program: r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001ff, 0x101301) syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="5c00000014006b05c84e21000ab16d6e230675f802000000440002000000000000000000b556a705251e6182149a08c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c1504bb918689d9193e9bd1c1b", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000800) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1c0000f500000000000000000000000000000200"], 0x58) chdir(&(0x7f0000000240)='./file0\x00') r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x147040, 0x0) r5 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r5, 0x40086602, &(0x7f0000000040)={0x6b}) ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKROSET(r6, 0x125d, &(0x7f0000000080)=0x3f) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000040), 0x208e24b) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000002c0)=@urb_type_iso={0x0, {0xe, 0x1}, 0x200, 0x2, &(0x7f0000000080)="b0f7424f64fc10929710d7513028e536806337a7159e173380d6161714d2a468691a7564e5bc65e8c5465ddda6d8d929719d41746264de08b8c3ae10460af1f79b698dbe52065f7a30da22d23bbf76da653353a1cd57afa109f192cc555a1a0b014a10dea3fb2241ac38ee1ceeb214a87de83f34e737bc654a87d23be4a7721d2dbd9a516f02696a0ef621a68341b1fd79a945d6e98f642229bc913e5f43a4c906a56551431be8f918950a0f07795cf23a93a31cb610", 0xb6, 0x2, 0x4, 0x2d, 0x3, 0x5, &(0x7f0000000180)="4420a97babc7d123fdef", [{0x0, 0x3}, {0x4, 0x1, 0x305f9161}, {0xfff, 0x9, 0x5}, {0x7fffffff, 0xfffffffc, 0x3ff}, {0x5, 0x9, 0x4800000}, {0xae, 0x8, 0x3}, {0xfa, 0x6, 0xffff}, {0x10, 0x5, 0x2cf}, {0x3, 0x10, 0xffffffff}, {0x8001, 0x10001, 0x2}, {0x6, 0x3, 0x4}, {0x7, 0x3, 0x81}, {0x80000001, 0x4, 0x5}, {0x5, 0x9, 0x3}, {0x1, 0x1794}, {0x68, 0x2, 0x3fffc}, {0x8001, 0xfffffffd, 0x9}, {0x1ff, 0x6}, {0x6, 0x80000001, 0x7}, {0x2, 0x2000000, 0x9}, {0xfffffffb, 0xbd3, 0x6}, {0x7b1e87fb, 0x6, 0x3}, {0x7fffffff, 0x1, 0x53}, {0x40, 0x9, 0x9}, {0xc228, 0x9, 0x3168}, {0x0, 0xfffff001, 0x4}, {0x3ff, 0x6, 0xfffffff9}, {0x9, 0x40, 0xb57}, {0x10001, 0x4, 0x6}, {0x9, 0x2, 0x5}, {0x2, 0x6, 0x2}, {0x10001, 0xf19, 0x80000001}, {0x0, 0x6, 0x6}, {0x9, 0xe, 0x7fffffff}, {0x7b, 0x362d, 0x80000001}, {0xffffffff, 0x10001, 0x2e0}, {0x0, 0x8, 0x7}, {0x80000000, 0xd5, 0x2}, {0x9135, 0xffffffff, 0x7}, {0x3, 0x8, 0x534}, {0x4, 0x5, 0x66}, {0x0, 0x2, 0x4}, {0x1, 0x6000000, 0x4}, {0x0, 0x7, 0x2}, {0x8, 0x4, 0x1000}]}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b0400000000000000000200000024ff048020000180070001006374000014000280080002400000000f0800014000000002090001007373797a3200000074080000000000000000002000000000000000000a00"/120], 0x78}}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) ioctl$FS_IOC_RESVSP(r9, 0x40305828, &(0x7f00000001c0)={0x0, 0x4, 0xd, 0xad}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0x29, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x10c, 0x0, &(0x7f0000000cc0)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) [ 84.327661][ T5304] Bluetooth: hci0: command tx timeout [ 84.526232][ T5326] loop0: detected capacity change from 0 to 1024 [ 84.689856][ T24] audit: type=1800 audit(1775460739.887:2): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=0 res=0 errno=0 [ 84.757328][ T5326] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 84.786057][ T5326] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 84.796319][ T24] audit: type=1800 audit(1775460739.997:3): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file0" dev="loop0" ino=18 res=0 errno=0 [ 84.813054][ T24] audit: type=1804 audit(1775460740.007:4): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.0" name="/newroot/0/file1/file0/file0" dev="loop0" ino=18 res=1 errno=0 [ 84.827820][ T5326] [ 84.829005][ T5326] ====================================================== [ 84.832215][ T5326] WARNING: possible circular locking dependency detected [ 84.835266][ T5326] syzkaller #0 Not tainted [ 84.837254][ T5326] ------------------------------------------------------ [ 84.840542][ T5326] syz.0.0/5326 is trying to acquire lock: [ 84.843303][ T5326] ffff8880427c8e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 84.847959][ T5326] [ 84.847959][ T5326] but task is already holding lock: [ 84.851589][ T5326] ffff8880346280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 84.857092][ T5326] [ 84.857092][ T5326] which lock already depends on the new lock. [ 84.857092][ T5326] [ 84.862465][ T5326] [ 84.862465][ T5326] the existing dependency chain (in reverse order) is: [ 84.867524][ T5326] [ 84.867524][ T5326] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 84.872654][ T5326] __mutex_lock+0x19f/0x1300 [ 84.875204][ T5326] hfsplus_find_init+0x168/0x2d0 [ 84.877468][ T5326] hfsplus_file_truncate+0x39b/0xc30 [ 84.880268][ T5326] hfsplus_setattr+0x1c4/0x270 [ 84.883462][ T5326] notify_change+0xc1a/0xf40 [ 84.887255][ T5326] do_truncate+0x1c2/0x250 [ 84.890142][ T5326] path_openat+0x2f89/0x3860 [ 84.893021][ T5326] do_file_open+0x23e/0x4a0 [ 84.895792][ T5326] do_sys_openat2+0x113/0x200 [ 84.898250][ T5326] __x64_sys_creat+0x8f/0xc0 [ 84.900841][ T5326] do_syscall_64+0x14d/0xf80 [ 84.903288][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.906160][ T5326] [ 84.906160][ T5326] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 84.910336][ T5326] __lock_acquire+0x15a5/0x2cf0 [ 84.913013][ T5326] lock_acquire+0xf0/0x2e0 [ 84.915217][ T5326] __mutex_lock+0x19f/0x1300 [ 84.917513][ T5326] hfsplus_file_extend+0x215/0x1d70 [ 84.920299][ T5326] hfsplus_bmap_reserve+0x125/0x510 [ 84.922860][ T5326] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 84.925717][ T5326] __hfsplus_ext_cache_extent+0x89/0xe30 [ 84.929054][ T5326] hfsplus_file_extend+0x4af/0x1d70 [ 84.932388][ T5326] hfsplus_get_block+0x42c/0x1670 [ 84.934960][ T5326] __block_write_begin_int+0x6c6/0x1910 [ 84.937709][ T5326] cont_write_begin+0x737/0xae0 [ 84.940134][ T5326] hfsplus_write_begin+0x66/0xb0 [ 84.942678][ T5326] generic_perform_write+0x2e2/0x8f0 [ 84.945813][ T5326] generic_file_write_iter+0x14a/0x680 [ 84.949013][ T5326] vfs_write+0x61d/0xb90 [ 84.951678][ T5326] ksys_write+0x150/0x270 [ 84.953804][ T5326] do_syscall_64+0x14d/0xf80 [ 84.956136][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.959008][ T5326] [ 84.959008][ T5326] other info that might help us debug this: [ 84.959008][ T5326] [ 84.964081][ T5326] Possible unsafe locking scenario: [ 84.964081][ T5326] [ 84.967533][ T5326] CPU0 CPU1 [ 84.970015][ T5326] ---- ---- [ 84.972494][ T5326] lock(&tree->tree_lock/1); [ 84.974956][ T5326] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.979243][ T5326] lock(&tree->tree_lock/1); [ 84.982224][ T5326] lock(&HFSPLUS_I(inode)->extents_lock); [ 84.984644][ T5326] [ 84.984644][ T5326] *** DEADLOCK *** [ 84.984644][ T5326] [ 84.988151][ T5326] 5 locks held by syz.0.0/5326: [ 84.991361][ T5326] #0: ffff88801ecf30f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 84.995671][ T5326] #1: ffff88801bb4a420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 84.999920][ T5326] #2: ffff888040a99738 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.005078][ T5326] #3: ffff888040a99548 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.010353][ T5326] #4: ffff8880346280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.015819][ T5326] [ 85.015819][ T5326] stack backtrace: [ 85.018650][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.018678][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.018691][ T5326] Call Trace: [ 85.018701][ T5326] [ 85.018708][ T5326] dump_stack_lvl+0xe8/0x150 [ 85.018737][ T5326] print_circular_bug+0x2e1/0x300 [ 85.018756][ T5326] check_noncircular+0x12e/0x150 [ 85.018778][ T5326] __lock_acquire+0x15a5/0x2cf0 [ 85.018794][ T5326] ? rcu_is_watching+0x15/0xb0 [ 85.018811][ T5326] ? lock_release+0x4b/0x3d0 [ 85.018824][ T5326] ? lock_release+0x4b/0x3d0 [ 85.018839][ T5326] lock_acquire+0xf0/0x2e0 [ 85.018853][ T5326] ? hfsplus_file_extend+0x215/0x1d70 [ 85.018866][ T5326] __mutex_lock+0x19f/0x1300 [ 85.018881][ T5326] ? hfsplus_file_extend+0x215/0x1d70 [ 85.018896][ T5326] ? stack_trace_save+0xa9/0x100 [ 85.018910][ T5326] ? __pfx_stack_trace_save+0x10/0x10 [ 85.018922][ T5326] ? hfsplus_file_extend+0x215/0x1d70 [ 85.018935][ T5326] ? __pfx___mutex_lock+0x10/0x10 [ 85.018952][ T5326] ? lockdep_unlock+0x5d/0xd0 [ 85.018965][ T5326] ? __lock_acquire+0x146e/0x2cf0 [ 85.018979][ T5326] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.018992][ T5326] hfsplus_file_extend+0x215/0x1d70 [ 85.019006][ T5326] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.019016][ T5326] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.019034][ T5326] ? rcu_is_watching+0x15/0xb0 [ 85.019048][ T5326] ? trace_contention_end+0x3d/0x150 [ 85.019060][ T5326] ? __asan_memset+0x22/0x50 [ 85.019076][ T5326] ? hfsplus_brec_find+0x19d/0x520 [ 85.019091][ T5326] hfsplus_bmap_reserve+0x125/0x510 [ 85.019108][ T5326] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.019120][ T5326] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.019133][ T5326] hfsplus_file_extend+0x4af/0x1d70 [ 85.019144][ T5326] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.019155][ T5326] ? percpu_ref_get_many+0x19/0x140 [ 85.019168][ T5326] ? percpu_ref_get_many+0x19/0x140 [ 85.019182][ T5326] ? rcu_is_watching+0x15/0xb0 [ 85.019197][ T5326] ? trace_kmem_cache_alloc+0x29/0xf0 [ 85.019214][ T5326] hfsplus_get_block+0x42c/0x1670 [ 85.019226][ T5326] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.019238][ T5326] ? do_raw_spin_unlock+0x4d/0x210 [ 85.019249][ T5326] ? _raw_spin_unlock+0x28/0x50 [ 85.019261][ T5326] __block_write_begin_int+0x6c6/0x1910 [ 85.019278][ T5326] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.019289][ T5326] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.019317][ T5326] cont_write_begin+0x737/0xae0 [ 85.019331][ T5326] ? irqentry_exit+0x59e/0x620 [ 85.019351][ T5326] ? __pfx_cont_write_begin+0x10/0x10 [ 85.019366][ T5326] hfsplus_write_begin+0x66/0xb0 [ 85.019381][ T5326] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.019391][ T5326] generic_perform_write+0x2e2/0x8f0 [ 85.019408][ T5326] ? __pfx_generic_perform_write+0x10/0x10 [ 85.019421][ T5326] ? file_update_time_flags+0x400/0x4a0 [ 85.019436][ T5326] ? __generic_file_write_iter+0xf9/0x230 [ 85.019449][ T5326] ? generic_file_write_iter+0x136/0x680 [ 85.019464][ T5326] generic_file_write_iter+0x14a/0x680 [ 85.019479][ T5326] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.019492][ T5326] ? add_lock_to_list+0xc7/0x100 [ 85.019508][ T5326] ? lockdep_unlock+0x5d/0xd0 [ 85.019520][ T5326] ? __lock_acquire+0x146e/0x2cf0 [ 85.019541][ T5326] vfs_write+0x61d/0xb90 [ 85.019555][ T5326] ? __pfx_vfs_write+0x10/0x10 [ 85.019566][ T5326] ? __fget_files+0x2a/0x420 [ 85.019584][ T5326] ksys_write+0x150/0x270 [ 85.019596][ T5326] ? __pfx_ksys_write+0x10/0x10 [ 85.019610][ T5326] do_syscall_64+0x14d/0xf80 [ 85.019627][ T5326] ? trace_irq_disable+0x3b/0x150 [ 85.019637][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.019649][ T5326] ? clear_bhb_loop+0x40/0x90 [ 85.019660][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.019673][ T5326] RIP: 0033:0x7f9e8af9c819 [ 85.019687][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.019697][ T5326] RSP: 002b:00007f9e8beb6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.019711][ T5326] RAX: ffffffffffffffda RBX: 00007f9e8b215fa0 RCX: 00007f9e8af9c819 [ 85.019720][ T5326] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 000000000000000b [ 85.019728][ T5326] RBP: 00007f9e8b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 85.019736][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.019744][ T5326] R13: 00007f9e8b216038 R14: 00007f9e8b215fa0 R15: 00007ffc99d03f98 [ 85.019756][ T5326] [ 85.290009][ T5327] netlink: 60 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.500706][ T54] hfsplus: b-tree write err: -5, ino 3 [ 86.352582][ T5304] Bluetooth: hci0: command tx timeout