./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor570748771 <...> Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. execve("./syz-executor570748771", ["./syz-executor570748771"], 0x7ffcbffa1bd0 /* 10 vars */) = 0 brk(NULL) = 0x555566239000 brk(0x555566239d00) = 0x555566239d00 arch_prctl(ARCH_SET_FS, 0x555566239380) = 0 set_tid_address(0x555566239650) = 5081 set_robust_list(0x555566239660, 24) = 0 rseq(0x555566239ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor570748771", 4096) = 27 getrandom("\xec\x76\x9c\x7c\x90\x62\x34\x44", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555566239d00 brk(0x55556625ad00) = 0x55556625ad00 brk(0x55556625b000) = 0x55556625b000 mprotect(0x7ff1121ac000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff109c00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7ff109c00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./bus", 0777) = 0 mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 79.684297][ T5081] loop0: detected capacity change from 0 to 1024 chdir("./bus") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) creat("./file0/file0", 0132241) = 4 symlink("./bus", "./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 creat("./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [ 79.769765][ T5081] [ 79.772126][ T5081] ====================================================== [ 79.779134][ T5081] WARNING: possible circular locking dependency detected [ 79.786140][ T5081] 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 Not tainted [ 79.793149][ T5081] ------------------------------------------------------ [ 79.800153][ T5081] syz-executor570/5081 is trying to acquire lock: [ 79.806550][ T5081] ffff88807d7e87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 79.817623][ T5081] [ 79.817623][ T5081] but task is already holding lock: [ 79.824970][ T5081] ffff8880222d60b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 79.834456][ T5081] [ 79.834456][ T5081] which lock already depends on the new lock. [ 79.834456][ T5081] [ 79.844842][ T5081] [ 79.844842][ T5081] the existing dependency chain (in reverse order) is: [ 79.853841][ T5081] [ 79.853841][ T5081] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 79.861591][ T5081] lock_acquire+0x1ed/0x550 [ 79.866611][ T5081] __mutex_lock+0x136/0xd70 [ 79.871634][ T5081] hfsplus_file_truncate+0x811/0xb50 [ 79.877435][ T5081] hfsplus_setattr+0x1ce/0x280 [ 79.882715][ T5081] notify_change+0xb9f/0xe70 [ 79.887932][ T5081] do_truncate+0x220/0x310 [ 79.892872][ T5081] path_openat+0x29fe/0x3240 [ 79.897981][ T5081] do_filp_open+0x235/0x490 [ 79.903034][ T5081] do_sys_openat2+0x13e/0x1d0 [ 79.908229][ T5081] __x64_sys_creat+0x123/0x170 [ 79.913530][ T5081] do_syscall_64+0xf5/0x240 [ 79.918556][ T5081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.924964][ T5081] [ 79.924964][ T5081] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 79.933999][ T5081] validate_chain+0x18cb/0x58e0 [ 79.939370][ T5081] __lock_acquire+0x1346/0x1fd0 [ 79.944734][ T5081] lock_acquire+0x1ed/0x550 [ 79.949752][ T5081] __mutex_lock+0x136/0xd70 [ 79.954767][ T5081] hfsplus_file_extend+0x21b/0x1b70 [ 79.960483][ T5081] hfsplus_bmap_reserve+0x105/0x4e0 [ 79.966200][ T5081] hfsplus_rename_cat+0x1d0/0x1050 [ 79.971847][ T5081] hfsplus_rename+0x12e/0x1c0 [ 79.977054][ T5081] vfs_rename+0xbdd/0xf00 [ 79.981926][ T5081] do_renameat2+0xd94/0x13f0 [ 79.987059][ T5081] __x64_sys_rename+0x86/0xa0 [ 79.992280][ T5081] do_syscall_64+0xf5/0x240 [ 79.997311][ T5081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.003726][ T5081] [ 80.003726][ T5081] other info that might help us debug this: [ 80.003726][ T5081] [ 80.013947][ T5081] Possible unsafe locking scenario: [ 80.013947][ T5081] [ 80.021386][ T5081] CPU0 CPU1 [ 80.026737][ T5081] ---- ---- [ 80.032105][ T5081] lock(&tree->tree_lock); [ 80.036607][ T5081] lock(&HFSPLUS_I(inode)->extents_lock); [ 80.044929][ T5081] lock(&tree->tree_lock); [ 80.051943][ T5081] lock(&HFSPLUS_I(inode)->extents_lock); [ 80.057745][ T5081] [ 80.057745][ T5081] *** DEADLOCK *** [ 80.057745][ T5081] [ 80.065872][ T5081] 4 locks held by syz-executor570/5081: [ 80.071402][ T5081] #0: ffff8880222d2420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 80.080566][ T5081] #1: ffff88807d7e9e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 [ 80.091038][ T5081] #2: ffff88807d7eb900 (&sb->s_type->i_mutex_key#15/4){+.+.}-{3:3}, at: vfs_rename+0x6a2/0xf00 [ 80.101538][ T5081] #3: ffff8880222d60b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 80.111505][ T5081] [ 80.111505][ T5081] stack backtrace: [ 80.117394][ T5081] CPU: 1 PID: 5081 Comm: syz-executor570 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 [ 80.127810][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 80.137865][ T5081] Call Trace: [ 80.141146][ T5081] [ 80.144078][ T5081] dump_stack_lvl+0x241/0x360 [ 80.148773][ T5081] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.153990][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.159628][ T5081] ? print_circular_bug+0x130/0x1a0 [ 80.164841][ T5081] check_noncircular+0x36a/0x4a0 [ 80.169814][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.175468][ T5081] ? __read_once_word_nocheck+0x9/0x20 [ 80.180945][ T5081] ? __pfx_check_noncircular+0x10/0x10 [ 80.186411][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.192049][ T5081] ? lockdep_lock+0x123/0x2b0 [ 80.196727][ T5081] ? is_bpf_text_address+0x28d/0x2b0 [ 80.202023][ T5081] ? is_bpf_text_address+0x26/0x2b0 [ 80.207239][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.212876][ T5081] ? _find_first_zero_bit+0xd4/0x100 [ 80.218187][ T5081] validate_chain+0x18cb/0x58e0 [ 80.223055][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.228700][ T5081] ? check_noncircular+0x259/0x4a0 [ 80.233836][ T5081] ? __pfx_validate_chain+0x10/0x10 [ 80.239042][ T5081] ? __pfx_check_noncircular+0x10/0x10 [ 80.244508][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.250148][ T5081] ? lockdep_unlock+0x16a/0x300 [ 80.254996][ T5081] ? __pfx_lockdep_unlock+0x10/0x10 [ 80.260193][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.265841][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.271479][ T5081] ? look_up_lock_class+0x77/0x160 [ 80.276603][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.282244][ T5081] ? register_lock_class+0x102/0x980 [ 80.287530][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.293169][ T5081] ? validate_chain+0x15a2/0x58e0 [ 80.298201][ T5081] ? __pfx_register_lock_class+0x10/0x10 [ 80.303837][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.309476][ T5081] ? mark_lock+0x9a/0x350 [ 80.313810][ T5081] __lock_acquire+0x1346/0x1fd0 [ 80.318679][ T5081] lock_acquire+0x1ed/0x550 [ 80.323184][ T5081] ? hfsplus_file_extend+0x21b/0x1b70 [ 80.328569][ T5081] ? __pfx_lock_acquire+0x10/0x10 [ 80.333595][ T5081] ? __pfx___might_resched+0x10/0x10 [ 80.338888][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.344535][ T5081] __mutex_lock+0x136/0xd70 [ 80.349040][ T5081] ? hfsplus_file_extend+0x21b/0x1b70 [ 80.354441][ T5081] ? hfsplus_file_extend+0x21b/0x1b70 [ 80.359845][ T5081] ? __pfx___mutex_lock+0x10/0x10 [ 80.364897][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.370549][ T5081] hfsplus_file_extend+0x21b/0x1b70 [ 80.375768][ T5081] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 80.381415][ T5081] ? rcu_is_watching+0x15/0xb0 [ 80.386189][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.391845][ T5081] ? trace_contention_end+0x3c/0x120 [ 80.397146][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.402816][ T5081] ? __mutex_lock+0x2ef/0xd70 [ 80.407511][ T5081] ? hfsplus_find_init+0x14a/0x1c0 [ 80.412623][ T5081] ? __pfx___mutex_lock+0x10/0x10 [ 80.417653][ T5081] ? rcu_is_watching+0x15/0xb0 [ 80.422424][ T5081] hfsplus_bmap_reserve+0x105/0x4e0 [ 80.427644][ T5081] hfsplus_rename_cat+0x1d0/0x1050 [ 80.432768][ T5081] ? __pfx_validate_chain+0x10/0x10 [ 80.437977][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.443615][ T5081] ? stack_trace_save+0x118/0x1d0 [ 80.448673][ T5081] ? __pfx_hfsplus_rename_cat+0x10/0x10 [ 80.454237][ T5081] ? lockdep_unlock+0x16a/0x300 [ 80.459118][ T5081] ? __pfx_lock_acquire+0x10/0x10 [ 80.464144][ T5081] ? vfs_rename+0x5ee/0xf00 [ 80.468656][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.474293][ T5081] ? __down_write_common+0x162/0x200 [ 80.479590][ T5081] ? __pfx___down_write_common+0x10/0x10 [ 80.485238][ T5081] ? do_raw_spin_unlock+0x13c/0x8b0 [ 80.490455][ T5081] hfsplus_rename+0x12e/0x1c0 [ 80.495152][ T5081] ? __pfx_hfsplus_rename+0x10/0x10 [ 80.500361][ T5081] vfs_rename+0xbdd/0xf00 [ 80.504703][ T5081] ? __pfx_vfs_rename+0x10/0x10 [ 80.509560][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.515198][ T5081] ? security_path_rename+0x18b/0x220 [ 80.520587][ T5081] do_renameat2+0xd94/0x13f0 [ 80.525176][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.530839][ T5081] ? __pfx_do_renameat2+0x10/0x10 [ 80.535891][ T5081] ? __virt_addr_valid+0x183/0x520 [ 80.541013][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.546654][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.552295][ T5081] ? __check_object_size+0x4bc/0xa00 [ 80.557588][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.563230][ T5081] ? srso_alias_return_thunk+0x5/0xfbef5 [ 80.568867][ T5081] ? getname_flags+0x1fe/0x4f0 [ 80.573639][ T5081] __x64_sys_rename+0x86/0xa0 [ 80.578319][ T5081] do_syscall_64+0xf5/0x240 [ 80.582841][ T5081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.588737][ T5081] RIP: 0033:0x7ff1121397f9 [ 80.593150][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.612751][ T5081] RSP: 002b:00007ffe2f259828 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 rename("./bus", "./file2") = -1 EEXIST (File exists) exit_group(0) = ? +++ exited with 0 +++ [ 80.621166][ T5081] RAX