program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x1a) io_setup(0x202, &(0x7f0000000200)=0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f000009dfc0)={0x0, 0x0, &(0x7f000009df80)={&(0x7f000009df40)={0x14, 0x1, 0x9, 0x101, 0x0, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4010) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) execve(&(0x7f0000000100)='./file1\x00', &(0x7f00000001c0)={[&(0x7f0000000140)='\x00', &(0x7f0000000180)='^,+\\^\x00']}, &(0x7f0000000340)={[&(0x7f0000000240)='hfsplus\x00', &(0x7f0000000280)='hfsplus\x00', &(0x7f00000002c0)='-!-:&\\\x00', &(0x7f0000000300)='hfsplus\x00']}) [ 68.758218][ T5301] Bluetooth: hci0: command tx timeout [ 68.823959][ T5322] loop0: detected capacity change from 0 to 1024 [ 68.888373][ T5322] [ 68.889345][ T5322] ====================================================== [ 68.892099][ T5322] WARNING: possible circular locking dependency detected [ 68.894861][ T5322] syzkaller #0 Not tainted [ 68.896755][ T5322] ------------------------------------------------------ [ 68.899707][ T5322] syz.0.0/5322 is trying to acquire lock: [ 68.902099][ T5322] ffff888034d540b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x290 [ 68.905893][ T5322] [ 68.905893][ T5322] but task is already holding lock: [ 68.909049][ T5322] ffff888050fe3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x15d0 [ 68.913566][ T5322] [ 68.913566][ T5322] which lock already depends on the new lock. [ 68.913566][ T5322] [ 68.917953][ T5322] [ 68.917953][ T5322] the existing dependency chain (in reverse order) is: [ 68.921790][ T5322] [ 68.921790][ T5322] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 68.925470][ T5322] lock_acquire+0x120/0x360 [ 68.927654][ T5322] __mutex_lock+0x187/0x1350 [ 68.929866][ T5322] hfsplus_file_extend+0x1f8/0x1ba0 [ 68.932351][ T5322] hfsplus_bmap_reserve+0x122/0x500 [ 68.934550][ T5322] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 68.936913][ T5322] __hfsplus_ext_cache_extent+0x89/0xe30 [ 68.939435][ T5322] hfsplus_file_extend+0x437/0x1ba0 [ 68.941745][ T5322] hfsplus_get_block+0x40a/0x15d0 [ 68.943864][ T5322] __block_write_begin_int+0x6b5/0x1900 [ 68.946315][ T5322] cont_write_begin+0x789/0xb50 [ 68.948425][ T5322] hfsplus_write_begin+0x66/0xb0 [ 68.950383][ T5322] generic_perform_write+0x2c5/0x900 [ 68.952796][ T5322] generic_file_write_iter+0x117/0x550 [ 68.955375][ T5322] aio_write+0x535/0x7a0 [ 68.957467][ T5322] io_submit_one+0x78b/0x1310 [ 68.959703][ T5322] __se_sys_io_submit+0x185/0x2f0 [ 68.961958][ T5322] do_syscall_64+0xfa/0xfa0 [ 68.964159][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.966916][ T5322] [ 68.966916][ T5322] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 68.970262][ T5322] validate_chain+0xb9b/0x2140 [ 68.972584][ T5322] __lock_acquire+0xab9/0xd20 [ 68.974915][ T5322] lock_acquire+0x120/0x360 [ 68.977142][ T5322] __mutex_lock+0x187/0x1350 [ 68.979467][ T5322] hfsplus_find_init+0x168/0x290 [ 68.981786][ T5322] hfsplus_get_block+0x8dc/0x15d0 [ 68.984171][ T5322] block_read_full_folio+0x29f/0x830 [ 68.986782][ T5322] read_pages+0x35d/0x580 [ 68.988950][ T5322] page_cache_ra_unbounded+0x75e/0x9a0 [ 68.991523][ T5322] filemap_get_pages+0x468/0x1de0 [ 68.993937][ T5322] filemap_read+0x3f6/0x11a0 [ 68.996149][ T5322] __kernel_read+0x4cf/0x960 [ 68.998361][ T5322] bprm_execve+0x8ce/0x1450 [ 69.000373][ T5322] do_execveat_common+0x510/0x6a0 [ 69.002344][ T5322] __x64_sys_execve+0x94/0xb0 [ 69.004348][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.006557][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.009187][ T5322] [ 69.009187][ T5322] other info that might help us debug this: [ 69.009187][ T5322] [ 69.013412][ T5322] Possible unsafe locking scenario: [ 69.013412][ T5322] [ 69.016497][ T5322] CPU0 CPU1 [ 69.018826][ T5322] ---- ---- [ 69.021058][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 69.023498][ T5322] lock(&tree->tree_lock/1); [ 69.026747][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 69.030868][ T5322] lock(&tree->tree_lock/1); [ 69.033115][ T5322] [ 69.033115][ T5322] *** DEADLOCK *** [ 69.033115][ T5322] [ 69.036612][ T5322] 3 locks held by syz.0.0/5322: [ 69.038757][ T5322] #0: ffff888000d238a0 (&sig->cred_guard_mutex){+.+.}-{4:4}, at: bprm_execve+0xb9/0x1450 [ 69.042992][ T5322] #1: ffff888050fe33d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x1df/0x9a0 [ 69.047749][ T5322] #2: ffff888050fe3048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x15d0 [ 69.052555][ T5322] [ 69.052555][ T5322] stack backtrace: [ 69.055050][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.055065][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.055073][ T5322] Call Trace: [ 69.055081][ T5322] [ 69.055086][ T5322] dump_stack_lvl+0x189/0x250 [ 69.055102][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.055113][ T5322] ? __pfx__printk+0x10/0x10 [ 69.055125][ T5322] ? print_lock_name+0xde/0x100 [ 69.055139][ T5322] print_circular_bug+0x2ee/0x310 [ 69.055158][ T5322] check_noncircular+0x134/0x160 [ 69.055177][ T5322] validate_chain+0xb9b/0x2140 [ 69.055192][ T5322] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 69.055207][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.055226][ T5322] __lock_acquire+0xab9/0xd20 [ 69.055241][ T5322] ? hfsplus_find_init+0x168/0x290 [ 69.055254][ T5322] lock_acquire+0x120/0x360 [ 69.055266][ T5322] ? hfsplus_find_init+0x168/0x290 [ 69.055279][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.055292][ T5322] __mutex_lock+0x187/0x1350 [ 69.055302][ T5322] ? hfsplus_find_init+0x168/0x290 [ 69.055316][ T5322] ? hfsplus_find_init+0x168/0x290 [ 69.055329][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 69.055341][ T5322] ? rcu_is_watching+0x15/0xb0 [ 69.055355][ T5322] ? trace_kmalloc+0x1f/0xd0 [ 69.055371][ T5322] ? __kmalloc_noprof+0x432/0x7f0 [ 69.055385][ T5322] ? hfsplus_find_init+0x8c/0x290 [ 69.055399][ T5322] hfsplus_find_init+0x168/0x290 [ 69.055412][ T5322] hfsplus_get_block+0x8dc/0x15d0 [ 69.055432][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.055447][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 69.055461][ T5322] block_read_full_folio+0x29f/0x830 [ 69.055475][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 69.055490][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 69.055503][ T5322] read_pages+0x35d/0x580 [ 69.055515][ T5322] ? __pfx_read_pages+0x10/0x10 [ 69.055526][ T5322] ? filemap_add_folio+0x35f/0x540 [ 69.055540][ T5322] page_cache_ra_unbounded+0x75e/0x9a0 [ 69.055555][ T5322] filemap_get_pages+0x468/0x1de0 [ 69.055572][ T5322] ? __pfx_filemap_get_pages+0x10/0x10 [ 69.055585][ T5322] ? __pfx___might_resched+0x10/0x10 [ 69.055599][ T5322] ? aa_put_buffer+0x1e5/0x440 [ 69.055612][ T5322] filemap_read+0x3f6/0x11a0 [ 69.055627][ T5322] ? __pfx_filemap_read+0x10/0x10 [ 69.055642][ T5322] ? generic_file_read_iter+0x8f/0x510 [ 69.055652][ T5322] ? __asan_memset+0x22/0x50 [ 69.055665][ T5322] ? iov_iter_kvec+0xb8/0x180 [ 69.055677][ T5322] __kernel_read+0x4cf/0x960 [ 69.055694][ T5322] ? __pfx___kernel_read+0x10/0x10 [ 69.055711][ T5322] ? rw_verify_area+0x2a6/0x4d0 [ 69.055726][ T5322] bprm_execve+0x8ce/0x1450 [ 69.055744][ T5322] ? __pfx_bprm_execve+0x10/0x10 [ 69.055761][ T5322] do_execveat_common+0x510/0x6a0 [ 69.055779][ T5322] __x64_sys_execve+0x94/0xb0 [ 69.055794][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.055803][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.055819][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.055829][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 69.055841][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.055860][ T5322] RIP: 0033:0x7f3165f8efc9 [ 69.055872][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.055881][ T5322] RSP: 002b:00007f3166ef9038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 69.055895][ T5322] RAX: ffffffffffffffda RBX: 00007f31661e5fa0 RCX: 00007f3165f8efc9 [ 69.055904][ T5322] RDX: 0000200000000340 RSI: 00002000000001c0 RDI: 0000200000000100 [ 69.055910][ T5322] RBP: 00007f3166011f91 R08: 0000000000000000 R09: 0000000000000000 [ 69.055916][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.055922][ T5322] R13: 00007f31661e6038 R14: 00007f31661e5fa0 R15: 00007fff63c549a8 [ 69.055933][ T5322]