program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYBLOB="3b9e4db107e6a90e68784b69cbbadf760c539185390f9a52bdd521fd148e88ec008908543262812b723533c9e2ae4cb700e1e0d3e2aee9a469fb8d9b20b8292e201c5f92ca1746d5f90e0936185074928febfd93a516f5cb3235fbf518ff5a241a91efdc6138666e82cdd4b3f8194420843de68a1b668bc3c634b8f7d675a9849483fe143560ad32a8a3827b11a1dc23fa5af2a22c936bdb3e0e679606d01ad2ef", @ANYRESOCT, @ANYRESHEX=0x0, @ANYRES32=0x0, @ANYRES64, @ANYRES32, @ANYRESDEC, @ANYRES16, @ANYRESHEX=0x0, @ANYRES8, @ANYRES8], 0x1, 0x6fc, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFarXRVsObHjtAQiYkhLRW3JQm7VS91Sig6hhPTQs7DlWHgtB0kpsimN3Me9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdmZ1az2Kct6JP39xMx8M99jvvnPc3cRE8D/raWZqD6LJJZm3tpK53d35ptjO/MTeXYzImoRUYmotiaRrEWWezsf4tvpwrx80m89H64uvvP5V7tfRMREaXFSGkZV6160nQ8xHRFj+bTbeJ8WPzm8+o727vRtb1QHW5gG7FoRuPjLsVqFY9vvst3O+/g/2XhQ9aOct8A5lbTum13n81TEZETUi/v2dtyK/EHga237rDsAAAAAR9U4epWLe7EXW3HhJLoDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA31Sl9/8n+fv9s/R0JMX7/2tZiZbamXa2r+EvQvxsojV9dvKdAQAAAAAAAIAT9/pe7MVWXCjm95PsN/838t/9U9+K92MjVmI9rsdWLMdmbMZ6zEXEVKmh2tby5ub6XFYz4vKAmjfj0x41b/bv4+0XvM0AAAAAAAAAcM7Vh+Q/GO9e9vtYOvj9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzoMkYqw1yYbLRXoqKtWIqBfltiM+jYja2fb2SJJeC5+dfj8AAADgWOqds0l9hDoXP4i92IoLxfx+kn3mfyX7vFyP92MtNmM1NqMZK3E3/wydfuqv7O7MN3d35h+mQ3e7P/3ySF3PWozWdw+91/xqVqIR92I1W3I97kQS+5lK3sqruzvz6fRh7349TfuU/CQ3oDdjpfTddHT1kyz9585vEapH2sTnVOmbM5XljrcjMpv3La1xqYhA70gM3TvVgWuai0r7m5/Lg9fUO+ZPB6786eShUj2/uTl1kz0icTMq7T30yuBIRHz3Hx//+n5z7cH9exsz52OT+vpgaInDkZgvReLqNygSw81mkbjSnl+KX8SvYia+nHg71mM1fhPLsRkr00X+cn48p+OpwZH6bLI89/aoPWpdv3r1aTo6+hTT8fMstRxvZPv0QqxGEo8iYiVuZX83Y659NTjYw1dGOOsrI1xpS659L5u0wxSN/mX/NlqTL0p6rbtUimv5mjuV5R0saZSu2S/1jFJxrxv9flRS/U6eSFv4w8D7w2k7HIm50vHycr/jpRXSv+6n443m2oP1+8vvjbi+N/Npeh796dzcJSLfwy9FPd+4S9k4yc6p2Szv5fYdtjNetfwXl5ZKV96Vdr3WmfrLeBR3O87UH8ZCLMRi1C62nuGqMd51x0pbutpuqfManualT1rV9g875eetR9FsPQ8BcL5Nfn+y1vhv49+Njxp/bNxvvFX/2cSPJl6rxfi/xn9cnR17s/Ja8vf4KH538PkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4fhuPnzxYbjZX1nsnKr2zksG1lpv7xYvEBpTpSCT5q3JGKJxsPH6yP7TBwYmJvHtHqFUZLWJHThRvayxljUVEj8LTL26lXYlk+/D+qg/f0iIkh7OKlwiVCiddAU8rP3efizUfLBkfWmt/vGdUTzAxfYzq1c4lxQFbKnOkozdLNHrtrz4HW7PzOtH1kq2x4155gLN2Y/Phezc2Hj/5werD5XdX3l1ZG19YWJxdXLg1f+PeanNltjUuVTiVl98Cp6H8ONGWPr+9PrzugBe1AgAAAAAAAAAAACfoNP4X4qy3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh6W5qJ6rNIYm72+mw6v7sz30yHIn1QshoRlYhIfhuR/DPidrSGmCo1l/Rbz4eri+98/tXuFwdtVYvylYjtvvVGs50PMR0RY/n0RbV3Z3h7tYPkRI/spB2ZNGDXisDVj9dJOLb/BQAA///IV+NL") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) r1 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ftruncate(r1, 0x2088002) r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) pwritev2(r2, &(0x7f0000001100)=[{&(0x7f0000001080)="08e9", 0xff86}], 0x1, 0x7000, 0x0, 0x3) [ 85.128498][ T5294] Bluetooth: hci0: command tx timeout [ 85.348027][ T5320] loop0: detected capacity change from 0 to 1024 [ 85.402302][ T5320] [ 85.403357][ T5320] ============================================ [ 85.405726][ T5320] WARNING: possible recursive locking detected [ 85.408163][ T5320] syzkaller #0 Not tainted [ 85.409997][ T5320] -------------------------------------------- [ 85.412593][ T5320] syz.0.0/5320 is trying to acquire lock: [ 85.415125][ T5320] ffff888011c13708 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 85.420027][ T5320] [ 85.420027][ T5320] but task is already holding lock: [ 85.423189][ T5320] ffff88801212c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.427645][ T5320] [ 85.427645][ T5320] other info that might help us debug this: [ 85.431098][ T5320] Possible unsafe locking scenario: [ 85.431098][ T5320] [ 85.434216][ T5320] CPU0 [ 85.435641][ T5320] ---- [ 85.436910][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.439358][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.441823][ T5320] [ 85.441823][ T5320] *** DEADLOCK *** [ 85.441823][ T5320] [ 85.445076][ T5320] May be due to missing lock nesting notation [ 85.445076][ T5320] [ 85.448571][ T5320] 5 locks held by syz.0.0/5320: [ 85.450836][ T5320] #0: ffff8880412100e0 (&type->s_umount_key#51/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xab0 [ 85.455191][ T5320] #1: ffff8880430a6998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1246/0x1a00 [ 85.459432][ T5320] #2: ffff88801238c0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 85.463920][ T5320] #3: ffff88801212c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 85.468973][ T5320] #4: ffff8880430a68f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 85.473469][ T5320] [ 85.473469][ T5320] stack backtrace: [ 85.476166][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.476182][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.476189][ T5320] Call Trace: [ 85.476195][ T5320] [ 85.476201][ T5320] dump_stack_lvl+0xe8/0x150 [ 85.476220][ T5320] print_deadlock_bug+0x279/0x290 [ 85.476236][ T5320] __lock_acquire+0x253f/0x2cf0 [ 85.476252][ T5320] ? lock_release+0x4b/0x3d0 [ 85.476264][ T5320] ? lock_release+0x4b/0x3d0 [ 85.476276][ T5320] ? is_bpf_text_address+0x292/0x2b0 [ 85.476286][ T5320] ? is_bpf_text_address+0x26/0x2b0 [ 85.476297][ T5320] lock_acquire+0xf0/0x2e0 [ 85.476308][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 85.476324][ T5320] __mutex_lock+0x19f/0x1300 [ 85.476385][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 85.476399][ T5320] ? stack_trace_save+0xa9/0x100 [ 85.476410][ T5320] ? __pfx_stack_trace_save+0x10/0x10 [ 85.476420][ T5320] ? check_path+0x21/0x40 [ 85.476434][ T5320] ? check_noncircular+0xda/0x150 [ 85.476446][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 85.476459][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 85.476472][ T5320] ? __lock_acquire+0x146e/0x2cf0 [ 85.476487][ T5320] hfsplus_get_block+0x39e/0x1670 [ 85.476502][ T5320] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.476516][ T5320] ? block_read_full_folio+0x672/0x830 [ 85.476526][ T5320] block_read_full_folio+0x29f/0x830 [ 85.476536][ T5320] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.476549][ T5320] filemap_read_folio+0x137/0x3b0 [ 85.476559][ T5320] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.476571][ T5320] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.476579][ T5320] ? filemap_add_folio+0x356/0x530 [ 85.476590][ T5320] do_read_cache_folio+0x358/0x590 [ 85.476599][ T5320] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.476610][ T5320] read_cache_page+0x5d/0x170 [ 85.476619][ T5320] hfsplus_block_allocate+0xf3/0xce0 [ 85.476634][ T5320] hfsplus_file_extend+0xb2d/0x1d70 [ 85.476650][ T5320] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.476665][ T5320] ? hfsplus_find_init+0x168/0x2d0 [ 85.476676][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 85.476688][ T5320] ? rcu_is_watching+0x15/0xb0 [ 85.476708][ T5320] hfsplus_bmap_reserve+0x125/0x510 [ 85.476723][ T5320] hfsplus_create_cat+0x1e2/0x11b0 [ 85.476741][ T5320] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 85.476768][ T5320] ? do_raw_spin_unlock+0x4d/0x210 [ 85.476777][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 85.476787][ T5320] ? hfsplus_new_inode+0x6c3/0x900 [ 85.476800][ T5320] hfsplus_fill_super+0x12bb/0x1a00 [ 85.476813][ T5320] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.476823][ T5320] ? string+0x279/0x2b0 [ 85.476843][ T5320] ? snprintf+0xe8/0x140 [ 85.476857][ T5320] ? sb_set_blocksize+0x155/0x240 [ 85.476948][ T5320] ? setup_bdev_super+0x4c1/0x5b0 [ 85.476965][ T5320] get_tree_bdev_flags+0x431/0x4f0 [ 85.476981][ T5320] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.476993][ T5320] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 85.477010][ T5320] vfs_get_tree+0x92/0x2a0 [ 85.477025][ T5320] do_new_mount+0x341/0xd30 [ 85.477037][ T5320] ? apparmor_capable+0x126/0x170 [ 85.477050][ T5320] ? __pfx_do_new_mount+0x10/0x10 [ 85.477061][ T5320] ? ns_capable+0x89/0xe0 [ 85.477076][ T5320] ? user_path_at+0xd4/0x160 [ 85.477090][ T5320] __se_sys_mount+0x31d/0x420 [ 85.477105][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 85.477119][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 85.477131][ T5320] do_syscall_64+0x14d/0xf80 [ 85.477146][ T5320] ? trace_irq_disable+0x3b/0x150 [ 85.477161][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.477172][ T5320] ? clear_bhb_loop+0x40/0x90 [ 85.477183][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.477194][ T5320] RIP: 0033:0x7f77c2f9d8ca [ 85.477204][ T5320] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.477211][ T5320] RSP: 002b:00007f77c3dbee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.477225][ T5320] RAX: ffffffffffffffda RBX: 00007f77c3dbeee0 RCX: 00007f77c2f9d8ca [ 85.477233][ T5320] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00007f77c3dbeea0 [ 85.477241][ T5320] RBP: 0000200000000000 R08: 00007f77c3dbeee0 R09: 000000000080000c [ 85.477249][ T5320] R10: 000000000080000c R11: 0000000000000246 R12: 0000200000000180 [ 85.477257][ T5320] R13: 00007f77c3dbeea0 R14: 00000000000006fc R15: 00002000000002c0 [ 85.477268][ T5320] [ 85.706179][ T5320] hfsplus: b-tree write err: -5, ino 25