program: r0 = syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r1 = eventfd(0x10001) read$eventfd(r1, &(0x7f0000000100), 0x8) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x1, &(0x7f0000000280)=[&(0x7f00000002c0)={0x25, 0xe7030000, 0x0, 0x1, 0x8, r2}]) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@user_xattr}, {@grpjquota}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") r4 = creat(&(0x7f0000000240)='./file1\x00', 0xd) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r5) sendmsg$NLBL_MGMT_C_ADD(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r6, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r7) sendmsg$NLBL_CIPSOV4_C_REMOVE(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x1c, r8, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8}]}, 0x1c}}, 0x8000) write$P9_RUNLINKAT(r4, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0xfff2) r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) fallocate(r0, 0x10, 0xd71, 0x7fff) io_cancel(0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x7, 0xdf, r0, &(0x7f0000000300)="0cf9c44f72dbf89bc22979d7ae", 0xd, 0x2, 0x0, 0x1, r9}, &(0x7f0000000380)) io_getevents(r3, 0x3, 0x3, &(0x7f0000000140)=[{}, {}, {}], &(0x7f00000001c0)) [ 68.579567][ T45] Bluetooth: hci0: command tx timeout [ 68.632815][ T5333] loop0: detected capacity change from 0 to 1024 [ 68.746293][ T5333] [ 68.747460][ T5333] ============================================ [ 68.750303][ T5333] WARNING: possible recursive locking detected [ 68.753066][ T5333] 6.16.0-syzkaller-08685-g260f6f4fda93 #0 Not tainted [ 68.755996][ T5333] -------------------------------------------- [ 68.758855][ T5333] syz.0.0/5333 is trying to acquire lock: [ 68.761761][ T5333] ffff888053368108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 68.766947][ T5333] [ 68.766947][ T5333] but task is already holding lock: [ 68.770115][ T5333] ffff88805336b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 68.774686][ T5333] [ 68.774686][ T5333] other info that might help us debug this: [ 68.778116][ T5333] Possible unsafe locking scenario: [ 68.778116][ T5333] [ 68.781354][ T5333] CPU0 [ 68.782762][ T5333] ---- [ 68.784373][ T5333] lock(&HFSPLUS_I(inode)->extents_lock); [ 68.787229][ T5333] lock(&HFSPLUS_I(inode)->extents_lock); [ 68.789921][ T5333] [ 68.789921][ T5333] *** DEADLOCK *** [ 68.789921][ T5333] [ 68.793335][ T5333] May be due to missing lock nesting notation [ 68.793335][ T5333] [ 68.799989][ T5333] 5 locks held by syz.0.0/5333: [ 68.802158][ T5333] #0: ffff8880116447f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 68.805937][ T5333] #1: ffff888043ff4428 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 68.809630][ T5333] #2: ffff88805336b238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xe3/0x540 [ 68.814540][ T5333] #3: ffff88805336b048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 68.819562][ T5333] #4: ffff88803c1040b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 68.824021][ T5333] [ 68.824021][ T5333] stack backtrace: [ 68.826791][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 68.826826][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.826834][ T5333] Call Trace: [ 68.826842][ T5333] [ 68.826855][ T5333] dump_stack_lvl+0x189/0x250 [ 68.826876][ T5333] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.826893][ T5333] ? __pfx__printk+0x10/0x10 [ 68.826904][ T5333] ? print_lock_name+0xde/0x100 [ 68.826920][ T5333] print_deadlock_bug+0x28b/0x2a0 [ 68.826937][ T5333] validate_chain+0x1a3f/0x2140 [ 68.826949][ T5333] ? __bfs+0x151/0x2a0 [ 68.826959][ T5333] ? check_path+0x21/0x40 [ 68.826970][ T5333] ? look_up_lock_class+0x74/0x170 [ 68.827022][ T5333] ? register_lock_class+0x51/0x320 [ 68.827033][ T5333] __lock_acquire+0xab9/0xd20 [ 68.827045][ T5333] ? hfsplus_file_extend+0x1fc/0x1990 [ 68.827060][ T5333] lock_acquire+0x120/0x360 [ 68.827071][ T5333] ? hfsplus_file_extend+0x1fc/0x1990 [ 68.827084][ T5333] __mutex_lock+0x187/0x1340 [ 68.827093][ T5333] ? hfsplus_file_extend+0x1fc/0x1990 [ 68.827103][ T5333] ? check_path+0x21/0x40 [ 68.827114][ T5333] ? check_noncircular+0xe0/0x160 [ 68.827125][ T5333] ? hfsplus_file_extend+0x1fc/0x1990 [ 68.827135][ T5333] ? lockdep_unlock+0x89/0x120 [ 68.827144][ T5333] ? __pfx___mutex_lock+0x10/0x10 [ 68.827156][ T5333] hfsplus_file_extend+0x1fc/0x1990 [ 68.827169][ T5333] ? __lock_acquire+0xab9/0xd20 [ 68.827179][ T5333] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 68.827190][ T5333] ? __pfx___mutex_trylock_common+0x10/0x10 [ 68.827201][ T5333] ? do_syscall_64+0xfa/0x3b0 [ 68.827211][ T5333] ? rcu_is_watching+0x15/0xb0 [ 68.827222][ T5333] ? trace_contention_end+0x39/0x120 [ 68.827229][ T5333] ? __mutex_lock+0x335/0x1340 [ 68.827237][ T5333] ? hfsplus_brec_find+0x191/0x500 [ 68.827247][ T5333] hfsplus_bmap_reserve+0x122/0x500 [ 68.827256][ T5333] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 68.827268][ T5333] __hfsplus_ext_cache_extent+0x89/0xe30 [ 68.827284][ T5333] hfsplus_file_extend+0x444/0x1990 [ 68.827301][ T5333] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 68.827319][ T5333] ? clean_bdev_aliases+0x5c9/0x6b0 [ 68.827336][ T5333] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 68.827347][ T5333] hfsplus_get_block+0x411/0x1530 [ 68.827360][ T5333] ? __pfx_hfsplus_get_block+0x10/0x10 [ 68.827370][ T5333] ? do_raw_spin_unlock+0x4d/0x240 [ 68.827379][ T5333] ? _raw_spin_unlock+0x28/0x50 [ 68.827397][ T5333] __block_write_begin_int+0x6b2/0x1900 [ 68.827415][ T5333] ? folio_add_lru+0x1b2/0x3d0 [ 68.827432][ T5333] ? __pfx_hfsplus_get_block+0x10/0x10 [ 68.827445][ T5333] ? __pfx___block_write_begin_int+0x10/0x10 [ 68.827458][ T5333] cont_write_begin+0x789/0xb50 [ 68.827472][ T5333] ? __pfx_cont_write_begin+0x10/0x10 [ 68.827487][ T5333] ? __pfx___might_resched+0x10/0x10 [ 68.827506][ T5333] ? folio_unlock+0x101/0x160 [ 68.827521][ T5333] hfsplus_write_begin+0x66/0xb0 [ 68.827535][ T5333] ? __pfx_hfsplus_get_block+0x10/0x10 [ 68.827554][ T5333] generic_perform_write+0x2c2/0x900 [ 68.827574][ T5333] ? __pfx_generic_perform_write+0x10/0x10 [ 68.827595][ T5333] ? file_update_time+0x2da/0x490 [ 68.827612][ T5333] ? __generic_file_write_iter+0xf9/0x230 [ 68.827629][ T5333] ? generic_file_write_iter+0xfb/0x540 [ 68.827646][ T5333] generic_file_write_iter+0x10f/0x540 [ 68.827667][ T5333] ? __pfx_generic_file_write_iter+0x10/0x10 [ 68.827687][ T5333] ? __lock_acquire+0xab9/0xd20 [ 68.827706][ T5333] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.827723][ T5333] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 68.827745][ T5333] vfs_write+0x54b/0xa90 [ 68.827757][ T5333] ? __pfx_generic_file_write_iter+0x10/0x10 [ 68.827775][ T5333] ? __pfx_vfs_write+0x10/0x10 [ 68.827789][ T5333] ? __fget_files+0x2a/0x420 [ 68.827811][ T5333] ksys_write+0x145/0x250 [ 68.827825][ T5333] ? __pfx_ksys_write+0x10/0x10 [ 68.827837][ T5333] ? rcu_is_watching+0x15/0xb0 [ 68.827857][ T5333] ? do_syscall_64+0xbe/0x3b0 [ 68.827873][ T5333] do_syscall_64+0xfa/0x3b0 [ 68.827888][ T5333] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.827900][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.827912][ T5333] ? clear_bhb_loop+0x60/0xb0 [ 68.827925][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.827937][ T5333] RIP: 0033:0x7f0cc7b8e9a9 [ 68.827964][ T5333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.827977][ T5333] RSP: 002b:00007f0cc891f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.827992][ T5333] RAX: ffffffffffffffda RBX: 00007f0cc7db5fa0 RCX: 00007f0cc7b8e9a9 [ 68.828003][ T5333] RDX: 000000000000fff2 RSI: 00002000000000c0 RDI: 0000000000000006 [ 68.828012][ T5333] RBP: 00007f0cc7c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 68.828020][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.828027][ T5333] R13: 0000000000000000 R14: 00007f0cc7db5fa0 R15: 00007ffd23945bd8 [ 68.828039][ T5333] [ 69.064282][ T25] audit: type=1800 audit(1753937296.101:2): pid=5334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0