loop0: detected capacity change from 0 to 1024 ============================================ WARNING: possible recursive locking detected syzkaller #0 Not tainted -------------------------------------------- syz.0.0/5318 is trying to acquire lock: ffff888042c28e88 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 fs/hfsplus/extents.c:453 but task is already holding lock: ffff888042c25c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 fs/hfsplus/extents.c:453 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by syz.0.0/5318: #0: ffff88801f79a420 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1158 #1: ffff888042c25df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #1: ffff888042c25df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 mm/filemap.c:4454 #2: ffff888042c25c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 fs/hfsplus/extents.c:453 #3: ffff8880127280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 fs/hfsplus/bfind.c:28 stack backtrace: CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_deadlock_bug+0x279/0x290 kernel/locking/lockdep.c:3041 check_deadlock kernel/locking/lockdep.c:3093 [inline] validate_chain kernel/locking/lockdep.c:3895 [inline] __lock_acquire+0x253f/0x2cf0 kernel/locking/lockdep.c:5237 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __mutex_lock_common kernel/locking/mutex.c:614 [inline] __mutex_lock+0x19f/0x1300 kernel/locking/mutex.c:776 hfsplus_file_extend+0x215/0x1d70 fs/hfsplus/extents.c:453 hfsplus_bmap_reserve+0x125/0x510 fs/hfsplus/btree.c:358 __hfsplus_ext_write_extent+0x28d/0x5b0 fs/hfsplus/extents.c:104 __hfsplus_ext_cache_extent+0x89/0xe30 fs/hfsplus/extents.c:186 hfsplus_ext_read_extent fs/hfsplus/extents.c:218 [inline] hfsplus_file_extend+0x4af/0x1d70 fs/hfsplus/extents.c:457 hfsplus_get_block+0x42c/0x1670 fs/hfsplus/extents.c:245 get_more_blocks fs/direct-io.c:648 [inline] do_direct_IO fs/direct-io.c:936 [inline] __blockdev_direct_IO+0x15d7/0x32f0 fs/direct-io.c:1243 blockdev_direct_IO include/linux/fs.h:3114 [inline] hfsplus_direct_IO+0x119/0x220 fs/hfsplus/inode.c:131 generic_file_direct_write+0x1db/0x3e0 mm/filemap.c:4248 __generic_file_write_iter+0x11d/0x230 mm/filemap.c:4417 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4457 iter_file_splice_write+0x9a1/0x10f0 fs/splice.c:736 do_splice_from fs/splice.c:936 [inline] direct_splice_actor+0x101/0x160 fs/splice.c:1159 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1103 do_splice_direct_actor fs/splice.c:1202 [inline] do_splice_direct+0x195/0x290 fs/splice.c:1228 do_sendfile+0x535/0x7d0 fs/read_write.c:1372 __do_sys_sendfile64 fs/read_write.c:1433 [inline] __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1419 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbc3959c799 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fbc3a533028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007fbc39815fa0 RCX: 00007fbc3959c799 RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 RBP: 00007fbc39632bd9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000080000002 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fbc39816038 R14: 00007fbc39815fa0 R15: 00007ffdfdd22aa8