program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000100)=ANY=[], 0x1, 0x6b3, &(0x7f0000000e80)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ5wtRKnsbJJKsdFaYXABQQnJA79AwqSb5yQuAeFc3vr1cdKSFwiDlYvi2Z21l571/FL/Bb6+UTj55l9nnnmt795Zsa7zmoDfGnduJjm4xS5cfHNR+X6yvJ0e2V5+kTd3E5S1htJs1ukuJ8UT5KZsr3oW9JXDvho/vrbnz1d+XxkpFxr1kvVf+RZ2w0xpO9SvWSyHm9y6JajO93FUh1eXkpysy43GtvpWBs6lkm7UJdw5DoDlnaz+W7OW+CY6d2diu59c8BEcjLJeP17QOqrQ+PwIjwYu7rKAQAAwAvqkwdHHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8eOrv/y/qpVGXmUzR+/7/sd5jdf0Ymtlxz8cHGgcAAAAAAAAAHI5vrmY1j3Kqt94pqr/5n69WzuSLTvKVvJeHmctCLuVRZrOYxSzkSpKJvoHGHs0uLi5cWduyNHzLq0O3vLpNoOP7+awBAAAAAAAA4P/Ob9Na//s/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcB0Uy0i2q5UxdZiKNZtbbspR8mmTsqOPd2urmB4phvR4fSiwAAACwf8b3sM1XV7OaRznVW+8U1Wv+r1Wvl8fzXu5nMfNZTDtzuVW/hi5f9TdWlqfbK8vT98plcNwf/mdXYVQj1u8vDN/zuapHK7czXz1yKTerYG6lUW2ZC8m5XjzD4/qwjKn4QW2HkTXrtJY7+/NW7yLsi92+FTFRBpesZWSqjq3MxuluBorqjZpkcya2PTrNzXtKI6Nre7qSxto7P2cOIOcn67J8Pn840Jzv1lomGqkycbU3+8pz5tmZSL71j7/9/E77/t07tx9ePD5PaRsjWzy+eU5M92Xi1Rc6E81d9p+qMnF2bf1GfpKf5WIm81YWMp9fZjaLmUunbp+t53P5c+LZmZrZsPbWdpGM1cele8x2EtNkflzVZnO+2vZU5lPkQW5lLm9U/67mSr6ba7mW631H+OyWcVfPrTrrG5vP+t6R/ufQ4C98u660kvyxLgdysMlWs3O/dK/9ZV5P9+W1O+ufrvU63XceTPVl6eVedkaHDr6Xa2Pz63Wl3Mfv6vJ4mKgzUZ5AvbtEL7pXuploVveiwXn+l065Xdr37y7cmX13i/GXNq2/XpfltFr+xk6jHH4o9lc5X17OeH0l2Tg7yrZX1q4ypzfcVcfqv7h02xoDbWertqLonak/zYNqAgyeqWP173CDI12t2l4d2jZdtZ3ra9vw+1YepJ1bh5A/APbu019Ut+STY61/tz5pfdz6fetO683xH5343onXxjL6r9HvN6dGXm+8Vvw9H+fX66//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvXv4/gd3Z9vtuYXhlcbWTdtUtht5U6Wov9BnT/s6hpXxJBseqb7n6NDDaG0OY6DS+U1y6PnpfYng8D5/KivN7GTAme36fHjkM+G4V0YyfAIc8YUJOHCXF++9e/nh+x98Z/7e7Dtz78zdH7127frU9WtvTF++Pd+em+r+POoogYOwftM/6kgAAAAAAAAAAACAnRr2wYDzL233oZEdfcbD/ywEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9sWNi2k+TpHW1KWpcn1lebpdLr36es9mkkYjKX6VFE+SmXSXTPQNV+SvT9IZsp+P5q+//dnTlc/Xx2p2+yeNunwOS/WSySQjdblf49187vGK//aeYZmwLzqdzszzxQf7438BAAD//ygy+OA=") r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/wireless\x00') read$ptp(r0, &(0x7f0000000080)=""/254, 0xfe) read$midi(r0, &(0x7f0000000080)=""/220, 0xdc) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) mount(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x12024, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r4) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x8, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000610600000000000000a9f9d353836157e1e3803f00000000000000d99716db0e81ddfda255587846117ff5a726288df47d1d162e1f3dcf6eb5b3ce18e86bb097917456cb4e1b600d7ecc95475dc2255802d1ba5c2eebf66792aea38f6a5f944ad3cc87ee58c4cbc03b593449c9c496bbc083eb4cfe9b8106f2cda9bd6534437c932f9eacfff8ad4ee48b5f9c63d1f98fff0000000000000005afb38cb5a9a9a769bb6012f8962521ba27d134aac50757b34be1a266a36ef6c07c9f236e7af8"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) sendmsg$IEEE802154_LLSEC_ADD_DEV(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r5, @ANYRES16=r5, @ANYRES64=r0, @ANYRES32=r7, @ANYBLOB="06000600000000000600040000000000"], 0x50}, 0x4, 0x700000000000000}, 0x4) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x3, 0x0}, 0x8) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000400)={r0, 0xffffffffffffffff, 0x31, 0x0, @val=@target_btf_id=r8}, 0x14) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c00008f00cc9400c902d4b0502a2398075191acce83dce5433a81e1073ad0b5468b96aa84d1a39e3f89a44a19d918056cb39eda09305f2c7aa02f89d37a4d87acbc1e69fc344f82c2748c5af0aaf3194d31e8bcdcd53870d5feff3790818c75945d5e21595c66b530974d21aa0be15b0b23f16c8bc832b09da560f41d4745255b307b45441b99003f5f6b35066e36986469c00d262f27", @ANYRES16=r3, @ANYBLOB="01072bbd7000000000001900000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xa0002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="00032cbd7000fbdbdf2509000000050007001e000000050007000f00000005000800190000000500080006000000"], 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x800) [ 87.136130][ T10] cfg80211: failed to load regulatory.db [ 87.139293][ T5341] Bluetooth: hci0: command tx timeout [ 87.234872][ T5367] loop0: detected capacity change from 0 to 1024 [ 87.309549][ T5367] [ 87.310770][ T5367] ============================================ [ 87.313854][ T5367] WARNING: possible recursive locking detected [ 87.316672][ T5367] syzkaller #0 Not tainted [ 87.318565][ T5367] -------------------------------------------- [ 87.321180][ T5367] syz.0.0/5367 is trying to acquire lock: [ 87.323513][ T5367] ffff888052ec5548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 87.328541][ T5367] [ 87.328541][ T5367] but task is already holding lock: [ 87.331884][ T5367] ffff888052ec47c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 87.336423][ T5367] [ 87.336423][ T5367] other info that might help us debug this: [ 87.339905][ T5367] Possible unsafe locking scenario: [ 87.339905][ T5367] [ 87.343126][ T5367] CPU0 [ 87.344648][ T5367] ---- [ 87.346226][ T5367] lock(&HFSPLUS_I(inode)->extents_lock); [ 87.348901][ T5367] lock(&HFSPLUS_I(inode)->extents_lock); [ 87.351725][ T5367] [ 87.351725][ T5367] *** DEADLOCK *** [ 87.351725][ T5367] [ 87.355257][ T5367] May be due to missing lock nesting notation [ 87.355257][ T5367] [ 87.358728][ T5367] 5 locks held by syz.0.0/5367: [ 87.360817][ T5367] #0: ffff88803e4380e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 87.365412][ T5367] #1: ffff888043012998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1278/0x1b50 [ 87.370144][ T5367] #2: ffff88800077e0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 87.374596][ T5367] #3: ffff888052ec47c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 87.379726][ T5367] #4: ffff8880430128f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 87.384545][ T5367] [ 87.384545][ T5367] stack backtrace: [ 87.387334][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.387352][ T5367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.387360][ T5367] Call Trace: [ 87.387368][ T5367] [ 87.387374][ T5367] dump_stack_lvl+0x189/0x250 [ 87.387395][ T5367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.387408][ T5367] ? __pfx__printk+0x10/0x10 [ 87.387424][ T5367] ? print_lock_name+0xde/0x100 [ 87.387439][ T5367] print_deadlock_bug+0x28b/0x2a0 [ 87.387451][ T5367] validate_chain+0x1a3f/0x2140 [ 87.387463][ T5367] ? lock_release+0x4b/0x3e0 [ 87.387477][ T5367] ? look_up_lock_class+0x74/0x170 [ 87.387542][ T5367] ? register_lock_class+0x51/0x320 [ 87.387559][ T5367] __lock_acquire+0xab9/0xd20 [ 87.387576][ T5367] ? hfsplus_get_block+0x39e/0x1530 [ 87.387587][ T5367] lock_acquire+0x120/0x360 [ 87.387673][ T5367] ? hfsplus_get_block+0x39e/0x1530 [ 87.387688][ T5367] ? stack_trace_save+0x9c/0xe0 [ 87.387701][ T5367] ? __pfx_hlock_conflict+0x10/0x10 [ 87.387713][ T5367] __mutex_lock+0x187/0x1350 [ 87.387730][ T5367] ? hfsplus_get_block+0x39e/0x1530 [ 87.387742][ T5367] ? lockdep_unlock+0x89/0x120 [ 87.387755][ T5367] ? validate_chain+0x897/0x2140 [ 87.387767][ T5367] ? hfsplus_get_block+0x39e/0x1530 [ 87.387779][ T5367] ? __pfx___mutex_lock+0x10/0x10 [ 87.387799][ T5367] hfsplus_get_block+0x39e/0x1530 [ 87.387812][ T5367] ? __pfx_hfsplus_get_block+0x10/0x10 [ 87.387823][ T5367] ? do_raw_spin_unlock+0x4d/0x240 [ 87.387837][ T5367] ? _raw_spin_unlock+0x28/0x50 [ 87.387850][ T5367] block_read_full_folio+0x29f/0x830 [ 87.387863][ T5367] ? __pfx_hfsplus_get_block+0x10/0x10 [ 87.387874][ T5367] filemap_read_folio+0x114/0x380 [ 87.387889][ T5367] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 87.387898][ T5367] ? __pfx_filemap_read_folio+0x10/0x10 [ 87.387915][ T5367] ? filemap_add_folio+0x1af/0x270 [ 87.387929][ T5367] do_read_cache_folio+0x350/0x590 [ 87.387938][ T5367] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 87.387948][ T5367] read_cache_page+0x5d/0x170 [ 87.387958][ T5367] hfsplus_block_allocate+0xe4/0x9b0 [ 87.387977][ T5367] hfsplus_file_extend+0xae3/0x1990 [ 87.387992][ T5367] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 87.388005][ T5367] ? hfsplus_find_init+0x15a/0x1d0 [ 87.388019][ T5367] ? __pfx___mutex_lock+0x10/0x10 [ 87.388035][ T5367] hfsplus_bmap_reserve+0x122/0x500 [ 87.388050][ T5367] hfsplus_create_cat+0x183/0x1000 [ 87.388063][ T5367] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 87.388075][ T5367] ? do_raw_spin_unlock+0x4d/0x240 [ 87.388100][ T5367] ? do_raw_spin_unlock+0x4d/0x240 [ 87.388113][ T5367] ? _raw_spin_unlock+0x28/0x50 [ 87.388125][ T5367] ? hfsplus_new_inode+0x643/0x820 [ 87.388137][ T5367] hfsplus_fill_super+0x12f5/0x1b50 [ 87.388153][ T5367] ? __lock_acquire+0xab9/0xd20 [ 87.388171][ T5367] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 87.388186][ T5367] ? string+0x279/0x2b0 [ 87.388208][ T5367] ? snprintf+0xda/0x120 [ 87.388223][ T5367] ? sb_set_blocksize+0x104/0x180 [ 87.388239][ T5367] ? setup_bdev_super+0x4c1/0x5b0 [ 87.388256][ T5367] get_tree_bdev_flags+0x40b/0x4d0 [ 87.388269][ T5367] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 87.388285][ T5367] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 87.388300][ T5367] vfs_get_tree+0x92/0x2b0 [ 87.388313][ T5367] do_new_mount+0x2a2/0x9e0 [ 87.388329][ T5367] ? ns_capable+0x8a/0xf0 [ 87.388339][ T5367] ? __pfx_do_new_mount+0x10/0x10 [ 87.388360][ T5367] ? path_mount+0x61c/0xfe0 [ 87.388374][ T5367] ? user_path_at+0x44/0x60 [ 87.388386][ T5367] __se_sys_mount+0x317/0x410 [ 87.388402][ T5367] ? __pfx___se_sys_mount+0x10/0x10 [ 87.388416][ T5367] ? do_syscall_64+0xbe/0x3b0 [ 87.388436][ T5367] ? __x64_sys_mount+0x20/0xc0 [ 87.388450][ T5367] do_syscall_64+0xfa/0x3b0 [ 87.388464][ T5367] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.388477][ T5367] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.388489][ T5367] ? clear_bhb_loop+0x60/0xb0 [ 87.388502][ T5367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.388513][ T5367] RIP: 0033:0x7f837c99038a [ 87.388526][ T5367] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.388537][ T5367] RSP: 002b:00007f837d78ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.388552][ T5367] RAX: ffffffffffffffda RBX: 00007f837d78aef0 RCX: 00007f837c99038a [ 87.388562][ T5367] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00007f837d78aeb0 [ 87.388571][ T5367] RBP: 0000200000000000 R08: 00007f837d78aef0 R09: 0000000002000010 [ 87.388579][ T5367] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000000240 [ 87.388587][ T5367] R13: 00007f837d78aeb0 R14: 00000000000006b3 R15: 0000200000000100 [ 87.388599][ T5367] [ 87.660451][ T5367] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211