./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor808534428 <...> Warning: Permanently added '10.128.10.21' (ED25519) to the list of known hosts. execve("./syz-executor808534428", ["./syz-executor808534428"], 0x7ffc72a53e20 /* 10 vars */) = 0 brk(NULL) = 0x555556e68000 brk(0x555556e68d00) = 0x555556e68d00 arch_prctl(ARCH_SET_FS, 0x555556e68380) = 0 set_tid_address(0x555556e68650) = 5059 set_robust_list(0x555556e68660, 24) = 0 rseq(0x555556e68ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor808534428", 4096) = 27 getrandom("\x15\xc2\xbc\xfc\x70\xc5\x0d\xfe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556e68d00 brk(0x555556e89d00) = 0x555556e89d00 brk(0x555556e8a000) = 0x555556e8a000 mprotect(0x7fd8cc39d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd8c3eec000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fd8c3eec000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_NODEV|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 71.992311][ T5059] loop0: detected capacity change from 0 to 1024 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "./file0", O_RDONLY) = 4 openat(AT_FDCWD, "./file0", O_RDONLY) = 5 linkat(4, "./file0", 5, "./bus", 0) = 0 openat(AT_FDCWD, "./file0", O_RDONLY) = 6 mknodat(6, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory) openat(AT_FDCWD, ".", O_RDONLY) = 7 [ 72.119638][ T5059] hfsplus: request for non-existent node 255 in B*Tree [ 72.126686][ T5059] hfsplus: request for non-existent node 255 in B*Tree [ 72.134698][ T5059] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 72.141461][ T5059] hfsplus: xattr search failed openat2(4, "./bus", {flags=O_RDONLY|O_TRUNC|O_CLOEXEC|FASYNC, resolve=RESOLVE_BENEATH}, 24) = 8 [ 72.169893][ T5059] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 72.176197][ T5059] hfsplus: xattr searching failed [ 72.184592][ T5059] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 72.184874][ T28] audit: type=1800 audit(1702727956.844:2): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor808" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 72.191005][ T5059] hfsplus: xattr searching failed [ 72.219044][ T5059] [ 72.221390][ T5059] ====================================================== [ 72.228397][ T5059] WARNING: possible circular locking dependency detected [ 72.235406][ T5059] 6.7.0-rc5-syzkaller-00200-g3bd7d7488169 #0 Not tainted [ 72.242409][ T5059] ------------------------------------------------------ [ 72.249413][ T5059] syz-executor808/5059 is trying to acquire lock: [ 72.255823][ T5059] ffff88801dcb07c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 72.266902][ T5059] [ 72.266902][ T5059] but task is already holding lock: [ 72.274251][ T5059] ffff88801ea200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 72.283725][ T5059] [ 72.283725][ T5059] which lock already depends on the new lock. [ 72.283725][ T5059] [ 72.294114][ T5059] [ 72.294114][ T5059] the existing dependency chain (in reverse order) is: [ 72.303202][ T5059] [ 72.303202][ T5059] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 72.310931][ T5059] lock_acquire+0x1e3/0x530 [ 72.315954][ T5059] __mutex_lock+0x136/0xd60 [ 72.320992][ T5059] hfsplus_file_truncate+0x811/0xb40 [ 72.326800][ T5059] hfsplus_setattr+0x1bd/0x260 [ 72.332111][ T5059] notify_change+0xb99/0xe60 [ 72.337225][ T5059] do_truncate+0x220/0x300 [ 72.342161][ T5059] path_openat+0x29e1/0x3290 [ 72.347275][ T5059] do_filp_open+0x234/0x490 [ 72.352299][ T5059] do_sys_openat2+0x13e/0x1d0 [ 72.357500][ T5059] __se_sys_openat2+0x23b/0x2c0 [ 72.362878][ T5059] do_syscall_64+0x45/0x110 [ 72.367914][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.374337][ T5059] [ 72.374337][ T5059] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 72.383377][ T5059] validate_chain+0x1909/0x5ab0 [ 72.388757][ T5059] __lock_acquire+0x1345/0x1fd0 [ 72.394219][ T5059] lock_acquire+0x1e3/0x530 [ 72.399259][ T5059] __mutex_lock+0x136/0xd60 [ 72.404294][ T5059] hfsplus_file_extend+0x21b/0x1b70 [ 72.410021][ T5059] hfsplus_bmap_reserve+0x105/0x4e0 [ 72.415774][ T5059] hfsplus_rename_cat+0x1d0/0x1050 [ 72.421419][ T5059] hfsplus_rename+0x12e/0x1c0 [ 72.426622][ T5059] vfs_rename+0xaba/0xde0 [ 72.431472][ T5059] do_renameat2+0xd5a/0x1390 [ 72.436588][ T5059] __x64_sys_renameat2+0xd2/0xe0 [ 72.442047][ T5059] do_syscall_64+0x45/0x110 [ 72.447074][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.453492][ T5059] [ 72.453492][ T5059] other info that might help us debug this: [ 72.453492][ T5059] [ 72.463714][ T5059] Possible unsafe locking scenario: [ 72.463714][ T5059] [ 72.471158][ T5059] CPU0 CPU1 [ 72.476518][ T5059] ---- ---- [ 72.481883][ T5059] lock(&tree->tree_lock); [ 72.486392][ T5059] lock(&HFSPLUS_I(inode)->extents_lock); [ 72.494719][ T5059] lock(&tree->tree_lock); [ 72.501741][ T5059] lock(&HFSPLUS_I(inode)->extents_lock); [ 72.507567][ T5059] [ 72.507567][ T5059] *** DEADLOCK *** [ 72.507567][ T5059] [ 72.515707][ T5059] 4 locks held by syz-executor808/5059: [ 72.521267][ T5059] #0: ffff88807c86e418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 72.530432][ T5059] #1: ffff88801dcb1e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x601/0x1390 [ 72.540901][ T5059] #2: ffff88801dcb24c0 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: lock_two_inodes+0x100/0x180 [ 72.551367][ T5059] #3: ffff88801ea200b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 72.561301][ T5059] [ 72.561301][ T5059] stack backtrace: [ 72.567182][ T5059] CPU: 0 PID: 5059 Comm: syz-executor808 Not tainted 6.7.0-rc5-syzkaller-00200-g3bd7d7488169 #0 [ 72.577599][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 72.587665][ T5059] Call Trace: [ 72.590947][ T5059] [ 72.593882][ T5059] dump_stack_lvl+0x1e7/0x2d0 [ 72.598572][ T5059] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.604042][ T5059] ? print_circular_bug+0x12b/0x1a0 [ 72.609249][ T5059] check_noncircular+0x366/0x490 [ 72.614198][ T5059] ? print_deadlock_bug+0x610/0x610 [ 72.619403][ T5059] ? lockdep_lock+0x123/0x2b0 [ 72.624110][ T5059] ? _find_first_zero_bit+0xd4/0x100 [ 72.629408][ T5059] validate_chain+0x1909/0x5ab0 [ 72.634283][ T5059] ? check_noncircular+0x259/0x490 [ 72.639410][ T5059] ? reacquire_held_locks+0x690/0x690 [ 72.644800][ T5059] ? print_deadlock_bug+0x610/0x610 [ 72.650092][ T5059] ? lockdep_unlock+0x169/0x300 [ 72.654942][ T5059] ? lockdep_lock+0x2b0/0x2b0 [ 72.659620][ T5059] ? look_up_lock_class+0x77/0x160 [ 72.664729][ T5059] ? register_lock_class+0x102/0x970 [ 72.670013][ T5059] ? validate_chain+0x15c6/0x5ab0 [ 72.675045][ T5059] ? is_dynamic_key+0x260/0x260 [ 72.679906][ T5059] ? mark_lock+0x9a/0x350 [ 72.684259][ T5059] __lock_acquire+0x1345/0x1fd0 [ 72.689124][ T5059] lock_acquire+0x1e3/0x530 [ 72.693629][ T5059] ? hfsplus_file_extend+0x21b/0x1b70 [ 72.699003][ T5059] ? read_lock_is_recursive+0x20/0x20 [ 72.704386][ T5059] ? __might_sleep+0xe0/0xe0 [ 72.708981][ T5059] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 72.714979][ T5059] ? print_irqtrace_events+0x220/0x220 [ 72.720457][ T5059] __mutex_lock+0x136/0xd60 [ 72.724965][ T5059] ? hfsplus_file_extend+0x21b/0x1b70 [ 72.730337][ T5059] ? hfsplus_file_extend+0x21b/0x1b70 [ 72.735709][ T5059] ? mutex_lock_nested+0x20/0x20 [ 72.740679][ T5059] hfsplus_file_extend+0x21b/0x1b70 [ 72.745892][ T5059] ? hfsplus_get_block+0x14e0/0x14e0 [ 72.751179][ T5059] ? rcu_is_watching+0x15/0xb0 [ 72.755977][ T5059] ? trace_contention_end+0x3c/0x100 [ 72.761277][ T5059] ? __mutex_lock+0x2ee/0xd60 [ 72.765971][ T5059] ? hfsplus_find_init+0x14a/0x1c0 [ 72.771091][ T5059] ? mutex_lock_nested+0x20/0x20 [ 72.776046][ T5059] hfsplus_bmap_reserve+0x105/0x4e0 [ 72.781258][ T5059] hfsplus_rename_cat+0x1d0/0x1050 [ 72.786380][ T5059] ? stack_trace_save+0x117/0x1c0 [ 72.791414][ T5059] ? stack_trace_snprint+0xf0/0xf0 [ 72.796534][ T5059] ? hfsplus_subfolders_dec+0x110/0x110 [ 72.802091][ T5059] ? lockdep_unlock+0x169/0x300 [ 72.806977][ T5059] ? __down_write_common+0x161/0x200 [ 72.812264][ T5059] ? __lock_acquire+0x1fd0/0x1fd0 [ 72.817292][ T5059] ? clear_nonspinnable+0x60/0x60 [ 72.822321][ T5059] hfsplus_rename+0x12e/0x1c0 [ 72.827003][ T5059] ? hfsplus_mknod+0x2a0/0x2a0 [ 72.831770][ T5059] vfs_rename+0xaba/0xde0 [ 72.836108][ T5059] ? __ia32_sys_link+0x90/0x90 [ 72.840882][ T5059] ? security_path_rename+0x183/0x210 [ 72.846258][ T5059] do_renameat2+0xd5a/0x1390 [ 72.850869][ T5059] ? fsnotify_move+0x4f0/0x4f0 [ 72.855637][ T5059] ? __virt_addr_valid+0x22f/0x2e0 [ 72.860751][ T5059] ? __check_object_size+0x4bb/0xa00 [ 72.866053][ T5059] ? getname_flags+0x1fd/0x4f0 [ 72.870831][ T5059] ? syscall_enter_from_user_mode+0xa4/0x2d0 [ 72.876831][ T5059] __x64_sys_renameat2+0xd2/0xe0 [ 72.881783][ T5059] do_syscall_64+0x45/0x110 [ 72.886300][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.892205][ T5059] RIP: 0033:0x7fd8cc3297b9 [ 72.896628][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 renameat2(7, "./file0", 7, "./bus", 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 72.916234][ T5059] RSP: 002b:00007ffc6eb3dab8 EFLAGS: 00000246 ORIG_RAX: 0000