./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3639442346

<...>
DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89
forked to background, child pid 4661
[   36.418965][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.430145][ T4662] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   45.416930][ T4840] sshd (4840) used greatest stack depth: 20272 bytes left
Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts.
execve("./syz-executor3639442346", ["./syz-executor3639442346"], 0x7fff4de50930 /* 10 vars */) = 0
brk(NULL)                               = 0x555556ce4000
brk(0x555556ce4c40)                     = 0x555556ce4c40
arch_prctl(ARCH_SET_FS, 0x555556ce4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3639442346", 4096) = 28
brk(0x555556d05c40)                     = 0x555556d05c40
brk(0x555556d06000)                     = 0x555556d06000
mprotect(0x7f1f5686f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f4e3b5000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
munmap(0x7f1f4e3b5000, 524288)          = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "force") = 0
openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY) = 4
unlink("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[   62.396782][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor363'
[   62.415654][ T4992] loop0: detected capacity change from 0 to 1024
[   62.452058][ T4992] 
[   62.454442][ T4992] ======================================================
[   62.461476][ T4992] WARNING: possible circular locking dependency detected
[   62.468522][ T4992] 6.4.0-rc4-syzkaller-00204-gc43a6ff9f93f #0 Not tainted
[   62.475547][ T4992] ------------------------------------------------------
[   62.482551][ T4992] syz-executor363/4992 is trying to acquire lock:
[   62.488947][ T4992] ffff888076c6a0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb40
[   62.498800][ T4992] 
[   62.498800][ T4992] but task is already holding lock:
[   62.506156][ T4992] ffff888076c5b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40
[   62.517306][ T4992] 
[   62.517306][ T4992] which lock already depends on the new lock.
[   62.517306][ T4992] 
[   62.527701][ T4992] 
[   62.527701][ T4992] the existing dependency chain (in reverse order) is:
[   62.536706][ T4992] 
[   62.536706][ T4992] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
[   62.545738][ T4992]        lock_acquire+0x1e3/0x520
[   62.550767][ T4992]        __mutex_lock_common+0x1d8/0x2530
[   62.556501][ T4992]        mutex_lock_nested+0x1b/0x20
[   62.561787][ T4992]        hfsplus_file_extend+0x1d6/0x1b10
[   62.567498][ T4992]        hfsplus_bmap_reserve+0x105/0x4e0
[   62.573217][ T4992]        hfsplus_rename_cat+0x1d3/0x1090
[   62.578841][ T4992]        hfsplus_unlink+0x308/0x7f0
[   62.584029][ T4992]        vfs_unlink+0x35d/0x5f0
[   62.588873][ T4992]        do_unlinkat+0x4a7/0x950
[   62.593806][ T4992]        __x64_sys_unlink+0x49/0x50
[   62.598997][ T4992]        do_syscall_64+0x41/0xc0
[   62.603937][ T4992]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.610365][ T4992] 
[   62.610365][ T4992] -> #0 (&tree->tree_lock){+.+.}-{3:3}:
[   62.618106][ T4992]        validate_chain+0x166b/0x58f0
[   62.623484][ T4992]        __lock_acquire+0x1316/0x2070
[   62.628854][ T4992]        lock_acquire+0x1e3/0x520
[   62.633883][ T4992]        __mutex_lock_common+0x1d8/0x2530
[   62.639628][ T4992]        mutex_lock_nested+0x1b/0x20
[   62.644913][ T4992]        hfsplus_file_truncate+0x811/0xb40
[   62.650714][ T4992]        hfsplus_setattr+0x1bd/0x280
[   62.656004][ T4992]        notify_change+0xc8b/0xf40
[   62.661126][ T4992]        do_truncate+0x220/0x300
[   62.666065][ T4992]        path_openat+0x294e/0x3170
[   62.671178][ T4992]        do_filp_open+0x234/0x490
[   62.676204][ T4992]        do_sys_openat2+0x13f/0x500
[   62.681410][ T4992]        __x64_sys_creat+0x123/0x160
[   62.686701][ T4992]        do_syscall_64+0x41/0xc0
[   62.691647][ T4992]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.698060][ T4992] 
[   62.698060][ T4992] other info that might help us debug this:
[   62.698060][ T4992] 
[   62.708280][ T4992]  Possible unsafe locking scenario:
[   62.708280][ T4992] 
[   62.715727][ T4992]        CPU0                    CPU1
[   62.721086][ T4992]        ----                    ----
[   62.726449][ T4992]   lock(&HFSPLUS_I(inode)->extents_lock);
[   62.732257][ T4992]                                lock(&tree->tree_lock);
[   62.739286][ T4992]                                lock(&HFSPLUS_I(inode)->extents_lock);
[   62.747621][ T4992]   lock(&tree->tree_lock);
[   62.752124][ T4992] 
[   62.752124][ T4992]  *** DEADLOCK ***
[   62.752124][ T4992] 
[   62.760259][ T4992] 3 locks held by syz-executor363/4992:
[   62.765800][ T4992]  #0: ffff888076c68460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[   62.774956][ T4992]  #1: ffff888076c5b240 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300
[   62.785330][ T4992]  #2: ffff888076c5b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40
[   62.796907][ T4992] 
[   62.796907][ T4992] stack backtrace:
[   62.802788][ T4992] CPU: 1 PID: 4992 Comm: syz-executor363 Not tainted 6.4.0-rc4-syzkaller-00204-gc43a6ff9f93f #0
[   62.813195][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   62.823248][ T4992] Call Trace:
[   62.826528][ T4992]  <TASK>
[   62.829457][ T4992]  dump_stack_lvl+0x1e7/0x2d0
[   62.834141][ T4992]  ? nf_tcp_handle_invalid+0x650/0x650
[   62.839610][ T4992]  ? print_circular_bug+0x12b/0x1a0
[   62.844815][ T4992]  check_noncircular+0x2fe/0x3b0
[   62.849757][ T4992]  ? add_chain_block+0x850/0x850
[   62.854703][ T4992]  ? add_chain_block+0x850/0x850
[   62.859648][ T4992]  ? lockdep_lock+0x123/0x2b0
[   62.864340][ T4992]  ? add_chain_block+0x850/0x850
[   62.869287][ T4992]  ? _find_first_zero_bit+0xd4/0x100
[   62.874584][ T4992]  validate_chain+0x166b/0x58f0
[   62.879466][ T4992]  ? reacquire_held_locks+0x660/0x660
[   62.884854][ T4992]  ? reacquire_held_locks+0x660/0x660
[   62.890237][ T4992]  ? look_up_lock_class+0x77/0x140
[   62.895353][ T4992]  ? register_lock_class+0x104/0x990
[   62.900645][ T4992]  ? mark_lock+0x9a/0x340
[   62.904985][ T4992]  ? is_dynamic_key+0x1f0/0x1f0
[   62.909849][ T4992]  ? mark_lock+0x9a/0x340
[   62.914190][ T4992]  __lock_acquire+0x1316/0x2070
[   62.919064][ T4992]  lock_acquire+0x1e3/0x520
[   62.923589][ T4992]  ? hfsplus_file_truncate+0x811/0xb40
[   62.929054][ T4992]  ? read_lock_is_recursive+0x20/0x20
[   62.934437][ T4992]  ? __might_sleep+0xc0/0xc0
[   62.939045][ T4992]  __mutex_lock_common+0x1d8/0x2530
[   62.944256][ T4992]  ? hfsplus_file_truncate+0x811/0xb40
[   62.949721][ T4992]  ? hfsplus_file_truncate+0x811/0xb40
[   62.955182][ T4992]  ? mutex_lock_io_nested+0x60/0x60
[   62.960400][ T4992]  ? hfsplus_free_extents+0x47e/0xae0
[   62.965779][ T4992]  mutex_lock_nested+0x1b/0x20
[   62.970552][ T4992]  hfsplus_file_truncate+0x811/0xb40
[   62.975847][ T4992]  ? hfsplus_add_extent+0x880/0x880
[   62.981047][ T4992]  ? unmap_mapping_range+0xf8/0x290
[   62.986252][ T4992]  ? unmap_mapping_pages+0x180/0x180
[   62.991545][ T4992]  ? current_time+0x1e0/0x300
[   62.996233][ T4992]  ? truncate_setsize+0xcf/0xf0
[   63.001089][ T4992]  hfsplus_setattr+0x1bd/0x280
[   63.005866][ T4992]  ? hfsplus_fileattr_set+0x330/0x330
[   63.011251][ T4992]  notify_change+0xc8b/0xf40
[   63.015890][ T4992]  do_truncate+0x220/0x300
[   63.020332][ T4992]  ? put_page_bootmem+0x2e0/0x2e0
[   63.025369][ T4992]  ? ima_bprm_check+0x2b0/0x2b0
[   63.030233][ T4992]  path_openat+0x294e/0x3170
[   63.034840][ T4992]  ? do_filp_open+0x490/0x490
[   63.039532][ T4992]  do_filp_open+0x234/0x490
[   63.044044][ T4992]  ? vfs_tmpfile+0x4a0/0x4a0
[   63.048645][ T4992]  ? _raw_spin_unlock+0x28/0x40
[   63.053495][ T4992]  ? alloc_fd+0x59c/0x640
[   63.057839][ T4992]  do_sys_openat2+0x13f/0x500
[   63.062525][ T4992]  ? do_sys_open+0x230/0x230
[   63.067163][ T4992]  ? _raw_spin_unlock_irq+0x2e/0x50
[   63.072369][ T4992]  ? ptrace_notify+0x278/0x380
[   63.077139][ T4992]  __x64_sys_creat+0x123/0x160
[   63.081908][ T4992]  ? __x64_compat_sys_openat+0x290/0x290
[   63.087553][ T4992]  ? syscall_enter_from_user_mode+0x32/0x230
[   63.093537][ T4992]  ? syscall_enter_from_user_mode+0x8c/0x230
[   63.099522][ T4992]  do_syscall_64+0x41/0xc0
[   63.103950][ T4992]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.109851][ T4992] RIP: 0033:0x7f1f56801869
[   63.114270][ T4992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   63.133875][ T4992] RSP: 002b:00007ffd84c8db48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   63.142288][ T4992] RAX: ffffffffffffffda RBX: 00007f1f56845060 RCX: 00007f1f56801869
creat("./file1", 000)                   = 5
exit_group(0)                           = ?
+++ exited with 0 +++
[   63.150258][ T4992] RDX: 00007f1f56801869 RSI: 000000