program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f00000001c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRES8, @ANYRES64, @ANYBLOB="f4925929a19117bfae5a2819f3bbfc9aec8a3480e4b5ce4be64564124348a2be5f8edd0516c9d2bde28bc304ee27cba2df49f7f4e6494432946ba06287cef78ea7f13aec34fc101a433f3984b9f6a59294a1e59b4bf69307c4ed02a281eb090784bcec71043c4e30ae0bde36a2adbdf2f95314d16d8bbca3b63f3b26517c288d0ec0b34a71efe26de998f87e2ca395272d32793bb31a8fef5f4be408a556a569a62e56ad73ef3149e51d32e7213d039e69d0405bee6043c72e0096c3db3afc", @ANYRESDEC, @ANYRES16, @ANYRESHEX=0x0, @ANYRES8, @ANYBLOB="b19bb3a3b3758a76d18d41c8a29fd5be259cea3fee8413d07f010545de60951925b4be1fcad9de530612d629c75fd82c4caf456f323b8061a6c78ec612da642c88aa75115f19f43bf20af1b0a0d3b5ef197c99dc61cbd6c6acd37cada6"], 0x1, 0x6f2, &(0x7f0000000500)="$eJzs3UtoHOcdAPD/rFarXRUcOYnttAQiYkhLRW3JQm7VS91Sig6hhPTQs7DlWHgtB0kpsimN3Me9h5x6Sg+6hR5Keje054ZAyVXHQMGXnHRTmdmZfWjflvVI+vuZmflmvuf857WrxUwA/7dW5qL8NJJYmXt7J13f31usT+wtTuXZ9YioREQpotxYRLIRWe6tfIpvpxvz8km/fj5aX373i6/2v4yI6UZb5aJ8MqheD5XuTbv5FLMRMZEvu032afHTo913tHe7b3ujau1hGrCrReDiL8dqFY7tsMtuM++T/2TzQdXHuW6BcyppPDe7rueZ7Hkd1YjGU383bkb+QeBrbfesBwAAAADjqo1f5aWDOIiduHASwwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBvqrb3/yf5+/2z9Gwkxfv/K1mJhsqZDrav4S9C/HyqsXx68oMBAAAAAAAAgBP3xkEcxE5cKNYPk+w3/zfz3/1T34oPYivWYjOuxU6sxnZsx2YsRMRMW0OVndXt7c2FrGbEqwNq3ojPetS80X+Mt17wPgMAAAAAAADAOVcdkn9/snvb72Ol9fs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcB0nERGORTa8W6ZkolSOiWpTbjfgsIipnO9qxJL02Pj39cQAAAMCxVDtXk+oIdV76MA5iJy4U64dJ9p3/cvZ9uRofxEZsx3psRz3W4k7+HTr91l/a31us7+8tPkino61OjDv0rMVmxV49v5aVqMXdWM+2XIvbkcRhppS38tr+3mK6fNB7XE+epW3/JDdgNO3Dv5POrnyapf/c+VeE8rh7+TxKfXNmstzJZkTm87GlNS4WEegdiZ8+G9JreWBPC1Fq/uXn1cE99Y75k4GdP5k+UqrnX27OxNFI3IhS8whdHhyJiO/+45Nf36tv3L93d2vu/OxSTx8OLXE0EottkbjyDYrEcPNZJC4111fiF/GrmItnU+/EZqzHb2I1tmNttshfzc/ndD4zOFKfT7evvTPqiBr3r15jmo2OMcVs/DxLrcab2TG9EOuRxMOIWIub2b8bsdC8G7SO8KURrvrSCHfaNle/ly2aYYpa/7J/G63JFyW9111si2v7PXcmy2vf0orSyz2jVDzrRn8etal9J0+kLfxh4PPhtB2JRHbSFKN7pd/50gjpXw/T+VZ94/7mvdX3R+zvrXyZXkd/OldPifQIvxzVfOcuZvMku6bms7xXmk/Yix1P1Ur+i0tDqSvvUrNe40r9ZTyMOx1X6g9jKZZiOSt9OSs92fXESvOuNFvqvIeneeknrXLzh532z1sPo974PATA+Tb9/elK7b+1f9c+rv2xdq/2dvVnUz+aer0Sk/+a/HF5fuKt0uvJ3+Pj+F3r+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD8th49vr9ar69t9k6Uemclg2ut1g+LF4kNKNORSPJX5YxQONl69PhwaIODE1P58MaoVRotYmMnirc1tmVNRESPwrMvrtOuRLJ79HhVh+9pEZIRuki6Ap5Wfu4xFz23tkwOrXU42TOqJ5iYPUb1cueW4oRtKzPW2Zslar2OV5+TrT7kxjH2qz6B8+b69oP3r289evyD9Qer7629t7YxubS0PL+8dHPx+t31+tp8Y95W4VRefguchvaPE02ViHhjeN0BL2oFAAAAAAAAAAAATtBp/F+Is95HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OttZS7KTyOJhflr8+n6/t5iPZ2KdKtkOSJKEZH8NiL5Z8StaEwx09Zc0q+fj9aX3/3iq/0vW22Vi/KliN2+9Uazm08xGxET+fJFtXd7eHuVVnKqR3bSjEwasKtF4KrHGyQc2/8CAAD//zmh5XE=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x28000, 0x12) r1 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ftruncate(r1, 0x2088002) r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) pwritev2(r2, &(0x7f0000001100)=[{&(0x7f0000001080)="08e9", 0xff86}], 0x1, 0x7000, 0x0, 0x3) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1, 0xfffffffffffffff8, 0x5}}, 0x30) [ 86.344187][ T4673] Bluetooth: hci0: command tx timeout [ 86.450404][ T5331] loop0: detected capacity change from 0 to 1024 [ 86.535743][ T5331] [ 86.537113][ T5331] ============================================ [ 86.539684][ T5331] WARNING: possible recursive locking detected [ 86.542261][ T5331] 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 Not tainted [ 86.545231][ T5331] -------------------------------------------- [ 86.547708][ T5331] syz.0.0/5331 is trying to acquire lock: [ 86.550046][ T5331] ffff8880532d5548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 86.555131][ T5331] [ 86.555131][ T5331] but task is already holding lock: [ 86.558825][ T5331] ffff8880532d47c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 86.564318][ T5331] [ 86.564318][ T5331] other info that might help us debug this: [ 86.567748][ T5331] Possible unsafe locking scenario: [ 86.567748][ T5331] [ 86.571012][ T5331] CPU0 [ 86.572471][ T5331] ---- [ 86.574021][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.576470][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.579162][ T5331] [ 86.579162][ T5331] *** DEADLOCK *** [ 86.579162][ T5331] [ 86.583086][ T5331] May be due to missing lock nesting notation [ 86.583086][ T5331] [ 86.586972][ T5331] 5 locks held by syz.0.0/5331: [ 86.589235][ T5331] #0: ffff88801edba0e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 86.593851][ T5331] #1: ffff888053289198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1297/0x1b70 [ 86.598716][ T5331] #2: ffff888043cc60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 86.603196][ T5331] #3: ffff8880532d47c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 86.609486][ T5331] #4: ffff8880532890f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 86.614162][ T5331] [ 86.614162][ T5331] stack backtrace: [ 86.616925][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 PREEMPT(full) [ 86.616944][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.616953][ T5331] Call Trace: [ 86.616963][ T5331] [ 86.616994][ T5331] dump_stack_lvl+0x189/0x250 [ 86.617020][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.617039][ T5331] ? __pfx__printk+0x10/0x10 [ 86.617050][ T5331] ? __kasan_check_byte+0x12/0x40 [ 86.617064][ T5331] ? print_lock_name+0xde/0x100 [ 86.617074][ T5331] print_deadlock_bug+0x28b/0x2a0 [ 86.617089][ T5331] validate_chain+0x1a3f/0x2140 [ 86.617102][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 86.617120][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 86.617137][ T5331] ? look_up_lock_class+0x74/0x170 [ 86.617283][ T5331] ? register_lock_class+0x51/0x320 [ 86.617304][ T5331] __lock_acquire+0xab9/0xd20 [ 86.617322][ T5331] ? hfsplus_get_block+0x39e/0x1530 [ 86.617336][ T5331] lock_acquire+0x120/0x360 [ 86.617351][ T5331] ? hfsplus_get_block+0x39e/0x1530 [ 86.617367][ T5331] ? __pfx_hlock_conflict+0x10/0x10 [ 86.617380][ T5331] __mutex_lock+0x182/0xe80 [ 86.617392][ T5331] ? hfsplus_get_block+0x39e/0x1530 [ 86.617407][ T5331] ? lockdep_unlock+0x89/0x120 [ 86.617421][ T5331] ? validate_chain+0x897/0x2140 [ 86.617433][ T5331] ? hfsplus_get_block+0x39e/0x1530 [ 86.617447][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 86.617462][ T5331] hfsplus_get_block+0x39e/0x1530 [ 86.617479][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.617492][ T5331] ? do_raw_spin_unlock+0x4d/0x240 [ 86.617505][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 86.617521][ T5331] block_read_full_folio+0x29c/0x830 [ 86.617537][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.617548][ T5331] filemap_read_folio+0x114/0x380 [ 86.617568][ T5331] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.617581][ T5331] ? __pfx_filemap_read_folio+0x10/0x10 [ 86.617598][ T5331] ? filemap_add_folio+0x1af/0x270 [ 86.617610][ T5331] do_read_cache_folio+0x350/0x590 [ 86.617624][ T5331] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 86.617637][ T5331] read_cache_page+0x5d/0x170 [ 86.617651][ T5331] hfsplus_block_allocate+0xe4/0x9b0 [ 86.617662][ T5331] ? __lock_acquire+0xab9/0xd20 [ 86.617679][ T5331] hfsplus_file_extend+0xae3/0x1990 [ 86.617692][ T5331] ? __pfx___mutex_trylock_common+0x10/0x10 [ 86.617706][ T5331] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 86.617719][ T5331] ? __mutex_lock+0x330/0xe80 [ 86.617731][ T5331] ? hfsplus_find_init+0x15a/0x1d0 [ 86.617741][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 86.617752][ T5331] hfsplus_bmap_reserve+0x122/0x500 [ 86.617770][ T5331] hfsplus_create_cat+0x183/0x1000 [ 86.617787][ T5331] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 86.617802][ T5331] ? do_raw_spin_unlock+0x4d/0x240 [ 86.617827][ T5331] ? do_raw_spin_unlock+0x4d/0x240 [ 86.617840][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 86.617853][ T5331] ? hfsplus_new_inode+0x643/0x820 [ 86.617867][ T5331] hfsplus_fill_super+0x1314/0x1b70 [ 86.617882][ T5331] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.617892][ T5331] ? string+0x279/0x2b0 [ 86.617915][ T5331] ? snprintf+0xda/0x120 [ 86.617930][ T5331] ? sb_set_blocksize+0x104/0x180 [ 86.617947][ T5331] ? setup_bdev_super+0x4c1/0x5b0 [ 86.617960][ T5331] get_tree_bdev_flags+0x40b/0x4d0 [ 86.617971][ T5331] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 86.617981][ T5331] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 86.617993][ T5331] vfs_get_tree+0x92/0x2b0 [ 86.618003][ T5331] do_new_mount+0x24a/0xa40 [ 86.618017][ T5331] __se_sys_mount+0x317/0x410 [ 86.618031][ T5331] ? __pfx___se_sys_mount+0x10/0x10 [ 86.618044][ T5331] ? do_syscall_64+0xbe/0x3b0 [ 86.618052][ T5331] ? __x64_sys_mount+0x20/0xc0 [ 86.618061][ T5331] do_syscall_64+0xfa/0x3b0 [ 86.618067][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.618078][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.618088][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 86.618099][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.618111][ T5331] RIP: 0033:0x7f761ab900ca [ 86.618124][ T5331] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.618135][ T5331] RSP: 002b:00007f761b9e2e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.618150][ T5331] RAX: ffffffffffffffda RBX: 00007f761b9e2ef0 RCX: 00007f761ab900ca [ 86.618159][ T5331] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00007f761b9e2eb0 [ 86.618177][ T5331] RBP: 0000200000000000 R08: 00007f761b9e2ef0 R09: 000000000080000c [ 86.618186][ T5331] R10: 000000000080000c R11: 0000000000000246 R12: 0000200000000180 [ 86.618196][ T5331] R13: 00007f761b9e2eb0 R14: 00000000000006f2 R15: 00002000000001c0 [ 86.618209][ T5331]