program: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x14) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000300)={r2, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @multicast1}]}, &(0x7f0000000340)=0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000cbc0)=[{{0x0, 0x0, &(0x7f0000001580)=[{0x0}], 0x1, 0x0, 0x0, 0x4000000}}], 0x1, 0x48000) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0xc, 0x1, 0x6, 0x10, 0xffffffff, 0x1000, 0x3, 0xc, r3}, &(0x7f00000000c0)=0x20) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r4 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r4) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r6, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x70000}]) [ 129.720171][ T5323] Bluetooth: hci0: command tx timeout [ 130.245913][ T5344] loop0: detected capacity change from 0 to 1024 [ 130.334784][ T24] audit: type=1800 audit(1774397610.400:2): pid=5344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 130.364492][ T5344] [ 130.365627][ T5344] ====================================================== [ 130.368708][ T5344] WARNING: possible circular locking dependency detected [ 130.372221][ T5344] syzkaller #0 Not tainted [ 130.374470][ T5344] ------------------------------------------------------ [ 130.377967][ T5344] syz.0.0/5344 is trying to acquire lock: [ 130.380553][ T5344] ffff888013044e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 130.385619][ T5344] [ 130.385619][ T5344] but task is already holding lock: [ 130.388762][ T5344] ffff8880001ae0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 130.393248][ T5344] [ 130.393248][ T5344] which lock already depends on the new lock. [ 130.393248][ T5344] [ 130.397560][ T5344] [ 130.397560][ T5344] the existing dependency chain (in reverse order) is: [ 130.401479][ T5344] [ 130.401479][ T5344] -> #1 (&tree->tree_lock/1){+.+.}-{4:4}: [ 130.404797][ T5344] __mutex_lock+0x19f/0x1300 [ 130.407019][ T5344] hfsplus_find_init+0x168/0x2d0 [ 130.409453][ T5344] hfsplus_get_block+0x91e/0x1670 [ 130.412172][ T5344] block_read_full_folio+0x29f/0x830 [ 130.414954][ T5344] read_pages+0x373/0x5a0 [ 130.417451][ T5344] page_cache_ra_unbounded+0x79c/0xa50 [ 130.420612][ T5344] page_cache_ra_order+0xaf2/0xeb0 [ 130.423096][ T5344] filemap_get_pages+0x4c0/0x1f10 [ 130.425396][ T5344] filemap_read+0x447/0x1230 [ 130.427654][ T5344] __kernel_read+0x504/0x9b0 [ 130.430140][ T5344] integrity_kernel_read+0x89/0xd0 [ 130.433421][ T5344] ima_calc_file_hash+0x12c3/0x17f0 [ 130.436616][ T5344] ima_collect_measurement+0x48b/0x930 [ 130.439296][ T5344] process_measurement+0x12cd/0x1c80 [ 130.441951][ T5344] ima_file_check+0xe1/0x130 [ 130.444171][ T5344] security_file_post_open+0xb3/0x260 [ 130.447051][ T5344] path_openat+0x2e4d/0x3860 [ 130.449775][ T5344] do_file_open+0x23e/0x4a0 [ 130.452591][ T5344] do_sys_openat2+0x113/0x200 [ 130.455074][ T5344] __x64_sys_open+0x11e/0x150 [ 130.457459][ T5344] do_syscall_64+0x14d/0xf80 [ 130.459876][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.462978][ T5344] [ 130.462978][ T5344] -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 130.467331][ T5344] __lock_acquire+0x15a5/0x2cf0 [ 130.469884][ T5344] lock_acquire+0xf0/0x2e0 [ 130.472388][ T5344] __mutex_lock+0x19f/0x1300 [ 130.475143][ T5344] hfsplus_file_extend+0x215/0x1d70 [ 130.477959][ T5344] hfsplus_bmap_reserve+0x125/0x510 [ 130.480568][ T5344] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 130.484297][ T5344] __hfsplus_ext_cache_extent+0x89/0xe30 [ 130.487291][ T5344] hfsplus_file_extend+0x4af/0x1d70 [ 130.490735][ T5344] hfsplus_get_block+0x42c/0x1670 [ 130.493382][ T5344] __block_write_begin_int+0x6c6/0x1910 [ 130.495953][ T5344] cont_write_begin+0x737/0xae0 [ 130.498290][ T5344] hfsplus_write_begin+0x66/0xb0 [ 130.500752][ T5344] generic_perform_write+0x2e2/0x8f0 [ 130.503719][ T5344] generic_file_write_iter+0x14a/0x680 [ 130.507237][ T5344] aio_write+0x5cd/0x870 [ 130.509659][ T5344] io_submit_one+0x7bb/0x14c0 [ 130.511747][ T5344] __se_sys_io_submit+0x195/0x340 [ 130.514066][ T5344] do_syscall_64+0x14d/0xf80 [ 130.516307][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.519037][ T5344] [ 130.519037][ T5344] other info that might help us debug this: [ 130.519037][ T5344] [ 130.523677][ T5344] Possible unsafe locking scenario: [ 130.523677][ T5344] [ 130.527993][ T5344] CPU0 CPU1 [ 130.530441][ T5344] ---- ---- [ 130.532541][ T5344] lock(&tree->tree_lock/1); [ 130.534453][ T5344] lock(&HFSPLUS_I(inode)->extents_lock); [ 130.537520][ T5344] lock(&tree->tree_lock/1); [ 130.540710][ T5344] lock(&HFSPLUS_I(inode)->extents_lock); [ 130.543950][ T5344] [ 130.543950][ T5344] *** DEADLOCK *** [ 130.543950][ T5344] [ 130.548464][ T5344] 3 locks held by syz.0.0/5344: [ 130.550759][ T5344] #0: ffff8880130a5df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 130.555417][ T5344] #1: ffff8880130a5c08 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 130.560200][ T5344] #2: ffff8880001ae0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 130.564826][ T5344] [ 130.564826][ T5344] stack backtrace: [ 130.567976][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 130.567993][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 130.568001][ T5344] Call Trace: [ 130.568008][ T5344] [ 130.568015][ T5344] dump_stack_lvl+0xe8/0x150 [ 130.568038][ T5344] print_circular_bug+0x2e1/0x300 [ 130.568061][ T5344] check_noncircular+0x12e/0x150 [ 130.568086][ T5344] __lock_acquire+0x15a5/0x2cf0 [ 130.568107][ T5344] ? rcu_is_watching+0x15/0xb0 [ 130.568126][ T5344] ? lock_release+0x4b/0x3d0 [ 130.568138][ T5344] ? lock_release+0x4b/0x3d0 [ 130.568150][ T5344] lock_acquire+0xf0/0x2e0 [ 130.568161][ T5344] ? hfsplus_file_extend+0x215/0x1d70 [ 130.568175][ T5344] __mutex_lock+0x19f/0x1300 [ 130.568187][ T5344] ? hfsplus_file_extend+0x215/0x1d70 [ 130.568199][ T5344] ? stack_trace_save+0xa9/0x100 [ 130.568207][ T5344] ? __pfx_stack_trace_save+0x10/0x10 [ 130.568215][ T5344] ? hfsplus_file_extend+0x215/0x1d70 [ 130.568228][ T5344] ? __pfx___mutex_lock+0x10/0x10 [ 130.568237][ T5344] ? lockdep_unlock+0x5d/0xd0 [ 130.568245][ T5344] ? __lock_acquire+0x146e/0x2cf0 [ 130.568256][ T5344] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 130.568271][ T5344] hfsplus_file_extend+0x215/0x1d70 [ 130.568298][ T5344] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 130.568322][ T5344] ? __pfx___mutex_trylock_common+0x10/0x10 [ 130.568344][ T5344] ? rcu_is_watching+0x15/0xb0 [ 130.568361][ T5344] ? trace_contention_end+0x3d/0x150 [ 130.568377][ T5344] ? __asan_memset+0x22/0x50 [ 130.568395][ T5344] ? hfsplus_brec_find+0x19d/0x520 [ 130.568410][ T5344] hfsplus_bmap_reserve+0x125/0x510 [ 130.568427][ T5344] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 130.568441][ T5344] __hfsplus_ext_cache_extent+0x89/0xe30 [ 130.568455][ T5344] hfsplus_file_extend+0x4af/0x1d70 [ 130.568476][ T5344] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 130.568495][ T5344] ? clean_bdev_aliases+0x62e/0x750 [ 130.568511][ T5344] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 130.568524][ T5344] hfsplus_get_block+0x42c/0x1670 [ 130.568546][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 130.568564][ T5344] ? do_raw_spin_unlock+0x4d/0x210 [ 130.568657][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 130.568714][ T5344] __block_write_begin_int+0x6c6/0x1910 [ 130.568748][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 130.568769][ T5344] ? __pfx___block_write_begin_int+0x10/0x10 [ 130.568781][ T5344] cont_write_begin+0x737/0xae0 [ 130.568793][ T5344] ? irqentry_exit+0x59e/0x620 [ 130.568808][ T5344] ? __pfx_cont_write_begin+0x10/0x10 [ 130.568822][ T5344] hfsplus_write_begin+0x66/0xb0 [ 130.568837][ T5344] ? __pfx_hfsplus_get_block+0x10/0x10 [ 130.568851][ T5344] generic_perform_write+0x2e2/0x8f0 [ 130.568868][ T5344] ? __pfx_generic_perform_write+0x10/0x10 [ 130.568881][ T5344] ? file_update_time_flags+0x219/0x4a0 [ 130.568898][ T5344] ? __generic_file_write_iter+0xf9/0x230 [ 130.568909][ T5344] ? generic_file_write_iter+0x136/0x680 [ 130.568921][ T5344] generic_file_write_iter+0x14a/0x680 [ 130.568935][ T5344] ? __pfx_generic_file_write_iter+0x10/0x10 [ 130.568945][ T5344] ? do_raw_spin_lock+0x12b/0x2f0 [ 130.568958][ T5344] ? __lock_acquire+0x6b5/0x2cf0 [ 130.568970][ T5344] ? lockdep_hardirqs_on+0x7a/0x110 [ 130.568988][ T5344] ? kasan_save_track+0x4f/0x80 [ 130.569007][ T5344] ? aio_write+0x547/0x870 [ 130.569018][ T5344] aio_write+0x5cd/0x870 [ 130.569029][ T5344] ? __pfx_aio_write+0x10/0x10 [ 130.569045][ T5344] io_submit_one+0x7bb/0x14c0 [ 130.569058][ T5344] ? irqentry_exit+0x59e/0x620 [ 130.569068][ T5344] ? trace_irq_disable+0x3b/0x150 [ 130.569079][ T5344] ? __pfx_io_submit_one+0x10/0x10 [ 130.569091][ T5344] ? __might_fault+0xaf/0x130 [ 130.569109][ T5344] __se_sys_io_submit+0x195/0x340 [ 130.569125][ T5344] ? __pfx___se_sys_io_submit+0x10/0x10 [ 130.569142][ T5344] do_syscall_64+0x14d/0xf80 [ 130.569158][ T5344] ? trace_irq_disable+0x3b/0x150 [ 130.569166][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.569177][ T5344] ? clear_bhb_loop+0x40/0x90 [ 130.569189][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.569201][ T5344] RIP: 0033:0x7f8f3239c799 [ 130.569218][ T5344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.569229][ T5344] RSP: 002b:00007f8f33266fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 130.569244][ T5344] RAX: ffffffffffffffda RBX: 00007f8f32615fa0 RCX: 00007f8f3239c799 [ 130.569252][ T5344] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f8f331fc000 [ 130.569258][ T5344] RBP: 00007f8f32432c99 R08: 0000000000000000 R09: 0000000000000000 [ 130.569265][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.569271][ T5344] R13: 00007f8f32616038 R14: 00007f8f32615fa0 R15: 00007fffffea8a28 [ 130.569280][ T5344]