program: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x9, 0x1, 0xb, 0x4, @vifc_lcl_addr=@multicast2, @private=0xa010101}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x70000}]) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000012008f35"], 0x20}, 0x1, 0x0, 0x0, 0x4081}, 0x4040800) recvmmsg(0xffffffffffffffff, &(0x7f0000005ac0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/220, 0xdc}, {&(0x7f00000028c0)=""/4137, 0x1029}, {&(0x7f0000000600)=""/113, 0x71}, {&(0x7f0000001780)=""/232, 0xe8}, {&(0x7f0000000500)=""/252, 0xe}, {&(0x7f0000000340)=""/259, 0x103}], 0x6}, 0x80000000}], 0x1, 0x40000002, 0x0) recvmmsg(r1, &(0x7f0000005840), 0x4000000000000ef, 0x20dc, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r4 = creat(&(0x7f0000001180)='./file1\x00', 0x0) quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000140)=0xfff, 0x4) [ 85.908840][ T4673] Bluetooth: hci0: command tx timeout [ 85.955035][ T5333] dvmrp9: entered allmulticast mode [ 86.008378][ T5333] loop0: detected capacity change from 0 to 1024 [ 86.107152][ T5333] [ 86.108354][ T5333] ====================================================== [ 86.111410][ T5333] WARNING: possible circular locking dependency detected [ 86.114505][ T5333] 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 Not tainted [ 86.117407][ T5333] ------------------------------------------------------ [ 86.120409][ T5333] syz.0.0/5333 is trying to acquire lock: [ 86.122806][ T5333] ffff88801158e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 86.127131][ T5333] [ 86.127131][ T5333] but task is already holding lock: [ 86.130251][ T5333] ffff888052f8f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 86.134575][ T5333] [ 86.134575][ T5333] which lock already depends on the new lock. [ 86.134575][ T5333] [ 86.138744][ T5333] [ 86.138744][ T5333] the existing dependency chain (in reverse order) is: [ 86.142732][ T5333] [ 86.142732][ T5333] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 86.147555][ T5333] lock_acquire+0x120/0x360 [ 86.150094][ T5333] __mutex_lock+0x182/0xe80 [ 86.152301][ T5333] hfsplus_file_extend+0x1fc/0x1990 [ 86.154860][ T5333] hfsplus_bmap_reserve+0x122/0x500 [ 86.157314][ T5333] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 86.159768][ T5333] __hfsplus_ext_cache_extent+0x89/0xe30 [ 86.162278][ T5333] hfsplus_file_extend+0x444/0x1990 [ 86.164427][ T5333] hfsplus_get_block+0x411/0x1530 [ 86.166150][ T5333] __block_write_begin_int+0x6b2/0x1900 [ 86.168341][ T5333] cont_write_begin+0x789/0xb50 [ 86.170545][ T5333] hfsplus_write_begin+0x66/0xb0 [ 86.172879][ T5333] generic_perform_write+0x2c7/0x910 [ 86.175511][ T5333] generic_file_write_iter+0x10f/0x540 [ 86.178216][ T5333] aio_write+0x535/0x7a0 [ 86.180190][ T5333] io_submit_one+0x78b/0x1310 [ 86.182233][ T5333] __se_sys_io_submit+0x185/0x2f0 [ 86.184580][ T5333] do_syscall_64+0xfa/0x3b0 [ 86.186734][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.189531][ T5333] [ 86.189531][ T5333] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 86.192878][ T5333] validate_chain+0xb9b/0x2140 [ 86.195120][ T5333] __lock_acquire+0xab9/0xd20 [ 86.197385][ T5333] lock_acquire+0x120/0x360 [ 86.199590][ T5333] __mutex_lock+0x182/0xe80 [ 86.201719][ T5333] hfsplus_find_init+0x15a/0x1d0 [ 86.204072][ T5333] hfsplus_file_truncate+0x383/0xb40 [ 86.206641][ T5333] hfsplus_setattr+0x1c4/0x270 [ 86.209092][ T5333] notify_change+0xb33/0xe40 [ 86.211352][ T5333] do_truncate+0x1a4/0x220 [ 86.213559][ T5333] path_openat+0x306c/0x3830 [ 86.215873][ T5333] do_filp_open+0x1fa/0x410 [ 86.218422][ T5333] do_sys_openat2+0x121/0x1c0 [ 86.221232][ T5333] __x64_sys_creat+0x8f/0xc0 [ 86.224057][ T5333] do_syscall_64+0xfa/0x3b0 [ 86.226871][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.230285][ T5333] [ 86.230285][ T5333] other info that might help us debug this: [ 86.230285][ T5333] [ 86.235469][ T5333] Possible unsafe locking scenario: [ 86.235469][ T5333] [ 86.239064][ T5333] CPU0 CPU1 [ 86.241573][ T5333] ---- ---- [ 86.244066][ T5333] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.246669][ T5333] lock(&tree->tree_lock/1); [ 86.249970][ T5333] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.253509][ T5333] lock(&tree->tree_lock/1); [ 86.255586][ T5333] [ 86.255586][ T5333] *** DEADLOCK *** [ 86.255586][ T5333] [ 86.259365][ T5333] 3 locks held by syz.0.0/5333: [ 86.261616][ T5333] #0: ffff88803eed6428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 86.265536][ T5333] #1: ffff888052f8f238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x171/0x220 [ 86.269979][ T5333] #2: ffff888052f8f048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x294/0xb40 [ 86.274978][ T5333] [ 86.274978][ T5333] stack backtrace: [ 86.277640][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) [ 86.277658][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.277666][ T5333] Call Trace: [ 86.277675][ T5333] [ 86.277681][ T5333] dump_stack_lvl+0x189/0x250 [ 86.277703][ T5333] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.277719][ T5333] ? __pfx__printk+0x10/0x10 [ 86.277753][ T5333] ? print_lock_name+0xde/0x100 [ 86.277766][ T5333] print_circular_bug+0x2ee/0x310 [ 86.277780][ T5333] check_noncircular+0x134/0x160 [ 86.277792][ T5333] validate_chain+0xb9b/0x2140 [ 86.277803][ T5333] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.277820][ T5333] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.277838][ T5333] __lock_acquire+0xab9/0xd20 [ 86.277852][ T5333] ? hfsplus_find_init+0x15a/0x1d0 [ 86.277868][ T5333] lock_acquire+0x120/0x360 [ 86.277880][ T5333] ? hfsplus_find_init+0x15a/0x1d0 [ 86.277898][ T5333] __mutex_lock+0x182/0xe80 [ 86.277912][ T5333] ? hfsplus_find_init+0x15a/0x1d0 [ 86.277928][ T5333] ? hfsplus_find_init+0x15a/0x1d0 [ 86.277944][ T5333] ? __pfx___mutex_lock+0x10/0x10 [ 86.277959][ T5333] ? rcu_is_watching+0x15/0xb0 [ 86.277976][ T5333] ? __kmalloc_noprof+0x29b/0x4f0 [ 86.277990][ T5333] ? hfsplus_find_init+0x8c/0x1d0 [ 86.278006][ T5333] hfsplus_find_init+0x15a/0x1d0 [ 86.278033][ T5333] hfsplus_file_truncate+0x383/0xb40 [ 86.278051][ T5333] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 86.278066][ T5333] ? unmap_mapping_range+0xde/0x170 [ 86.278083][ T5333] ? __pfx_unmap_mapping_range+0x10/0x10 [ 86.278098][ T5333] ? truncate_setsize+0xcf/0xf0 [ 86.278115][ T5333] hfsplus_setattr+0x1c4/0x270 [ 86.278128][ T5333] ? __pfx_hfsplus_setattr+0x10/0x10 [ 86.278140][ T5333] notify_change+0xb33/0xe40 [ 86.278158][ T5333] do_truncate+0x1a4/0x220 [ 86.278169][ T5333] ? __pfx_do_truncate+0x10/0x10 [ 86.278177][ T5333] ? apparmor_file_truncate+0x23e/0x2d0 [ 86.278193][ T5333] path_openat+0x306c/0x3830 [ 86.278209][ T5333] ? arch_stack_walk+0xfc/0x150 [ 86.278224][ T5333] ? __pfx_path_openat+0x10/0x10 [ 86.278239][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.278254][ T5333] do_filp_open+0x1fa/0x410 [ 86.278267][ T5333] ? __lock_acquire+0xab9/0xd20 [ 86.278281][ T5333] ? __pfx_do_filp_open+0x10/0x10 [ 86.278299][ T5333] ? _raw_spin_unlock+0x28/0x50 [ 86.278311][ T5333] ? alloc_fd+0x64c/0x6c0 [ 86.278325][ T5333] do_sys_openat2+0x121/0x1c0 [ 86.278339][ T5333] ? __pfx_do_sys_openat2+0x10/0x10 [ 86.278354][ T5333] ? rcu_is_watching+0x15/0xb0 [ 86.278371][ T5333] __x64_sys_creat+0x8f/0xc0 [ 86.278388][ T5333] do_syscall_64+0xfa/0x3b0 [ 86.278403][ T5333] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.278416][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.278426][ T5333] ? clear_bhb_loop+0x60/0xb0 [ 86.278437][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.278456][ T5333] RIP: 0033:0x7f7eae18e929 [ 86.278470][ T5333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.278480][ T5333] RSP: 002b:00007f7eaf031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 86.278493][ T5333] RAX: ffffffffffffffda RBX: 00007f7eae3b5fa0 RCX: 00007f7eae18e929 [ 86.278501][ T5333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000001180 [ 86.278509][ T5333] RBP: 00007f7eae210b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.278516][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.278523][ T5333] R13: 0000000000000000 R14: 00007f7eae3b5fa0 R15: 00007fff54b47068 [ 86.278539][ T5333]