./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2868859107 <...> Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. execve("./syz-executor2868859107", ["./syz-executor2868859107"], 0x7ffd2cd39f90 /* 10 vars */) = 0 brk(NULL) = 0x555577d24000 brk(0x555577d24d00) = 0x555577d24d00 arch_prctl(ARCH_SET_FS, 0x555577d24380) = 0 set_tid_address(0x555577d24650) = 5069 set_robust_list(0x555577d24660, 24) = 0 rseq(0x555577d24ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2868859107", 4096) = 28 getrandom("\x48\xf9\x7e\xae\xc0\xcf\x87\x2a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555577d24d00 brk(0x555577d45d00) = 0x555577d45d00 brk(0x555577d46000) = 0x555577d46000 mprotect(0x7fe133ca1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe12b600000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fe12b600000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NOATIME|MS_SILENT|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 73.777609][ T5069] loop0: detected capacity change from 0 to 1024 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) creat("./file1", 000) = 4 open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 6 [ 73.862155][ T28] audit: type=1800 audit(1713110370.473:2): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor286" name="bus" dev="loop0" ino=25 res=0 errno=0 [ 73.890240][ T5069] [ 73.892580][ T5069] ====================================================== [ 73.899597][ T5069] WARNING: possible circular locking dependency detected [ 73.906600][ T5069] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 73.913258][ T5069] ------------------------------------------------------ [ 73.920347][ T5069] syz-executor286/5069 is trying to acquire lock: [ 73.926760][ T5069] ffff8880297207c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 73.937837][ T5069] [ 73.937837][ T5069] but task is already holding lock: [ 73.945189][ T5069] ffff888021db60b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 73.954677][ T5069] [ 73.954677][ T5069] which lock already depends on the new lock. [ 73.954677][ T5069] [ 73.965064][ T5069] [ 73.965064][ T5069] the existing dependency chain (in reverse order) is: [ 73.974060][ T5069] [ 73.974060][ T5069] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 73.981786][ T5069] lock_acquire+0x1e4/0x530 [ 73.986804][ T5069] __mutex_lock+0x136/0xd70 [ 73.991846][ T5069] hfsplus_file_truncate+0x811/0xb50 [ 73.997645][ T5069] hfsplus_setattr+0x1ce/0x280 [ 74.002918][ T5069] notify_change+0xb9f/0xe70 [ 74.008024][ T5069] do_truncate+0x220/0x310 [ 74.012968][ T5069] path_openat+0x29fe/0x3240 [ 74.018073][ T5069] do_filp_open+0x235/0x490 [ 74.023090][ T5069] do_sys_openat2+0x13e/0x1d0 [ 74.028278][ T5069] __x64_sys_creat+0x123/0x170 [ 74.033549][ T5069] do_syscall_64+0xfd/0x240 [ 74.038561][ T5069] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.044970][ T5069] [ 74.044970][ T5069] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 74.054521][ T5069] validate_chain+0x18cb/0x58e0 [ 74.059907][ T5069] __lock_acquire+0x1346/0x1fd0 [ 74.065268][ T5069] lock_acquire+0x1e4/0x530 [ 74.070280][ T5069] __mutex_lock+0x136/0xd70 [ 74.075295][ T5069] hfsplus_file_extend+0x21b/0x1b70 [ 74.081007][ T5069] hfsplus_bmap_reserve+0x105/0x4e0 [ 74.086721][ T5069] hfsplus_rename_cat+0x1d0/0x1050 [ 74.092374][ T5069] hfsplus_rename+0x12e/0x1c0 [ 74.097585][ T5069] vfs_rename+0xbdd/0xf00 [ 74.102459][ T5069] do_renameat2+0xd94/0x13f0 [ 74.107573][ T5069] __x64_sys_rename+0x86/0xa0 [ 74.112773][ T5069] do_syscall_64+0xfd/0x240 [ 74.117787][ T5069] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.124200][ T5069] [ 74.124200][ T5069] other info that might help us debug this: [ 74.124200][ T5069] [ 74.134421][ T5069] Possible unsafe locking scenario: [ 74.134421][ T5069] [ 74.141856][ T5069] CPU0 CPU1 [ 74.147210][ T5069] ---- ---- [ 74.152562][ T5069] lock(&tree->tree_lock); [ 74.157062][ T5069] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.165387][ T5069] lock(&tree->tree_lock); [ 74.172420][ T5069] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.178240][ T5069] [ 74.178240][ T5069] *** DEADLOCK *** [ 74.178240][ T5069] [ 74.186373][ T5069] 5 locks held by syz-executor286/5069: [ 74.191901][ T5069] #0: ffff888021db2420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 74.201051][ T5069] #1: ffff888029721e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 [ 74.211536][ T5069] #2: ffff888022408300 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: lock_two_nondirectories+0xe1/0x170 [ 74.222872][ T5069] #3: ffff888022409080 (&sb->s_type->i_mutex_key#15/4){+.+.}-{3:3}, at: vfs_rename+0x6a2/0xf00 [ 74.233346][ T5069] #4: ffff888021db60b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 74.243272][ T5069] [ 74.243272][ T5069] stack backtrace: [ 74.249159][ T5069] CPU: 1 PID: 5069 Comm: syz-executor286 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 74.259209][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 74.269252][ T5069] Call Trace: [ 74.272526][ T5069] [ 74.275447][ T5069] dump_stack_lvl+0x241/0x360 [ 74.280133][ T5069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.285337][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.290186][ T5069] ? print_circular_bug+0x130/0x1a0 [ 74.295382][ T5069] check_noncircular+0x36a/0x4a0 [ 74.300332][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.305179][ T5069] ? __read_once_word_nocheck+0x9/0x20 [ 74.310643][ T5069] ? __pfx_check_noncircular+0x10/0x10 [ 74.316098][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.320941][ T5069] ? lockdep_lock+0x123/0x2b0 [ 74.325621][ T5069] ? is_bpf_text_address+0x28d/0x2b0 [ 74.330904][ T5069] ? is_bpf_text_address+0x26/0x2b0 [ 74.336101][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.340947][ T5069] ? _find_first_zero_bit+0xd4/0x100 [ 74.346242][ T5069] validate_chain+0x18cb/0x58e0 [ 74.351102][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.355951][ T5069] ? check_noncircular+0x259/0x4a0 [ 74.361057][ T5069] ? __pfx_validate_chain+0x10/0x10 [ 74.366256][ T5069] ? __pfx_check_noncircular+0x10/0x10 [ 74.371718][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.376567][ T5069] ? lockdep_unlock+0x16a/0x300 [ 74.381433][ T5069] ? __pfx_lockdep_unlock+0x10/0x10 [ 74.386636][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.391479][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.396326][ T5069] ? look_up_lock_class+0x77/0x160 [ 74.401441][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.406285][ T5069] ? register_lock_class+0x102/0x980 [ 74.411567][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.416415][ T5069] ? validate_chain+0x15a2/0x58e0 [ 74.421438][ T5069] ? __pfx_register_lock_class+0x10/0x10 [ 74.427064][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.431908][ T5069] ? mark_lock+0x9a/0x350 [ 74.436232][ T5069] __lock_acquire+0x1346/0x1fd0 [ 74.441084][ T5069] lock_acquire+0x1e4/0x530 [ 74.445577][ T5069] ? hfsplus_file_extend+0x21b/0x1b70 [ 74.450946][ T5069] ? __pfx_lock_acquire+0x10/0x10 [ 74.455962][ T5069] ? __pfx___might_resched+0x10/0x10 [ 74.461245][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.466095][ T5069] __mutex_lock+0x136/0xd70 [ 74.470592][ T5069] ? hfsplus_file_extend+0x21b/0x1b70 [ 74.475960][ T5069] ? hfsplus_file_extend+0x21b/0x1b70 [ 74.481330][ T5069] ? __pfx___mutex_lock+0x10/0x10 [ 74.486350][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.491199][ T5069] hfsplus_file_extend+0x21b/0x1b70 [ 74.496395][ T5069] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.502017][ T5069] ? rcu_is_watching+0x15/0xb0 [ 74.506772][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.511615][ T5069] ? trace_contention_end+0x3c/0x100 [ 74.516895][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.521740][ T5069] ? __mutex_lock+0x2ef/0xd70 [ 74.526415][ T5069] ? hfsplus_find_init+0x14a/0x1c0 [ 74.531526][ T5069] ? __pfx___mutex_lock+0x10/0x10 [ 74.536544][ T5069] ? rcu_is_watching+0x15/0xb0 [ 74.541302][ T5069] hfsplus_bmap_reserve+0x105/0x4e0 [ 74.546507][ T5069] hfsplus_rename_cat+0x1d0/0x1050 [ 74.551622][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.556464][ T5069] ? reacquire_held_locks+0x3eb/0x690 [ 74.561830][ T5069] ? __mark_inode_dirty+0x4de/0xdb0 [ 74.567028][ T5069] ? __pfx_hfsplus_rename_cat+0x10/0x10 [ 74.572570][ T5069] ? __pfx_reacquire_held_locks+0x10/0x10 [ 74.578331][ T5069] ? __pfx_hfsplus_unlink+0x10/0x10 [ 74.583528][ T5069] ? __pfx___down_write_common+0x10/0x10 [ 74.589159][ T5069] ? __pfx___down_write_common+0x10/0x10 [ 74.594967][ T5069] hfsplus_rename+0x12e/0x1c0 [ 74.599636][ T5069] ? __pfx_hfsplus_rename+0x10/0x10 [ 74.604831][ T5069] vfs_rename+0xbdd/0xf00 [ 74.609189][ T5069] ? __pfx_vfs_rename+0x10/0x10 [ 74.614043][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.618902][ T5069] ? security_path_rename+0x18b/0x220 [ 74.624271][ T5069] do_renameat2+0xd94/0x13f0 [ 74.628864][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.633737][ T5069] ? __pfx_do_renameat2+0x10/0x10 [ 74.638774][ T5069] ? __virt_addr_valid+0x183/0x520 [ 74.643899][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.648744][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.653598][ T5069] ? __check_object_size+0x4bc/0xa00 [ 74.658877][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.663724][ T5069] ? srso_return_thunk+0x5/0x5f [ 74.668590][ T5069] ? getname_flags+0x1fe/0x4f0 [ 74.673365][ T5069] __x64_sys_rename+0x86/0xa0 [ 74.678047][ T5069] do_syscall_64+0xfd/0x240 [ 74.682557][ T5069] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.688471][ T5069] RIP: 0033:0x7fe133c2e6f9 [ 74.692881][ T5069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 rename("./bus", "./file2") = -1 ENOENT (No such file or directory) exit_group(0) = ? +++ exited with 0 +++ [ 74.712488][ T5069] RSP: 002b:00007ffe