program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) creat(&(0x7f00000002c0)='./file3\x00', 0x58) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) setxattr$incfs_size(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000000008b}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000100)='./file0\x00', 0x2000, 0x1) unlink(&(0x7f0000000040)='./file0\x00') mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newlink={0x38, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xfffffffffffffd73, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6}]}}}]}, 0x38}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x4810, &(0x7f0000000480)=ANY=[], 0x1, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpikxibWtuXMnBBmfja3BQotySeYQo9yLJ0pYXFAqOrkT0vNtw6JbjO2PXVgO8Nz+DjPmoI+QaPjEgxOCwX/y4CMSWhoKNNYy7TUdsGXIo2/El6rjZ0yGNztmZbBApSlAUSuhPJkwXoSkld46GhqGqUkJzRskkhIciswfMmwdQ/naoEGBqRoU2FgYNjOCItbCLgGY4yCUTAKRsEoGAWjYBSMglEwCkbBKBgRABAAAP//cSSaOg==") unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) (async) creat(&(0x7f00000002c0)='./file3\x00', 0x58) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) setxattr$incfs_size(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x1) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000000008b}, 0x0) (async) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) (async) mknod$loop(&(0x7f0000000100)='./file0\x00', 0x2000, 0x1) (async) unlink(&(0x7f0000000040)='./file0\x00') (async) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newlink={0x38, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xfffffffffffffd73, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6}]}}}]}, 0x38}}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x4810, &(0x7f0000000480)=ANY=[], 0x1, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT8xrykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE8YP//83uIKcmNLAkKYQxpikxibWtuXMnBBmfja3BQotySeYQo9yLJ0pYXFAqOrkT0vNtw6JbjO2PXVgO8Nz+DjPmoI+QaPjEgxOCwX/y4CMSWhoKNNYy7TUdsGXIo2/El6rjZ0yGNztmZbBApSlAUSuhPJkwXoSkld46GhqGqUkJzRskkhIciswfMmwdQ/naoEGBqRoU2FgYNjOCItbCLgGY4yCUTAKRsEoGAWjYBSMglEwCkbBKBgRABAAAP//cSSaOg==") (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async) [ 87.518157][ T5286] Bluetooth: hci0: command tx timeout [ 87.631540][ T5324] loop0: detected capacity change from 0 to 64 [ 87.686667][ T5324] ======================================================= [ 87.686667][ T5324] WARNING: The mand mount option has been deprecated and [ 87.686667][ T5324] and is ignored by this kernel. Remove the mand [ 87.686667][ T5324] option from the mount to silence this warning. [ 87.686667][ T5324] ======================================================= [ 87.825988][ T5324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 88.610974][ T5324] hfs: request for non-existent node 8 in B*Tree [ 88.614274][ T5324] hfs: request for non-existent node 8 in B*Tree [ 88.642030][ T5324] [ 88.643141][ T5324] ====================================================== [ 88.645962][ T5324] WARNING: possible circular locking dependency detected [ 88.649029][ T5324] syzkaller #0 Not tainted [ 88.651309][ T5324] ------------------------------------------------------ [ 88.654454][ T5324] syz.0.0/5324 is trying to acquire lock: [ 88.656771][ T5324] ffff8880127f20a8 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 88.660518][ T5324] [ 88.660518][ T5324] but task is already holding lock: [ 88.663641][ T5324] ffff8880371000f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 88.668236][ T5324] [ 88.668236][ T5324] which lock already depends on the new lock. [ 88.668236][ T5324] [ 88.672578][ T5324] [ 88.672578][ T5324] the existing dependency chain (in reverse order) is: [ 88.676645][ T5324] [ 88.676645][ T5324] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 88.680692][ T5324] __mutex_lock+0x1a3/0x1550 [ 88.683017][ T5324] hfs_extend_file+0xf2/0x15e0 [ 88.685455][ T5324] hfs_bmap_reserve+0x107/0x430 [ 88.687792][ T5324] __hfs_ext_write_extent+0x1fa/0x470 [ 88.690362][ T5324] __hfs_ext_cache_extent+0x6b/0x9b0 [ 88.692948][ T5324] hfs_extend_file+0x39b/0x15e0 [ 88.695191][ T5324] hfs_get_block+0x412/0xc50 [ 88.697382][ T5324] __block_write_begin_int+0x6c6/0x1910 [ 88.700037][ T5324] cont_write_begin+0x737/0xae0 [ 88.702374][ T5324] hfs_write_begin+0x66/0xb0 [ 88.704563][ T5324] cont_write_begin+0x2e7/0xae0 [ 88.706882][ T5324] hfs_write_begin+0x66/0xb0 [ 88.709110][ T5324] generic_perform_write+0x2e2/0x8f0 [ 88.711628][ T5324] generic_file_write_iter+0x14a/0x680 [ 88.714138][ T5324] vfs_write+0x61d/0xb90 [ 88.716210][ T5324] __x64_sys_pwrite64+0x199/0x230 [ 88.718457][ T5324] do_syscall_64+0x15f/0xf80 [ 88.720685][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.723488][ T5324] [ 88.723488][ T5324] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 88.726723][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 88.729063][ T5324] lock_acquire+0x106/0x350 [ 88.731379][ T5324] __mutex_lock+0x1a3/0x1550 [ 88.733589][ T5324] hfs_find_init+0x18e/0x300 [ 88.735802][ T5324] hfs_extend_file+0x35c/0x15e0 [ 88.738236][ T5324] hfs_bmap_reserve+0x107/0x430 [ 88.740775][ T5324] hfs_cat_create+0x20f/0x800 [ 88.743200][ T5324] hfs_create+0x75/0xe0 [ 88.745360][ T5324] path_openat+0x1395/0x3860 [ 88.747572][ T5324] do_file_open+0x23e/0x4a0 [ 88.749813][ T5324] do_sys_openat2+0x113/0x200 [ 88.752133][ T5324] __x64_sys_creat+0x8f/0xc0 [ 88.754533][ T5324] do_syscall_64+0x15f/0xf80 [ 88.756865][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.759678][ T5324] [ 88.759678][ T5324] other info that might help us debug this: [ 88.759678][ T5324] [ 88.764327][ T5324] Possible unsafe locking scenario: [ 88.764327][ T5324] [ 88.767692][ T5324] CPU0 CPU1 [ 88.769955][ T5324] ---- ---- [ 88.772361][ T5324] lock(&HFS_I(tree->inode)->extents_lock); [ 88.775100][ T5324] lock(&tree->tree_lock/1); [ 88.778245][ T5324] lock(&HFS_I(tree->inode)->extents_lock); [ 88.781864][ T5324] lock(&tree->tree_lock/1); [ 88.784004][ T5324] [ 88.784004][ T5324] *** DEADLOCK *** [ 88.784004][ T5324] [ 88.787508][ T5324] 4 locks held by syz.0.0/5324: [ 88.789651][ T5324] #0: ffff8880127f4410 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 88.793568][ T5324] #1: ffff8880370e7ad0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 88.799215][ T5324] #2: ffff88801f3260a8 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 88.803522][ T5324] #3: ffff8880371000f0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 88.808543][ T5324] [ 88.808543][ T5324] stack backtrace: [ 88.812021][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 88.812040][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.812048][ T5324] Call Trace: [ 88.812057][ T5324] [ 88.812064][ T5324] dump_stack_lvl+0xe8/0x150 [ 88.812085][ T5324] print_circular_bug+0x2e1/0x300 [ 88.812104][ T5324] check_noncircular+0x12e/0x150 [ 88.812120][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 88.812134][ T5324] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 88.812152][ T5324] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 88.812165][ T5324] ? stack_depot_save_flags+0x3f3/0x810 [ 88.812239][ T5324] ? kasan_save_track+0x4f/0x80 [ 88.812250][ T5324] ? kasan_save_track+0x3e/0x80 [ 88.812261][ T5324] ? hfs_find_init+0x18e/0x300 [ 88.812274][ T5324] lock_acquire+0x106/0x350 [ 88.812285][ T5324] ? hfs_find_init+0x18e/0x300 [ 88.812301][ T5324] __mutex_lock+0x1a3/0x1550 [ 88.812316][ T5324] ? hfs_find_init+0x18e/0x300 [ 88.812334][ T5324] ? hfs_find_init+0x18e/0x300 [ 88.812348][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 88.812364][ T5324] ? rcu_is_watching+0x15/0xb0 [ 88.812381][ T5324] ? __kmalloc_noprof+0x37d/0x760 [ 88.812397][ T5324] ? kasan_save_track+0x4f/0x80 [ 88.812408][ T5324] ? hfs_find_init+0xaa/0x300 [ 88.812422][ T5324] ? __kmalloc_noprof+0x1b8/0x760 [ 88.812436][ T5324] hfs_find_init+0x18e/0x300 [ 88.812451][ T5324] hfs_extend_file+0x35c/0x15e0 [ 88.812466][ T5324] ? __pfx_hfs_extend_file+0x10/0x10 [ 88.812477][ T5324] ? __mutex_lock+0x319/0x1550 [ 88.812496][ T5324] ? hfs_find_init+0x18e/0x300 [ 88.812512][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 88.812528][ T5324] ? rcu_is_watching+0x15/0xb0 [ 88.812542][ T5324] hfs_bmap_reserve+0x107/0x430 [ 88.812562][ T5324] hfs_cat_create+0x20f/0x800 [ 88.812573][ T5324] ? do_raw_spin_lock+0x12b/0x2f0 [ 88.812588][ T5324] ? __pfx_hfs_cat_create+0x10/0x10 [ 88.812603][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 88.812617][ T5324] ? hfs_new_inode+0x92d/0xc70 [ 88.812630][ T5324] hfs_create+0x75/0xe0 [ 88.812641][ T5324] ? __pfx_hfs_create+0x10/0x10 [ 88.812651][ T5324] path_openat+0x1395/0x3860 [ 88.812674][ T5324] ? __pfx_path_openat+0x10/0x10 [ 88.812687][ T5324] ? __x64_sys_creat+0x8f/0xc0 [ 88.812703][ T5324] do_file_open+0x23e/0x4a0 [ 88.812717][ T5324] ? __pfx_do_file_open+0x10/0x10 [ 88.812734][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 88.812748][ T5324] ? alloc_fd+0x64b/0x6c0 [ 88.812761][ T5324] do_sys_openat2+0x113/0x200 [ 88.812773][ T5324] ? __se_sys_futex+0x3a8/0x450 [ 88.812788][ T5324] ? __pfx_do_sys_openat2+0x10/0x10 [ 88.812799][ T5324] ? rcu_is_watching+0x15/0xb0 [ 88.812813][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.812826][ T5324] __x64_sys_creat+0x8f/0xc0 [ 88.812838][ T5324] do_syscall_64+0x15f/0xf80 [ 88.812857][ T5324] ? trace_irq_disable+0x3b/0x140 [ 88.812876][ T5324] ? clear_bhb_loop+0x40/0x90 [ 88.812890][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.812902][ T5324] RIP: 0033:0x7f8dd779ce59 [ 88.812931][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 88.812942][ T5324] RSP: 002b:00007f8dd86d3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 88.812955][ T5324] RAX: ffffffffffffffda RBX: 00007f8dd7a15fa0 RCX: 00007f8dd779ce59 [ 88.812963][ T5324] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00002000000002c0 [ 88.812971][ T5324] RBP: 00007f8dd7832d6f R08: 0000000000000000 R09: 0000000000000000 [ 88.812977][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.812983][ T5324] R13: 00007f8dd7a16038 R14: 00007f8dd7a15fa0 R15: 00007ffc8c8357f8 [ 88.812995][ T5324]