program: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x7, 0x7fe0, 0x8}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0xb, 0x6, 0x9, 0x0, r0, 0x100}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1, 0xd}, 0x50) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000000c0)='./bus\x00', 0x50, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRESOCT=0x0, @ANYRES32=0x0, @ANYRESHEX, @ANYRES8=r1, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRESHEX=0x0, @ANYRES32], 0x1, 0x641, &(0x7f0000000f00)="$eJzs3c1rHOcdB/DvrNay1gFXaWzHLYGYGNJSUVsvKK16qVtKUSGUkBZ6FraMhddOKilFCaVR3+i1h/wB6UG3ngq9FAqG9NzectUxUOglJ/e0ZWZnVytbEitL8krN52Nmn2fmmXnm9/x2XnZXmAnwhbU4leajFFmcenOjnN/emmtvb8096NWTnE/SSJrdIsXDpPgkuZXulK+UC+vuiv3289HKwtuffr79WXeuWU/V+hePPorNesq1JGN1eVz93T5yf0U/M2XCrvcSB6N2Lklnl59f2Wk52IUDznfg7Ci6982+Tn1mT1aneSbqzwHdu2L3g8CZtjnqAAAAAOCk/bRX8fMdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEb9/P/qgYAT/UUprqXoPf9/fOCBgeMjDPVgQ0b2qHHSgQAAAAAAAADACSq6f8N/9XEeZyMXe4s7RRpJXqtmLlWvL+S9rGU5q7mRjSxlPetZzUySyYH+xjeW1tdXZ4bYcnbPLWeHjLt15JEDAAAAAAAAwP+j32Rx5+//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwGhTJWLeopku9+mQazSQTScbL9TaTf/XqZ9mjUQcAAAAAz8GXHudxNnKxN98pqu/8V6rv/RN5Lw+znpWsp53l3EmRtLrf+hvbW3Pt7a25B+X0dL/f+8+hwqh6TPe3h733fLVao5W7WamW3MjtvJN27qRRbVm62otn77h+XcZUfLc2ZGR36rJI8se6PHljQ6wzWWXkXD8j03VsZTZePDgTu9+dzcPuaSaN/i8/l04g5xfqskhe+NFzy/kw6ky8mjoTswNH35WDM5F87a9//tm99sP79+6uTZ2eIR3C+U6n06s/eUzMDWTi5bOYieazbjhdZeJyf34xP8xPMpVreSurWckvspT1LOdaflDVlurjuXydPDhTt3bNvVW9tvaPZLx+X7pXj8PF9Fq5bdE71e5kOW9U/2Yzk29lPvNZGHiHLw9x1jcOd9Zf/3p9opcD/MOugRbP/N4cjzKvL9Z5/TDZdc2drNoGl+xkKUWO+9rY/GpdKffx27o8HZ7MxMxAJl46+Hj5U3VZWWs/vL96b+ndIff3el2WB83vT9Vdojxevty/pOw+Osq2l/Zsm6naLvXbGk+1Xe63TeZiVvLjvLPPmTpef4Z7uqfZqu3lPdvmqrarA217fd4C4NS78I0L461/t/7Z+rj1u9a91psT3z//7fOvjOfcP859pzk99nrjleIv+Ti/2vn+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLu19z+4v9RuL68+Uel0Oh/u0/SslbEcZqu//+049957HtExDmeg0ul0OkfsZ+IwK3dOZBQnWvlvp9M5lg43Dzhoj63SqZ2K1I2oMuILE3Dibq4/ePfm2vsffHOld4ucn1+YXph/Y+7m3ZX28nT3dcRBAidi56Y/6kgAAAAAAAAAAACAYT2P/04w6jECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ9viVJqPUmRm+sZ0Ob+9Ndcup159rL9mM0kjSfHLpPgkuZXulMmB7or99vPRysLbn36+/dlOX83e+o2DthvOZj3lWpKxujyu/m4fub+iP8IyYdd7iYNR+18AAAD//0yYDqo=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000001880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0xcc}}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="6c00000002060101000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a3100000000200007800500030017d400000c0001800800014000000000080006400000000405000500020000000500010006"], 0x6c}}, 0x40000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x30, 0x9, 0x6, 0x3, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR2={0x5, 0x15, 0xb}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) write$binfmt_script(r4, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) open(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14927e, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000180)={0xffffffff, 0x0, 0x1, 0x4, 0xd, "c09ef084056840c0383008f7af04ff671ae91e"}) 6][ T4681] Bluetooth: hci0: command tx timeout [ 92.268744][ T5337] loop0: detected capacity change from 0 to 1024 [ 92.284356][ T5337] ======================================================= [ 92.284356][ T5337] WARNING: The mand mount option has been deprecated and [ 92.284356][ T5337] and is ignored by this kernel. Remove the mand [ 92.284356][ T5337] option from the mount to silence this warning. [ 92.284356][ T5337] ======================================================= [ 92.307965][ T5337] hfsplus: invalid length 256 has been corrected to 255 [ 92.340430][ T9] cfg80211: failed to load regulatory.db [ 92.409262][ T5337] [ 92.410438][ T5337] ============================================ [ 92.413167][ T5337] WARNING: possible recursive locking detected [ 92.415832][ T5337] syzkaller #0 Not tainted [ 92.417787][ T5337] -------------------------------------------- [ 92.420449][ T5337] syz.0.0/5337 is trying to acquire lock: [ 92.422985][ T5337] ffff8880408fd548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 92.427329][ T5337] [ 92.427329][ T5337] but task is already holding lock: [ 92.430277][ T5337] ffff8880408fc7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 92.434346][ T5337] [ 92.434346][ T5337] other info that might help us debug this: [ 92.437540][ T5337] Possible unsafe locking scenario: [ 92.437540][ T5337] [ 92.440783][ T5337] CPU0 [ 92.442270][ T5337] ---- [ 92.443828][ T5337] lock(&HFSPLUS_I(inode)->extents_lock); [ 92.446387][ T5337] lock(&HFSPLUS_I(inode)->extents_lock); [ 92.448948][ T5337] [ 92.448948][ T5337] *** DEADLOCK *** [ 92.448948][ T5337] [ 92.452305][ T5337] May be due to missing lock nesting notation [ 92.452305][ T5337] [ 92.455678][ T5337] 6 locks held by syz.0.0/5337: [ 92.457715][ T5337] #0: ffff888011cfe420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 92.461307][ T5337] #1: ffff8880408fddf8 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb47/0x3dd0 [ 92.465478][ T5337] #2: ffff8880408f9198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_mknod+0x7e/0x290 [ 92.469417][ T5337] #3: ffff88801fba60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 92.473763][ T5337] #4: ffff8880408fc7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 92.478932][ T5337] #5: ffff8880408f90f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xd10 [ 92.483285][ T5337] [ 92.483285][ T5337] stack backtrace: [ 92.485767][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 92.485788][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.485798][ T5337] Call Trace: [ 92.485807][ T5337] [ 92.485814][ T5337] dump_stack_lvl+0x189/0x250 [ 92.485836][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.485853][ T5337] ? __pfx__printk+0x10/0x10 [ 92.485872][ T5337] ? print_lock_name+0xde/0x100 [ 92.485887][ T5337] print_deadlock_bug+0x279/0x290 [ 92.485901][ T5337] __lock_acquire+0x2540/0x2cf0 [ 92.485911][ T5337] ? lock_release+0x4b/0x3b0 [ 92.485923][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 92.485935][ T5337] lock_acquire+0x117/0x340 [ 92.485948][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 92.485961][ T5337] __mutex_lock+0x187/0x1350 [ 92.486031][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 92.486048][ T5337] ? check_path+0x21/0x40 [ 92.486064][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 92.486078][ T5337] ? __pfx___mutex_lock+0x10/0x10 [ 92.486096][ T5337] hfsplus_get_block+0x398/0x1600 [ 92.486111][ T5337] ? __pfx_hfsplus_get_block+0x10/0x10 [ 92.486126][ T5337] ? do_raw_spin_unlock+0x4d/0x240 [ 92.486142][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 92.486159][ T5337] block_read_full_folio+0x29f/0x830 [ 92.486181][ T5337] ? __pfx_hfsplus_get_block+0x10/0x10 [ 92.486193][ T5337] filemap_read_folio+0x117/0x380 [ 92.486214][ T5337] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 92.486226][ T5337] ? __pfx_filemap_read_folio+0x10/0x10 [ 92.486242][ T5337] ? filemap_add_folio+0x35f/0x540 [ 92.486257][ T5337] do_read_cache_folio+0x358/0x590 [ 92.486266][ T5337] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 92.486277][ T5337] read_cache_page+0x5d/0x170 [ 92.486289][ T5337] hfsplus_block_allocate+0xf3/0xd10 [ 92.486302][ T5337] hfsplus_file_extend+0xa9a/0x1c30 [ 92.486318][ T5337] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 92.486336][ T5337] ? hfsplus_find_init+0x168/0x2d0 [ 92.486357][ T5337] ? __pfx___mutex_lock+0x10/0x10 [ 92.486372][ T5337] hfsplus_bmap_reserve+0x125/0x510 [ 92.486388][ T5337] hfsplus_create_cat+0x188/0x10d0 [ 92.486400][ T5337] ? do_sys_openat2+0x121/0x200 [ 92.486412][ T5337] ? __x64_sys_creat+0x8f/0xc0 [ 92.486426][ T5337] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 92.486453][ T5337] ? do_raw_spin_unlock+0x4d/0x240 [ 92.486468][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 92.486484][ T5337] ? hfsplus_new_inode+0x643/0x820 [ 92.486495][ T5337] hfsplus_mknod+0x16a/0x290 [ 92.486508][ T5337] ? __pfx_hfsplus_create+0x10/0x10 [ 92.486521][ T5337] path_openat+0x18bb/0x3dd0 [ 92.486544][ T5337] ? __pfx_path_openat+0x10/0x10 [ 92.486562][ T5337] do_filp_open+0x1fa/0x410 [ 92.486575][ T5337] ? __pfx_do_filp_open+0x10/0x10 [ 92.486593][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 92.486606][ T5337] ? alloc_fd+0x64c/0x6c0 [ 92.486619][ T5337] do_sys_openat2+0x121/0x200 [ 92.486630][ T5337] ? __se_sys_futex+0x36f/0x400 [ 92.486655][ T5337] ? __pfx_do_sys_openat2+0x10/0x10 [ 92.486672][ T5337] __x64_sys_creat+0x8f/0xc0 [ 92.486685][ T5337] do_syscall_64+0xfa/0xf80 [ 92.486696][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.486709][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 92.486723][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.486734][ T5337] RIP: 0033:0x7fbe3978f7c9 [ 92.486748][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.486761][ T5337] RSP: 002b:00007fbe35bf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 92.486777][ T5337] RAX: ffffffffffffffda RBX: 00007fbe399e5fa0 RCX: 00007fbe3978f7c9 [ 92.486788][ T5337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000e00 [ 92.486795][ T5337] RBP: 00007fbe39813f91 R08: 0000000000000000 R09: 0000000000000000 [ 92.486801][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.486808][ T5337] R13: 00007fbe399e6038 R14: 00007fbe399e5fa0 R15: 00007ffee9d50548 [ 92.486820][ T5337]