./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3639442346 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4661 [ 36.418965][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.430145][ T4662] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 45.416930][ T4840] sshd (4840) used greatest stack depth: 20272 bytes left Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts. execve("./syz-executor3639442346", ["./syz-executor3639442346"], 0x7fff4de50930 /* 10 vars */) = 0 brk(NULL) = 0x555556ce4000 brk(0x555556ce4c40) = 0x555556ce4c40 arch_prctl(ARCH_SET_FS, 0x555556ce4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3639442346", 4096) = 28 brk(0x555556d05c40) = 0x555556d05c40 brk(0x555556d06000) = 0x555556d06000 mprotect(0x7f1f5686f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f4e3b5000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f1f4e3b5000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "force") = 0 openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY) = 4 unlink("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 62.396782][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor363' [ 62.415654][ T4992] loop0: detected capacity change from 0 to 1024 [ 62.452058][ T4992] [ 62.454442][ T4992] ====================================================== [ 62.461476][ T4992] WARNING: possible circular locking dependency detected [ 62.468522][ T4992] 6.4.0-rc4-syzkaller-00204-gc43a6ff9f93f #0 Not tainted [ 62.475547][ T4992] ------------------------------------------------------ [ 62.482551][ T4992] syz-executor363/4992 is trying to acquire lock: [ 62.488947][ T4992] ffff888076c6a0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb40 [ 62.498800][ T4992] [ 62.498800][ T4992] but task is already holding lock: [ 62.506156][ T4992] ffff888076c5b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 62.517306][ T4992] [ 62.517306][ T4992] which lock already depends on the new lock. [ 62.517306][ T4992] [ 62.527701][ T4992] [ 62.527701][ T4992] the existing dependency chain (in reverse order) is: [ 62.536706][ T4992] [ 62.536706][ T4992] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 62.545738][ T4992] lock_acquire+0x1e3/0x520 [ 62.550767][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 62.556501][ T4992] mutex_lock_nested+0x1b/0x20 [ 62.561787][ T4992] hfsplus_file_extend+0x1d6/0x1b10 [ 62.567498][ T4992] hfsplus_bmap_reserve+0x105/0x4e0 [ 62.573217][ T4992] hfsplus_rename_cat+0x1d3/0x1090 [ 62.578841][ T4992] hfsplus_unlink+0x308/0x7f0 [ 62.584029][ T4992] vfs_unlink+0x35d/0x5f0 [ 62.588873][ T4992] do_unlinkat+0x4a7/0x950 [ 62.593806][ T4992] __x64_sys_unlink+0x49/0x50 [ 62.598997][ T4992] do_syscall_64+0x41/0xc0 [ 62.603937][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.610365][ T4992] [ 62.610365][ T4992] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 62.618106][ T4992] validate_chain+0x166b/0x58f0 [ 62.623484][ T4992] __lock_acquire+0x1316/0x2070 [ 62.628854][ T4992] lock_acquire+0x1e3/0x520 [ 62.633883][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 62.639628][ T4992] mutex_lock_nested+0x1b/0x20 [ 62.644913][ T4992] hfsplus_file_truncate+0x811/0xb40 [ 62.650714][ T4992] hfsplus_setattr+0x1bd/0x280 [ 62.656004][ T4992] notify_change+0xc8b/0xf40 [ 62.661126][ T4992] do_truncate+0x220/0x300 [ 62.666065][ T4992] path_openat+0x294e/0x3170 [ 62.671178][ T4992] do_filp_open+0x234/0x490 [ 62.676204][ T4992] do_sys_openat2+0x13f/0x500 [ 62.681410][ T4992] __x64_sys_creat+0x123/0x160 [ 62.686701][ T4992] do_syscall_64+0x41/0xc0 [ 62.691647][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.698060][ T4992] [ 62.698060][ T4992] other info that might help us debug this: [ 62.698060][ T4992] [ 62.708280][ T4992] Possible unsafe locking scenario: [ 62.708280][ T4992] [ 62.715727][ T4992] CPU0 CPU1 [ 62.721086][ T4992] ---- ---- [ 62.726449][ T4992] lock(&HFSPLUS_I(inode)->extents_lock); [ 62.732257][ T4992] lock(&tree->tree_lock); [ 62.739286][ T4992] lock(&HFSPLUS_I(inode)->extents_lock); [ 62.747621][ T4992] lock(&tree->tree_lock); [ 62.752124][ T4992] [ 62.752124][ T4992] *** DEADLOCK *** [ 62.752124][ T4992] [ 62.760259][ T4992] 3 locks held by syz-executor363/4992: [ 62.765800][ T4992] #0: ffff888076c68460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 62.774956][ T4992] #1: ffff888076c5b240 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300 [ 62.785330][ T4992] #2: ffff888076c5b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 62.796907][ T4992] [ 62.796907][ T4992] stack backtrace: [ 62.802788][ T4992] CPU: 1 PID: 4992 Comm: syz-executor363 Not tainted 6.4.0-rc4-syzkaller-00204-gc43a6ff9f93f #0 [ 62.813195][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 62.823248][ T4992] Call Trace: [ 62.826528][ T4992] [ 62.829457][ T4992] dump_stack_lvl+0x1e7/0x2d0 [ 62.834141][ T4992] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.839610][ T4992] ? print_circular_bug+0x12b/0x1a0 [ 62.844815][ T4992] check_noncircular+0x2fe/0x3b0 [ 62.849757][ T4992] ? add_chain_block+0x850/0x850 [ 62.854703][ T4992] ? add_chain_block+0x850/0x850 [ 62.859648][ T4992] ? lockdep_lock+0x123/0x2b0 [ 62.864340][ T4992] ? add_chain_block+0x850/0x850 [ 62.869287][ T4992] ? _find_first_zero_bit+0xd4/0x100 [ 62.874584][ T4992] validate_chain+0x166b/0x58f0 [ 62.879466][ T4992] ? reacquire_held_locks+0x660/0x660 [ 62.884854][ T4992] ? reacquire_held_locks+0x660/0x660 [ 62.890237][ T4992] ? look_up_lock_class+0x77/0x140 [ 62.895353][ T4992] ? register_lock_class+0x104/0x990 [ 62.900645][ T4992] ? mark_lock+0x9a/0x340 [ 62.904985][ T4992] ? is_dynamic_key+0x1f0/0x1f0 [ 62.909849][ T4992] ? mark_lock+0x9a/0x340 [ 62.914190][ T4992] __lock_acquire+0x1316/0x2070 [ 62.919064][ T4992] lock_acquire+0x1e3/0x520 [ 62.923589][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 62.929054][ T4992] ? read_lock_is_recursive+0x20/0x20 [ 62.934437][ T4992] ? __might_sleep+0xc0/0xc0 [ 62.939045][ T4992] __mutex_lock_common+0x1d8/0x2530 [ 62.944256][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 62.949721][ T4992] ? hfsplus_file_truncate+0x811/0xb40 [ 62.955182][ T4992] ? mutex_lock_io_nested+0x60/0x60 [ 62.960400][ T4992] ? hfsplus_free_extents+0x47e/0xae0 [ 62.965779][ T4992] mutex_lock_nested+0x1b/0x20 [ 62.970552][ T4992] hfsplus_file_truncate+0x811/0xb40 [ 62.975847][ T4992] ? hfsplus_add_extent+0x880/0x880 [ 62.981047][ T4992] ? unmap_mapping_range+0xf8/0x290 [ 62.986252][ T4992] ? unmap_mapping_pages+0x180/0x180 [ 62.991545][ T4992] ? current_time+0x1e0/0x300 [ 62.996233][ T4992] ? truncate_setsize+0xcf/0xf0 [ 63.001089][ T4992] hfsplus_setattr+0x1bd/0x280 [ 63.005866][ T4992] ? hfsplus_fileattr_set+0x330/0x330 [ 63.011251][ T4992] notify_change+0xc8b/0xf40 [ 63.015890][ T4992] do_truncate+0x220/0x300 [ 63.020332][ T4992] ? put_page_bootmem+0x2e0/0x2e0 [ 63.025369][ T4992] ? ima_bprm_check+0x2b0/0x2b0 [ 63.030233][ T4992] path_openat+0x294e/0x3170 [ 63.034840][ T4992] ? do_filp_open+0x490/0x490 [ 63.039532][ T4992] do_filp_open+0x234/0x490 [ 63.044044][ T4992] ? vfs_tmpfile+0x4a0/0x4a0 [ 63.048645][ T4992] ? _raw_spin_unlock+0x28/0x40 [ 63.053495][ T4992] ? alloc_fd+0x59c/0x640 [ 63.057839][ T4992] do_sys_openat2+0x13f/0x500 [ 63.062525][ T4992] ? do_sys_open+0x230/0x230 [ 63.067163][ T4992] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.072369][ T4992] ? ptrace_notify+0x278/0x380 [ 63.077139][ T4992] __x64_sys_creat+0x123/0x160 [ 63.081908][ T4992] ? __x64_compat_sys_openat+0x290/0x290 [ 63.087553][ T4992] ? syscall_enter_from_user_mode+0x32/0x230 [ 63.093537][ T4992] ? syscall_enter_from_user_mode+0x8c/0x230 [ 63.099522][ T4992] do_syscall_64+0x41/0xc0 [ 63.103950][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.109851][ T4992] RIP: 0033:0x7f1f56801869 [ 63.114270][ T4992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 63.133875][ T4992] RSP: 002b:00007ffd84c8db48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 63.142288][ T4992] RAX: ffffffffffffffda RBX: 00007f1f56845060 RCX: 00007f1f56801869 creat("./file1", 000) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 63.150258][ T4992] RDX: 00007f1f56801869 RSI: 000000