program: syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) syz_mount_image$udf(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x8000, &(0x7f0000000380)={[{@dmode={'dmode', 0x3d, 0x7fff}}, {@dmode={'dmode', 0x3d, 0x4}}, {@adinicb}, {@umask={'umask', 0x3d, 0xfe}}]}, 0x1, 0x4e8, &(0x7f0000000ac0)="$eJzs3M9vHFcdAPDvG3vdtQvUbUNqSiWMfIhp6sg/mjhgVGGSmFaqQGrqHhAScmI7WPWPyHaqpuJHuXHjhMSJC6pUIagqJCTUAyeE+AOQQBSJcEGCA/IJjqAZ7+yu7SU2rNeO489HSnZ29juz7432O++98bwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDii9emR8fScZcCADhKX77+yui49h8ATpVXjf8BAOC0SJHFvUjx9z9upXPF+23Vl5dW77w5e3Wm9Wa9qdiyq4jP/1XHxieev3hp8nL5ev/tD9sn4ivXX50evLK2cnt9YWNjYX5wdnXp5tr8woH30O72uz1bHIDBldfvzC8ubgyOX5jY8fGb/X995NGz/VOXRybOl7GzV2dmrjfFdFf+72/fwwiPVnoii59Hih9+7r00HBFZtJ8L+5w7Oq03uvP8Kyoxe3WmqMjy0tzqZv5hKhOhe2dO9JQ5cgS52JbhiJG8rD0ymvZVIovpSPGp2EqfiYiuMg/OF38Y3H8H3UdQyBbyck5GxItxAnIWHlCPRBa/jBQrj1Xj2eNLZ+AYdEcW34sU517YSueL/kDenubd5pdfG3xpdXGtKTalWot60scHR0nfhAdYNbIYLnr8W+m54y4McKR6I4vFSJH94o3iulIU16Ufm7o888LF5itMT+2znzz2QkRMHHBMXimvNebbZodbJwAAAAAAAAAAAHjYVVMWP40U3/pktXj/Yv0G+Xv/Lhxz+YAOSln8IFK89NpWMTW++bkUXU3P96g76XN/Olv+3uqVtdt315dufWOz5ed91ekbG5vrczdbfxy9UW3cF13Y7zkG0IZKyuJKpPjLe+82bsPvT/lvsDYVuKse+87nG7/N6u7fX3He+Nj282zKOQTXvjrUvNzyJ/s/zI/LvzOlLH4bKb50Y6AoS4q+2JMzsR13LY/78JlaXNaT16ic39y/vcfFpeWF0Tz295HiT38oY6OILScKPtmIHctjs0jx6V/tjO2rxZ5pxI6XZbjzs9axH2/ETuSxP44UA/ODZWxfHnumFnu2EXvh5tryfKtDCQAHlbf/r0SKv00NprJt7N5uf/a2/99sjAXe3r2j/9Lmt9v+9zete7vWrk9HisUPBmrl7CtK2qr9fy5S3HjnmbI+RdtbdiseL/5vtP8jkeLpf+yMrdZin2jEjh34wMIJkOf/1yLFu/98v54btRyovW1kbXP+P107OzTGDJ3J/8eb1vXXvrfncKoOp97G3bden1teXli3YMGChfrCcZ+ZgE7L+/8/ihRD3/+wPt6t9f8/sv2uMf7/17cb/f+p3TvqUP//iaZ1U7XRSCUfm2+u3K48FVHduPvWyNLK3K2FWwurE8+PXhybvPTZS5OVnnJw31hq+1jBwybP/z9Hiq//+if1v3ftHP+3vv7Xt3tHHcr/J5vW9e0Yr7RddTj18vz/aKT43Rvv13P6ftf/yut9w0Pbr/WH6XYo/880reuvfe+jh1N1AAAAAAAAAAAAOLEqKYvfRIrvDnWn8l67g9z/u+cBNB26/+9s07r5I5qv2PZBBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYI8ssliLFB98YSt9J18xEHGu+RV4aP0nAAD//5okKSs=") truncate(&(0x7f00000000c0)='./file0/file0\x00', 0x3db1) [ 86.867737][ T5302] Bluetooth: hci0: command tx timeout [ 86.974529][ T5323] loop0: detected capacity change from 0 to 1024 [ 87.086422][ T24] audit: type=1800 audit(1774647486.503:2): pid=5323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=0 res=0 errno=0 [ 87.161618][ T5323] Trying to write to read-only block-device loop0 [ 87.193608][ T5324] [ 87.195250][ T5324] ====================================================== [ 87.198621][ T5324] WARNING: possible circular locking dependency detected [ 87.201433][ T5324] syzkaller #0 Not tainted [ 87.203349][ T5324] ------------------------------------------------------ [ 87.206329][ T5324] syz.0.0/5324 is trying to acquire lock: [ 87.209087][ T5324] ffff88801f5360b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 87.214233][ T5324] [ 87.214233][ T5324] but task is already holding lock: [ 87.217406][ T5324] ffff888037821548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 87.222271][ T5324] [ 87.222271][ T5324] which lock already depends on the new lock. [ 87.222271][ T5324] [ 87.226930][ T5324] [ 87.226930][ T5324] the existing dependency chain (in reverse order) is: [ 87.231902][ T5324] [ 87.231902][ T5324] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 87.235859][ T5324] __mutex_lock+0x19f/0x1300 [ 87.238321][ T5324] hfsplus_file_extend+0x215/0x1d70 [ 87.241015][ T5324] hfsplus_bmap_reserve+0x125/0x510 [ 87.243699][ T5324] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 87.246751][ T5324] __hfsplus_ext_cache_extent+0x89/0xe30 [ 87.249699][ T5324] hfsplus_file_extend+0x4af/0x1d70 [ 87.252350][ T5324] hfsplus_get_block+0x42c/0x1670 [ 87.254803][ T5324] __block_write_begin_int+0x6c6/0x1910 [ 87.258107][ T5324] cont_write_begin+0x737/0xae0 [ 87.261427][ T5324] hfsplus_write_begin+0x66/0xb0 [ 87.263914][ T5324] generic_perform_write+0x2e2/0x8f0 [ 87.266491][ T5324] generic_file_write_iter+0x14a/0x680 [ 87.269180][ T5324] vfs_write+0x61d/0xb90 [ 87.271429][ T5324] ksys_write+0x150/0x270 [ 87.273723][ T5324] do_syscall_64+0x14d/0xf80 [ 87.275989][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.279113][ T5324] [ 87.279113][ T5324] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 87.282636][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 87.284738][ T5324] lock_acquire+0xf0/0x2e0 [ 87.286927][ T5324] __mutex_lock+0x19f/0x1300 [ 87.289292][ T5324] hfsplus_find_init+0x168/0x2d0 [ 87.291699][ T5324] hfsplus_file_truncate+0x39b/0xc30 [ 87.294491][ T5324] hfsplus_setattr+0x1c4/0x270 [ 87.297016][ T5324] notify_change+0xc1a/0xf40 [ 87.299284][ T5324] do_truncate+0x1c2/0x250 [ 87.301474][ T5324] vfs_truncate+0x4b4/0x540 [ 87.303626][ T5324] do_sys_truncate+0xf3/0x1c0 [ 87.305964][ T5324] __x64_sys_truncate+0x5b/0x70 [ 87.308729][ T5324] do_syscall_64+0x14d/0xf80 [ 87.311213][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.313979][ T5324] [ 87.313979][ T5324] other info that might help us debug this: [ 87.313979][ T5324] [ 87.318038][ T5324] Possible unsafe locking scenario: [ 87.318038][ T5324] [ 87.321422][ T5324] CPU0 CPU1 [ 87.324078][ T5324] ---- ---- [ 87.326574][ T5324] lock(&HFSPLUS_I(inode)->extents_lock); [ 87.328840][ T5324] lock(&tree->tree_lock/1); [ 87.331999][ T5324] lock(&HFSPLUS_I(inode)->extents_lock); [ 87.336093][ T5324] lock(&tree->tree_lock/1); [ 87.338496][ T5324] [ 87.338496][ T5324] *** DEADLOCK *** [ 87.338496][ T5324] [ 87.342477][ T5324] 3 locks held by syz.0.0/5324: [ 87.344655][ T5324] #0: ffff88801f5b0420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 87.349021][ T5324] #1: ffff888037821738 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: do_truncate+0x18f/0x250 [ 87.354078][ T5324] #2: ffff888037821548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30 [ 87.361224][ T5324] [ 87.361224][ T5324] stack backtrace: [ 87.364083][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.364103][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 87.364111][ T5324] Call Trace: [ 87.364121][ T5324] [ 87.364127][ T5324] dump_stack_lvl+0xe8/0x150 [ 87.364148][ T5324] print_circular_bug+0x2e1/0x300 [ 87.364171][ T5324] check_noncircular+0x12e/0x150 [ 87.364188][ T5324] __lock_acquire+0x15a5/0x2cf0 [ 87.364205][ T5324] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 87.364220][ T5324] ? kasan_save_track+0x4f/0x80 [ 87.364230][ T5324] ? kasan_save_track+0x3e/0x80 [ 87.364239][ T5324] ? __kasan_kmalloc+0x93/0xb0 [ 87.364250][ T5324] ? __kmalloc_noprof+0x35c/0x760 [ 87.364268][ T5324] ? hfsplus_find_init+0x8c/0x2d0 [ 87.364282][ T5324] ? hfsplus_file_truncate+0x39b/0xc30 [ 87.364292][ T5324] ? hfsplus_setattr+0x1c4/0x270 [ 87.364313][ T5324] lock_acquire+0xf0/0x2e0 [ 87.364328][ T5324] ? hfsplus_find_init+0x168/0x2d0 [ 87.364344][ T5324] __mutex_lock+0x19f/0x1300 [ 87.364358][ T5324] ? hfsplus_find_init+0x168/0x2d0 [ 87.364373][ T5324] ? hfsplus_find_init+0x168/0x2d0 [ 87.364387][ T5324] ? __pfx___mutex_lock+0x10/0x10 [ 87.364400][ T5324] ? rcu_is_watching+0x15/0xb0 [ 87.364417][ T5324] ? __kmalloc_noprof+0x37d/0x760 [ 87.364435][ T5324] ? hfsplus_find_init+0x8c/0x2d0 [ 87.364446][ T5324] ? __kmalloc_noprof+0x1b8/0x760 [ 87.364468][ T5324] hfsplus_find_init+0x168/0x2d0 [ 87.364482][ T5324] hfsplus_file_truncate+0x39b/0xc30 [ 87.364495][ T5324] ? __pfx___up_read+0x10/0x10 [ 87.364508][ T5324] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 87.364518][ T5324] ? unmap_mapping_range+0xe6/0x180 [ 87.364532][ T5324] ? __pfx_unmap_mapping_range+0x10/0x10 [ 87.364544][ T5324] ? setattr_prepare+0x232/0xb30 [ 87.364557][ T5324] ? truncate_setsize+0xcf/0xf0 [ 87.364573][ T5324] hfsplus_setattr+0x1c4/0x270 [ 87.364589][ T5324] ? __pfx_hfsplus_setattr+0x10/0x10 [ 87.364605][ T5324] notify_change+0xc1a/0xf40 [ 87.364620][ T5324] do_truncate+0x1c2/0x250 [ 87.364631][ T5324] ? __pfx_do_truncate+0x10/0x10 [ 87.364641][ T5324] ? apparmor_path_truncate+0x245/0x2e0 [ 87.364708][ T5324] vfs_truncate+0x4b4/0x540 [ 87.364722][ T5324] ? __pfx_vfs_truncate+0x10/0x10 [ 87.364734][ T5324] ? do_getname+0x151/0x250 [ 87.364748][ T5324] do_sys_truncate+0xf3/0x1c0 [ 87.364758][ T5324] ? __pfx_do_sys_truncate+0x10/0x10 [ 87.364769][ T5324] __x64_sys_truncate+0x5b/0x70 [ 87.364779][ T5324] do_syscall_64+0x14d/0xf80 [ 87.364792][ T5324] ? trace_irq_disable+0x3b/0x150 [ 87.364803][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.364813][ T5324] ? clear_bhb_loop+0x40/0x90 [ 87.364826][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.364837][ T5324] RIP: 0033:0x7f61e8f9c799 [ 87.364848][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.364855][ T5324] RSP: 002b:00007f61e9ddefe8 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 87.364864][ T5324] RAX: ffffffffffffffda RBX: 00007f61e9216090 RCX: 00007f61e8f9c799 [ 87.364869][ T5324] RDX: 0000000000000000 RSI: 0000000000003db1 RDI: 00002000000000c0 [ 87.364873][ T5324] RBP: 00007f61e9032c99 R08: 0000000000000000 R09: 0000000000000000 [ 87.364878][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.364882][ T5324] R13: 00007f61e9216128 R14: 00007f61e9216090 R15: 00007ffd40759508 [ 87.364889][ T5324]