./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3553213526 <...> Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. execve("./syz-executor3553213526", ["./syz-executor3553213526"], 0x7ffece921750 /* 10 vars */) = 0 brk(NULL) = 0x555556188000 brk(0x555556188d00) = 0x555556188d00 arch_prctl(ARCH_SET_FS, 0x555556188380) = 0 set_tid_address(0x555556188650) = 5033 set_robust_list(0x555556188660, 24) = 0 rseq(0x555556188ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3553213526", 4096) = 28 getrandom("\x0b\x27\x0d\x80\xec\x64\x78\x60", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556188d00 brk(0x5555561a9d00) = 0x5555561a9d00 brk(0x5555561aa000) = 0x5555561aa000 mprotect(0x7f709d35d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7094eac000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f7094eac000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", 0, "force") = 0 openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY) = 4 unlink("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 78.761134][ T5033] syz-executor355[5033]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 78.783514][ T5033] loop0: detected capacity change from 0 to 1024 [ 78.840606][ T5033] [ 78.842998][ T5033] ====================================================== [ 78.850041][ T5033] WARNING: possible circular locking dependency detected [ 78.857100][ T5033] 6.6.0-rc6-syzkaller-00043-gdd72f9c7e512 #0 Not tainted [ 78.864127][ T5033] ------------------------------------------------------ [ 78.871154][ T5033] syz-executor355/5033 is trying to acquire lock: [ 78.877584][ T5033] ffff8880183400b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb40 [ 78.887457][ T5033] [ 78.887457][ T5033] but task is already holding lock: [ 78.894943][ T5033] ffff888018b72988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 78.906323][ T5033] [ 78.906323][ T5033] which lock already depends on the new lock. [ 78.906323][ T5033] [ 78.916734][ T5033] [ 78.916734][ T5033] the existing dependency chain (in reverse order) is: [ 78.925748][ T5033] [ 78.925748][ T5033] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 78.934798][ T5033] __mutex_lock+0x136/0xd60 [ 78.939845][ T5033] hfsplus_file_extend+0x21b/0x1b70 [ 78.945584][ T5033] hfsplus_bmap_reserve+0x105/0x4e0 [ 78.951511][ T5033] hfsplus_rename_cat+0x1d0/0x1050 [ 78.957172][ T5033] hfsplus_unlink+0x308/0x790 [ 78.962529][ T5033] vfs_unlink+0x35d/0x5f0 [ 78.967494][ T5033] do_unlinkat+0x4a7/0x950 [ 78.972441][ T5033] __x64_sys_unlink+0x49/0x50 [ 78.977646][ T5033] do_syscall_64+0x41/0xc0 [ 78.982674][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.989106][ T5033] [ 78.989106][ T5033] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 78.997038][ T5033] __lock_acquire+0x39ff/0x7f70 [ 79.002459][ T5033] lock_acquire+0x1e3/0x520 [ 79.007490][ T5033] __mutex_lock+0x136/0xd60 [ 79.012527][ T5033] hfsplus_file_truncate+0x811/0xb40 [ 79.018374][ T5033] hfsplus_setattr+0x1b9/0x260 [ 79.023690][ T5033] notify_change+0xb99/0xe60 [ 79.028878][ T5033] do_truncate+0x220/0x300 [ 79.033868][ T5033] path_openat+0x2959/0x3180 [ 79.039125][ T5033] do_filp_open+0x234/0x490 [ 79.044195][ T5033] do_sys_openat2+0x13e/0x1d0 [ 79.049418][ T5033] __x64_sys_creat+0x123/0x160 [ 79.054714][ T5033] do_syscall_64+0x41/0xc0 [ 79.059654][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.066074][ T5033] [ 79.066074][ T5033] other info that might help us debug this: [ 79.066074][ T5033] [ 79.076322][ T5033] Possible unsafe locking scenario: [ 79.076322][ T5033] [ 79.084006][ T5033] CPU0 CPU1 [ 79.089378][ T5033] ---- ---- [ 79.094758][ T5033] lock(&HFSPLUS_I(inode)->extents_lock); [ 79.100598][ T5033] lock(&tree->tree_lock); [ 79.107655][ T5033] lock(&HFSPLUS_I(inode)->extents_lock); [ 79.116103][ T5033] lock(&tree->tree_lock); [ 79.120722][ T5033] [ 79.120722][ T5033] *** DEADLOCK *** [ 79.120722][ T5033] [ 79.128993][ T5033] 3 locks held by syz-executor355/5033: [ 79.134543][ T5033] #0: ffff88801ff26410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 79.143726][ T5033] #1: ffff888018b72b80 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300 [ 79.154440][ T5033] #2: ffff888018b72988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 79.166058][ T5033] [ 79.166058][ T5033] stack backtrace: [ 79.171955][ T5033] CPU: 1 PID: 5033 Comm: syz-executor355 Not tainted 6.6.0-rc6-syzkaller-00043-gdd72f9c7e512 #0 [ 79.182392][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 79.192469][ T5033] Call Trace: [ 79.195777][ T5033] [ 79.198722][ T5033] dump_stack_lvl+0x1e7/0x2d0 [ 79.203420][ T5033] ? nf_tcp_handle_invalid+0x650/0x650 [ 79.208897][ T5033] ? print_circular_bug+0x12b/0x1a0 [ 79.214114][ T5033] check_noncircular+0x375/0x4a0 [ 79.219064][ T5033] ? print_deadlock_bug+0x600/0x600 [ 79.224305][ T5033] ? lockdep_lock+0x123/0x2b0 [ 79.229178][ T5033] ? mark_lock+0x9a/0x340 [ 79.233544][ T5033] ? _find_first_zero_bit+0xd4/0x100 [ 79.238878][ T5033] __lock_acquire+0x39ff/0x7f70 [ 79.243786][ T5033] ? verify_lock_unused+0x140/0x140 [ 79.249066][ T5033] ? verify_lock_unused+0x140/0x140 [ 79.254413][ T5033] ? folio_memcg_lock+0x89/0x390 [ 79.259427][ T5033] lock_acquire+0x1e3/0x520 [ 79.263955][ T5033] ? hfsplus_file_truncate+0x811/0xb40 [ 79.269450][ T5033] ? read_lock_is_recursive+0x20/0x20 [ 79.274855][ T5033] ? __might_sleep+0xc0/0xc0 [ 79.279467][ T5033] ? __mutex_unlock_slowpath+0x21c/0x750 [ 79.285138][ T5033] ? hfsplus_block_free+0x3da/0x4d0 [ 79.290381][ T5033] __mutex_lock+0x136/0xd60 [ 79.294900][ T5033] ? hfsplus_file_truncate+0x811/0xb40 [ 79.300385][ T5033] ? hfsplus_file_truncate+0x811/0xb40 [ 79.305854][ T5033] ? mutex_lock_nested+0x20/0x20 [ 79.311065][ T5033] ? hfsplus_free_extents+0x47e/0xae0 [ 79.316450][ T5033] hfsplus_file_truncate+0x811/0xb40 [ 79.321754][ T5033] ? hfsplus_add_extent+0x880/0x880 [ 79.326988][ T5033] ? unmap_mapping_range+0xf8/0x290 [ 79.332998][ T5033] ? unmap_mapping_pages+0x180/0x180 [ 79.338327][ T5033] ? current_time+0x1e0/0x2b0 [ 79.343034][ T5033] ? truncate_setsize+0xcf/0xf0 [ 79.348012][ T5033] hfsplus_setattr+0x1b9/0x260 [ 79.352793][ T5033] ? hfsplus_fileattr_set+0x2f0/0x2f0 [ 79.358178][ T5033] notify_change+0xb99/0xe60 [ 79.362911][ T5033] do_truncate+0x220/0x300 [ 79.367361][ T5033] ? put_page_bootmem+0x2e0/0x2e0 [ 79.372414][ T5033] ? ima_bprm_check+0x2b0/0x2b0 [ 79.377294][ T5033] path_openat+0x2959/0x3180 [ 79.381910][ T5033] ? do_filp_open+0x490/0x490 [ 79.386623][ T5033] do_filp_open+0x234/0x490 [ 79.391158][ T5033] ? vfs_tmpfile+0x4b0/0x4b0 [ 79.395768][ T5033] ? _raw_spin_unlock+0x28/0x40 [ 79.400803][ T5033] ? alloc_fd+0x59c/0x640 [ 79.405139][ T5033] do_sys_openat2+0x13e/0x1d0 [ 79.409850][ T5033] ? do_sys_open+0x230/0x230 [ 79.414457][ T5033] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.419858][ T5033] ? ptrace_notify+0x278/0x380 [ 79.424652][ T5033] __x64_sys_creat+0x123/0x160 [ 79.429447][ T5033] ? __x64_compat_sys_openat+0x290/0x290 [ 79.435118][ T5033] ? syscall_enter_from_user_mode+0x32/0x230 [ 79.441125][ T5033] ? syscall_enter_from_user_mode+0x8c/0x230 [ 79.447214][ T5033] do_syscall_64+0x41/0xc0 [ 79.451643][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.457554][ T5033] RIP: 0033:0x7f709d2e9879 [ 79.462069][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.481894][ T5033] RSP: 002b:00007fff5b28eaf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 creat("./file1", 000) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 79.490344][ T5033] RAX: fffffffffffff