./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor900304892 <...> Warning: Permanently added '10.128.1.87' (ED25519) to the list of known hosts. execve("./syz-executor900304892", ["./syz-executor900304892"], 0x7ffdfa0f72a0 /* 10 vars */) = 0 brk(NULL) = 0x555555f3a000 brk(0x555555f3ad00) = 0x555555f3ad00 arch_prctl(ARCH_SET_FS, 0x555555f3a380) = 0 set_tid_address(0x555555f3a650) = 5030 set_robust_list(0x555555f3a660, 24) = 0 rseq(0x555555f3aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor900304892", 4096) = 27 getrandom("\x4e\xb6\x60\xb8\x19\xc7\x11\x82", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555f3ad00 brk(0x555555f5bd00) = 0x555555f5bd00 brk(0x555555f5c000) = 0x555555f5c000 mprotect(0x7faf73ae4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faf6b633000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7faf6b633000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_RELATIME|MS_I_VERSION|MS_LAZYTIME, "force") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 openat(AT_FDCWD, "./file0", O_RDONLY) = 5 unlinkat(5, "./file0", 0) = 0 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 6 [ 55.857581][ T5030] syz-executor900[5030]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 55.876841][ T5030] loop0: detected capacity change from 0 to 1024 [ 55.915867][ T5030] [ 55.918234][ T5030] ====================================================== [ 55.925253][ T5030] WARNING: possible circular locking dependency detected [ 55.932271][ T5030] 6.6.0-rc6-syzkaller-00334-g1acfd2bd3f0d #0 Not tainted [ 55.939281][ T5030] ------------------------------------------------------ [ 55.946275][ T5030] syz-executor900/5030 is trying to acquire lock: [ 55.952659][ T5030] ffff88807bb407c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 55.963697][ T5030] [ 55.963697][ T5030] but task is already holding lock: [ 55.971032][ T5030] ffff88807bd580b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 55.980487][ T5030] [ 55.980487][ T5030] which lock already depends on the new lock. [ 55.980487][ T5030] [ 55.990866][ T5030] [ 55.990866][ T5030] the existing dependency chain (in reverse order) is: [ 55.999851][ T5030] [ 55.999851][ T5030] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 56.007556][ T5030] __mutex_lock+0x136/0xd60 [ 56.012561][ T5030] hfsplus_file_truncate+0x811/0xb40 [ 56.018361][ T5030] hfsplus_delete_inode+0x174/0x220 [ 56.024059][ T5030] hfsplus_unlink+0x512/0x790 [ 56.029239][ T5030] vfs_unlink+0x35d/0x5f0 [ 56.034068][ T5030] do_unlinkat+0x4a9/0x830 [ 56.038982][ T5030] __x64_sys_unlinkat+0xce/0xf0 [ 56.044331][ T5030] do_syscall_64+0x41/0xc0 [ 56.049250][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.055643][ T5030] [ 56.055643][ T5030] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 56.064649][ T5030] __lock_acquire+0x39ff/0x7f70 [ 56.069994][ T5030] lock_acquire+0x1e3/0x520 [ 56.074993][ T5030] __mutex_lock+0x136/0xd60 [ 56.079994][ T5030] hfsplus_file_extend+0x21b/0x1b70 [ 56.085690][ T5030] hfsplus_bmap_reserve+0x105/0x4e0 [ 56.091387][ T5030] hfsplus_rename_cat+0x1d0/0x1050 [ 56.096995][ T5030] hfsplus_rename+0x12e/0x1c0 [ 56.102170][ T5030] vfs_rename+0xaba/0xde0 [ 56.107008][ T5030] do_renameat2+0xd5a/0x1390 [ 56.112094][ T5030] __x64_sys_rename+0x86/0x90 [ 56.117268][ T5030] do_syscall_64+0x41/0xc0 [ 56.122186][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.128579][ T5030] [ 56.128579][ T5030] other info that might help us debug this: [ 56.128579][ T5030] [ 56.138790][ T5030] Possible unsafe locking scenario: [ 56.138790][ T5030] [ 56.146213][ T5030] CPU0 CPU1 [ 56.151551][ T5030] ---- ---- [ 56.156891][ T5030] lock(&tree->tree_lock); [ 56.161371][ T5030] lock(&HFSPLUS_I(inode)->extents_lock); [ 56.169685][ T5030] lock(&tree->tree_lock); [ 56.176682][ T5030] lock(&HFSPLUS_I(inode)->extents_lock); [ 56.182465][ T5030] [ 56.182465][ T5030] *** DEADLOCK *** [ 56.182465][ T5030] [ 56.190600][ T5030] 5 locks held by syz-executor900/5030: [ 56.196118][ T5030] #0: ffff88801fe64410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 56.205238][ T5030] #1: ffff88807bb41e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x601/0x1390 [ 56.215659][ T5030] #2: ffff88807bb42b80 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_inodes+0x100/0x180 [ 56.226337][ T5030] #3: ffff88807bb43fc0 (&sb->s_type->i_mutex_key#14/4){+.+.}-{3:3}, at: vfs_rename+0x5eb/0xde0 [ 56.236754][ T5030] #4: ffff88807bd580b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 56.246645][ T5030] [ 56.246645][ T5030] stack backtrace: [ 56.252529][ T5030] CPU: 1 PID: 5030 Comm: syz-executor900 Not tainted 6.6.0-rc6-syzkaller-00334-g1acfd2bd3f0d #0 [ 56.262922][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 56.272971][ T5030] Call Trace: [ 56.276232][ T5030] [ 56.279141][ T5030] dump_stack_lvl+0x1e7/0x2d0 [ 56.283804][ T5030] ? nf_tcp_handle_invalid+0x650/0x650 [ 56.289245][ T5030] ? print_circular_bug+0x12b/0x1a0 [ 56.294421][ T5030] check_noncircular+0x375/0x4a0 [ 56.299339][ T5030] ? __read_once_word_nocheck+0x9/0x10 [ 56.304778][ T5030] ? print_deadlock_bug+0x600/0x600 [ 56.309955][ T5030] ? lockdep_lock+0x123/0x2b0 [ 56.314623][ T5030] ? is_bpf_text_address+0x28d/0x2a0 [ 56.319886][ T5030] ? mark_lock+0x9a/0x340 [ 56.324189][ T5030] ? _find_first_zero_bit+0xd4/0x100 [ 56.329461][ T5030] __lock_acquire+0x39ff/0x7f70 [ 56.334295][ T5030] ? check_noncircular+0x205/0x4a0 [ 56.339385][ T5030] ? verify_lock_unused+0x140/0x140 [ 56.344561][ T5030] ? print_deadlock_bug+0x600/0x600 [ 56.349739][ T5030] ? lockdep_unlock+0x169/0x300 [ 56.354566][ T5030] ? lockdep_lock+0x2b0/0x2b0 [ 56.359235][ T5030] ? add_lock_to_list+0x1de/0x2e0 [ 56.364246][ T5030] ? __lock_acquire+0x3683/0x7f70 [ 56.369256][ T5030] lock_acquire+0x1e3/0x520 [ 56.373735][ T5030] ? hfsplus_file_extend+0x21b/0x1b70 [ 56.379090][ T5030] ? read_lock_is_recursive+0x20/0x20 [ 56.384439][ T5030] ? verify_lock_unused+0x140/0x140 [ 56.389613][ T5030] ? __might_sleep+0xc0/0xc0 [ 56.394180][ T5030] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 56.400139][ T5030] ? print_irqtrace_events+0x220/0x220 [ 56.405592][ T5030] __mutex_lock+0x136/0xd60 [ 56.410073][ T5030] ? hfsplus_file_extend+0x21b/0x1b70 [ 56.415423][ T5030] ? stack_trace_save+0x117/0x1c0 [ 56.420427][ T5030] ? stack_trace_snprint+0xf0/0xf0 [ 56.425520][ T5030] ? hfsplus_file_extend+0x21b/0x1b70 [ 56.430895][ T5030] ? mutex_lock_nested+0x20/0x20 [ 56.435817][ T5030] hfsplus_file_extend+0x21b/0x1b70 [ 56.441015][ T5030] ? hfsplus_get_block+0x14e0/0x14e0 [ 56.446277][ T5030] ? rcu_is_watching+0x15/0xb0 [ 56.451020][ T5030] ? trace_contention_end+0x3c/0xf0 [ 56.456197][ T5030] ? __mutex_lock+0x2ee/0xd60 [ 56.460876][ T5030] ? hfsplus_find_init+0x14a/0x1c0 [ 56.465967][ T5030] ? mutex_lock_nested+0x20/0x20 [ 56.470883][ T5030] hfsplus_bmap_reserve+0x105/0x4e0 [ 56.476066][ T5030] hfsplus_rename_cat+0x1d0/0x1050 [ 56.481157][ T5030] ? number+0xb5e/0xf90 [ 56.485295][ T5030] ? hfsplus_subfolders_dec+0x110/0x110 [ 56.490840][ T5030] ? hfsplus_link+0x800/0x800 [ 56.495500][ T5030] ? clear_nonspinnable+0x60/0x60 [ 56.500502][ T5030] hfsplus_rename+0x12e/0x1c0 [ 56.505163][ T5030] ? hfsplus_mknod+0x2a0/0x2a0 [ 56.509904][ T5030] vfs_rename+0xaba/0xde0 [ 56.514214][ T5030] ? __ia32_sys_link+0x90/0x90 [ 56.518970][ T5030] ? security_path_rename+0x183/0x210 [ 56.524333][ T5030] do_renameat2+0xd5a/0x1390 [ 56.528910][ T5030] ? fsnotify_move+0x4f0/0x4f0 [ 56.533651][ T5030] ? __check_object_size+0x4bb/0xa00 [ 56.538915][ T5030] ? getname_flags+0x1fd/0x4f0 [ 56.543655][ T5030] __x64_sys_rename+0x86/0x90 [ 56.548317][ T5030] do_syscall_64+0x41/0xc0 [ 56.552714][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.558590][ T5030] RIP: 0033:0x7faf73a707f9 [ 56.562987][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.582571][ T5030] RSP: 002b:00007fff1a567d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 56.590962][ T5030] RAX: ffffffffffffffda RBX: 00007fff1a567f08 RCX: 00007faf73a707f9 [ 56.598910][ T5030] RDX: 00007faf73a707f9 RSI: 0000000020000300 RDI: 0000000020000b00 [ 56.606860][ T5030] RBP: 00007faf73ae4610 R08: 00007fff1a567f08 R09: 00007fff1a567f08 rename("./bus", "./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 exit_group(0) = ? +++ exited with 0 +++ [ 56.614815][ T5030] R10: 00007fff1a567f08 R11: