Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. syzkaller login: [ 41.778544] IPVS: ftp: loaded support on port[0] = 21 executing program [ 41.900217] syz-executor207[8144]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.900319] syz-executor207[8135]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.909249] Code: Bad RIP value. [ 41.918365] syz-executor207[8137]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.918372] Code: Bad RIP value. [ 41.920264] syz-executor207[8133]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.925549] syz-executor207[8142]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.931201] syz-executor207[8139]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.934353] syz-executor207[8140]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.943401] syz-executor207[8143]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.954030] syz-executor207[8138]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.961512] syz-executor207[8141]: segfault at 0 ip 0000000000000000 sp 0000000020000008 error 14 [ 41.977191] Code: Bad RIP value. [ 42.008248] [ 42.008277] Code: Bad RIP value. [ 42.009890] ====================================================== [ 42.014381] Code: Bad RIP value. [ 42.019539] WARNING: possible circular locking dependency detected [ 42.023513] Code: Bad RIP value. [ 42.029189] 4.19.211-syzkaller #0 Not tainted [ 42.037008] ------------------------------------------------------ [ 42.043318] syz-executor207/8150 is trying to acquire lock: [ 42.049022] 0000000074e99ddb (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 [ 42.053969] Code: Bad RIP value. [ 42.058746] [ 42.058746] but task is already holding lock: [ 42.064476] Code: Bad RIP value. [ 42.068051] 0000000084eed216 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 [ 42.079609] [ 42.079609] which lock already depends on the new lock. [ 42.079609] [ 42.081400] Code: Bad RIP value. [ 42.087927] [ 42.087927] the existing dependency chain (in reverse order) is: [ 42.097382] Code: Bad RIP value. [ 42.098889] [ 42.098889] -> #1 (&tree->tree_lock){+.+.}: [ 42.108045] hfsplus_file_truncate+0xde7/0x1040 [ 42.113242] hfsplus_setattr+0x1e7/0x310 [ 42.117815] notify_change+0x70b/0xfc0 [ 42.122203] do_truncate+0x134/0x1f0 [ 42.126426] path_openat+0x2308/0x2df0 [ 42.130809] do_filp_open+0x18c/0x3f0 [ 42.135105] do_sys_open+0x3b3/0x520 [ 42.139445] do_syscall_64+0xf9/0x620 [ 42.143751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.149438] [ 42.149438] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: [ 42.156534] __mutex_lock+0xd7/0x1190 [ 42.160838] hfsplus_file_extend+0x1bb/0xf40 [ 42.165752] hfsplus_bmap_reserve+0x298/0x440 [ 42.170761] hfsplus_rename_cat+0x272/0x1490 [ 42.175691] hfsplus_unlink+0x49c/0x820 [ 42.180171] vfs_unlink+0x27d/0x4e0 [ 42.184295] do_unlinkat+0x3b8/0x660 [ 42.188508] do_coredump+0x1f9c/0x2d60 [ 42.192897] get_signal+0xed9/0x1f70 [ 42.197112] do_signal+0x8f/0x1670 [ 42.201165] exit_to_usermode_loop+0x204/0x2a0 [ 42.206368] prepare_exit_to_usermode+0x277/0x2d0 [ 42.211713] retint_user+0x8/0x18 [ 42.215661] [ 42.215661] other info that might help us debug this: [ 42.215661] [ 42.223776] Possible unsafe locking scenario: [ 42.223776] [ 42.229815] CPU0 CPU1 [ 42.234464] ---- ---- [ 42.239105] lock(&tree->tree_lock); [ 42.242885] lock(&HFSPLUS_I(inode)->extents_lock); [ 42.250485] lock(&tree->tree_lock); [ 42.256783] lock(&HFSPLUS_I(inode)->extents_lock); [ 42.261866] [ 42.261866] *** DEADLOCK *** [ 42.261866] [ 42.267901] 5 locks held by syz-executor207/8150: [ 42.272717] #0: 0000000013d828b8 (sb_writers#11){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 42.280685] #1: 00000000fc98fcd6 (&type->i_mutex_dir_key#7/1){+.+.}, at: do_unlinkat+0x27d/0x660 [ 42.289698] #2: 0000000044ce4107 (&sb->s_type->i_mutex_key#18){+.+.}, at: vfs_unlink+0xca/0x4e0 [ 42.298622] #3: 0000000091c545e5 (&sbi->vh_mutex){+.+.}, at: hfsplus_unlink+0x140/0x820 [ 42.306844] #4: 0000000084eed216 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 [ 42.315495] [ 42.315495] stack backtrace: [ 42.319977] CPU: 0 PID: 8150 Comm: syz-executor207 Not tainted 4.19.211-syzkaller #0 [ 42.327872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 42.337216] Call Trace: [ 42.339792] dump_stack+0x1fc/0x2ef [ 42.343402] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 42.349187] __lock_acquire+0x30c9/0x3ff0 [ 42.353319] ? mark_held_locks+0xf0/0xf0 [ 42.357358] ? is_bpf_text_address+0xd5/0x1b0 [ 42.361830] ? lock_downgrade+0x720/0x720 [ 42.365957] ? lock_acquire+0x170/0x3c0 [ 42.369912] ? __bpf_address_lookup+0x330/0x330 [ 42.374589] ? check_preemption_disabled+0x41/0x280 [ 42.379583] ? __lock_acquire+0x6de/0x3ff0 [ 42.383798] lock_acquire+0x170/0x3c0 [ 42.387576] ? hfsplus_file_extend+0x1bb/0xf40 [ 42.392136] ? hfsplus_file_extend+0x1bb/0xf40 [ 42.396706] __mutex_lock+0xd7/0x1190 [ 42.400485] ? hfsplus_file_extend+0x1bb/0xf40 [ 42.405047] ? kasan_kmalloc+0x139/0x160 [ 42.409084] ? hfsplus_file_extend+0x1bb/0xf40 [ 42.413641] ? mutex_trylock+0x1a0/0x1a0 [ 42.417680] ? hfsplus_rename_cat+0x13f/0x1490 [ 42.422239] ? hfsplus_unlink+0x49c/0x820 [ 42.426365] ? vfs_unlink+0x27d/0x4e0 [ 42.430140] ? do_unlinkat+0x3b8/0x660 [ 42.434005] ? do_coredump+0x1f9c/0x2d60 [ 42.438046] ? get_signal+0xed9/0x1f70 [ 42.441910] ? do_signal+0x8f/0x1670 [ 42.445602] ? exit_to_usermode_loop+0x204/0x2a0 [ 42.450338] ? prepare_exit_to_usermode+0x277/0x2d0 [ 42.455334] ? retint_user+0x8/0x18 [ 42.458962] ? lock_acquire+0x170/0x3c0 [ 42.462918] ? hfsplus_find_init+0x1b7/0x220 [ 42.467306] hfsplus_file_extend+0x1bb/0xf40 [ 42.471693] ? hfsplus_free_fork+0x7e0/0x7e0 [ 42.476080] ? mutex_trylock+0x1a0/0x1a0 [ 42.480122] ? check_preemption_disabled+0x41/0x280 [ 42.485117] hfsplus_bmap_reserve+0x298/0x440 [ 42.489594] hfsplus_rename_cat+0x272/0x1490 [ 42.493985] ? hfsplus_delete_cat+0xe30/0xe30 [ 42.498465] ? __lock_acquire+0x6de/0x3ff0 [ 42.502681] ? mark_held_locks+0xf0/0xf0 [ 42.506720] ? number+0x7ca/0xa90 [ 42.510155] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 42.515324] ? put_dec+0xd0/0xd0 [ 42.518705] ? enable_ptr_key_workfn+0x30/0x30 [ 42.523267] ? __lock_acquire+0x6de/0x3ff0 [ 42.527482] ? vsnprintf+0x2cc/0x14f0 [ 42.531265] ? pointer+0x850/0x850 [ 42.534801] ? hfsplus_unlink+0x140/0x820 [ 42.538926] ? sprintf+0xc0/0x100 [ 42.542361] ? snprintf+0xf0/0xf0 [ 42.545797] ? common_perm+0x4be/0x800 [ 42.549663] hfsplus_unlink+0x49c/0x820 [ 42.553616] ? hfsplus_symlink+0x2e0/0x2e0 [ 42.557834] ? vfs_unlink+0xca/0x4e0 [ 42.561528] vfs_unlink+0x27d/0x4e0 [ 42.565132] do_unlinkat+0x3b8/0x660 [ 42.568841] ? __ia32_sys_rmdir+0x40/0x40 [ 42.572967] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 42.577963] ? memcpy+0x35/0x50 [ 42.581221] do_coredump+0x1f9c/0x2d60 [ 42.585090] ? trace_hardirqs_off+0x64/0x200 [ 42.589477] ? get_signal+0xc70/0x1f70 [ 42.593344] ? cn_esc_printf+0x510/0x510 [ 42.597384] ? try_to_wake_up+0x7b/0x1050 [ 42.601510] ? trace_hardirqs_off+0x64/0x200 [ 42.605897] ? debug_check_no_obj_freed+0x201/0x490 [ 42.610891] ? lock_downgrade+0x720/0x720 [ 42.615019] ? trace_hardirqs_off+0x64/0x200 [ 42.619415] ? _raw_spin_unlock_irq+0x24/0x80 [ 42.623891] get_signal+0xed9/0x1f70 [ 42.627589] do_signal+0x8f/0x1670 [ 42.631111] ? setup_sigcontext+0x820/0x820 [ 42.635424] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 42.640504] ? ___ratelimit+0x319/0x590 [ 42.644459] ? __do_page_fault+0x180/0xd60 [ 42.648670] ? exit_to_usermode_loop+0x36/0x2a0 [ 42.653318] exit_to_usermode_loop+0x204/0x2a0 [ 42.657877] prepare_exit_to_usermode+0x277/0x2d0 [ 42.662713] ? page_fault+0x8/0x30 [ 42.666232] retint_user+0x8/0x18 [ 42.669691] RIP: 0033: (null) [ 42.673551] Code: Bad RIP value. [ 42.676897] RSP: 002b:0000000020000008 EFLAGS: 00010217 [ 42.682238] RAX: 0000000000000000 RBX: 0000000000000030 RCX: 00007f283e0be249 [ 42.689486] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 42.696734] RBP: 00007fff9c53c338 R08: 0000000000000000 R09: 00007f283e12ce40 [ 42.703981] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff9c53c340 [ 42.711236] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000