Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts. executing program [ 35.236818][ T5966] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5966 'syz-executor375' [ 35.245514][ T5966] loop0: detected capacity change from 0 to 1024 [ 35.248409][ T5966] ======================================================= [ 35.248409][ T5966] WARNING: The mand mount option has been deprecated and [ 35.248409][ T5966] and is ignored by this kernel. Remove the mand [ 35.248409][ T5966] option from the mount to silence this warning. [ 35.248409][ T5966] ======================================================= [ 35.266555][ T5966] [ 35.267141][ T5966] ====================================================== [ 35.268654][ T5966] WARNING: possible circular locking dependency detected [ 35.270087][ T5966] 6.4.0-rc3-syzkaller-geb0f1697d729 #0 Not tainted [ 35.271583][ T5966] ------------------------------------------------------ [ 35.273102][ T5966] syz-executor375/5966 is trying to acquire lock: [ 35.274528][ T5966] ffff0000dece20b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x6d0/0x9b8 [ 35.276699][ T5966] [ 35.276699][ T5966] but task is already holding lock: [ 35.278351][ T5966] ffff0000dc5b2988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x250/0x9b8 [ 35.280716][ T5966] [ 35.280716][ T5966] which lock already depends on the new lock. [ 35.280716][ T5966] [ 35.283042][ T5966] [ 35.283042][ T5966] the existing dependency chain (in reverse order) is: [ 35.285085][ T5966] [ 35.285085][ T5966] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 35.287044][ T5966] __mutex_lock_common+0x190/0x21a0 [ 35.288318][ T5966] mutex_lock_nested+0x2c/0x38 [ 35.289493][ T5966] hfsplus_file_extend+0x198/0x14cc [ 35.290755][ T5966] hfsplus_bmap_reserve+0xec/0x474 [ 35.291966][ T5966] hfsplus_create_cat+0x18c/0x1330 [ 35.293177][ T5966] hfsplus_fill_super+0xf60/0x166c [ 35.294372][ T5966] mount_bdev+0x26c/0x368 [ 35.295401][ T5966] hfsplus_mount+0x44/0x58 [ 35.296450][ T5966] legacy_get_tree+0xd4/0x16c [ 35.297674][ T5966] vfs_get_tree+0x90/0x274 [ 35.298741][ T5966] do_new_mount+0x25c/0x8c8 [ 35.299942][ T5966] path_mount+0x590/0xe04 [ 35.300999][ T5966] __arm64_sys_mount+0x45c/0x594 [ 35.302221][ T5966] invoke_syscall+0x98/0x2c0 [ 35.303399][ T5966] el0_svc_common+0x138/0x258 [ 35.304577][ T5966] do_el0_svc+0x64/0x198 [ 35.305634][ T5966] el0_svc+0x4c/0x15c [ 35.306582][ T5966] el0t_64_sync_handler+0x84/0xf0 [ 35.307804][ T5966] el0t_64_sync+0x190/0x194 [ 35.308904][ T5966] [ 35.308904][ T5966] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 35.310573][ T5966] __lock_acquire+0x3310/0x75f0 [ 35.311794][ T5966] lock_acquire+0x23c/0x71c [ 35.312885][ T5966] __mutex_lock_common+0x190/0x21a0 [ 35.314107][ T5966] mutex_lock_nested+0x2c/0x38 [ 35.315257][ T5966] hfsplus_file_truncate+0x6d0/0x9b8 [ 35.316498][ T5966] hfsplus_setattr+0x18c/0x25c [ 35.317687][ T5966] notify_change+0xa84/0xd20 [ 35.318785][ T5966] do_truncate+0x1c0/0x28c [ 35.319827][ T5966] vfs_truncate+0x2b8/0x360 [ 35.320914][ T5966] do_sys_truncate+0xec/0x1b4 [ 35.322049][ T5966] __arm64_sys_truncate+0x5c/0x70 [ 35.323278][ T5966] invoke_syscall+0x98/0x2c0 [ 35.324427][ T5966] el0_svc_common+0x138/0x258 [ 35.325599][ T5966] do_el0_svc+0x64/0x198 [ 35.326674][ T5966] el0_svc+0x4c/0x15c [ 35.327694][ T5966] el0t_64_sync_handler+0x84/0xf0 [ 35.328873][ T5966] el0t_64_sync+0x190/0x194 [ 35.329938][ T5966] [ 35.329938][ T5966] other info that might help us debug this: [ 35.329938][ T5966] [ 35.332211][ T5966] Possible unsafe locking scenario: [ 35.332211][ T5966] [ 35.333848][ T5966] CPU0 CPU1 [ 35.335045][ T5966] ---- ---- [ 35.336180][ T5966] lock(&HFSPLUS_I(inode)->extents_lock); [ 35.337455][ T5966] lock(&tree->tree_lock); [ 35.339068][ T5966] lock(&HFSPLUS_I(inode)->extents_lock); [ 35.340905][ T5966] lock(&tree->tree_lock); [ 35.341871][ T5966] [ 35.341871][ T5966] *** DEADLOCK *** [ 35.341871][ T5966] [ 35.343642][ T5966] 3 locks held by syz-executor375/5966: [ 35.344872][ T5966] #0: ffff0000dece4460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 35.346879][ T5966] #1: ffff0000dc5b2b80 (&sb->s_type->i_mutex_key#16){+.+.}-{3:3}, at: do_truncate+0x1ac/0x28c [ 35.349172][ T5966] #2: ffff0000dc5b2988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x250/0x9b8 [ 35.351677][ T5966] [ 35.351677][ T5966] stack backtrace: [ 35.352994][ T5966] CPU: 0 PID: 5966 Comm: syz-executor375 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0 [ 35.355236][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 35.357448][ T5966] Call trace: [ 35.358211][ T5966] dump_backtrace+0x1b8/0x1e4 [ 35.359236][ T5966] show_stack+0x2c/0x44 [ 35.360144][ T5966] dump_stack_lvl+0xd0/0x124 [ 35.361118][ T5966] dump_stack+0x1c/0x28 [ 35.362032][ T5966] print_circular_bug+0x150/0x1b8 [ 35.363138][ T5966] check_noncircular+0x2cc/0x378 [ 35.364230][ T5966] __lock_acquire+0x3310/0x75f0 [ 35.365286][ T5966] lock_acquire+0x23c/0x71c [ 35.366258][ T5966] __mutex_lock_common+0x190/0x21a0 [ 35.367382][ T5966] mutex_lock_nested+0x2c/0x38 [ 35.368416][ T5966] hfsplus_file_truncate+0x6d0/0x9b8 [ 35.369544][ T5966] hfsplus_setattr+0x18c/0x25c [ 35.370577][ T5966] notify_change+0xa84/0xd20 [ 35.371568][ T5966] do_truncate+0x1c0/0x28c [ 35.372545][ T5966] vfs_truncate+0x2b8/0x360 [ 35.373554][ T5966] do_sys_truncate+0xec/0x1b4 [ 35.374555][ T5966] __arm64_sys_truncate+0x5c/0x70 [ 35.375660][ T5966] invoke_syscall+0x98/0x2c0 [ 35.376649][ T5966] el0_svc_common+0x138/0x258 [ 35.377680][ T5966] do_el0_svc+0x64/0x198 [ 35.378591][ T5966] el0_svc+0x4c/0x15c [ 35.379468][ T5966] el0t_64_sync_handler+0x84/0xf0 [ 35.380561][ T5966] el0t_64_sync+0x190/0x194