program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000140)={[{@journal_async_commit}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000023c0)=ANY=[], 0x33, 0x70f, &(0x7f00000015c0)="$eJzs3UtsHHf9APDvrNfrtf9/UqdNk4Ii1WqkgrBI7BgXzIWAEPhQoaocOK8Sp7G8cSp7i5wIEYfHnUMPiFNAyq3igMo9EpypKqFKnHzgUAkpB3ryAcloZmd21/Z6H/Gz8PlEs/Ob+T3nO69dj6IJ4H/W4nSUn0YSi9NvbqTLW3//106mmV2PiEpElCLKzVkkq3nV/78cN9L5F9OV+brkoH7eX154+5PPtj5tLpVHOsonvep1Udm/ajOfYioiRvL5PtWDWvxwb/e72rt5UHsDa29hGrAr+Tzit4dqFQ5tZ5/NVt4Hf8s+e1Uf5rwFzqiked/cZzJiIr91jkVxV2x+Efhc2zztAQAAAMCwxoev8sJ2bMdGnDuO4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/q/z9/0k+lYr0VCTF+/8r+brI02dQ/xchfjzWnD89/sEAAAAAAAAAwLF7dTu2YyPONZfKsZNkz/xf63jG/3/xXqzHUqzF1diIWjSiEWsxGxGTHQ1VNmqNxtpsVjPiQo+a1+OjzpqViGg01q4fPMYbR7/ZAAAAAAAAAHCWVfvkr4zuX/fzWCye/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNmQRIw0Z9l0oUhPRqkcEdWi3GbERxFROd3RDiXptvLpyY8DAAAADqW6ezGpDlDnhYexHRtxrljeSbLf/Bez38vVeC9WoxHL0Yh6LMWt/Dd0+qu/tPVkrr71ZO5uOu3pePihZy1G828P3Xt+JSsxHrdjOVtzNW5GEjuZUt7KK1tP5tL53e7jevQsbfvbuR6jGelI34rHEZc+zNK/3r1x5eG3c3ilA3Mms9zRVkRm8rGlNc4XEegeie8869NruWdPs1Fq/eXnQu+eusf8UZcuR9vJiT2lnuOAOiZ7I3E9Sq09dLF3JCK+/KcPfnynvrpy5/b69NnZpK4e9i3RisTXi8tMOxKXBo7E+FEP/AiNDlhuJtv2l1vLi/H9+FFMx7Oxt2ItluMnUYtGLE0V+bX8eE4/J3tH6uOJzqW3+o0kPSenWtevbmOail1jiqn4XpaqxWvZPj0Xy5HEvYhYijeyf9djNjbzVtp7+OUBzvrSAFfaDle+ks1aYYoex8YfBmvyqKRxPd8R185r7mSW17mmHaUXu0apuNftvzZW+99Uyl/KE2kLv+h5fzhpeyMx2xGJlw46Xpoh/d1O+rleX11Zu1N7d8D+Xs/n6Xn0qzN1l6jEo3gxqvnGnc8+k+ycmsn2/kut/bw7XpX8iUtTaW/eD37Tqtc8U38Y9+LWrjP1GzEf87GQtXQxKz26746V5l1qtZTndVzs0m9a5daDnc7vW/eiHrci4vcnFEcAntPEVycq4/8c/+v44/Ffjt8Zf7P63bFvjl2uxOhfRr9Vnhl5vXQ5+WM8jp+1f/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPb/3+g5Vavb601j1R6p6V9K5Vq+8ULxLrUWZXIslflTNA4WT9/oOdvg32Tozlwxui1r+H7ethDFS4eI1az8Jj8WClNnWoTe6dSDb37q9q/31RvOVpgC6SfQFPKz/3mIue22tGjyUsh0tMHV2DxQHbkTX40fuPLzQr7yRd9tdIRHSr1efC0XzH1Vl+jx/Qx7XG3Xevrd9/8LXlu7V3lt5ZWh2dn1+YWZh/Y+7a7eX60kzzs6PCibz8FjgJnV8nWioR8Wr/um7+AAAAAAAAAAAAcDpO4v9CnPY2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ9vi9NRfhpJzJavzqTLW0/m6ulUpNslyxFRiojkpxHJnyNuRHOKyY7mkoP6eX954e1PPtv6tN1WOUaa5UsRmwfWG8xmPsVURNpsNj+q9m72b6/STo51yU5akUkDdqUIHJy2/wQAAP//z4LtkQ==") open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x4, 0x4, 0xc}, 0x48) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000000)=0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x4) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$getregset(0x4204, r1, 0x1, &(0x7f0000000000)={0x0}) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0x40286608, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="1738e34e556bc5df"}}) [ 88.813133][ T47] Bluetooth: hci0: command tx timeout [ 89.017931][ T5337] loop0: detected capacity change from 0 to 512 [ 89.055014][ T5337] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 89.084624][ T5337] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 89.088921][ T5337] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal [ 89.145539][ T5337] loop0: detected capacity change from 0 to 1024 [ 89.181702][ T5337] [ 89.182840][ T5337] ============================================ [ 89.185998][ T5337] WARNING: possible recursive locking detected [ 89.189214][ T5337] syzkaller #0 Not tainted [ 89.191616][ T5337] -------------------------------------------- [ 89.194735][ T5337] syz.0.0/5337 is trying to acquire lock: [ 89.197661][ T5337] ffff88803f789548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x398/0x1600 [ 89.202601][ T5337] [ 89.202601][ T5337] but task is already holding lock: [ 89.205558][ T5337] ffff88803f7887c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 89.209900][ T5337] [ 89.209900][ T5337] other info that might help us debug this: [ 89.213202][ T5337] Possible unsafe locking scenario: [ 89.213202][ T5337] [ 89.216355][ T5337] CPU0 [ 89.217894][ T5337] ---- [ 89.219365][ T5337] lock(&HFSPLUS_I(inode)->extents_lock); [ 89.221896][ T5337] lock(&HFSPLUS_I(inode)->extents_lock); [ 89.224461][ T5337] [ 89.224461][ T5337] *** DEADLOCK *** [ 89.224461][ T5337] [ 89.227958][ T5337] May be due to missing lock nesting notation [ 89.227958][ T5337] [ 89.231213][ T5337] 5 locks held by syz.0.0/5337: [ 89.233511][ T5337] #0: ffff888041d440e0 (&type->s_umount_key#51/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xaa0 [ 89.238019][ T5337] #1: ffff888011509998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1191/0x1930 [ 89.242415][ T5337] #2: ffff88804099a0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 89.246690][ T5337] #3: ffff88803f7887c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30 [ 89.251539][ T5337] #4: ffff8880115098f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xd10 [ 89.255902][ T5337] [ 89.255902][ T5337] stack backtrace: [ 89.258447][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.258465][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.258474][ T5337] Call Trace: [ 89.258482][ T5337] [ 89.258487][ T5337] dump_stack_lvl+0x189/0x250 [ 89.258508][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.258523][ T5337] ? __pfx__printk+0x10/0x10 [ 89.258544][ T5337] ? print_lock_name+0xde/0x100 [ 89.258561][ T5337] print_deadlock_bug+0x279/0x290 [ 89.258575][ T5337] __lock_acquire+0x2540/0x2cf0 [ 89.258587][ T5337] ? lock_release+0x4b/0x3b0 [ 89.258603][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 89.258616][ T5337] lock_acquire+0x117/0x340 [ 89.258626][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 89.258639][ T5337] __mutex_lock+0x187/0x1350 [ 89.258697][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 89.258710][ T5337] ? check_path+0x21/0x40 [ 89.258725][ T5337] ? hfsplus_get_block+0x398/0x1600 [ 89.258738][ T5337] ? __pfx___mutex_lock+0x10/0x10 [ 89.258751][ T5337] hfsplus_get_block+0x398/0x1600 [ 89.258766][ T5337] ? __pfx_hfsplus_get_block+0x10/0x10 [ 89.258778][ T5337] ? do_raw_spin_unlock+0x4d/0x240 [ 89.258793][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 89.258808][ T5337] ? block_read_full_folio+0x672/0x830 [ 89.258834][ T5337] block_read_full_folio+0x29f/0x830 [ 89.258853][ T5337] ? __pfx_hfsplus_get_block+0x10/0x10 [ 89.258866][ T5337] filemap_read_folio+0x117/0x380 [ 89.258886][ T5337] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 89.258897][ T5337] ? __pfx_filemap_read_folio+0x10/0x10 [ 89.258912][ T5337] ? filemap_add_folio+0x35f/0x540 [ 89.258926][ T5337] do_read_cache_folio+0x358/0x590 [ 89.258936][ T5337] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 89.258947][ T5337] read_cache_page+0x5d/0x170 [ 89.258958][ T5337] hfsplus_block_allocate+0xf3/0xd10 [ 89.258972][ T5337] hfsplus_file_extend+0xa9a/0x1c30 [ 89.258988][ T5337] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 89.259003][ T5337] ? hfsplus_find_init+0x168/0x2d0 [ 89.259022][ T5337] ? __pfx___mutex_lock+0x10/0x10 [ 89.259036][ T5337] hfsplus_bmap_reserve+0x125/0x510 [ 89.259054][ T5337] hfsplus_create_cat+0x188/0x10d0 [ 89.259070][ T5337] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 89.259084][ T5337] ? do_raw_spin_unlock+0x4d/0x240 [ 89.259109][ T5337] ? do_raw_spin_unlock+0x4d/0x240 [ 89.259125][ T5337] ? _raw_spin_unlock+0x28/0x50 [ 89.259140][ T5337] ? hfsplus_new_inode+0x643/0x820 [ 89.259154][ T5337] hfsplus_fill_super+0x120e/0x1930 [ 89.259168][ T5337] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 89.259179][ T5337] ? string+0x279/0x2b0 [ 89.259206][ T5337] ? snprintf+0xda/0x120 [ 89.259221][ T5337] ? sb_set_blocksize+0x155/0x240 [ 89.259234][ T5337] ? setup_bdev_super+0x4c1/0x5b0 [ 89.259254][ T5337] get_tree_bdev_flags+0x40e/0x4d0 [ 89.259271][ T5337] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 89.259282][ T5337] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 89.259301][ T5337] vfs_get_tree+0x92/0x2a0 [ 89.259316][ T5337] do_new_mount+0x302/0xa10 [ 89.259327][ T5337] ? apparmor_capable+0x137/0x1a0 [ 89.259343][ T5337] ? __pfx_do_new_mount+0x10/0x10 [ 89.259354][ T5337] ? ns_capable+0x8a/0xf0 [ 89.259366][ T5337] ? kmem_cache_free+0x197/0x620 [ 89.259385][ T5337] __se_sys_mount+0x313/0x410 [ 89.259399][ T5337] ? __pfx___se_sys_mount+0x10/0x10 [ 89.259413][ T5337] ? do_syscall_64+0xbe/0xf80 [ 89.259425][ T5337] ? __x64_sys_mount+0x20/0xc0 [ 89.259439][ T5337] do_syscall_64+0xfa/0xf80 [ 89.259451][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.259463][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 89.259474][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.259485][ T5337] RIP: 0033:0x7fe346f90f6a [ 89.259499][ T5337] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.259509][ T5337] RSP: 002b:00007fe347e9fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.259523][ T5337] RAX: ffffffffffffffda RBX: 00007fe347e9fef0 RCX: 00007fe346f90f6a [ 89.259533][ T5337] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 00007fe347e9feb0 [ 89.259541][ T5337] RBP: 0000200000000100 R08: 00007fe347e9fef0 R09: 0000000000000000 [ 89.259549][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040 [ 89.259556][ T5337] R13: 00007fe347e9feb0 R14: 000000000000070f R15: 00002000000023c0 [ 89.259569][ T5337]