Extracting prog: 1m22.718995359s
Minimizing prog: 36.479µs
Simplifying prog options: 0s
Extracting C: 47.018153495s
Simplifying C: 8m43.781818041s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d8, &(0x7f0000000c80)="$eJzs3U1sHGcZB/D/rNeuN1TBaRMaoSKsRBSkiMSJlUK4YBBCOVSoKoeercRprG6SKnFRWiFwAcEJiUO5FyTfkEBI3IPChUu59WpxqoTEJeIQ9bJoZmftXXv9/Rn4/aLxvDPvxzz77Dsz3nVWG+D/1vULaT5KkesXXntYbi8vTbeXl6afq6vbScpyI2l2VynuJsXjZKasL/qW9K3X+XD+2hufPFn+tCz/84+//Upf+5HN+g0xpO1ivWSyHm9yaM/R7R5isftwk+eT3KjXg8a2O9ZAwzJp5+s1HLnOOos76b6T8xY4Znp3p6J731xnIjmRZLz+PSD11aFxeBEejB1d5QAAAOAZ9fG9o44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnj319/8X9dKo15lM0fv+/7Hevrp8DM1su+WjA40DAAAAAAAAAA7Hl5/maR7mZG+7U1R/8z9XbZzOZ53kc3k3DzKX+7mYh5nNQhZyP5eTTPQNNPZwdmHh/uWVnqXhPa8M7XnlsB4xAAAAAAAAAPxP+llaq3//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA46BIRrqrajldrzORRjOrdVlM/pFk7Kjj3YFi2M5Hhx8HAAAA7Mn4Lvp8/mme5mFO9rY7RfWa/wvV6+XxvJu7Wch8FtLOXG7Wr6HLV/2N5aXp9vLS9J1yKbcHx/3Ov3cUxlg9wki1NezIZ6sWrdzKfLXnYm5UwdxMo3vs88nZXjx9cfX5oIyp+HZtm5E167SWB/vNRu8i7IvBtyIam7RsrQaXrGRkqo6t7Hmqm4GieqMmWZuJLZ+d5sDWRDXq6MqRLqex8s7P6d3mvLnx0U/U6/Lx/PJAc75TK5lopMrEld7sK8+ZzTORfPUvf3jzdvvu27dvPbhwfB7SFkY22L92Tkz3ZeKlZzoTm0zMoaaqTJxZ2b6e7+eHuZDJvJ77mc+PMpuFzKVT18/W87n8ObF5pmYGtl7fKpKx+nnpPmfbiWky36tKszlX9T2Z+RS5l5uZy6vVvyu5nG/kaq7mWt8zfGbDuKvHVp31jbVnfe+Z/uvQ4M9/rS6UV7dfrV7lZjZ7xBvNzv3SvfaXeT3Vl9furH+y0upU33kw1ZelF3rZGR06+G7uR80v1oXyGD/f4j5xuCbqTJQnUO8u0YvuxW4mmtW9aP08/12n7Jf23U7n9uw7G4y/uGb7lXpdTqulL23Vumf4U7G/yvnyQsbrK8ng7CjrXly5yvTVdVbncrdu8I5b9jtT1RVF70z9Qe5VE2D9mTpW/w43MFIr1R2rrHtp6FGmq7qzfXUDv2/lXtq5eQj5A2A3/v7mSnEiJ8Za/2p93Pqo9YvW7dZr49997pvPvTyW0b+Nfqs5NfJK4+Xiz/koP1l9/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzeg/fef3u23Z67P7zQ2LhqoNDK2j1bjbymUNRf6LOzXse3MJ5kYE/1PUeHHkZrbRjrCp2fJoeen96XCA5v8+uy0Fw3o4YVZgb2/Gn9gB/sMMJie+fFARYa2fM4rZ00HsnwCXCEFyXgUFxauPPOpQfvvf/1+Tuzb829NXd39OrVa1PXrr46fenWfHtuqvvzqKMEDsLqTf+oIwEAAAAAAAAAAAC2a9gHA849v9WHRrb1GQ//sxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYF9cvpPkoRS5PXZwqt5eXptvl0iuvtmwmaTSS4sdJ8TiZSXfJRN9wRX7/OJ0hx/lw/tobnzxZ/nR1rGa3fdKo1xvbvDbJYr1kMslIvd6DgfFu7Hm84j/JyapUJuyzTqczs7f4YH/8NwAA//+ujPaX")
program crashed: possible deadlock in hfsplus_get_block
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=1m0.437485431s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
simplifying C reproducer
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m0.437485431s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
reproducing took 10m53.519023954s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
============================================
WARNING: possible recursive locking detected
6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 Not tainted
--------------------------------------------
syz-executor309/5828 is trying to acquire lock:
ffff888075661548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x385/0x14f0 fs/hfsplus/extents.c:260
but task is already holding lock:
ffff8880756607c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21d/0x1b70 fs/hfsplus/extents.c:458
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&HFSPLUS_I(inode)->extents_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by syz-executor309/5828:
#0: ffff88802e95e0e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super+0x221/0x9d0 fs/super.c:344
#1: ffff8881412cb198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x13d0/0x1d50 fs/hfsplus/super.c:554
#2: ffff88807b5a20b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x14f/0x1d0 fs/hfsplus/bfind.c:28
#3: ffff8880756607c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21d/0x1b70 fs/hfsplus/extents.c:458
#4: ffff8881412cb0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35
stack backtrace:
CPU: 1 UID: 0 PID: 5828 Comm: syz-executor309 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_deadlock_bug+0x2be/0x2d0 kernel/locking/lockdep.c:3042
check_deadlock kernel/locking/lockdep.c:3094 [inline]
validate_chain+0x928/0x24e0 kernel/locking/lockdep.c:3896
__lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
hfsplus_get_block+0x385/0x14f0 fs/hfsplus/extents.c:260
block_read_full_folio+0x2d3/0x850 fs/buffer.c:2392
filemap_read_folio+0x14a/0x3b0 mm/filemap.c:2401
do_read_cache_folio+0x373/0x5b0 mm/filemap.c:3885
do_read_cache_page mm/filemap.c:3951 [inline]
read_cache_page+0x5b/0x170 mm/filemap.c:3960
read_mapping_page include/linux/pagemap.h:989 [inline]
hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37
hfsplus_file_extend+0xae0/0x1b70 fs/hfsplus/extents.c:469
hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358
hfsplus_create_cat+0x1d3/0x1bd0 fs/hfsplus/catalog.c:272
hfsplus_fill_super+0x1452/0x1d50 fs/hfsplus/super.c:561
get_tree_bdev_flags+0x490/0x5c0 fs/super.c:1636
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
do_new_mount+0x2cf/0xb70 fs/namespace.c:3881
do_mount fs/namespace.c:4221 [inline]
__do_sys_mount fs/namespace.c:4432 [inline]
__se_sys_mount+0x38c/0x400 fs/namespace.c:4409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec1b622dea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9c608648 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc9c608660 RCX: 00007fec1b622dea
RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007ffc9c608660
RBP: 0000200000002900 R08: 00007ffc9c6086a0 R09: 00000000000006d2
R10: 0000000002000010 R11: 0000000000000286 R12: 0000200000000100
R13: 00007ffc9c6086a0 R14: 0000000000000003 R15: 0000000002000010
</TASK>
final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
============================================
WARNING: possible recursive locking detected
6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 Not tainted
--------------------------------------------
syz-executor309/5828 is trying to acquire lock:
ffff888075661548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x385/0x14f0 fs/hfsplus/extents.c:260
but task is already holding lock:
ffff8880756607c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21d/0x1b70 fs/hfsplus/extents.c:458
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&HFSPLUS_I(inode)->extents_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by syz-executor309/5828:
#0: ffff88802e95e0e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super+0x221/0x9d0 fs/super.c:344
#1: ffff8881412cb198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x13d0/0x1d50 fs/hfsplus/super.c:554
#2: ffff88807b5a20b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x14f/0x1d0 fs/hfsplus/bfind.c:28
#3: ffff8880756607c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21d/0x1b70 fs/hfsplus/extents.c:458
#4: ffff8881412cb0f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35
stack backtrace:
CPU: 1 UID: 0 PID: 5828 Comm: syz-executor309 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_deadlock_bug+0x2be/0x2d0 kernel/locking/lockdep.c:3042
check_deadlock kernel/locking/lockdep.c:3094 [inline]
validate_chain+0x928/0x24e0 kernel/locking/lockdep.c:3896
__lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
hfsplus_get_block+0x385/0x14f0 fs/hfsplus/extents.c:260
block_read_full_folio+0x2d3/0x850 fs/buffer.c:2392
filemap_read_folio+0x14a/0x3b0 mm/filemap.c:2401
do_read_cache_folio+0x373/0x5b0 mm/filemap.c:3885
do_read_cache_page mm/filemap.c:3951 [inline]
read_cache_page+0x5b/0x170 mm/filemap.c:3960
read_mapping_page include/linux/pagemap.h:989 [inline]
hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37
hfsplus_file_extend+0xae0/0x1b70 fs/hfsplus/extents.c:469
hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358
hfsplus_create_cat+0x1d3/0x1bd0 fs/hfsplus/catalog.c:272
hfsplus_fill_super+0x1452/0x1d50 fs/hfsplus/super.c:561
get_tree_bdev_flags+0x490/0x5c0 fs/super.c:1636
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
do_new_mount+0x2cf/0xb70 fs/namespace.c:3881
do_mount fs/namespace.c:4221 [inline]
__do_sys_mount fs/namespace.c:4432 [inline]
__se_sys_mount+0x38c/0x400 fs/namespace.c:4409
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec1b622dea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9c608648 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc9c608660 RCX: 00007fec1b622dea
RDX: 0000200000000100 RSI: 0000200000002900 RDI: 00007ffc9c608660
RBP: 0000200000002900 R08: 00007ffc9c6086a0 R09: 00000000000006d2
R10: 0000000002000010 R11: 0000000000000286 R12: 0000200000000100
R13: 00007ffc9c6086a0 R14: 0000000000000003 R15: 0000000002000010
</TASK>