program: syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x80000c, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYBLOB="435ea86b859e695c49b93453c62b0eb120ada517c35b8133e30c9a17af316f37544d8fc94ff7b5a13e8eb6776b6c906416eb54dea9c56d92dc14929fe7271273047f2836d9f6c5e6337752dec8a044c63581fa2616c26af839b2", @ANYRESHEX=0x0, @ANYRES8, @ANYRES64, @ANYRES32, @ANYRESDEC, @ANYRES16, @ANYRESHEX=0x0, @ANYRES8=0x0, @ANYBLOB="b19bb3a3b3758a76d18d41c8a29fd5be259cea3fee8413d07f010545de60951925b4be1fcad9de530612d629c75fd82c4caf456f323b8061a6c78ec612da642c88aa75115f19f43bf20af1b0a0d3b5ef197c99dc61cbd6c6acd37cada6"], 0x1, 0x709, &(0x7f0000000500)="$eJzs3UtoHPf9APDvrFYrrf7gyIkf+ZdARAxpqagtWciteqlbStEhlJAeeha2HAut5SApRTalkfu495BTT+lBt9BDSe+G9twQKLnqGCjkkpNuW2Z2djXSzj5kPd1+PmJmfvN7zW++szOzD8QE8D9rcTqqzyOJxel3ttL13Z25xsjO3Fhe3IiIWkRUIqqtRSRrkZXezaf4/zQzr5/02s7HKwvvffnN7lettWo+ZfWTfu1K1LqztvMppiJiJF92G+3R42eHN3+gv3s9+xvW/h6mAbvRDlz86Vi9wrE1u2x3yj79Vzbv1/wo5y1wQSXZfbPSlT8ZMRER4xGtu/523Ikoq/iS2T7vAQAAAMBR1Y/e5JW92IutuHQawwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/Vq3n/6eLbKq001ORtJ//X8tqtNTOdbA9DX4Q4hdjreXz0x8MAAAAAAAAAJy6N/diL7biUnu9mWS/+b+V/+6f+r/4MDZiOdbjZmzFUmzGZqzHbERMFjqqbS1tbq7PZi0jrvRpeTs+L2l5u/cY757wPgMAAAAAAADABTc+oHx1tDvvt7G4//s/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcBEnESGuRTVfa6cmoVCNivF1vO+LziKid72iPJCnLfH724wAAAIBjGT+4mhTWm83mR6VtXvko9mIrLnUqJtln/mvZ5+Xx+DDWYjNWYjMasRz388/Q6af+yu7OXGN3Z+5ROnX3++OvjzT0rMdoffdQvuXXsxr1eBArWc7NuBdJul/NZrOS9/L67s5cunxUPq5n6ZiSH+X6jGakkL6fzq5/lqX/ePBbhOqRdvEFVXqWTGalo52IzORjS1tcbkegPBIDj06175Zmo9L55udK/y2Vx/xZ340/mzhUq/Sbm3NxOBK3o9I5Qtf6RyLi23/79JcPG2urDx9sTF+cXSpVfrEoOhyJuUIkrveJRL7jL00kBpvJInG1s74YP4tfxHR8PfZurMdK/CqWYjOWp9rlS3kM0vlk/9fMFxPFtXeHHVHr+lU2pqk4MKaYip9mqaV4Kzuml2IlkngcEctxJ/u7HbOdq8H+Eb46xFlfGeJKW3DjO9miE6ao9677l+G6PCnpte5yIa7Fa+5kVlbM2Y/Sq6VRat/rhr8fFVS/lSfSHn7X9/5w1g5HYrYQidd6vV5aIf1zM51vNNZW1x8ufTDk9t7Ol+l59IcLdZdIj/CrMZ7v3OVsnmTn1ExW9lrnDnswXrX8F5eWSlfZ1U671pn683gc9w+cqd+P+ZiPhaz2taz2aNcdKy273unp4DU8LUvfaVU7P+wU3289jkbr/RAAF9vEdydq9X/X/1n/pP77+sP6O+M/GfvB2Bu1GP3H6A+rMyNvV95I/hqfxG/2P/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvbuPJ09WlRmN5feNJPSKyRCfn6WqlcTgnSyRdOYcSnacO9qlzIJHkj8oZonKy8eRpc2CH/RNj+fCO0KrSHbETSbSf1lgoGomIkspTJ7fRrkSyffh4jQ/e03ZIhthE0hXwtPELj7m95f2c0YGtmqOlUT3FxNQxmlcP5rRfsIU6R3r1Zol62fHq8WJrDLhwjBz3ygOct1ubjz64tfHk6fdWHi29v/z+8tro/PzCzML8nblbD1YayzOteaHBmTz8FjgLxbcTHbWIeHNw2z4PagUAAAAAAAAAAABO0Vn8L8R57yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwclucjurzSGJ25uZMur67M9dIp3Z6v2Y1IioRkfw6Ivl7xN1oTTFZ6C7ptZ2PVxbe+/Kb3a/2+6q261citnu2G852PsVURIzky5Pq797g/mr7ybGS4qQTmTRgN9qBGz/eIOHY/hMAAP//0CPntQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) ftruncate(r1, 0x8ca) r2 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x1, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@remote, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d00)=@flushsa={0x14, 0x1c, 0x173040933d947bfb, 0x70bd29, 0x25dfdbfb, {0x32}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ftruncate(r2, 0x2088002) r6 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000440)=""/116, 0x0, 0x800, 0x5}, 0x20) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x3, 0x4) pwritev2(r6, &(0x7f0000001100)=[{&(0x7f0000001080)="08e9", 0xff86}], 0x1, 0x7000, 0x0, 0x3) [ 75.280888][ T5297] Bluetooth: hci0: command tx timeout [ 75.358802][ T5318] loop0: detected capacity change from 0 to 1024 [ 75.425925][ T5318] [ 75.427023][ T5318] ============================================ [ 75.429756][ T5318] WARNING: possible recursive locking detected [ 75.432441][ T5318] syzkaller #0 Not tainted [ 75.434387][ T5318] -------------------------------------------- [ 75.437005][ T5318] syz.0.0/5318 is trying to acquire lock: [ 75.439415][ T5318] ffff8880437140b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x290 [ 75.443681][ T5318] [ 75.443681][ T5318] but task is already holding lock: [ 75.446753][ T5318] ffff8880437140b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x290 [ 75.450673][ T5318] [ 75.450673][ T5318] other info that might help us debug this: [ 75.454052][ T5318] Possible unsafe locking scenario: [ 75.454052][ T5318] [ 75.457686][ T5318] CPU0 [ 75.459203][ T5318] ---- [ 75.461111][ T5318] lock(&tree->tree_lock/1); [ 75.463792][ T5318] lock(&tree->tree_lock/1); [ 75.466452][ T5318] [ 75.466452][ T5318] *** DEADLOCK *** [ 75.466452][ T5318] [ 75.470013][ T5318] May be due to missing lock nesting notation [ 75.470013][ T5318] [ 75.473559][ T5318] 6 locks held by syz.0.0/5318: [ 75.475601][ T5318] #0: ffff88801f5340f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 75.479435][ T5318] #1: ffff888032820420 (sb_writers#12){.+.+}-{0:0}, at: vfs_write+0x211/0xb30 [ 75.482996][ T5318] #2: ffff88805288eb78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 75.487348][ T5318] #3: ffff88805288e988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 75.491544][ T5318] #4: ffff8880437140b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x290 [ 75.495726][ T5318] #5: ffff88805288c108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1ba0 [ 75.500404][ T5318] [ 75.500404][ T5318] stack backtrace: [ 75.502931][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.502948][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.502956][ T5318] Call Trace: [ 75.502963][ T5318] [ 75.502970][ T5318] dump_stack_lvl+0x189/0x250 [ 75.502990][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.503003][ T5318] ? __pfx__printk+0x10/0x10 [ 75.503015][ T5318] ? print_lock_name+0xde/0x100 [ 75.503025][ T5318] print_deadlock_bug+0x28b/0x2a0 [ 75.503039][ T5318] validate_chain+0x1a3f/0x2140 [ 75.503051][ T5318] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.503107][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.503123][ T5318] __lock_acquire+0xab9/0xd20 [ 75.503135][ T5318] ? hfsplus_find_init+0x168/0x290 [ 75.503145][ T5318] lock_acquire+0x120/0x360 [ 75.503154][ T5318] ? hfsplus_find_init+0x168/0x290 [ 75.503165][ T5318] ? vfs_write+0x5c9/0xb30 [ 75.503177][ T5318] ? do_syscall_64+0xfa/0xfa0 [ 75.503191][ T5318] __mutex_lock+0x187/0x1350 [ 75.503203][ T5318] ? hfsplus_find_init+0x168/0x290 [ 75.503214][ T5318] ? hfsplus_find_init+0x168/0x290 [ 75.503224][ T5318] ? __pfx___mutex_lock+0x10/0x10 [ 75.503237][ T5318] ? rcu_is_watching+0x15/0xb0 [ 75.503249][ T5318] ? trace_kmalloc+0x1f/0xd0 [ 75.503258][ T5318] ? __kmalloc_noprof+0x432/0x7f0 [ 75.503268][ T5318] ? hfsplus_find_init+0x8c/0x290 [ 75.503277][ T5318] hfsplus_find_init+0x168/0x290 [ 75.503287][ T5318] hfsplus_file_extend+0x40e/0x1ba0 [ 75.503300][ T5318] ? preempt_schedule+0xae/0xc0 [ 75.503311][ T5318] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.503322][ T5318] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.503333][ T5318] ? preempt_schedule_thunk+0x16/0x30 [ 75.503344][ T5318] ? __asan_memset+0x22/0x50 [ 75.503355][ T5318] ? hfsplus_brec_find+0x1a9/0x510 [ 75.503366][ T5318] hfsplus_bmap_reserve+0x122/0x500 [ 75.503381][ T5318] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 75.503393][ T5318] __hfsplus_ext_cache_extent+0x89/0xe30 [ 75.503406][ T5318] hfsplus_file_extend+0x437/0x1ba0 [ 75.503420][ T5318] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.503432][ T5318] ? mlock_drain_local+0x28e/0x490 [ 75.503447][ T5318] ? clean_bdev_aliases+0x5d0/0x6b0 [ 75.503460][ T5318] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 75.503471][ T5318] hfsplus_get_block+0x40a/0x15d0 [ 75.503485][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.503504][ T5318] ? do_raw_spin_unlock+0x4d/0x240 [ 75.503518][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 75.503531][ T5318] __block_write_begin_int+0x6b5/0x1900 [ 75.503541][ T5318] ? __pfx_workingset_update_node+0x10/0x10 [ 75.503553][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.503565][ T5318] ? __pfx___block_write_begin_int+0x10/0x10 [ 75.503577][ T5318] cont_write_begin+0x789/0xb50 [ 75.503589][ T5318] ? __pfx_cont_write_begin+0x10/0x10 [ 75.503599][ T5318] ? __pfx___might_resched+0x10/0x10 [ 75.503610][ T5318] ? __mark_inode_dirty+0x3d2/0xe10 [ 75.503619][ T5318] ? folio_unlock+0x101/0x160 [ 75.503633][ T5318] hfsplus_write_begin+0x66/0xb0 [ 75.503643][ T5318] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.503655][ T5318] generic_perform_write+0x2c5/0x900 [ 75.503668][ T5318] ? __pfx_generic_perform_write+0x10/0x10 [ 75.503677][ T5318] ? file_update_time+0x416/0x490 [ 75.503688][ T5318] ? __generic_file_write_iter+0xf9/0x230 [ 75.503696][ T5318] ? generic_file_write_iter+0x103/0x550 [ 75.503707][ T5318] generic_file_write_iter+0x117/0x550 [ 75.503717][ T5318] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.503731][ T5318] ? __lock_acquire+0xab9/0xd20 [ 75.503743][ T5318] ? rcu_read_lock_any_held+0xb3/0x120 [ 75.503755][ T5318] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 75.503770][ T5318] vfs_write+0x5c9/0xb30 [ 75.503782][ T5318] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.503792][ T5318] ? __pfx_vfs_write+0x10/0x10 [ 75.503805][ T5318] ? __fget_files+0x2a/0x420 [ 75.503820][ T5318] ksys_write+0x145/0x250 [ 75.503832][ T5318] ? __pfx_ksys_write+0x10/0x10 [ 75.503845][ T5318] ? do_syscall_64+0xbe/0xfa0 [ 75.503857][ T5318] do_syscall_64+0xfa/0xfa0 [ 75.503869][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.503880][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.503889][ T5318] ? clear_bhb_loop+0x60/0xb0 [ 75.503898][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.503908][ T5318] RIP: 0033:0x7fefec18efc9 [ 75.503919][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.503928][ T5318] RSP: 002b:00007fefecfd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.503940][ T5318] RAX: ffffffffffffffda RBX: 00007fefec3e5fa0 RCX: 00007fefec18efc9 [ 75.503948][ T5318] RDX: 00000000ffffff6a RSI: 0000200000000000 RDI: 0000000000000004 [ 75.503955][ T5318] RBP: 00007fefec211f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.503960][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.503965][ T5318] R13: 00007fefec3e6038 R14: 00007fefec3e5fa0 R15: 00007fff2aa668d8 [ 75.503972][ T5318] [ 75.775175][ T25] audit: type=1800 audit(1761440638.223:2): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=28 res=0 errno=0 [ 76.452384][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.455108][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.331035][ T5297] Bluetooth: hci0: command tx timeout [ 79.411201][ T5297] Bluetooth: hci0: command tx timeout [ 81.490902][ T5297] Bluetooth: hci0: command tx timeout