program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x1008400, &(0x7f0000000080)=ANY=[], 0x84, 0x695, &(0x7f0000000180)="$eJzs3ctvVNcdB/DvHY+Nh6bEIZCQKhIoSG1VVLCxSOtuoFVVsYiqKF10bYEBi4EkxqkcVBX63mbBH5Au2HVRVeoeNd100+6y9TJS1W6yqbua6t65Mx5sjx9J8Bjy+aA793HuOed3fnMf88CaAF9al8+k+ShFLp95YyVJkaLafKt8WH04205yKEkjaXZnKf7b6XQ+Si6lO+WVql5XMayfB4tzb3386eonSafrXrO3f2O7ertzv55yKslYPf+i2ruyU3uTOzVXPDbC073EwaiNp3dG/vtBd8u7f3+uXzKgtVXtHY984ClQdO+bm0wlh+sTvXwd0L0rdu/ZT7X7ow4AAAAA9sHza1nLSo6MOg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mtS//1/UU6O3fCpF7/f/J+ptqZcPlpN72/3Rk4oDAAAAAAAAAPbRybWsZSVHeuudovrO/7Vq5Vj1+JW8lztZyFLOZiXzWc5yljKTZGqgoYmV+eXlpZl+zd7/DNhc8/zdrWqe3yHQQ/W89UWMGgAAAAAAAACeOb/K5fXv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CAokrHurJqO9Zan0mgmmUwyUW64n/yzXB51vJ/Xo1EHAAAAAJ9DZ8N8mOfXspaVHOnXK6r3/C9V7/sn815uZzmLWU47C7lafRbQfdffWH042159OHurnDa3+/3/7CncqsV0P3vYuucT1R6tXMtiteVsruTtFMXVNKqapRO9eLaO65dlTMXFrvFdRna1npcj/6Ceb3JvT4MdZo8fpkxVGRnvZ2S6jq3MxgvbZ2LnZ2dsu55m0ugHe2xDTxsGUea8t+nixcGS1vDOD9fzcjy/G5bzkdiYifMDR99L2+c8+cZf/vjTG+3bN29cu3Pm4Axpd3rHQ/d60tqcidmBTLz8LGdik+kqE8f765fzo/wkZ3Iqb2Ypi/lZ5rOchZzKD6ul+fp4LgZO+SGZuvTY2ps7RTJRH6HdJ+vxmLJDTK9VdY9kMT/O27mahbxe/TufmXwnF3IhcwPP8PFdXGkb9ZX24oYoO1/dMvjT36wXygvD7wcvENebOw38CSvz+sJAXgevuVNV2eCW9Swd3cP9qJelP20fSvNr9ULZx6/r+cGwMRMzA5l4cftM/KG6rNxp3765dGP+nd11d/SDeqE8j357oO4S5fFytHyyqrXHj46y7MW6bLya1vM1UX/j0q3X2FR2vF/WPVPvDz1TJ+rXcJtbOl+Vvbxl2WxVdmKgbOPrrXb/9dCz8OUPwDPr8LcOT7T+1fpH68PWb1o3Wm9M/uDQdw+9OpHxv41/rzk99vXGq8Wf82F+sf7+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+OzuvH/35ny7vbC0YaHT6dwbUvQ0L/R+zmwfO33luWRUQ55IcjAy/79Op1NvKfZevcj+5rBTOpTO9juPDTuQ/ppkYMvk8L6aSbYqOjnq52u+PeILE/DEnVu+9c65O+/f/fbirfnrC9cXbs9duDA3PXfh9dlz1xbbC9Pdx1FHCTwJ6zf9UUcCAAAAAAAAAAAA7NZ+/DnB8N4n93OoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFPq8pk0H6XIzPTZ6XJ99eFsu5x6y+t7NpM0khQ/T4qPkkvpTpkaaK4Y1s+Dxbm3Pv509ZP1tpq9/Rvb1dvKu5u23K+nnEoy1m1yS2O776Xf3pV6/tkV/RGWCTvdSxyM2v8DAAD//wdcBZg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000004900)='./file1\x00', 0x4042, 0xf9) writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r1, r3, r4) quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000202, r3, &(0x7f0000000100)='./file1\x00') setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x0, 0x3}, 0x8) r5 = io_uring_setup(0xb88, &(0x7f0000000000)={0x0, 0x77d8, 0x2, 0x3, 0x158}) io_uring_register$IORING_REGISTER_FILES(r5, 0x1c, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1) open(&(0x7f0000000000)='./file1\x00', 0x151000, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006540)=@newtaction={0x60, 0x30, 0xb, 0x0, 0x25dfdbff, {}, [{0x4c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) utimes(&(0x7f00000024c0)='./file1\x00', &(0x7f0000002500)={{}, {0x0, 0x2710}}) bind$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x81, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}, 0xe) [ 86.552574][ T5313] Bluetooth: hci0: command tx timeout [ 86.660032][ T5335] loop0: detected capacity change from 0 to 1024 [ 86.772214][ T24] audit: type=1800 audit(1776737677.680:2): pid=5335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 86.791605][ T5335] [ 86.792796][ T5335] ============================================ [ 86.795435][ T5335] WARNING: possible recursive locking detected [ 86.798217][ T5335] syzkaller #0 Not tainted [ 86.800194][ T5335] -------------------------------------------- [ 86.802922][ T5335] syz.0.0/5335 is trying to acquire lock: [ 86.805475][ T5335] ffff88801271bb80 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 86.810324][ T5335] [ 86.810324][ T5335] but task is already holding lock: [ 86.813584][ T5335] ffff88801271ae80 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 86.818499][ T5335] [ 86.818499][ T5335] other info that might help us debug this: [ 86.822014][ T5335] Possible unsafe locking scenario: [ 86.822014][ T5335] [ 86.825211][ T5335] CPU0 [ 86.826704][ T5335] ---- [ 86.828221][ T5335] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.830926][ T5335] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.833560][ T5335] [ 86.833560][ T5335] *** DEADLOCK *** [ 86.833560][ T5335] [ 86.837105][ T5335] May be due to missing lock nesting notation [ 86.837105][ T5335] [ 86.840675][ T5335] 5 locks held by syz.0.0/5335: [ 86.842833][ T5335] #0: ffff888042c5b9b0 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 86.846788][ T5335] #1: ffff8880369ce410 (sb_writers#12){.+.+}-{0:0}, at: vfs_writev+0x2aa/0x990 [ 86.850806][ T5335] #2: ffff88801271b068 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 86.855750][ T5335] #3: ffff88801271ae80 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 86.860995][ T5335] #4: ffff8880123780f0 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 86.865523][ T5335] [ 86.865523][ T5335] stack backtrace: [ 86.868107][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.868127][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.868136][ T5335] Call Trace: [ 86.868146][ T5335] [ 86.868152][ T5335] dump_stack_lvl+0xe8/0x150 [ 86.868179][ T5335] print_deadlock_bug+0x279/0x290 [ 86.868197][ T5335] __lock_acquire+0x253f/0x2cf0 [ 86.868217][ T5335] ? lock_release+0x4b/0x3c0 [ 86.868235][ T5335] ? is_bpf_text_address+0x292/0x2b0 [ 86.868251][ T5335] ? is_bpf_text_address+0x26/0x2b0 [ 86.868268][ T5335] ? kernel_text_address+0xa5/0xe0 [ 86.868283][ T5335] ? hfsplus_get_block+0x39e/0x1670 [ 86.868294][ T5335] lock_acquire+0x106/0x350 [ 86.868312][ T5335] ? hfsplus_get_block+0x39e/0x1670 [ 86.868326][ T5335] __mutex_lock+0x1a3/0x1550 [ 86.868397][ T5335] ? hfsplus_get_block+0x39e/0x1670 [ 86.868415][ T5335] ? check_path+0x21/0x40 [ 86.868429][ T5335] ? hfsplus_get_block+0x39e/0x1670 [ 86.868445][ T5335] ? __pfx___mutex_lock+0x10/0x10 [ 86.868469][ T5335] hfsplus_get_block+0x39e/0x1670 [ 86.868488][ T5335] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.868505][ T5335] ? block_read_full_folio+0x672/0x830 [ 86.868521][ T5335] block_read_full_folio+0x29f/0x830 [ 86.868535][ T5335] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.868550][ T5335] filemap_read_folio+0x137/0x3b0 [ 86.868562][ T5335] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.868575][ T5335] ? __pfx_filemap_read_folio+0x10/0x10 [ 86.868586][ T5335] ? filemap_add_folio+0x356/0x530 [ 86.868603][ T5335] do_read_cache_folio+0x358/0x590 [ 86.868616][ T5335] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.868627][ T5335] read_cache_page+0x5d/0x170 [ 86.868639][ T5335] hfsplus_block_allocate+0xf3/0xce0 [ 86.868652][ T5335] ? __gup_longterm_locked+0x133b/0x1630 [ 86.868669][ T5335] hfsplus_file_extend+0xb21/0x1db0 [ 86.868684][ T5335] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 86.868699][ T5335] ? gup_fast_fallback+0x1d9b/0x20d0 [ 86.868716][ T5335] hfsplus_get_block+0x42c/0x1670 [ 86.868733][ T5335] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.868744][ T5335] ? submit_page_section+0x592/0x8f0 [ 86.868763][ T5335] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.868775][ T5335] __blockdev_direct_IO+0x161d/0x34e0 [ 86.868798][ T5335] ? __pfx___blockdev_direct_IO+0x10/0x10 [ 86.868814][ T5335] ? __pfx_invalidate_inode_pages2_range+0x10/0x10 [ 86.868830][ T5335] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.868845][ T5335] ? filemap_write_and_wait_range+0x1e9/0x3f0 [ 86.868860][ T5335] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 86.868876][ T5335] ? __lock_acquire+0x6b5/0x2cf0 [ 86.868894][ T5335] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.868917][ T5335] ? irqentry_exit+0x218/0x730 [ 86.868933][ T5335] ? preempt_schedule_thunk+0x16/0x30 [ 86.868952][ T5335] ? preempt_schedule_thunk+0x16/0x30 [ 86.868967][ T5335] hfsplus_direct_IO+0x119/0x220 [ 86.868984][ T5335] generic_file_direct_write+0x1db/0x3e0 [ 86.868999][ T5335] __generic_file_write_iter+0x11d/0x230 [ 86.869015][ T5335] ? generic_file_write_iter+0x136/0x680 [ 86.869029][ T5335] generic_file_write_iter+0x14a/0x680 [ 86.869047][ T5335] ? __pfx_generic_file_write_iter+0x10/0x10 [ 86.869061][ T5335] ? stack_trace_save+0xa9/0x100 [ 86.869080][ T5335] ? __pfx_stack_trace_save+0x10/0x10 [ 86.869092][ T5335] ? __pfx_hlock_conflict+0x10/0x10 [ 86.869105][ T5335] ? check_path+0x21/0x40 [ 86.869119][ T5335] ? add_lock_to_list+0xc7/0x100 [ 86.869132][ T5335] ? lockdep_unlock+0x5d/0xd0 [ 86.869145][ T5335] ? __lock_acquire+0x146e/0x2cf0 [ 86.869163][ T5335] ? __pfx_aa_file_perm+0x10/0x10 [ 86.869217][ T5335] do_iter_readv_writev+0x619/0x8c0 [ 86.869237][ T5335] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 86.869254][ T5335] vfs_writev+0x33c/0x990 [ 86.869299][ T5335] ? __pfx_vfs_writev+0x10/0x10 [ 86.869318][ T5335] ? __fget_files+0x2a/0x420 [ 86.869340][ T5335] ? __fget_files+0x3a0/0x420 [ 86.869359][ T5335] ? __fget_files+0x2a/0x420 [ 86.869377][ T5335] do_writev+0x154/0x2e0 [ 86.869394][ T5335] ? __pfx_do_writev+0x10/0x10 [ 86.869412][ T5335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.869428][ T5335] do_syscall_64+0x15f/0xf80 [ 86.869443][ T5335] ? trace_irq_disable+0x3b/0x140 [ 86.869458][ T5335] ? clear_bhb_loop+0x40/0x90 [ 86.869470][ T5335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.869482][ T5335] RIP: 0033:0x7f2eb7b9c819 [ 86.869497][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.869506][ T5335] RSP: 002b:00007f2eb896efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 86.869518][ T5335] RAX: ffffffffffffffda RBX: 00007f2eb7e15fa0 RCX: 00007f2eb7b9c819 [ 86.869544][ T5335] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004 [ 86.869553][ T5335] RBP: 00007f2eb7c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 86.869559][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.869565][ T5335] R13: 00007f2eb7e16038 R14: 00007f2eb7e15fa0 R15: 00007ffdaa885408 [ 86.869578][ T5335]