program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) close_range(r2, r2, 0x0) io_setup(0x9, &(0x7f0000000240)=0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)='n', 0x1}], 0x1}, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) io_submit(r3, 0x1, &(0x7f0000000100)=[&(0x7f00000002c0)={0x400000, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000200)="05", 0x1}]) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) open(&(0x7f0000000100)='./file1\x00', 0x80, 0x4) [ 85.078387][ T4704] Bluetooth: hci0: command tx timeout [ 85.189969][ T5364] loop0: detected capacity change from 0 to 1024 [ 85.319311][ T5364] [ 85.320467][ T5364] ====================================================== [ 85.324003][ T5364] WARNING: possible circular locking dependency detected [ 85.327390][ T5364] 6.16.0-syzkaller-11241-g186f3edfdd41 #0 Not tainted [ 85.330366][ T5364] ------------------------------------------------------ [ 85.333450][ T5364] syz.0.0/5364 is trying to acquire lock: [ 85.335886][ T5364] ffff888032ac60b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 85.340664][ T5364] [ 85.340664][ T5364] but task is already holding lock: [ 85.343933][ T5364] ffff888052d43048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.348454][ T5364] [ 85.348454][ T5364] which lock already depends on the new lock. [ 85.348454][ T5364] [ 85.352769][ T5364] [ 85.352769][ T5364] the existing dependency chain (in reverse order) is: [ 85.357314][ T5364] [ 85.357314][ T5364] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.361818][ T5364] lock_acquire+0x120/0x360 [ 85.364324][ T5364] __mutex_lock+0x187/0x1360 [ 85.366961][ T5364] hfsplus_file_extend+0x1fc/0x1990 [ 85.369760][ T5364] hfsplus_bmap_reserve+0x122/0x500 [ 85.372297][ T5364] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.375172][ T5364] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.377868][ T5364] hfsplus_file_extend+0x444/0x1990 [ 85.380264][ T5364] hfsplus_get_block+0x411/0x1530 [ 85.382453][ T5364] __block_write_begin_int+0x6b2/0x1900 [ 85.385290][ T5364] cont_write_begin+0x789/0xb50 [ 85.388195][ T5364] hfsplus_write_begin+0x66/0xb0 [ 85.391273][ T5364] generic_perform_write+0x2c2/0x900 [ 85.394080][ T5364] generic_file_write_iter+0x117/0x550 [ 85.396565][ T5364] aio_write+0x532/0x7a0 [ 85.398547][ T5364] io_submit_one+0x78b/0x1310 [ 85.401008][ T5364] __se_sys_io_submit+0x185/0x2f0 [ 85.403465][ T5364] do_syscall_64+0xfa/0x3b0 [ 85.405950][ T5364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.409289][ T5364] [ 85.409289][ T5364] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 85.413676][ T5364] validate_chain+0xb9b/0x2140 [ 85.416055][ T5364] __lock_acquire+0xab9/0xd20 [ 85.418384][ T5364] lock_acquire+0x120/0x360 [ 85.420671][ T5364] __mutex_lock+0x187/0x1360 [ 85.422864][ T5364] hfsplus_find_init+0x15a/0x1d0 [ 85.425218][ T5364] hfsplus_get_block+0x8dd/0x1530 [ 85.427681][ T5364] block_read_full_folio+0x29c/0x830 [ 85.430473][ T5364] read_pages+0x35d/0x580 [ 85.432742][ T5364] page_cache_ra_unbounded+0x6b0/0x7b0 [ 85.435379][ T5364] filemap_get_pages+0x43c/0x1ea0 [ 85.437825][ T5364] filemap_read+0x3f6/0x11a0 [ 85.440131][ T5364] __kernel_read+0x46c/0x8c0 [ 85.442627][ T5364] integrity_kernel_read+0x89/0xd0 [ 85.445690][ T5364] ima_calc_file_hash+0x85e/0x16f0 [ 85.449095][ T5364] ima_collect_measurement+0x428/0x8e0 [ 85.452045][ T5364] process_measurement+0x1121/0x1a40 [ 85.455211][ T5364] ima_file_check+0xd7/0x120 [ 85.457830][ T5364] security_file_post_open+0xbb/0x290 [ 85.461088][ T5364] path_openat+0x2f26/0x3830 [ 85.463612][ T5364] do_filp_open+0x1fa/0x410 [ 85.466537][ T5364] do_sys_openat2+0x121/0x1c0 [ 85.468929][ T5364] __x64_sys_open+0x11e/0x150 [ 85.471239][ T5364] do_syscall_64+0xfa/0x3b0 [ 85.473692][ T5364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.476309][ T5364] [ 85.476309][ T5364] other info that might help us debug this: [ 85.476309][ T5364] [ 85.481797][ T5364] Possible unsafe locking scenario: [ 85.481797][ T5364] [ 85.485961][ T5364] CPU0 CPU1 [ 85.488233][ T5364] ---- ---- [ 85.490476][ T5364] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.492983][ T5364] lock(&tree->tree_lock/1); [ 85.496184][ T5364] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.499831][ T5364] lock(&tree->tree_lock/1); [ 85.502318][ T5364] [ 85.502318][ T5364] *** DEADLOCK *** [ 85.502318][ T5364] [ 85.507617][ T5364] 3 locks held by syz.0.0/5364: [ 85.509674][ T5364] #0: ffff8880426f95b8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x74b/0x1a40 [ 85.514321][ T5364] #1: ffff888052d433d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x129/0x7b0 [ 85.519079][ T5364] #2: ffff888052d43048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.524065][ T5364] [ 85.524065][ T5364] stack backtrace: [ 85.527247][ T5364] CPU: 0 UID: 0 PID: 5364 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 85.527269][ T5364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.527276][ T5364] Call Trace: [ 85.527285][ T5364] [ 85.527292][ T5364] dump_stack_lvl+0x189/0x250 [ 85.527313][ T5364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.527327][ T5364] ? __pfx__printk+0x10/0x10 [ 85.527344][ T5364] ? print_lock_name+0xde/0x100 [ 85.527360][ T5364] print_circular_bug+0x2ee/0x310 [ 85.527373][ T5364] check_noncircular+0x134/0x160 [ 85.527387][ T5364] validate_chain+0xb9b/0x2140 [ 85.527399][ T5364] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 85.527416][ T5364] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.527435][ T5364] __lock_acquire+0xab9/0xd20 [ 85.527453][ T5364] ? hfsplus_find_init+0x15a/0x1d0 [ 85.527468][ T5364] lock_acquire+0x120/0x360 [ 85.527482][ T5364] ? hfsplus_find_init+0x15a/0x1d0 [ 85.527504][ T5364] ? ima_collect_measurement+0x428/0x8e0 [ 85.527526][ T5364] ? ima_file_check+0xd7/0x120 [ 85.527539][ T5364] ? path_openat+0x2f26/0x3830 [ 85.527552][ T5364] __mutex_lock+0x187/0x1360 [ 85.527562][ T5364] ? hfsplus_find_init+0x15a/0x1d0 [ 85.527580][ T5364] ? hfsplus_find_init+0x15a/0x1d0 [ 85.527596][ T5364] ? __pfx___mutex_lock+0x10/0x10 [ 85.527610][ T5364] ? rcu_is_watching+0x15/0xb0 [ 85.527624][ T5364] ? __kmalloc_noprof+0x29b/0x4f0 [ 85.527637][ T5364] ? hfsplus_find_init+0x8c/0x1d0 [ 85.527647][ T5364] hfsplus_find_init+0x15a/0x1d0 [ 85.527661][ T5364] hfsplus_get_block+0x8dd/0x1530 [ 85.527670][ T5364] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.527692][ T5364] ? _raw_spin_unlock+0x28/0x50 [ 85.527708][ T5364] block_read_full_folio+0x29c/0x830 [ 85.527720][ T5364] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.527730][ T5364] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.527744][ T5364] read_pages+0x35d/0x580 [ 85.527761][ T5364] ? __pfx_read_pages+0x10/0x10 [ 85.527775][ T5364] ? filemap_add_folio+0x1af/0x270 [ 85.527789][ T5364] page_cache_ra_unbounded+0x6b0/0x7b0 [ 85.527807][ T5364] filemap_get_pages+0x43c/0x1ea0 [ 85.527822][ T5364] ? arch_stack_walk+0xfc/0x150 [ 85.527838][ T5364] ? __pfx_filemap_get_pages+0x10/0x10 [ 85.527852][ T5364] ? __lock_acquire+0xab9/0xd20 [ 85.527870][ T5364] ? __pfx___might_resched+0x10/0x10 [ 85.527885][ T5364] filemap_read+0x3f6/0x11a0 [ 85.527900][ T5364] ? do_raw_spin_lock+0x121/0x290 [ 85.527917][ T5364] ? __pfx_filemap_read+0x10/0x10 [ 85.527936][ T5364] ? kasan_save_track+0x3e/0x80 [ 85.527947][ T5364] ? generic_file_read_iter+0x8f/0x510 [ 85.527961][ T5364] ? __asan_memset+0x22/0x50 [ 85.527970][ T5364] ? iov_iter_kvec+0xb8/0x180 [ 85.527987][ T5364] __kernel_read+0x46c/0x8c0 [ 85.528001][ T5364] ? __pfx___kernel_read+0x10/0x10 [ 85.528018][ T5364] integrity_kernel_read+0x89/0xd0 [ 85.528030][ T5364] ? __pfx_integrity_kernel_read+0x10/0x10 [ 85.528041][ T5364] ? __kasan_kmalloc+0x93/0xb0 [ 85.528054][ T5364] ? ima_calc_file_hash+0x820/0x16f0 [ 85.528069][ T5364] ima_calc_file_hash+0x85e/0x16f0 [ 85.528086][ T5364] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 85.528108][ T5364] ? stack_depot_save_flags+0x429/0x900 [ 85.528126][ T5364] ? make_vfsgid+0x49/0xa0 [ 85.528136][ T5364] ? generic_fillattr+0x63d/0x9a0 [ 85.528153][ T5364] ? hfsplus_getattr+0x235/0x2f0 [ 85.528169][ T5364] ima_collect_measurement+0x428/0x8e0 [ 85.528179][ T5364] ? __pfx_ima_collect_measurement+0x10/0x10 [ 85.528190][ T5364] ? kasan_quarantine_put+0xdd/0x220 [ 85.528199][ T5364] ? hfsplus_getxattr+0x118/0x180 [ 85.528218][ T5364] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 85.528230][ T5364] process_measurement+0x1121/0x1a40 [ 85.528247][ T5364] ? __pfx_process_measurement+0x10/0x10 [ 85.528258][ T5364] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 85.528270][ T5364] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 85.528291][ T5364] ? __pfx_apparmor_file_open+0x10/0x10 [ 85.528311][ T5364] ? tomoyo_file_open+0x165/0x220 [ 85.528328][ T5364] ? end_current_label_crit_section+0x152/0x180 [ 85.528339][ T5364] ima_file_check+0xd7/0x120 [ 85.528348][ T5364] ? __pfx_ima_file_check+0x10/0x10 [ 85.528358][ T5364] security_file_post_open+0xbb/0x290 [ 85.528370][ T5364] path_openat+0x2f26/0x3830 [ 85.528389][ T5364] ? __pfx_path_openat+0x10/0x10 [ 85.528399][ T5364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.528418][ T5364] do_filp_open+0x1fa/0x410 [ 85.528429][ T5364] ? __lock_acquire+0xab9/0xd20 [ 85.528446][ T5364] ? __pfx_do_filp_open+0x10/0x10 [ 85.528461][ T5364] ? _raw_spin_unlock+0x28/0x50 [ 85.528476][ T5364] ? alloc_fd+0x64c/0x6c0 [ 85.528490][ T5364] do_sys_openat2+0x121/0x1c0 [ 85.528507][ T5364] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.528525][ T5364] ? rcu_is_watching+0x15/0xb0 [ 85.528537][ T5364] __x64_sys_open+0x11e/0x150 [ 85.528555][ T5364] do_syscall_64+0xfa/0x3b0 [ 85.528564][ T5364] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.528575][ T5364] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.528581][ T5364] ? clear_bhb_loop+0x60/0xb0 [ 85.528593][ T5364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.528604][ T5364] RIP: 0033:0x7f0682b8eb69 [ 85.528617][ T5364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.528626][ T5364] RSP: 002b:00007f0683a75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 85.528642][ T5364] RAX: ffffffffffffffda RBX: 00007f0682db5fa0 RCX: 00007f0682b8eb69 [ 85.528653][ T5364] RDX: 0000000000000004 RSI: 0000000000000080 RDI: 0000200000000100 [ 85.528661][ T5364] RBP: 00007f0682c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 85.528668][ T5364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.528684][ T5364] R13: 0000000000000000 R14: 00007f0682db5fa0 R15: 00007fff6e1273e8 [ 85.528698][ T5364] [ 85.812415][ T25] audit: type=1800 audit(1754205638.028:2): pid=5364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0