./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1341272428 <...> Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. execve("./syz-executor1341272428", ["./syz-executor1341272428"], 0x7ffd134f7870 /* 10 vars */) = 0 brk(NULL) = 0x5555564c7000 brk(0x5555564c7d00) = 0x5555564c7d00 arch_prctl(ARCH_SET_FS, 0x5555564c7380) = 0 set_tid_address(0x5555564c7650) = 5065 set_robust_list(0x5555564c7660, 24) = 0 rseq(0x5555564c7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1341272428", 4096) = 28 getrandom("\xb2\xa1\x42\xb0\xc7\x33\x9a\xd2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555564c7d00 brk(0x5555564e8d00) = 0x5555564e8d00 brk(0x5555564e9000) = 0x5555564e9000 mprotect(0x7f4e7bd83000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e738d2000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f4e738d2000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_NOATIME|MS_POSIXACL, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 write(4, "\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65184) = 57344 [ 56.699785][ T5065] loop0: detected capacity change from 0 to 1024 [ 56.733844][ T5065] hfsplus: xattr searching failed [ 56.740377][ T5065] hfsplus: xattr searching failed [ 56.755596][ T5065] hfsplus: xattr searching failed [ 56.760897][ T5065] [ 56.763200][ T5065] ====================================================== [ 56.770193][ T5065] WARNING: possible circular locking dependency detected [ 56.777194][ T5065] 6.7.0-rc6-syzkaller-00044-g1a44b0073b92 #0 Not tainted [ 56.784281][ T5065] ------------------------------------------------------ [ 56.791268][ T5065] syz-executor134/5065 is trying to acquire lock: [ 56.797649][ T5065] ffff888140af80b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfsplus_find_init+0x16e/0x200 [ 56.807287][ T5065] [ 56.807287][ T5065] but task is already holding lock: [ 56.814629][ T5065] ffff888079a6a2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x204/0x9d0 [ 56.825728][ T5065] [ 56.825728][ T5065] which lock already depends on the new lock. [ 56.825728][ T5065] [ 56.836101][ T5065] [ 56.836101][ T5065] the existing dependency chain (in reverse order) is: [ 56.845085][ T5065] [ 56.845085][ T5065] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 56.854085][ T5065] __mutex_lock+0x175/0x9d0 [ 56.859098][ T5065] hfsplus_file_extend+0x1c1/0x1090 [ 56.864797][ T5065] hfsplus_bmap_reserve+0x318/0x410 [ 56.870493][ T5065] __hfsplus_ext_write_extent+0x470/0x5e0 [ 56.876709][ T5065] __hfsplus_ext_cache_extent+0x98/0x9d0 [ 56.882837][ T5065] hfsplus_ext_read_extent+0x1fc/0x240 [ 56.888813][ T5065] hfsplus_file_extend+0x695/0x1090 [ 56.894507][ T5065] hfsplus_get_block+0x1ae/0x9e0 [ 56.899942][ T5065] __block_write_begin_int+0x3c0/0x1560 [ 56.905980][ T5065] block_write_begin+0xb1/0x490 [ 56.911327][ T5065] cont_write_begin+0x530/0x730 [ 56.916674][ T5065] hfsplus_write_begin+0x87/0x140 [ 56.922194][ T5065] generic_perform_write+0x278/0x600 [ 56.927979][ T5065] __generic_file_write_iter+0x1f9/0x240 [ 56.934106][ T5065] generic_file_write_iter+0xe3/0x350 [ 56.939972][ T5065] vfs_write+0x64f/0xdf0 [ 56.944708][ T5065] ksys_write+0x12f/0x250 [ 56.949534][ T5065] do_syscall_64+0x40/0x110 [ 56.954537][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.960929][ T5065] [ 56.960929][ T5065] -> #0 (&tree->tree_lock/1){+.+.}-{3:3}: [ 56.968812][ T5065] __lock_acquire+0x2433/0x3b20 [ 56.974166][ T5065] lock_acquire+0x1ae/0x520 [ 56.979172][ T5065] __mutex_lock+0x175/0x9d0 [ 56.984173][ T5065] hfsplus_find_init+0x16e/0x200 [ 56.989604][ T5065] hfsplus_file_truncate+0x2a8/0x9d0 [ 56.995385][ T5065] hfsplus_setattr+0x1eb/0x310 [ 57.000646][ T5065] notify_change+0x742/0x11c0 [ 57.005819][ T5065] do_truncate+0x15c/0x220 [ 57.010906][ T5065] path_openat+0x2597/0x2c50 [ 57.015990][ T5065] do_filp_open+0x1de/0x430 [ 57.020990][ T5065] do_sys_openat2+0x176/0x1e0 [ 57.026166][ T5065] __x64_sys_creat+0xcd/0x120 [ 57.031339][ T5065] do_syscall_64+0x40/0x110 [ 57.036338][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.042730][ T5065] [ 57.042730][ T5065] other info that might help us debug this: [ 57.042730][ T5065] [ 57.052925][ T5065] Possible unsafe locking scenario: [ 57.052925][ T5065] [ 57.060342][ T5065] CPU0 CPU1 [ 57.065674][ T5065] ---- ---- [ 57.071007][ T5065] lock(&HFSPLUS_I(inode)->extents_lock); [ 57.076782][ T5065] lock(&tree->tree_lock/1); [ 57.083948][ T5065] lock(&HFSPLUS_I(inode)->extents_lock); [ 57.092241][ T5065] lock(&tree->tree_lock/1); [ 57.096891][ T5065] [ 57.096891][ T5065] *** DEADLOCK *** [ 57.096891][ T5065] [ 57.105001][ T5065] 3 locks held by syz-executor134/5065: [ 57.110515][ T5065] #0: ffff888140afe418 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x2112/0x2c50 [ 57.119705][ T5065] #1: ffff888079a6a4c0 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: do_truncate+0x14b/0x220 [ 57.130025][ T5065] #2: ffff888079a6a2c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x204/0x9d0 [ 57.141578][ T5065] [ 57.141578][ T5065] stack backtrace: [ 57.147433][ T5065] CPU: 1 PID: 5065 Comm: syz-executor134 Not tainted 6.7.0-rc6-syzkaller-00044-g1a44b0073b92 #0 [ 57.157812][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.167838][ T5065] Call Trace: [ 57.171091][ T5065] [ 57.173994][ T5065] dump_stack_lvl+0xd9/0x1b0 [ 57.178565][ T5065] check_noncircular+0x317/0x400 [ 57.183482][ T5065] ? print_circular_bug+0x5c0/0x5c0 [ 57.188660][ T5065] ? lockdep_lock+0xc6/0x200 [ 57.193222][ T5065] ? hlock_class+0x130/0x130 [ 57.197785][ T5065] __lock_acquire+0x2433/0x3b20 [ 57.202613][ T5065] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 57.208571][ T5065] ? hfsplus_find_init+0x95/0x200 [ 57.213568][ T5065] lock_acquire+0x1ae/0x520 [ 57.218049][ T5065] ? hfsplus_find_init+0x16e/0x200 [ 57.223131][ T5065] ? lock_sync+0x190/0x190 [ 57.227527][ T5065] ? preempt_count_sub+0x160/0x160 [ 57.232610][ T5065] __mutex_lock+0x175/0x9d0 [ 57.237090][ T5065] ? hfsplus_find_init+0x16e/0x200 [ 57.242175][ T5065] ? hfsplus_find_init+0x16e/0x200 [ 57.247258][ T5065] ? mutex_trylock+0x130/0x130 [ 57.252005][ T5065] ? rcu_is_watching+0x12/0xb0 [ 57.256742][ T5065] ? hfsplus_find_init+0x16e/0x200 [ 57.261824][ T5065] hfsplus_find_init+0x16e/0x200 [ 57.266735][ T5065] hfsplus_file_truncate+0x2a8/0x9d0 [ 57.271999][ T5065] ? __up_read+0x1fc/0x760 [ 57.276412][ T5065] ? hfsplus_get_block+0x9e0/0x9e0 [ 57.281503][ T5065] ? inode_newsize_ok+0x13c/0x200 [ 57.286510][ T5065] hfsplus_setattr+0x1eb/0x310 [ 57.291251][ T5065] ? hfsplus_file_fsync+0x5d0/0x5d0 [ 57.296422][ T5065] notify_change+0x742/0x11c0 [ 57.301077][ T5065] do_truncate+0x15c/0x220 [ 57.305472][ T5065] ? file_open_root+0x450/0x450 [ 57.310298][ T5065] ? common_perm_cond+0x242/0x560 [ 57.315301][ T5065] path_openat+0x2597/0x2c50 [ 57.319872][ T5065] ? path_lookupat+0x770/0x770 [ 57.324613][ T5065] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 57.330586][ T5065] do_filp_open+0x1de/0x430 [ 57.335064][ T5065] ? may_open_dev+0xf0/0xf0 [ 57.339542][ T5065] ? find_held_lock+0x2d/0x110 [ 57.344283][ T5065] ? _raw_spin_unlock+0x28/0x40 [ 57.349108][ T5065] ? alloc_fd+0x2da/0x6c0 [ 57.353410][ T5065] do_sys_openat2+0x176/0x1e0 [ 57.358063][ T5065] ? build_open_flags+0x690/0x690 [ 57.363065][ T5065] ? ptrace_notify+0xf4/0x130 [ 57.367718][ T5065] ? restore_fpregs_from_fpstate+0xc1/0x1d0 [ 57.373591][ T5065] __x64_sys_creat+0xcd/0x120 [ 57.378247][ T5065] ? __x64_compat_sys_openat+0x200/0x200 [ 57.383857][ T5065] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.389029][ T5065] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 57.395246][ T5065] do_syscall_64+0x40/0x110 [ 57.399727][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.405598][ T5065] RIP: 0033:0x7f4e7bd0f8b9 [ 57.409986][ T5065] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.429566][ T5065] RSP: 002b:00007fffcb0b30a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 57.437952][ T5065] RAX: ffffffffffffffda RBX: 00007fffcb0b3278 RCX: 00007f4e7bd0f8b9 [ 57.445897][ T5065] RDX: 00007f4e7bd0f8b9 RSI: 0000000000000180 RDI: 0000000020000000 creat("./file1", 0600) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 57.453839][ T5065] RBP: 00007f4e7bd83610 R08: 00007fffcb0