./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor225391438 <...> Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts. execve("./syz-executor225391438", ["./syz-executor225391438"], 0x7ffdd6db7160 /* 10 vars */) = 0 brk(NULL) = 0x555555a5d000 brk(0x555555a5dd00) = 0x555555a5dd00 arch_prctl(ARCH_SET_FS, 0x555555a5d380) = 0 set_tid_address(0x555555a5d650) = 5056 set_robust_list(0x555555a5d660, 24) = 0 rseq(0x555555a5dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor225391438", 4096) = 27 getrandom("\x4d\x4d\xa6\x69\x3a\x3b\xcc\xb9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555a5dd00 brk(0x555555a7ed00) = 0x555555a7ed00 brk(0x555555a7f000) = 0x555555a7f000 mprotect(0x7f2eedd11000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2ee5800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f2ee5800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_STRICTATIME, "") = 0 [ 59.081146][ T5056] loop0: detected capacity change from 0 to 1024 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 59.192920][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.199712][ T5056] hfsplus: xattr searching failed [ 59.205128][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.211731][ T5056] hfsplus: xattr searching failed [ 59.217427][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.224031][ T5056] hfsplus: xattr searching failed [ 59.230257][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.237005][ T5056] hfsplus: xattr searching failed openat(AT_FDCWD, "./file1", O_RDONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [ 59.244807][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.251516][ T5056] hfsplus: xattr searching failed [ 59.256934][ T28] audit: type=1800 audit(1712484640.545:2): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz-executor225" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 59.278859][ T5056] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 59.285802][ T5056] [ 59.288125][ T5056] ====================================================== [ 59.295129][ T5056] WARNING: possible circular locking dependency detected [ 59.302129][ T5056] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 59.308783][ T5056] ------------------------------------------------------ [ 59.315802][ T5056] syz-executor225/5056 is trying to acquire lock: [ 59.322295][ T5056] ffff88802bf80e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x21b/0x1b70 [ 59.333339][ T5056] [ 59.333339][ T5056] but task is already holding lock: [ 59.340706][ T5056] ffff888075e2e0b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.350344][ T5056] [ 59.350344][ T5056] which lock already depends on the new lock. [ 59.350344][ T5056] [ 59.360724][ T5056] [ 59.360724][ T5056] the existing dependency chain (in reverse order) is: [ 59.369714][ T5056] [ 59.369714][ T5056] -> #2 (&tree->tree_lock/2){+.+.}-{3:3}: [ 59.377614][ T5056] lock_acquire+0x1e4/0x530 [ 59.382621][ T5056] __mutex_lock+0x136/0xd70 [ 59.387740][ T5056] hfsplus_find_init+0x14a/0x1c0 [ 59.393182][ T5056] hfsplus_attr_exists+0xff/0x1d0 [ 59.398731][ T5056] __hfsplus_setxattr+0x476/0x22d0 [ 59.404536][ T5056] hfsplus_setxattr+0xb0/0xe0 [ 59.409766][ T5056] hfsplus_trusted_setxattr+0x40/0x60 [ 59.415649][ T5056] __vfs_setxattr+0x468/0x4a0 [ 59.420935][ T5056] __vfs_setxattr_noperm+0x12e/0x5e0 [ 59.426735][ T5056] vfs_setxattr+0x221/0x430 [ 59.431743][ T5056] setxattr+0x25d/0x2f0 [ 59.436407][ T5056] path_setxattr+0x1c0/0x2a0 [ 59.441504][ T5056] __x64_sys_lsetxattr+0xb8/0xd0 [ 59.446961][ T5056] do_syscall_64+0xfb/0x240 [ 59.451969][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.458542][ T5056] [ 59.458542][ T5056] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 59.466261][ T5056] lock_acquire+0x1e4/0x530 [ 59.471271][ T5056] __mutex_lock+0x136/0xd70 [ 59.476281][ T5056] hfsplus_file_truncate+0x811/0xb50 [ 59.482193][ T5056] hfsplus_setattr+0x1ce/0x280 [ 59.487466][ T5056] notify_change+0xb9d/0xe70 [ 59.492567][ T5056] do_truncate+0x220/0x310 [ 59.497506][ T5056] path_openat+0x29fe/0x3240 [ 59.502609][ T5056] do_filp_open+0x235/0x490 [ 59.507641][ T5056] do_sys_openat2+0x13e/0x1d0 [ 59.512826][ T5056] __x64_sys_openat+0x247/0x2a0 [ 59.518184][ T5056] do_syscall_64+0xfb/0x240 [ 59.523195][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.529595][ T5056] [ 59.529595][ T5056] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 59.538623][ T5056] validate_chain+0x18cb/0x58e0 [ 59.543982][ T5056] __lock_acquire+0x1346/0x1fd0 [ 59.549345][ T5056] lock_acquire+0x1e4/0x530 [ 59.554355][ T5056] __mutex_lock+0x136/0xd70 [ 59.559369][ T5056] hfsplus_file_extend+0x21b/0x1b70 [ 59.565250][ T5056] hfsplus_bmap_reserve+0x105/0x4e0 [ 59.570953][ T5056] hfsplus_create_attr+0x1c8/0x640 [ 59.576572][ T5056] __hfsplus_setxattr+0x6fe/0x22d0 [ 59.582193][ T5056] hfsplus_setxattr+0xb0/0xe0 [ 59.587382][ T5056] hfsplus_trusted_setxattr+0x40/0x60 [ 59.593272][ T5056] __vfs_setxattr+0x468/0x4a0 [ 59.598458][ T5056] __vfs_setxattr_noperm+0x12e/0x5e0 [ 59.604249][ T5056] vfs_setxattr+0x221/0x430 [ 59.609257][ T5056] setxattr+0x25d/0x2f0 [ 59.613922][ T5056] path_setxattr+0x1c0/0x2a0 [ 59.619648][ T5056] __x64_sys_lsetxattr+0xb8/0xd0 [ 59.625093][ T5056] do_syscall_64+0xfb/0x240 [ 59.630105][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.636506][ T5056] [ 59.636506][ T5056] other info that might help us debug this: [ 59.636506][ T5056] [ 59.646720][ T5056] Chain exists of: [ 59.646720][ T5056] &HFSPLUS_I(inode)->extents_lock --> &tree->tree_lock --> &tree->tree_lock/2 [ 59.646720][ T5056] [ 59.661485][ T5056] Possible unsafe locking scenario: [ 59.661485][ T5056] [ 59.669001][ T5056] CPU0 CPU1 [ 59.674349][ T5056] ---- ---- [ 59.679700][ T5056] lock(&tree->tree_lock/2); [ 59.684803][ T5056] lock(&tree->tree_lock); [ 59.691810][ T5056] lock(&tree->tree_lock/2); [ 59.698998][ T5056] lock(&HFSPLUS_I(inode)->extents_lock); [ 59.704824][ T5056] [ 59.704824][ T5056] *** DEADLOCK *** [ 59.704824][ T5056] [ 59.713213][ T5056] 4 locks held by syz-executor225/5056: [ 59.718738][ T5056] #0: ffff888075e28420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 59.727878][ T5056] #1: ffff88802bf824c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: vfs_setxattr+0x1e1/0x430 [ 59.738307][ T5056] #2: ffff888075e2c0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.748211][ T5056] #3: ffff888075e2e0b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x14a/0x1c0 [ 59.758324][ T5056] [ 59.758324][ T5056] stack backtrace: [ 59.764199][ T5056] CPU: 1 PID: 5056 Comm: syz-executor225 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 59.774244][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 59.784308][ T5056] Call Trace: [ 59.787587][ T5056] [ 59.790513][ T5056] dump_stack_lvl+0x241/0x360 [ 59.795190][ T5056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.800401][ T5056] ? print_circular_bug+0x130/0x1a0 [ 59.805596][ T5056] check_noncircular+0x36a/0x4a0 [ 59.810527][ T5056] ? __pfx_check_noncircular+0x10/0x10 [ 59.816064][ T5056] ? lockdep_lock+0x123/0x2b0 [ 59.820751][ T5056] ? _find_first_zero_bit+0xd4/0x100 [ 59.826047][ T5056] validate_chain+0x18cb/0x58e0 [ 59.830995][ T5056] ? __pfx_validate_chain+0x10/0x10 [ 59.836205][ T5056] ? lockdep_unlock+0x16a/0x300 [ 59.841063][ T5056] ? __pfx_validate_chain+0x10/0x10 [ 59.846261][ T5056] ? __pfx_validate_chain+0x10/0x10 [ 59.851452][ T5056] ? mark_lock+0x9a/0x350 [ 59.855772][ T5056] ? __lock_acquire+0x1346/0x1fd0 [ 59.860785][ T5056] ? look_up_lock_class+0x77/0x160 [ 59.865894][ T5056] ? register_lock_class+0x102/0x980 [ 59.871188][ T5056] ? validate_chain+0x11b/0x58e0 [ 59.876115][ T5056] ? __pfx_register_lock_class+0x10/0x10 [ 59.881735][ T5056] ? mark_lock+0x9a/0x350 [ 59.886052][ T5056] __lock_acquire+0x1346/0x1fd0 [ 59.890989][ T5056] lock_acquire+0x1e4/0x530 [ 59.895483][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.900851][ T5056] ? __pfx_lock_acquire+0x10/0x10 [ 59.905868][ T5056] ? __pfx___might_resched+0x10/0x10 [ 59.911143][ T5056] ? __pfx_register_lock_class+0x10/0x10 [ 59.916856][ T5056] __mutex_lock+0x136/0xd70 [ 59.921351][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.926730][ T5056] ? hfsplus_file_extend+0x21b/0x1b70 [ 59.932095][ T5056] ? __pfx___mutex_lock+0x10/0x10 [ 59.937113][ T5056] hfsplus_file_extend+0x21b/0x1b70 [ 59.942305][ T5056] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 59.947927][ T5056] ? rcu_is_watching+0x15/0xb0 [ 59.952695][ T5056] ? trace_contention_end+0x3c/0x100 [ 59.958041][ T5056] ? __mutex_lock+0x2ef/0xd70 [ 59.962723][ T5056] ? hfsplus_find_init+0x14a/0x1c0 [ 59.967833][ T5056] ? __pfx___mutex_lock+0x10/0x10 [ 59.972849][ T5056] ? rcu_is_watching+0x15/0xb0 [ 59.977605][ T5056] hfsplus_bmap_reserve+0x105/0x4e0 [ 59.982795][ T5056] hfsplus_create_attr+0x1c8/0x640 [ 59.987900][ T5056] ? __pfx_hfsplus_create_attr+0x10/0x10 [ 59.993522][ T5056] ? hfsplus_find_init+0x14a/0x1c0 [ 59.998633][ T5056] __hfsplus_setxattr+0x6fe/0x22d0 [ 60.003740][ T5056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.010057][ T5056] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 60.016203][ T5056] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 60.021768][ T5056] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 60.027651][ T5056] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.033970][ T5056] ? stack_trace_save+0x118/0x1d0 [ 60.038988][ T5056] ? stack_depot_save_flags+0x37d/0x860 [ 60.044544][ T5056] ? __kasan_kmalloc+0x98/0xb0 [ 60.049297][ T5056] ? hfsplus_setxattr+0x68/0xe0 [ 60.054307][ T5056] ? kmalloc_trace+0x1db/0x360 [ 60.059061][ T5056] ? hfsplus_setxattr+0x68/0xe0 [ 60.063902][ T5056] hfsplus_setxattr+0xb0/0xe0 [ 60.068569][ T5056] hfsplus_trusted_setxattr+0x40/0x60 [ 60.073933][ T5056] ? __pfx_hfsplus_trusted_setxattr+0x10/0x10 [ 60.079990][ T5056] __vfs_setxattr+0x468/0x4a0 [ 60.084656][ T5056] __vfs_setxattr_noperm+0x12e/0x5e0 [ 60.089930][ T5056] vfs_setxattr+0x221/0x430 [ 60.094532][ T5056] ? __pfx_vfs_setxattr+0x10/0x10 [ 60.099539][ T5056] ? __check_object_size+0x8e/0xa00 [ 60.104728][ T5056] ? __might_fault+0xc6/0x120 [ 60.109396][ T5056] ? strncpy_from_user+0x1a4/0x2f0 [ 60.114496][ T5056] setxattr+0x25d/0x2f0 [ 60.118641][ T5056] ? __pfx_setxattr+0x10/0x10 [ 60.123314][ T5056] ? mnt_get_write_access+0x226/0x2b0 [ 60.128763][ T5056] path_setxattr+0x1c0/0x2a0 [ 60.133435][ T5056] ? __pfx_path_setxattr+0x10/0x10 [ 60.138535][ T5056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.144851][ T5056] ? do_syscall_64+0x10a/0x240 [ 60.149608][ T5056] __x64_sys_lsetxattr+0xb8/0xd0 [ 60.154531][ T5056] do_syscall_64+0xfb/0x240 [ 60.159022][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 60.164923][ T5056] RIP: 0033:0x7f2eedc9e639 [ 60.169341][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.188933][ T5056] RSP: 002b:00007ffe8feaf468 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 60.197424][ T5056] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f2eedc9e639 [ 60.205422][ T5056] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 60.213512][ T5056] RBP: 00007f2eedd11610 R08: 0000000000000000 R09: 0000000000000000 [ 60.221472][ T5056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.229459][ T5056] R13: 00007ffe8feaf638 R14: 0000000000000001 R15: 0000000000000001 [ 60.237437][ T5056] lsetxattr("./file1", "trusted.overlay.opaque", NULL, 0, 0) = -1 EIO (Input/output error) exit_group(0) = ? +++ exited with 0 +++ [ 60.245521][ T5056] hfsplus: inconsistency