./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor445001832 <...> Warning: Permanently added '10.128.10.11' (ED25519) to the list of known hosts. execve("./syz-executor445001832", ["./syz-executor445001832"], 0x7ffc2ec12010 /* 10 vars */) = 0 brk(NULL) = 0x55557e324000 brk(0x55557e324d00) = 0x55557e324d00 arch_prctl(ARCH_SET_FS, 0x55557e324380) = 0 set_tid_address(0x55557e324650) = 5070 set_robust_list(0x55557e324660, 24) = 0 rseq(0x55557e324ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor445001832", 4096) = 27 getrandom("\xba\x72\x1f\xa1\x87\x0c\x89\xd8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557e324d00 brk(0x55557e345d00) = 0x55557e345d00 brk(0x55557e346000) = 0x55557e346000 mprotect(0x7f069ce12000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0694800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f0694800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./bus", 0777) = 0 syzkaller login: [ 60.617196][ T5070] loop0: detected capacity change from 0 to 1024 mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC, "") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 60.659147][ T5070] hfsplus: request for non-existent node 1 in B*Tree [ 60.666026][ T5070] hfsplus: request for non-existent node 1 in B*Tree [ 60.699498][ T5070] [ 60.701835][ T5070] ====================================================== [ 60.708838][ T5070] WARNING: possible circular locking dependency detected [ 60.715838][ T5070] 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0 Not tainted [ 60.722837][ T5070] ------------------------------------------------------ [ 60.729828][ T5070] syz-executor445/5070 is trying to acquire lock: [ 60.736213][ T5070] ffff88801f9cc0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb50 [ 60.746064][ T5070] [ 60.746064][ T5070] but task is already holding lock: [ 60.753402][ T5070] ffff88801f842988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 60.764501][ T5070] [ 60.764501][ T5070] which lock already depends on the new lock. [ 60.764501][ T5070] [ 60.774896][ T5070] [ 60.774896][ T5070] the existing dependency chain (in reverse order) is: [ 60.783894][ T5070] [ 60.783894][ T5070] -> #2 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 60.792904][ T5070] lock_acquire+0x1ed/0x550 [ 60.797908][ T5070] __mutex_lock+0x136/0xd70 [ 60.802916][ T5070] hfsplus_file_extend+0x21b/0x1b70 [ 60.808612][ T5070] hfsplus_bmap_reserve+0x105/0x4e0 [ 60.814308][ T5070] hfsplus_create_attr+0x1c8/0x640 [ 60.819919][ T5070] __hfsplus_setxattr+0x6fe/0x22d0 [ 60.825543][ T5070] hfsplus_initxattrs+0x158/0x220 [ 60.831066][ T5070] security_inode_init_security+0x250/0x440 [ 60.837456][ T5070] hfsplus_fill_super+0x14d7/0x1ca0 [ 60.843169][ T5070] mount_bdev+0x20a/0x2d0 [ 60.848010][ T5070] legacy_get_tree+0xee/0x190 [ 60.853184][ T5070] vfs_get_tree+0x90/0x2a0 [ 60.858113][ T5070] do_new_mount+0x2be/0xb40 [ 60.863110][ T5070] __se_sys_mount+0x2d9/0x3c0 [ 60.868281][ T5070] do_syscall_64+0xf5/0x240 [ 60.873283][ T5070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.879673][ T5070] [ 60.879673][ T5070] -> #1 (&tree->tree_lock/2){+.+.}-{3:3}: [ 60.887553][ T5070] lock_acquire+0x1ed/0x550 [ 60.892550][ T5070] __mutex_lock+0x136/0xd70 [ 60.897549][ T5070] hfsplus_find_init+0x14a/0x1c0 [ 60.902984][ T5070] hfsplus_attr_exists+0xff/0x1d0 [ 60.908504][ T5070] __hfsplus_setxattr+0x476/0x22d0 [ 60.914113][ T5070] hfsplus_initxattrs+0x158/0x220 [ 60.919638][ T5070] security_inode_init_security+0x250/0x440 [ 60.926024][ T5070] hfsplus_fill_super+0x14d7/0x1ca0 [ 60.931724][ T5070] mount_bdev+0x20a/0x2d0 [ 60.936548][ T5070] legacy_get_tree+0xee/0x190 [ 60.941722][ T5070] vfs_get_tree+0x90/0x2a0 [ 60.946648][ T5070] do_new_mount+0x2be/0xb40 [ 60.951651][ T5070] __se_sys_mount+0x2d9/0x3c0 [ 60.956823][ T5070] do_syscall_64+0xf5/0x240 [ 60.961821][ T5070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.968211][ T5070] [ 60.968211][ T5070] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 60.975911][ T5070] validate_chain+0x18cb/0x58e0 [ 60.981259][ T5070] __lock_acquire+0x1346/0x1fd0 [ 60.986619][ T5070] lock_acquire+0x1ed/0x550 [ 60.991627][ T5070] __mutex_lock+0x136/0xd70 [ 60.996630][ T5070] hfsplus_file_truncate+0x811/0xb50 [ 61.002413][ T5070] hfsplus_setattr+0x1ce/0x280 [ 61.007671][ T5070] notify_change+0xb9d/0xe70 [ 61.012757][ T5070] do_truncate+0x220/0x310 [ 61.017671][ T5070] vfs_truncate+0x2e1/0x3b0 [ 61.022673][ T5070] do_sys_truncate+0xde/0x190 [ 61.027851][ T5070] do_syscall_64+0xf5/0x240 [ 61.032854][ T5070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.039244][ T5070] [ 61.039244][ T5070] other info that might help us debug this: [ 61.039244][ T5070] [ 61.049447][ T5070] Chain exists of: [ 61.049447][ T5070] &tree->tree_lock --> &tree->tree_lock/2 --> &HFSPLUS_I(inode)->extents_lock [ 61.049447][ T5070] [ 61.064194][ T5070] Possible unsafe locking scenario: [ 61.064194][ T5070] [ 61.071619][ T5070] CPU0 CPU1 [ 61.076959][ T5070] ---- ---- [ 61.082300][ T5070] lock(&HFSPLUS_I(inode)->extents_lock); [ 61.088088][ T5070] lock(&tree->tree_lock/2); [ 61.095261][ T5070] lock(&HFSPLUS_I(inode)->extents_lock); [ 61.103561][ T5070] lock(&tree->tree_lock); [ 61.108040][ T5070] [ 61.108040][ T5070] *** DEADLOCK *** [ 61.108040][ T5070] [ 61.116157][ T5070] 3 locks held by syz-executor445/5070: [ 61.121677][ T5070] #0: ffff88801f9ca420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 61.130790][ T5070] #1: ffff88801f842b80 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x310 [ 61.141114][ T5070] #2: ffff88801f842988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 61.152651][ T5070] [ 61.152651][ T5070] stack backtrace: [ 61.158514][ T5070] CPU: 0 PID: 5070 Comm: syz-executor445 Not tainted 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0 [ 61.168920][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.178957][ T5070] Call Trace: [ 61.182222][ T5070] [ 61.185137][ T5070] dump_stack_lvl+0x241/0x360 [ 61.189798][ T5070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.194983][ T5070] ? print_circular_bug+0x130/0x1a0 [ 61.200174][ T5070] check_noncircular+0x36a/0x4a0 [ 61.205093][ T5070] ? __pfx_check_noncircular+0x10/0x10 [ 61.210529][ T5070] ? lockdep_lock+0x123/0x2b0 [ 61.215187][ T5070] ? lockdep_unlock+0x16a/0x300 [ 61.220013][ T5070] ? __pfx_lockdep_unlock+0x10/0x10 [ 61.225186][ T5070] ? _find_first_zero_bit+0xd4/0x100 [ 61.230463][ T5070] validate_chain+0x18cb/0x58e0 [ 61.235297][ T5070] ? __pfx_validate_chain+0x10/0x10 [ 61.240476][ T5070] ? __pfx_validate_chain+0x10/0x10 [ 61.245657][ T5070] ? look_up_lock_class+0x77/0x160 [ 61.250747][ T5070] ? register_lock_class+0x102/0x980 [ 61.256006][ T5070] ? __pfx_register_lock_class+0x10/0x10 [ 61.261615][ T5070] ? mark_lock+0x9a/0x350 [ 61.265922][ T5070] __lock_acquire+0x1346/0x1fd0 [ 61.270755][ T5070] lock_acquire+0x1ed/0x550 [ 61.275297][ T5070] ? hfsplus_file_truncate+0x811/0xb50 [ 61.280745][ T5070] ? __pfx_lock_acquire+0x10/0x10 [ 61.285762][ T5070] ? __pfx___might_resched+0x10/0x10 [ 61.291029][ T5070] ? __mutex_unlock_slowpath+0x21d/0x750 [ 61.296641][ T5070] ? hfsplus_block_free+0x3da/0x4e0 [ 61.301831][ T5070] __mutex_lock+0x136/0xd70 [ 61.306317][ T5070] ? hfsplus_file_truncate+0x811/0xb50 [ 61.311757][ T5070] ? hfsplus_file_truncate+0x811/0xb50 [ 61.317197][ T5070] ? __pfx___mutex_lock+0x10/0x10 [ 61.322203][ T5070] ? hfsplus_free_extents+0x47e/0xae0 [ 61.327556][ T5070] hfsplus_file_truncate+0x811/0xb50 [ 61.332824][ T5070] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 61.338606][ T5070] ? unmap_mapping_range+0xf8/0x290 [ 61.343787][ T5070] ? __pfx_unmap_mapping_range+0x10/0x10 [ 61.349396][ T5070] ? setattr_prepare+0x1f5/0xb20 [ 61.354311][ T5070] ? truncate_setsize+0xcf/0xf0 [ 61.359139][ T5070] hfsplus_setattr+0x1ce/0x280 [ 61.363880][ T5070] ? __pfx_hfsplus_setattr+0x10/0x10 [ 61.369136][ T5070] notify_change+0xb9d/0xe70 [ 61.373707][ T5070] do_truncate+0x220/0x310 [ 61.378102][ T5070] ? __pfx_do_truncate+0x10/0x10 [ 61.383020][ T5070] ? bpf_lsm_path_truncate+0x9/0x10 [ 61.388194][ T5070] vfs_truncate+0x2e1/0x3b0 [ 61.392678][ T5070] do_sys_truncate+0xde/0x190 [ 61.397332][ T5070] ? __pfx_do_sys_truncate+0x10/0x10 [ 61.402597][ T5070] ? do_syscall_64+0x102/0x240 [ 61.407339][ T5070] do_syscall_64+0xf5/0x240 [ 61.411820][ T5070] ? clear_bhb_loop+0x35/0x90 [ 61.416472][ T5070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.422341][ T5070] RIP: 0033:0x7f069cd9e5f9 [ 61.426735][ T5070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 truncate("./file1", 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 61.446319][ T5070] RSP: 002b:00007ffe69d5b6a8 EFLAGS: 00000246 ORIG_RAX: