program: syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xa}, "028298544872ff3a9aca"}}, 0xd) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x20) syncfs(r0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./bus\x00', 0x2000010, &(0x7f0000000200)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezU2m219Vf2yndkMMqbtSL5mu+5se2nJ8r7tYqcPLi0lu1OtBE3vta6BiOWjn6zUcuc4WK/tpvp/rFjhmek+novvc3GIqOVE/sKvfCeq7Q2N0ER6Ofd3lAAAA4Dn16b2jjgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeP/X3/xf10qjXmU7R+/7/id62On0Mze255sNDjQMAAAAAAAAARuPrT/IkyznZy3eK6m/+56rM6XzRSb6U9/MgC7mfi1nOfJaylPu5nGSqr6OJ5fmlpfuX11uWhre8MrTllVEdMQAAAAAAAAD8T/plWht//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOOgSMa6q2o5Xa8zlUYzG2VZSf6ZZOKo492HYtjGh6OPAwAAAJ7J5FO0+fKTPMlyTvbynaJ6zf+V6vXyZN7P3SxlMUtpZyE369fQ5av+xtrqbHttdfZOuZT5wX6//+99hTFR9zBW5Ybt+WxVo5VbWay2XMyNKpibaXT3fT4524unL64+H5UxFd+r7TGyZj2s5c5+v927CAdi8K2Ixg41WxvBJesjMlPHVrY81R2BonqjJtk8ErueneZAbqrqdXx9T5fTWH/n5/QhjPmJel0ez28Odcz3a30kGqlG4kpv9pXXzM4jkXzjr396+3b77ru3bz24cHwOaRdj22zfPCdm+0biled6JJr7rD9TjcSZ9fz1/Cg/yYVM583cz2J+mvksZSGduny+ns/lz6mdR2puIPfmbpFM1Oele872EtN0flil5nOuansyiylyLzezkNerf1dyOd/O1VzNtb4zfGbbuKtjq676xuarvnem/zY0+PPfrBPl3e23G3e5uZ2OeLvZeVC69/5yXE/1jWt31j9er3Wq7zqY6Rull3qjMz6086e5Nza/WifKffxql+fEaE3VI1FeQL2nRC+6l7sj0ayeRVvn+R86Zbu073Y6t+ff26b/lU351+p1Oa1Wv7Zb7Z7hp+JglfPlpUzWd5LB2VGWvbx+l+kr62zM5W7Z4BO3bHemKiuK3pX649yrJsDWK3Wi/h1ua09XqrJXhpbNVmVn+8oGft/KvbRzcwTjB8DT+Mfb68mpnJho/av1aeuT1q9bt1tvTP7ghe+88OpExv8+/t3mzNhrjVeLv+ST/Hzj9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD0Hnzw4bvz7fbC/eGJxvZFA4lWNm/ZredNiaL+Qp/9tTq+ickkA1uq7zkaeRitzWFsSXR+kYx8fHpfIji8zu/KRHPLjBqWmBvY8uetHX60zwiLvV0Xh5hoZLQ7HcvwCXCENyVgJC4t3Xnv0oMPPvzW4p35dxbeWbg7fvXqtZlrV1+fvXRrsb0w0/151FECh2HjoX/UkQAAAAAAAAAAAAB7NeyDAede3O1DI3v6jIf/WQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAciOsX0nyYIpdnLs6U+bXV2Xa59NIbNZtJGo2k+FlSPErm0l0y1dddkT8+SmfIfj5evPbWZ4/XPt/oq9mtnzTq9fZ2Lk2yUi+ZTjJWr5/BQH83nrm/4j+9YygH7ItOpzP3bPHBwfhvAAAA//+KzfUV") syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, &(0x7f0000000040)=0x1, 0x0, 0x4) [ 74.410823][ T5321] Bluetooth: hci0: command tx timeout [ 74.499156][ T5340] loop0: detected capacity change from 0 to 1024 [ 74.603499][ T5340] [ 74.604682][ T5340] ============================================ [ 74.607365][ T5340] WARNING: possible recursive locking detected [ 74.610242][ T5340] 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 Not tainted [ 74.613528][ T5340] -------------------------------------------- [ 74.616282][ T5340] syz.0.0/5340 is trying to acquire lock: [ 74.618935][ T5340] ffff888053811548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 74.623768][ T5340] [ 74.623768][ T5340] but task is already holding lock: [ 74.627191][ T5340] ffff8880538107c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 74.632290][ T5340] [ 74.632290][ T5340] other info that might help us debug this: [ 74.636121][ T5340] Possible unsafe locking scenario: [ 74.636121][ T5340] [ 74.639475][ T5340] CPU0 [ 74.641151][ T5340] ---- [ 74.642963][ T5340] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.645711][ T5340] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.648297][ T5340] [ 74.648297][ T5340] *** DEADLOCK *** [ 74.648297][ T5340] [ 74.651812][ T5340] May be due to missing lock nesting notation [ 74.651812][ T5340] [ 74.655429][ T5340] 5 locks held by syz.0.0/5340: [ 74.657628][ T5340] #0: ffff88803ec560e0 (&type->s_umount_key#49/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 74.662191][ T5340] #1: ffff888053800198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1297/0x1b70 [ 74.666726][ T5340] #2: ffff88803f3ba0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 74.670783][ T5340] #3: ffff8880538107c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 74.675958][ T5340] #4: ffff8880538000f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 74.680344][ T5340] [ 74.680344][ T5340] stack backtrace: [ 74.683034][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 74.683051][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.683059][ T5340] Call Trace: [ 74.683067][ T5340] [ 74.683074][ T5340] dump_stack_lvl+0x189/0x250 [ 74.683092][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.683106][ T5340] ? __pfx__printk+0x10/0x10 [ 74.683122][ T5340] ? __kasan_check_byte+0x12/0x40 [ 74.683134][ T5340] ? print_lock_name+0xde/0x100 [ 74.683144][ T5340] print_deadlock_bug+0x28b/0x2a0 [ 74.683155][ T5340] validate_chain+0x1a3f/0x2140 [ 74.683165][ T5340] ? is_bpf_text_address+0x292/0x2b0 [ 74.683173][ T5340] ? is_bpf_text_address+0x26/0x2b0 [ 74.683179][ T5340] ? look_up_lock_class+0x74/0x170 [ 74.683233][ T5340] ? register_lock_class+0x51/0x320 [ 74.683245][ T5340] __lock_acquire+0xab9/0xd20 [ 74.683258][ T5340] ? hfsplus_get_block+0x39e/0x1530 [ 74.683273][ T5340] lock_acquire+0x120/0x360 [ 74.683284][ T5340] ? hfsplus_get_block+0x39e/0x1530 [ 74.683298][ T5340] ? __pfx_hlock_conflict+0x10/0x10 [ 74.683311][ T5340] __mutex_lock+0x182/0xe80 [ 74.683321][ T5340] ? hfsplus_get_block+0x39e/0x1530 [ 74.683336][ T5340] ? lockdep_unlock+0x89/0x120 [ 74.683345][ T5340] ? validate_chain+0x897/0x2140 [ 74.683358][ T5340] ? hfsplus_get_block+0x39e/0x1530 [ 74.683373][ T5340] ? __pfx___mutex_lock+0x10/0x10 [ 74.683382][ T5340] hfsplus_get_block+0x39e/0x1530 [ 74.683394][ T5340] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.683403][ T5340] ? do_raw_spin_unlock+0x4d/0x240 [ 74.683415][ T5340] ? _raw_spin_unlock+0x28/0x50 [ 74.683428][ T5340] block_read_full_folio+0x29f/0x830 [ 74.683445][ T5340] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.683460][ T5340] filemap_read_folio+0x117/0x380 [ 74.683476][ T5340] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.683489][ T5340] ? __pfx_filemap_read_folio+0x10/0x10 [ 74.683505][ T5340] ? filemap_add_folio+0x1af/0x270 [ 74.683518][ T5340] do_read_cache_folio+0x350/0x590 [ 74.683534][ T5340] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 74.683547][ T5340] read_cache_page+0x5d/0x170 [ 74.683563][ T5340] hfsplus_block_allocate+0xe4/0x9b0 [ 74.683577][ T5340] ? __lock_acquire+0xab9/0xd20 [ 74.683619][ T5340] hfsplus_file_extend+0xae3/0x1990 [ 74.683639][ T5340] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.683657][ T5340] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.683673][ T5340] ? __mutex_lock+0x330/0xe80 [ 74.683683][ T5340] ? hfsplus_find_init+0x15a/0x1d0 [ 74.683701][ T5340] ? __pfx___mutex_lock+0x10/0x10 [ 74.683714][ T5340] hfsplus_bmap_reserve+0x122/0x500 [ 74.683728][ T5340] hfsplus_create_cat+0x183/0x1000 [ 74.683744][ T5340] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 74.683761][ T5340] ? do_raw_spin_unlock+0x4d/0x240 [ 74.683788][ T5340] ? do_raw_spin_unlock+0x4d/0x240 [ 74.683802][ T5340] ? _raw_spin_unlock+0x28/0x50 [ 74.683816][ T5340] ? hfsplus_new_inode+0x643/0x820 [ 74.683831][ T5340] hfsplus_fill_super+0x1314/0x1b70 [ 74.683856][ T5340] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.683870][ T5340] ? string+0x279/0x2b0 [ 74.683894][ T5340] ? snprintf+0xda/0x120 [ 74.683911][ T5340] ? sb_set_blocksize+0x104/0x180 [ 74.683923][ T5340] ? setup_bdev_super+0x4c1/0x5b0 [ 74.683938][ T5340] get_tree_bdev_flags+0x40e/0x4d0 [ 74.683952][ T5340] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 74.683966][ T5340] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.683979][ T5340] vfs_get_tree+0x92/0x2b0 [ 74.683992][ T5340] do_new_mount+0x24a/0xa40 [ 74.684008][ T5340] __se_sys_mount+0x317/0x410 [ 74.684023][ T5340] ? __pfx___se_sys_mount+0x10/0x10 [ 74.684038][ T5340] ? do_syscall_64+0xbe/0x3b0 [ 74.684046][ T5340] ? __x64_sys_mount+0x20/0xc0 [ 74.684059][ T5340] do_syscall_64+0xfa/0x3b0 [ 74.684068][ T5340] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.684083][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.684095][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 74.684108][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.684119][ T5340] RIP: 0033:0x7f79b15900ca [ 74.684132][ T5340] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.684141][ T5340] RSP: 002b:00007f79b24bae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.684155][ T5340] RAX: ffffffffffffffda RBX: 00007f79b24baef0 RCX: 00007f79b15900ca [ 74.684168][ T5340] RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007f79b24baeb0 [ 74.684176][ T5340] RBP: 0000200000000100 R08: 00007f79b24baef0 R09: 0000000002000010 [ 74.684226][ T5340] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900 [ 74.684236][ T5340] R13: 00007f79b24baeb0 R14: 00000000000006ca R15: 0000200000000200 [ 74.684248][ T5340]