./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2781491803 <...> Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. execve("./syz-executor2781491803", ["./syz-executor2781491803"], 0x7ffd8b707550 /* 10 vars */) = 0 brk(NULL) = 0x555571aa7000 brk(0x555571aa7d00) = 0x555571aa7d00 arch_prctl(ARCH_SET_FS, 0x555571aa7380) = 0 set_tid_address(0x555571aa7650) = 5088 set_robust_list(0x555571aa7660, 24) = 0 rseq(0x555571aa7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2781491803", 4096) = 28 getrandom("\x4b\x64\x31\x63\x64\xa5\x16\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555571aa7d00 brk(0x555571ac8d00) = 0x555571ac8d00 brk(0x555571ac9000) = 0x555571ac9000 mprotect(0x7f7550207000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7547c00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f7547c00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_POSIXACL, "nls=iso8859-9,umask=00000000000000000000413,nodecompose,nobarrier,force,umask=0000000000000000000033"...) = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 72.181793][ T5088] loop0: detected capacity change from 0 to 1024 [ 72.213444][ T5088] hfsplus: trying to free free bnode 0(1) [ 72.220417][ T5088] [ 72.222785][ T5088] ============================================ [ 72.228952][ T5088] WARNING: possible recursive locking detected [ 72.235121][ T5088] 6.9.0-rc3-next-20240412-syzkaller #0 Not tainted [ 72.241718][ T5088] -------------------------------------------- [ 72.247862][ T5088] syz-executor278/5088 is trying to acquire lock: [ 72.254271][ T5088] ffff8880233f1548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_get_block+0x383/0x14f0 [ 72.265184][ T5088] [ 72.265184][ T5088] but task is already holding lock: [ 72.272550][ T5088] ffff8880233f2988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 72.283730][ T5088] [ 72.283730][ T5088] other info that might help us debug this: [ 72.291886][ T5088] Possible unsafe locking scenario: [ 72.291886][ T5088] [ 72.299338][ T5088] CPU0 [ 72.302630][ T5088] ---- [ 72.305937][ T5088] lock(&HFSPLUS_I(inode)->extents_lock); [ 72.311883][ T5088] lock(&HFSPLUS_I(inode)->extents_lock); [ 72.317707][ T5088] [ 72.317707][ T5088] *** DEADLOCK *** [ 72.317707][ T5088] [ 72.326036][ T5088] May be due to missing lock nesting notation [ 72.326036][ T5088] [ 72.334348][ T5088] 6 locks held by syz-executor278/5088: [ 72.339974][ T5088] #0: ffff888022daa420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 72.349125][ T5088] #1: ffff8880233f1e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_unlinkat+0x26a/0x830 [ 72.359447][ T5088] #2: ffff8880233f2b80 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: vfs_unlink+0xe4/0x650 [ 72.369771][ T5088] #3: ffff888022cf5198 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 [ 72.379259][ T5088] #4: ffff8880233f2988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb50 [ 72.390969][ T5088] #5: ffff888022cf50f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4e0 [ 72.401034][ T5088] [ 72.401034][ T5088] stack backtrace: [ 72.406936][ T5088] CPU: 1 PID: 5088 Comm: syz-executor278 Not tainted 6.9.0-rc3-next-20240412-syzkaller #0 [ 72.416826][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 72.426878][ T5088] Call Trace: [ 72.430161][ T5088] [ 72.433204][ T5088] dump_stack_lvl+0x241/0x360 [ 72.437902][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.443132][ T5088] ? print_deadlock_bug+0x479/0x620 [ 72.448353][ T5088] ? _find_first_zero_bit+0xd4/0x100 [ 72.453672][ T5088] validate_chain+0x15c1/0x58e0 [ 72.458537][ T5088] ? __pfx_stack_trace_save+0x10/0x10 [ 72.463937][ T5088] ? check_noncircular+0x259/0x4a0 [ 72.469125][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 72.474343][ T5088] ? __pfx_check_noncircular+0x10/0x10 [ 72.479884][ T5088] ? lockdep_unlock+0x16a/0x300 [ 72.484997][ T5088] ? __pfx_lockdep_unlock+0x10/0x10 [ 72.490520][ T5088] ? add_lock_to_list+0x1de/0x2e0 [ 72.495996][ T5088] ? look_up_lock_class+0x77/0x160 [ 72.501139][ T5088] ? register_lock_class+0x102/0x980 [ 72.506430][ T5088] ? validate_chain+0x15a2/0x58e0 [ 72.511462][ T5088] ? is_bpf_text_address+0x26/0x2a0 [ 72.516677][ T5088] ? __pfx_register_lock_class+0x10/0x10 [ 72.522493][ T5088] ? mark_lock+0x9a/0x350 [ 72.526827][ T5088] __lock_acquire+0x1346/0x1fd0 [ 72.531692][ T5088] lock_acquire+0x1ed/0x550 [ 72.536194][ T5088] ? hfsplus_get_block+0x383/0x14f0 [ 72.541407][ T5088] ? __pfx_lock_acquire+0x10/0x10 [ 72.546438][ T5088] ? __pfx___might_resched+0x10/0x10 [ 72.551728][ T5088] ? filemap_read_folio+0x1a0/0x790 [ 72.556931][ T5088] ? __pfx_register_lock_class+0x10/0x10 [ 72.562606][ T5088] ? hfsplus_free_extents+0x17a/0xae0 [ 72.568447][ T5088] ? hfsplus_delete_inode+0x174/0x220 [ 72.573835][ T5088] ? hfsplus_unlink+0x512/0x790 [ 72.578707][ T5088] __mutex_lock+0x136/0xd70 [ 72.583225][ T5088] ? hfsplus_get_block+0x383/0x14f0 [ 72.588436][ T5088] ? hfsplus_get_block+0x383/0x14f0 [ 72.593750][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 72.598790][ T5088] hfsplus_get_block+0x383/0x14f0 [ 72.603833][ T5088] ? __pfx_hfsplus_get_block+0x10/0x10 [ 72.609327][ T5088] ? _raw_spin_unlock+0x28/0x50 [ 72.614202][ T5088] ? create_empty_buffers+0x53e/0x740 [ 72.619774][ T5088] block_read_full_folio+0x42e/0xe10 [ 72.625080][ T5088] ? __pfx_hfsplus_get_block+0x10/0x10 [ 72.630546][ T5088] ? __pfx_block_read_full_folio+0x10/0x10 [ 72.636382][ T5088] ? __pfx_lru_add_fn+0x10/0x10 [ 72.641275][ T5088] ? folio_add_lru+0x357/0xd70 [ 72.646042][ T5088] ? folio_add_lru+0x58f/0xd70 [ 72.650903][ T5088] filemap_read_folio+0x1a0/0x790 [ 72.655931][ T5088] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 72.661929][ T5088] ? __pfx_filemap_read_folio+0x10/0x10 [ 72.667489][ T5088] ? __filemap_get_folio+0x92d/0xbb0 [ 72.672786][ T5088] ? hfsplus_block_free+0xbb/0x4e0 [ 72.677911][ T5088] do_read_cache_folio+0x134/0x820 [ 72.683057][ T5088] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 72.688622][ T5088] do_read_cache_page+0x30/0x200 [ 72.693578][ T5088] hfsplus_block_free+0x128/0x4e0 [ 72.698890][ T5088] ? hfsplus_find_init+0x85/0x1c0 [ 72.704193][ T5088] hfsplus_free_extents+0x17a/0xae0 [ 72.709409][ T5088] hfsplus_file_truncate+0x7d0/0xb50 [ 72.714813][ T5088] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 72.720626][ T5088] ? hfsplus_unlink+0x161/0x790 [ 72.725508][ T5088] hfsplus_delete_inode+0x174/0x220 [ 72.730736][ T5088] hfsplus_unlink+0x512/0x790 [ 72.735451][ T5088] ? __pfx_lock_acquire+0x10/0x10 [ 72.740484][ T5088] ? __pfx_hfsplus_unlink+0x10/0x10 [ 72.745684][ T5088] ? __down_write_common+0x162/0x200 [ 72.750996][ T5088] ? bpf_lsm_inode_unlink+0x9/0x10 [ 72.756109][ T5088] ? security_inode_unlink+0xd5/0x120 [ 72.761505][ T5088] vfs_unlink+0x365/0x650 [ 72.765844][ T5088] do_unlinkat+0x4ae/0x830 [ 72.770268][ T5088] ? __pfx_do_unlinkat+0x10/0x10 [ 72.775209][ T5088] ? __might_fault+0xc6/0x120 [ 72.779889][ T5088] ? strncpy_from_user+0x1a4/0x2f0 [ 72.785012][ T5088] __x64_sys_unlink+0x49/0x60 [ 72.789687][ T5088] do_syscall_64+0xfa/0x250 [ 72.794194][ T5088] ? clear_bhb_loop+0x35/0x90 [ 72.798872][ T5088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.804883][ T5088] RIP: 0033:0x7f7550193af9 [ 72.809327][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.828960][ T5088] RSP: 002b:00007ffd7e52d728 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 72.837405][ T5088] RAX: ffffffffffffffda RBX: 00007f75501dc04b RCX: 00007f7550193af9 [ 72.845395][ T5088] RDX: 00007f7550192b91 RSI: 0000000000000000 RDI: 0000000020000000 [ 72.853417][ T5088] RBP: 00007f75501dc053 R08: 0000000000000669 R09: 0000000000000000 [ 72.861513][ T5088] R10: 00007ffd7e52d5f0 R11: 0000000000000246 R12: 0000000000000001 [ 72.869538][ T5088] R13: 00007ffd7e52d908 R14: 0000000000000001 R15: 0000000000000001 [ 72.877520][ T5088] unlink("./file1") = 0 exit_group(0) = ? +++ exited with 0 +++ [ 72.881887][ T5088] hfsplus: unable