./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3625463336 <...> Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. execve("./syz-executor3625463336", ["./syz-executor3625463336"], 0x7ffff180cdb0 /* 10 vars */) = 0 brk(NULL) = 0x555555828000 brk(0x555555828d00) = 0x555555828d00 arch_prctl(ARCH_SET_FS, 0x555555828380) = 0 set_tid_address(0x555555828650) = 5063 set_robust_list(0x555555828660, 24) = 0 rseq(0x555555828ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3625463336", 4096) = 28 getrandom("\x2c\x29\xca\x05\xa5\xfa\x2d\xf4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555828d00 brk(0x555555849d00) = 0x555555849d00 brk(0x55555584a000) = 0x55555584a000 mprotect(0x7f45bc660000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f45b41b0000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f45b41b0000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "hfsplus", MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 ioctl(4, LOOP_CLR_FD) = 0 [ 74.556791][ T5063] loop0: detected capacity change from 0 to 1024 close(4) = 0 mknodat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY) = 4 unlink("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 74.655612][ T5063] [ 74.658018][ T5063] ====================================================== [ 74.665057][ T5063] WARNING: possible circular locking dependency detected [ 74.672085][ T5063] 6.6.0-syzkaller-15029-gbe3ca57cfb77 #0 Not tainted [ 74.678795][ T5063] ------------------------------------------------------ [ 74.685813][ T5063] syz-executor362/5063 is trying to acquire lock: [ 74.692220][ T5063] ffff88801e5520b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x811/0xb40 [ 74.702078][ T5063] [ 74.702078][ T5063] but task is already holding lock: [ 74.709433][ T5063] ffff88801d300108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 74.720583][ T5063] [ 74.720583][ T5063] which lock already depends on the new lock. [ 74.720583][ T5063] [ 74.730987][ T5063] [ 74.730987][ T5063] the existing dependency chain (in reverse order) is: [ 74.740013][ T5063] [ 74.740013][ T5063] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 74.749153][ T5063] __mutex_lock+0x136/0xd60 [ 74.754194][ T5063] hfsplus_file_extend+0x21b/0x1b70 [ 74.759918][ T5063] hfsplus_bmap_reserve+0x105/0x4e0 [ 74.765659][ T5063] hfsplus_rename_cat+0x1d0/0x1050 [ 74.771294][ T5063] hfsplus_unlink+0x308/0x790 [ 74.776499][ T5063] vfs_unlink+0x35d/0x5f0 [ 74.781357][ T5063] do_unlinkat+0x4ae/0x830 [ 74.786312][ T5063] __x64_sys_unlink+0x49/0x50 [ 74.791510][ T5063] do_syscall_64+0x44/0x110 [ 74.796545][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.802968][ T5063] [ 74.802968][ T5063] -> #0 (&tree->tree_lock){+.+.}-{3:3}: [ 74.810702][ T5063] __lock_acquire+0x39ff/0x7f70 [ 74.816078][ T5063] lock_acquire+0x1e3/0x520 [ 74.821150][ T5063] __mutex_lock+0x136/0xd60 [ 74.826180][ T5063] hfsplus_file_truncate+0x811/0xb40 [ 74.832020][ T5063] hfsplus_setattr+0x1bd/0x260 [ 74.837382][ T5063] notify_change+0xb99/0xe60 [ 74.842514][ T5063] do_truncate+0x220/0x300 [ 74.847484][ T5063] path_openat+0x29dd/0x3280 [ 74.852619][ T5063] do_filp_open+0x234/0x490 [ 74.857682][ T5063] do_sys_openat2+0x13e/0x1d0 [ 74.862882][ T5063] __x64_sys_creat+0x123/0x160 [ 74.868166][ T5063] do_syscall_64+0x44/0x110 [ 74.873205][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.879686][ T5063] [ 74.879686][ T5063] other info that might help us debug this: [ 74.879686][ T5063] [ 74.889926][ T5063] Possible unsafe locking scenario: [ 74.889926][ T5063] [ 74.897374][ T5063] CPU0 CPU1 [ 74.902734][ T5063] ---- ---- [ 74.908102][ T5063] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.913922][ T5063] lock(&tree->tree_lock); [ 74.920961][ T5063] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.929288][ T5063] lock(&tree->tree_lock); [ 74.933790][ T5063] [ 74.933790][ T5063] *** DEADLOCK *** [ 74.933790][ T5063] [ 74.941973][ T5063] 3 locks held by syz-executor362/5063: [ 74.947545][ T5063] #0: ffff88801e550418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 74.956710][ T5063] #1: ffff88801d300300 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: do_truncate+0x20c/0x300 [ 74.967118][ T5063] #2: ffff88801d300108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 [ 74.978713][ T5063] [ 74.978713][ T5063] stack backtrace: [ 74.984602][ T5063] CPU: 1 PID: 5063 Comm: syz-executor362 Not tainted 6.6.0-syzkaller-15029-gbe3ca57cfb77 #0 [ 74.994665][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 75.004725][ T5063] Call Trace: [ 75.008023][ T5063] [ 75.010982][ T5063] dump_stack_lvl+0x1e7/0x2d0 [ 75.015699][ T5063] ? nf_tcp_handle_invalid+0x650/0x650 [ 75.021170][ T5063] ? print_circular_bug+0x12b/0x1a0 [ 75.026409][ T5063] check_noncircular+0x375/0x4a0 [ 75.031372][ T5063] ? print_deadlock_bug+0x600/0x600 [ 75.036584][ T5063] ? lockdep_lock+0x123/0x2b0 [ 75.041266][ T5063] ? mark_lock+0x9a/0x340 [ 75.045602][ T5063] ? _find_first_zero_bit+0xd4/0x100 [ 75.050892][ T5063] __lock_acquire+0x39ff/0x7f70 [ 75.055755][ T5063] ? verify_lock_unused+0x140/0x140 [ 75.060968][ T5063] ? verify_lock_unused+0x140/0x140 [ 75.066172][ T5063] ? folio_memcg_lock+0x89/0x390 [ 75.071123][ T5063] lock_acquire+0x1e3/0x520 [ 75.075627][ T5063] ? hfsplus_file_truncate+0x811/0xb40 [ 75.081109][ T5063] ? read_lock_is_recursive+0x20/0x20 [ 75.086572][ T5063] ? __might_sleep+0xc0/0xc0 [ 75.091166][ T5063] ? __mutex_unlock_slowpath+0x21c/0x750 [ 75.096819][ T5063] ? hfsplus_block_free+0x3da/0x4d0 [ 75.102055][ T5063] __mutex_lock+0x136/0xd60 [ 75.106562][ T5063] ? hfsplus_file_truncate+0x811/0xb40 [ 75.112051][ T5063] ? hfsplus_file_truncate+0x811/0xb40 [ 75.117513][ T5063] ? mutex_lock_nested+0x20/0x20 [ 75.122453][ T5063] ? hfsplus_free_extents+0x47e/0xae0 [ 75.127871][ T5063] hfsplus_file_truncate+0x811/0xb40 [ 75.133213][ T5063] ? hfsplus_add_extent+0x880/0x880 [ 75.138424][ T5063] ? unmap_mapping_range+0xf8/0x290 [ 75.143629][ T5063] ? unmap_mapping_pages+0x180/0x180 [ 75.148914][ T5063] ? current_time+0x1e0/0x2b0 [ 75.153604][ T5063] ? truncate_setsize+0xcf/0xf0 [ 75.158462][ T5063] hfsplus_setattr+0x1bd/0x260 [ 75.163230][ T5063] ? hfsplus_fileattr_set+0x2f0/0x2f0 [ 75.168738][ T5063] notify_change+0xb99/0xe60 [ 75.173351][ T5063] do_truncate+0x220/0x300 [ 75.177775][ T5063] ? put_page_bootmem+0x2e0/0x2e0 [ 75.182827][ T5063] ? ima_bprm_check+0x2b0/0x2b0 [ 75.187698][ T5063] path_openat+0x29dd/0x3280 [ 75.192334][ T5063] ? do_filp_open+0x490/0x490 [ 75.197713][ T5063] do_filp_open+0x234/0x490 [ 75.202296][ T5063] ? vfs_tmpfile+0x500/0x500 [ 75.207011][ T5063] ? _raw_spin_unlock+0x28/0x40 [ 75.211954][ T5063] ? alloc_fd+0x59c/0x640 [ 75.216290][ T5063] do_sys_openat2+0x13e/0x1d0 [ 75.221072][ T5063] ? do_sys_open+0x230/0x230 [ 75.225666][ T5063] ? _raw_spin_unlock_irq+0x2e/0x50 [ 75.230873][ T5063] ? ptrace_notify+0x278/0x380 [ 75.235646][ T5063] __x64_sys_creat+0x123/0x160 [ 75.240444][ T5063] ? __x64_compat_sys_openat+0x290/0x290 [ 75.246102][ T5063] ? syscall_enter_from_user_mode+0x32/0x230 [ 75.252087][ T5063] ? syscall_enter_from_user_mode+0x8c/0x230 [ 75.258075][ T5063] do_syscall_64+0x44/0x110 [ 75.262579][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 75.268504][ T5063] RIP: 0033:0x7f45bc5ed879 [ 75.272935][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.292602][ T5063] RSP: 002b:00007ffd9d4984c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 creat("./file1", 0332) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 75.301027][ T5063] RAX: ffffffffffffffda RBX: 00007ffd9d4986a8 RCX: 00007f45bc5e