+0x10/0x10 [ 63.003337][ T5069] ? __pfx_hfsplus_unlink+0x10/0x10 [ 63.008551][ T5069] ? __down_write_common+0x162/0x200 [ 63.013871][ T5069] ? bpf_lsm_inode_unlink+0x9/0x10 [ 63.018992][ T5069] ? security_inode_unlink+0xd5/0x120 [ 63.024556][ T5069] vfs_unlink+0x365/0x600 [ 63.028883][ T5069] do_unlinkat+0x4ae/0x830 [ 63.033498][ T5069] ? __pfx_do_unlinkat+0x10/0x10 [ 63.038533][ T5069] ? strncpy_from_user+0x1a4/0x2f0 [ 63.043686][ T5069] __x64_sys_unlink+0x49/0x60 [ 63.048598][ T5069] do_syscall_64+0xf5/0x240 [ 63.053180][ T5069] ? clear_bhb_loop+0x35/0x90 [ 63.058031][ T5069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.063921][ T5069] RIP: 0033:0x7fdb5ddd4ab9 [ 63.068366][ T5069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.088768][ T5069] RSP: 002b:00007ffd4a68cb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 63.097207][ T5069] RAX: ffffffffffffffda RBX: 00007fdb5de1d053 RCX: 00007fdb5ddd4ab9 [ 63.105184][ T5069] RDX: 00007fdb5ddd4ab9 RSI: 00007fdb5ddd3b51 RDI: 0000000020000100 [ 63.113494][ T5069] RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000 [ 63.121664][ T5069] R10: 00000000000006ea R11: 0000000000000246 R12: 00007fdb5de1d04b unlink("./file1") = 0 exit_group(0) = ? +++ exited with 0 +++ [ 63.129637][ T5069] R13: 00007ffd4a68cd08 R14: 0000000000000001 R15: