program: syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f00000002c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe8}}, {@noadinicb}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={0x68, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcfa}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000000)=""/82, 0x52}], 0x2}, 0x0) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) sendfile(r2, r2, 0x0, 0x800000009) r3 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x107382, 0x1d0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8920, &(0x7f0000000280)={'dvmrp0\x00', @ifru_flags=0x100}) ftruncate(r4, 0x2007ffb) sendfile(r3, r4, 0x0, 0x1000000201005) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201500200000040"], 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) [ 106.398653][ T5302] Bluetooth: hci0: command tx timeout [ 106.493851][ T5320] loop0: detected capacity change from 0 to 2048 [ 106.515185][ T5320] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362 [ 106.544112][ T5320] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 106.571275][ T5320] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 106.579710][ T5320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 106.597475][ T24] audit: type=1800 audit(1774013928.277:2): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 106.971928][ T4714] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 107.156610][ T5320] [ 107.157878][ T5320] ============================================ [ 107.161615][ T5320] WARNING: possible recursive locking detected [ 107.164477][ T5320] syzkaller #0 Not tainted [ 107.166978][ T5320] -------------------------------------------- [ 107.170092][ T5320] syz.0.0/5320 is trying to acquire lock: [ 107.172937][ T5320] ffff888012709928 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_free_blocks+0xaaf/0x1940 [ 107.179594][ T5320] [ 107.179594][ T5320] but task is already holding lock: [ 107.183677][ T5320] ffff888012709928 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 107.188197][ T5320] [ 107.188197][ T5320] other info that might help us debug this: [ 107.191554][ T5320] Possible unsafe locking scenario: [ 107.191554][ T5320] [ 107.195169][ T5320] CPU0 [ 107.197089][ T5320] ---- [ 107.198606][ T5320] lock(&sbi->s_alloc_mutex); [ 107.200710][ T5320] lock(&sbi->s_alloc_mutex); [ 107.202659][ T5320] [ 107.202659][ T5320] *** DEADLOCK *** [ 107.202659][ T5320] [ 107.205971][ T5320] May be due to missing lock nesting notation [ 107.205971][ T5320] [ 107.209483][ T5320] 3 locks held by syz.0.0/5320: [ 107.211729][ T5320] #0: ffff8880360ec420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 107.216532][ T5320] #1: ffff888047dfc2a0 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_create+0x200/0x370 [ 107.221404][ T5320] #2: ffff888012709928 (&sbi->s_alloc_mutex){+.+.}-{4:4}, at: udf_new_block+0x104a/0x1c70 [ 107.226435][ T5320] [ 107.226435][ T5320] stack backtrace: [ 107.229956][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 107.229979][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 107.229989][ T5320] Call Trace: [ 107.229999][ T5320] [ 107.230030][ T5320] dump_stack_lvl+0xe8/0x150 [ 107.230058][ T5320] print_deadlock_bug+0x279/0x290 [ 107.230111][ T5320] __lock_acquire+0x253f/0x2cf0 [ 107.230130][ T5320] ? arch_stack_walk+0xe3/0x150 [ 107.230177][ T5320] ? unwind_next_frame+0xa5/0x23c0 [ 107.230198][ T5320] ? rcu_is_watching+0x15/0xb0 [ 107.230217][ T5320] ? unwind_next_frame+0xa5/0x23c0 [ 107.230234][ T5320] ? lock_release+0x4b/0x3d0 [ 107.230247][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.230259][ T5320] ? unwind_next_frame+0xa5/0x23c0 [ 107.230276][ T5320] ? rcu_is_watching+0x15/0xb0 [ 107.230296][ T5320] lock_acquire+0xf0/0x2e0 [ 107.230310][ T5320] ? udf_free_blocks+0xaaf/0x1940 [ 107.230327][ T5320] __mutex_lock+0x19f/0x1300 [ 107.230456][ T5320] ? udf_free_blocks+0xaaf/0x1940 [ 107.230467][ T5320] ? kernel_text_address+0xa5/0xe0 [ 107.230482][ T5320] ? __lock_acquire+0x6b5/0x2cf0 [ 107.230497][ T5320] ? udf_free_blocks+0xaaf/0x1940 [ 107.230511][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 107.230523][ T5320] ? folio_mark_accessed+0x42e/0x8c0 [ 107.230565][ T5320] udf_free_blocks+0xaaf/0x1940 [ 107.230579][ T5320] ? bdev_getblk+0x582/0x6e0 [ 107.230592][ T5320] ? udf_get_fileshortad+0x6e/0x1b0 [ 107.230611][ T5320] ? udf_current_aext+0x698/0xb30 [ 107.230627][ T5320] ? __pfx_udf_free_blocks+0x10/0x10 [ 107.230641][ T5320] ? udf_next_aext+0x447/0x530 [ 107.230660][ T5320] udf_delete_aext+0x4fb/0xbd0 [ 107.230676][ T5320] ? __pfx_udf_delete_aext+0x10/0x10 [ 107.230688][ T5320] ? udf_next_aext+0x447/0x530 [ 107.230703][ T5320] udf_new_block+0x149e/0x1c70 [ 107.230720][ T5320] ? __pfx_udf_new_block+0x10/0x10 [ 107.230732][ T5320] ? rcu_is_watching+0x15/0xb0 [ 107.230747][ T5320] ? trace_kmalloc+0x2a/0x110 [ 107.230764][ T5320] ? __kmalloc_noprof+0x37d/0x760 [ 107.230781][ T5320] ? udf_new_inode+0x305/0xd10 [ 107.230792][ T5320] ? __kmalloc_noprof+0x1b8/0x760 [ 107.230809][ T5320] udf_new_inode+0x38f/0xd10 [ 107.230823][ T5320] ? __pfx_udf_new_inode+0x10/0x10 [ 107.230837][ T5320] udf_mkdir+0xd0/0x4d0 [ 107.230850][ T5320] ? __pfx_udf_mkdir+0x10/0x10 [ 107.230862][ T5320] ? from_kgid+0x1ca/0x660 [ 107.230880][ T5320] ? __pfx_current_check_access_path+0x10/0x10 [ 107.230973][ T5320] ? make_vfsuid+0x49/0xa0 [ 107.230985][ T5320] ? generic_permission+0x2e4/0x690 [ 107.231002][ T5320] ? inode_permission+0x346/0x5f0 [ 107.231014][ T5320] ? bpf_lsm_inode_mkdir+0x9/0x20 [ 107.231030][ T5320] vfs_mkdir+0x413/0x630 [ 107.231042][ T5320] filename_mkdirat+0x285/0x510 [ 107.231053][ T5320] ? __pfx_filename_mkdirat+0x10/0x10 [ 107.231066][ T5320] ? do_getname+0x151/0x250 [ 107.231078][ T5320] __se_sys_mkdirat+0x35/0x150 [ 107.231089][ T5320] do_syscall_64+0x14d/0xf80 [ 107.231104][ T5320] ? trace_irq_disable+0x3b/0x150 [ 107.231121][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.231143][ T5320] ? clear_bhb_loop+0x40/0x90 [ 107.231158][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.231171][ T5320] RIP: 0033:0x7fdef899c799 [ 107.231184][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.231196][ T5320] RSP: 002b:00007fdef9868fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 107.231347][ T5320] RAX: ffffffffffffffda RBX: 00007fdef8c15fa0 RCX: 00007fdef899c799 [ 107.231356][ T5320] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 107.231364][ T5320] RBP: 00007fdef8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 107.231372][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.231379][ T5320] R13: 00007fdef8c16038 R14: 00007fdef8c15fa0 R15: 00007ffe93fcaa58 [ 107.231394][ T5320] [ 108.461373][ T5302] Bluetooth: hci0: command tx timeout [ 110.541755][ T5302] Bluetooth: hci0: command tx timeout [ 112.141331][ T4714] usb 5-1: unable to get BOS descriptor or descriptor too short [ 112.145425][ T4714] usb 5-1: no configurations [ 112.147966][ T4714] usb 5-1: can't read configurations, error -22 [ 112.281162][ T4714] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 112.411316][ T4714] usb 5-1: device descriptor read/64, error -32 [ 112.521488][ T4714] usb usb5-port1: attempt power cycle [ 112.863166][ T4714] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 112.891717][ T4714] usb 5-1: device descriptor read/8, error -32 [ 113.131271][ T4714] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 113.151672][ T4714] usb 5-1: device descriptor read/8, error -32 [ 113.261657][ T4714] usb usb5-port1: unable to enumerate USB device