program: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0) ioctl$SG_SCSI_RESET(r0, 0x5385, 0xffefff1f00000000) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x6b7, &(0x7f0000000580)="$eJzs3U1sHGf9B/Dvru21nf6VOm2S5o8qETVSQVgkTqykmEsDqlAkKlSVA+K4SpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfK4G49BRAYtG87Hr9mnVIvLb4fKKZeZ55XuZ5fjOz491VtAH+Z12ZzfjDNHJl9s3VIr/2YL6z9mD+Vi+dZDJJMxmvNmncThofJZdTLfn/YmfdXWOn43ywtPD2x5+ufVLlxuulrN/crd0Wl5rb7LxfLzmdZKzeDpp9bugDbOnv6qb+Wjs02m5glUZ/hkXAzvQCB6M2kaS7wbdPrpc81vD3LXBgNcrn5tZ7fiY5kmSq/jugeiru9qw7JO6PegAAAACwD57/efkW/uioxwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHSfX7/8WmXJq99Ok0er//36r3pU4fag9HPQAAAAAAAAAA2Luv/1/1/X7fZx/lUVZztJfvNsrv/F8pM8fL9XN5P3eymOWczWraWclKlnM+yUxZPlGuW6vtlZXl80O0vNBvmYGWF8aHm8H0fxcAAAAAAAAAADgMhvwWfdAPc2X9+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIGslYtSmX4730TJrjSaaStIp695M/V+k3/jbqMW/rl38YzHX/1S1tqfZwP8cEAAAAI/L8ozzKao728t1G+Z7/ZPm+fyrv53ZWspSVdLKYa+VnAdUnAM21B/OdtQfzt4pla79f+fuehlH2mOqzh+2PfKqsMZ3rWSr3nM3VvJtOrqVZtiyc6o1n+3H9oBhT4/XakCO7Vm+Lmf8iE3ua1ZNoDF1zpoxIMaIqInN12yIax3aPxB7PTu9IvdifT7P6FCjJ8acZ89Vq89qvq20xn5/uKSbP2uZIXBi4+k6upbFLJJLP/f4337rRuX1z8vqd2YMzpT2YHPgEbXMk5gci8dLu10QmUkfixmGNxKC5MhIn+vkr+Vq+mdmczltZzlK+k3ZWspjTeSPtjKVdX8/Femb3SF3ekHvrcSNpledlon4VHX5MK2nnlbLt0SzlG3k317KYS+W/Czmf1+oe0z/DJ4a465t7e6U98/nWeuZnSaaHa7cPioEd6z+dBq/6ufI+OLZhz/p98MLTfx6Nf6ZOFMf40cAZGb3NkTg/EIkXd4/Er8qXlTud2zeXb7TfG/J4r9bb4j76yYF6ShTXywvFySpzG6+OouzFzWVTVbxa9TcuVdnGJ25RdqJftvOdejEXs1DWPrltTxfKspe2LZsvy04NlG34e+ty9fcWAAfekS8caU3/dfpP0x9O/3j6xvSbU1+d/NLky61M/HHiy+NzY682X278Lh/me+vv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCd35+69m+1OZ3F5U6Lb7X5/h6JnmJhO0tuTPK7VRB5f59kkWknKxHgvMXzzsdxsTw5VubV+dl7/7a6Vu/UPtO0UqL1OMHkqgRqvL7K7927+o9vt7vtp2iYxscs1v57o1rYUdevmvZ8sG/V0NiX+2X16HY7uNQnYH+dWbr137s7de19cutV+Z/GdxdsLFy8uzC1cvPSXc9eXOotz1XrUowSehfWH/qhHAgAAAAAAAAAAAAxrP/5bwg6H/vc+TxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4pK7MTtaps3PFeu3BfKdYeul+xbJaM0nju0njo+RyqiUzA901djrOB0sLb3/86donVW68Xsr6zQ3tJp5kFvfrJaeTjNXb2lR/tff+yjFerft7opGVGv0ZFgE70wscjNp/AgAA///fLA2C") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x70000}]) [ 58.639573][ T5323] loop0: detected capacity change from 0 to 1024 [ 58.723349][ T5323] [ 58.724445][ T5323] ============================================ [ 58.726747][ T5323] WARNING: possible recursive locking detected [ 58.729174][ T5323] 6.14.0-rc7-syzkaller #0 Not tainted [ 58.731656][ T5323] -------------------------------------------- [ 58.734096][ T5323] syz.0.0/5323 is trying to acquire lock: [ 58.736168][ T5323] ffff8880366020b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.739912][ T5323] [ 58.739912][ T5323] but task is already holding lock: [ 58.743210][ T5323] ffff8880366020b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.747614][ T5323] [ 58.747614][ T5323] other info that might help us debug this: [ 58.750723][ T5323] Possible unsafe locking scenario: [ 58.750723][ T5323] [ 58.753468][ T5323] CPU0 [ 58.754651][ T5323] ---- [ 58.755907][ T5323] lock(&tree->tree_lock/1); [ 58.757710][ T5323] lock(&tree->tree_lock/1); [ 58.759436][ T5323] [ 58.759436][ T5323] *** DEADLOCK *** [ 58.759436][ T5323] [ 58.762819][ T5323] May be due to missing lock nesting notation [ 58.762819][ T5323] [ 58.766026][ T5323] 4 locks held by syz.0.0/5323: [ 58.767950][ T5323] #0: ffff888043f22b78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xe0/0x5e0 [ 58.772139][ T5323] #1: ffff888043f22988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 58.776028][ T5323] #2: ffff8880366020b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.780161][ T5323] #3: ffff888043f20108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 58.784295][ T5323] [ 58.784295][ T5323] stack backtrace: [ 58.786355][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller #0 [ 58.786368][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.786376][ T5323] Call Trace: [ 58.786383][ T5323] [ 58.786395][ T5323] dump_stack_lvl+0x241/0x360 [ 58.786416][ T5323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.786427][ T5323] ? __pfx__printk+0x10/0x10 [ 58.786442][ T5323] ? lockdep_unlock+0x16a/0x300 [ 58.786458][ T5323] print_deadlock_bug+0x483/0x620 [ 58.786471][ T5323] validate_chain+0x15e2/0x5920 [ 58.786484][ T5323] ? mark_lock+0x9a/0x360 [ 58.786494][ T5323] ? __lock_acquire+0x1397/0x2100 [ 58.786507][ T5323] ? __pfx_validate_chain+0x10/0x10 [ 58.786523][ T5323] ? mark_lock+0x9a/0x360 [ 58.786532][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.786546][ T5323] ? mark_lock+0x9a/0x360 [ 58.786555][ T5323] __lock_acquire+0x1397/0x2100 [ 58.786571][ T5323] lock_acquire+0x1ed/0x550 [ 58.786584][ T5323] ? hfsplus_find_init+0x14a/0x1c0 [ 58.786599][ T5323] ? __pfx_lock_acquire+0x10/0x10 [ 58.786612][ T5323] ? hfsplus_find_init+0x85/0x1c0 [ 58.786626][ T5323] ? hfsplus_file_extend+0x454/0x1b70 [ 58.786636][ T5323] ? __pfx___might_resched+0x10/0x10 [ 58.786648][ T5323] ? hfsplus_get_block+0x406/0x14f0 [ 58.786659][ T5323] ? __block_write_begin_int+0x692/0x19a0 [ 58.786674][ T5323] ? cont_write_begin+0x77f/0xb40 [ 58.786688][ T5323] ? hfsplus_write_begin+0x68/0xb0 [ 58.786698][ T5323] ? generic_perform_write+0x346/0x990 [ 58.786708][ T5323] ? generic_file_write_iter+0x10c/0x5e0 [ 58.786715][ T5323] ? aio_write+0x56b/0x7c0 [ 58.786723][ T5323] ? io_submit_one+0x8a7/0x18a0 [ 58.786731][ T5323] ? __se_sys_io_submit+0x171/0x2e0 [ 58.786738][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.786748][ T5323] __mutex_lock+0x19c/0x1010 [ 58.786818][ T5323] ? hfsplus_find_init+0x14a/0x1c0 [ 58.786837][ T5323] ? hfsplus_find_init+0x14a/0x1c0 [ 58.786853][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 58.786868][ T5323] ? rcu_is_watching+0x15/0xb0 [ 58.786876][ T5323] ? __kmalloc_noprof+0x2a5/0x4c0 [ 58.786886][ T5323] ? hfsplus_find_init+0x85/0x1c0 [ 58.786904][ T5323] hfsplus_find_init+0x14a/0x1c0 [ 58.786919][ T5323] hfsplus_file_extend+0x454/0x1b70 [ 58.786928][ T5323] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 58.786936][ T5323] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.786944][ T5323] ? trace_contention_end+0x3c/0x120 [ 58.786953][ T5323] ? __mutex_lock+0x397/0x1010 [ 58.786966][ T5323] ? hfsplus_brec_find+0x19d/0x570 [ 58.786978][ T5323] hfsplus_bmap_reserve+0x105/0x4e0 [ 58.786992][ T5323] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 58.787004][ T5323] __hfsplus_ext_cache_extent+0x84/0xe10 [ 58.787017][ T5323] hfsplus_file_extend+0x48c/0x1b70 [ 58.787031][ T5323] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 58.787043][ T5323] ? clean_bdev_aliases+0x6f8/0x890 [ 58.787057][ T5323] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 58.787070][ T5323] hfsplus_get_block+0x406/0x14f0 [ 58.787083][ T5323] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.787094][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 58.787136][ T5323] ? create_empty_buffers+0x471/0x530 [ 58.787153][ T5323] __block_write_begin_int+0x692/0x19a0 [ 58.787171][ T5323] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 58.787190][ T5323] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.787201][ T5323] ? __pfx___block_write_begin_int+0x10/0x10 [ 58.787221][ T5323] cont_write_begin+0x77f/0xb40 [ 58.787238][ T5323] ? __pfx_cont_write_begin+0x10/0x10 [ 58.787255][ T5323] ? __pfx_fault_in_readable+0x10/0x10 [ 58.787265][ T5323] ? __mark_inode_dirty+0x3db/0xe90 [ 58.787280][ T5323] hfsplus_write_begin+0x68/0xb0 [ 58.787289][ T5323] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.787301][ T5323] generic_perform_write+0x346/0x990 [ 58.787318][ T5323] ? __pfx_generic_perform_write+0x10/0x10 [ 58.787328][ T5323] ? file_update_time+0x2ab/0x450 [ 58.787339][ T5323] ? __generic_file_write_iter+0x102/0x230 [ 58.787351][ T5323] generic_file_write_iter+0x10c/0x5e0 [ 58.787361][ T5323] ? __lock_acquire+0x1397/0x2100 [ 58.787377][ T5323] ? __pfx_generic_file_write_iter+0x10/0x10 [ 58.787389][ T5323] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.787409][ T5323] ? aio_write+0x4ff/0x7c0 [ 58.787422][ T5323] ? __pfx_lock_release+0x10/0x10 [ 58.787436][ T5323] ? rcu_read_lock_any_held+0xb7/0x160 [ 58.787450][ T5323] ? rw_verify_area+0x243/0x630 [ 58.787462][ T5323] aio_write+0x56b/0x7c0 [ 58.787476][ T5323] ? __pfx_aio_write+0x10/0x10 [ 58.787491][ T5323] ? __might_fault+0xaa/0x120 [ 58.787501][ T5323] ? __pfx_lock_release+0x10/0x10 [ 58.787515][ T5323] ? __fget_files+0x2a/0x410 [ 58.787528][ T5323] ? __might_fault+0xaa/0x120 [ 58.787534][ T5323] io_submit_one+0x8a7/0x18a0 [ 58.787544][ T5323] ? __pfx_io_submit_one+0x10/0x10 [ 58.787552][ T5323] ? __might_fault+0xaa/0x120 [ 58.787558][ T5323] ? __pfx_lock_release+0x10/0x10 [ 58.787571][ T5323] ? __might_fault+0xaa/0x120 [ 58.787579][ T5323] ? __might_fault+0xc6/0x120 [ 58.787587][ T5323] __se_sys_io_submit+0x171/0x2e0 [ 58.787599][ T5323] ? __pfx___se_sys_io_submit+0x10/0x10 [ 58.787610][ T5323] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.787626][ T5323] ? do_syscall_64+0x100/0x230 [ 58.787641][ T5323] ? do_syscall_64+0xb6/0x230 [ 58.787653][ T5323] do_syscall_64+0xf3/0x230 [ 58.787666][ T5323] ? clear_bhb_loop+0x35/0x90 [ 58.787681][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.787693][ T5323] RIP: 0033:0x7f115d78d169 [ 58.787703][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.787712][ T5323] RSP: 002b:00007f115e631038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 58.787724][ T5323] RAX: ffffffffffffffda RBX: 00007f115d9a5fa0 RCX: 00007f115d78d169 [ 58.787730][ T5323] RDX: 0000400000000540 RSI: 000000000000003b RDI: 00007f115e5e7000 [ 58.787736][ T5323] RBP: 00007f115d80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 58.787741][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.787746][ T5323] R13: 0000000000000000 R14: 00007f115d9a5fa0 R15: 00007fff360fb4f8 [ 58.787754][ T5323] [ 59.015306][ T4666] Bluetooth: hci0: command tx timeout [ 61.061176][ T5309] Bluetooth: hci0: command tx timeout [ 63.140940][ T5309] Bluetooth: hci0: command tx timeout [ 65.220817][ T5309] Bluetooth: hci0: command tx timeout