program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000100)=ANY=[], 0x1, 0x6bc, &(0x7f0000000e80)="$eJzs3c9vHGf9B/D3rNcbb75Vvk6b0AgVYSVSQYpInFgphEsMqlAOFarKgbOVOI2VTVI5LnIrBC4gOCFx6B9QkHzjhMQ9KJzLrVcfKyFxiThEvSya2Vl7ba9jO/4ZeL2i8fPMPvM889nPPDPj3Y21Af5n3byY5uMUuXnxncVyfWV5qrOyPHWibu4kKeuNpNkrUjxIiifJdNleDCwZKDf5dO76e188Xfmyt9asl2r7kef1G2LItkv1kol6vImhPUd3uoulOry8kuRWXa7X2ulY6zYsk3ahLuHIdTdZ2k333Zy3wDHTvzsVvfvmJuPJycHzvL46NA4nuoOzq6scAAAAvKQ+f3jUEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDLp/7+/6JeGv3v/J9IcTLJWJJW/7G6fgxN73jLxwcaBwAAAAAAAAAcjm8+y7Ms5lR/vVtUn/mfr1bO5Ktu8n/5MI8ym/lcymJmspCFzOdKkvGBgVqLMwsL81dWe5aG97w6tOfVw3rGAAAAAAAAAPBf6Vdpr33+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx0GRjPSKajlTlxlPo5m1tiwl/0jSOup4d6EY9uDjw48DAAAA9mTsBfr8/7M8y2JO9de7RfWa/2vV6+WxfJgHWchcFtLJbG7Xr6HLV/2NleWpzsry1P1y2TzuD/61qzCqEev3F4bv+Vy1RTt3Mlc9cim3qmBup1H1zIXkXD+e4XF9UsZU3Lhxo1y5scPImnVay539Yat3EfbFFm9FbHlUx8vgktWMTNaxldk43ctAUb1Rk2zMxLZHp7lxT2lkdHVPV9JYfefnzA5zXtlmr30n67J8Pr9dzfnbJ3bY/QCtZqKRKhNX+7OvPGeen4nkW3/980/vdh7cu3vn0cWDm0b7bGSLxzfOiamBTLz+UmeiucvtJ6tMnF1dv5kf5Se5mIm8m/nM5WeZyUJm063bZ+r5XP4cf36mptetvbtdJK36uPSO2U5imsjbVW0m56u+pzKXIg9zO7N5q/p3NVfy3VzLtVwfOMJnt4y7em7VWd/YeNb3j/TfhgZ/4dt1pZ3kd3W5KQcbbDU790vv4lvm9fRAXnuz/unqVqcHzoPJgSy92s/O6NDBX+Ta2Px6XSn38eu6PB7G60yUJ1D/LtGP7rVeJprVvWjzPP9jt+yXzoN783dnPthi/KUN62/WZTmtlr8xrMew3Aw/FPurnC+vZqy+kqyfHWXba6tXmdPr7qqt+hOXZh39xrazVVtR9M/UH+dh9SQ3n6mt+ne4zSNdrdpeH9o2VbWdG2hb9/tWHqaT24eQPwD2aDwnW+1/tj9vf9b+Tftu+52xH5743ok3Whn9++j3m5MjbzbeKP6Sz/KLtdf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAi3v00cf3Zjqd2fnhlcbWTdtUtht5Q6Wov9DnhfZ1DCtjSdY9Un3P0aGH0d4YxqZK95fJoeen/yWCw7f5fVlpZicDTm+3zSdHPhOOe2UkwyfAEV+YgAN3eeH+B5cfffTxd+buz7w/+/7sg9Fr165PXr/21tTlO3Od2cnez6OOEjgIazf9o44EAAAAAAAAAAAA2Klhfxhw/pXt/mhki8r44IAt/7MQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2Bc3L6b5OEWuTF6aLNdXlqc65dKvr23ZTNJoJMXPk+JJMp3ekvGB4Yr86Um6Q/bz6dz19754uvLl2ljN3vZJoy73YKleMpFkpC73a7xbex6v+Hf/GZYJ+6rb7U7vLT7YH/8JAAD//8IQ9Ic=") syz_mount_image$fuse(0x0, &(0x7f00000016c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.numa_stat\x00', 0x26e1, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x200, 0x8000, 0x0, 0x12, 0x3, 0x10, "1e326e5f1bf1e87057ee76ddb5adbc11a1e8c3883d271e1c7205bffeabb38b8df905c1e0cacdd0f0af13a2a64c28b10761446fd44d0e4a4aa07bfda7d284629a", "3dd870e14f4e59b925cb7efffe3eadc8c8a8d5d2f07e7f473c52517c266433c6d7c32ac69f9f8fb929f9121a1c858144e67582c780504fe88b7ede47db760a6a", "a2286b818b0129653b4e463778857b6fa4fef87587726f5dc7bf7fba820bb23d", [0xa79]}) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) [ 74.983734][ T46] Bluetooth: hci0: command tx timeout [ 75.081113][ T5341] loop0: detected capacity change from 0 to 1024 [ 75.164589][ T5341] hfsplus: xattr searching failed [ 75.180760][ T5341] [ 75.181923][ T5341] ============================================ [ 75.184797][ T5341] WARNING: possible recursive locking detected [ 75.187428][ T5341] syzkaller #0 Not tainted [ 75.189296][ T5341] -------------------------------------------- [ 75.191998][ T5341] syz.0.0/5341 is trying to acquire lock: [ 75.194593][ T5341] ffff8880114e40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 75.198790][ T5341] [ 75.198790][ T5341] but task is already holding lock: [ 75.201763][ T5341] ffff8880114e40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 75.205591][ T5341] [ 75.205591][ T5341] other info that might help us debug this: [ 75.208647][ T5341] Possible unsafe locking scenario: [ 75.208647][ T5341] [ 75.211581][ T5341] CPU0 [ 75.212913][ T5341] ---- [ 75.214328][ T5341] lock(&tree->tree_lock/1); [ 75.216288][ T5341] lock(&tree->tree_lock/1); [ 75.218214][ T5341] [ 75.218214][ T5341] *** DEADLOCK *** [ 75.218214][ T5341] [ 75.221693][ T5341] May be due to missing lock nesting notation [ 75.221693][ T5341] [ 75.225108][ T5341] 6 locks held by syz.0.0/5341: [ 75.227126][ T5341] #0: ffff888040d19b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 75.230751][ T5341] #1: ffff8880112ec420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xb30 [ 75.234535][ T5341] #2: ffff888042907238 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 75.239874][ T5341] #3: ffff888042907048 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2a0/0xc10 [ 75.244415][ T5341] #4: ffff8880114e40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 75.248431][ T5341] #5: ffff888042904108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 75.253039][ T5341] [ 75.253039][ T5341] stack backtrace: [ 75.255605][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.255623][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.255631][ T5341] Call Trace: [ 75.255639][ T5341] [ 75.255646][ T5341] dump_stack_lvl+0xe8/0x150 [ 75.255664][ T5341] print_deadlock_bug+0x279/0x290 [ 75.255679][ T5341] __lock_acquire+0x2540/0x2cf0 [ 75.255690][ T5341] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 75.255752][ T5341] ? lockdep_hardirqs_on+0x7b/0x110 [ 75.255762][ T5341] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 75.255777][ T5341] ? stack_depot_save_flags+0x3f3/0x810 [ 75.255793][ T5341] ? hfsplus_find_init+0x168/0x2d0 [ 75.255805][ T5341] lock_acquire+0x107/0x340 [ 75.255814][ T5341] ? hfsplus_find_init+0x168/0x2d0 [ 75.255830][ T5341] __mutex_lock+0x187/0x1350 [ 75.255841][ T5341] ? hfsplus_find_init+0x168/0x2d0 [ 75.255857][ T5341] ? hfsplus_find_init+0x168/0x2d0 [ 75.255871][ T5341] ? __pfx___mutex_lock+0x10/0x10 [ 75.255881][ T5341] ? rcu_is_watching+0x15/0xb0 [ 75.255893][ T5341] ? trace_kmalloc+0x1f/0xb0 [ 75.255906][ T5341] ? __kmalloc_noprof+0x43e/0x800 [ 75.255919][ T5341] ? hfsplus_find_init+0x8c/0x2d0 [ 75.255933][ T5341] hfsplus_find_init+0x168/0x2d0 [ 75.255948][ T5341] hfsplus_file_extend+0x40e/0x1c30 [ 75.255962][ T5341] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.255973][ T5341] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.255986][ T5341] ? rcu_is_watching+0x15/0xb0 [ 75.255998][ T5341] ? __asan_memset+0x22/0x50 [ 75.256013][ T5341] ? hfsplus_brec_find+0x1a9/0x510 [ 75.256028][ T5341] hfsplus_bmap_reserve+0x125/0x510 [ 75.256044][ T5341] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 75.256057][ T5341] __hfsplus_ext_cache_extent+0x89/0xe30 [ 75.256071][ T5341] hfsplus_file_truncate+0x466/0xc10 [ 75.256085][ T5341] ? __pfx_hfsplus_file_truncate+0x10/0x10 [ 75.256097][ T5341] ? __pfx_unmap_mapping_range+0x10/0x10 [ 75.256111][ T5341] hfsplus_write_begin+0xa8/0xb0 [ 75.256122][ T5341] generic_perform_write+0x2c5/0x900 [ 75.256135][ T5341] ? __pfx_generic_perform_write+0x10/0x10 [ 75.256144][ T5341] ? file_update_time_flags+0x2cb/0x4e0 [ 75.256157][ T5341] ? __generic_file_write_iter+0xf9/0x230 [ 75.256166][ T5341] ? generic_file_write_iter+0x103/0x550 [ 75.256175][ T5341] generic_file_write_iter+0x117/0x550 [ 75.256187][ T5341] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.256196][ T5341] ? lockdep_unlock+0x6c/0xf0 [ 75.256204][ T5341] ? __lock_acquire+0x146f/0x2cf0 [ 75.256214][ T5341] ? __pfx_aa_file_perm+0x10/0x10 [ 75.256228][ T5341] ? vfs_write+0x211/0xb30 [ 75.256243][ T5341] ? vfs_write+0x211/0xb30 [ 75.256260][ T5341] vfs_write+0x5c9/0xb30 [ 75.256275][ T5341] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.256293][ T5341] ? __pfx_vfs_write+0x10/0x10 [ 75.256309][ T5341] ? __fget_files+0x2a/0x420 [ 75.256322][ T5341] ksys_write+0x145/0x250 [ 75.256338][ T5341] ? __pfx_ksys_write+0x10/0x10 [ 75.256354][ T5341] do_syscall_64+0xec/0xf80 [ 75.256364][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.256374][ T5341] ? trace_irq_disable+0x37/0x100 [ 75.256388][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 75.256399][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.256411][ T5341] RIP: 0033:0x7f94c458f7c9 [ 75.256423][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.256431][ T5341] RSP: 002b:00007f94c09f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.256443][ T5341] RAX: ffffffffffffffda RBX: 00007f94c47e5fa0 RCX: 00007f94c458f7c9 [ 75.256450][ T5341] RDX: 000000011ffffce1 RSI: 0000200000000080 RDI: 0000000000000004 [ 75.256457][ T5341] RBP: 00007f94c4613f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.256464][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.256470][ T5341] R13: 00007f94c47e6038 R14: 00007f94c47e5fa0 R15: 00007ffc7c1cec68 [ 75.256482][ T5341] [ 76.193747][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.196329][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.992429][ T46] Bluetooth: hci0: command tx timeout [ 79.072541][ T46] Bluetooth: hci0: command tx timeout [ 81.152171][ T46] Bluetooth: hci0: command tx timeout