program: r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0xca, 0x20d41) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000100)) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000a40)='./file4\x00', 0x2004002, &(0x7f0000001180)=ANY=[], 0x9, 0x1f2, &(0x7f00000004c0)="$eJzs28tO1FAcx/Ffy8x0wPtt40YTTXTjFIdJRnbyAL6AOzIUQixixA3EhLLxPXwMd76JWxeS6BPU9MZYpJ1ecFrk+0mG+dP0d86Zhv9wShgBuLRuhl8NGeqGle/7hw8lvX4lqZMb7c1lgQD+Gd+Imj5L7+zD/fwUgIth4efZx63MBv+SFCbvAsBFdry2EO4DvhrSt18fJz/iR7fg/uF4zZSCIbzo+yTfk/qF8kdG+Hy/M80GD0vpAQwvY//yOco/UTq/WHT98fxLp/JLs4LBLVPgyAyfnj5K569IuirpmqTrkm7E91q3JN1ORpB3Mv/GqfnvFVw/UEfw0zdIHSnUtun8IOcEKz8fdM/mtussl5p1qhvnn5fIPP6j7sX5YcX5k/xKxbwV5weTXXcj86yXFUcH8pl/9X85M/s/y+74pKzT/50K/Q8gsrd/8GbddZ335QuzUqqVRb/+1ahbHDZ+Ec67SC5qcKTje5qd+lRprgfxPC14ySWKxXYsI7to6A0JwNzYH3be2Xv7B8+2d9a3nC3n7XC0+mK0MhyNV+3Nsess23V25wDabPpLXyryN/P8fwkCAAAAAAAAAAAAAABNuCPpbtOLAAAAADAX5/OZoe8TKfucpl8jAAAAAAAAAAAAAAAAAAAA8L/4HQAA//+UhDYo") unlinkat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x200) r2 = creat(&(0x7f0000000600)='./bus\x00', 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) creat(&(0x7f0000000300)='./bus\x00', 0x4) r3 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7, 0x2) r4 = open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x27, 0x0, 0x30000, 0x0, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x10}}, 0x50) ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, &(0x7f0000000200)={0xffff90ed, 0x3, {0x0}, {0xee01}, 0x0, 0x7}) write$FUSE_LK(r2, &(0x7f00000003c0)={0x28, 0x0, 0x0, {{0xffffffffffffffff, 0x9, 0x2, r5}}}, 0x28) lsetxattr$system_posix_acl(&(0x7f0000000180)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {}, [], {}, [{0x8, 0x2}], {0x10, 0x2}}, 0x2c, 0x0) getxattr(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000380)=@known='system.posix_acl_access\x00', &(0x7f00000005c0)=""/244, 0xf4) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000040)={0x15, 0x1, 0x0, "11010000021400000100b64c0000005c4b7c1500000000000000b7ff00"}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x40, 0x9, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x2}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000fddbdf252100000008000300", @ANYRES32=r10, @ANYBLOB="04002481"], 0x20}, 0x1, 0x0, 0x0, 0x4000011}, 0x40000) r11 = landlock_create_ruleset(&(0x7f0000000000)={0x3800, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r11, 0x4) [ 88.180161][ T5289] Bluetooth: hci0: command tx timeout [ 88.402038][ T5325] loop0: detected capacity change from 0 to 64 [ 88.415249][ T5325] ======================================================= [ 88.415249][ T5325] WARNING: The mand mount option has been deprecated and [ 88.415249][ T5325] and is ignored by this kernel. Remove the mand [ 88.415249][ T5325] option from the mount to silence this warning. [ 88.415249][ T5325] ======================================================= [ 89.103337][ T5325] hfs: request for non-existent node 8 in B*Tree [ 89.106810][ T5325] hfs: request for non-existent node 8 in B*Tree [ 89.124773][ T5325] [ 89.125828][ T5325] ====================================================== [ 89.128539][ T5325] WARNING: possible circular locking dependency detected [ 89.131393][ T5325] syzkaller #0 Not tainted [ 89.133233][ T5325] ------------------------------------------------------ [ 89.135955][ T5325] syz.0.0/5325 is trying to acquire lock: [ 89.138320][ T5325] ffff8880371ca0a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 89.142179][ T5325] [ 89.142179][ T5325] but task is already holding lock: [ 89.145416][ T5325] ffff8880422780f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 89.150734][ T5325] [ 89.150734][ T5325] which lock already depends on the new lock. [ 89.150734][ T5325] [ 89.155141][ T5325] [ 89.155141][ T5325] the existing dependency chain (in reverse order) is: [ 89.159129][ T5325] [ 89.159129][ T5325] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 89.163249][ T5325] __mutex_lock+0x1a3/0x1550 [ 89.165674][ T5325] hfs_extend_file+0xf2/0x15e0 [ 89.168176][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.170642][ T5325] __hfs_ext_write_extent+0x1fa/0x470 [ 89.173324][ T5325] __hfs_ext_cache_extent+0x6b/0x9b0 [ 89.176087][ T5325] hfs_extend_file+0x39b/0x15e0 [ 89.178704][ T5325] hfs_get_block+0x412/0xc50 [ 89.181144][ T5325] __block_write_begin_int+0x6c6/0x1910 [ 89.183985][ T5325] cont_write_begin+0x737/0xae0 [ 89.186547][ T5325] hfs_write_begin+0x66/0xb0 [ 89.188968][ T5325] cont_write_begin+0x2e7/0xae0 [ 89.191463][ T5325] hfs_write_begin+0x66/0xb0 [ 89.193658][ T5325] generic_perform_write+0x2e2/0x8f0 [ 89.196128][ T5325] generic_file_write_iter+0x14a/0x680 [ 89.198619][ T5325] vfs_write+0x61d/0xb90 [ 89.200794][ T5325] __x64_sys_pwrite64+0x199/0x230 [ 89.203514][ T5325] do_syscall_64+0x15f/0xf80 [ 89.205879][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.208777][ T5325] [ 89.208777][ T5325] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 89.212260][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 89.214764][ T5325] lock_acquire+0x106/0x350 [ 89.217005][ T5325] __mutex_lock+0x1a3/0x1550 [ 89.219376][ T5325] hfs_find_init+0x18e/0x300 [ 89.221772][ T5325] hfs_extend_file+0x35c/0x15e0 [ 89.224316][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.226849][ T5325] hfs_cat_create+0x20f/0x800 [ 89.229277][ T5325] hfs_create+0x75/0xe0 [ 89.231474][ T5325] path_openat+0x1395/0x3860 [ 89.233870][ T5325] do_file_open+0x23e/0x4a0 [ 89.236226][ T5325] do_sys_openat2+0x113/0x200 [ 89.238605][ T5325] __x64_sys_open+0x11e/0x150 [ 89.240997][ T5325] do_syscall_64+0x15f/0xf80 [ 89.243398][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.246386][ T5325] [ 89.246386][ T5325] other info that might help us debug this: [ 89.246386][ T5325] [ 89.250960][ T5325] Possible unsafe locking scenario: [ 89.250960][ T5325] [ 89.254400][ T5325] CPU0 CPU1 [ 89.256888][ T5325] ---- ---- [ 89.259402][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 89.262057][ T5325] lock(&tree->tree_lock/1); [ 89.265388][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 89.269306][ T5325] lock(&tree->tree_lock/1); [ 89.271479][ T5325] [ 89.271479][ T5325] *** DEADLOCK *** [ 89.271479][ T5325] [ 89.275240][ T5325] 4 locks held by syz.0.0/5325: [ 89.277451][ T5325] #0: ffff888041f34410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 89.281672][ T5325] #1: ffff88804296fad0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 89.286593][ T5325] #2: ffff8880371ce0a8 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 89.290982][ T5325] #3: ffff8880422780f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 89.296068][ T5325] [ 89.296068][ T5325] stack backtrace: [ 89.298647][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.298665][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 89.298676][ T5325] Call Trace: [ 89.298710][ T5325] [ 89.298716][ T5325] dump_stack_lvl+0xe8/0x150 [ 89.298737][ T5325] print_circular_bug+0x2e1/0x300 [ 89.298759][ T5325] check_noncircular+0x12e/0x150 [ 89.298781][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 89.298798][ T5325] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 89.298821][ T5325] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 89.298840][ T5325] ? stack_depot_save_flags+0x3f3/0x810 [ 89.298898][ T5325] ? kasan_save_track+0x4f/0x80 [ 89.298912][ T5325] ? kasan_save_track+0x3e/0x80 [ 89.298927][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.298942][ T5325] lock_acquire+0x106/0x350 [ 89.298955][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.298973][ T5325] __mutex_lock+0x1a3/0x1550 [ 89.298985][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.299002][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.299016][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 89.299028][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.299044][ T5325] ? __kmalloc_noprof+0x37d/0x760 [ 89.299057][ T5325] ? kasan_save_track+0x4f/0x80 [ 89.299070][ T5325] ? hfs_find_init+0xaa/0x300 [ 89.299084][ T5325] ? __kmalloc_noprof+0x1b8/0x760 [ 89.299098][ T5325] hfs_find_init+0x18e/0x300 [ 89.299113][ T5325] hfs_extend_file+0x35c/0x15e0 [ 89.299127][ T5325] ? __pfx_hfs_extend_file+0x10/0x10 [ 89.299136][ T5325] ? __mutex_lock+0x319/0x1550 [ 89.299151][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.299166][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 89.299178][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.299192][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.299212][ T5325] hfs_cat_create+0x20f/0x800 [ 89.299231][ T5325] ? do_raw_spin_lock+0x12b/0x2f0 [ 89.299247][ T5325] ? __pfx_hfs_cat_create+0x10/0x10 [ 89.299268][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 89.299285][ T5325] ? hfs_new_inode+0x92d/0xc70 [ 89.299299][ T5325] hfs_create+0x75/0xe0 [ 89.299311][ T5325] ? __pfx_hfs_create+0x10/0x10 [ 89.299321][ T5325] path_openat+0x1395/0x3860 [ 89.299344][ T5325] ? __pfx_path_openat+0x10/0x10 [ 89.299358][ T5325] ? __x64_sys_open+0x11e/0x150 [ 89.299374][ T5325] do_file_open+0x23e/0x4a0 [ 89.299390][ T5325] ? __pfx_do_file_open+0x10/0x10 [ 89.299409][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 89.299425][ T5325] ? alloc_fd+0x64b/0x6c0 [ 89.299439][ T5325] do_sys_openat2+0x113/0x200 [ 89.299450][ T5325] ? __se_sys_futex+0x3a8/0x450 [ 89.299465][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.299476][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.299490][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.299503][ T5325] __x64_sys_open+0x11e/0x150 [ 89.299516][ T5325] do_syscall_64+0x15f/0xf80 [ 89.299529][ T5325] ? trace_irq_disable+0x3b/0x140 [ 89.299548][ T5325] ? clear_bhb_loop+0x40/0x90 [ 89.299559][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.299572][ T5325] RIP: 0033:0x7f39f059cdd9 [ 89.299585][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.299595][ T5325] RSP: 002b:00007f39f14f3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 89.299609][ T5325] RAX: ffffffffffffffda RBX: 00007f39f0815fa0 RCX: 00007f39f059cdd9 [ 89.299618][ T5325] RDX: 0000000000000000 RSI: 0000000000143142 RDI: 0000200000000340 [ 89.299626][ T5325] RBP: 00007f39f0632d69 R08: 0000000000000000 R09: 0000000000000000 [ 89.299634][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.299642][ T5325] R13: 00007f39f0816038 R14: 00007f39f0815fa0 R15: 00007ffd64486fc8 [ 89.299655][ T5325]