./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor702261253 <...> Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts. execve("./syz-executor702261253", ["./syz-executor702261253"], 0x7ffd568952d0 /* 10 vars */) = 0 brk(NULL) = 0x555556c7f000 brk(0x555556c7fd00) = 0x555556c7fd00 arch_prctl(ARCH_SET_FS, 0x555556c7f380) = 0 set_tid_address(0x555556c7f650) = 5056 set_robust_list(0x555556c7f660, 24) = 0 rseq(0x555556c7fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor702261253", 4096) = 27 getrandom("\x15\x35\x2c\x8d\x9e\xc2\x85\x34", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556c7fd00 brk(0x555556ca0d00) = 0x555556ca0d00 brk(0x555556ca1000) = 0x555556ca1000 mprotect(0x7f92ece5d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f92e4800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f92e4800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NOATIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4 [ 57.126785][ T5056] loop0: detected capacity change from 0 to 1024 ftruncate(4, 33587195) = 0 symlink("./bus", "./bus") = 0 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [ 57.173531][ T28] audit: type=1800 audit(1705731408.266:2): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor702" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 57.214412][ T5056] [ 57.216737][ T5056] ====================================================== [ 57.223731][ T5056] WARNING: possible circular locking dependency detected [ 57.230726][ T5056] 6.7.0-syzkaller-12824-g9d64bf433c53 #0 Not tainted [ 57.237371][ T5056] ------------------------------------------------------ [ 57.244364][ T5056] syz-executor702/5056 is trying to acquire lock: [ 57.250746][ T5056] ffff88804e1987c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c1/0x1090 [ 57.261785][ T5056] [ 57.261785][ T5056] but task is already holding lock: [ 57.269125][ T5056] ffff888020f000b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x1a3/0x200 [ 57.278586][ T5056] [ 57.278586][ T5056] which lock already depends on the new lock. [ 57.278586][ T5056] [ 57.288965][ T5056] [ 57.288965][ T5056] the existing dependency chain (in reverse order) is: [ 57.297950][ T5056] [ 57.297950][ T5056] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 57.305650][ T5056] __mutex_lock+0x175/0x9d0 [ 57.310653][ T5056] hfsplus_file_truncate+0x882/0x9d0 [ 57.316443][ T5056] hfsplus_setattr+0x1eb/0x310 [ 57.321706][ T5056] notify_change+0x742/0x11c0 [ 57.326884][ T5056] do_truncate+0x15c/0x220 [ 57.331796][ T5056] do_sys_ftruncate+0x6a2/0x790 [ 57.337144][ T5056] do_syscall_64+0xd3/0x250 [ 57.342149][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.348547][ T5056] [ 57.348547][ T5056] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 57.357554][ T5056] __lock_acquire+0x2445/0x3b30 [ 57.362902][ T5056] lock_acquire+0x1ae/0x520 [ 57.367902][ T5056] __mutex_lock+0x175/0x9d0 [ 57.372900][ T5056] hfsplus_file_extend+0x1c1/0x1090 [ 57.378597][ T5056] hfsplus_bmap_reserve+0x318/0x410 [ 57.384297][ T5056] hfsplus_rename_cat+0x2ad/0x1230 [ 57.389912][ T5056] hfsplus_rename+0x118/0x200 [ 57.395090][ T5056] vfs_rename+0xf83/0x20a0 [ 57.400011][ T5056] do_renameat2+0xc50/0xdc0 [ 57.405012][ T5056] __x64_sys_rename+0x81/0xa0 [ 57.410197][ T5056] do_syscall_64+0xd3/0x250 [ 57.415202][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.421595][ T5056] [ 57.421595][ T5056] other info that might help us debug this: [ 57.421595][ T5056] [ 57.431797][ T5056] Possible unsafe locking scenario: [ 57.431797][ T5056] [ 57.439221][ T5056] CPU0 CPU1 [ 57.444563][ T5056] ---- ---- [ 57.449902][ T5056] lock(&tree->tree_lock); [ 57.454380][ T5056] lock(&HFSPLUS_I(inode)->extents_lock); [ 57.462680][ T5056] lock(&tree->tree_lock); [ 57.469678][ T5056] lock(&HFSPLUS_I(inode)->extents_lock); [ 57.475464][ T5056] [ 57.475464][ T5056] *** DEADLOCK *** [ 57.475464][ T5056] [ 57.483580][ T5056] 5 locks held by syz-executor702/5056: [ 57.489100][ T5056] #0: ffff888023012420 (sb_writers#9){.+.+}-{0:0}, at: do_renameat2+0x3d2/0xdc0 [ 57.498217][ T5056] #1: ffff88804e199e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0xad5/0xdc0 [ 57.508551][ T5056] #2: ffff888079791080 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: lock_two_nondirectories+0x195/0x200 [ 57.519927][ T5056] #3: ffff888079791e00 (&sb->s_type->i_mutex_key#15/4){+.+.}-{3:3}, at: lock_two_nondirectories+0xed/0x200 [ 57.531394][ T5056] #4: ffff888020f000b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x1a3/0x200 [ 57.541284][ T5056] [ 57.541284][ T5056] stack backtrace: [ 57.547147][ T5056] CPU: 0 PID: 5056 Comm: syz-executor702 Not tainted 6.7.0-syzkaller-12824-g9d64bf433c53 #0 [ 57.557187][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.567236][ T5056] Call Trace: [ 57.570504][ T5056] [ 57.573417][ T5056] dump_stack_lvl+0xd9/0x1b0 [ 57.577998][ T5056] check_noncircular+0x317/0x400 [ 57.582927][ T5056] ? print_circular_bug+0x5c0/0x5c0 [ 57.588110][ T5056] ? register_lock_class+0xb1/0x1230 [ 57.593375][ T5056] ? lockdep_lock+0xc6/0x200 [ 57.597948][ T5056] ? print_bfs_bug+0x30/0x30 [ 57.602522][ T5056] __lock_acquire+0x2445/0x3b30 [ 57.607355][ T5056] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 57.613314][ T5056] lock_acquire+0x1ae/0x520 [ 57.617791][ T5056] ? hfsplus_file_extend+0x1c1/0x1090 [ 57.623176][ T5056] ? lock_sync+0x190/0x190 [ 57.627567][ T5056] ? preempt_count_sub+0x160/0x160 [ 57.632657][ T5056] __mutex_lock+0x175/0x9d0 [ 57.637137][ T5056] ? hfsplus_file_extend+0x1c1/0x1090 [ 57.642489][ T5056] ? kasan_save_stack+0x42/0x50 [ 57.647319][ T5056] ? kasan_save_stack+0x33/0x50 [ 57.652144][ T5056] ? kasan_save_track+0x14/0x30 [ 57.656973][ T5056] ? __kmalloc+0x1f9/0x440 [ 57.661368][ T5056] ? hfsplus_file_extend+0x1c1/0x1090 [ 57.666720][ T5056] ? mutex_trylock+0x130/0x130 [ 57.671462][ T5056] ? __mutex_trylock_common+0xeb/0x250 [ 57.676901][ T5056] ? hfsplus_file_extend+0x1c1/0x1090 [ 57.682250][ T5056] hfsplus_file_extend+0x1c1/0x1090 [ 57.687432][ T5056] ? __mutex_lock+0x1a6/0x9d0 [ 57.692091][ T5056] ? hfsplus_free_fork+0x820/0x820 [ 57.697185][ T5056] ? hfsplus_find_init+0x1a3/0x200 [ 57.702276][ T5056] ? mutex_trylock+0x130/0x130 [ 57.707017][ T5056] ? rcu_is_watching+0x12/0xb0 [ 57.711761][ T5056] hfsplus_bmap_reserve+0x318/0x410 [ 57.716941][ T5056] hfsplus_rename_cat+0x2ad/0x1230 [ 57.722035][ T5056] ? hfsplus_delete_cat+0xdd0/0xdd0 [ 57.727213][ T5056] ? find_held_lock+0x2d/0x110 [ 57.731966][ T5056] ? hfsplus_symlink+0x2b0/0x2b0 [ 57.736879][ T5056] ? lock_sync+0x190/0x190 [ 57.741268][ T5056] ? reacquire_held_locks+0x4c0/0x4c0 [ 57.746611][ T5056] ? preempt_count_sub+0x160/0x160 [ 57.751701][ T5056] ? preempt_count_sub+0x160/0x160 [ 57.756789][ T5056] ? spin_bug+0x1d0/0x1d0 [ 57.761097][ T5056] hfsplus_rename+0x118/0x200 [ 57.765757][ T5056] ? hfsplus_unlink+0x7f0/0x7f0 [ 57.770588][ T5056] vfs_rename+0xf83/0x20a0 [ 57.774990][ T5056] ? vfs_symlink+0x620/0x620 [ 57.779563][ T5056] ? bpf_lsm_path_rename+0x9/0x10 [ 57.784563][ T5056] ? security_path_rename+0x15e/0x230 [ 57.789916][ T5056] do_renameat2+0xc50/0xdc0 [ 57.794404][ T5056] ? __ia32_sys_link+0xa0/0xa0 [ 57.799147][ T5056] ? __check_object_size+0x323/0x730 [ 57.804414][ T5056] ? strncpy_from_user+0x214/0x300 [ 57.809509][ T5056] ? getname_flags.part.0+0x1e2/0x4e0 [ 57.814861][ T5056] __x64_sys_rename+0x81/0xa0 [ 57.819515][ T5056] do_syscall_64+0xd3/0x250 [ 57.824002][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.829875][ T5056] RIP: 0033:0x7f92ecdea739 [ 57.834268][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.853871][ T5056] RSP: 002b:00007fff067c5878 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 rename("./bus", "./file2") = 0 exit_group(0) = ? +++ exited with 0 +++ [ 57.862263][ T5056] RAX: ffffffffffffffda RBX: 0031656c6966