program: syz_mount_image$hfsplus(&(0x7f00000004c0), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f0000000400)=ANY=[], 0x1, 0x701, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rHZXuyo4SuJHWgIRMaSlorZkIbfqpW4pRYdQQnroWdhyLLyWg6QU2ZRG6ePeQ049pQfdQg8lvRvac0Og5KpjoJBLTrqpzOzMalf71sNS0t/PzM438z3nP699yEwA/7eWZ6P8LJJYnn1zO13e211oTOwuTObZjYioRkQpotycRbIeWe6dfIpvpyvz8km/fj5cW3r786/2vsiayNoqF+WTQfV6qHav2smnmImIiXzerdKnxU+Odt/R3t2+7Y3qcAvTgF0vAhd/OVGrcGIHXXZaeR//J3sdVH2c8xa4oJLmfbPrfJ6OmIqIWkTzrr8TtyN/I/C1tnPeAwAAAIBx1cev8sJ+7Md2XDqL4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA3Vdvz/5P8+f5ZeiaS4vn/1axEU/VcB9vX8AchfjbZnD87+8EAAAAAAAAAwJl7bT/2YzsuFcsHSfab/+v57/6pb8V7sRmrsRE3YjtWYiu2YiPmI2K6raHq9srW1sZ8VjPi8oCat+LTHjVv9R/jnVPeZgAAAAAAAAC44GpD8h9Wutf9PpYPf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLIImYaM6y6XKRno5SOSJqRbmdiE8jonq+ox1L0mvls+c/DgAAADiRWudiUhuhzgvvx35sx6Vi+SDJPvNfzT4v1+K9WI+tWIutaMRq3Ms/Q6ef+kt7uwuNvd2FR+nU3e5Pvxxr6FmL0fzuoXfPr2Ql6nE/1rI1N+JuJHGQKeWtvLK3u5DOH/Ue1wfpmJKf5AaMZqItfS99ufZJlv5z57cI5bE28ZhKfXOms9xKKyJz+djSGi8WEegdiaF7p9yrp0qxPB+l1jc/lwf31DvmH/Tu9U6eO3WkVM9vbs7F0ZjfilJrD10dHImI7/7j418/aKw/fHB/c/bibFJP7w8tcTQSC22RuPYNisRwc1kkrrSWl+MX8auYjS8n34qNWIvfxEpsxepMkb+SH8/p6/TgSH021b701qgjal6/eo1pJjrGFDPx8yy1Eq9n+/RSrEUSjyNiNW5n/27FfOtqcLiHr4xw1pdGuNK2uf69bNYKU9T7l/3baE2elvRa92JbXNuvudNZXvuawyi91DNKxb1u9PtRm/J38kTawh8G3h+et6ORmG+LxMv9jpdmSP96kB5jm431hxsPVt4dsb838nl6Hv3pQt0l0j38UtTyjXsxe02yc2ouy3u5dYftjFc1/8WlqdSVd6VVr3mm/jIex72OM/WHsRiLsZSVvpqVrnTdsdK8a62WOq/haV76Tqvc+mGn/f3W42g03w8BcLFNfX+qWv9v/d/1j+p/rD+ov1n72eSPJl+tRuVflR+X5ybeKL2a/D0+it8dfv4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOb/PJ04crjcbqRu9EqXdWMrjWSuOgeJDYgDIdiSR/VM4IhZPNJ08PhjY4ODGZD2+MWqXRIjZ2onhaY1vWRET0KDxzep12JZKdo/urNnxLi5CM0EXSCng139K08rHHXPR8uKYytNZBpWdUzzAxc4Lq5c41xQHbVmasozdL1Hvtrz4HW2PIhWPipFce4Lzd3Hr07s3NJ09/sPZo5Z3Vd1bXK4uLS3NLi7cXbt5fa6zONV/bKjyXh98Cz0P724mWakS8NrzugAe1AgAAAAAAAAAAAGeo44/+i7/tPeX/C3HOmwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8zS3PRvlZJDE/d2MuXd7bXWikU5E+LFmOiFJEJL+NSP4ZcSeaU0y3NZf06+fDtaW3P/9q74vDtspF+VLETt96o9nJp5iJiIl8fjxJV3t3h7dXPUxO9mmzuYVpwK4Xgasde5BwOv4XAAD//6hh4SQ=") r0 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0xc1, 0x0, 0x7fffffffffffffff}]}) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000000)={0x4, r0}) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7) llistxattr(&(0x7f0000000340)='./bus\x00', 0x0, 0x0) [ 73.834494][ T4689] Bluetooth: hci0: command tx timeout [ 73.903053][ T5341] loop0: detected capacity change from 0 to 1024 [ 73.973687][ T5341] [ 73.974808][ T5341] ============================================ [ 73.977422][ T5341] WARNING: possible recursive locking detected [ 73.980077][ T5341] 6.16.0-rc6-syzkaller #0 Not tainted [ 73.982325][ T5341] -------------------------------------------- [ 73.984904][ T5341] syz.0.0/5341 is trying to acquire lock: [ 73.987202][ T5341] ffff88805388d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 73.991951][ T5341] [ 73.991951][ T5341] but task is already holding lock: [ 73.995027][ T5341] ffff88805388c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 73.999758][ T5341] [ 73.999758][ T5341] other info that might help us debug this: [ 74.003139][ T5341] Possible unsafe locking scenario: [ 74.003139][ T5341] [ 74.006648][ T5341] CPU0 [ 74.008099][ T5341] ---- [ 74.009608][ T5341] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.012038][ T5341] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.014575][ T5341] [ 74.014575][ T5341] *** DEADLOCK *** [ 74.014575][ T5341] [ 74.017942][ T5341] May be due to missing lock nesting notation [ 74.017942][ T5341] [ 74.021473][ T5341] 5 locks held by syz.0.0/5341: [ 74.023525][ T5341] #0: ffff8880339060e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 74.027790][ T5341] #1: ffff888053888998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1297/0x1b70 [ 74.031869][ T5341] #2: ffff8880365520b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 74.036058][ T5341] #3: ffff88805388c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 74.041106][ T5341] #4: ffff8880538888f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 74.045642][ T5341] [ 74.045642][ T5341] stack backtrace: [ 74.048154][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 74.048197][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.048205][ T5341] Call Trace: [ 74.048213][ T5341] [ 74.048219][ T5341] dump_stack_lvl+0x189/0x250 [ 74.048239][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.048252][ T5341] ? __pfx__printk+0x10/0x10 [ 74.048266][ T5341] ? __kasan_check_byte+0x12/0x40 [ 74.048279][ T5341] ? print_lock_name+0xde/0x100 [ 74.048293][ T5341] print_deadlock_bug+0x28b/0x2a0 [ 74.048308][ T5341] validate_chain+0x1a3f/0x2140 [ 74.048324][ T5341] ? is_bpf_text_address+0x292/0x2b0 [ 74.048337][ T5341] ? is_bpf_text_address+0x26/0x2b0 [ 74.048349][ T5341] ? look_up_lock_class+0x74/0x170 [ 74.048405][ T5341] ? register_lock_class+0x51/0x320 [ 74.048417][ T5341] __lock_acquire+0xab9/0xd20 [ 74.048431][ T5341] ? hfsplus_get_block+0x39e/0x1530 [ 74.048446][ T5341] lock_acquire+0x120/0x360 [ 74.048455][ T5341] ? hfsplus_get_block+0x39e/0x1530 [ 74.048469][ T5341] ? __pfx_hlock_conflict+0x10/0x10 [ 74.048485][ T5341] __mutex_lock+0x182/0xe80 [ 74.048495][ T5341] ? hfsplus_get_block+0x39e/0x1530 [ 74.048510][ T5341] ? lockdep_unlock+0x89/0x120 [ 74.048519][ T5341] ? validate_chain+0x897/0x2140 [ 74.048532][ T5341] ? hfsplus_get_block+0x39e/0x1530 [ 74.048553][ T5341] ? __pfx___mutex_lock+0x10/0x10 [ 74.048567][ T5341] hfsplus_get_block+0x39e/0x1530 [ 74.048587][ T5341] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.048601][ T5341] ? do_raw_spin_unlock+0x4d/0x240 [ 74.048615][ T5341] ? _raw_spin_unlock+0x28/0x50 [ 74.048631][ T5341] block_read_full_folio+0x29f/0x830 [ 74.048649][ T5341] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.048664][ T5341] filemap_read_folio+0x114/0x380 [ 74.048681][ T5341] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.048694][ T5341] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.048710][ T5341] ? filemap_add_folio+0x1af/0x270 [ 74.048723][ T5341] do_read_cache_folio+0x350/0x590 [ 74.048739][ T5341] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.048753][ T5341] read_cache_page+0x5d/0x170 [ 74.048769][ T5341] hfsplus_block_allocate+0xe4/0x9b0 [ 74.048782][ T5341] ? __lock_acquire+0xab9/0xd20 [ 74.048794][ T5341] hfsplus_file_extend+0xae3/0x1990 [ 74.048809][ T5341] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.048824][ T5341] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.048838][ T5341] ? __mutex_lock+0x330/0xe80 [ 74.048850][ T5341] ? hfsplus_find_init+0x15a/0x1d0 [ 74.048863][ T5341] ? __pfx___mutex_lock+0x10/0x10 [ 74.048876][ T5341] hfsplus_bmap_reserve+0x122/0x500 [ 74.048889][ T5341] hfsplus_create_cat+0x183/0x1000 [ 74.048906][ T5341] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 74.048922][ T5341] ? do_raw_spin_unlock+0x4d/0x240 [ 74.048948][ T5341] ? do_raw_spin_unlock+0x4d/0x240 [ 74.048962][ T5341] ? _raw_spin_unlock+0x28/0x50 [ 74.048974][ T5341] ? hfsplus_new_inode+0x643/0x820 [ 74.048987][ T5341] hfsplus_fill_super+0x1314/0x1b70 [ 74.049002][ T5341] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.049015][ T5341] ? string+0x279/0x2b0 [ 74.049038][ T5341] ? snprintf+0xda/0x120 [ 74.049053][ T5341] ? sb_set_blocksize+0x104/0x180 [ 74.049064][ T5341] ? setup_bdev_super+0x4c1/0x5b0 [ 74.049076][ T5341] get_tree_bdev_flags+0x40e/0x4d0 [ 74.049090][ T5341] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.049105][ T5341] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.049120][ T5341] vfs_get_tree+0x8f/0x2b0 [ 74.049134][ T5341] do_new_mount+0x24a/0xa40 [ 74.049151][ T5341] __se_sys_mount+0x317/0x410 [ 74.049167][ T5341] ? __pfx___se_sys_mount+0x10/0x10 [ 74.049184][ T5341] ? do_syscall_64+0xbe/0x3b0 [ 74.049195][ T5341] ? __x64_sys_mount+0x20/0xc0 [ 74.049210][ T5341] do_syscall_64+0xfa/0x3b0 [ 74.049221][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.049238][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.049252][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 74.049267][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.049280][ T5341] RIP: 0033:0x7fa5bdd900ca [ 74.049293][ T5341] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.049305][ T5341] RSP: 002b:00007fa5beb1ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.049319][ T5341] RAX: ffffffffffffffda RBX: 00007fa5beb1cef0 RCX: 00007fa5bdd900ca [ 74.049329][ T5341] RDX: 00002000000004c0 RSI: 0000200000000180 RDI: 00007fa5beb1ceb0 [ 74.049338][ T5341] RBP: 00002000000004c0 R08: 00007fa5beb1cef0 R09: 000000000080000c [ 74.049347][ T5341] R10: 000000000080000c R11: 0000000000000246 R12: 0000200000000180 [ 74.049356][ T5341] R13: 00007fa5beb1ceb0 R14: 0000000000000701 R15: 0000200000000400 [ 74.049368][ T5341] [ 74.323315][ T5341] kvm: kvm [5340]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x7fffffffffffffff