program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000280)=@ipmr_delroute={0x13, 0x19, 0x1, 0x0, 0x0, {0x80, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x5}}, 0x1c}}, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@nogrpid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_continue}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) creat(&(0x7f0000000140)='./file2\x00', 0x1ad) unlink(&(0x7f0000000180)='./file1\x00') [ 63.735382][ T5300] Bluetooth: hci0: command tx timeout [ 63.816946][ T5316] loop0: detected capacity change from 0 to 1024 [ 63.907113][ T5316] [ 63.908132][ T5316] ====================================================== [ 63.910776][ T5316] WARNING: possible circular locking dependency detected [ 63.913409][ T5316] 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 Not tainted [ 63.915842][ T5316] ------------------------------------------------------ [ 63.918450][ T5316] syz.0.0/5316 is trying to acquire lock: [ 63.920542][ T5316] ffff888034e660b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 63.924246][ T5316] [ 63.924246][ T5316] but task is already holding lock: [ 63.926931][ T5316] ffff88803d36f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x30a/0xc70 [ 63.930956][ T5316] [ 63.930956][ T5316] which lock already depends on the new lock. [ 63.930956][ T5316] [ 63.934554][ T5316] [ 63.934554][ T5316] the existing dependency chain (in reverse order) is: [ 63.937999][ T5316] [ 63.937999][ T5316] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 63.941392][ T5316] lock_acquire+0x1ed/0x550 [ 63.943266][ T5316] __mutex_lock+0x19c/0x1010 [ 63.945388][ T5316] hfsplus_file_extend+0x21b/0x1b70 [ 63.947777][ T5316] hfsplus_bmap_reserve+0x105/0x4e0 [ 63.950311][ T5316] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 63.952661][ T5316] __hfsplus_ext_cache_extent+0x84/0xe10 [ 63.954793][ T5316] hfsplus_file_extend+0x48c/0x1b70 [ 63.956840][ T5316] hfsplus_get_block+0x406/0x14f0 [ 63.958865][ T5316] __block_write_begin_int+0x692/0x19a0 [ 63.961030][ T5316] cont_write_begin+0x77f/0xb40 [ 63.963062][ T5316] hfsplus_write_begin+0x68/0xb0 [ 63.965024][ T5316] generic_perform_write+0x346/0x990 [ 63.966953][ T5316] generic_file_write_iter+0x10c/0x5b0 [ 63.969007][ T5316] aio_write+0x56b/0x7c0 [ 63.970666][ T5316] io_submit_one+0x8a7/0x18a0 [ 63.972651][ T5316] __se_sys_io_submit+0x171/0x2e0 [ 63.974727][ T5316] do_syscall_64+0xf3/0x230 [ 63.976515][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.978844][ T5316] [ 63.978844][ T5316] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 63.981748][ T5316] validate_chain+0x18ef/0x5920 [ 63.983679][ T5316] __lock_acquire+0x1397/0x2100 [ 63.985794][ T5316] lock_acquire+0x1ed/0x550 [ 63.987694][ T5316] __mutex_lock+0x19c/0x1010 [ 63.989538][ T5316] hfsplus_find_init+0x14a/0x1c0 [ 63.991508][ T5316] hfsplus_file_truncate+0x45f/0xc70 [ 63.993738][ T5316] hfsplus_delete_inode+0x174/0x220 [ 63.995912][ T5316] hfsplus_unlink+0x512/0x790 [ 63.997796][ T5316] vfs_unlink+0x365/0x650 [ 63.999710][ T5316] do_unlinkat+0x4ae/0x830 [ 64.002038][ T5316] __x64_sys_unlink+0x47/0x50 [ 64.004003][ T5316] do_syscall_64+0xf3/0x230 [ 64.005869][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.008139][ T5316] [ 64.008139][ T5316] other info that might help us debug this: [ 64.008139][ T5316] [ 64.011775][ T5316] Possible unsafe locking scenario: [ 64.011775][ T5316] [ 64.014498][ T5316] CPU0 CPU1 [ 64.016500][ T5316] ---- ---- [ 64.018330][ T5316] lock(&HFSPLUS_I(inode)->extents_lock); [ 64.020273][ T5316] lock(&tree->tree_lock/1); [ 64.022693][ T5316] lock(&HFSPLUS_I(inode)->extents_lock); [ 64.025513][ T5316] lock(&tree->tree_lock/1); [ 64.027315][ T5316] [ 64.027315][ T5316] *** DEADLOCK *** [ 64.027315][ T5316] [ 64.030318][ T5316] 5 locks held by syz.0.0/5316: [ 64.032121][ T5316] #0: ffff88804310e420 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 64.035339][ T5316] #1: ffff88803d36ddf8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: do_unlinkat+0x26a/0x830 [ 64.039156][ T5316] #2: ffff88803d36f238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: vfs_unlink+0xe4/0x650 [ 64.042630][ T5316] #3: ffff888040c0f998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x161/0x790 [ 64.046143][ T5316] #4: ffff88803d36f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x30a/0xc70 [ 64.050253][ T5316] [ 64.050253][ T5316] stack backtrace: [ 64.052514][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 64.052529][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.052537][ T5316] Call Trace: [ 64.052545][ T5316] [ 64.052551][ T5316] dump_stack_lvl+0x241/0x360 [ 64.052569][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.052580][ T5316] ? __pfx__printk+0x10/0x10 [ 64.052600][ T5316] print_circular_bug+0x13a/0x1b0 [ 64.052613][ T5316] check_noncircular+0x36a/0x4a0 [ 64.052624][ T5316] ? __pfx_check_noncircular+0x10/0x10 [ 64.052635][ T5316] ? lockdep_lock+0x123/0x2b0 [ 64.052649][ T5316] validate_chain+0x18ef/0x5920 [ 64.052663][ T5316] ? __pfx_validate_chain+0x10/0x10 [ 64.052677][ T5316] ? mark_lock+0x9a/0x360 [ 64.052691][ T5316] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.052705][ T5316] ? mark_lock+0x9a/0x360 [ 64.052718][ T5316] __lock_acquire+0x1397/0x2100 [ 64.052735][ T5316] lock_acquire+0x1ed/0x550 [ 64.052746][ T5316] ? hfsplus_find_init+0x14a/0x1c0 [ 64.052758][ T5316] ? __pfx_lock_acquire+0x10/0x10 [ 64.052771][ T5316] ? hfsplus_find_init+0x85/0x1c0 [ 64.052780][ T5316] ? hfsplus_file_truncate+0x45f/0xc70 [ 64.052793][ T5316] ? __pfx___might_resched+0x10/0x10 [ 64.052805][ T5316] ? __x64_sys_unlink+0x47/0x50 [ 64.052817][ T5316] ? do_syscall_64+0xf3/0x230 [ 64.052826][ T5316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.052836][ T5316] __mutex_lock+0x19c/0x1010 [ 64.052844][ T5316] ? hfsplus_find_init+0x14a/0x1c0 [ 64.052851][ T5316] ? hfsplus_find_init+0x14a/0x1c0 [ 64.052857][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 64.052865][ T5316] ? rcu_is_watching+0x15/0xb0 [ 64.052871][ T5316] ? __kmalloc_noprof+0x2a5/0x4c0 [ 64.052879][ T5316] ? hfsplus_find_init+0x85/0x1c0 [ 64.052887][ T5316] hfsplus_find_init+0x14a/0x1c0 [ 64.052894][ T5316] hfsplus_file_truncate+0x45f/0xc70 [ 64.052905][ T5316] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 64.052913][ T5316] ? __pfx___mutex_lock+0x10/0x10 [ 64.052924][ T5316] hfsplus_delete_inode+0x174/0x220 [ 64.052936][ T5316] hfsplus_unlink+0x512/0x790 [ 64.052950][ T5316] ? __pfx_hfsplus_unlink+0x10/0x10 [ 64.052963][ T5316] ? down_write+0x18c/0x220 [ 64.052978][ T5316] ? bpf_lsm_inode_unlink+0x9/0x10 [ 64.052993][ T5316] ? security_inode_unlink+0xd9/0x340 [ 64.053004][ T5316] vfs_unlink+0x365/0x650 [ 64.053017][ T5316] do_unlinkat+0x4ae/0x830 [ 64.053026][ T5316] ? __pfx_do_unlinkat+0x10/0x10 [ 64.053034][ T5316] ? __check_object_size+0x47a/0x730 [ 64.053043][ T5316] ? __might_fault+0xc6/0x120 [ 64.053051][ T5316] ? strncpy_from_user+0x146/0x270 [ 64.053058][ T5316] ? getname_flags+0x1e3/0x540 [ 64.053064][ T5316] __x64_sys_unlink+0x47/0x50 [ 64.053073][ T5316] do_syscall_64+0xf3/0x230 [ 64.053085][ T5316] ? clear_bhb_loop+0x35/0x90 [ 64.053098][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.053113][ T5316] RIP: 0033:0x7fcbe278cda9 [ 64.053124][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.053133][ T5316] RSP: 002b:00007fcbe3507038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 64.053145][ T5316] RAX: ffffffffffffffda RBX: 00007fcbe29a5fa0 RCX: 00007fcbe278cda9 [ 64.053153][ T5316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 64.053160][ T5316] RBP: 00007fcbe280e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 64.053167][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.053173][ T5316] R13: 0000000000000000 R14: 00007fcbe29a5fa0 R15: 00007ffeac08a238 [ 64.053184][ T5316]