Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts. executing program syzkaller login: [ 43.351451][ T3959] loop0: detected capacity change from 0 to 1024 [ 43.436748][ T3959] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 43.438659][ T3959] hfsplus: xattr searching failed [ 43.441479][ T3959] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 43.443327][ T3959] [ 43.443875][ T3959] ====================================================== [ 43.445733][ T3959] WARNING: possible circular locking dependency detected [ 43.447553][ T3959] 5.15.153-syzkaller #0 Not tainted [ 43.448892][ T3959] ------------------------------------------------------ [ 43.450701][ T3959] syz-executor261/3959 is trying to acquire lock: [ 43.452426][ T3959] ffff0000d9730e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x198/0x14e0 [ 43.455329][ T3959] [ 43.455329][ T3959] but task is already holding lock: [ 43.457257][ T3959] ffff0000d97560b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x144/0x1bc [ 43.459889][ T3959] [ 43.459889][ T3959] which lock already depends on the new lock. [ 43.459889][ T3959] [ 43.462554][ T3959] [ 43.462554][ T3959] the existing dependency chain (in reverse order) is: [ 43.465030][ T3959] [ 43.465030][ T3959] -> #2 (&tree->tree_lock/2){+.+.}-{3:3}: [ 43.467153][ T3959] __mutex_lock_common+0x194/0x2154 [ 43.468570][ T3959] mutex_lock_nested+0xa4/0xf8 [ 43.469940][ T3959] hfsplus_find_init+0x144/0x1bc [ 43.471295][ T3959] hfsplus_attr_exists+0xf8/0x1c8 [ 43.472825][ T3959] __hfsplus_setxattr+0x384/0x1df0 [ 43.474294][ T3959] hfsplus_setxattr+0xb4/0xec [ 43.475669][ T3959] hfsplus_trusted_setxattr+0x54/0x6c [ 43.477246][ T3959] __vfs_setxattr+0x388/0x3a4 [ 43.478566][ T3959] __vfs_setxattr_noperm+0x110/0x528 [ 43.480043][ T3959] __vfs_setxattr_locked+0x1ec/0x218 [ 43.481562][ T3959] vfs_setxattr+0x1a8/0x344 [ 43.482867][ T3959] setxattr+0x250/0x2b4 [ 43.484082][ T3959] path_setxattr+0x17c/0x258 [ 43.485473][ T3959] __arm64_sys_lsetxattr+0xbc/0xd8 [ 43.487022][ T3959] invoke_syscall+0x98/0x2b8 [ 43.488359][ T3959] el0_svc_common+0x138/0x258 [ 43.489718][ T3959] do_el0_svc+0x58/0x14c [ 43.490978][ T3959] el0_svc+0x7c/0x1f0 [ 43.492202][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 43.493680][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 43.495032][ T3959] [ 43.495032][ T3959] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 43.497018][ T3959] __mutex_lock_common+0x194/0x2154 [ 43.498519][ T3959] mutex_lock_nested+0xa4/0xf8 [ 43.499929][ T3959] hfsplus_file_truncate+0x6d4/0x9cc [ 43.501463][ T3959] hfsplus_setattr+0x18c/0x25c [ 43.502961][ T3959] notify_change+0xa34/0xcf8 [ 43.504371][ T3959] do_truncate+0x1c0/0x28c [ 43.505648][ T3959] path_openat+0x20e8/0x26f0 [ 43.506985][ T3959] do_filp_open+0x1a8/0x3b4 [ 43.508372][ T3959] do_sys_openat2+0x128/0x3d8 [ 43.509707][ T3959] __arm64_sys_openat+0x1f0/0x240 [ 43.511131][ T3959] invoke_syscall+0x98/0x2b8 [ 43.512529][ T3959] el0_svc_common+0x138/0x258 [ 43.513868][ T3959] do_el0_svc+0x58/0x14c [ 43.515126][ T3959] el0_svc+0x7c/0x1f0 [ 43.516312][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 43.517757][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 43.519046][ T3959] [ 43.519046][ T3959] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 43.521390][ T3959] __lock_acquire+0x32d4/0x7638 [ 43.522774][ T3959] lock_acquire+0x240/0x77c [ 43.524112][ T3959] __mutex_lock_common+0x194/0x2154 [ 43.525610][ T3959] mutex_lock_nested+0xa4/0xf8 [ 43.526970][ T3959] hfsplus_file_extend+0x198/0x14e0 [ 43.528442][ T3959] hfsplus_bmap_reserve+0xec/0x474 [ 43.529894][ T3959] hfsplus_create_attr+0x1b0/0x568 [ 43.531389][ T3959] __hfsplus_setxattr+0x9a8/0x1df0 [ 43.532886][ T3959] hfsplus_setxattr+0xb4/0xec [ 43.534275][ T3959] hfsplus_trusted_setxattr+0x54/0x6c [ 43.535798][ T3959] __vfs_setxattr+0x388/0x3a4 [ 43.537155][ T3959] __vfs_setxattr_noperm+0x110/0x528 [ 43.538680][ T3959] __vfs_setxattr_locked+0x1ec/0x218 [ 43.540262][ T3959] vfs_setxattr+0x1a8/0x344 [ 43.541511][ T3959] setxattr+0x250/0x2b4 [ 43.542719][ T3959] path_setxattr+0x17c/0x258 [ 43.544088][ T3959] __arm64_sys_lsetxattr+0xbc/0xd8 [ 43.545634][ T3959] invoke_syscall+0x98/0x2b8 [ 43.546929][ T3959] el0_svc_common+0x138/0x258 [ 43.548338][ T3959] do_el0_svc+0x58/0x14c [ 43.549611][ T3959] el0_svc+0x7c/0x1f0 [ 43.550894][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 43.552336][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 43.553658][ T3959] [ 43.553658][ T3959] other info that might help us debug this: [ 43.553658][ T3959] [ 43.556354][ T3959] Chain exists of: [ 43.556354][ T3959] &HFSPLUS_I(inode)->extents_lock --> &tree->tree_lock --> &tree->tree_lock/2 [ 43.556354][ T3959] [ 43.560194][ T3959] Possible unsafe locking scenario: [ 43.560194][ T3959] [ 43.562151][ T3959] CPU0 CPU1 [ 43.563561][ T3959] ---- ---- [ 43.565044][ T3959] lock(&tree->tree_lock/2); [ 43.566278][ T3959] lock(&tree->tree_lock); [ 43.568114][ T3959] lock(&tree->tree_lock/2); [ 43.569890][ T3959] lock(&HFSPLUS_I(inode)->extents_lock); [ 43.571405][ T3959] [ 43.571405][ T3959] *** DEADLOCK *** [ 43.571405][ T3959] [ 43.573540][ T3959] 4 locks held by syz-executor261/3959: [ 43.574942][ T3959] #0: ffff0000d9750460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 43.577404][ T3959] #1: ffff0000d97324c0 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 [ 43.580108][ T3959] #2: ffff0000d97540b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x144/0x1bc [ 43.582750][ T3959] #3: ffff0000d97560b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x144/0x1bc [ 43.585483][ T3959] [ 43.585483][ T3959] stack backtrace: [ 43.587085][ T3959] CPU: 0 PID: 3959 Comm: syz-executor261 Not tainted 5.15.153-syzkaller #0 [ 43.589327][ T3959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 43.592002][ T3959] Call trace: [ 43.592848][ T3959] dump_backtrace+0x0/0x530 [ 43.594022][ T3959] show_stack+0x2c/0x3c [ 43.595128][ T3959] dump_stack_lvl+0x108/0x170 [ 43.596360][ T3959] dump_stack+0x1c/0x58 [ 43.597475][ T3959] print_circular_bug+0x150/0x1b8 [ 43.598812][ T3959] check_noncircular+0x2cc/0x378 [ 43.600093][ T3959] __lock_acquire+0x32d4/0x7638 [ 43.601385][ T3959] lock_acquire+0x240/0x77c [ 43.602595][ T3959] __mutex_lock_common+0x194/0x2154 [ 43.603987][ T3959] mutex_lock_nested+0xa4/0xf8 [ 43.605294][ T3959] hfsplus_file_extend+0x198/0x14e0 [ 43.606670][ T3959] hfsplus_bmap_reserve+0xec/0x474 [ 43.607998][ T3959] hfsplus_create_attr+0x1b0/0x568 [ 43.609326][ T3959] __hfsplus_setxattr+0x9a8/0x1df0 [ 43.610679][ T3959] hfsplus_setxattr+0xb4/0xec [ 43.611908][ T3959] hfsplus_trusted_setxattr+0x54/0x6c [ 43.613314][ T3959] __vfs_setxattr+0x388/0x3a4 [ 43.614540][ T3959] __vfs_setxattr_noperm+0x110/0x528 [ 43.615913][ T3959] __vfs_setxattr_locked+0x1ec/0x218 [ 43.617312][ T3959] vfs_setxattr+0x1a8/0x344 [ 43.618535][ T3959] setxattr+0x250/0x2b4 [ 43.619639][ T3959] path_setxattr+0x17c/0x258 [ 43.620873][ T3959] __arm64_sys_lsetxattr+0xbc/0xd8 [ 43.622208][ T3959] invoke_syscall+0x98/0x2b8 [ 43.623474][ T3959] el0_svc_common+0x138/0x258 [ 43.624761][ T3959] do_el0_svc+0x58/0x14c [ 43.625904][ T3959] el0_svc+0x7c/0x1f0 [ 43.626883][ T3959] el0t_64_sync_handler+0x84/0xe4 [ 43.628173][ T3959] el0t_64_sync+0x1a0/0x1a4 [ 43.630400][ T3959] hfsplus: inconsistency in B*Tree (2,0,1,0,1)