program: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYRES32=0x0, @ANYRES16, @ANYRES16], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3ctqFEscx/Ff9UySycmQ07kcDriMBnQjMW7EzQSZhxAXomZGCA4RTQR1YxQXIqJ7976CryC4UXwBXbnyAUYQWqq65pqe7jhkujP4/YChp7uq61/pS9V/wJQA/LWu1L++u/jd/jNSSSXp5WUpkPRCKkv6T/9XHuzu7+y3mo2U87QjRxXJKK5pDhXa3m0m1a3I1/BC+6msav8+TEYURVvfJO0VHQgK5Z7+BIE0559Od7ySe2Tpno5Z7+CY45g2pq22Hmqx6DgAAMXy43/gx/mqn78HgbTuh/0TOf6Pq110ABMXpR7tG/9dlhUZe33/dYd6+Z5L4ezxoJMlHqXlmaHPs4rvrIEJpsnKKl0swfztnVbz/PbdViPQM9W8vmKr7mcjvnU7MqJdS8hNUxyh7yZ5Rrng+jBj+7A5Iv6VMVscm/loPpvrJtRbNbrzv3Jk7GVyVyoculJx/Bujz+h6GdpS8q+NWq0WDBRZco2c8i14Gb2sJGck6txRSxr8giDMitPVWh6qFffuQkatlbjW1vxArc3OpxG1Vgfasr3p3s2j25s089pcNWv6ofeq983/AxvfulKfzN5TY9bjocD9xuP+zCY3V3bnDA+NHAe6Vh3c0/0tzo0K/Wf6Ow1DnqQce6VbuqTFvUeP75RareZ9u3EzYeNetbtn5rmUWKaAjUC9PTroHZpT/EXkoVqdQSnPUM8d6wnt+yOzsH3KcungibkTitiof8r3RipiI6d3FArVu+iZRT/kEhDy5uZdcf7Xl69suMme/RGmzNMzJ2T+jJGdY3czoMpA/WW39c8fZXALozO4o+Zcp89KZ7q7fkUZLYY+zukQpU39LFPXF93g+38AAAAAAAAAAAAAAAAAAIBpk8d/Jyi6jwAAAAAAAAAAAAAAAAAAAAAATLvu+r/qrP8rv/5vJX393+G//F2KV3g5lvV/3+yK9X+ByfsdAAD//y0Iis0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18, 0x0, 0x0, {0x8010}}, 0xffffff20) open_tree(0xffffffffffffff9c, 0x0, 0x89901) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000040)='.\x00', 0x18920f4, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) [ 84.478133][ T5323] loop0: detected capacity change from 0 to 64 [ 84.634834][ T5324] ======================================================= [ 84.634834][ T5324] WARNING: The mand mount option has been deprecated and [ 84.634834][ T5324] and is ignored by this kernel. Remove the mand [ 84.634834][ T5324] option from the mount to silence this warning. [ 84.634834][ T5324] ======================================================= [ 84.666155][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.666155][ T1053] loop0: rw=8388609, sector=65, nr_sectors = 1 limit=64 [ 84.672319][ T1053] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 84.677068][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.677068][ T1053] loop0: rw=8388609, sector=66, nr_sectors = 1 limit=64 [ 84.682862][ T1053] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 84.695813][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.695813][ T1053] loop0: rw=8388609, sector=67, nr_sectors = 1 limit=64 [ 84.715126][ T1053] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 84.722008][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.722008][ T1053] loop0: rw=8388609, sector=68, nr_sectors = 1 limit=64 [ 84.734618][ T1053] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 84.737931][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.737931][ T1053] loop0: rw=8388609, sector=72, nr_sectors = 1 limit=64 [ 84.753954][ T1053] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 84.765076][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.765076][ T1053] loop0: rw=8388609, sector=73, nr_sectors = 1 limit=64 [ 84.774648][ T1053] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 84.778402][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.778402][ T1053] loop0: rw=8388609, sector=76, nr_sectors = 1 limit=64 [ 84.794391][ T1053] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 84.804566][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.804566][ T1053] loop0: rw=8388609, sector=77, nr_sectors = 1 limit=64 [ 84.814551][ T1053] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 84.820211][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.820211][ T1053] loop0: rw=1, sector=78, nr_sectors = 2432 limit=64 [ 84.834657][ T5302] Bluetooth: hci0: command tx timeout [ 84.851673][ T1053] kworker/u4:8: attempt to access beyond end of device [ 84.851673][ T1053] loop0: rw=2049, sector=2510, nr_sectors = 1656 limit=64 [ 84.869678][ T1053] Buffer I/O error on dev loop0, logical block 4166, lost async page write [ 84.873584][ T1053] Buffer I/O error on dev loop0, logical block 4167, lost async page write [ 85.306739][ T5323] [ 85.307955][ T5323] ============================================ [ 85.310659][ T5323] WARNING: possible recursive locking detected [ 85.313281][ T5323] syzkaller #0 Not tainted [ 85.315294][ T5323] -------------------------------------------- [ 85.318017][ T5323] syz.0.0/5323 is trying to acquire lock: [ 85.320446][ T5323] ffff88804237a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.324505][ T5323] [ 85.324505][ T5323] but task is already holding lock: [ 85.328205][ T5323] ffff88804237a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.333516][ T5323] [ 85.333516][ T5323] other info that might help us debug this: [ 85.337907][ T5323] Possible unsafe locking scenario: [ 85.337907][ T5323] [ 85.342250][ T5323] CPU0 [ 85.344472][ T5323] ---- [ 85.346036][ T5323] lock(&tree->tree_lock/1); [ 85.348285][ T5323] lock(&tree->tree_lock/1); [ 85.350369][ T5323] [ 85.350369][ T5323] *** DEADLOCK *** [ 85.350369][ T5323] [ 85.353933][ T5323] May be due to missing lock nesting notation [ 85.353933][ T5323] [ 85.357316][ T5323] 6 locks held by syz.0.0/5323: [ 85.359422][ T5323] #0: ffff8880441dd478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 85.363011][ T5323] #1: ffff8880447e6420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.366861][ T5323] #2: ffff88804223b6a0 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.371747][ T5323] #3: ffff88804223b4f8 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.376670][ T5323] #4: ffff88804237a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300 [ 85.380844][ T5323] #5: ffff88804223c878 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0 [ 85.385685][ T5323] [ 85.385685][ T5323] stack backtrace: [ 85.388219][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.388234][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.388241][ T5323] Call Trace: [ 85.388249][ T5323] [ 85.388255][ T5323] dump_stack_lvl+0xe8/0x150 [ 85.388276][ T5323] print_deadlock_bug+0x279/0x290 [ 85.388294][ T5323] __lock_acquire+0x253f/0x2cf0 [ 85.388304][ T5323] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.388376][ T5323] ? stack_depot_save_flags+0x3f3/0x810 [ 85.388419][ T5323] ? kasan_save_track+0x4f/0x80 [ 85.388431][ T5323] ? kasan_save_track+0x3e/0x80 [ 85.388440][ T5323] ? __kasan_kmalloc+0x93/0xb0 [ 85.388450][ T5323] ? __kmalloc_noprof+0x35c/0x760 [ 85.388461][ T5323] ? hfs_find_init+0xaa/0x300 [ 85.388470][ T5323] ? hfs_extend_file+0x35c/0x15e0 [ 85.388477][ T5323] ? hfs_bmap_reserve+0x107/0x430 [ 85.388483][ T5323] lock_acquire+0xf0/0x2e0 [ 85.388492][ T5323] ? hfs_find_init+0x18e/0x300 [ 85.388502][ T5323] __mutex_lock+0x19f/0x1300 [ 85.388513][ T5323] ? hfs_find_init+0x18e/0x300 [ 85.388523][ T5323] ? hfs_find_init+0x18e/0x300 [ 85.388532][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 85.388542][ T5323] ? rcu_is_watching+0x15/0xb0 [ 85.388553][ T5323] ? __kmalloc_noprof+0x37d/0x760 [ 85.388563][ T5323] ? hfs_find_init+0xaa/0x300 [ 85.388571][ T5323] ? __kmalloc_noprof+0x1b8/0x760 [ 85.388581][ T5323] hfs_find_init+0x18e/0x300 [ 85.388591][ T5323] hfs_extend_file+0x35c/0x15e0 [ 85.388598][ T5323] ? hfs_ext_keycmp+0x1c7/0x320 [ 85.388605][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.388613][ T5323] ? __pfx___hfs_brec_find+0x10/0x10 [ 85.388624][ T5323] ? hfs_brec_find+0x3cc/0x510 [ 85.388634][ T5323] hfs_bmap_reserve+0x107/0x430 [ 85.388642][ T5323] __hfs_ext_write_extent+0x1fa/0x470 [ 85.388650][ T5323] __hfs_ext_cache_extent+0x6b/0x9b0 [ 85.388657][ T5323] ? hfs_find_init+0x18e/0x300 [ 85.388667][ T5323] hfs_extend_file+0x39b/0x15e0 [ 85.388673][ T5323] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 85.388685][ T5323] ? __pfx_hfs_extend_file+0x10/0x10 [ 85.388693][ T5323] ? clean_bdev_aliases+0x62e/0x750 [ 85.388705][ T5323] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 85.388717][ T5323] hfs_get_block+0x412/0xc50 [ 85.388725][ T5323] ? __pfx_hfs_get_block+0x10/0x10 [ 85.388732][ T5323] ? do_raw_spin_unlock+0x4d/0x210 [ 85.388740][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 85.388773][ T5323] __block_write_begin_int+0x6c6/0x1910 [ 85.388789][ T5323] ? __pfx_hfs_get_block+0x10/0x10 [ 85.388799][ T5323] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.388811][ T5323] cont_write_begin+0x737/0xae0 [ 85.388822][ T5323] ? irqentry_exit+0x59e/0x620 [ 85.388840][ T5323] ? __pfx_cont_write_begin+0x10/0x10 [ 85.388853][ T5323] hfs_write_begin+0x66/0xb0 [ 85.388865][ T5323] ? __pfx_hfs_get_block+0x10/0x10 [ 85.388883][ T5323] generic_perform_write+0x2e2/0x8f0 [ 85.388897][ T5323] ? __pfx_generic_perform_write+0x10/0x10 [ 85.388910][ T5323] ? file_update_time_flags+0x219/0x4a0 [ 85.388926][ T5323] ? __generic_file_write_iter+0xf9/0x230 [ 85.388937][ T5323] ? generic_file_write_iter+0x136/0x680 [ 85.388947][ T5323] generic_file_write_iter+0x14a/0x680 [ 85.388958][ T5323] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.388970][ T5323] ? add_lock_to_list+0xc7/0x100 [ 85.388985][ T5323] ? lockdep_unlock+0x5d/0xd0 [ 85.388996][ T5323] ? __lock_acquire+0x146e/0x2cf0 [ 85.389011][ T5323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 85.389034][ T5323] vfs_write+0x61d/0xb90 [ 85.389052][ T5323] ? __pfx_vfs_write+0x10/0x10 [ 85.389068][ T5323] ? __fget_files+0x2a/0x420 [ 85.389085][ T5323] ksys_write+0x150/0x270 [ 85.389100][ T5323] ? __pfx_ksys_write+0x10/0x10 [ 85.389117][ T5323] do_syscall_64+0x14d/0xf80 [ 85.389133][ T5323] ? trace_irq_disable+0x3b/0x150 [ 85.389151][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.389162][ T5323] ? clear_bhb_loop+0x40/0x90 [ 85.389173][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.389184][ T5323] RIP: 0033:0x7fc40999c629 [ 85.389196][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.389205][ T5323] RSP: 002b:00007fc40a784028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.389218][ T5323] RAX: ffffffffffffffda RBX: 00007fc409c15fa0 RCX: 00007fc40999c629 [ 85.389225][ T5323] RDX: 00000000ffffff20 RSI: 00002000000000c0 RDI: 0000000000000004 [ 85.389232][ T5323] RBP: 00007fc409a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.389239][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.389246][ T5323] R13: 00007fc409c16038 R14: 00007fc409c15fa0 R15: 00007fff64bf4898 [ 85.389256][ T5323] [ 86.914509][ T5302] Bluetooth: hci0: command tx timeout [ 88.995361][ T5302] Bluetooth: hci0: command tx timeout