program: sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000300)={0x1c, 0x0, 0xb97534d5fe9700cf, 0x0, 0x0, {{0x12}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000600)='./bus\x00', 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) creat(&(0x7f0000000300)='./bus\x00', 0x4) (async) creat(&(0x7f0000000300)='./bus\x00', 0x4) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) (async) ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) [ 88.496963][ T45] Bluetooth: hci0: command tx timeout [ 88.633604][ T5324] loop0: detected capacity change from 0 to 64 [ 88.650383][ T5324] ======================================================= [ 88.650383][ T5324] WARNING: The mand mount option has been deprecated and [ 88.650383][ T5324] and is ignored by this kernel. Remove the mand [ 88.650383][ T5324] option from the mount to silence this warning. [ 88.650383][ T5324] ======================================================= [ 89.292276][ T5325] hfs: request for non-existent node 8 in B*Tree [ 89.295058][ T5325] hfs: request for non-existent node 8 in B*Tree [ 89.306498][ T5325] [ 89.307657][ T5325] ====================================================== [ 89.310427][ T5325] WARNING: possible circular locking dependency detected [ 89.313066][ T5325] syzkaller #0 Not tainted [ 89.314882][ T5325] ------------------------------------------------------ [ 89.317671][ T5325] syz.0.0/5325 is trying to acquire lock: [ 89.319952][ T5325] ffff88801f9500b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 89.324105][ T5325] [ 89.324105][ T5325] but task is already holding lock: [ 89.327152][ T5325] ffff888036a1c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 89.331827][ T5325] [ 89.331827][ T5325] which lock already depends on the new lock. [ 89.331827][ T5325] [ 89.336225][ T5325] [ 89.336225][ T5325] the existing dependency chain (in reverse order) is: [ 89.340037][ T5325] [ 89.340037][ T5325] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 89.344000][ T5325] __mutex_lock+0x19f/0x1300 [ 89.346940][ T5325] hfs_extend_file+0xf2/0x15e0 [ 89.349363][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.351570][ T5325] __hfs_ext_write_extent+0x1fa/0x470 [ 89.354025][ T5325] __hfs_ext_cache_extent+0x6b/0x9b0 [ 89.356558][ T5325] hfs_extend_file+0x39b/0x15e0 [ 89.358895][ T5325] hfs_get_block+0x412/0xc50 [ 89.361171][ T5325] __block_write_begin_int+0x6c6/0x1910 [ 89.363792][ T5325] cont_write_begin+0x737/0xae0 [ 89.366108][ T5325] hfs_write_begin+0x66/0xb0 [ 89.368452][ T5325] cont_write_begin+0x2e7/0xae0 [ 89.370809][ T5325] hfs_write_begin+0x66/0xb0 [ 89.373153][ T5325] generic_perform_write+0x2e2/0x8f0 [ 89.375655][ T5325] generic_file_write_iter+0x14a/0x680 [ 89.378144][ T5325] vfs_write+0x61d/0xb90 [ 89.380254][ T5325] __x64_sys_pwrite64+0x199/0x230 [ 89.382712][ T5325] do_syscall_64+0x14d/0xf80 [ 89.384942][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.387689][ T5325] [ 89.387689][ T5325] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 89.391014][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 89.393381][ T5325] lock_acquire+0xf0/0x2e0 [ 89.395564][ T5325] __mutex_lock+0x19f/0x1300 [ 89.397710][ T5325] hfs_find_init+0x18e/0x300 [ 89.399911][ T5325] hfs_extend_file+0x35c/0x15e0 [ 89.402240][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.404529][ T5325] hfs_cat_create+0x20f/0x800 [ 89.406723][ T5325] hfs_create+0x75/0xe0 [ 89.408749][ T5325] path_openat+0x1395/0x3860 [ 89.410933][ T5325] do_file_open+0x23e/0x4a0 [ 89.413110][ T5325] do_sys_openat2+0x113/0x200 [ 89.415213][ T5325] __x64_sys_creat+0x8f/0xc0 [ 89.417399][ T5325] do_syscall_64+0x14d/0xf80 [ 89.419633][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.422379][ T5325] [ 89.422379][ T5325] other info that might help us debug this: [ 89.422379][ T5325] [ 89.426741][ T5325] Possible unsafe locking scenario: [ 89.426741][ T5325] [ 89.429919][ T5325] CPU0 CPU1 [ 89.432106][ T5325] ---- ---- [ 89.434414][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 89.437063][ T5325] lock(&tree->tree_lock/1); [ 89.440174][ T5325] lock(&HFS_I(tree->inode)->extents_lock); [ 89.443709][ T5325] lock(&tree->tree_lock/1); [ 89.445740][ T5325] [ 89.445740][ T5325] *** DEADLOCK *** [ 89.445740][ T5325] [ 89.449199][ T5325] 4 locks held by syz.0.0/5325: [ 89.451267][ T5325] #0: ffff888011bec420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 89.455215][ T5325] #1: ffff888036a1bd20 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860 [ 89.459545][ T5325] #2: ffff88801f9260b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 89.463604][ T5325] #3: ffff888036a1c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 89.468349][ T5325] [ 89.468349][ T5325] stack backtrace: [ 89.470804][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.470819][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 89.470827][ T5325] Call Trace: [ 89.470835][ T5325] [ 89.470841][ T5325] dump_stack_lvl+0xe8/0x150 [ 89.470891][ T5325] print_circular_bug+0x2e1/0x300 [ 89.470910][ T5325] check_noncircular+0x12e/0x150 [ 89.470927][ T5325] __lock_acquire+0x15a5/0x2cf0 [ 89.470940][ T5325] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 89.470957][ T5325] ? kasan_save_track+0x4f/0x80 [ 89.470972][ T5325] ? kasan_save_track+0x3e/0x80 [ 89.470985][ T5325] ? __kasan_kmalloc+0x93/0xb0 [ 89.470998][ T5325] ? __kmalloc_noprof+0x35c/0x760 [ 89.471012][ T5325] ? hfs_find_init+0xaa/0x300 [ 89.471025][ T5325] ? hfs_extend_file+0x35c/0x15e0 [ 89.471034][ T5325] ? hfs_bmap_reserve+0x107/0x430 [ 89.471044][ T5325] lock_acquire+0xf0/0x2e0 [ 89.471055][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.471070][ T5325] __mutex_lock+0x19f/0x1300 [ 89.471086][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.471101][ T5325] ? hfs_find_init+0x18e/0x300 [ 89.471114][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 89.471130][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.471146][ T5325] ? __kmalloc_noprof+0x37d/0x760 [ 89.471161][ T5325] ? kasan_save_track+0x4f/0x80 [ 89.471176][ T5325] ? hfs_find_init+0xaa/0x300 [ 89.471197][ T5325] ? __kmalloc_noprof+0x1b8/0x760 [ 89.471212][ T5325] hfs_find_init+0x18e/0x300 [ 89.471226][ T5325] hfs_extend_file+0x35c/0x15e0 [ 89.471237][ T5325] ? __pfx_hfs_extend_file+0x10/0x10 [ 89.471252][ T5325] ? __mutex_lock+0x319/0x1300 [ 89.471271][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 89.471287][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.471304][ T5325] hfs_bmap_reserve+0x107/0x430 [ 89.471318][ T5325] hfs_cat_create+0x20f/0x800 [ 89.471330][ T5325] ? do_raw_spin_lock+0x12b/0x2f0 [ 89.471342][ T5325] ? __pfx_hfs_cat_create+0x10/0x10 [ 89.471356][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 89.471370][ T5325] ? hfs_new_inode+0x92d/0xc70 [ 89.471384][ T5325] hfs_create+0x75/0xe0 [ 89.471395][ T5325] ? __pfx_hfs_create+0x10/0x10 [ 89.471406][ T5325] path_openat+0x1395/0x3860 [ 89.471430][ T5325] ? __pfx_path_openat+0x10/0x10 [ 89.471444][ T5325] ? __x64_sys_creat+0x8f/0xc0 [ 89.471460][ T5325] ? __lock_acquire+0x6b5/0x2cf0 [ 89.471476][ T5325] do_file_open+0x23e/0x4a0 [ 89.471492][ T5325] ? __pfx_do_file_open+0x10/0x10 [ 89.471512][ T5325] ? _raw_spin_unlock+0x28/0x50 [ 89.471526][ T5325] ? alloc_fd+0x64b/0x6c0 [ 89.471542][ T5325] do_sys_openat2+0x113/0x200 [ 89.471555][ T5325] ? __se_sys_futex+0x3a8/0x450 [ 89.471570][ T5325] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.471585][ T5325] ? rcu_is_watching+0x15/0xb0 [ 89.471601][ T5325] __x64_sys_creat+0x8f/0xc0 [ 89.471615][ T5325] do_syscall_64+0x14d/0xf80 [ 89.471631][ T5325] ? trace_irq_disable+0x3b/0x150 [ 89.471648][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.471660][ T5325] ? clear_bhb_loop+0x40/0x90 [ 89.471674][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.471685][ T5325] RIP: 0033:0x7f6327b9c799 [ 89.471698][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.471708][ T5325] RSP: 002b:00007f6328b0e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 89.471721][ T5325] RAX: ffffffffffffffda RBX: 00007f6327e16090 RCX: 00007f6327b9c799 [ 89.471729][ T5325] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000300 [ 89.471736][ T5325] RBP: 00007f6327c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 89.471744][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.471750][ T5325] R13: 00007f6327e16128 R14: 00007f6327e16090 R15: 00007ffd58acdfd8 [ 89.471762][ T5325]