program: syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') link(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000300)='./file1\x00') mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x98002) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) [ 85.827933][ T5297] Bluetooth: hci0: command tx timeout [ 85.975445][ T5318] loop0: detected capacity change from 0 to 1024 [ 86.066684][ T25] audit: type=1800 audit(1771515596.090:2): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=0 res=0 errno=0 [ 86.130302][ T5318] [ 86.131456][ T5318] ====================================================== [ 86.134485][ T5318] WARNING: possible circular locking dependency detected [ 86.137571][ T5318] syzkaller #0 Not tainted [ 86.139457][ T5318] ------------------------------------------------------ [ 86.142324][ T5318] syz.0.0/5318 is trying to acquire lock: [ 86.144637][ T5318] ffff888040d480b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 86.148594][ T5318] [ 86.148594][ T5318] but task is already holding lock: [ 86.151377][ T5318] ffff88804262b708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 86.155869][ T5318] [ 86.155869][ T5318] which lock already depends on the new lock. [ 86.155869][ T5318] [ 86.160005][ T5318] [ 86.160005][ T5318] the existing dependency chain (in reverse order) is: [ 86.163976][ T5318] [ 86.163976][ T5318] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 86.167779][ T5318] __mutex_lock+0x19f/0x1300 [ 86.170102][ T5318] hfsplus_file_extend+0x215/0x1d70 [ 86.172624][ T5318] hfsplus_bmap_reserve+0x125/0x510 [ 86.175164][ T5318] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 86.177922][ T5318] hfsplus_ext_write_extent+0x197/0x230 [ 86.180528][ T5318] hfsplus_write_inode+0x2c/0x660 [ 86.182881][ T5318] __writeback_single_inode+0x75a/0x11a0 [ 86.185639][ T5318] writeback_single_inode+0x4ac/0xdc0 [ 86.188158][ T5318] sync_inode_metadata+0x122/0x1d0 [ 86.190610][ T5318] hfsplus_file_fsync+0x13a/0x670 [ 86.192932][ T5318] generic_file_write_iter+0x37e/0x680 [ 86.195481][ T5318] vfs_write+0x61d/0xb90 [ 86.197519][ T5318] ksys_write+0x150/0x270 [ 86.199655][ T5318] do_syscall_64+0x14d/0xf80 [ 86.201856][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.204675][ T5318] [ 86.204675][ T5318] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 86.208074][ T5318] __lock_acquire+0x15a5/0x2cf0 [ 86.210409][ T5318] lock_acquire+0xf0/0x2e0 [ 86.212571][ T5318] __mutex_lock+0x19f/0x1300 [ 86.214797][ T5318] hfsplus_find_init+0x168/0x2d0 [ 86.217171][ T5318] hfsplus_file_extend+0x46d/0x1d70 [ 86.219998][ T5318] hfsplus_get_block+0x42c/0x1670 [ 86.222996][ T5318] __block_write_full_folio+0x30b/0xe10 [ 86.226233][ T5318] mpage_writepages+0xc2e/0x1c90 [ 86.228584][ T5318] do_writepages+0x32e/0x550 [ 86.230913][ T5318] filemap_write_and_wait_range+0x335/0x3f0 [ 86.233769][ T5318] hfsplus_file_fsync+0x437/0x670 [ 86.236238][ T5318] generic_file_write_iter+0x37e/0x680 [ 86.238865][ T5318] vfs_write+0x61d/0xb90 [ 86.240978][ T5318] ksys_write+0x150/0x270 [ 86.243157][ T5318] do_syscall_64+0x14d/0xf80 [ 86.245399][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.248203][ T5318] [ 86.248203][ T5318] other info that might help us debug this: [ 86.248203][ T5318] [ 86.252487][ T5318] Possible unsafe locking scenario: [ 86.252487][ T5318] [ 86.255616][ T5318] CPU0 CPU1 [ 86.258052][ T5318] ---- ---- [ 86.260426][ T5318] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.262894][ T5318] lock(&tree->tree_lock/1); [ 86.266134][ T5318] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.269610][ T5318] lock(&tree->tree_lock/1); [ 86.271688][ T5318] [ 86.271688][ T5318] *** DEADLOCK *** [ 86.271688][ T5318] [ 86.275254][ T5318] 4 locks held by syz.0.0/5318: [ 86.277332][ T5318] #0: ffff8880129622b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 86.280965][ T5318] #1: ffff888039706420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 86.284617][ T5318] #2: ffff888042629738 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: hfsplus_file_fsync+0x12d/0x670 [ 86.289419][ T5318] #3: ffff88804262b708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 86.294451][ T5318] [ 86.294451][ T5318] stack backtrace: [ 86.296973][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.296985][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.296991][ T5318] Call Trace: [ 86.296996][ T5318] [ 86.297000][ T5318] dump_stack_lvl+0xe8/0x150 [ 86.297013][ T5318] print_circular_bug+0x2e1/0x300 [ 86.297027][ T5318] check_noncircular+0x12e/0x150 [ 86.297038][ T5318] __lock_acquire+0x15a5/0x2cf0 [ 86.297050][ T5318] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.297062][ T5318] ? kasan_save_track+0x4f/0x80 [ 86.297075][ T5318] ? kasan_save_track+0x3e/0x80 [ 86.297089][ T5318] ? __kasan_kmalloc+0x93/0xb0 [ 86.297104][ T5318] ? __kmalloc_noprof+0x35c/0x760 [ 86.297117][ T5318] ? hfsplus_find_init+0x8c/0x2d0 [ 86.297128][ T5318] ? hfsplus_file_extend+0x46d/0x1d70 [ 86.297142][ T5318] ? hfsplus_get_block+0x42c/0x1670 [ 86.297152][ T5318] lock_acquire+0xf0/0x2e0 [ 86.297160][ T5318] ? hfsplus_find_init+0x168/0x2d0 [ 86.297168][ T5318] __mutex_lock+0x19f/0x1300 [ 86.297179][ T5318] ? hfsplus_find_init+0x168/0x2d0 [ 86.297188][ T5318] ? hfsplus_find_init+0x168/0x2d0 [ 86.297195][ T5318] ? __pfx___mutex_lock+0x10/0x10 [ 86.297204][ T5318] ? rcu_is_watching+0x15/0xb0 [ 86.297214][ T5318] ? __kmalloc_noprof+0x37d/0x760 [ 86.297223][ T5318] ? nfs4_xdr_enc_destroy_session+0xe0/0x1e0 [ 86.297233][ T5318] ? hfsplus_find_init+0x8c/0x2d0 [ 86.297239][ T5318] ? __kmalloc_noprof+0x1b8/0x760 [ 86.297250][ T5318] hfsplus_find_init+0x168/0x2d0 [ 86.297257][ T5318] hfsplus_file_extend+0x46d/0x1d70 [ 86.297269][ T5318] ? check_path+0x21/0x40 [ 86.297282][ T5318] ? check_noncircular+0xda/0x150 [ 86.297298][ T5318] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 86.297315][ T5318] ? do_raw_spin_lock+0x12b/0x2f0 [ 86.297327][ T5318] hfsplus_get_block+0x42c/0x1670 [ 86.297340][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.297349][ T5318] ? folio_clear_dirty_for_io+0x1d4/0x710 [ 86.297360][ T5318] __block_write_full_folio+0x30b/0xe10 [ 86.297371][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.297380][ T5318] mpage_writepages+0xc2e/0x1c90 [ 86.297390][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.297399][ T5318] ? __pfx_mpage_writepages+0x10/0x10 [ 86.297408][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 86.297419][ T5318] ? __pfx_hfsplus_writepages+0x10/0x10 [ 86.297427][ T5318] do_writepages+0x32e/0x550 [ 86.297436][ T5318] ? do_raw_spin_unlock+0x4d/0x210 [ 86.297443][ T5318] filemap_write_and_wait_range+0x335/0x3f0 [ 86.297456][ T5318] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 86.297474][ T5318] ? down_write+0x16d/0x200 [ 86.297483][ T5318] ? __pfx_down_write+0x10/0x10 [ 86.297493][ T5318] ? generic_file_write_iter+0x155/0x680 [ 86.297505][ T5318] hfsplus_file_fsync+0x437/0x670 [ 86.297520][ T5318] generic_file_write_iter+0x37e/0x680 [ 86.297531][ T5318] ? __pfx_generic_file_write_iter+0x10/0x10 [ 86.297541][ T5318] ? add_lock_to_list+0xc7/0x100 [ 86.297557][ T5318] ? lockdep_unlock+0x5d/0xd0 [ 86.297568][ T5318] ? __lock_acquire+0x146e/0x2cf0 [ 86.297584][ T5318] ? __pfx___mutex_trylock_common+0x10/0x10 [ 86.297605][ T5318] vfs_write+0x61d/0xb90 [ 86.297623][ T5318] ? __pfx_vfs_write+0x10/0x10 [ 86.297640][ T5318] ? __fget_files+0x2a/0x420 [ 86.297654][ T5318] ksys_write+0x150/0x270 [ 86.297671][ T5318] ? __pfx_ksys_write+0x10/0x10 [ 86.297687][ T5318] do_syscall_64+0x14d/0xf80 [ 86.297705][ T5318] ? trace_irq_disable+0x3b/0x150 [ 86.297721][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.297733][ T5318] ? clear_bhb_loop+0x40/0x90 [ 86.297745][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.297757][ T5318] RIP: 0033:0x7f864119c629 [ 86.297768][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.297778][ T5318] RSP: 002b:00007f863d5f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 86.297792][ T5318] RAX: ffffffffffffffda RBX: 00007f8641415fa0 RCX: 00007f864119c629 [ 86.297801][ T5318] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000006 [ 86.297808][ T5318] RBP: 00007f8641232b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.297814][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.297821][ T5318] R13: 00007f8641416038 R14: 00007f8641415fa0 R15: 00007ffd6b156c98 [ 86.297833][ T5318]