./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1859257355 <...> Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. execve("./syz-executor1859257355", ["./syz-executor1859257355"], 0x7fff08e2bf40 /* 10 vars */) = 0 brk(NULL) = 0x555586205000 brk(0x555586205d00) = 0x555586205d00 arch_prctl(ARCH_SET_FS, 0x555586205380) = 0 set_tid_address(0x555586205650) = 5083 set_robust_list(0x555586205660, 24) = 0 rseq(0x555586205ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1859257355", 4096) = 28 getrandom("\x90\x9e\xc6\xbd\x35\xc0\xb3\xe0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555586205d00 brk(0x555586226d00) = 0x555586226d00 brk(0x555586227000) = 0x555586227000 mprotect(0x7fca33f4a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca2ba00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fca2ba00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", MS_SYNCHRONOUS|MS_NOATIME|MS_POSIXACL, "") = 0 openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 73.018254][ T5083] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_CLOEXEC|FASYNC, 000) = 4 openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EEXIST (File exists) open(".", O_RDONLY) = 6 mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 truncate("./file1", 0) = 0 mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f\x2f\x66\x69\x6c\x65\x30", 000) = 0 openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [ 73.090136][ T28] audit: type=1800 audit(1714657487.136:2): pid=5083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor185" name="bus" dev="loop0" ino=0 res=0 errno=0 [ 73.129349][ T5083] [ 73.131669][ T5083] ====================================================== [ 73.138665][ T5083] WARNING: possible circular locking dependency detected [ 73.145660][ T5083] 6.9.0-rc6-syzkaller-00053-g0106679839f7 #0 Not tainted [ 73.152658][ T5083] ------------------------------------------------------ [ 73.159652][ T5083] syz-executor185/5083 is trying to acquire lock: [ 73.166048][ T5083] ffff8880224207c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 73.177134][ T5083] [ 73.177134][ T5083] but task is already holding lock: [ 73.184475][ T5083] ffff8880227f20b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.193960][ T5083] [ 73.193960][ T5083] which lock already depends on the new lock. [ 73.193960][ T5083] [ 73.204340][ T5083] [ 73.204340][ T5083] the existing dependency chain (in reverse order) is: [ 73.213330][ T5083] [ 73.213330][ T5083] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 73.221055][ T5083] lock_acquire+0x1ed/0x550 [ 73.226067][ T5083] __mutex_lock+0x136/0xd70 [ 73.231083][ T5083] hfsplus_file_truncate+0x811/0xb50 [ 73.236878][ T5083] hfsplus_setattr+0x1ce/0x280 [ 73.242150][ T5083] notify_change+0xb9f/0xe70 [ 73.247249][ T5083] do_truncate+0x220/0x310 [ 73.252178][ T5083] vfs_truncate+0x2e1/0x3b0 [ 73.257192][ T5083] do_sys_truncate+0xde/0x190 [ 73.262379][ T5083] do_syscall_64+0xf5/0x240 [ 73.267394][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.273794][ T5083] [ 73.273794][ T5083] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 73.282823][ T5083] validate_chain+0x18cb/0x58e0 [ 73.288190][ T5083] __lock_acquire+0x1346/0x1fd0 [ 73.293545][ T5083] lock_acquire+0x1ed/0x550 [ 73.298556][ T5083] __mutex_lock+0x136/0xd70 [ 73.303569][ T5083] hfsplus_file_extend+0x21b/0x1b70 [ 73.309295][ T5083] hfsplus_bmap_reserve+0x105/0x4e0 [ 73.315009][ T5083] hfsplus_rename_cat+0x1d0/0x1050 [ 73.320654][ T5083] hfsplus_rename+0x12e/0x1c0 [ 73.325936][ T5083] vfs_rename+0xbdd/0xf00 [ 73.330801][ T5083] do_renameat2+0xd94/0x13f0 [ 73.335896][ T5083] __x64_sys_rename+0x86/0xa0 [ 73.341078][ T5083] do_syscall_64+0xf5/0x240 [ 73.346092][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.352491][ T5083] [ 73.352491][ T5083] other info that might help us debug this: [ 73.352491][ T5083] [ 73.362695][ T5083] Possible unsafe locking scenario: [ 73.362695][ T5083] [ 73.370123][ T5083] CPU0 CPU1 [ 73.375466][ T5083] ---- ---- [ 73.380812][ T5083] lock(&tree->tree_lock); [ 73.385303][ T5083] lock(&HFSPLUS_I(inode)->extents_lock); [ 73.393614][ T5083] lock(&tree->tree_lock); [ 73.400622][ T5083] lock(&HFSPLUS_I(inode)->extents_lock); [ 73.406413][ T5083] [ 73.406413][ T5083] *** DEADLOCK *** [ 73.406413][ T5083] [ 73.414535][ T5083] 4 locks held by syz-executor185/5083: [ 73.420059][ T5083] #0: ffff8880227f6420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 73.429206][ T5083] #1: ffff888022421e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 [ 73.439656][ T5083] #2: ffff8880224224c0 (&sb->s_type->i_mutex_key#15/4){+.+.}-{3:3}, at: vfs_rename+0x6a2/0xf00 [ 73.450119][ T5083] #3: ffff8880227f20b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.460047][ T5083] [ 73.460047][ T5083] stack backtrace: [ 73.465914][ T5083] CPU: 0 PID: 5083 Comm: syz-executor185 Not tainted 6.9.0-rc6-syzkaller-00053-g0106679839f7 #0 [ 73.476311][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 73.486348][ T5083] Call Trace: [ 73.489620][ T5083] [ 73.492534][ T5083] dump_stack_lvl+0x241/0x360 [ 73.497210][ T5083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.502405][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.508029][ T5083] ? print_circular_bug+0x130/0x1a0 [ 73.513222][ T5083] check_noncircular+0x36a/0x4a0 [ 73.518149][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.523773][ T5083] ? __read_once_word_nocheck+0x9/0x20 [ 73.529232][ T5083] ? __pfx_check_noncircular+0x10/0x10 [ 73.534683][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.540306][ T5083] ? lockdep_lock+0x123/0x2b0 [ 73.544971][ T5083] ? is_bpf_text_address+0x28d/0x2b0 [ 73.550249][ T5083] ? is_bpf_text_address+0x26/0x2b0 [ 73.555442][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.561064][ T5083] ? _find_first_zero_bit+0xd4/0x100 [ 73.566347][ T5083] validate_chain+0x18cb/0x58e0 [ 73.571198][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.576823][ T5083] ? check_noncircular+0x259/0x4a0 [ 73.581926][ T5083] ? __pfx_validate_chain+0x10/0x10 [ 73.587116][ T5083] ? __pfx_check_noncircular+0x10/0x10 [ 73.592568][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.598190][ T5083] ? lockdep_unlock+0x16a/0x300 [ 73.603025][ T5083] ? __pfx_lockdep_unlock+0x10/0x10 [ 73.608214][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.613834][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.619459][ T5083] ? look_up_lock_class+0x77/0x160 [ 73.624561][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.630181][ T5083] ? register_lock_class+0x102/0x980 [ 73.635449][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.641072][ T5083] ? validate_chain+0x15a2/0x58e0 [ 73.646176][ T5083] ? __pfx_register_lock_class+0x10/0x10 [ 73.651796][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.657417][ T5083] ? mark_lock+0x9a/0x350 [ 73.661737][ T5083] __lock_acquire+0x1346/0x1fd0 [ 73.666586][ T5083] lock_acquire+0x1ed/0x550 [ 73.671076][ T5083] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.676440][ T5083] ? __pfx_lock_acquire+0x10/0x10 [ 73.681450][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.687072][ T5083] ? mark_lock+0x9a/0x350 [ 73.691388][ T5083] ? __pfx___might_resched+0x10/0x10 [ 73.696664][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.702287][ T5083] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 73.708278][ T5083] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 73.714609][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.720277][ T5083] __mutex_lock+0x136/0xd70 [ 73.724772][ T5083] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.730157][ T5083] ? lockdep_hardirqs_on+0x99/0x150 [ 73.735348][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.740992][ T5083] ? hfsplus_file_extend+0x21b/0x1b70 [ 73.746358][ T5083] ? __pfx___mutex_lock+0x10/0x10 [ 73.751377][ T5083] hfsplus_file_extend+0x21b/0x1b70 [ 73.756595][ T5083] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 73.762215][ T5083] ? rcu_is_watching+0x15/0xb0 [ 73.766968][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.772589][ T5083] ? trace_contention_end+0x3c/0x120 [ 73.777869][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.783491][ T5083] ? __mutex_lock+0x2ef/0xd70 [ 73.788158][ T5083] ? hfsplus_find_init+0x14a/0x1c0 [ 73.793263][ T5083] ? __pfx___mutex_lock+0x10/0x10 [ 73.798274][ T5083] ? rcu_is_watching+0x15/0xb0 [ 73.803030][ T5083] hfsplus_bmap_reserve+0x105/0x4e0 [ 73.808336][ T5083] hfsplus_rename_cat+0x1d0/0x1050 [ 73.813439][ T5083] ? __pfx_validate_chain+0x10/0x10 [ 73.818630][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.824252][ T5083] ? stack_trace_save+0x118/0x1d0 [ 73.829272][ T5083] ? __pfx_hfsplus_rename_cat+0x10/0x10 [ 73.834815][ T5083] ? lockdep_unlock+0x16a/0x300 [ 73.839790][ T5083] ? __pfx_lock_acquire+0x10/0x10 [ 73.844803][ T5083] ? vfs_rename+0x5ee/0xf00 [ 73.849303][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.854930][ T5083] ? __down_write_common+0x162/0x200 [ 73.860209][ T5083] ? __pfx___down_write_common+0x10/0x10 [ 73.865833][ T5083] ? do_raw_spin_unlock+0x13c/0x8b0 [ 73.871028][ T5083] hfsplus_rename+0x12e/0x1c0 [ 73.875697][ T5083] ? __pfx_hfsplus_rename+0x10/0x10 [ 73.880886][ T5083] vfs_rename+0xbdd/0xf00 [ 73.885220][ T5083] ? __pfx_vfs_rename+0x10/0x10 [ 73.890068][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.895709][ T5083] ? security_path_rename+0x18b/0x220 [ 73.901082][ T5083] do_renameat2+0xd94/0x13f0 [ 73.905658][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.911294][ T5083] ? __pfx_do_renameat2+0x10/0x10 [ 73.916307][ T5083] ? __virt_addr_valid+0x183/0x520 [ 73.921588][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.927213][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.932837][ T5083] ? __check_object_size+0x4bc/0xa00 [ 73.938113][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.943761][ T5083] ? srso_alias_return_thunk+0x5/0xfbef5 [ 73.949390][ T5083] ? getname_flags+0x1fe/0x4f0 [ 73.954146][ T5083] __x64_sys_rename+0x86/0xa0 [ 73.958808][ T5083] do_syscall_64+0xf5/0x240 [ 73.963305][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.969187][ T5083] RIP: 0033:0x7fca33ed6939 [ 73.973586][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.993175][ T5083] RSP: 002b:00007ffdc5874398 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 74.001576][ T5083] RAX: ffffffffffffffda RBX: 00007ffdc5874568 RCX: 00007fca33ed6939 [ 74.009531][ T5083] RDX: 00007fca33ed6939 RSI: 0000000020000400 RDI: 0000000020000000 [ 74.017487][ T5083] RBP: 00007fca33f4a610 R08: 00007ffdc5874568 R09: 00007ffdc5874568 [ 74.025442][ T5083] R10: 00007ffdc5874568 R11: 0000000000000246 R12: 0000000000000001 [ 74.033395][ T5083] R13: 00007ffdc5874558 R14: 0000000000000001 R15: 0000000000000001 [ 74.041358][ T5083] rename("./bus", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 exit_group(0) = ? +++ exited with 0 +++