program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x100c010, &(0x7f0000000080)=ANY=[], 0x85, 0x69c, &(0x7f0000000240)="$eJzs3c1vHGcdB/DvrJ21N5TETZM2QZUSNRIgoiZ2rBTMpQEhlEOFqnLgbCVOYsVJI8dFboUgvBSuPeQPKAffOCAk7hHlDLdKnHysQHDppea0aGZn1+t3O3Wydvh8ovE8M888z/yen+dlZ9fRBvi/de1Chh+nyLULby2Wy8tLk3PLS5N3u+UkI2mWS8NJGkmKL9rt9ifJ1XSmnClX1t0Va3u/f7xbejQ79c6nny9/VnWTbn/V9o2N7fbqYT3lXJKher5f/V3fqb/RnboreiMsE3a+mzgYtCNJ2pV/PyqX/5HkhV5Nn9ZmrXc88oFDoOjcNzcYS47WJ/pIunfFzj37UHs46AAAAABg/xXrn3ePr2Qlizk2oHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUKq//7+op0a3fC5F9/v/m/W61OWD5ezeNn/8tOIAAAAAAAAAgGfo7EpWsphj3eV2UX3m/1q1cLL6+ZW8lweZyXwuZjHTWchC5jORZKyvo+bi9MLC/ESvZfcvAza2vLxpy8s7BDpSz1v7MWoAAAAAAAAAOGy+aLfb227wq1xb/fwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgiIZ6syq6WS3PJbGcJLRJM1yu4fJ37vlw+rM68njQQcBAAAAX0J7l9sdX8lKFnOs166onvlfrp77R/Ne7mUhs1nIXGZyo3ovoPPU31hempxbXpq8W04b+/3ef/YUbtVjOu89bL7n09UWrdzMbLXmYq7n3RTFjTSqlqXT3Xg2j+uXZUzFmx1HNsTwz00ju1HPy5F/VM/XG97TWLe0xzdTxqqMHOllZLyOrczGi9tnYo+/nfV7mkijF+zJdXtaN4g1OX9zl/s7Ws/L8fx2i5wPxvpMXO47+l7ePufJN/78h5/cnrt35/bNBxcOzpB2Z6ied64rrY2ZmOzLxCvPcyY2GK8ycaq3fC0/zI9zIefyduYzm59mOguZybn8oCpN18dz0XfK92Wq0df11TU7enunSJr1Edr5Za2NKTvE9FrV9lhm86O8mxuZyRvVv8uZyLdzJVcy1fcbPrWLK21ji7O+/dVNgz//zbrQSvK7el65tU/X1ydW5vXFvrz2X3PHqrr+NatZOrGH+1E3S3/cPpThr9WFch+/ztrDZbDWZ2KiLxMvbZ+J31eXlQdz9+7M356+v7vdnfioLpTn0YcH6i5RHi8neq8L1h4dZd1LnbrqNUh/vpr1Jy6ddo0Ndad6dZ0z9eGWZ2qzfg23safLVd0rm9ZNVnWn++rWv96a670eOuwf/gA8tz5sJke/dbTZ+lfrb62PW79p3W69Nfr9ke+MvNrMkb8e+e7w+NDXG68Wf8rH+fnq8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDkHrz/wZ3pubmZ+XWFdrv9iy2qDnOh+3Vmz3CnZ15IBjXkZpKDkfn/ttvtek1xEOLZvtAujaT9hM3/kmSbbYZW1wwn2Wybs/s9rtE9t9rmouELoOC5cGnh7v1LD97/4PXZu9O3Zm7N3Ju6cmVqfOrKG5OXbs7OzYx3fg46SuBpWL3pDzoSAAAAAAAAAAAAYLee1v+gyOhu/rJw9FkOFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADikrl3I8OMUmRi/OF4uLy9NzpVTt7y65XCSRpLiZ0nxSXI1nSljfd0VW+3n0ezUO59+vvzZal/D3e0b27XbnYf1lHNJhur5fvV3/Uv3V/RGWCbsfDdxMGj/CwAA//+UEQqF") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pipe2$watch_queue(&(0x7f0000000080), 0x80) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000140)={0x1, 0x1, 0x4, 0x1a, @vifc_lcl_ifindex=r3, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x88, 0x3, @private=0xa010102, @multicast1}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000090000000060a010400000000000000000100000208000b400000000068000480340001800b000100657874686472000024000280080001400000000c0800034000d49a062628e4d09c0000220500020007000000300001800c000100626974776973650020000280040004800800014000000014080002400000001208000340000000040900010073797a3000000000140000001100010000000000000000000000000a"], 0x104}}, 0x0) pwrite64(r0, &(0x7f0000003a80)='\t', 0x1, 0x8000c61) [ 84.622926][ T5292] Bluetooth: hci0: command tx timeout [ 84.790506][ T5328] loop0: detected capacity change from 0 to 1024 [ 84.928628][ T5328] syz_tun: entered allmulticast mode [ 84.940307][ T5328] dvmrp1: entered allmulticast mode [ 84.994366][ T5328] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.032124][ T5328] [ 85.033314][ T5328] ============================================ [ 85.035866][ T5328] WARNING: possible recursive locking detected [ 85.038491][ T5328] syzkaller #0 Not tainted [ 85.040392][ T5328] -------------------------------------------- [ 85.042773][ T5328] syz.0.0/5328 is trying to acquire lock: [ 85.045111][ T5328] ffff8880124d3500 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 85.049479][ T5328] [ 85.049479][ T5328] but task is already holding lock: [ 85.052657][ T5328] ffff8880124d2800 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 85.057582][ T5328] [ 85.057582][ T5328] other info that might help us debug this: [ 85.060989][ T5328] Possible unsafe locking scenario: [ 85.060989][ T5328] [ 85.064313][ T5328] CPU0 [ 85.065849][ T5328] ---- [ 85.067332][ T5328] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.069697][ T5328] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.072246][ T5328] [ 85.072246][ T5328] *** DEADLOCK *** [ 85.072246][ T5328] [ 85.075837][ T5328] May be due to missing lock nesting notation [ 85.075837][ T5328] [ 85.079676][ T5328] 4 locks held by syz.0.0/5328: [ 85.082152][ T5328] #0: ffff888012e0c410 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.086101][ T5328] #1: ffff8880124d29e8 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 85.090737][ T5328] #2: ffff8880124d2800 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1db0 [ 85.095614][ T5328] #3: ffff888033be98f0 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 85.100240][ T5328] [ 85.100240][ T5328] stack backtrace: [ 85.102932][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.102947][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.102955][ T5328] Call Trace: [ 85.102964][ T5328] [ 85.102970][ T5328] dump_stack_lvl+0xe8/0x150 [ 85.102986][ T5328] print_deadlock_bug+0x279/0x290 [ 85.103007][ T5328] __lock_acquire+0x253f/0x2cf0 [ 85.103020][ T5328] ? lock_release+0x4b/0x3c0 [ 85.103035][ T5328] ? is_bpf_text_address+0x292/0x2b0 [ 85.103046][ T5328] ? is_bpf_text_address+0x26/0x2b0 [ 85.103057][ T5328] ? kernel_text_address+0xa5/0xe0 [ 85.103073][ T5328] ? hfsplus_get_block+0x39e/0x1670 [ 85.103086][ T5328] lock_acquire+0x106/0x350 [ 85.103096][ T5328] ? hfsplus_get_block+0x39e/0x1670 [ 85.103113][ T5328] __mutex_lock+0x1a3/0x1550 [ 85.103164][ T5328] ? hfsplus_get_block+0x39e/0x1670 [ 85.103181][ T5328] ? check_path+0x21/0x40 [ 85.103195][ T5328] ? hfsplus_get_block+0x39e/0x1670 [ 85.103210][ T5328] ? __pfx___mutex_lock+0x10/0x10 [ 85.103226][ T5328] hfsplus_get_block+0x39e/0x1670 [ 85.103244][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103260][ T5328] ? block_read_full_folio+0x672/0x830 [ 85.103276][ T5328] block_read_full_folio+0x29f/0x830 [ 85.103292][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103306][ T5328] filemap_read_folio+0x137/0x3b0 [ 85.103319][ T5328] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.103333][ T5328] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.103346][ T5328] ? filemap_add_folio+0x356/0x530 [ 85.103357][ T5328] do_read_cache_folio+0x358/0x590 [ 85.103369][ T5328] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.103381][ T5328] read_cache_page+0x5d/0x170 [ 85.103395][ T5328] hfsplus_block_allocate+0xf3/0xce0 [ 85.103407][ T5328] ? blk_mq_submit_bio+0x1b9f/0x29a0 [ 85.103455][ T5328] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 85.103468][ T5328] ? blk_mq_submit_bio+0x2fa/0x29a0 [ 85.103481][ T5328] hfsplus_file_extend+0xb21/0x1db0 [ 85.103501][ T5328] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.103516][ T5328] ? __submit_bio+0x28d/0x580 [ 85.103527][ T5328] ? __pfx___submit_bio+0x10/0x10 [ 85.103538][ T5328] ? bio_associate_blkg_from_css+0xb3/0xd10 [ 85.103554][ T5328] hfsplus_get_block+0x42c/0x1670 [ 85.103570][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103586][ T5328] __block_write_begin_int+0x6c6/0x1910 [ 85.103605][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103622][ T5328] ? __pfx___block_write_begin_int+0x10/0x10 [ 85.103638][ T5328] cont_write_begin+0x737/0xae0 [ 85.103656][ T5328] ? __pfx_cont_write_begin+0x10/0x10 [ 85.103671][ T5328] ? __lock_acquire+0x146e/0x2cf0 [ 85.103682][ T5328] ? set_normalized_timespec64+0xf0/0x1a0 [ 85.103695][ T5328] hfsplus_write_begin+0x66/0xb0 [ 85.103707][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103722][ T5328] cont_write_begin+0x2e7/0xae0 [ 85.103740][ T5328] ? __pfx_cont_write_begin+0x10/0x10 [ 85.103754][ T5328] ? inode_set_ctime_current+0x277/0xb40 [ 85.103770][ T5328] hfsplus_write_begin+0x66/0xb0 [ 85.103783][ T5328] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.103796][ T5328] generic_perform_write+0x2e2/0x8f0 [ 85.103813][ T5328] ? __pfx_generic_perform_write+0x10/0x10 [ 85.103828][ T5328] ? file_update_time_flags+0x400/0x4a0 [ 85.103842][ T5328] ? __generic_file_write_iter+0xf9/0x230 [ 85.103854][ T5328] ? generic_file_write_iter+0x136/0x680 [ 85.103869][ T5328] generic_file_write_iter+0x14a/0x680 [ 85.103884][ T5328] ? __pfx_generic_file_write_iter+0x10/0x10 [ 85.103896][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 85.103909][ T5328] ? __pfx_aa_file_perm+0x10/0x10 [ 85.103922][ T5328] ? __pfx_futex_wake_mark+0x10/0x10 [ 85.103939][ T5328] ? vfs_write+0x227/0xb90 [ 85.103952][ T5328] ? vfs_write+0x227/0xb90 [ 85.103968][ T5328] vfs_write+0x61d/0xb90 [ 85.103981][ T5328] ? __pfx_vfs_write+0x10/0x10 [ 85.103997][ T5328] ? __fget_files+0x2a/0x420 [ 85.104018][ T5328] __x64_sys_pwrite64+0x199/0x230 [ 85.104032][ T5328] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 85.104050][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.104062][ T5328] do_syscall_64+0x174/0x580 [ 85.104073][ T5328] ? clear_bhb_loop+0x40/0x90 [ 85.104086][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.104103][ T5328] RIP: 0033:0x7fb54079ce59 [ 85.104115][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.104125][ T5328] RSP: 002b:00007fb541590fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 85.104138][ T5328] RAX: ffffffffffffffda RBX: 00007fb540a15fa0 RCX: 00007fb54079ce59 [ 85.104146][ T5328] RDX: 0000000000000001 RSI: 0000200000003a80 RDI: 0000000000000004 [ 85.104154][ T5328] RBP: 00007fb540832d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.104161][ T5328] R10: 0000000008000c61 R11: 0000000000000246 R12: 0000000000000000 [ 85.104168][ T5328] R13: 00007fb540a16038 R14: 00007fb540a15fa0 R15: 00007fffe006fcd8 [ 85.104179][ T5328] [ 85.327675][ T5327] syz_tun: left allmulticast mode [ 85.329862][ T5327] dvmrp1: left allmulticast mode [ 86.636170][ T5292] Bluetooth: hci0: command tx timeout