program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) creat(&(0x7f0000000400)='./bus\x00', 0x108) (async) creat(&(0x7f0000000400)='./bus\x00', 0x108) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) socket(0x2a, 0x2, 0x0) (async) r2 = socket(0x2a, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1ff, 0x96, 0x3, 0x1000, 0x8001}, 0xb, 0x0, 0x1000, 0x2, 0x9, 0xc, 0xe, 0x10, 0x8, 0x4, {0x200, 0x826, 0xca48, 0xc5a, 0x10, 0xfff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x48000}, 0x4008000) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1ff, 0x96, 0x3, 0x1000, 0x8001}, 0xb, 0x0, 0x1000, 0x2, 0x9, 0xc, 0xe, 0x10, 0x8, 0x4, {0x200, 0x826, 0xca48, 0xc5a, 0x10, 0xfff}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x48000}, 0x4008000) syz_emit_ethernet(0x6a, &(0x7f0000000200)={@broadcast, @dev, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {0x0, 0x883e, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "99fb8ed729d334e560c270f10e92b9e930b9b202b0ae41fc", "410865133c1f6d8f12db11e226668ae25600d531758ee17fed1312bbe706f57e"}}}}}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x7}]}, 0x38}}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r4, 0x0) (async) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x10, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe2f, 0x0, 0x0, 0x0, 0x6}, [@alu={0x7, 0x1, 0xd, 0xd027187dc24705cc, 0x3, 0x40, 0xffffffffffffffff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @alu={0x4, 0x1, 0xb, 0x1, 0x9, 0xfffffffffffffff0, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3ff}]}, &(0x7f0000000180)='GPL\x00', 0x1000, 0x1000, &(0x7f00000017c0)=""/4096, 0x40f00, 0x20, '\x00', r3, 0x0, r4, 0x8, &(0x7f00000001c0)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x10, 0xe, 0x8}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000280)=[r0, r0], &(0x7f00000002c0)=[{0x3, 0x2, 0xe, 0xc}, {0x2, 0x3, 0x10, 0x6}, {0x5, 0x3, 0xd, 0x6}, {0x4, 0x4, 0xe, 0x7}], 0x10, 0x8}, 0x94) [ 85.740662][ T4668] Bluetooth: hci0: command tx timeout [ 85.883408][ T5323] loop0: detected capacity change from 0 to 1024 [ 85.945172][ T26] audit: type=1800 audit(1751500861.761:2): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 85.959750][ T5322] [ 85.960995][ T5322] ====================================================== [ 85.963993][ T5322] WARNING: possible circular locking dependency detected [ 85.967024][ T5322] 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 Not tainted [ 85.969847][ T5322] ------------------------------------------------------ [ 85.972710][ T5322] syz.0.0/5322 is trying to acquire lock: [ 85.975053][ T5322] ffff8880323120b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 85.979221][ T5322] [ 85.979221][ T5322] but task is already holding lock: [ 85.982571][ T5322] ffff888053207048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.987218][ T5322] [ 85.987218][ T5322] which lock already depends on the new lock. [ 85.987218][ T5322] [ 85.991608][ T5322] [ 85.991608][ T5322] the existing dependency chain (in reverse order) is: [ 85.995434][ T5322] [ 85.995434][ T5322] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.999683][ T5322] lock_acquire+0x120/0x360 [ 86.002022][ T5322] __mutex_lock+0x182/0xe80 [ 86.004183][ T5322] hfsplus_file_extend+0x1fc/0x1990 [ 86.006667][ T5322] hfsplus_bmap_reserve+0x122/0x500 [ 86.009083][ T5322] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 86.011680][ T5322] __hfsplus_ext_cache_extent+0x89/0xe30 [ 86.014455][ T5322] hfsplus_file_extend+0x444/0x1990 [ 86.017106][ T5322] hfsplus_get_block+0x411/0x1530 [ 86.019603][ T5322] __block_write_begin_int+0x6b2/0x1900 [ 86.022151][ T5322] cont_write_begin+0x789/0xb50 [ 86.024557][ T5322] hfsplus_write_begin+0x66/0xb0 [ 86.026954][ T5322] generic_perform_write+0x2c7/0x910 [ 86.029366][ T5322] generic_file_write_iter+0x10f/0x540 [ 86.031912][ T5322] aio_write+0x535/0x7a0 [ 86.034081][ T5322] io_submit_one+0x78b/0x1310 [ 86.036710][ T5322] __se_sys_io_submit+0x185/0x2f0 [ 86.039816][ T5322] do_syscall_64+0xfa/0x3b0 [ 86.041971][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.044629][ T5322] [ 86.044629][ T5322] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 86.047894][ T5322] validate_chain+0xb9b/0x2140 [ 86.050258][ T5322] __lock_acquire+0xab9/0xd20 [ 86.052561][ T5322] lock_acquire+0x120/0x360 [ 86.054951][ T5322] __mutex_lock+0x182/0xe80 [ 86.057610][ T5322] hfsplus_find_init+0x15a/0x1d0 [ 86.060178][ T5322] hfsplus_get_block+0x8dd/0x1530 [ 86.062550][ T5322] block_read_full_folio+0x29c/0x830 [ 86.065028][ T5322] read_pages+0x35d/0x580 [ 86.067150][ T5322] page_cache_ra_unbounded+0x6b0/0x7b0 [ 86.069779][ T5322] do_sync_mmap_readahead+0x4b5/0x5f0 [ 86.072355][ T5322] filemap_fault+0x62a/0x1200 [ 86.074624][ T5322] __do_fault+0x138/0x390 [ 86.076813][ T5322] __handle_mm_fault+0x37ed/0x5620 [ 86.079584][ T5322] handle_mm_fault+0x40a/0x8e0 [ 86.082072][ T5322] do_user_addr_fault+0xa81/0x1390 [ 86.084528][ T5322] exc_page_fault+0x76/0xf0 [ 86.086681][ T5322] asm_exc_page_fault+0x26/0x30 [ 86.088841][ T5322] [ 86.088841][ T5322] other info that might help us debug this: [ 86.088841][ T5322] [ 86.093151][ T5322] Possible unsafe locking scenario: [ 86.093151][ T5322] [ 86.096458][ T5322] CPU0 CPU1 [ 86.098931][ T5322] ---- ---- [ 86.100931][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.103539][ T5322] lock(&tree->tree_lock/1); [ 86.106841][ T5322] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.110802][ T5322] lock(&tree->tree_lock/1); [ 86.113269][ T5322] [ 86.113269][ T5322] *** DEADLOCK *** [ 86.113269][ T5322] [ 86.117220][ T5322] 2 locks held by syz.0.0/5322: [ 86.119449][ T5322] #0: ffff8880532073d8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0x129/0x7b0 [ 86.124326][ T5322] #1: ffff888053207048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 86.128793][ T5322] [ 86.128793][ T5322] stack backtrace: [ 86.131262][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 86.131273][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.131277][ T5322] Call Trace: [ 86.131282][ T5322] [ 86.131286][ T5322] dump_stack_lvl+0x189/0x250 [ 86.131299][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.131308][ T5322] ? __pfx__printk+0x10/0x10 [ 86.131321][ T5322] ? print_lock_name+0xde/0x100 [ 86.131327][ T5322] print_circular_bug+0x2ee/0x310 [ 86.131335][ T5322] check_noncircular+0x134/0x160 [ 86.131342][ T5322] validate_chain+0xb9b/0x2140 [ 86.131348][ T5322] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.131356][ T5322] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.131366][ T5322] __lock_acquire+0xab9/0xd20 [ 86.131376][ T5322] ? hfsplus_find_init+0x15a/0x1d0 [ 86.131385][ T5322] lock_acquire+0x120/0x360 [ 86.131393][ T5322] ? hfsplus_find_init+0x15a/0x1d0 [ 86.131407][ T5322] __mutex_lock+0x182/0xe80 [ 86.131420][ T5322] ? hfsplus_find_init+0x15a/0x1d0 [ 86.131435][ T5322] ? hfsplus_find_init+0x15a/0x1d0 [ 86.131448][ T5322] ? __pfx___mutex_lock+0x10/0x10 [ 86.131459][ T5322] ? rcu_is_watching+0x15/0xb0 [ 86.131471][ T5322] ? __kmalloc_noprof+0x29b/0x4f0 [ 86.131480][ T5322] ? hfsplus_find_init+0x8c/0x1d0 [ 86.131493][ T5322] hfsplus_find_init+0x15a/0x1d0 [ 86.131508][ T5322] hfsplus_get_block+0x8dd/0x1530 [ 86.131518][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.131525][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 86.131533][ T5322] block_read_full_folio+0x29c/0x830 [ 86.131543][ T5322] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.131550][ T5322] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.131556][ T5322] read_pages+0x35d/0x580 [ 86.131564][ T5322] ? __pfx_read_pages+0x10/0x10 [ 86.131570][ T5322] ? filemap_add_folio+0x1af/0x270 [ 86.131578][ T5322] page_cache_ra_unbounded+0x6b0/0x7b0 [ 86.131587][ T5322] do_sync_mmap_readahead+0x4b5/0x5f0 [ 86.131595][ T5322] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 86.131604][ T5322] ? count_memcg_event_mm+0x1d/0x250 [ 86.131611][ T5322] ? count_memcg_event_mm+0x1d/0x250 [ 86.131618][ T5322] filemap_fault+0x62a/0x1200 [ 86.131627][ T5322] ? __pfx_filemap_fault+0x10/0x10 [ 86.131634][ T5322] ? __pfx_filemap_map_pages+0x10/0x10 [ 86.131641][ T5322] ? __handle_mm_fault+0x296f/0x5620 [ 86.131652][ T5322] __do_fault+0x138/0x390 [ 86.131659][ T5322] __handle_mm_fault+0x37ed/0x5620 [ 86.131667][ T5322] ? __lock_acquire+0xab9/0xd20 [ 86.131677][ T5322] ? __pfx___handle_mm_fault+0x10/0x10 [ 86.131686][ T5322] ? lock_vma_under_rcu+0xf8/0x710 [ 86.131695][ T5322] ? lock_vma_under_rcu+0xf8/0x710 [ 86.131703][ T5322] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 86.131713][ T5322] handle_mm_fault+0x40a/0x8e0 [ 86.131727][ T5322] do_user_addr_fault+0xa81/0x1390 [ 86.131742][ T5322] ? rcu_is_watching+0x15/0xb0 [ 86.131751][ T5322] ? trace_page_fault_user+0x84/0x1e0 [ 86.131758][ T5322] exc_page_fault+0x76/0xf0 [ 86.131767][ T5322] asm_exc_page_fault+0x26/0x30 [ 86.131774][ T5322] RIP: 0033:0x7fe365654dd5 [ 86.131783][ T5322] Code: 83 f8 04 0f 84 d7 01 00 00 0f 87 a1 00 00 00 48 83 f8 01 75 4a 48 8b 44 24 20 48 0b 44 24 28 0f 84 9c 01 00 00 48 8b 44 24 10 <0f> b6 30 48 8b 44 24 08 48 85 c0 0f 84 3d 02 00 00 48 83 f8 01 0f [ 86.131788][ T5322] RSP: 002b:00007fff4c02a2e0 EFLAGS: 00010202 [ 86.131798][ T5322] RAX: 0000200000000101 RBX: 0000000004000001 RCX: 0000000000000000 [ 86.131804][ T5322] RDX: 67cc601e65c96f2f RSI: 0000000000000000 RDI: 00005555942ad3c8 [ 86.131810][ T5322] RBP: 00007fff4c02a3e8 R08: 0000000000000000 R09: 0000000000000004 [ 86.131815][ T5322] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fe3659b608c [ 86.131820][ T5322] R13: 00007fe3659b6080 R14: fffffffffffffffe R15: 00007fff4c02a430 [ 86.131830][ T5322] [ 86.294069][ T26] audit: type=1800 audit(1751500861.781:3): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 86.302375][ T26] audit: type=1800 audit(1751500861.781:4): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0