Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.379092] ====================================================== [ 33.379092] WARNING: the mand mount option is being deprecated and [ 33.379092] will be removed in v5.15! [ 33.379092] ====================================================== [ 33.419108] hfsplus: xattr searching failed [ 33.424337] hfsplus: xattr searching failed [ 33.429240] [ 33.430877] ====================================================== [ 33.437202] WARNING: possible circular locking dependency detected [ 33.443520] 4.19.211-syzkaller #0 Not tainted [ 33.448003] ------------------------------------------------------ [ 33.454300] syz-executor247/8113 is trying to acquire lock: [ 33.459988] 0000000015b30424 (&tree->tree_lock){+.+.}, at: hfsplus_file_truncate+0xde7/0x1040 [ 33.468647] [ 33.468647] but task is already holding lock: [ 33.474596] 000000003707ce85 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 33.484554] [ 33.484554] which lock already depends on the new lock. [ 33.484554] [ 33.492865] [ 33.492865] the existing dependency chain (in reverse order) is: [ 33.500482] [ 33.500482] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: [ 33.507589] hfsplus_file_extend+0x1bb/0xf40 [ 33.512498] hfsplus_bmap_reserve+0x298/0x440 [ 33.517496] hfsplus_create_cat+0x1e3/0x1210 [ 33.522407] hfsplus_mknod+0x165/0x320 [ 33.526883] lookup_open+0x893/0x1a20 [ 33.531184] path_openat+0x1094/0x2df0 [ 33.535573] do_filp_open+0x18c/0x3f0 [ 33.539875] do_sys_open+0x3b3/0x520 [ 33.544090] do_syscall_64+0xf9/0x620 [ 33.548392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.554079] [ 33.554079] -> #0 (&tree->tree_lock){+.+.}: [ 33.559865] __mutex_lock+0xd7/0x1190 [ 33.564165] hfsplus_file_truncate+0xde7/0x1040 [ 33.569333] hfsplus_setattr+0x1e7/0x310 [ 33.573921] notify_change+0x70b/0xfc0 [ 33.578307] do_truncate+0x134/0x1f0 [ 33.582517] vfs_truncate+0x54b/0x6d0 [ 33.586817] do_sys_truncate+0x145/0x170 [ 33.591380] do_syscall_64+0xf9/0x620 [ 33.595685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.601381] [ 33.601381] other info that might help us debug this: [ 33.601381] [ 33.609586] Possible unsafe locking scenario: [ 33.609586] [ 33.615620] CPU0 CPU1 [ 33.620267] ---- ---- [ 33.624907] lock(&HFSPLUS_I(inode)->extents_lock); [ 33.629988] lock(&tree->tree_lock); [ 33.636278] lock(&HFSPLUS_I(inode)->extents_lock); [ 33.643871] lock(&tree->tree_lock); [ 33.647676] [ 33.647676] *** DEADLOCK *** [ 33.647676] [ 33.653714] 3 locks held by syz-executor247/8113: [ 33.658532] #0: 0000000061f0b3b5 (sb_writers#11){.+.+}, at: mnt_want_write+0x3a/0xb0 [ 33.666489] #1: 0000000025fc88c4 (&sb->s_type->i_mutex_key#17){+.+.}, at: do_truncate+0x125/0x1f0 [ 33.675567] #2: 000000003707ce85 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 [ 33.685947] [ 33.685947] stack backtrace: [ 33.690421] CPU: 1 PID: 8113 Comm: syz-executor247 Not tainted 4.19.211-syzkaller #0 [ 33.698275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.707604] Call Trace: [ 33.710172] dump_stack+0x1fc/0x2ef [ 33.713779] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 33.719556] __lock_acquire+0x30c9/0x3ff0 [ 33.723683] ? mark_held_locks+0xf0/0xf0 [ 33.727722] ? mark_held_locks+0xf0/0xf0 [ 33.731763] ? hfsplus_block_free+0x42f/0x5d0 [ 33.736234] lock_acquire+0x170/0x3c0 [ 33.740017] ? hfsplus_file_truncate+0xde7/0x1040 [ 33.744840] ? hfsplus_file_truncate+0xde7/0x1040 [ 33.749659] __mutex_lock+0xd7/0x1190 [ 33.753436] ? hfsplus_file_truncate+0xde7/0x1040 [ 33.758260] ? wait_for_completion_io+0x10/0x10 [ 33.762907] ? hfsplus_file_truncate+0xde7/0x1040 [ 33.767730] ? mutex_trylock+0x1a0/0x1a0 [ 33.771767] ? hfsplus_block_free+0x434/0x5d0 [ 33.776238] ? hfsplus_free_extents+0x17b/0x520 [ 33.780888] hfsplus_file_truncate+0xde7/0x1040 [ 33.785535] ? hfsplus_get_block+0x960/0x960 [ 33.789920] ? up_write+0x18/0x150 [ 33.793437] ? unmap_mapping_pages+0x121/0x2b0 [ 33.797998] ? inode_newsize_ok+0x121/0x1e0 [ 33.802295] hfsplus_setattr+0x1e7/0x310 [ 33.806332] ? hfsplus_file_open+0x140/0x140 [ 33.810716] notify_change+0x70b/0xfc0 [ 33.814584] do_truncate+0x134/0x1f0 [ 33.818272] ? dentry_open+0x1d0/0x1d0 [ 33.822138] ? apparmor_path_truncate+0x183/0x200 [ 33.826960] ? inode_permission.part.0+0x10c/0x450 [ 33.831866] vfs_truncate+0x54b/0x6d0 [ 33.835644] ? do_truncate+0x1f0/0x1f0 [ 33.839508] ? getname_flags+0x25b/0x590 [ 33.843549] do_sys_truncate+0x145/0x170 [ 33.847590] ? vfs_truncate+0x6d0/0x6d0 [ 33.851547] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.856541] ? do_syscall_64+0x21/0x620 [ 33.860491] do_syscall_64+0xf9/0x620 [ 33.864275] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.869440] RIP: 0033:0x7fa4e6b957a9 [ 33.873134] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.892011] RSP: 002b:00007ffdb044f8d8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 33.899693] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa4e6b957a9 [ 33.906939] RDX: 00007fa4e6b957a9 RSI: 0000000000000000 RDI: 0000000020000000 [ 33.914210] RBP: 00007fa4e6b55040 R08: 0000000000000000 R09: 0000000000000000 [ 33.921459] R10: 000000000000063c R11: 0000000000000246 R12: 00007fa4e6b550d0 [ 33.928703] R13: 00000000000000