./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4133415823 <...> Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts. execve("./syz-executor4133415823", ["./syz-executor4133415823"], 0x7ffd1403e070 /* 10 vars */) = 0 brk(NULL) = 0x555555ee9000 brk(0x555555ee9d00) = 0x555555ee9d00 arch_prctl(ARCH_SET_FS, 0x555555ee9380) = 0 set_tid_address(0x555555ee9650) = 5061 set_robust_list(0x555555ee9660, 24) = 0 rseq(0x555555ee9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4133415823", 4096) = 28 getrandom("\x25\x13\xa4\x7e\x20\xd9\x46\x03", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555ee9d00 brk(0x555555f0ad00) = 0x555555f0ad00 brk(0x555555f0b000) = 0x555555f0b000 mprotect(0x7f7cd23f9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7cc9f49000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f7cc9f49000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 mount("/dev/loop0", "./file1", "hfsplus", MS_NODEV|MS_SYNCHRONOUS|MS_NODIRATIME|MS_POSIXACL|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 55.096502][ T5061] loop0: detected capacity change from 0 to 1024 [ 55.131709][ T5061] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 55.138825][ T5061] hfsplus: xattr searching failed openat(AT_FDCWD, "./file1", O_RDONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [ 55.147100][ T28] audit: type=1800 audit(1704133696.434:2): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor413" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 55.147541][ T5061] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 55.174689][ T5061] hfsplus: xattr searching failed [ 55.182585][ T5061] hfsplus: inconsistency in B*Tree (1792,1,255,1,0) [ 55.189386][ T5061] [ 55.191690][ T5061] ====================================================== [ 55.198680][ T5061] WARNING: possible circular locking dependency detected [ 55.205687][ T5061] 6.7.0-rc8-syzkaller #0 Not tainted [ 55.210947][ T5061] ------------------------------------------------------ [ 55.217934][ T5061] syz-executor413/5061 is trying to acquire lock: [ 55.224320][ T5061] ffff888079cd07c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1c1/0x1090 [ 55.235461][ T5061] [ 55.235461][ T5061] but task is already holding lock: [ 55.242808][ T5061] ffff88807316c0b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x191/0x200 [ 55.252438][ T5061] [ 55.252438][ T5061] which lock already depends on the new lock. [ 55.252438][ T5061] [ 55.262819][ T5061] [ 55.262819][ T5061] the existing dependency chain (in reverse order) is: [ 55.271805][ T5061] [ 55.271805][ T5061] -> #2 (&tree->tree_lock/2){+.+.}-{3:3}: [ 55.279682][ T5061] __mutex_lock+0x175/0x9d0 [ 55.284698][ T5061] hfsplus_find_init+0x191/0x200 [ 55.290131][ T5061] hfsplus_attr_exists+0x103/0x200 [ 55.295737][ T5061] __hfsplus_setxattr+0x4c2/0x2200 [ 55.301698][ T5061] hfsplus_setxattr+0x10c/0x160 [ 55.307046][ T5061] __vfs_setxattr+0x173/0x1d0 [ 55.312222][ T5061] __vfs_setxattr_noperm+0x127/0x5e0 [ 55.318015][ T5061] __vfs_setxattr_locked+0x17e/0x250 [ 55.323803][ T5061] vfs_setxattr+0x146/0x350 [ 55.328828][ T5061] do_setxattr+0x142/0x170 [ 55.333853][ T5061] setxattr+0x159/0x170 [ 55.338523][ T5061] path_setxattr+0x175/0x1d0 [ 55.343621][ T5061] __x64_sys_lsetxattr+0xc1/0x160 [ 55.349150][ T5061] do_syscall_64+0x40/0x110 [ 55.354155][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.360547][ T5061] [ 55.360547][ T5061] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 55.368253][ T5061] __mutex_lock+0x175/0x9d0 [ 55.373253][ T5061] hfsplus_file_truncate+0x882/0x9d0 [ 55.379036][ T5061] hfsplus_setattr+0x1eb/0x310 [ 55.384301][ T5061] notify_change+0x742/0x11c0 [ 55.389497][ T5061] do_truncate+0x15c/0x220 [ 55.394762][ T5061] path_openat+0x2597/0x2c50 [ 55.399850][ T5061] do_filp_open+0x1de/0x430 [ 55.404866][ T5061] do_sys_openat2+0x176/0x1e0 [ 55.410047][ T5061] __x64_sys_openat+0x175/0x210 [ 55.415421][ T5061] do_syscall_64+0x40/0x110 [ 55.420521][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.426916][ T5061] [ 55.426916][ T5061] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 55.436021][ T5061] __lock_acquire+0x2433/0x3b20 [ 55.441389][ T5061] lock_acquire+0x1ae/0x520 [ 55.446398][ T5061] __mutex_lock+0x175/0x9d0 [ 55.451403][ T5061] hfsplus_file_extend+0x1c1/0x1090 [ 55.457103][ T5061] hfsplus_bmap_reserve+0x318/0x410 [ 55.462801][ T5061] hfsplus_create_attr+0x22e/0x4a0 [ 55.468410][ T5061] __hfsplus_setxattr+0x515/0x2200 [ 55.474017][ T5061] hfsplus_setxattr+0x10c/0x160 [ 55.479362][ T5061] __vfs_setxattr+0x173/0x1d0 [ 55.484541][ T5061] __vfs_setxattr_noperm+0x127/0x5e0 [ 55.490354][ T5061] __vfs_setxattr_locked+0x17e/0x250 [ 55.496167][ T5061] vfs_setxattr+0x146/0x350 [ 55.501178][ T5061] do_setxattr+0x142/0x170 [ 55.506301][ T5061] setxattr+0x159/0x170 [ 55.510960][ T5061] path_setxattr+0x175/0x1d0 [ 55.516245][ T5061] __x64_sys_lsetxattr+0xc1/0x160 [ 55.521862][ T5061] do_syscall_64+0x40/0x110 [ 55.526889][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.533592][ T5061] [ 55.533592][ T5061] other info that might help us debug this: [ 55.533592][ T5061] [ 55.543828][ T5061] Chain exists of: [ 55.543828][ T5061] &HFSPLUS_I(inode)->extents_lock --> &tree->tree_lock --> &tree->tree_lock/2 [ 55.543828][ T5061] [ 55.558574][ T5061] Possible unsafe locking scenario: [ 55.558574][ T5061] [ 55.566005][ T5061] CPU0 CPU1 [ 55.571348][ T5061] ---- ---- [ 55.576689][ T5061] lock(&tree->tree_lock/2); [ 55.581438][ T5061] lock(&tree->tree_lock); [ 55.588440][ T5061] lock(&tree->tree_lock/2); [ 55.595611][ T5061] lock(&HFSPLUS_I(inode)->extents_lock); [ 55.601393][ T5061] [ 55.601393][ T5061] *** DEADLOCK *** [ 55.601393][ T5061] [ 55.609511][ T5061] 4 locks held by syz-executor413/5061: [ 55.615056][ T5061] #0: ffff88807d954418 (sb_writers#9){.+.+}-{0:0}, at: path_setxattr+0xc3/0x1d0 [ 55.624519][ T5061] #1: ffff888079cd1e00 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: vfs_setxattr+0x123/0x350 [ 55.634938][ T5061] #2: ffff888018f160b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x1a3/0x200 [ 55.644879][ T5061] #3: ffff88807316c0b0 (&tree->tree_lock/2){+.+.}-{3:3}, at: hfsplus_find_init+0x191/0x200 [ 55.655028][ T5061] [ 55.655028][ T5061] stack backtrace: [ 55.660891][ T5061] CPU: 0 PID: 5061 Comm: syz-executor413 Not tainted 6.7.0-rc8-syzkaller #0 [ 55.669540][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 55.679571][ T5061] Call Trace: [ 55.682841][ T5061] [ 55.685748][ T5061] dump_stack_lvl+0xd9/0x1b0 [ 55.690336][ T5061] check_noncircular+0x317/0x400 [ 55.695344][ T5061] ? print_circular_bug+0x5c0/0x5c0 [ 55.700522][ T5061] ? register_lock_class+0xb1/0x1220 [ 55.705786][ T5061] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 55.711749][ T5061] ? lockdep_lock+0xc6/0x200 [ 55.716349][ T5061] ? hlock_class+0x130/0x130 [ 55.721180][ T5061] __lock_acquire+0x2433/0x3b20 [ 55.726023][ T5061] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 55.732072][ T5061] ? lock_acquire+0x1ae/0x520 [ 55.736838][ T5061] lock_acquire+0x1ae/0x520 [ 55.741344][ T5061] ? hfsplus_file_extend+0x1c1/0x1090 [ 55.746705][ T5061] ? lock_sync+0x190/0x190 [ 55.751112][ T5061] ? preempt_count_sub+0x160/0x160 [ 55.756238][ T5061] __mutex_lock+0x175/0x9d0 [ 55.760722][ T5061] ? hfsplus_file_extend+0x1c1/0x1090 [ 55.766076][ T5061] ? hfsplus_find_init+0x95/0x200 [ 55.771165][ T5061] ? hfsplus_file_extend+0x1c1/0x1090 [ 55.776521][ T5061] ? mutex_trylock+0x130/0x130 [ 55.781265][ T5061] ? __mutex_trylock_common+0xeb/0x250 [ 55.786707][ T5061] ? mutex_is_locked+0x40/0x40 [ 55.791457][ T5061] ? hfsplus_file_extend+0x1c1/0x1090 [ 55.796812][ T5061] hfsplus_file_extend+0x1c1/0x1090 [ 55.801999][ T5061] ? trace_contention_end+0xd6/0x100 [ 55.807266][ T5061] ? hfsplus_free_fork+0x820/0x820 [ 55.812363][ T5061] ? hfsplus_find_init+0x191/0x200 [ 55.817451][ T5061] ? mutex_trylock+0x130/0x130 [ 55.822194][ T5061] hfsplus_bmap_reserve+0x318/0x410 [ 55.827383][ T5061] hfsplus_create_attr+0x22e/0x4a0 [ 55.832573][ T5061] ? hfsplus_attr_exists+0x200/0x200 [ 55.837840][ T5061] __hfsplus_setxattr+0x515/0x2200 [ 55.842928][ T5061] ? bpf_ksym_find+0x124/0x1b0 [ 55.847670][ T5061] ? lock_acquire+0x1ae/0x520 [ 55.852328][ T5061] ? find_held_lock+0x2d/0x110 [ 55.857070][ T5061] ? copy_name+0xa0/0xa0 [ 55.861293][ T5061] ? mark_held_locks+0x9f/0xe0 [ 55.866035][ T5061] ? _raw_spin_unlock_irqrestore+0x4e/0x70 [ 55.871820][ T5061] ? lockdep_hardirqs_on+0x7d/0x110 [ 55.877089][ T5061] hfsplus_setxattr+0x10c/0x160 [ 55.881918][ T5061] ? hfsplus_init_security+0x40/0x40 [ 55.887178][ T5061] __vfs_setxattr+0x173/0x1d0 [ 55.891859][ T5061] ? __vfs_removexattr+0x1c0/0x1c0 [ 55.896953][ T5061] ? apparmor_capable+0x126/0x1e0 [ 55.902011][ T5061] __vfs_setxattr_noperm+0x127/0x5e0 [ 55.907304][ T5061] __vfs_setxattr_locked+0x17e/0x250 [ 55.912659][ T5061] vfs_setxattr+0x146/0x350 [ 55.917144][ T5061] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.923188][ T5061] ? __vfs_setxattr_locked+0x250/0x250 [ 55.928647][ T5061] do_setxattr+0x142/0x170 [ 55.933049][ T5061] setxattr+0x159/0x170 [ 55.937272][ T5061] ? do_setxattr+0x170/0x170 [ 55.941958][ T5061] ? mnt_get_write_access+0x20c/0x300 [ 55.947327][ T5061] path_setxattr+0x175/0x1d0 [ 55.951903][ T5061] ? setxattr+0x170/0x170 [ 55.956244][ T5061] ? _raw_spin_unlock_irq+0x23/0x50 [ 55.961422][ T5061] ? _raw_spin_unlock_irq+0x2e/0x50 [ 55.966621][ T5061] ? ptrace_notify+0xf4/0x130 [ 55.971304][ T5061] __x64_sys_lsetxattr+0xc1/0x160 [ 55.976330][ T5061] ? syscall_enter_from_user_mode+0x107/0x120 [ 55.982375][ T5061] do_syscall_64+0x40/0x110 [ 55.986880][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.992770][ T5061] RIP: 0033:0x7f7cd23865f9 [ 55.997360][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.016955][ T5061] RSP: 002b:00007ffc6ddf9538 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 56.025346][ T5061] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f7cd23865f9 [ 56.033387][ T5061] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040 [ 56.041359][ T5061] RBP: 00007f7cd23f9610 R08: 0000000000000000 R09: 0000000000000000 lsetxattr("./file1", "trusted.overlay.opaque", NULL, 0, 0) = -1 EIO (Input/output error) exit_group(0) = ? +++ exited with 0 +++ [ 56.049312][ T5061