./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1080514609 <...> Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts. execve("./syz-executor1080514609", ["./syz-executor1080514609"], 0x7ffd43208aa0 /* 10 vars */) = 0 brk(NULL) = 0x55556058a000 brk(0x55556058ad00) = 0x55556058ad00 arch_prctl(ARCH_SET_FS, 0x55556058a380) = 0 set_tid_address(0x55556058a650) = 5088 set_robust_list(0x55556058a660, 24) = 0 rseq(0x55556058aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1080514609", 4096) = 28 getrandom("\x14\xeb\x38\xb5\xad\x28\x69\x18", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556058ad00 brk(0x5555605abd00) = 0x5555605abd00 brk(0x5555605ac000) = 0x5555605ac000 mprotect(0x7fa6d8159000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6cfc00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fa6cfc00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 57.501529][ T5088] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./file1", O_RDONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [ 57.559561][ T5088] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 57.566496][ T5088] hfsplus: xattr searching failed [ 57.573791][ T5088] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 57.576372][ T29] audit: type=1800 audit(1713233498.182:2): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor108" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 57.581068][ T5088] hfsplus: xattr searching failed [ 57.609980][ T5088] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 57.616880][ T5088] [ 57.619230][ T5088] ====================================================== [ 57.626230][ T5088] WARNING: possible circular locking dependency detected [ 57.633238][ T5088] 6.9.0-rc4-next-20240415-syzkaller #0 Not tainted [ 57.639717][ T5088] ------------------------------------------------------ [ 57.646735][ T5088] syz-executor108/5088 is trying to acquire lock: [ 57.653157][ T5088] ffff888022f60e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 57.664286][ T5088] [ 57.664286][ T5088] but task is already holding lock: [ 57.671638][ T5088] ffff8880234940b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 57.681277][ T5088] [ 57.681277][ T5088] which lock already depends on the new lock. [ 57.681277][ T5088] [ 57.691748][ T5088] [ 57.691748][ T5088] the existing dependency chain (in reverse order) is: [ 57.700754][ T5088] [ 57.700754][ T5088] -> #2 (&tree->tree_lock/2){+.+.}-{3:3}: [ 57.708666][ T5088] lock_acquire+0x1ed/0x550 [ 57.713683][ T5088] __mutex_lock+0x136/0xd70 [ 57.718701][ T5088] hfsplus_find_init+0x14a/0x1c0 [ 57.724144][ T5088] hfsplus_attr_exists+0xff/0x1d0 [ 57.729673][ T5088] __hfsplus_setxattr+0x476/0x22d0 [ 57.735286][ T5088] hfsplus_setxattr+0xb0/0xe0 [ 57.740466][ T5088] hfsplus_trusted_setxattr+0x40/0x60 [ 57.746341][ T5088] __vfs_setxattr+0x468/0x4a0 [ 57.751526][ T5088] __vfs_setxattr_noperm+0x12e/0x660 [ 57.757328][ T5088] vfs_setxattr+0x221/0x430 [ 57.762367][ T5088] setxattr+0x25d/0x2f0 [ 57.767042][ T5088] path_setxattr+0x1c0/0x2a0 [ 57.772149][ T5088] __x64_sys_lsetxattr+0xb8/0xd0 [ 57.777595][ T5088] do_syscall_64+0xf5/0x240 [ 57.782605][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.789003][ T5088] [ 57.789003][ T5088] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 57.796741][ T5088] lock_acquire+0x1ed/0x550 [ 57.801748][ T5088] __mutex_lock+0x136/0xd70 [ 57.806775][ T5088] hfsplus_file_truncate+0x811/0xb50 [ 57.812572][ T5088] hfsplus_setattr+0x1ce/0x280 [ 57.817837][ T5088] notify_change+0xb9d/0xe70 [ 57.822928][ T5088] do_truncate+0x220/0x310 [ 57.827850][ T5088] path_openat+0x2a3d/0x3280 [ 57.832940][ T5088] do_filp_open+0x235/0x490 [ 57.837947][ T5088] do_sys_openat2+0x13e/0x1d0 [ 57.843128][ T5088] __x64_sys_openat+0x247/0x2a0 [ 57.848486][ T5088] do_syscall_64+0xf5/0x240 [ 57.853496][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.859892][ T5088] [ 57.859892][ T5088] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 57.868902][ T5088] validate_chain+0x18cb/0x58e0 [ 57.874257][ T5088] __lock_acquire+0x1346/0x1fd0 [ 57.879627][ T5088] lock_acquire+0x1ed/0x550 [ 57.884647][ T5088] __mutex_lock+0x136/0xd70 [ 57.889660][ T5088] hfsplus_file_extend+0x21b/0x1b70 [ 57.895366][ T5088] hfsplus_bmap_reserve+0x105/0x4e0 [ 57.901070][ T5088] hfsplus_create_attr+0x1c8/0x640 [ 57.906684][ T5088] __hfsplus_setxattr+0x6fe/0x22d0 [ 57.912297][ T5088] hfsplus_setxattr+0xb0/0xe0 [ 57.917476][ T5088] hfsplus_trusted_setxattr+0x40/0x60 [ 57.923349][ T5088] __vfs_setxattr+0x468/0x4a0 [ 57.928556][ T5088] __vfs_setxattr_noperm+0x12e/0x660 [ 57.934345][ T5088] vfs_setxattr+0x221/0x430 [ 57.939380][ T5088] setxattr+0x25d/0x2f0 [ 57.944036][ T5088] path_setxattr+0x1c0/0x2a0 [ 57.949157][ T5088] __x64_sys_lsetxattr+0xb8/0xd0 [ 57.954600][ T5088] do_syscall_64+0xf5/0x240 [ 57.959616][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.966012][ T5088] [ 57.966012][ T5088] other info that might help us debug this: [ 57.966012][ T5088] [ 57.976216][ T5088] Chain exists of: [ 57.976216][ T5088] &HFSPLUS_I(inode)->extents_lock --> &tree->tree_lock --> &tree->tree_lock/2 [ 57.976216][ T5088] [ 57.990990][ T5088] Possible unsafe locking scenario: [ 57.990990][ T5088] [ 57.998417][ T5088] CPU0 CPU1 [ 58.003759][ T5088] ---- ---- [ 58.009102][ T5088] lock(&tree->tree_lock/2); [ 58.013764][ T5088] lock(&tree->tree_lock); [ 58.020784][ T5088] lock(&tree->tree_lock/2); [ 58.028072][ T5088] lock(&HFSPLUS_I(inode)->extents_lock); [ 58.033869][ T5088] [ 58.033869][ T5088] *** DEADLOCK *** [ 58.033869][ T5088] [ 58.041997][ T5088] 4 locks held by syz-executor108/5088: [ 58.047519][ T5088] #0: ffff888022d46420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 58.056644][ T5088] #1: ffff888022f624c0 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: vfs_setxattr+0x1e1/0x430 [ 58.067151][ T5088] #2: ffff8880234920b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.077129][ T5088] #3: ffff8880234940b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.087195][ T5088] [ 58.087195][ T5088] stack backtrace: [ 58.093093][ T5088] CPU: 0 PID: 5088 Comm: syz-executor108 Not tainted 6.9.0-rc4-next-20240415-syzkaller #0 [ 58.103079][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 58.113130][ T5088] Call Trace: [ 58.116416][ T5088] [ 58.119374][ T5088] dump_stack_lvl+0x241/0x360 [ 58.124088][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.129281][ T5088] ? print_circular_bug+0x130/0x1a0 [ 58.134492][ T5088] check_noncircular+0x36a/0x4a0 [ 58.139418][ T5088] ? __pfx_check_noncircular+0x10/0x10 [ 58.144860][ T5088] ? lockdep_lock+0x123/0x2b0 [ 58.149622][ T5088] ? __pfx_hlock_conflict+0x10/0x10 [ 58.154822][ T5088] ? _find_first_zero_bit+0xd4/0x100 [ 58.160110][ T5088] validate_chain+0x18cb/0x58e0 [ 58.164968][ T5088] ? lockdep_unlock+0x16a/0x300 [ 58.169814][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 58.175001][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 58.180189][ T5088] ? mark_lock+0x9a/0x350 [ 58.184503][ T5088] ? __lock_acquire+0x1346/0x1fd0 [ 58.189510][ T5088] ? look_up_lock_class+0x77/0x160 [ 58.194607][ T5088] ? register_lock_class+0x102/0x980 [ 58.199875][ T5088] ? validate_chain+0x11b/0x58e0 [ 58.204793][ T5088] ? __pfx_register_lock_class+0x10/0x10 [ 58.210409][ T5088] ? mark_lock+0x9a/0x350 [ 58.214719][ T5088] __lock_acquire+0x1346/0x1fd0 [ 58.219641][ T5088] lock_acquire+0x1ed/0x550 [ 58.224148][ T5088] ? hfsplus_file_extend+0x21b/0x1b70 [ 58.229506][ T5088] ? __pfx_lock_acquire+0x10/0x10 [ 58.234511][ T5088] ? __pfx___might_resched+0x10/0x10 [ 58.239777][ T5088] ? __pfx_register_lock_class+0x10/0x10 [ 58.245396][ T5088] __mutex_lock+0x136/0xd70 [ 58.249880][ T5088] ? hfsplus_file_extend+0x21b/0x1b70 [ 58.255239][ T5088] ? hfsplus_file_extend+0x21b/0x1b70 [ 58.260596][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 58.265605][ T5088] hfsplus_file_extend+0x21b/0x1b70 [ 58.270814][ T5088] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 58.276449][ T5088] ? rcu_is_watching+0x15/0xb0 [ 58.281208][ T5088] ? trace_contention_end+0x3c/0x120 [ 58.286494][ T5088] ? __mutex_lock+0x2ef/0xd70 [ 58.291167][ T5088] ? hfsplus_find_init+0x14a/0x1c0 [ 58.296263][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 58.301285][ T5088] hfsplus_bmap_reserve+0x105/0x4e0 [ 58.306479][ T5088] hfsplus_create_attr+0x1c8/0x640 [ 58.311580][ T5088] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 58.317197][ T5088] ? rcu_is_watching+0x15/0xb0 [ 58.321949][ T5088] ? hfsplus_find_init+0x14a/0x1c0 [ 58.327044][ T5088] __hfsplus_setxattr+0x6fe/0x22d0 [ 58.332143][ T5088] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.338454][ T5088] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 58.344436][ T5088] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 58.349986][ T5088] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.355910][ T5088] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.362225][ T5088] ? stack_trace_save+0x118/0x1d0 [ 58.367234][ T5088] ? mark_lock+0x9a/0x350 [ 58.371547][ T5088] ? stack_depot_save_flags+0x6e4/0x830 [ 58.377097][ T5088] ? __kasan_kmalloc+0x98/0xb0 [ 58.381852][ T5088] ? hfsplus_setxattr+0x68/0xe0 [ 58.386685][ T5088] ? kmalloc_trace_noprof+0x19c/0x2b0 [ 58.392042][ T5088] hfsplus_setxattr+0xb0/0xe0 [ 58.396707][ T5088] hfsplus_trusted_setxattr+0x40/0x60 [ 58.402066][ T5088] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 58.408115][ T5088] __vfs_setxattr+0x468/0x4a0 [ 58.412781][ T5088] __vfs_setxattr_noperm+0x12e/0x660 [ 58.418128][ T5088] vfs_setxattr+0x221/0x430 [ 58.422637][ T5088] ? __pfx_vfs_setxattr+0x10/0x10 [ 58.427661][ T5088] ? __might_fault+0xc6/0x120 [ 58.432329][ T5088] ? strncpy_from_user+0x1a4/0x2f0 [ 58.437424][ T5088] setxattr+0x25d/0x2f0 [ 58.441565][ T5088] ? __pfx_setxattr+0x10/0x10 [ 58.446228][ T5088] ? mnt_get_write_access+0x226/0x2b0 [ 58.451585][ T5088] path_setxattr+0x1c0/0x2a0 [ 58.456159][ T5088] ? __pfx_path_setxattr+0x10/0x10 [ 58.461250][ T5088] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.467560][ T5088] ? do_syscall_64+0x102/0x240 [ 58.472306][ T5088] __x64_sys_lsetxattr+0xb8/0xd0 [ 58.477226][ T5088] do_syscall_64+0xf5/0x240 [ 58.481710][ T5088] ? clear_bhb_loop+0x35/0x90 [ 58.486372][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.492244][ T5088] RIP: 0033:0x7fa6d80e6639 [ 58.496640][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.516222][ T5088] RSP: 002b:00007ffd1dd16bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 58.524614][ T5088] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fa6d80e6639 [ 58.532562][ T5088] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 58.540514][ T5088] RBP: 00007fa6d8159610 R08: 0000000000000000 R09: 0000000000000000 [ 58.548465][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.556414][ T5088] R13: 00007ffd1dd16dc8 R14: 0000000000000001 R15: 0000000000000001 lsetxattr("./file1", "trusted.overlay.opaque", NULL, 0, 0) = -1 EIO (Input/output error) exit_group(0) = ? +++ exited with 0 +++