Extracting prog: 1m58.781183332s
Minimizing prog: 60.755µs
Simplifying prog options: 0s
Extracting C: 28.000195481s
Simplifying C: 5m29.643072412s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000cc0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX, @ANYRES8, @ANYRES64, @ANYRES16, @ANYBLOB="4084ee6445465901df3659d59cd2e535f80f"], 0x1, 0x70e, &(0x7f0000000500)="$eJzs3UtoHPcdB/DvrFYvFxzlZaclEBFDWmpqSxZO617qllJ8CCWkh56FLcfCaztISpFNqZU+7j3k1FN60C30UNK7oT03BEp61DFQyCUnn6oyo9mHpNWuZFuW4n4+Znb+M//H/OY3OzO7WswE+L915WyaD1Lkytm3VsvljfW51sj63Hhd3UoylqSRNJOiXFXcTlV7uZ7yzdQ1PfNdPly89M7nX218sdWomWq8rfaNQf36GNu9aq2eMp1kpJ7vNrrHiJ/Umx/pO97VPcfbr6Kzh2XCzrQTlz891qjw2DZ3WevUffyv6rXTpk/3g5y3wDFV9Nz9ku6pPpWcSDKRbN3166tD4+lH+GStHXUAAAAAcFCTB+/y3MM8zGpOHkY4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Kyqn/9f1FOjXZ5O0X7+/1i9LnX5GBr+IMTPxrfmDw4/GAAAAAAAAAA4PJv3q9lrD/MwqznZWV1Uv/m/3vMb/zfyfpazkKWcy2rms5KVLGU2yVTPeGOr8ysrS7NVz+SlAT0v5NM+PS/sHerl7YvF4+88AAAAAAAAABxrE/W0l5uju9f9Nle6v/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBxUCQjW7NqeqldnkqjmWSi3W4t+TTJ2NFGeyBFv5UPnn4cAAAA8Fgmti8WE/vo89z9PMxqTraXN4vqO/+p6vvyRN7P7axkMStpZSHX6u/Q5bf+xsb6XGtjfe5WOe0e98dfHij0asRs/e2h/5ZfqVpM5noWqzXncjVFNiuNepRXNtbnyvmt/nF9UMZU/Kg2IJqRnvK18uX0J1X5j9v/itA80C7u085BG3u2nKpqRzsZmaljK3s8385A/0wMPTrNgVuaTaM8YnWjgVvqn/MPhmy+2N6q719ujsTOTFxIo3OETg3OefLtv338yxut2zdvXF8+e3x2qa/7Q1vszMRcTyZOP0OZGG6mysTLneUr+Vl+kbP5cvztLGUxv8p8VrIw3a6fr9/P5evU4Ex9dqJ36e1hkZRX0enO9atfTNPZFlOm89OqNJ/Xq2N6MospcifJQt6s/l3IbOdq0D3CLw+OuzrrG/u40vY4851q1klTJvdu+5f9DfmklHl9vievvdfcqaqud003Sy/0zVL7Xrf/+1GP5rfqQjnC7wbeH562nZmY7cnEi3u9X7ZS+ufN8nW5dfvm0o359/a5vTfqeXke/WHAXeJQbtMDlUf4hUzUO/d89VpU59RMVfdiJ6p2vv69mMxWdS91Rtl+xy3rXu702zpTf547ubbtTP1+LuZiLlWtT1WtR3fdscq6052Rtl/Dy7ryk1az88PO9f92P2/dSWvr81Cy9rW/bAM8y05898TY5H8m/zn50eTvJ29MvjXxk/EfjL86ltF/jP6wOTPyRuPV4q/5KL/pfv8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe3fLdezfnW62Fpf6FRv+qYnCv+dZm+0Fi/dqMZXevon5UzpB4ykKxfPfe5pA2wwrjdXiP2P1JFtpPaxzeePoQwyjWdh6vieHHov2Up31soqgfU9nz1kryyDG3t9xdM3oMDuXOwvSBe03v2q+60H7D9jQ++Lt3st/xGknSr/GQC8fIE7j4AEfq/Mqt984v3733vcVb8+8uvLtwe/TixUszly6+OXf++mJrYWbrtafD03+qHnBIej9OdIwleW143wEPagUAAAAAAAAAAAAO0dP4vxBHvY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA19uVs2k+SJHZmXMz5fLG+lyrnNrlbstmkkaS4tdJ8ffkcramTPUMV+y1nQ8XL73z+VcbX3THarbbN5K1PfsNGrNrrZ4ynWSknj+GbeNdHT7eWLc43qe66OxFmbAz7cTBUftfAAAA//+KvvPw")

program crashed: possible deadlock in hfsplus_get_block
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=1m11.555769724s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
simplifying C reproducer
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
testing compiled C program (duration=1m11.555769724s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: possible deadlock in hfsplus_get_block
reproducing took 7m56.424528373s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
============================================
WARNING: possible recursive locking detected
6.14.0-rc1-syzkaller #0 Not tainted
--------------------------------------------
syz-executor223/5304 is trying to acquire lock:
ffff888042e99548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260

but task is already holding lock:
ffff888042e987c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&HFSPLUS_I(inode)->extents_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor223/5304:
 #0: ffff8880406100e0 (&type->s_umount_key#41/1){+.+.}-{4:4}, at: alloc_super+0x221/0x9d0 fs/super.c:344
 #1: ffff8880404f3998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x12ed/0x1be0 fs/hfsplus/super.c:554
 #2: ffff8880405780b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 fs/hfsplus/bfind.c:28
 #3: ffff888042e987c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458
 #4: ffff8880404f38f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35

stack backtrace:
CPU: 0 UID: 0 PID: 5304 Comm: syz-executor223 Not tainted 6.14.0-rc1-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3039
 check_deadlock kernel/locking/lockdep.c:3091 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3893
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
 hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260
 block_read_full_folio+0x3ee/0xae0 fs/buffer.c:2396
 filemap_read_folio+0x148/0x3b0 mm/filemap.c:2390
 do_read_cache_folio+0x373/0x5b0 mm/filemap.c:3960
 do_read_cache_page mm/filemap.c:4026 [inline]
 read_cache_page+0x5b/0x170 mm/filemap.c:4035
 read_mapping_page include/linux/pagemap.h:1017 [inline]
 hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37
 hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:469
 hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358
 hfsplus_create_cat+0x1b0/0x1b70 fs/hfsplus/catalog.c:272
 hfsplus_fill_super+0x1354/0x1be0 fs/hfsplus/super.c:561
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f61ceef60ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe828f0088 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe828f00a0 RCX: 00007f61ceef60ea
RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007ffe828f00a0
RBP: 0000000000000004 R08: 00007ffe828f00e0 R09: 003078303d747261
R10: 000000000080000c R11: 0000000000000286 R12: 000000000080000c
R13: 00007ffe828f00e0 R14: 0000000000000003 R15: 0000000000080000
 </TASK>

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
============================================
WARNING: possible recursive locking detected
6.14.0-rc1-syzkaller #0 Not tainted
--------------------------------------------
syz-executor223/5304 is trying to acquire lock:
ffff888042e99548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260

but task is already holding lock:
ffff888042e987c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&HFSPLUS_I(inode)->extents_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor223/5304:
 #0: ffff8880406100e0 (&type->s_umount_key#41/1){+.+.}-{4:4}, at: alloc_super+0x221/0x9d0 fs/super.c:344
 #1: ffff8880404f3998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x12ed/0x1be0 fs/hfsplus/super.c:554
 #2: ffff8880405780b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 fs/hfsplus/bfind.c:28
 #3: ffff888042e987c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 fs/hfsplus/extents.c:458
 #4: ffff8880404f38f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x9e/0x8c0 fs/hfsplus/bitmap.c:35

stack backtrace:
CPU: 0 UID: 0 PID: 5304 Comm: syz-executor223 Not tainted 6.14.0-rc1-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3039
 check_deadlock kernel/locking/lockdep.c:3091 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3893
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
 hfsplus_get_block+0x383/0x14f0 fs/hfsplus/extents.c:260
 block_read_full_folio+0x3ee/0xae0 fs/buffer.c:2396
 filemap_read_folio+0x148/0x3b0 mm/filemap.c:2390
 do_read_cache_folio+0x373/0x5b0 mm/filemap.c:3960
 do_read_cache_page mm/filemap.c:4026 [inline]
 read_cache_page+0x5b/0x170 mm/filemap.c:4035
 read_mapping_page include/linux/pagemap.h:1017 [inline]
 hfsplus_block_allocate+0xee/0x8c0 fs/hfsplus/bitmap.c:37
 hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:469
 hfsplus_bmap_reserve+0x105/0x4e0 fs/hfsplus/btree.c:358
 hfsplus_create_cat+0x1b0/0x1b70 fs/hfsplus/catalog.c:272
 hfsplus_fill_super+0x1354/0x1be0 fs/hfsplus/super.c:561
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f61ceef60ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe828f0088 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe828f00a0 RCX: 00007f61ceef60ea
RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007ffe828f00a0
RBP: 0000000000000004 R08: 00007ffe828f00e0 R09: 003078303d747261
R10: 000000000080000c R11: 0000000000000286 R12: 000000000080000c
R13: 00007ffe828f00e0 R14: 0000000000000003 R15: 0000000000080000
 </TASK>