program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x69d, &(0x7f0000000c40)="$eJzs3UtsG2kdAPD/OLYTF9RNd9tuQSsRbaUFEdHmoXQJly0IoUis0Go5II5Wm26jutlV4kVphaC8D1w47J1FIjcuIHEvWs7Aaa8+roTEpacCEkbzsGM7j9ppEifa368af98332O++c+Mxx6rSgCfWiuzUX4cSazMvrmVllvbi43W9uL9Tj4iJiOiFFHOk0jWI5KPIm5GvsTn0pXFcMl+2/lgbfntj5+0PslL5WLJ2pcO6rfLjVJvaSpPHhVLzETERJE+h77xbg2MVx15uKS7h2nArnYCB+NWiYh2n+9f3qnZZfC6Gv66BU6tJLtv7r7mpyPOFffZ9HNAflfM79ln2qNxTwAAAABOwAu/zr7Cnx/3PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAsyf/+f5pkS6mTn4mk8/f/q8W6KPJn2uNxTwAAAAAAAAAARvftzw6s+MLTeBpbcb5TbifZb/6vZoWL2etn4v3YjNXYiGuxFfVoRjM2Yj4iprP6SvZa3ao3mxvzQ/Rc6PaMnp4LQ+5B7fA7DwAAAAAAAABnRXn0Lj+NlZ3f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DRIIibyJFsudvLTUSpHxFREVNN2jyL+3smfSr/9S2+p/d92Zlezxyc5JwAAABiTF57G09iK851yO8m+81/OvvdPxfuxHs1Yi2Y0YjVuZ88C8m/9pdb2YqO1vXg/XXaP+/V/jTSNbMTInz3sveUrWYta3Im1bM21uBXvRiNuRynrmbrSmc/e8/pJOqfkjcKQM7tdpOme/yYqI+3VYSRDt5zOIpLOKI/IXNE3jcaFgyMx4tHpbKkT+/kodZ/8XDzKmG/lyeu/z9N0f345UkyO22AkFnrOvsutSA6IRMQX//yH791trN+bvLM5e3p2aQSTPU/QBiOx2BOJlw8+J6ISRSTuntVI9JrLInGpW16Jb8V3YzZm4q3YiLX4QdSjGasxE9+MekxEvTif09fpgyN1s6/01rNmUs2OS6V4Fx1+Ts2ox6tZ3/OxFt+Jd+N2rMaN7N9CzMfrxYjRPcKXhrjqS6O90179Us/D5F9FRG24ficgndiF7t2p96yfy66DC31rdq6DF4/+flT+fJFJt/GzniMyfoORmO+JxEs9UUg/awxE4nfZ28pmY/3ext36e0Nu77UiTa+jX5yqu0R6vryYHqys1H92pHUvDdZN5fGqFr+45HX9d9y07lK3bv8rdSmWYjlrfXnPkRayupf3rFvM6q701PV93rqZf94C4NQ79+Vz1do/a3+rfVj7ee1u7c2pb0x+dfKValT+WvlaeW7itdIryZ/iw/jRzvd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8DYfPLxXbzRWNwYy7Xb7x/tUHWOmFhGdNRHP6lWJZ7c5nkw1IrJMuZMZbZzJoRpXd47OG398njlXRu0VcSSBKhcn2YOH9/7dbrdP/DDtkakccM7vZNqFXVXtobqPLfOf9tENOOY3JuDYXW/ef+/65oOHX1m7X39n9Z3V9eWlpeW55aUb/7h+Z62xOpe/jnuWwHHYuemPeyYAAAAAAAAAAADAsE7ivyXss+n/nfCuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfUyuxkkbs2l762thcb6dLJdxtmzUoRkfwwIvko4mbkS0z3DJfst50P1pbf/vhJ65O8VC6WrH2pr1/lMHvxqFhiJiImirTX1HOMd6tIq4eZWSbp7mEasKudwMG4/T8AAP//96kOFQ==") r0 = creat(&(0x7f0000000100)='./file1\x00', 0x30) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) [ 148.518878][ T5320] Bluetooth: hci0: command tx timeout [ 148.591682][ T5340] loop0: detected capacity change from 0 to 1024 [ 148.686776][ T5340] [ 148.687851][ T5340] ============================================ [ 148.690463][ T5340] WARNING: possible recursive locking detected [ 148.693153][ T5340] syzkaller #0 Not tainted [ 148.695168][ T5340] -------------------------------------------- [ 148.697901][ T5340] syz.0.0/5340 is trying to acquire lock: [ 148.700166][ T5340] ffff88800dcfc108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 148.704907][ T5340] [ 148.704907][ T5340] but task is already holding lock: [ 148.708602][ T5340] ffff88800dcfe988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 148.713107][ T5340] [ 148.713107][ T5340] other info that might help us debug this: [ 148.716452][ T5340] Possible unsafe locking scenario: [ 148.716452][ T5340] [ 148.719573][ T5340] CPU0 [ 148.721036][ T5340] ---- [ 148.722620][ T5340] lock(&HFSPLUS_I(inode)->extents_lock); [ 148.725070][ T5340] lock(&HFSPLUS_I(inode)->extents_lock); [ 148.727538][ T5340] [ 148.727538][ T5340] *** DEADLOCK *** [ 148.727538][ T5340] [ 148.730909][ T5340] May be due to missing lock nesting notation [ 148.730909][ T5340] [ 148.734675][ T5340] 3 locks held by syz.0.0/5340: [ 148.736792][ T5340] #0: ffff88800dcfeb78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 148.741416][ T5340] #1: ffff88800dcfe988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 148.746411][ T5340] #2: ffff88800dcec0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x290 [ 148.750457][ T5340] [ 148.750457][ T5340] stack backtrace: [ 148.753255][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 148.753270][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.753276][ T5340] Call Trace: [ 148.753285][ T5340] [ 148.753291][ T5340] dump_stack_lvl+0x189/0x250 [ 148.753308][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.753319][ T5340] ? __pfx__printk+0x10/0x10 [ 148.753330][ T5340] ? print_lock_name+0xde/0x100 [ 148.753342][ T5340] print_deadlock_bug+0x28b/0x2a0 [ 148.753356][ T5340] validate_chain+0x1a3f/0x2140 [ 148.753368][ T5340] ? __bfs+0x154/0x2a0 [ 148.753379][ T5340] ? check_path+0x21/0x40 [ 148.753389][ T5340] ? look_up_lock_class+0x74/0x170 [ 148.753445][ T5340] ? register_lock_class+0x51/0x320 [ 148.753457][ T5340] __lock_acquire+0xab9/0xd20 [ 148.753470][ T5340] ? hfsplus_file_extend+0x1f8/0x1ba0 [ 148.753482][ T5340] lock_acquire+0x120/0x360 [ 148.753491][ T5340] ? hfsplus_file_extend+0x1f8/0x1ba0 [ 148.753506][ T5340] __mutex_lock+0x187/0x1350 [ 148.753517][ T5340] ? hfsplus_file_extend+0x1f8/0x1ba0 [ 148.753529][ T5340] ? check_path+0x21/0x40 [ 148.753540][ T5340] ? check_noncircular+0xe0/0x160 [ 148.753551][ T5340] ? hfsplus_file_extend+0x1f8/0x1ba0 [ 148.753562][ T5340] ? lockdep_unlock+0x89/0x120 [ 148.753576][ T5340] ? __pfx___mutex_lock+0x10/0x10 [ 148.753592][ T5340] hfsplus_file_extend+0x1f8/0x1ba0 [ 148.753603][ T5340] ? __lock_acquire+0xab9/0xd20 [ 148.753614][ T5340] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 148.753625][ T5340] ? __pfx___mutex_trylock_common+0x10/0x10 [ 148.753635][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.753645][ T5340] ? rcu_is_watching+0x15/0xb0 [ 148.753656][ T5340] ? trace_contention_end+0x39/0x120 [ 148.753668][ T5340] ? __asan_memset+0x22/0x50 [ 148.753679][ T5340] ? hfsplus_brec_find+0x1a9/0x510 [ 148.753690][ T5340] hfsplus_bmap_reserve+0x122/0x500 [ 148.753707][ T5340] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 148.753720][ T5340] __hfsplus_ext_cache_extent+0x89/0xe30 [ 148.753733][ T5340] hfsplus_file_extend+0x437/0x1ba0 [ 148.753747][ T5340] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 148.753760][ T5340] ? clean_bdev_aliases+0x5c9/0x6b0 [ 148.753773][ T5340] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 148.753784][ T5340] hfsplus_get_block+0x40a/0x15d0 [ 148.753799][ T5340] ? __pfx_hfsplus_get_block+0x10/0x10 [ 148.753810][ T5340] ? do_raw_spin_unlock+0x4d/0x240 [ 148.753823][ T5340] ? _raw_spin_unlock+0x28/0x50 [ 148.753835][ T5340] __block_write_begin_int+0x6b2/0x1900 [ 148.753845][ T5340] ? __pfx_workingset_update_node+0x10/0x10 [ 148.753862][ T5340] ? __pfx_hfsplus_get_block+0x10/0x10 [ 148.753874][ T5340] ? __pfx___block_write_begin_int+0x10/0x10 [ 148.753887][ T5340] cont_write_begin+0x789/0xb50 [ 148.753900][ T5340] ? __pfx_cont_write_begin+0x10/0x10 [ 148.753910][ T5340] ? __pfx___might_resched+0x10/0x10 [ 148.753921][ T5340] ? __mark_inode_dirty+0x3d2/0xe10 [ 148.753930][ T5340] ? folio_unlock+0x101/0x160 [ 148.753942][ T5340] hfsplus_write_begin+0x66/0xb0 [ 148.753953][ T5340] ? __pfx_hfsplus_get_block+0x10/0x10 [ 148.753965][ T5340] generic_perform_write+0x2c5/0x900 [ 148.753981][ T5340] ? __pfx_generic_perform_write+0x10/0x10 [ 148.753996][ T5340] ? file_update_time+0x2da/0x490 [ 148.754007][ T5340] ? __generic_file_write_iter+0xf9/0x230 [ 148.754021][ T5340] ? generic_file_write_iter+0x103/0x550 [ 148.754030][ T5340] generic_file_write_iter+0x117/0x550 [ 148.754040][ T5340] ? __pfx_generic_file_write_iter+0x10/0x10 [ 148.754049][ T5340] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 148.754059][ T5340] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 148.754069][ T5340] ? __pfx_aa_file_perm+0x10/0x10 [ 148.754085][ T5340] ? __lock_acquire+0xab9/0xd20 [ 148.754098][ T5340] ? aio_write+0x4c4/0x7a0 [ 148.754109][ T5340] aio_write+0x532/0x7a0 [ 148.754120][ T5340] ? __pfx_aio_write+0x10/0x10 [ 148.754142][ T5340] ? __might_fault+0xb0/0x130 [ 148.754159][ T5340] io_submit_one+0x78b/0x1310 [ 148.754172][ T5340] ? __pfx_io_submit_one+0x10/0x10 [ 148.754183][ T5340] ? __might_fault+0xb0/0x130 [ 148.754196][ T5340] ? __might_fault+0xb0/0x130 [ 148.754207][ T5340] __se_sys_io_submit+0x185/0x2f0 [ 148.754222][ T5340] ? __pfx___se_sys_io_submit+0x10/0x10 [ 148.754237][ T5340] ? do_syscall_64+0xbe/0xfa0 [ 148.754251][ T5340] do_syscall_64+0xfa/0xfa0 [ 148.754261][ T5340] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.754272][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.754282][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 148.754292][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.754303][ T5340] RIP: 0033:0x7f0aaaf8eec9 [ 148.754314][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.754322][ T5340] RSP: 002b:00007f0aabdfc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 148.754333][ T5340] RAX: ffffffffffffffda RBX: 00007f0aab1e5fa0 RCX: 00007f0aaaf8eec9 [ 148.754340][ T5340] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f0aabdb2000 [ 148.754346][ T5340] RBP: 00007f0aab011f91 R08: 0000000000000000 R09: 0000000000000000 [ 148.754353][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.754359][ T5340] R13: 00007f0aab1e6038 R14: 00007f0aab1e5fa0 R15: 00007ffd72085e88 [ 148.754371][ T5340]