program: r0 = syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6dc, &(0x7f0000000300)="$eJzs3c9vHGf9B/D3rNeON98qX6dNaISKsBKpIEUkTqwUwgWDEMqhQlU59GwlTmN1k1SJi9IKgQsITkgc+gcUJN84ICTuQeHCpdx69bESEpeIQ9TLopmd9e5617+S+Aft6xWNn+eZZ+aZzzz7zDPedVYT4Evr2vk0H6bItfOvPyjL62vz7fW1+WN1dTtJmW8kzW6S4k5SPEoWyvpiYMlAOuKj5atvfvp4/bN0G+ol5fYT2+03xphtV+sls3V7s2P3nNztIVZ7Ub6Q5HqdDpvabVtDG5addq5O4dB1RqzuZfe9XLfAEdO7OxXd++aImeR4kun694DUs0Pj4CLcH3ua5QAAAOCQFc2n2++Tu887EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjiq5//X9RLo04zm6L3/P+p3ro6fwQt7HrLh/saBwAAAAAAAAAcjK8/yZM8yIleuVNUf/M/WxVO5fNO8n95L/ezlHu5kAdZzEpWci+XkswMNDT1YHFl5d6ljT1L4/e8PHbPywd1xgAAAAAAAADwhfTLtPp//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKOgSCa6SbWcqtPMpNFMvy6ryT+TTB12vHtQjFv58ODjAAAAgGcy/RT7/P+TPMmDnOiVO0X1nv8r1fvl6byXO1nJclbSzlJu1O+hy3f9jfW1+fb62vztcinLw+1+/997CmOqbmGiKo078pnq9Fq5meVqzYVcr4K5kUb32OeSM714BuIa8GEZU/G92i4ja9bdWh7s91t9ivBcjHwUMbnVlq1+cMlGj8zVsZW9cbLbA0U9KDb3xI6vTnOoNFO1OrlxpEtpbHzyc2of+vx4nZbn85t97fO92uiJRqqeuNwbfeU1s31PJN/465/eutW+886tm/fPH51T2sHEFus3j4n5gZ54+X+6J5p73H6u6onTG+Vr+VF+kvOZzRu5l+X8NItZyVI6df1iPZ7LnzPb99TCUOmNnSKZql+X7mu2m5hm88Mqt5iz1b4nspwid3MjS3mt+nc5l/LtXMmVXE1jY5I/vWXc1blVV31j81Xfe6X/Njb4c9+sM+Xs9tv+LLew3RlvNTqfl+kxR+uN+sepi9VU3Z+F+9fBi73eGT+TP83c2Pxq+of91eh99xCVI+9kedNqZuMu0YvupW5PNKt70eg4/0Onutm173Q6txbf3aL91U3lV+u0HFZrX9tp654tb6rPUXkdvpjpeiY5OTQ6yrqXNmaZgbpOfyx364bvuOV+p6u6ouhdqT/O3WoAjF6pU/XvcKMtXa7qXh5bN1/VnRmoG/p9K3fTzo0D6D8AnsY/3trIzuT4VOtfrU9aH7d+3brVen36B8e+c+yVqUz+ffK7zbmJVxuvFH/Jx/l5//0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9O6//8E7i+320r3xmcbWVUOZVjav2anlTZmifqDP3vY6upnpJENrquccHXgYrc1hjGQ6v0gOvH96DxEcv83vykxzZESNyywMrfnzaIMfjqwpX4jtx+Eurot9zDRysAedyPgBcIiTEnAgLq7cfvfi/fc/+Nby7cW3l95eujN55crVuatXXpu/eHO5vTTX/XnYUQL7oX/TH1y7/cMyj9yTewEAAAAAAAAAAOBLZtwXA86+sNOXRnb1HY+x/7MQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYK+unU/zYYpcmrswV5bX1+bb5dLL97dsJmk0kuJnSfEoWUh3ycxAc0X++CidMcf5aPnqm58+Xv+s31azu33SqNOtbV+bZLVeMptkok6fwVB715+5veI/vXMoO+zzTqez8GzxwfPx3wAAAP//btLyyQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000000)={0x0, 0x0, "6efb6d9f57014b9466abf0415b770809"}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xd) getdents(r1, &(0x7f0000000080)=""/167, 0xa7) [ 86.429181][ T5347] loop0: detected capacity change from 0 to 1024 [ 86.438339][ T5322] Bluetooth: hci0: command tx timeout [ 86.616947][ T5347] [ 86.618038][ T5347] ============================================ [ 86.620783][ T5347] WARNING: possible recursive locking detected [ 86.623401][ T5347] 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 Not tainted [ 86.626378][ T5347] -------------------------------------------- [ 86.629006][ T5347] syz.0.0/5347 is trying to acquire lock: [ 86.631412][ T5347] ffff88805339d548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 86.636009][ T5347] [ 86.636009][ T5347] but task is already holding lock: [ 86.639116][ T5347] ffff88805339c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 86.643822][ T5347] [ 86.643822][ T5347] other info that might help us debug this: [ 86.647334][ T5347] Possible unsafe locking scenario: [ 86.647334][ T5347] [ 86.650793][ T5347] CPU0 [ 86.652335][ T5347] ---- [ 86.653789][ T5347] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.656427][ T5347] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.659012][ T5347] [ 86.659012][ T5347] *** DEADLOCK *** [ 86.659012][ T5347] [ 86.662472][ T5347] May be due to missing lock nesting notation [ 86.662472][ T5347] [ 86.665603][ T5347] 5 locks held by syz.0.0/5347: [ 86.667613][ T5347] #0: ffff88800087a0e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 86.672228][ T5347] #1: ffff8880355b7198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1297/0x1b70 [ 86.676529][ T5347] #2: ffff88801ee2e0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 86.680433][ T5347] #3: ffff88805339c7c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 86.685364][ T5347] #4: ffff8880355b70f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 86.689710][ T5347] [ 86.689710][ T5347] stack backtrace: [ 86.692162][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) [ 86.692179][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.692188][ T5347] Call Trace: [ 86.692196][ T5347] [ 86.692202][ T5347] dump_stack_lvl+0x189/0x250 [ 86.692221][ T5347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.692237][ T5347] ? __pfx__printk+0x10/0x10 [ 86.692251][ T5347] ? __kasan_check_byte+0x12/0x40 [ 86.692294][ T5347] ? print_lock_name+0xde/0x100 [ 86.692310][ T5347] print_deadlock_bug+0x28b/0x2a0 [ 86.692325][ T5347] validate_chain+0x1a3f/0x2140 [ 86.692339][ T5347] ? is_bpf_text_address+0x292/0x2b0 [ 86.692351][ T5347] ? is_bpf_text_address+0x26/0x2b0 [ 86.692361][ T5347] ? look_up_lock_class+0x74/0x170 [ 86.692425][ T5347] ? register_lock_class+0x51/0x320 [ 86.692438][ T5347] __lock_acquire+0xab9/0xd20 [ 86.692451][ T5347] ? hfsplus_get_block+0x39e/0x1530 [ 86.692466][ T5347] lock_acquire+0x120/0x360 [ 86.692475][ T5347] ? hfsplus_get_block+0x39e/0x1530 [ 86.692490][ T5347] ? __pfx_hlock_conflict+0x10/0x10 [ 86.692504][ T5347] __mutex_lock+0x182/0xe80 [ 86.692514][ T5347] ? hfsplus_get_block+0x39e/0x1530 [ 86.692529][ T5347] ? lockdep_unlock+0x89/0x120 [ 86.692539][ T5347] ? validate_chain+0x897/0x2140 [ 86.692552][ T5347] ? hfsplus_get_block+0x39e/0x1530 [ 86.692567][ T5347] ? __pfx___mutex_lock+0x10/0x10 [ 86.692579][ T5347] hfsplus_get_block+0x39e/0x1530 [ 86.692591][ T5347] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.692601][ T5347] ? do_raw_spin_unlock+0x4d/0x240 [ 86.692610][ T5347] ? _raw_spin_unlock+0x28/0x50 [ 86.692620][ T5347] block_read_full_folio+0x29f/0x830 [ 86.692632][ T5347] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.692641][ T5347] filemap_read_folio+0x117/0x380 [ 86.692653][ T5347] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.692661][ T5347] ? __pfx_filemap_read_folio+0x10/0x10 [ 86.692672][ T5347] ? filemap_add_folio+0x1af/0x270 [ 86.692682][ T5347] do_read_cache_folio+0x350/0x590 [ 86.692696][ T5347] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.692710][ T5347] read_cache_page+0x5d/0x170 [ 86.692726][ T5347] hfsplus_block_allocate+0xe4/0x9b0 [ 86.692739][ T5347] ? __lock_acquire+0xab9/0xd20 [ 86.692752][ T5347] hfsplus_file_extend+0xae3/0x1990 [ 86.692768][ T5347] ? __pfx___mutex_trylock_common+0x10/0x10 [ 86.692782][ T5347] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 86.692791][ T5347] ? __mutex_lock+0x330/0xe80 [ 86.692798][ T5347] ? hfsplus_find_init+0x15a/0x1d0 [ 86.692806][ T5347] ? __pfx___mutex_lock+0x10/0x10 [ 86.692813][ T5347] hfsplus_bmap_reserve+0x122/0x500 [ 86.692823][ T5347] hfsplus_create_cat+0x183/0x1000 [ 86.692839][ T5347] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 86.692855][ T5347] ? do_raw_spin_unlock+0x4d/0x240 [ 86.692882][ T5347] ? do_raw_spin_unlock+0x4d/0x240 [ 86.692897][ T5347] ? _raw_spin_unlock+0x28/0x50 [ 86.692910][ T5347] ? hfsplus_new_inode+0x643/0x820 [ 86.692925][ T5347] hfsplus_fill_super+0x1314/0x1b70 [ 86.692949][ T5347] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.692961][ T5347] ? string+0x279/0x2b0 [ 86.692986][ T5347] ? snprintf+0xda/0x120 [ 86.693003][ T5347] ? sb_set_blocksize+0x104/0x180 [ 86.693016][ T5347] ? setup_bdev_super+0x4c1/0x5b0 [ 86.693030][ T5347] get_tree_bdev_flags+0x40e/0x4d0 [ 86.693044][ T5347] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.693060][ T5347] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 86.693071][ T5347] vfs_get_tree+0x92/0x2b0 [ 86.693080][ T5347] do_new_mount+0x24a/0xa40 [ 86.693091][ T5347] __se_sys_mount+0x317/0x410 [ 86.693100][ T5347] ? __pfx___se_sys_mount+0x10/0x10 [ 86.693110][ T5347] ? do_syscall_64+0xbe/0x3b0 [ 86.693120][ T5347] ? __x64_sys_mount+0x20/0xc0 [ 86.693133][ T5347] do_syscall_64+0xfa/0x3b0 [ 86.693143][ T5347] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.693159][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.693169][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 86.693181][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.693192][ T5347] RIP: 0033:0x7f6517d900ca [ 86.693205][ T5347] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.693212][ T5347] RSP: 002b:00007f6518ba7e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.693220][ T5347] RAX: ffffffffffffffda RBX: 00007f6518ba7ef0 RCX: 00007f6517d900ca [ 86.693226][ T5347] RDX: 0000200000000140 RSI: 0000200000002900 RDI: 00007f6518ba7eb0 [ 86.693232][ T5347] RBP: 0000200000000140 R08: 00007f6518ba7ef0 R09: 0000000002000010 [ 86.693237][ T5347] R10: 0000000002000010 R11: 0000000000000246 R12: 0000200000002900 [ 86.693245][ T5347] R13: 00007f6518ba7eb0 R14: 00000000000006dc R15: 00002000000022c0 [ 86.693254][ T5347]