./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2504836041 <...> Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. execve("./syz-executor2504836041", ["./syz-executor2504836041"], 0x7ffcfa1c6930 /* 10 vars */) = 0 brk(NULL) = 0x555555c16000 brk(0x555555c16d00) = 0x555555c16d00 arch_prctl(ARCH_SET_FS, 0x555555c16380) = 0 set_tid_address(0x555555c16650) = 5056 set_robust_list(0x555555c16660, 24) = 0 rseq(0x555555c16ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2504836041", 4096) = 28 getrandom("\x2b\x56\xd6\xfc\xd4\xc2\xe0\x54", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555c16d00 brk(0x555555c37d00) = 0x555555c37d00 brk(0x555555c38000) = 0x555555c38000 mprotect(0x7f09651dd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f095cd2d000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f095cd2d000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 66.084052][ T5056] loop0: detected capacity change from 0 to 1024 creat("./file0/file0", 0132241) = 4 symlink("./bus", "./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [ 66.193420][ T5056] [ 66.195980][ T5056] ====================================================== [ 66.203104][ T5056] WARNING: possible circular locking dependency detected [ 66.210156][ T5056] 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0 Not tainted [ 66.217159][ T5056] ------------------------------------------------------ [ 66.224158][ T5056] syz-executor250/5056 is trying to acquire lock: [ 66.230718][ T5056] ffff88807d2d87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 66.241780][ T5056] [ 66.241780][ T5056] but task is already holding lock: [ 66.249581][ T5056] ffff88807d2d40b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 66.259231][ T5056] [ 66.259231][ T5056] which lock already depends on the new lock. [ 66.259231][ T5056] [ 66.269878][ T5056] [ 66.269878][ T5056] the existing dependency chain (in reverse order) is: [ 66.279340][ T5056] [ 66.279340][ T5056] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 66.287086][ T5056] lock_acquire+0x1e3/0x530 [ 66.292215][ T5056] __mutex_lock+0x136/0xd60 [ 66.297363][ T5056] hfsplus_file_truncate+0x811/0xb40 [ 66.303441][ T5056] hfsplus_setattr+0x1bd/0x260 [ 66.308985][ T5056] notify_change+0xb99/0xe60 [ 66.314095][ T5056] do_truncate+0x220/0x300 [ 66.319203][ T5056] path_openat+0x29e1/0x3290 [ 66.324476][ T5056] do_filp_open+0x234/0x490 [ 66.329522][ T5056] do_sys_openat2+0x13e/0x1d0 [ 66.334731][ T5056] __x64_sys_creat+0x123/0x160 [ 66.340030][ T5056] do_syscall_64+0x45/0x110 [ 66.345047][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 66.351457][ T5056] [ 66.351457][ T5056] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 66.360482][ T5056] validate_chain+0x1909/0x5ab0 [ 66.366023][ T5056] __lock_acquire+0x1345/0x1fd0 [ 66.371382][ T5056] lock_acquire+0x1e3/0x530 [ 66.376394][ T5056] __mutex_lock+0x136/0xd60 [ 66.381765][ T5056] hfsplus_file_extend+0x21b/0x1b70 [ 66.387583][ T5056] hfsplus_bmap_reserve+0x105/0x4e0 [ 66.393314][ T5056] hfsplus_rename_cat+0x1d0/0x1050 [ 66.399207][ T5056] hfsplus_rename+0x12e/0x1c0 [ 66.404410][ T5056] vfs_rename+0xaba/0xde0 [ 66.409336][ T5056] do_renameat2+0xd5a/0x1390 [ 66.414810][ T5056] __x64_sys_rename+0x86/0x90 [ 66.420011][ T5056] do_syscall_64+0x45/0x110 [ 66.425034][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 66.431460][ T5056] [ 66.431460][ T5056] other info that might help us debug this: [ 66.431460][ T5056] [ 66.441702][ T5056] Possible unsafe locking scenario: [ 66.441702][ T5056] [ 66.449144][ T5056] CPU0 CPU1 [ 66.454600][ T5056] ---- ---- [ 66.459974][ T5056] lock(&tree->tree_lock); [ 66.464483][ T5056] lock(&HFSPLUS_I(inode)->extents_lock); [ 66.472897][ T5056] lock(&tree->tree_lock); [ 66.479917][ T5056] lock(&HFSPLUS_I(inode)->extents_lock); [ 66.485711][ T5056] [ 66.485711][ T5056] *** DEADLOCK *** [ 66.485711][ T5056] [ 66.494101][ T5056] 4 locks held by syz-executor250/5056: [ 66.499636][ T5056] #0: ffff88807d2d0418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 66.508884][ T5056] #1: ffff88807d2d9e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x601/0x1390 [ 66.519633][ T5056] #2: ffff88807e979740 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_inodes+0x100/0x180 [ 66.530534][ T5056] #3: ffff88807d2d40b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 66.540652][ T5056] [ 66.540652][ T5056] stack backtrace: [ 66.546550][ T5056] CPU: 0 PID: 5056 Comm: syz-executor250 Not tainted 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0 [ 66.556979][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 66.567051][ T5056] Call Trace: [ 66.570361][ T5056] [ 66.573306][ T5056] dump_stack_lvl+0x1e7/0x2d0 [ 66.578011][ T5056] ? nf_tcp_handle_invalid+0x650/0x650 [ 66.583506][ T5056] ? print_circular_bug+0x12b/0x1a0 [ 66.588716][ T5056] check_noncircular+0x366/0x490 [ 66.593757][ T5056] ? __read_once_word_nocheck+0x9/0x10 [ 66.599302][ T5056] ? print_deadlock_bug+0x610/0x610 [ 66.604986][ T5056] ? lockdep_lock+0x123/0x2b0 [ 66.609675][ T5056] ? is_bpf_text_address+0x28d/0x2a0 [ 66.614982][ T5056] ? is_bpf_text_address+0x26/0x2a0 [ 66.620189][ T5056] ? _find_first_zero_bit+0xd4/0x100 [ 66.625556][ T5056] validate_chain+0x1909/0x5ab0 [ 66.630423][ T5056] ? stack_trace_save+0x117/0x1c0 [ 66.635459][ T5056] ? check_noncircular+0x259/0x490 [ 66.640659][ T5056] ? reacquire_held_locks+0x690/0x690 [ 66.646111][ T5056] ? print_deadlock_bug+0x610/0x610 [ 66.651307][ T5056] ? lockdep_unlock+0x169/0x300 [ 66.656230][ T5056] ? lockdep_lock+0x2b0/0x2b0 [ 66.660909][ T5056] ? add_lock_to_list+0x1de/0x2e0 [ 66.665921][ T5056] ? look_up_lock_class+0x77/0x160 [ 66.671123][ T5056] ? register_lock_class+0x102/0x970 [ 66.676426][ T5056] ? validate_chain+0x15c6/0x5ab0 [ 66.681462][ T5056] ? is_dynamic_key+0x260/0x260 [ 66.686315][ T5056] ? mark_lock+0x9a/0x350 [ 66.690726][ T5056] __lock_acquire+0x1345/0x1fd0 [ 66.695589][ T5056] lock_acquire+0x1e3/0x530 [ 66.700113][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 66.705576][ T5056] ? read_lock_is_recursive+0x20/0x20 [ 66.711065][ T5056] ? __might_sleep+0xe0/0xe0 [ 66.715661][ T5056] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 66.721732][ T5056] ? print_irqtrace_events+0x220/0x220 [ 66.727189][ T5056] __mutex_lock+0x136/0xd60 [ 66.731701][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 66.737941][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 66.743515][ T5056] ? mutex_lock_nested+0x20/0x20 [ 66.748639][ T5056] hfsplus_file_extend+0x21b/0x1b70 [ 66.755077][ T5056] ? hfsplus_get_block+0x14e0/0x14e0 [ 66.760479][ T5056] ? rcu_is_watching+0x15/0xb0 [ 66.766012][ T5056] ? trace_contention_end+0x3c/0x100 [ 66.771581][ T5056] ? __mutex_lock+0x2ee/0xd60 [ 66.776302][ T5056] ? hfsplus_find_init+0x14a/0x1c0 [ 66.781588][ T5056] ? mutex_lock_nested+0x20/0x20 [ 66.786654][ T5056] hfsplus_bmap_reserve+0x105/0x4e0 [ 66.792062][ T5056] hfsplus_rename_cat+0x1d0/0x1050 [ 66.797182][ T5056] ? reacquire_held_locks+0x690/0x690 [ 66.802996][ T5056] ? hfsplus_subfolders_dec+0x110/0x110 [ 66.808918][ T5056] ? tomoyo_path2_perm+0x361/0xbb0 [ 66.814162][ T5056] ? __down_write_common+0x161/0x200 [ 66.819905][ T5056] ? __lock_acquire+0x1fd0/0x1fd0 [ 66.825162][ T5056] ? clear_nonspinnable+0x60/0x60 [ 66.830214][ T5056] hfsplus_rename+0x12e/0x1c0 [ 66.835054][ T5056] ? hfsplus_mknod+0x2a0/0x2a0 [ 66.839849][ T5056] vfs_rename+0xaba/0xde0 [ 66.844273][ T5056] ? __ia32_sys_link+0x90/0x90 [ 66.849033][ T5056] ? security_path_rename+0x183/0x210 [ 66.854436][ T5056] do_renameat2+0xd5a/0x1390 [ 66.859201][ T5056] ? fsnotify_move+0x4f0/0x4f0 [ 66.863957][ T5056] ? __check_object_size+0x4bb/0xa00 [ 66.869271][ T5056] ? getname_flags+0x1fd/0x4f0 [ 66.874140][ T5056] __x64_sys_rename+0x86/0x90 [ 66.878826][ T5056] do_syscall_64+0x45/0x110 [ 66.883340][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 66.889405][ T5056] RIP: 0033:0x7f096516a7b9 [ 66.893816][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.914736][ T5056] RSP: 002b:00007ffd4617dd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 66.923682][ T5056] RAX: ffffffffffffffda RBX: 00007ffd4617def8 RCX: 00007f096516a7b9 [ 66.931915][ T5056] RDX: 0000000000000073 RSI: 0000000020001180 RDI: 0000000020000300 rename("./bus", "./file2") = -1 EEXIST (File exists) exit_group(0) = ? +++ exited with 0 +++ [ 66.940006][ T5056] RBP: 00007f09651dd610 R08: 0000000000000000 R09: 0