program: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb") r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x4000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0xbb, 0x5}, 0x1, 0x86, 0xc, {0x9}, 0x81, 0xfff}) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}]) perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x6c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x800}, 0x0, 0x0, 0x0, 0x7, 0x6, 0x0, 0x1}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) truncate(&(0x7f0000000040)='./file1\x00', 0x1001bfc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x4000) io_destroy(r2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008d26200b704000000800000850000003300000085000000a000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) umount2(0x0, 0xeb70d1bec82ea6ae) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) [ 74.479962][ T5301] Bluetooth: hci0: command tx timeout [ 74.556186][ T5321] loop0: detected capacity change from 0 to 1024 [ 74.652263][ T5321] [ 74.653382][ T5321] ====================================================== [ 74.656526][ T5321] WARNING: possible circular locking dependency detected [ 74.659516][ T5321] syzkaller #0 Not tainted [ 74.661525][ T5321] ------------------------------------------------------ [ 74.664480][ T5321] syz.0.0/5321 is trying to acquire lock: [ 74.666990][ T5321] ffff8880478b88f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 74.671209][ T5321] [ 74.671209][ T5321] but task is already holding lock: [ 74.674382][ T5321] ffff8880478bf048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 74.679181][ T5321] [ 74.679181][ T5321] which lock already depends on the new lock. [ 74.679181][ T5321] [ 74.683743][ T5321] [ 74.683743][ T5321] the existing dependency chain (in reverse order) is: [ 74.687635][ T5321] [ 74.687635][ T5321] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 74.691665][ T5321] __mutex_lock+0x19f/0x1300 [ 74.694881][ T5321] hfsplus_get_block+0x39e/0x1670 [ 74.697399][ T5321] block_read_full_folio+0x29f/0x830 [ 74.700064][ T5321] filemap_read_folio+0x137/0x3b0 [ 74.702604][ T5321] do_read_cache_folio+0x358/0x590 [ 74.705142][ T5321] read_cache_page+0x5d/0x170 [ 74.707508][ T5321] hfsplus_block_allocate+0xf3/0xce0 [ 74.710064][ T5321] hfsplus_file_extend+0xb2d/0x1d70 [ 74.712583][ T5321] hfsplus_get_block+0x42c/0x1670 [ 74.715011][ T5321] __block_write_begin_int+0x6c6/0x1910 [ 74.717717][ T5321] cont_write_begin+0x737/0xae0 [ 74.720214][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.722687][ T5321] cont_write_begin+0x7cc/0xae0 [ 74.725106][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.727626][ T5321] generic_perform_write+0x2e2/0x8f0 [ 74.730312][ T5321] generic_file_write_iter+0x14a/0x680 [ 74.732986][ T5321] aio_write+0x5cd/0x870 [ 74.735121][ T5321] io_submit_one+0x7bb/0x14c0 [ 74.737364][ T5321] __se_sys_io_submit+0x195/0x340 [ 74.739832][ T5321] do_syscall_64+0xe2/0xf80 [ 74.742029][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.744871][ T5321] [ 74.744871][ T5321] -> #0 (&sbi->alloc_mutex){+.+.}-{4:4}: [ 74.748355][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 74.750784][ T5321] lock_acquire+0x106/0x330 [ 74.753001][ T5321] __mutex_lock+0x19f/0x1300 [ 74.755220][ T5321] hfsplus_block_allocate+0xa7/0xce0 [ 74.757823][ T5321] hfsplus_file_extend+0xb2d/0x1d70 [ 74.760373][ T5321] hfsplus_get_block+0x42c/0x1670 [ 74.762849][ T5321] __block_write_begin_int+0x6c6/0x1910 [ 74.765537][ T5321] cont_write_begin+0x737/0xae0 [ 74.767859][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.770307][ T5321] cont_write_begin+0x2e7/0xae0 [ 74.772663][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.775087][ T5321] generic_cont_expand_simple+0x146/0x210 [ 74.777893][ T5321] hfsplus_setattr+0x169/0x270 [ 74.780308][ T5321] notify_change+0xc1a/0xf40 [ 74.782541][ T5321] do_truncate+0x1c2/0x250 [ 74.784669][ T5321] vfs_truncate+0x4b4/0x540 [ 74.786829][ T5321] do_sys_truncate+0xf1/0x1c0 [ 74.789153][ T5321] __x64_sys_truncate+0x5b/0x70 [ 74.791595][ T5321] do_syscall_64+0xe2/0xf80 [ 74.793706][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.796542][ T5321] [ 74.796542][ T5321] other info that might help us debug this: [ 74.796542][ T5321] [ 74.801039][ T5321] Possible unsafe locking scenario: [ 74.801039][ T5321] [ 74.804287][ T5321] CPU0 CPU1 [ 74.806785][ T5321] ---- ---- [ 74.809179][ T5321] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.811822][ T5321] lock(&sbi->alloc_mutex); [ 74.814959][ T5321] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.818425][ T5321] lock(&sbi->alloc_mutex); [ 74.820409][ T5321] [ 74.820409][ T5321] *** DEADLOCK *** [ 74.820409][ T5321] [ 74.823810][ T5321] 3 locks held by syz.0.0/5321: [ 74.825875][ T5321] #0: ffff888037aac420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 74.829828][ T5321] #1: ffff8880478bf238 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 74.834247][ T5321] #2: ffff8880478bf048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 74.839127][ T5321] [ 74.839127][ T5321] stack backtrace: [ 74.841680][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.841697][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.841706][ T5321] Call Trace: [ 74.841714][ T5321] [ 74.841720][ T5321] dump_stack_lvl+0xe8/0x150 [ 74.841740][ T5321] print_circular_bug+0x2e1/0x300 [ 74.841756][ T5321] check_noncircular+0x12e/0x150 [ 74.841772][ T5321] __lock_acquire+0x15a5/0x2cf0 [ 74.841793][ T5321] ? add_lock_to_list+0xc7/0x100 [ 74.841806][ T5321] ? lockdep_unlock+0x5d/0xd0 [ 74.841822][ T5321] ? __lock_acquire+0x146e/0x2cf0 [ 74.841842][ T5321] ? hfsplus_block_allocate+0xa7/0xce0 [ 74.841858][ T5321] lock_acquire+0x106/0x330 [ 74.841876][ T5321] ? hfsplus_block_allocate+0xa7/0xce0 [ 74.841897][ T5321] __mutex_lock+0x19f/0x1300 [ 74.841938][ T5321] ? hfsplus_block_allocate+0xa7/0xce0 [ 74.841956][ T5321] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.841971][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.841985][ T5321] ? trace_contention_end+0x39/0x100 [ 74.842006][ T5321] ? hfsplus_block_allocate+0xa7/0xce0 [ 74.842022][ T5321] ? __mutex_lock+0x319/0x1300 [ 74.842035][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 74.842049][ T5321] ? hfsplus_file_extend+0x215/0x1d70 [ 74.842071][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 74.842085][ T5321] hfsplus_block_allocate+0xa7/0xce0 [ 74.842104][ T5321] ? __lock_acquire+0x6b5/0x2cf0 [ 74.842124][ T5321] hfsplus_file_extend+0xb2d/0x1d70 [ 74.842148][ T5321] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.842167][ T5321] ? unwind_next_frame+0xa5/0x23c0 [ 74.842183][ T5321] ? is_bpf_text_address+0x26/0x2b0 [ 74.842199][ T5321] ? __lock_acquire+0x6b5/0x2cf0 [ 74.842219][ T5321] hfsplus_get_block+0x42c/0x1670 [ 74.842240][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.842257][ T5321] ? folio_try_get+0x1c/0x340 [ 74.842275][ T5321] ? filemap_get_entry+0xca/0x320 [ 74.842295][ T5321] __block_write_begin_int+0x6c6/0x1910 [ 74.842316][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.842335][ T5321] ? __pfx___block_write_begin_int+0x10/0x10 [ 74.842351][ T5321] ? __kasan_check_byte+0x12/0x40 [ 74.842372][ T5321] cont_write_begin+0x737/0xae0 [ 74.842391][ T5321] ? __bfs+0x153/0x290 [ 74.842407][ T5321] ? __pfx_hlock_conflict+0x10/0x10 [ 74.842419][ T5321] ? __pfx_cont_write_begin+0x10/0x10 [ 74.842436][ T5321] ? check_path+0x21/0x40 [ 74.842447][ T5321] ? check_noncircular+0xda/0x150 [ 74.842460][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.842478][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.842497][ T5321] cont_write_begin+0x2e7/0xae0 [ 74.842517][ T5321] ? __pfx_cont_write_begin+0x10/0x10 [ 74.842536][ T5321] hfsplus_write_begin+0x66/0xb0 [ 74.842552][ T5321] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.842568][ T5321] generic_cont_expand_simple+0x146/0x210 [ 74.842581][ T5321] ? __pfx_inode_dio_wait+0x10/0x10 [ 74.842594][ T5321] ? __pfx_generic_cont_expand_simple+0x10/0x10 [ 74.842610][ T5321] ? setattr_prepare+0x1e6/0xac0 [ 74.842625][ T5321] ? __pfx_current_time+0x10/0x10 [ 74.842637][ T5321] hfsplus_setattr+0x169/0x270 [ 74.842654][ T5321] ? __pfx_hfsplus_setattr+0x10/0x10 [ 74.842669][ T5321] notify_change+0xc1a/0xf40 [ 74.842685][ T5321] do_truncate+0x1c2/0x250 [ 74.842700][ T5321] ? __pfx_do_truncate+0x10/0x10 [ 74.842713][ T5321] ? apparmor_path_truncate+0x245/0x2e0 [ 74.842782][ T5321] vfs_truncate+0x4b4/0x540 [ 74.842796][ T5321] ? lockdep_hardirqs_on+0x7a/0x110 [ 74.842809][ T5321] ? __pfx_vfs_truncate+0x10/0x10 [ 74.842824][ T5321] do_sys_truncate+0xf1/0x1c0 [ 74.842839][ T5321] ? __pfx_do_sys_truncate+0x10/0x10 [ 74.842853][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.842865][ T5321] __x64_sys_truncate+0x5b/0x70 [ 74.842880][ T5321] do_syscall_64+0xe2/0xf80 [ 74.842893][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.842903][ T5321] ? trace_irq_disable+0x37/0x100 [ 74.842916][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 74.842930][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.842941][ T5321] RIP: 0033:0x7f1694d9aeb9 [ 74.842954][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.842964][ T5321] RSP: 002b:00007f1695c0f028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 74.842979][ T5321] RAX: ffffffffffffffda RBX: 00007f1695015fa0 RCX: 00007f1694d9aeb9 [ 74.842987][ T5321] RDX: 0000000000000000 RSI: 0000000001001bfc RDI: 0000200000000040 [ 74.843002][ T5321] RBP: 00007f1694e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 74.843011][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.843018][ T5321] R13: 00007f1695016038 R14: 00007f1695015fa0 R15: 00007ffe40a76448 [ 74.843033][ T5321]