program: r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x70000}]) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) accept4$alg(r1, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000412ff8), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) faccessat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x3) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_procfs(r0, &(0x7f00000020c0)='io\x00') socket$nl_netfilter(0x10, 0x3, 0xc) read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020) [ 86.412569][ T5324] loop0: detected capacity change from 0 to 1024 [ 86.428796][ T5303] Bluetooth: hci0: command tx timeout [ 86.720380][ T5325] [ 86.721480][ T5325] ====================================================== [ 86.724437][ T5325] WARNING: possible circular locking dependency detected [ 86.727177][ T5325] syzkaller #0 Not tainted [ 86.728925][ T5325] ------------------------------------------------------ [ 86.731871][ T5325] syz.0.0/5325 is trying to acquire lock: [ 86.734151][ T5325] ffff88804213c0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 86.738477][ T5325] [ 86.738477][ T5325] but task is already holding lock: [ 86.741177][ T5325] ffff888011f97048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 86.745359][ T5325] [ 86.745359][ T5325] which lock already depends on the new lock. [ 86.745359][ T5325] [ 86.749315][ T5325] [ 86.749315][ T5325] the existing dependency chain (in reverse order) is: [ 86.753562][ T5325] [ 86.753562][ T5325] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 86.758123][ T5325] __mutex_lock+0x19f/0x1300 [ 86.760616][ T5325] hfsplus_file_extend+0x215/0x1d70 [ 86.763162][ T5325] hfsplus_bmap_reserve+0x125/0x510 [ 86.765804][ T5325] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 86.768565][ T5325] __hfsplus_ext_cache_extent+0x89/0xe30 [ 86.771337][ T5325] hfsplus_file_extend+0x4af/0x1d70 [ 86.773875][ T5325] hfsplus_get_block+0x42c/0x1670 [ 86.776512][ T5325] __block_write_begin_int+0x6c6/0x1910 [ 86.779975][ T5325] cont_write_begin+0x737/0xae0 [ 86.782971][ T5325] hfsplus_write_begin+0x66/0xb0 [ 86.785505][ T5325] generic_perform_write+0x2e2/0x8f0 [ 86.788079][ T5325] generic_file_write_iter+0x14a/0x680 [ 86.790695][ T5325] aio_write+0x5cd/0x870 [ 86.792777][ T5325] io_submit_one+0x7bb/0x14c0 [ 86.794981][ T5325] __se_sys_io_submit+0x195/0x340 [ 86.797329][ T5325] do_syscall_64+0xe2/0xf80 [ 86.799591][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.802320][ T5325] [ 86.802320][ T5325] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 86.805591][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 86.807952][ T5325] lock_acquire+0x106/0x330 [ 86.809898][ T5325] __mutex_lock+0x19f/0x1300 [ 86.811881][ T5325] hfsplus_find_init+0x168/0x2d0 [ 86.814176][ T5325] hfsplus_get_block+0x91e/0x1670 [ 86.816125][ T5325] block_read_full_folio+0x29f/0x830 [ 86.818517][ T5325] read_pages+0x373/0x5a0 [ 86.820576][ T5325] page_cache_ra_unbounded+0x74f/0x980 [ 86.823079][ T5325] filemap_get_pages+0x4c5/0x1ec0 [ 86.825383][ T5325] filemap_read+0x447/0x1230 [ 86.827489][ T5325] __kernel_read+0x504/0x9b0 [ 86.829698][ T5325] integrity_kernel_read+0x89/0xd0 [ 86.832009][ T5325] ima_calc_file_hash+0x12c3/0x17f0 [ 86.837430][ T5325] ima_collect_measurement+0x48b/0x930 [ 86.840361][ T5325] process_measurement+0x12e0/0x1cb0 [ 86.842977][ T5325] ima_file_check+0xdf/0x130 [ 86.844990][ T5325] security_file_post_open+0xb3/0x260 [ 86.847523][ T5325] path_openat+0x34cb/0x3e20 [ 86.849821][ T5325] do_filp_open+0x22d/0x490 [ 86.851955][ T5325] do_sys_openat2+0x12f/0x220 [ 86.854073][ T5325] __x64_sys_openat+0x138/0x170 [ 86.856355][ T5325] do_syscall_64+0xe2/0xf80 [ 86.858592][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.861322][ T5325] [ 86.861322][ T5325] other info that might help us debug this: [ 86.861322][ T5325] [ 86.865495][ T5325] Possible unsafe locking scenario: [ 86.865495][ T5325] [ 86.868717][ T5325] CPU0 CPU1 [ 86.871065][ T5325] ---- ---- [ 86.873266][ T5325] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.875579][ T5325] lock(&tree->tree_lock/1); [ 86.878317][ T5325] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.881433][ T5325] lock(&tree->tree_lock/1); [ 86.883164][ T5325] [ 86.883164][ T5325] *** DEADLOCK *** [ 86.883164][ T5325] [ 86.886074][ T5325] 4 locks held by syz.0.0/5325: [ 86.888035][ T5325] #0: ffff88801a79c420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.891887][ T5325] #1: ffff88804256b4a8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7f2/0x1cb0 [ 86.896217][ T5325] #2: ffff888011f973d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x1ce/0x980 [ 86.900735][ T5325] #3: ffff888011f97048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 86.905300][ T5325] [ 86.905300][ T5325] stack backtrace: [ 86.907812][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.907854][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.907901][ T5325] Call Trace: [ 86.908049][ T5325] [ 86.908127][ T5325] dump_stack_lvl+0xe8/0x150 [ 86.908171][ T5325] print_circular_bug+0x2e1/0x300 [ 86.908182][ T5325] check_noncircular+0x12e/0x150 [ 86.908190][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 86.908200][ T5325] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 86.908232][ T5325] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.908269][ T5325] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.908287][ T5325] ? stack_depot_save_flags+0x3f3/0x810 [ 86.908302][ T5325] ? hfsplus_find_init+0x168/0x2d0 [ 86.908315][ T5325] lock_acquire+0x106/0x330 [ 86.908329][ T5325] ? hfsplus_find_init+0x168/0x2d0 [ 86.908344][ T5325] __mutex_lock+0x19f/0x1300 [ 86.908377][ T5325] ? hfsplus_find_init+0x168/0x2d0 [ 86.908392][ T5325] ? hfsplus_find_init+0x168/0x2d0 [ 86.908406][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 86.908417][ T5325] ? rcu_is_watching+0x15/0xb0 [ 86.908427][ T5325] ? trace_kmalloc+0x1f/0xb0 [ 86.908439][ T5325] ? __kmalloc_noprof+0x42d/0x7e0 [ 86.908452][ T5325] ? hfsplus_find_init+0x8c/0x2d0 [ 86.908466][ T5325] hfsplus_find_init+0x168/0x2d0 [ 86.908479][ T5325] hfsplus_get_block+0x91e/0x1670 [ 86.908497][ T5325] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.908516][ T5325] ? block_read_full_folio+0x672/0x830 [ 86.908531][ T5325] block_read_full_folio+0x29f/0x830 [ 86.908546][ T5325] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.908563][ T5325] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.908577][ T5325] read_pages+0x373/0x5a0 [ 86.908593][ T5325] ? __pfx_read_pages+0x10/0x10 [ 86.908609][ T5325] ? filemap_add_folio+0x356/0x530 [ 86.908624][ T5325] page_cache_ra_unbounded+0x74f/0x980 [ 86.908643][ T5325] filemap_get_pages+0x4c5/0x1ec0 [ 86.908658][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 86.908676][ T5325] ? __pfx_filemap_get_pages+0x10/0x10 [ 86.908692][ T5325] ? unwind_next_frame+0xa5/0x23c0 [ 86.908705][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 86.908720][ T5325] filemap_read+0x447/0x1230 [ 86.908735][ T5325] ? is_bpf_text_address+0x292/0x2b0 [ 86.908747][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 86.908759][ T5325] ? __kernel_text_address+0xd/0x30 [ 86.908772][ T5325] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 86.908787][ T5325] ? __pfx_filemap_read+0x10/0x10 [ 86.908805][ T5325] ? __kmalloc_cache_noprof+0x3d1/0x6e0 [ 86.908821][ T5325] ? generic_file_read_iter+0x8f/0x510 [ 86.908837][ T5325] ? __asan_memset+0x22/0x50 [ 86.908851][ T5325] ? iov_iter_kvec+0xb8/0x180 [ 86.908864][ T5325] __kernel_read+0x504/0x9b0 [ 86.908876][ T5325] ? __pfx___kernel_read+0x10/0x10 [ 86.908888][ T5325] integrity_kernel_read+0x89/0xd0 [ 86.908921][ T5325] ? __pfx_integrity_kernel_read+0x10/0x10 [ 86.908929][ T5325] ? __kmalloc_cache_noprof+0x3d1/0x6e0 [ 86.908939][ T5325] ? ima_calc_file_hash+0x128f/0x17f0 [ 86.908948][ T5325] ? __asan_memcpy+0x40/0x70 [ 86.908960][ T5325] ima_calc_file_hash+0x12c3/0x17f0 [ 86.908973][ T5325] ? unwind_next_frame+0xa5/0x23c0 [ 86.908984][ T5325] ? is_bpf_text_address+0x26/0x2b0 [ 86.908996][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 86.909012][ T5325] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 86.909033][ T5325] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.909043][ T5325] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.909056][ T5325] ? stack_depot_save_flags+0x3f3/0x810 [ 86.909067][ T5325] ? kasan_save_track+0x4f/0x80 [ 86.909079][ T5325] ? kasan_save_track+0x3e/0x80 [ 86.909092][ T5325] ? make_vfsgid+0x49/0xa0 [ 86.909105][ T5325] ? generic_fillattr+0x63d/0x9a0 [ 86.909123][ T5325] ? hfsplus_getattr+0x235/0x2f0 [ 86.909140][ T5325] ima_collect_measurement+0x48b/0x930 [ 86.909154][ T5325] ? __pfx_ima_collect_measurement+0x10/0x10 [ 86.909165][ T5325] ? kasan_quarantine_put+0xbb/0x1f0 [ 86.909174][ T5325] ? hfsplus_getxattr+0x118/0x180 [ 86.909183][ T5325] ? kfree+0x1be/0x650 [ 86.909193][ T5325] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 86.909201][ T5325] process_measurement+0x12e0/0x1cb0 [ 86.909217][ T5325] ? __pfx_process_measurement+0x10/0x10 [ 86.909237][ T5325] ? tomoyo_check_open_permission+0x38e/0x470 [ 86.909255][ T5325] ? tomoyo_check_open_permission+0x1d3/0x470 [ 86.909280][ T5325] ? fsnotify_open_perm_and_set_mode+0x13c/0x6d0 [ 86.909291][ T5325] ima_file_check+0xdf/0x130 [ 86.909303][ T5325] ? __pfx_ima_file_check+0x10/0x10 [ 86.909318][ T5325] security_file_post_open+0xb3/0x260 [ 86.909353][ T5325] path_openat+0x34cb/0x3e20 [ 86.909377][ T5325] ? __pfx_path_openat+0x10/0x10 [ 86.909395][ T5325] do_filp_open+0x22d/0x490 [ 86.909410][ T5325] ? __pfx_do_filp_open+0x10/0x10 [ 86.909426][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 86.909436][ T5325] ? alloc_fd+0x64b/0x6c0 [ 86.909449][ T5325] do_sys_openat2+0x12f/0x220 [ 86.909457][ T5325] ? __se_sys_futex+0x3a8/0x450 [ 86.909467][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.909476][ T5325] ? rcu_is_watching+0x15/0xb0 [ 86.909491][ T5325] __x64_sys_openat+0x138/0x170 [ 86.909500][ T5325] do_syscall_64+0xe2/0xf80 [ 86.909507][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.909514][ T5325] ? trace_irq_disable+0x37/0x100 [ 86.909522][ T5325] ? clear_bhb_loop+0x60/0xb0 [ 86.909530][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.909539][ T5325] RIP: 0033:0x7fd1a639aeb9 [ 86.909649][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.909660][ T5325] RSP: 002b:00007fd1a7182028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 86.909673][ T5325] RAX: ffffffffffffffda RBX: 00007fd1a6616090 RCX: 00007fd1a639aeb9 [ 86.909681][ T5325] RDX: 0000000000101740 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 86.909688][ T5325] RBP: 00007fd1a6408c1f R08: 0000000000000000 R09: 0000000000000000 [ 86.909695][ T5325] R10: 0000000000000179 R11: 0000000000000246 R12: 0000000000000000 [ 86.909701][ T5325] R13: 00007fd1a6616128 R14: 00007fd1a6616090 R15: 00007ffe05f47098 [ 86.909727][ T5325] [ 87.364462][ T13] hfsplus: b-tree write err: -5, ino 3 [ 87.389680][ T25] audit: type=1800 audit(1770211247.210:2): pid=5325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0