Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts. executing program [ 36.204825][ T5971] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5971 'syz-executor118' [ 36.213993][ T5971] loop0: detected capacity change from 0 to 1024 [ 36.228701][ T5971] hfsplus: request for non-existent node 255 in B*Tree [ 36.230170][ T5971] hfsplus: request for non-existent node 255 in B*Tree [ 36.231794][ T5971] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 36.233244][ T5971] hfsplus: xattr search failed [ 36.235217][ T5971] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 36.236543][ T5971] hfsplus: xattr searching failed [ 36.238843][ T5971] [ 36.239348][ T5971] ====================================================== [ 36.240804][ T5971] WARNING: possible circular locking dependency detected [ 36.242275][ T5971] 6.4.0-rc7-syzkaller-ge40939bbfc68 #0 Not tainted [ 36.243620][ T5971] ------------------------------------------------------ [ 36.245104][ T5971] syz-executor118/5971 is trying to acquire lock: [ 36.246442][ T5971] ffff0000de1787c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x198/0x14cc [ 36.248842][ T5971] [ 36.248842][ T5971] but task is already holding lock: [ 36.250359][ T5971] ffff0000de1980b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x144/0x1bc [ 36.252349][ T5971] [ 36.252349][ T5971] which lock already depends on the new lock. [ 36.252349][ T5971] [ 36.254511][ T5971] [ 36.254511][ T5971] the existing dependency chain (in reverse order) is: [ 36.256423][ T5971] [ 36.256423][ T5971] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 36.258078][ T5971] __mutex_lock_common+0x190/0x21a0 [ 36.259276][ T5971] mutex_lock_nested+0x2c/0x38 [ 36.260376][ T5971] hfsplus_file_truncate+0x6d0/0x9b8 [ 36.261582][ T5971] hfsplus_setattr+0x18c/0x25c [ 36.262689][ T5971] notify_change+0xa84/0xd20 [ 36.263789][ T5971] do_truncate+0x1c0/0x28c [ 36.264846][ T5971] path_openat+0x2130/0x27f8 [ 36.265908][ T5971] do_filp_open+0x1bc/0x3cc [ 36.266965][ T5971] do_sys_openat2+0x128/0x3d8 [ 36.268018][ T5971] __arm64_sys_openat2+0x308/0x3b8 [ 36.269171][ T5971] invoke_syscall+0x98/0x2c0 [ 36.270210][ T5971] el0_svc_common+0x138/0x244 [ 36.271281][ T5971] do_el0_svc+0x64/0x198 [ 36.272305][ T5971] el0_svc+0x4c/0x160 [ 36.273242][ T5971] el0t_64_sync_handler+0x84/0xfc [ 36.274373][ T5971] el0t_64_sync+0x190/0x194 [ 36.275419][ T5971] [ 36.275419][ T5971] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 36.277318][ T5971] __lock_acquire+0x3308/0x7604 [ 36.278463][ T5971] lock_acquire+0x23c/0x71c [ 36.279504][ T5971] __mutex_lock_common+0x190/0x21a0 [ 36.280731][ T5971] mutex_lock_nested+0x2c/0x38 [ 36.281837][ T5971] hfsplus_file_extend+0x198/0x14cc [ 36.283018][ T5971] hfsplus_bmap_reserve+0xec/0x474 [ 36.284214][ T5971] hfsplus_rename_cat+0x1ac/0xf30 [ 36.285371][ T5971] hfsplus_rename+0x120/0x1b0 [ 36.286433][ T5971] vfs_rename+0x908/0xcd4 [ 36.287432][ T5971] do_renameat2+0x9f4/0x10b0 [ 36.288501][ T5971] __arm64_sys_renameat2+0xe0/0xfc [ 36.289677][ T5971] invoke_syscall+0x98/0x2c0 [ 36.290797][ T5971] el0_svc_common+0x138/0x244 [ 36.291936][ T5971] do_el0_svc+0x64/0x198 [ 36.292970][ T5971] el0_svc+0x4c/0x160 [ 36.293946][ T5971] el0t_64_sync_handler+0x84/0xfc [ 36.295106][ T5971] el0t_64_sync+0x190/0x194 [ 36.296138][ T5971] [ 36.296138][ T5971] other info that might help us debug this: [ 36.296138][ T5971] [ 36.298247][ T5971] Possible unsafe locking scenario: [ 36.298247][ T5971] [ 36.299795][ T5971] CPU0 CPU1 [ 36.300923][ T5971] ---- ---- [ 36.302056][ T5971] lock(&tree->tree_lock); [ 36.303012][ T5971] lock(&HFSPLUS_I(inode)->extents_lock); [ 36.304706][ T5971] lock(&tree->tree_lock); [ 36.306174][ T5971] lock(&HFSPLUS_I(inode)->extents_lock); [ 36.307413][ T5971] [ 36.307413][ T5971] *** DEADLOCK *** [ 36.307413][ T5971] [ 36.309072][ T5971] 3 locks held by syz-executor118/5971: [ 36.310209][ T5971] #0: ffff0000de184460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 36.312126][ T5971] #1: ffff0000de179e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x50c/0x10b0 [ 36.314325][ T5971] #2: ffff0000de1980b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x144/0x1bc [ 36.316501][ T5971] [ 36.316501][ T5971] stack backtrace: [ 36.317735][ T5971] CPU: 0 PID: 5971 Comm: syz-executor118 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0 [ 36.319816][ T5971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 36.321929][ T5971] Call trace: [ 36.322630][ T5971] dump_backtrace+0x1b8/0x1e4 [ 36.323634][ T5971] show_stack+0x2c/0x44 [ 36.324485][ T5971] dump_stack_lvl+0xd0/0x124 [ 36.325450][ T5971] dump_stack+0x1c/0x28 [ 36.326321][ T5971] print_circular_bug+0x150/0x1b8 [ 36.327426][ T5971] check_noncircular+0x2cc/0x378 [ 36.328466][ T5971] __lock_acquire+0x3308/0x7604 [ 36.329473][ T5971] lock_acquire+0x23c/0x71c [ 36.330477][ T5971] __mutex_lock_common+0x190/0x21a0 [ 36.331572][ T5971] mutex_lock_nested+0x2c/0x38 [ 36.332564][ T5971] hfsplus_file_extend+0x198/0x14cc [ 36.333632][ T5971] hfsplus_bmap_reserve+0xec/0x474 [ 36.334716][ T5971] hfsplus_rename_cat+0x1ac/0xf30 [ 36.335768][ T5971] hfsplus_rename+0x120/0x1b0 [ 36.336783][ T5971] vfs_rename+0x908/0xcd4 [ 36.337694][ T5971] do_renameat2+0x9f4/0x10b0 [ 36.338684][ T5971] __arm64_sys_renameat2+0xe0/0xfc [ 36.339717][ T5971] invoke_syscall+0x98/0x2c0 [ 36.340662][ T5971] el0_svc_common+0x138/0x244 [ 36.341661][ T5971] do_el0_svc+0x64/0x198 [ 36.342558][ T5971] el0_svc+0x4c/0x160 [ 36.343387][ T5971] el0t_64_sync_handler+0x84/0xfc [ 36.344453][ T5971] el0t_64_sync+0x190/0x194