program: r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f0000000280)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRES16, @ANYRES64, @ANYRES32, @ANYRESDEC, @ANYRES16, @ANYRESHEX=0x0, @ANYRES8, @ANYRESHEX=0x0], 0x1, 0x6f2, &(0x7f00000004c0)="$eJzs3UtoHOcdAPD/rFarXRccOfEjLYGIGNJSUVuykFv1UreUokMoIT30LGw5Fl7LQVKKbEot93HvIaee0oNuoYeS3g3tuSFQctWxUMilJ922zOzs7qz2KeuZ9PcTM/PNfM/5z87MPhATwP+t5dkov4gklmff2U7X93YX6hO7C1N5dj0iKhFRiig3F5GsR5Z7J5/im+nGvHwyqJ+P1pbe++K/e/9O043O5qQwjavSu2knn2ImIibyZa/JAS1+erD7rvbuDmxvXJ09TAN2vRW4+NORWoUja/TYaed98q9sPqz6Yc5b4JxKmvfNnvN5OuJCRFQjmnf9nbgd+RuBr7Sdsx4AAAAAHFbt8FVe2Y/92I6LJzEcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+LoqPP8/yZ/vn6VnImk9/7+SlWiqnOlgBxr9IMTPp5rLFyc/GAAAAAAAAAA4cW/ux35sx8XWeiPJfvN/K//dP/WN+DCexWpsxI3YjpXYiq3YiPmImC40VNle2dramM9qRlxu19zsqXkrPutT89bgMd455n0GAAAAAAAAgHOuOiL/4WTvtt/Gcuf3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA+SiInmIpsut9LTUSpHRLVVbifis4ionO1oR0oGpNtenN5YAAAA4FhUu1eT6hh1XnkW+7EdF1vrjST7zH81+7xcjQ9jPbZiLbaiHqtxL/8MnX7qL+3tLtT3dhcepVNvuz/+8lBDz1qM5ncP/Xt+PStRi/uxlm25EXcjiUamlLfy+t7uQrp81H9cz9MxJT/KDRnNRCF9L51d+zRL/7H7W4TyoXbxJZUG5kxnuZPtiMzlY0trXGpFoH8kRh6d8tCe5qPU/ubn8vCe+sf8+dDOn184UKrvNzdn4mAkbkWpfYSuDo9ExLf/9skvH9TXHz64vzl7fnapr2cjSxyMxEIhEte+RpEYbS6LxJX2+nL8LH4Rs/Hl1LuxEWvxq1iJrVidaeWv5K/ndD49PFKfXyiuvTvuiJrXr35jmomuMcVM/DRLrcRb2TG9GGuRxOOIWI3b2d+tmG9fDTpH+MoYZ31pjCttwfXvZIt2mKI2uOxfxmvyuKTXukuFuBavudNZXnFLJ0qv9o1S6143/v2ooPytPJG28Luh94fTdjAS84VIvDbo9dIM6Z8b6Xyzvv5w48HKB2P293a+TM+jPwy6S5zJDxRpp69GNd+5S9k8yc6puSzvtfYdtjtelfwXl6ZST96Vdr3mmfrzeBz3us7U78diLMZSVvpqVnqy546V5l1rt9R9DU/z0nda5Xbciu+3Hke9+X4IgPPtwncvVGr/qf2z9nHt97UHtXeqP5n6wdQblZj8x+QPy3MTb5feSP4aH8dvOp//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAl7f55OnDlXp9daN/otQ/Kxlea6XeaD1IbEiZrkSSPypnjMLJ5pOnjZENDk9M5cM7RK3SeBE7dKL1tMZC1kRE9Ck8c3yd9iSSnYPHqzp6T1shGaOLpCfgaeWXHnOr586WyZG1GpN9o3qCiZkjVC93b2m9YAtlDvXqzRK1fsdrwIutPuLCMXHUKw9w1m5uPfrg5uaTp99be7Ty/ur7q+uTi4tLc0uLtxdu3l+rr84154UKp/LwW+A0FN9OtFUi4s3RdYc8qBUAAAAAAAAAAAA4QafxvxBnvY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAV9vybJRfRBLzczfm0vW93YV6OrXSnZLliChFRPLriOTvEXeiOcV0oblkUD8frS2990Wt2Fa5Vb4UsTOw3nh28ilmImIiXx5Xe3dHt1fpJKf6ZCftyKQBu94KXPVog4Qj+18AAAD//3R35Rc=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) ftruncate(r2, 0x8ca) r3 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000340)=0x20) ioctl$FBIOPUTCMAP(r3, 0x4605, &(0x7f0000000240)={0x4, 0x1, &(0x7f0000000080)=[0xf7], &(0x7f00000000c0)=[0x0, 0x0, 0x7], &(0x7f0000000100)=[0xc, 0xff01, 0x2, 0x4, 0x5, 0xfff, 0x40], &(0x7f0000000200)=[0x8, 0x0, 0x0, 0x8001]}) ftruncate(r3, 0x2088002) r4 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) pwritev2(r4, &(0x7f0000001100)=[{&(0x7f0000001080)="08e9", 0xff86}], 0x1, 0x7000, 0x0, 0x3) [ 86.662219][ T5299] Bluetooth: hci0: command tx timeout [ 86.845291][ T5320] loop0: detected capacity change from 0 to 1024 [ 86.901675][ T5320] [ 86.902792][ T5320] ============================================ [ 86.905471][ T5320] WARNING: possible recursive locking detected [ 86.908149][ T5320] syzkaller #0 Not tainted [ 86.909836][ T5320] -------------------------------------------- [ 86.911874][ T5320] syz.0.0/5320 is trying to acquire lock: [ 86.914061][ T5320] ffff8880419d9548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 [ 86.918521][ T5320] [ 86.918521][ T5320] but task is already holding lock: [ 86.921742][ T5320] ffff8880419d87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 86.926198][ T5320] [ 86.926198][ T5320] other info that might help us debug this: [ 86.929535][ T5320] Possible unsafe locking scenario: [ 86.929535][ T5320] [ 86.932696][ T5320] CPU0 [ 86.934107][ T5320] ---- [ 86.935516][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.938071][ T5320] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.940610][ T5320] [ 86.940610][ T5320] *** DEADLOCK *** [ 86.940610][ T5320] [ 86.944104][ T5320] May be due to missing lock nesting notation [ 86.944104][ T5320] [ 86.947681][ T5320] 5 locks held by syz.0.0/5320: [ 86.949698][ T5320] #0: ffff88801f88c0e0 (&type->s_umount_key#50/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xaa0 [ 86.954096][ T5320] #1: ffff888042248998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x11ca/0x19e0 [ 86.958250][ T5320] #2: ffff88803703e0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 86.962172][ T5320] #3: ffff8880419d87c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 86.966835][ T5320] #4: ffff8880422488f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0xa7/0xce0 [ 86.971364][ T5320] [ 86.971364][ T5320] stack backtrace: [ 86.973929][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.973947][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.973954][ T5320] Call Trace: [ 86.973963][ T5320] [ 86.973970][ T5320] dump_stack_lvl+0xe8/0x150 [ 86.973988][ T5320] print_deadlock_bug+0x279/0x290 [ 86.974001][ T5320] __lock_acquire+0x253f/0x2cf0 [ 86.974018][ T5320] ? lock_release+0x4b/0x3a0 [ 86.974035][ T5320] ? is_bpf_text_address+0x292/0x2b0 [ 86.974048][ T5320] ? is_bpf_text_address+0x26/0x2b0 [ 86.974060][ T5320] ? kernel_text_address+0xa5/0xe0 [ 86.974074][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 86.974090][ T5320] lock_acquire+0x106/0x330 [ 86.974105][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 86.974123][ T5320] __mutex_lock+0x19f/0x1300 [ 86.974195][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 86.974213][ T5320] ? check_path+0x21/0x40 [ 86.974225][ T5320] ? hfsplus_get_block+0x39e/0x1670 [ 86.974241][ T5320] ? add_lock_to_list+0xc7/0x100 [ 86.974252][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 86.974267][ T5320] hfsplus_get_block+0x39e/0x1670 [ 86.974285][ T5320] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.974302][ T5320] ? block_read_full_folio+0x672/0x830 [ 86.974317][ T5320] block_read_full_folio+0x29f/0x830 [ 86.974332][ T5320] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.974349][ T5320] filemap_read_folio+0x137/0x3b0 [ 86.974359][ T5320] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.974375][ T5320] ? __pfx_filemap_read_folio+0x10/0x10 [ 86.974385][ T5320] ? filemap_add_folio+0x356/0x530 [ 86.974399][ T5320] do_read_cache_folio+0x358/0x590 [ 86.974410][ T5320] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.974425][ T5320] read_cache_page+0x5d/0x170 [ 86.974435][ T5320] hfsplus_block_allocate+0xf3/0xce0 [ 86.974451][ T5320] hfsplus_file_extend+0xb2d/0x1d70 [ 86.974469][ T5320] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 86.974486][ T5320] ? hfsplus_find_init+0x168/0x2d0 [ 86.974499][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 86.974512][ T5320] hfsplus_bmap_reserve+0x125/0x510 [ 86.974526][ T5320] hfsplus_create_cat+0x1e2/0x11b0 [ 86.974536][ T5320] ? __lock_acquire+0x146e/0x2cf0 [ 86.974552][ T5320] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 86.974576][ T5320] ? do_raw_spin_unlock+0x4d/0x210 [ 86.974589][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 86.974603][ T5320] ? hfsplus_new_inode+0x643/0x820 [ 86.974646][ T5320] hfsplus_fill_super+0x1247/0x19e0 [ 86.974666][ T5320] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.974679][ T5320] ? string+0x279/0x2b0 [ 86.974703][ T5320] ? snprintf+0xe8/0x140 [ 86.974719][ T5320] ? sb_set_blocksize+0x155/0x240 [ 86.974854][ T5320] ? setup_bdev_super+0x4c1/0x5b0 [ 86.974866][ T5320] get_tree_bdev_flags+0x431/0x4f0 [ 86.974876][ T5320] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.974886][ T5320] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 86.974896][ T5320] vfs_get_tree+0x92/0x2a0 [ 86.974912][ T5320] do_new_mount+0x329/0xa50 [ 86.974926][ T5320] ? apparmor_capable+0x137/0x1a0 [ 86.974941][ T5320] ? __pfx_do_new_mount+0x10/0x10 [ 86.974957][ T5320] ? ns_capable+0x89/0xe0 [ 86.974971][ T5320] __se_sys_mount+0x31d/0x420 [ 86.974989][ T5320] ? __pfx___se_sys_mount+0x10/0x10 [ 86.975008][ T5320] ? __x64_sys_mount+0x20/0xc0 [ 86.975025][ T5320] do_syscall_64+0xe2/0xf80 [ 86.975036][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.975046][ T5320] ? trace_irq_disable+0x37/0x100 [ 86.975058][ T5320] ? clear_bhb_loop+0x60/0xb0 [ 86.975072][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.975083][ T5320] RIP: 0033:0x7f508059c14a [ 86.975094][ T5320] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.975103][ T5320] RSP: 002b:00007f5081396e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.975116][ T5320] RAX: ffffffffffffffda RBX: 00007f5081396ee0 RCX: 00007f508059c14a [ 86.975125][ T5320] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00007f5081396ea0 [ 86.975133][ T5320] RBP: 0000200000000000 R08: 00007f5081396ee0 R09: 000000000080000c [ 86.975140][ T5320] R10: 000000000080000c R11: 0000000000000246 R12: 0000200000000180 [ 86.975146][ T5320] R13: 00007f5081396ea0 R14: 00000000000006f2 R15: 0000200000000280 [ 86.975156][ T5320]