Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.709003] ====================================================== [ 27.709003] WARNING: the mand mount option is being deprecated and [ 27.709003] will be removed in v5.15! [ 27.709003] ====================================================== [ 27.739408] audit: type=1800 audit(1672362127.158:2): pid=7994 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor377" name="bus" dev="loop0" ino=25 res=0 [ 27.768155] audit: type=1800 audit(1672362127.188:3): pid=7994 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor377" name="file1" dev="loop0" ino=20 res=0 [ 27.787426] [ 27.789045] ====================================================== [ 27.795333] WARNING: possible circular locking dependency detected [ 27.801630] 4.14.302-syzkaller #0 Not tainted [ 27.806094] ------------------------------------------------------ [ 27.812379] syz-executor377/7994 is trying to acquire lock: [ 27.818058] (&tree->tree_lock/1){+.+.}, at: [] hfsplus_find_init+0x161/0x220 [ 27.826874] [ 27.826874] but task is already holding lock: [ 27.832811] (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_file_truncate+0x1ba/0xe80 [ 27.843097] [ 27.843097] which lock already depends on the new lock. [ 27.843097] [ 27.851381] [ 27.851381] the existing dependency chain (in reverse order) is: [ 27.858971] [ 27.858971] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: [ 27.866050] __mutex_lock+0xc4/0x1310 [ 27.870340] hfsplus_file_extend+0x188/0xef0 [ 27.875238] hfsplus_bmap_reserve+0x26e/0x410 [ 27.880224] __hfsplus_ext_write_extent+0x415/0x560 [ 27.885733] hfsplus_ext_read_extent+0x81a/0x9e0 [ 27.890979] hfsplus_file_extend+0x616/0xef0 [ 27.895877] hfsplus_get_block+0x15b/0x820 [ 27.900607] __block_write_begin_int+0x35c/0x11d0 [ 27.905938] block_write_begin+0x58/0x270 [ 27.910574] cont_write_begin+0x4a3/0x740 [ 27.915213] hfsplus_write_begin+0x87/0x130 [ 27.920025] cont_write_begin+0x296/0x740 [ 27.924673] hfsplus_write_begin+0x87/0x130 [ 27.929486] generic_cont_expand_simple+0xe1/0x130 [ 27.934903] hfsplus_setattr+0x139/0x310 [ 27.939545] notify_change+0x56b/0xd10 [ 27.943921] do_truncate+0xff/0x1a0 [ 27.948040] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 27.953723] do_syscall_64+0x1d5/0x640 [ 27.958100] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.963782] [ 27.963782] -> #0 (&tree->tree_lock/1){+.+.}: [ 27.969733] lock_acquire+0x170/0x3f0 [ 27.974023] __mutex_lock+0xc4/0x1310 [ 27.978316] hfsplus_find_init+0x161/0x220 [ 27.983040] hfsplus_file_truncate+0x25b/0xe80 [ 27.988114] hfsplus_setattr+0x182/0x310 [ 27.992666] notify_change+0x56b/0xd10 [ 27.997042] do_truncate+0xff/0x1a0 [ 28.001161] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 28.006842] do_syscall_64+0x1d5/0x640 [ 28.011219] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.016896] [ 28.016896] other info that might help us debug this: [ 28.016896] [ 28.025005] Possible unsafe locking scenario: [ 28.025005] [ 28.031039] CPU0 CPU1 [ 28.035684] ---- ---- [ 28.040325] lock(&HFSPLUS_I(inode)->extents_lock); [ 28.045403] lock(&tree->tree_lock/1); [ 28.051867] lock(&HFSPLUS_I(inode)->extents_lock); [ 28.059466] lock(&tree->tree_lock/1); [ 28.063420] [ 28.063420] *** DEADLOCK *** [ 28.063420] [ 28.069457] 3 locks held by syz-executor377/7994: [ 28.074268] #0: (sb_writers#10){.+.+}, at: [] do_sys_ftruncate.constprop.0+0x1fb/0x480 [ 28.084040] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] do_truncate+0xf0/0x1a0 [ 28.093460] #2: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_file_truncate+0x1ba/0xe80 [ 28.104182] [ 28.104182] stack backtrace: [ 28.108659] CPU: 1 PID: 7994 Comm: syz-executor377 Not tainted 4.14.302-syzkaller #0 [ 28.116511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.125842] Call Trace: [ 28.128411] dump_stack+0x1b2/0x281 [ 28.132015] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.137799] __lock_acquire+0x2e0e/0x3f20 [ 28.141923] ? depot_save_stack+0x1d3/0x3f0 [ 28.146220] ? trace_hardirqs_on+0x10/0x10 [ 28.150428] ? kasan_kmalloc+0xeb/0x160 [ 28.154376] ? __kmalloc+0x15a/0x400 [ 28.158070] ? hfsplus_find_init+0x91/0x220 [ 28.162375] ? hfsplus_file_truncate+0x25b/0xe80 [ 28.167108] ? hfsplus_setattr+0x182/0x310 [ 28.171316] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.176656] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.181991] lock_acquire+0x170/0x3f0 [ 28.185763] ? hfsplus_find_init+0x161/0x220 [ 28.190141] ? hfsplus_find_init+0x161/0x220 [ 28.194520] __mutex_lock+0xc4/0x1310 [ 28.198292] ? hfsplus_find_init+0x161/0x220 [ 28.202677] ? hfsplus_file_truncate+0x1ba/0xe80 [ 28.207488] ? hfsplus_find_init+0x161/0x220 [ 28.211867] ? fs_reclaim_release+0xd0/0x110 [ 28.216246] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.221668] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.227087] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.232075] ? __kmalloc+0x3a4/0x400 [ 28.235759] ? hfsplus_find_init+0x91/0x220 [ 28.240050] hfsplus_find_init+0x161/0x220 [ 28.244258] hfsplus_file_truncate+0x25b/0xe80 [ 28.248811] ? hfsplus_get_block+0x820/0x820 [ 28.253193] ? up_write+0x17/0x60 [ 28.256619] ? unmap_mapping_range+0xe9/0x250 [ 28.261084] ? inode_newsize_ok+0x145/0x1c0 [ 28.265376] hfsplus_setattr+0x182/0x310 [ 28.269409] ? hfsplus_file_fsync+0x4a0/0x4a0 [ 28.273874] notify_change+0x56b/0xd10 [ 28.277735] do_truncate+0xff/0x1a0 [ 28.281332] ? finish_open+0x170/0x170 [ 28.285191] ? apparmor_path_truncate+0x163/0x1d0 [ 28.290004] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 28.295167] ? compat_SyS_truncate+0x40/0x40 [ 28.299547] do_syscall_64+0x1d5/0x640 [ 28.303406] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.308566] RIP: 0033:0x7f87deec67e9 [ 28.312248] RSP: 002b:00007ffd1fa83b08 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 28.319