./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor112567350 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 3209 [ 29.478292][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.490123][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. execve("./syz-executor112567350", ["./syz-executor112567350"], 0x7ffe10b95d40 /* 10 vars */) = 0 brk(NULL) = 0x5555563a4000 brk(0x5555563a4c40) = 0x5555563a4c40 arch_prctl(ARCH_SET_FS, 0x5555563a4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor112567350", 4096) = 27 brk(0x5555563c5c40) = 0x5555563c5c40 brk(0x5555563c6000) = 0x5555563c6000 mprotect(0x7f1c184be000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1c10000000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7f1c10000000, 524288) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_RELATIME|MS_I_VERSION, "part=0x0000") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open(".", O_RDONLY) = 4 mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 creat("./file1", 0324) = 5 open(".", O_RDONLY) = 6 symlinkat("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 6, "./file0") = 0 open(".", O_RDONLY) = 7 openat(6, "./file0/file0", O_RDONLY|O_CREAT, 000) = 8 syzkaller login: [ 61.508473][ T3638] loop0: detected capacity change from 0 to 1024 [ 61.549218][ T3638] [ 61.551586][ T3638] ====================================================== [ 61.558597][ T3638] WARNING: possible circular locking dependency detected [ 61.565593][ T3638] 6.1.0-rc7-syzkaller-00103-gef4d3ea40565 #0 Not tainted [ 61.572587][ T3638] ------------------------------------------------------ [ 61.579585][ T3638] syz-executor112/3638 is trying to acquire lock: [ 61.585978][ T3638] ffff88807e8e07c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_extend+0x1af/0x19d0 [ 61.597011][ T3638] [ 61.597011][ T3638] but task is already holding lock: [ 61.604355][ T3638] ffff8880183fe0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x143/0x1b0 [ 61.613807][ T3638] [ 61.613807][ T3638] which lock already depends on the new lock. [ 61.613807][ T3638] [ 61.624183][ T3638] [ 61.624183][ T3638] the existing dependency chain (in reverse order) is: [ 61.633167][ T3638] [ 61.633167][ T3638] -> #1 (&tree->tree_lock){+.+.}-{3:3}: [ 61.640868][ T3638] lock_acquire+0x182/0x3c0 [ 61.645872][ T3638] __mutex_lock_common+0x1bd/0x26e0 [ 61.651578][ T3638] mutex_lock_nested+0x17/0x20 [ 61.656838][ T3638] hfsplus_file_truncate+0x871/0xbb0 [ 61.662621][ T3638] hfsplus_setattr+0x1b8/0x280 [ 61.667880][ T3638] notify_change+0xe38/0x10f0 [ 61.673056][ T3638] do_truncate+0x1fb/0x2e0 [ 61.677968][ T3638] path_openat+0x2770/0x2df0 [ 61.683055][ T3638] do_filp_open+0x264/0x4f0 [ 61.688054][ T3638] do_sys_openat2+0x124/0x4e0 [ 61.693238][ T3638] __x64_sys_creat+0x11f/0x160 [ 61.698512][ T3638] do_syscall_64+0x3d/0xb0 [ 61.703426][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.709819][ T3638] [ 61.709819][ T3638] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}: [ 61.718826][ T3638] validate_chain+0x1898/0x6ae0 [ 61.724177][ T3638] __lock_acquire+0x1292/0x1f60 [ 61.729526][ T3638] lock_acquire+0x182/0x3c0 [ 61.734527][ T3638] __mutex_lock_common+0x1bd/0x26e0 [ 61.740307][ T3638] mutex_lock_nested+0x17/0x20 [ 61.745805][ T3638] hfsplus_file_extend+0x1af/0x19d0 [ 61.751505][ T3638] hfsplus_bmap_reserve+0x123/0x500 [ 61.757203][ T3638] hfsplus_rename_cat+0x1ab/0x1070 [ 61.762816][ T3638] hfsplus_rename+0x129/0x1b0 [ 61.767990][ T3638] vfs_rename+0xd53/0x1130 [ 61.772903][ T3638] do_renameat2+0xb53/0x1370 [ 61.777989][ T3638] __x64_sys_renameat2+0xce/0xe0 [ 61.783423][ T3638] do_syscall_64+0x3d/0xb0 [ 61.788337][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.794728][ T3638] [ 61.794728][ T3638] other info that might help us debug this: [ 61.794728][ T3638] [ 61.804927][ T3638] Possible unsafe locking scenario: [ 61.804927][ T3638] [ 61.812352][ T3638] CPU0 CPU1 [ 61.817692][ T3638] ---- ---- [ 61.823031][ T3638] lock(&tree->tree_lock); [ 61.827513][ T3638] lock(&HFSPLUS_I(inode)->extents_lock); [ 61.835814][ T3638] lock(&tree->tree_lock); [ 61.842811][ T3638] lock(&HFSPLUS_I(inode)->extents_lock); [ 61.848593][ T3638] [ 61.848593][ T3638] *** DEADLOCK *** [ 61.848593][ T3638] [ 61.856711][ T3638] 7 locks held by syz-executor112/3638: [ 61.862225][ T3638] #0: ffff8880183fa460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 61.871349][ T3638] #1: ffff8880183fa748 (&type->s_vfs_rename_key){+.+.}-{3:3}, at: lock_rename+0x54/0x1a0 [ 61.881249][ T3638] #2: ffff88807e8e1e00 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: lock_rename+0xa0/0x1a0 [ 61.891408][ T3638] #3: ffff88807e8e2b80 (&sb->s_type->i_mutex_key#15/2){+.+.}-{3:3}, at: lock_rename+0x16e/0x1a0 [ 61.901904][ T3638] #4: ffff88807e8e3900 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: lock_two_nondirectories+0xdd/0x130 [ 61.913182][ T3638] #5: ffff88807e8e3fc0 (&sb->s_type->i_mutex_key#15/4){+.+.}-{3:3}, at: vfs_rename+0x80a/0x1130 [ 61.923691][ T3638] #6: ffff8880183fe0b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfsplus_find_init+0x143/0x1b0 [ 61.933577][ T3638] [ 61.933577][ T3638] stack backtrace: [ 61.939438][ T3638] CPU: 1 PID: 3638 Comm: syz-executor112 Not tainted 6.1.0-rc7-syzkaller-00103-gef4d3ea40565 #0 [ 61.949820][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 61.959849][ T3638] Call Trace: [ 61.963108][ T3638] [ 61.966019][ T3638] dump_stack_lvl+0x1b1/0x28e [ 61.970676][ T3638] ? nf_tcp_handle_invalid+0x62e/0x62e [ 61.976129][ T3638] ? print_circular_bug+0x13e/0x1c0 [ 61.981322][ T3638] check_noncircular+0x2cc/0x390 [ 61.986257][ T3638] ? add_chain_block+0x850/0x850 [ 61.991180][ T3638] ? lockdep_lock+0x102/0x290 [ 61.995841][ T3638] ? _find_first_zero_bit+0xe8/0x110 [ 62.001123][ T3638] validate_chain+0x1898/0x6ae0 [ 62.005971][ T3638] ? reacquire_held_locks+0x650/0x650 [ 62.011323][ T3638] ? stack_trace_save+0x104/0x1e0 [ 62.016325][ T3638] ? stack_trace_snprint+0xf0/0xf0 [ 62.021415][ T3638] ? check_noncircular+0x1aa/0x390 [ 62.026507][ T3638] ? add_chain_block+0x850/0x850 [ 62.031424][ T3638] ? queued_spin_lock_slowpath+0x42/0x50 [ 62.037036][ T3638] ? lockdep_unlock+0x144/0x2e0 [ 62.041867][ T3638] ? lockdep_lock+0x290/0x290 [ 62.046523][ T3638] ? add_lock_to_list+0x1c7/0x2d0 [ 62.051536][ T3638] ? validate_chain+0x1478/0x6ae0 [ 62.056566][ T3638] ? reacquire_held_locks+0x650/0x650 [ 62.061936][ T3638] ? finish_lock_switch+0x89/0x100 [ 62.067040][ T3638] ? reacquire_held_locks+0x650/0x650 [ 62.072407][ T3638] ? mark_lock+0x9a/0x350 [ 62.076745][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.082358][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.088317][ T3638] ? mark_lock+0x9a/0x350 [ 62.092633][ T3638] ? __lock_acquire+0x1292/0x1f60 [ 62.097636][ T3638] ? rcu_preempt_deferred_qs_irqrestore+0x849/0xc10 [ 62.104207][ T3638] ? trace_lock_release+0x95/0x220 [ 62.109310][ T3638] ? mark_lock+0x9a/0x350 [ 62.113619][ T3638] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 62.119578][ T3638] ? print_irqtrace_events+0x220/0x220 [ 62.125015][ T3638] ? do_raw_spin_unlock+0x134/0x8a0 [ 62.130193][ T3638] ? _raw_spin_unlock_irqrestore+0x8b/0x120 [ 62.136072][ T3638] ? lockdep_hardirqs_on+0x8d/0x130 [ 62.141254][ T3638] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 62.147130][ T3638] ? _raw_spin_unlock+0x40/0x40 [ 62.151980][ T3638] ? rcu_preempt_deferred_qs_irqrestore+0x849/0xc10 [ 62.158556][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.164184][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.170149][ T3638] ? rcu_read_unlock_special+0x4b0/0x4b0 [ 62.175767][ T3638] ? rcu_lock_release+0x9/0x20 [ 62.180518][ T3638] ? rcu_lock_release+0x9/0x20 [ 62.185259][ T3638] ? __lock_acquire+0x1f60/0x1f60 [ 62.190263][ T3638] ? update_io_ticks+0x25b/0x2a0 [ 62.195186][ T3638] ? __rcu_read_unlock+0x8f/0x100 [ 62.200195][ T3638] ? blk_mq_submit_bio+0x1647/0x1da0 [ 62.205463][ T3638] ? blk_mq_try_issue_list_directly+0x4f0/0x4f0 [ 62.211688][ T3638] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 62.217648][ T3638] ? submit_bio_noacct_nocheck+0xfb3/0x1050 [ 62.223523][ T3638] ? should_fail_request+0x70/0x70 [ 62.228615][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.234225][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.240183][ T3638] ? trace_block_bio_queue+0xdb/0x2b0 [ 62.245534][ T3638] ? submit_bio_noacct+0xf50/0x1880 [ 62.250713][ T3638] ? register_lock_class+0xc2/0x930 [ 62.255891][ T3638] ? block_read_full_folio+0xb78/0xfa0 [ 62.261354][ T3638] ? stack_trace_save+0x1e0/0x1e0 [ 62.266355][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.271966][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.277928][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.283560][ T3638] ? register_lock_class+0xc2/0x930 [ 62.288738][ T3638] ? stack_trace_save+0x1e0/0x1e0 [ 62.293740][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.299440][ T3638] ? is_dynamic_key+0x1f0/0x1f0 [ 62.304269][ T3638] ? mark_lock+0x9a/0x350 [ 62.308577][ T3638] __lock_acquire+0x1292/0x1f60 [ 62.313410][ T3638] lock_acquire+0x182/0x3c0 [ 62.317892][ T3638] ? hfsplus_file_extend+0x1af/0x19d0 [ 62.323251][ T3638] ? read_lock_is_recursive+0x10/0x10 [ 62.328612][ T3638] ? __might_sleep+0xc0/0xc0 [ 62.333180][ T3638] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 62.339142][ T3638] ? print_irqtrace_events+0x220/0x220 [ 62.344582][ T3638] __mutex_lock_common+0x1bd/0x26e0 [ 62.349765][ T3638] ? hfsplus_file_extend+0x1af/0x19d0 [ 62.355119][ T3638] ? __lock_acquire+0x1292/0x1f60 [ 62.360122][ T3638] ? hfsplus_file_extend+0x1af/0x19d0 [ 62.365480][ T3638] ? mutex_lock_io_nested+0x60/0x60 [ 62.370660][ T3638] mutex_lock_nested+0x17/0x20 [ 62.375404][ T3638] hfsplus_file_extend+0x1af/0x19d0 [ 62.380580][ T3638] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 62.386542][ T3638] ? trace_raw_output_contention_end+0xd0/0xd0 [ 62.392679][ T3638] ? hfsplus_get_block+0x1560/0x1560 [ 62.397942][ T3638] ? __mutex_lock_common+0x45f/0x26e0 [ 62.403299][ T3638] ? hfsplus_find_init+0x143/0x1b0 [ 62.408391][ T3638] ? rcu_read_lock_sched_held+0x87/0x110 [ 62.414003][ T3638] ? mutex_lock_io_nested+0x60/0x60 [ 62.419182][ T3638] hfsplus_bmap_reserve+0x123/0x500 [ 62.424364][ T3638] hfsplus_rename_cat+0x1ab/0x1070 [ 62.429457][ T3638] ? hfsplus_unlink+0x5fa/0x7d0 [ 62.434311][ T3638] ? hfsplus_subfolders_dec+0x110/0x110 [ 62.439843][ T3638] ? ptr_to_hashval+0x70/0x70 [ 62.444501][ T3638] ? __mutex_unlock_slowpath+0x222/0x770 [ 62.450115][ T3638] ? mutex_unlock+0x10/0x10 [ 62.454598][ T3638] ? vsprintf+0x30/0x30 [ 62.458734][ T3638] ? hfsplus_unlink+0x5fa/0x7d0 [ 62.463569][ T3638] ? hfsplus_link+0x820/0x820 [ 62.468225][ T3638] ? down_write_nested+0x1ab/0x280 [ 62.473315][ T3638] ? down_read_non_owner+0xa0/0xa0 [ 62.478404][ T3638] ? do_raw_spin_unlock+0x134/0x8a0 [ 62.483581][ T3638] hfsplus_rename+0x129/0x1b0 [ 62.488241][ T3638] vfs_rename+0xd53/0x1130 [ 62.492640][ T3638] ? __ia32_sys_link+0x90/0x90 [ 62.497381][ T3638] ? security_path_rename+0x1ab/0x230 [ 62.502734][ T3638] do_renameat2+0xb53/0x1370 [ 62.507308][ T3638] ? fsnotify_move+0x4e0/0x4e0 [ 62.512052][ T3638] ? __check_object_size+0x15a/0x210 [ 62.517320][ T3638] ? strncpy_from_user+0x1d6/0x330 [ 62.522932][ T3638] ? getname_flags+0x1ea/0x4e0 [ 62.527683][ T3638] __x64_sys_renameat2+0xce/0xe0 [ 62.532603][ T3638] do_syscall_64+0x3d/0xb0 [ 62.537000][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.542944][ T3638] RIP: 0033:0x7f1c184509f9 [ 62.547367][ T3638] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 62.566961][ T3638] RSP: 002b:00007fff069f5818 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 62.575356][ T3638] RAX: ffffffffffffffda RBX: 2f30656c69662f2e RCX: 00007f1c184509f9 [ 62.583309][ T3638] RDX: 0000000000000007 RSI: 00000000200001c0 RDI: 0000000000000007 [ 62.591259][ T3638] RBP: 00007f1c18410290 R08: 0000000000000000 R09: 0000000000000000 renameat2(7, "./file0", 7, "./file0/file0", 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 62.599210][ T3638] R10: 00000000200002c0 R11: 000000