program: syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x3, 0x4000, 0x265, {0x3, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x3ff, 0x6000, 0x0, 0x0, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000100)='./file0\x00', 0x201048c, &(0x7f0000000300)=ANY=[], 0xfd, 0x654, &(0x7f0000000480)="$eJzs3c1vHGcdB/DvrNd2NpTUTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVoia92sP/QPKwTdOSNwjlQsXuPVqCQkhIXHhgjkt2tlZe+O32IntXcPnE808zzPPzDO/+c3Lem1FE+D/1vxE6o9SZH7ijbV2e3Njprm5MfOgW08ymmQ9qSepJSn+3Wq1Pk1uJcX2MMWuco+Pl+be+uxfm3/vtOrVlKIc/ZDtjma9mjKeZKgqT2q82888XrF9hLeSXK9K6LvhJK3H/OhPz2339Gjst/WFM4kROF1F53Nzj7HkYnWjl5/U653FtbON7uSt9zsAAAAAOAPPb2Ura8WlfscBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA58X6zvv/q2r5fv+iWE/GU3Tf/z9S9aWqD5ZXj7f6o9OKAwAAAAAAAADO0Ktb2cpaLnXbraL8m/9rZeNKOf9c3stKFrOcG1nLQlazmuVMJRnrGWhkbWF1dXnqCFtO77vl9BMCHa3KxskcNwAAAAAAAAD8j/l55nf+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOgSIY6RTld6dbHUqsnuZBkpL3eevKXbv08e1TO//bXfscBAAAAp+n5rWxlLZe67VZRfud/qfzefyHv5WFWs5TVNLOYO+XvAjrf+mubGzPNzY2ZB+1p77jf/uexwihHTOd3D/vv+Vq5RiN3s1QuuZHbeSfN3Emt3LLtWhVPd9Rdcf2sHVPxrcoRI7tTle0j/6gq9/jwWAd7kGP+MmWszMjwdkYmq9ja2Xihe2b2P0PHPDu79zSV2nawV3btaddBPFXOL5bz4fJ4fn1Qzvtidyame66+lw7PefLlP/zuh/eaD+/fu7syMTiH1PGka2+oKlvlvLE3EzM9mXj5PGfi2CbLTFzdbs/ne/lBJjKeN7Ocpfw4C1nNYsbz3bK2UF3PRU/aD8jUrcdabz4pkpHqCu2crOPF9Fq57aUs5ft5J3eymNfLf9OZytczm9nM9Zzhq4ef4fKurx1w17c+v2/w179SVRpJflOVg6Gd1xd68tr7zB0r+3qX7GTp8hGydMxnY/2LVaW9j19U5WDYnYmpnky8eHgmfls+VlaaD+8v31t492i7u/xRVWnfR78aqE+J9vVyuX2yytbjV0e778V9+6bKvivbfbU9fVe3+zp36vrQQXfqSPUz3N6Rpsu+l/ftmyn7rvX07ffzFgAD7+JXL440/tH4c+OTxi8b9xpvXPjO6DdGXxnJ8B+Hv1mfHPpS7ZXi9/kkP935/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy9lfc/uL/QbC4u76q0Wq0PD+g6z5Xu68zOcKdfeC6plgxnIJLQj8p/Wq1WtaQYhHgOr7QqT7F50u/gT6jyhAfH6Bk8nIBTdXP1wbs3V97/4GtLDxbeXnx78eHc7Ozc5Nzs6zM37y41Fyc7835HCZyGnQ/9snnMV1EDAAAAAAAAAAAA/XAW/52g38cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnG/zE6k/SpGpyRuT7fbmxkyzPXXrO2vWk9SSFD9Jik+TW+lMGesZrjhoPx8vzb312VjvWPXu+rXDtjua9WrKeJKhqjyp8W4/83jF9hG2E3Y99U7ioN/+GwAA//+MNw1+") openat(0xffffffffffffff9c, &(0x7f0000000640)='./file0/file0\x00', 0x4a300, 0xcd) r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x200}, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) [ 85.416711][ T5300] Bluetooth: hci0: command tx timeout [ 85.496550][ T5324] loop0: detected capacity change from 0 to 1024 [ 85.618140][ T5324] [ 85.619310][ T5324] ====================================================== [ 85.622991][ T5324] WARNING: possible circular locking dependency detected [ 85.626980][ T5324] syzkaller #0 Not tainted [ 85.629171][ T5324] ------------------------------------------------------ [ 85.632364][ T5324] syz.0.0/5324 is trying to acquire lock: [ 85.635394][ T5324] ffff8880430a8e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.641233][ T5324] [ 85.641233][ T5324] but task is already holding lock: [ 85.645020][ T5324] ffff88801f64c0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.651180][ T5324] [ 85.651180][ T5324] which lock already depends on the new lock. [ 85.651180][ T5324] [ 85.656256][ T5324] [ 85.656256][ T5324] the existing dependency chain (in reverse order) is: [ 85.660497][ T5324] [ 85.660497][ T5324] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 85.664006][ T5324] __mutex_lock+0x19f/0x1300 [ 85.666341][ T5324] hfsplus_find_init+0x168/0x2d0 [ 85.669360][ T5324] hfsplus_file_truncate+0x39b/0xc30 [ 85.673148][ T5324] hfsplus_setattr+0x1c4/0x270 [ 85.675692][ T5324] notify_change+0xc1a/0xf40 [ 85.678044][ T5324] do_truncate+0x1c2/0x250 [ 85.680251][ T5324] path_openat+0x2f89/0x3860 [ 85.682539][ T5324] do_file_open+0x23e/0x4a0 [ 85.684901][ T5324] do_sys_openat2+0x113/0x200 [ 85.687138][ T5324] __x64_sys_openat+0x138/0x170 [ 85.689457][ T5324] do_syscall_64+0x14d/0xf80 [ 85.691597][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.694956][ T5324] [ 85.694956][ T5324] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.699484][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 85.702261][ T5324] lock_acquire+0xf0/0x2e0 [ 85.705079][ T5324] __mutex_lock+0x19f/0x1300 [ 85.708243][ T5324] hfsplus_file_extend+0x215/0x1d70 [ 85.711384][ T5324] hfsplus_bmap_reserve+0x125/0x510 [ 85.714535][ T5324] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.717809][ T5324] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.721152][ T5324] hfsplus_file_extend+0x4af/0x1d70 [ 85.724209][ T5324] hfsplus_get_block+0x42c/0x1670 [ 85.727269][ T5324] __block_write_begin_int+0x6c6/0x1910 [ 85.730354][ T5324] cont_write_begin+0x737/0xae0 [ 85.732795][ T5324] hfsplus_write_begin+0x66/0xb0 [ 85.735276][ T5324] generic_perform_write+0x2e2/0x8f0 [ 85.738032][ T5324] generic_file_write_iter+0x14a/0x680 [ 85.740763][ T5324] vfs_write+0x61d/0xb90 [ 85.743239][ T5324] ksys_write+0x150/0x270 [ 85.745768][ T5324] do_syscall_64+0x14d/0xf80 [ 85.748096][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.750861][ T5324] [ 85.750861][ T5324] other info that might help us debug this: [ 85.750861][ T5324] [ 85.755478][ T5324] Possible unsafe locking scenario: [ 85.755478][ T5324] [ 85.759276][ T5324] CPU0 CPU1 [ 85.762394][ T5324] ---- ---- [ 85.766057][ T5324] lock(&tree->tree_lock/1); [ 85.768197][ T5324] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.772154][ T5324] lock(&tree->tree_lock/1); [ 85.775314][ T5324] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.778303][ T5324] [ 85.778303][ T5324] *** DEADLOCK *** [ 85.778303][ T5324] [ 85.782359][ T5324] 5 locks held by syz.0.0/5324: [ 85.785113][ T5324] #0: ffff8880390a69b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 85.789784][ T5324] #1: ffff88801f6ac420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.794096][ T5324] #2: ffff8880413c1df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.799218][ T5324] #3: ffff8880413c1c08 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.804021][ T5324] #4: ffff88801f64c0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.808640][ T5324] [ 85.808640][ T5324] stack backtrace: [ 85.811318][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.811339][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.811349][ T5324] Call Trace: [ 85.811359][ T5324] [ 85.811368][ T5324] dump_stack_lvl+0xe8/0x150 [ 85.811391][ T5324] print_circular_bug+0x2e1/0x300 [ 85.811416][ T5324] check_noncircular+0x12e/0x150 [ 85.811439][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 85.811459][ T5324] ? rcu_is_watching+0x15/0xb0 [ 85.811480][ T5324] ? lock_release+0x4b/0x3d0 [ 85.811494][ T5324] ? lock_release+0x4b/0x3d0 [ 85.811514][ T5324] lock_acquire+0xf0/0x2e0 [ 85.811529][ T5324] ? hfsplus_file_extend+0x215/0x1d70 [ 85.811550][ T5324] __mutex_lock+0x19f/0x1300 [ 85.811588][ T5324] ? hfsplus_file_extend+0x215/0x1d70 [ 85.811610][ T5324] ? stack_trace_save+0xa9/0x100 [ 85.811624][ T5324] ? __pfx_stack_trace_save+0x10/0x10 [ 85.811633][ T5324] ? hfsplus_file_extend+0x215/0x1d70 [ 85.811651][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 85.811670][ T5324] ? lockdep_unlock+0x5d/0xd0 [ 85.811683][ T5324] ? __lock_acquire+0x146e/0x2cf0 [ 85.811698][ T5324] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.811715][ T5324] hfsplus_file_extend+0x215/0x1d70 [ 85.811735][ T5324] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.811753][ T5324] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.811772][ T5324] ? rcu_is_watching+0x15/0xb0 [ 85.811787][ T5324] ? trace_contention_end+0x3d/0x150 [ 85.811805][ T5324] ? __asan_memset+0x22/0x50 [ 85.811818][ T5324] ? hfsplus_brec_find+0x19d/0x520 [ 85.811829][ T5324] hfsplus_bmap_reserve+0x125/0x510 [ 85.811844][ T5324] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.811863][ T5324] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.811883][ T5324] hfsplus_file_extend+0x4af/0x1d70 [ 85.811904][ T5324] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.811921][ T5324] ? percpu_ref_get_many+0x19/0x140 [ 85.811934][ T5324] ? percpu_ref_get_many+0x19/0x140 [ 85.811949][ T5324] ? rcu_is_watching+0x15/0xb0 [ 85.811965][ T5324] ? trace_kmem_cache_alloc+0x29/0xf0 [ 85.811983][ T5324] hfsplus_get_block+0x42c/0x1670 [ 85.812003][ T5324] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.812015][ T5324] ? do_raw_spin_unlock+0x4d/0x210 [ 85.812025][ T5324] ? _raw_spin_unlock+0x28/0x50 [ 85.812042][ T5324] __block_write_begin_int+0x6c6/0x1910 [ 85.812060][ T5324] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.812078][ T5324] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.812093][ T5324] cont_write_begin+0x737/0xae0 [ 85.812105][ T5324] ? irqentry_exit+0x59e/0x620 [ 85.812125][ T5324] ? __pfx_cont_write_begin+0x10/0x10 [ 85.812141][ T5324] hfsplus_write_begin+0x66/0xb0 [ 85.812156][ T5324] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.812174][ T5324] generic_perform_write+0x2e2/0x8f0 [ 85.812192][ T5324] ? __pfx_generic_perform_write+0x10/0x10 [ 85.812202][ T5324] ? file_update_time_flags+0x400/0x4a0 [ 85.812219][ T5324] ? __generic_file_write_iter+0xf9/0x230 [ 85.812231][ T5324] ? generic_file_write_iter+0x136/0x680 [ 85.812244][ T5324] generic_file_write_iter+0x14a/0x680 [ 85.812258][ T5324] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.812270][ T5324] ? add_lock_to_list+0xc7/0x100 [ 85.812287][ T5324] ? lockdep_unlock+0x5d/0xd0 [ 85.812300][ T5324] ? __lock_acquire+0x146e/0x2cf0 [ 85.812324][ T5324] vfs_write+0x61d/0xb90 [ 85.812345][ T5324] ? __pfx_vfs_write+0x10/0x10 [ 85.812364][ T5324] ? __fget_files+0x2a/0x420 [ 85.812381][ T5324] ksys_write+0x150/0x270 [ 85.812399][ T5324] ? __pfx_ksys_write+0x10/0x10 [ 85.812419][ T5324] do_syscall_64+0x14d/0xf80 [ 85.812432][ T5324] ? trace_irq_disable+0x3b/0x150 [ 85.812447][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.812458][ T5324] ? clear_bhb_loop+0x40/0x90 [ 85.812471][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.812487][ T5324] RIP: 0033:0x7fb11099c799 [ 85.812502][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.812513][ T5324] RSP: 002b:00007fb1118c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.812528][ T5324] RAX: ffffffffffffffda RBX: 00007fb110c15fa0 RCX: 00007fb11099c799 [ 85.812537][ T5324] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000006 [ 85.812544][ T5324] RBP: 00007fb110a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 85.812551][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.812558][ T5324] R13: 00007fb110c16038 R14: 00007fb110c15fa0 R15: 00007ffda2e290d8 [ 85.812579][ T5324]