program: syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYBLOB="23341129bfb4fcc388a80c49b4f4d96254cb9356759776b03b581050240d2d9a5cf3440e76c886f1e5c860656a3648101223fc288fc5274f0e609cfed0fc738d84eb544791dd1cb959421db9fbcb634df876aa2133fd62e245fb6b1ead07ca04772d78564af8f42015e5be557ab3bd60824768691005cbd3d295402693d934226595deeba1ff748b7dde9c617749aa38096ef667700a6b3668cb7296b024fbcf9f74e50bf0f834159f51737baac184f94dd13a9793b76946208f290637d8def94e5f56f1181da3eed500440f", @ANYRES32=0x0, @ANYRES16, @ANYRES16], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3ctqFEscx/Ff9UySycmQ07kcDriMBnQjMW7EzQSZhxAXomZGCA4RTQR1YxQXIqJ7976CryC4UXwBXbnyAUYQWqq65pqe7jhkujP4/YChp7uq61/pS9V/wJQA/LWu1L++u/jd/jNSSSXp5WUpkPRCKkv6T/9XHuzu7+y3mo2U87QjRxXJKK5pDhXa3m0m1a3I1/BC+6msav8+TEYURVvfJO0VHQgK5Z7+BIE0559Od7ySe2Tpno5Z7+CY45g2pq22Hmqx6DgAAMXy43/gx/mqn78HgbTuh/0TOf6Pq110ABMXpR7tG/9dlhUZe33/dYd6+Z5L4ezxoJMlHqXlmaHPs4rvrIEJpsnKKl0swfztnVbz/PbdViPQM9W8vmKr7mcjvnU7MqJdS8hNUxyh7yZ5Rrng+jBj+7A5Iv6VMVscm/loPpvrJtRbNbrzv3Jk7GVyVyoculJx/Bujz+h6GdpS8q+NWq0WDBRZco2c8i14Gb2sJGck6txRSxr8giDMitPVWh6qFffuQkatlbjW1vxArc3OpxG1Vgfasr3p3s2j25s089pcNWv6ofeq983/AxvfulKfzN5TY9bjocD9xuP+zCY3V3bnDA+NHAe6Vh3c0/0tzo0K/Wf6Ow1DnqQce6VbuqTFvUeP75RareZ9u3EzYeNetbtn5rmUWKaAjUC9PTroHZpT/EXkoVqdQSnPUM8d6wnt+yOzsH3KcungibkTitiof8r3RipiI6d3FArVu+iZRT/kEhDy5uZdcf7Xl69suMme/RGmzNMzJ2T+jJGdY3czoMpA/WW39c8fZXALozO4o+Zcp89KZ7q7fkUZLYY+zukQpU39LFPXF93g+38AAAAAAAAAAAAAAAAAAIBpk8d/Jyi6jwAAAAAAAAAAAAAAAAAAAAAATLvu+r/qrP8rv/5vJX393+G//F2KV3g5lvV/3+yK9X+ByfsdAAD//y0Iis0=") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x186) writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0x2c600, 0x0, 0xbe, 0x0, &(0x7f00000007c0)) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240)) syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x200000, &(0x7f00000000c0)=ANY=[], 0xbe, 0x1e7, &(0x7f0000000200)="$eJzs201u00AYxvHHcZyUUiifG1ZILGBDAoUNO3oALsCuak1V4QIibFohIa7Bjpv0JlyglWDHCqOZuJEdJs7YwflQ/j+pzavYj99JlLE9CwvA2rph/wcKFNkqTdMv9yW9fiWp/e/+V+c9QACNSfUnBbCuwp+LHgGAxbjYDe19wFkg/fj1ef88+4s87x8udlvDYkNSLt/xzX8N7Ou9tnSey3ezQ069f/k+zD9UMX+lYv/NsfzmlFwwyg8//6MHxbxZJ21JuibpuqRtSeabvinplqP/wVj/u57jB2Zhfn0910K/Sr5Xv7+ZPW+OkviJa2M4PR9l+afuzblTyJlzh06W3/Ec76T8s5r5bpbv7b9PDhzbWzWPC/ho2flf36zzP5R+p+Pz/6V/vl0+/wGUGJycvt1LkvjjwFxsbTF6Z1IR2aKbHaFsZ3N1zL2jkhZmMeLVnaL5YsOxKSr8WpouOv/tgCrbx1y+luEL9ywuZ23zvbaThZ2SAMxJ/9Pxh/7g5PTx0fHeYXwYv9t5/uJy2W3X5f2Jq3MAK654c+4jaHZAAAAAAAAAAAAAAACgstuS7tQJ+j7gBwAAAGBplD8G9K3iw0OR5HjcqqT91hw/KgAAAAAAAAAAAAAAAAAAALDy/gYAAP//R4hAiA==") rmdir(0x0) symlink(0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x125042, 0x7) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61) [ 75.544777][ T4667] Bluetooth: hci0: command tx timeout [ 75.586279][ T5319] loop0: detected capacity change from 0 to 64 [ 75.689177][ T5319] syz.0.0: attempt to access beyond end of device [ 75.689177][ T5319] loop0: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 75.696965][ T5319] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 75.700577][ T5319] syz.0.0: attempt to access beyond end of device [ 75.700577][ T5319] loop0: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 75.718728][ T5319] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 75.722605][ T5319] syz.0.0: attempt to access beyond end of device [ 75.722605][ T5319] loop0: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 75.739206][ T5319] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 75.749859][ T5319] syz.0.0: attempt to access beyond end of device [ 75.749859][ T5319] loop0: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 75.759963][ T5319] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 75.767212][ T5319] syz.0.0: attempt to access beyond end of device [ 75.767212][ T5319] loop0: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 75.782934][ T5319] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 75.788165][ T5319] syz.0.0: attempt to access beyond end of device [ 75.788165][ T5319] loop0: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 75.799416][ T5319] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 75.806566][ T5319] syz.0.0: attempt to access beyond end of device [ 75.806566][ T5319] loop0: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 75.817603][ T5319] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 75.825778][ T5319] syz.0.0: attempt to access beyond end of device [ 75.825778][ T5319] loop0: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 75.837853][ T5319] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 75.848137][ T5319] syz.0.0: attempt to access beyond end of device [ 75.848137][ T5319] loop0: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 76.389013][ T5320] [ 76.390224][ T5320] ============================================ [ 76.392860][ T5320] WARNING: possible recursive locking detected [ 76.395370][ T5320] syzkaller #0 Not tainted [ 76.397326][ T5320] -------------------------------------------- [ 76.399986][ T5320] syz.0.0/5320 is trying to acquire lock: [ 76.402498][ T5320] ffff88803e4c20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 76.406659][ T5320] [ 76.406659][ T5320] but task is already holding lock: [ 76.409806][ T5320] ffff88803e4c20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 76.413800][ T5320] [ 76.413800][ T5320] other info that might help us debug this: [ 76.417133][ T5320] Possible unsafe locking scenario: [ 76.417133][ T5320] [ 76.420418][ T5320] CPU0 [ 76.422042][ T5320] ---- [ 76.423522][ T5320] lock(&tree->tree_lock/1); [ 76.425573][ T5320] lock(&tree->tree_lock/1); [ 76.427686][ T5320] [ 76.427686][ T5320] *** DEADLOCK *** [ 76.427686][ T5320] [ 76.431248][ T5320] May be due to missing lock nesting notation [ 76.431248][ T5320] [ 76.434677][ T5320] 5 locks held by syz.0.0/5320: [ 76.436580][ T5320] #0: ffff88801e39c420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xb30 [ 76.440144][ T5320] #1: ffff888036059620 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 76.444622][ T5320] #2: ffff888036059478 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 76.448827][ T5320] #3: ffff88803e4c20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0 [ 76.453099][ T5320] #4: ffff8880360580f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0 [ 76.457932][ T5320] [ 76.457932][ T5320] stack backtrace: [ 76.460524][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.460541][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.460550][ T5320] Call Trace: [ 76.460557][ T5320] [ 76.460562][ T5320] dump_stack_lvl+0x189/0x250 [ 76.460583][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.460600][ T5320] ? __pfx__printk+0x10/0x10 [ 76.460611][ T5320] ? print_lock_name+0xde/0x100 [ 76.460622][ T5320] print_deadlock_bug+0x28b/0x2a0 [ 76.460638][ T5320] validate_chain+0x1a3f/0x2140 [ 76.460654][ T5320] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 76.460709][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.460727][ T5320] __lock_acquire+0xab9/0xd20 [ 76.460742][ T5320] ? hfs_find_init+0x18e/0x2c0 [ 76.460755][ T5320] lock_acquire+0x120/0x360 [ 76.460766][ T5320] ? hfs_find_init+0x18e/0x2c0 [ 76.460781][ T5320] ? generic_perform_write+0x2c5/0x900 [ 76.460792][ T5320] ? vfs_write+0x5c9/0xb30 [ 76.460806][ T5320] ? do_syscall_64+0xfa/0xfa0 [ 76.460824][ T5320] __mutex_lock+0x187/0x1350 [ 76.460841][ T5320] ? hfs_find_init+0x18e/0x2c0 [ 76.460857][ T5320] ? hfs_find_init+0x18e/0x2c0 [ 76.460871][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 76.460889][ T5320] ? rcu_is_watching+0x15/0xb0 [ 76.460903][ T5320] ? trace_kmalloc+0x1f/0xd0 [ 76.460916][ T5320] ? __kmalloc_noprof+0x432/0x7f0 [ 76.460930][ T5320] ? hfs_find_init+0xaa/0x2c0 [ 76.460943][ T5320] ? hfs_bnode_read_u8+0x85/0xd0 [ 76.460958][ T5320] hfs_find_init+0x18e/0x2c0 [ 76.460973][ T5320] hfs_extend_file+0x2f6/0x14c0 [ 76.461004][ T5320] ? hfs_ext_keycmp+0x1c7/0x320 [ 76.461027][ T5320] ? __pfx_hfs_extend_file+0x10/0x10 [ 76.461046][ T5320] ? __pfx___hfs_brec_find+0x10/0x10 [ 76.461063][ T5320] ? hfs_brec_find+0x3d9/0x510 [ 76.461079][ T5320] hfs_bmap_reserve+0x107/0x430 [ 76.461098][ T5320] __hfs_ext_write_extent+0x1fa/0x470 [ 76.461117][ T5320] __hfs_ext_cache_extent+0x6b/0x9b0 [ 76.461129][ T5320] ? hfs_find_init+0x18e/0x2c0 [ 76.461142][ T5320] hfs_extend_file+0x31e/0x14c0 [ 76.461159][ T5320] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 76.461179][ T5320] ? __pfx_hfs_extend_file+0x10/0x10 [ 76.461197][ T5320] ? clean_bdev_aliases+0x5c9/0x6b0 [ 76.461212][ T5320] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 76.461227][ T5320] hfs_get_block+0x3d7/0xbd0 [ 76.461246][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 76.461263][ T5320] ? do_raw_spin_unlock+0x4d/0x240 [ 76.461280][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 76.461295][ T5320] __block_write_begin_int+0x6b5/0x1900 [ 76.461308][ T5320] ? __pfx_workingset_update_node+0x10/0x10 [ 76.461324][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 76.461341][ T5320] ? __pfx___block_write_begin_int+0x10/0x10 [ 76.461356][ T5320] cont_write_begin+0x789/0xb50 [ 76.461373][ T5320] ? __pfx_cont_write_begin+0x10/0x10 [ 76.461385][ T5320] ? rcu_is_watching+0x15/0xb0 [ 76.461423][ T5320] ? __mark_inode_dirty+0x3d2/0xe10 [ 76.461436][ T5320] ? folio_unlock+0x101/0x160 [ 76.461452][ T5320] hfs_write_begin+0x66/0xb0 [ 76.461462][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 76.461480][ T5320] cont_write_begin+0x2fd/0xb50 [ 76.461495][ T5320] ? __pfx_cont_write_begin+0x10/0x10 [ 76.461511][ T5320] hfs_write_begin+0x66/0xb0 [ 76.461520][ T5320] ? __pfx_hfs_get_block+0x10/0x10 [ 76.461538][ T5320] generic_perform_write+0x2c5/0x900 [ 76.461553][ T5320] ? __pfx_generic_perform_write+0x10/0x10 [ 76.461564][ T5320] ? file_update_time+0x2da/0x490 [ 76.461578][ T5320] ? __generic_file_write_iter+0xf9/0x230 [ 76.461588][ T5320] ? generic_file_write_iter+0x103/0x550 [ 76.461599][ T5320] generic_file_write_iter+0x117/0x550 [ 76.461611][ T5320] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.461623][ T5320] ? __pfx___futex_wait+0x10/0x10 [ 76.461634][ T5320] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 76.461649][ T5320] ? __pfx_aa_file_perm+0x10/0x10 [ 76.461668][ T5320] ? __lock_acquire+0xab9/0xd20 [ 76.461681][ T5320] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.461696][ T5320] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.461714][ T5320] vfs_write+0x5c9/0xb30 [ 76.461729][ T5320] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.461741][ T5320] ? __pfx_vfs_write+0x10/0x10 [ 76.461756][ T5320] ? __fget_files+0x2a/0x420 [ 76.461775][ T5320] __x64_sys_pwrite64+0x193/0x220 [ 76.461791][ T5320] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 76.461808][ T5320] ? do_syscall_64+0xbe/0xfa0 [ 76.461824][ T5320] do_syscall_64+0xfa/0xfa0 [ 76.461839][ T5320] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.461855][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.461867][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 76.461880][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.461891][ T5320] RIP: 0033:0x7ff7cbf8f6c9 [ 76.461906][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.461915][ T5320] RSP: 002b:00007ff7cceec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 76.461929][ T5320] RAX: ffffffffffffffda RBX: 00007ff7cc1e6090 RCX: 00007ff7cbf8f6c9 [ 76.461937][ T5320] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000006 [ 76.461945][ T5320] RBP: 00007ff7cc011f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.461953][ T5320] R10: 0000000008080c61 R11: 0000000000000246 R12: 0000000000000000 [ 76.461960][ T5320] R13: 00007ff7cc1e6128 R14: 00007ff7cc1e6090 R15: 00007ffda9f52f08 [ 76.461972][ T5320] [ 76.694121][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.696853][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.553210][ T4667] Bluetooth: hci0: command tx timeout [ 79.632864][ T4667] Bluetooth: hci0: command tx timeout [ 80.673559][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.673559][ T1038] loop0: rw=1048577, sector=838, nr_sectors = 48 limit=64 [ 80.678934][ T1038] Buffer I/O error on dev loop0, logical block 886, lost async page write [ 80.682248][ T1038] Buffer I/O error on dev loop0, logical block 887, lost async page write [ 80.693090][ T1038] bio_check_eod: 96 callbacks suppressed [ 80.693105][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.693105][ T1038] loop0: rw=1048577, sector=8172, nr_sectors = 1 limit=64 [ 80.701569][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.701569][ T1038] loop0: rw=1048577, sector=8177, nr_sectors = 1 limit=64 [ 80.707538][ T1038] buffer_io_error: 85 callbacks suppressed [ 80.707549][ T1038] Buffer I/O error on dev loop0, logical block 8177, lost async page write [ 80.715116][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.715116][ T1038] loop0: rw=1048577, sector=8178, nr_sectors = 8 limit=64 [ 80.721493][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.721493][ T1038] loop0: rw=1048577, sector=8186, nr_sectors = 1 limit=64 [ 80.727724][ T1038] Buffer I/O error on dev loop0, logical block 8186, lost async page write [ 80.731503][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.731503][ T1038] loop0: rw=1048577, sector=8187, nr_sectors = 1 limit=64 [ 80.737606][ T1038] Buffer I/O error on dev loop0, logical block 8187, lost async page write [ 80.741416][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.741416][ T1038] loop0: rw=1048577, sector=8188, nr_sectors = 1 limit=64 [ 80.747569][ T1038] Buffer I/O error on dev loop0, logical block 8188, lost async page write [ 80.751283][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.751283][ T1038] loop0: rw=1048577, sector=8189, nr_sectors = 1 limit=64 [ 80.757877][ T1038] Buffer I/O error on dev loop0, logical block 8189, lost async page write [ 80.761696][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.761696][ T1038] loop0: rw=1048577, sector=8190, nr_sectors = 1 limit=64 [ 80.768418][ T1038] Buffer I/O error on dev loop0, logical block 8190, lost async page write [ 80.772107][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.772107][ T1038] loop0: rw=1048577, sector=8191, nr_sectors = 1 limit=64 [ 80.778235][ T1038] Buffer I/O error on dev loop0, logical block 8191, lost async page write [ 80.781991][ T1038] kworker/u4:5: attempt to access beyond end of device [ 80.781991][ T1038] loop0: rw=1048577, sector=8195, nr_sectors = 1 limit=64 [ 80.788278][ T1038] Buffer I/O error on dev loop0, logical block 8195, lost async page write [ 80.792012][ T1038] Buffer I/O error on dev loop0, logical block 8196, lost async page write [ 80.805198][ T1038] Buffer I/O error on dev loop0, logical block 20549, lost async page write [ 81.712973][ T4667] Bluetooth: hci0: command tx timeout