program: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4, 0x20000000}}, 0x2e) syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000cbd70100400000005000000080009000200000008000c00a80a0000e8000b000000000006000100070000000c0010000000000000000000c4b97ec1027d4b96245b4bcad37746859eb25ba6a7ea0ec78ccddc5646d87d19379d465164226de1ba067df7dc2d765b9b8f93eb254a7c5bd62d841777ed30d8e87d0061ac20d8acf549fc522ba59beed10114243e80b26edcb9c0e6050000001d31c96f2223f73587f7c1f21172a43187516f825212afcba1a5a2565b0c4bdbea8b6658b98ee8c984b44a2a3043612ddca69171698642"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x20) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r3 = creat(&(0x7f00000001c0)='./file1\x00', 0x31) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x70000}]) ioctl$CEC_G_MODE(r3, 0x80046108, &(0x7f0000000180)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f0000000680)) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000002, 0x13, r7, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, 0x0, 0xfffffffffffffffd], 0x0, 0x8340}) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, 0x0, 0x4}, 0x14}}, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='pids.events\x00', 0x275a, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4}, [@RTA_IP_PROTO={0x5, 0x1b, 0x3a}]}, 0x24}}, 0x4) write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b) bind$inet6(r3, &(0x7f0000000100)={0xa, 0xe22, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x81}, 0x1c) syz_emit_ethernet(0x50, &(0x7f0000000600)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa2a8100000086dd6001000000000000bbfe8000000000000000000000000000aa00000e2200169078020300000000000030b00afe4e7900"/80], 0x0) pidfd_getfd(r8, r1, 0x0) [ 92.944049][ T785] cfg80211: failed to load regulatory.db [ 93.151268][ T5344] loop0: detected capacity change from 0 to 1024 [ 93.168731][ T5318] Bluetooth: hci0: command tx timeout [ 93.356004][ T5344] [ 93.357074][ T5344] ====================================================== [ 93.360000][ T5344] WARNING: possible circular locking dependency detected [ 93.363237][ T5344] syzkaller #0 Not tainted [ 93.365299][ T5344] ------------------------------------------------------ [ 93.368438][ T5344] syz.0.0/5344 is trying to acquire lock: [ 93.371007][ T5344] ffff888037c68108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 93.375764][ T5344] [ 93.375764][ T5344] but task is already holding lock: [ 93.378827][ T5344] ffff8880420ee0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 93.382727][ T5344] [ 93.382727][ T5344] which lock already depends on the new lock. [ 93.382727][ T5344] [ 93.387091][ T5344] [ 93.387091][ T5344] the existing dependency chain (in reverse order) is: [ 93.390770][ T5344] [ 93.390770][ T5344] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 93.394249][ T5344] __mutex_lock+0x187/0x1350 [ 93.396309][ T5344] hfsplus_find_init+0x168/0x2d0 [ 93.398727][ T5344] hfsplus_file_truncate+0x387/0xc10 [ 93.401278][ T5344] hfsplus_setattr+0x1c4/0x270 [ 93.403496][ T5344] notify_change+0xc1a/0xf40 [ 93.405705][ T5344] do_truncate+0x1a4/0x220 [ 93.407699][ T5344] path_openat+0x359d/0x3dd0 [ 93.409955][ T5344] do_filp_open+0x1fa/0x410 [ 93.412157][ T5344] do_sys_openat2+0x121/0x200 [ 93.414357][ T5344] __x64_sys_creat+0x8f/0xc0 [ 93.416445][ T5344] do_syscall_64+0xfa/0xf80 [ 93.418589][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.421192][ T5344] [ 93.421192][ T5344] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 93.425063][ T5344] __lock_acquire+0x15a6/0x2cf0 [ 93.427763][ T5344] lock_acquire+0x117/0x340 [ 93.430547][ T5344] __mutex_lock+0x187/0x1350 [ 93.433126][ T5344] hfsplus_file_extend+0x1f8/0x1c30 [ 93.435874][ T5344] hfsplus_bmap_reserve+0x125/0x510 [ 93.438750][ T5344] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 93.441936][ T5344] __hfsplus_ext_cache_extent+0x89/0xe30 [ 93.444392][ T5344] hfsplus_file_extend+0x437/0x1c30 [ 93.446748][ T5344] hfsplus_get_block+0x40a/0x1600 [ 93.449069][ T5344] __block_write_begin_int+0x6b5/0x1900 [ 93.451855][ T5344] cont_write_begin+0x78c/0xb50 [ 93.454273][ T5344] hfsplus_write_begin+0x66/0xb0 [ 93.456667][ T5344] generic_perform_write+0x2c5/0x900 [ 93.459196][ T5344] generic_file_write_iter+0x117/0x550 [ 93.461797][ T5344] vfs_write+0x5c9/0xb30 [ 93.463870][ T5344] ksys_write+0x145/0x250 [ 93.466078][ T5344] do_syscall_64+0xfa/0xf80 [ 93.468265][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.471188][ T5344] [ 93.471188][ T5344] other info that might help us debug this: [ 93.471188][ T5344] [ 93.476469][ T5344] Possible unsafe locking scenario: [ 93.476469][ T5344] [ 93.480697][ T5344] CPU0 CPU1 [ 93.483724][ T5344] ---- ---- [ 93.486691][ T5344] lock(&tree->tree_lock/1); [ 93.489466][ T5344] lock(&HFSPLUS_I(inode)->extents_lock); [ 93.493366][ T5344] lock(&tree->tree_lock/1); [ 93.496821][ T5344] lock(&HFSPLUS_I(inode)->extents_lock); [ 93.499321][ T5344] [ 93.499321][ T5344] *** DEADLOCK *** [ 93.499321][ T5344] [ 93.502793][ T5344] 5 locks held by syz.0.0/5344: [ 93.504799][ T5344] #0: ffff88803360d478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 93.508569][ T5344] #1: ffff8880420ec420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xb30 [ 93.512443][ T5344] #2: ffff888037c6b238 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 93.517395][ T5344] #3: ffff888037c6b048 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 93.521931][ T5344] #4: ffff8880420ee0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 93.526115][ T5344] [ 93.526115][ T5344] stack backtrace: [ 93.528922][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 93.528938][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.528947][ T5344] Call Trace: [ 93.528955][ T5344] [ 93.528962][ T5344] dump_stack_lvl+0x189/0x250 [ 93.528991][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.529007][ T5344] ? __pfx__printk+0x10/0x10 [ 93.529024][ T5344] ? print_lock_name+0xde/0x100 [ 93.529041][ T5344] print_circular_bug+0x2e2/0x300 [ 93.529058][ T5344] check_noncircular+0x12e/0x150 [ 93.529074][ T5344] __lock_acquire+0x15a6/0x2cf0 [ 93.529087][ T5344] ? rcu_is_watching+0x15/0xb0 [ 93.529101][ T5344] ? __kasan_check_byte+0x12/0x40 [ 93.529117][ T5344] ? hfsplus_file_extend+0x1f8/0x1c30 [ 93.529131][ T5344] lock_acquire+0x117/0x340 [ 93.529143][ T5344] ? hfsplus_file_extend+0x1f8/0x1c30 [ 93.529159][ T5344] __mutex_lock+0x187/0x1350 [ 93.529174][ T5344] ? hfsplus_file_extend+0x1f8/0x1c30 [ 93.529189][ T5344] ? stack_trace_save+0x9c/0xe0 [ 93.529206][ T5344] ? __pfx_stack_trace_save+0x10/0x10 [ 93.529224][ T5344] ? hfsplus_file_extend+0x1f8/0x1c30 [ 93.529235][ T5344] ? check_noncircular+0xda/0x150 [ 93.529250][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 93.529263][ T5344] ? lockdep_unlock+0x89/0x120 [ 93.529277][ T5344] hfsplus_file_extend+0x1f8/0x1c30 [ 93.529291][ T5344] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 93.529301][ T5344] ? __pfx___mutex_trylock_common+0x10/0x10 [ 93.529314][ T5344] ? rcu_is_watching+0x15/0xb0 [ 93.529326][ T5344] ? trace_contention_end+0x39/0x100 [ 93.529340][ T5344] ? __asan_memset+0x22/0x50 [ 93.529353][ T5344] ? hfsplus_brec_find+0x1a9/0x510 [ 93.529369][ T5344] hfsplus_bmap_reserve+0x125/0x510 [ 93.529387][ T5344] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 93.529401][ T5344] __hfsplus_ext_cache_extent+0x89/0xe30 [ 93.529415][ T5344] hfsplus_file_extend+0x437/0x1c30 [ 93.529428][ T5344] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 93.529441][ T5344] ? clean_bdev_aliases+0x5c9/0x6b0 [ 93.529457][ T5344] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 93.529474][ T5344] hfsplus_get_block+0x40a/0x1600 [ 93.529488][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 93.529500][ T5344] ? do_raw_spin_unlock+0x4d/0x240 [ 93.529514][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 93.529525][ T5344] __block_write_begin_int+0x6b5/0x1900 [ 93.529540][ T5344] ? __pfx_workingset_update_node+0x10/0x10 [ 93.529554][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 93.529566][ T5344] ? __pfx___block_write_begin_int+0x10/0x10 [ 93.529580][ T5344] cont_write_begin+0x78c/0xb50 [ 93.529599][ T5344] ? __pfx_cont_write_begin+0x10/0x10 [ 93.529615][ T5344] ? __pfx___might_resched+0x10/0x10 [ 93.529628][ T5344] ? folio_unlock+0x101/0x160 [ 93.529644][ T5344] hfsplus_write_begin+0x66/0xb0 [ 93.529654][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 93.529666][ T5344] generic_perform_write+0x2c5/0x900 [ 93.529679][ T5344] ? __pfx_generic_perform_write+0x10/0x10 [ 93.529688][ T5344] ? file_update_time_flags+0x2cb/0x4e0 [ 93.529702][ T5344] ? __generic_file_write_iter+0xf9/0x230 [ 93.529711][ T5344] ? generic_file_write_iter+0x103/0x550 [ 93.529722][ T5344] generic_file_write_iter+0x117/0x550 [ 93.529732][ T5344] ? __pfx_generic_file_write_iter+0x10/0x10 [ 93.529742][ T5344] ? __lock_acquire+0x146f/0x2cf0 [ 93.529752][ T5344] ? __pfx_aa_file_perm+0x10/0x10 [ 93.529773][ T5344] ? rcu_read_lock_any_held+0xb3/0x120 [ 93.529787][ T5344] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 93.529805][ T5344] vfs_write+0x5c9/0xb30 [ 93.529820][ T5344] ? __pfx_generic_file_write_iter+0x10/0x10 [ 93.529829][ T5344] ? __pfx_vfs_write+0x10/0x10 [ 93.529845][ T5344] ? __fget_files+0x2a/0x420 [ 93.529858][ T5344] ksys_write+0x145/0x250 [ 93.529872][ T5344] ? __pfx_ksys_write+0x10/0x10 [ 93.529885][ T5344] ? do_syscall_64+0xbe/0xf80 [ 93.529897][ T5344] do_syscall_64+0xfa/0xf80 [ 93.529908][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.529918][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 93.529929][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.529940][ T5344] RIP: 0033:0x7f977cb8f7c9 [ 93.529950][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.529959][ T5344] RSP: 002b:00007f977db03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.529971][ T5344] RAX: ffffffffffffffda RBX: 00007f977cde5fa0 RCX: 00007f977cb8f7c9 [ 93.529987][ T5344] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 000000000000000d [ 93.529995][ T5344] RBP: 00007f977cc13f91 R08: 0000000000000000 R09: 0000000000000000 [ 93.530002][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.530009][ T5344] R13: 00007f977cde6038 R14: 00007f977cde5fa0 R15: 00007fff083a17a8 [ 93.530020][ T5344]