program: r0 = syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") open(&(0x7f0000000000)='./bus\x00', 0x5fd07e, 0x79) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000080)=0x3f) unlinkat(r1, &(0x7f00000001c0)='./file1\x00', 0x0) faccessat(r0, &(0x7f0000000180)='./file0\x00', 0x3a2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) [ 84.972116][ T45] Bluetooth: hci0: command tx timeout [ 85.076529][ T5330] loop0: detected capacity change from 0 to 1024 [ 85.186517][ T5330] [ 85.187877][ T5330] ====================================================== [ 85.191368][ T5330] WARNING: possible circular locking dependency detected [ 85.194258][ T5330] syzkaller #0 Not tainted [ 85.196341][ T5330] ------------------------------------------------------ [ 85.200379][ T5330] syz.0.0/5330 is trying to acquire lock: [ 85.203768][ T5330] ffff888042ac0e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.209520][ T5330] [ 85.209520][ T5330] but task is already holding lock: [ 85.212641][ T5330] ffff88801fb6e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.216842][ T5330] [ 85.216842][ T5330] which lock already depends on the new lock. [ 85.216842][ T5330] [ 85.221684][ T5330] [ 85.221684][ T5330] the existing dependency chain (in reverse order) is: [ 85.226095][ T5330] [ 85.226095][ T5330] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 85.229564][ T5330] __mutex_lock+0x19f/0x1300 [ 85.231525][ T5330] hfsplus_find_init+0x168/0x2d0 [ 85.233886][ T5330] hfsplus_file_truncate+0x39b/0xc30 [ 85.236613][ T5330] hfsplus_delete_inode+0x180/0x230 [ 85.240496][ T5330] hfsplus_unlink+0x4ee/0x930 [ 85.244276][ T5330] vfs_unlink+0x272/0x6c0 [ 85.246360][ T5330] filename_unlinkat+0x3cd/0x610 [ 85.248856][ T5330] __se_sys_unlinkat+0x83/0x1a0 [ 85.251281][ T5330] do_syscall_64+0x14d/0xf80 [ 85.253732][ T5330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.256467][ T5330] [ 85.256467][ T5330] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.261106][ T5330] __lock_acquire+0x15a5/0x2cf0 [ 85.263788][ T5330] lock_acquire+0xf0/0x2e0 [ 85.266501][ T5330] __mutex_lock+0x19f/0x1300 [ 85.268854][ T5330] hfsplus_file_extend+0x215/0x1d70 [ 85.271651][ T5330] hfsplus_bmap_reserve+0x125/0x510 [ 85.274293][ T5330] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.276865][ T5330] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.280700][ T5330] hfsplus_file_extend+0x4af/0x1d70 [ 85.283986][ T5330] hfsplus_get_block+0x42c/0x1670 [ 85.286494][ T5330] __block_write_begin_int+0x6c6/0x1910 [ 85.289340][ T5330] cont_write_begin+0x737/0xae0 [ 85.291556][ T5330] hfsplus_write_begin+0x66/0xb0 [ 85.294019][ T5330] generic_perform_write+0x2e2/0x8f0 [ 85.296848][ T5330] generic_file_write_iter+0x14a/0x680 [ 85.300432][ T5330] vfs_write+0x61d/0xb90 [ 85.302670][ T5330] ksys_write+0x150/0x270 [ 85.304971][ T5330] do_syscall_64+0x14d/0xf80 [ 85.307086][ T5330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.309910][ T5330] [ 85.309910][ T5330] other info that might help us debug this: [ 85.309910][ T5330] [ 85.315026][ T5330] Possible unsafe locking scenario: [ 85.315026][ T5330] [ 85.318539][ T5330] CPU0 CPU1 [ 85.320866][ T5330] ---- ---- [ 85.323285][ T5330] lock(&tree->tree_lock/1); [ 85.325380][ T5330] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.329525][ T5330] lock(&tree->tree_lock/1); [ 85.333201][ T5330] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.335844][ T5330] [ 85.335844][ T5330] *** DEADLOCK *** [ 85.335844][ T5330] [ 85.339491][ T5330] 5 locks held by syz.0.0/5330: [ 85.341677][ T5330] #0: ffff88801249cef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 85.345788][ T5330] #1: ffff88801f7fa420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.350272][ T5330] #2: ffff888042aeddf8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.355611][ T5330] #3: ffff888042aedc08 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.360035][ T5330] #4: ffff88801fb6e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.365354][ T5330] [ 85.365354][ T5330] stack backtrace: [ 85.368412][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.368436][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.368445][ T5330] Call Trace: [ 85.368454][ T5330] [ 85.368460][ T5330] dump_stack_lvl+0xe8/0x150 [ 85.368508][ T5330] print_circular_bug+0x2e1/0x300 [ 85.368532][ T5330] check_noncircular+0x12e/0x150 [ 85.368551][ T5330] __lock_acquire+0x15a5/0x2cf0 [ 85.368565][ T5330] ? rcu_is_watching+0x15/0xb0 [ 85.368580][ T5330] ? lock_release+0x4b/0x3d0 [ 85.368591][ T5330] ? lock_release+0x4b/0x3d0 [ 85.368606][ T5330] lock_acquire+0xf0/0x2e0 [ 85.368619][ T5330] ? hfsplus_file_extend+0x215/0x1d70 [ 85.368637][ T5330] __mutex_lock+0x19f/0x1300 [ 85.368653][ T5330] ? hfsplus_file_extend+0x215/0x1d70 [ 85.368672][ T5330] ? stack_trace_save+0xa9/0x100 [ 85.368685][ T5330] ? __pfx_stack_trace_save+0x10/0x10 [ 85.368698][ T5330] ? hfsplus_file_extend+0x215/0x1d70 [ 85.368716][ T5330] ? __pfx___mutex_lock+0x10/0x10 [ 85.368730][ T5330] ? lockdep_unlock+0x5d/0xd0 [ 85.368740][ T5330] ? __lock_acquire+0x146e/0x2cf0 [ 85.368753][ T5330] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.368769][ T5330] hfsplus_file_extend+0x215/0x1d70 [ 85.368788][ T5330] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.368803][ T5330] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.368820][ T5330] ? rcu_is_watching+0x15/0xb0 [ 85.368832][ T5330] ? trace_contention_end+0x3d/0x150 [ 85.368842][ T5330] ? __asan_memset+0x22/0x50 [ 85.368858][ T5330] ? hfsplus_brec_find+0x19d/0x520 [ 85.368872][ T5330] hfsplus_bmap_reserve+0x125/0x510 [ 85.368887][ T5330] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.368898][ T5330] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.368908][ T5330] hfsplus_file_extend+0x4af/0x1d70 [ 85.368925][ T5330] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.368935][ T5330] ? clean_bdev_aliases+0x62e/0x750 [ 85.368945][ T5330] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 85.368954][ T5330] hfsplus_get_block+0x42c/0x1670 [ 85.368968][ T5330] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.368982][ T5330] ? do_raw_spin_unlock+0x4d/0x210 [ 85.368993][ T5330] ? _raw_spin_unlock+0x28/0x50 [ 85.369009][ T5330] __block_write_begin_int+0x6c6/0x1910 [ 85.369023][ T5330] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.369039][ T5330] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.369052][ T5330] cont_write_begin+0x737/0xae0 [ 85.369063][ T5330] ? irqentry_exit+0x59e/0x620 [ 85.369076][ T5330] ? __pfx_cont_write_begin+0x10/0x10 [ 85.369089][ T5330] hfsplus_write_begin+0x66/0xb0 [ 85.369103][ T5330] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.369118][ T5330] generic_perform_write+0x2e2/0x8f0 [ 85.369133][ T5330] ? __pfx_generic_perform_write+0x10/0x10 [ 85.369144][ T5330] ? file_update_time_flags+0x400/0x4a0 [ 85.369160][ T5330] ? __generic_file_write_iter+0xf9/0x230 [ 85.369170][ T5330] ? generic_file_write_iter+0x136/0x680 [ 85.369181][ T5330] generic_file_write_iter+0x14a/0x680 [ 85.369193][ T5330] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.369205][ T5330] ? add_lock_to_list+0xc7/0x100 [ 85.369219][ T5330] ? lockdep_unlock+0x5d/0xd0 [ 85.369230][ T5330] ? __lock_acquire+0x146e/0x2cf0 [ 85.369251][ T5330] vfs_write+0x61d/0xb90 [ 85.369268][ T5330] ? __pfx_vfs_write+0x10/0x10 [ 85.369284][ T5330] ? __fget_files+0x2a/0x420 [ 85.369299][ T5330] ksys_write+0x150/0x270 [ 85.369309][ T5330] ? __pfx_ksys_write+0x10/0x10 [ 85.369326][ T5330] do_syscall_64+0x14d/0xf80 [ 85.369336][ T5330] ? trace_irq_disable+0x3b/0x150 [ 85.369347][ T5330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.369359][ T5330] ? clear_bhb_loop+0x40/0x90 [ 85.369374][ T5330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.369385][ T5330] RIP: 0033:0x7f3d2e79c799 [ 85.369398][ T5330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.369407][ T5330] RSP: 002b:00007f3d2f59efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.369421][ T5330] RAX: ffffffffffffffda RBX: 00007f3d2ea15fa0 RCX: 00007f3d2e79c799 [ 85.369430][ T5330] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000005 [ 85.369439][ T5330] RBP: 00007f3d2e832c99 R08: 0000000000000000 R09: 0000000000000000 [ 85.369446][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.369452][ T5330] R13: 00007f3d2ea16038 R14: 00007f3d2ea15fa0 R15: 00007fff5fa8b868 [ 85.369463][ T5330]