program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000100)='./file1\x00', 0x1ef) io_setup(0x202, &(0x7f0000000200)=0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x0, &(0x7f0000000000)={[{@init_itable_val={'init_itable', 0x3d, 0x4}}, {@nombcache}]}, 0x1, 0x589, &(0x7f0000000bc0)="$eJzs3U9oHGUbAPBnJsnXr22+Ly0oqPRQVKhQukn6R6un9CoWCj0IXuKy2YaQTTZmN7UJPaT3IhYUlV7qTUGPiogH8eLRqxfFsyBaVJoeJDLZ3bRNsnGTdncl+/vBbOZ939l93jezz7szywwbQM86mj2kEU9GxIUkYui+tv6oNx6tbbdy+2rhbn8UklhdvfhrEklE3Ll9tdDYPqn/PRgRyxHxRER8MxBxPN0ct7K4NJ0vlYrz9fJwdWZuuLK4dGJqJj9ZnCzOnnrhxTNnT58ZPTn6yMZ6/ccbb13/7uVbNz7+9Mhy4d18EmMxWG+7fxyPUu1/MhBjG+pPtyNYFyXd7gC70lfP84GIeDyGoq+e9cDet7ovYhXoUcmO839/mDNgL2gcB2Tnv43lgQOE5fYef/xyrnYCksVdqS+1lv7adxPx37VzkwO/Jw+cmWTnm4fa2zV6wPK1iBjp79/8/k/q77/dG3kUHaStvj5X21Gb93+a7f83Pqlvt3H+GWx8d/qQGvPfyqb5L12f//qazH8XWozx12s/fdA0/rWIp7aMn6zHT7aIn0bE6y3Gv/nqF2ebta1+GHEsto7fkGz//fDwpalScaT2uGWMr44deWm78R9oEn9sm/FndXMtjv/zbz97utnHaBb/uWe23/9bxc+Owd9uMf7hOx+90qwtiz/RZPzbxc/qbrUY//mxoz+0uCkAAAAAAAAAALAD6dq1bEmaW19P01yudg/vY3EgLZUr1eOXyguzE7Vr3g7FQNq40mqoVk6y8mj9etxG+eSG8qmIOBwR7/TtXyvnCuXSRLcHDwAAAAAAAAAAAAAAAAAAAP8SBzfc//9HX+3+f6BH+Mlv6F3yH3rXg/mfdK0fQOf5/IfeJf+hdzXL/7tfdrgjQMc1/fwf6Gw/gM5z/A+9S/5D75L/0LvkPwAAAAAAAAAAAAAAAAAAAAAAAAAAtMWF8+ezZfXu7auFrDxxeXFhunz5xESxMp2bWSjkCuX5udxkuTxZKuYK5Zl/er1SuTw3ErMLV4arxUp1uLK4ND5TXpitjk/N5CeL40W/KAIAAAAAAAAAAAAAAAAAAACbDa4tSZqLiHRtPU1zuYj/RcShGEguTZWKIxHx/4j4vm9gX1Ye7XanAQAAAAAAAAAAAAAAAAAAYI+pLC5N50ul4vz2K2kL2+y9lYhY3lCzs9cZ/7Nzfc46u6unJ8sPFT2Jbu8mK2168wMAAAAAAAAAAAAAAAAAAB1176bfHT7xWps6BAAAAAAAAAAAAAAAAAAAAD0p/Tl7TCLi2NCzgxtb/5Os9K39jYg3b15870q+Wp0fzep/W6+vvl+vP9mF7gMta+RpI48BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAeyqLS9P5Uqk4v8uVfS28TpeHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALArfwcAAP//VB3RbA==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000002340)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x2, 0x3, 0x3, 0x3615, 0x2, 0x3e, 0x9, 0x264, 0x38, 0x23a, 0x7fffffff, 0x5, 0x20, 0x4, 0x7, 0x7, 0x9}, [{0x6474e551, 0x3a2, 0x0, 0xc, 0xbc, 0xf0, 0xa6bb, 0x598e}, {0x4, 0x7f6, 0x7fff, 0x88, 0x0, 0x6, 0x3, 0x400}, {0x6, 0xb000000, 0x4dd, 0x1, 0x1, 0xfffffffa, 0x1}, {0x3, 0x3, 0x2b, 0x800, 0x6, 0x0, 0x6, 0x1}], "", ['\x00', '\x00']}, 0x2b8) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000002700)={&(0x7f0000002640)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000026c0)={&(0x7f0000002680)={0x24, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x46045}, 0x800) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000002600)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x58, 0x2, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x100}, @CTA_TUPLE_REPLY={0x34, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xf65}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x0) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000002740)) [ 74.457059][ T4680] Bluetooth: hci0: command tx timeout [ 74.519675][ T5331] loop0: detected capacity change from 0 to 1024 [ 74.643330][ T5331] [ 74.644467][ T5331] ============================================ [ 74.647235][ T5331] WARNING: possible recursive locking detected [ 74.649979][ T5331] syzkaller #0 Not tainted [ 74.651861][ T5331] -------------------------------------------- [ 74.654583][ T5331] syz.0.0/5331 is trying to acquire lock: [ 74.657115][ T5331] ffff888037678108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 74.661675][ T5331] [ 74.661675][ T5331] but task is already holding lock: [ 74.664917][ T5331] ffff88803767a988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 74.669368][ T5331] [ 74.669368][ T5331] other info that might help us debug this: [ 74.672526][ T5331] Possible unsafe locking scenario: [ 74.672526][ T5331] [ 74.675394][ T5331] CPU0 [ 74.676770][ T5331] ---- [ 74.678163][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.680642][ T5331] lock(&HFSPLUS_I(inode)->extents_lock); [ 74.683031][ T5331] [ 74.683031][ T5331] *** DEADLOCK *** [ 74.683031][ T5331] [ 74.686539][ T5331] May be due to missing lock nesting notation [ 74.686539][ T5331] [ 74.690003][ T5331] 3 locks held by syz.0.0/5331: [ 74.692137][ T5331] #0: ffff88803767ab78 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: generic_file_write_iter+0x11e/0x680 [ 74.696931][ T5331] #1: ffff88803767a988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x215/0x1d70 [ 74.701647][ T5331] #2: ffff88803654c0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 [ 74.706039][ T5331] [ 74.706039][ T5331] stack backtrace: [ 74.708755][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.708775][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.708784][ T5331] Call Trace: [ 74.708793][ T5331] [ 74.708799][ T5331] dump_stack_lvl+0xe8/0x150 [ 74.708822][ T5331] print_deadlock_bug+0x279/0x290 [ 74.708840][ T5331] __lock_acquire+0x253f/0x2cf0 [ 74.708856][ T5331] ? unwind_next_frame+0xa5/0x23c0 [ 74.708868][ T5331] ? __bfs+0x153/0x290 [ 74.708878][ T5331] ? __pfx_hlock_conflict+0x10/0x10 [ 74.708891][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 74.708903][ T5331] lock_acquire+0x106/0x330 [ 74.708913][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 74.708928][ T5331] __mutex_lock+0x19f/0x1300 [ 74.709004][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 74.709019][ T5331] ? __bfs+0x153/0x290 [ 74.709030][ T5331] ? __pfx_hlock_conflict+0x10/0x10 [ 74.709043][ T5331] ? hfsplus_file_extend+0x215/0x1d70 [ 74.709054][ T5331] ? check_path+0x21/0x40 [ 74.709066][ T5331] ? check_noncircular+0xda/0x150 [ 74.709079][ T5331] ? __pfx___mutex_lock+0x10/0x10 [ 74.709095][ T5331] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 74.709109][ T5331] hfsplus_file_extend+0x215/0x1d70 [ 74.709124][ T5331] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.709137][ T5331] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.709153][ T5331] ? rcu_is_watching+0x15/0xb0 [ 74.709166][ T5331] ? trace_contention_end+0x39/0x100 [ 74.709180][ T5331] ? __asan_memset+0x22/0x50 [ 74.709193][ T5331] ? hfsplus_brec_find+0x19d/0x520 [ 74.709212][ T5331] hfsplus_bmap_reserve+0x125/0x510 [ 74.709228][ T5331] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 74.709242][ T5331] __hfsplus_ext_cache_extent+0x89/0xe30 [ 74.709256][ T5331] hfsplus_file_extend+0x4af/0x1d70 [ 74.709270][ T5331] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 74.709283][ T5331] ? clean_bdev_aliases+0x62e/0x750 [ 74.709299][ T5331] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 74.709314][ T5331] hfsplus_get_block+0x42c/0x1670 [ 74.709340][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.709354][ T5331] ? do_raw_spin_unlock+0x4d/0x210 [ 74.709369][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 74.709382][ T5331] __block_write_begin_int+0x6c6/0x1910 [ 74.709401][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.709413][ T5331] ? __pfx___block_write_begin_int+0x10/0x10 [ 74.709430][ T5331] cont_write_begin+0x737/0xae0 [ 74.709444][ T5331] ? irqentry_exit+0x59c/0x620 [ 74.709461][ T5331] ? __pfx_cont_write_begin+0x10/0x10 [ 74.709478][ T5331] hfsplus_write_begin+0x66/0xb0 [ 74.709487][ T5331] ? __pfx_hfsplus_get_block+0x10/0x10 [ 74.709499][ T5331] generic_perform_write+0x2e2/0x8f0 [ 74.709512][ T5331] ? __pfx_generic_perform_write+0x10/0x10 [ 74.709522][ T5331] ? file_update_time_flags+0x2cb/0x4d0 [ 74.709538][ T5331] ? __generic_file_write_iter+0xf9/0x230 [ 74.709548][ T5331] ? generic_file_write_iter+0x136/0x680 [ 74.709558][ T5331] generic_file_write_iter+0x14a/0x680 [ 74.709568][ T5331] ? __pfx_generic_file_write_iter+0x10/0x10 [ 74.709578][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 74.709589][ T5331] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 74.709600][ T5331] ? lockdep_hardirqs_on+0x7a/0x110 [ 74.709614][ T5331] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 74.709626][ T5331] ? stack_depot_save_flags+0x3f3/0x810 [ 74.709689][ T5331] ? io_submit_one+0x7bb/0x14c0 [ 74.709707][ T5331] ? aio_write+0x547/0x870 [ 74.709722][ T5331] aio_write+0x5cd/0x870 [ 74.709736][ T5331] ? __pfx_aio_write+0x10/0x10 [ 74.709785][ T5331] ? __might_fault+0xaf/0x130 [ 74.709802][ T5331] io_submit_one+0x7bb/0x14c0 [ 74.709816][ T5331] ? irqentry_exit+0x59c/0x620 [ 74.709833][ T5331] ? __pfx_io_submit_one+0x10/0x10 [ 74.709846][ T5331] ? __might_fault+0xaf/0x130 [ 74.709861][ T5331] ? __might_fault+0xaf/0x130 [ 74.709875][ T5331] __se_sys_io_submit+0x195/0x340 [ 74.709907][ T5331] ? __pfx___se_sys_io_submit+0x10/0x10 [ 74.709925][ T5331] do_syscall_64+0xe2/0xf80 [ 74.709940][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.709951][ T5331] ? trace_irq_disable+0x37/0x100 [ 74.709967][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 74.709980][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.709991][ T5331] RIP: 0033:0x7f886a19acb9 [ 74.710005][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.710015][ T5331] RSP: 002b:00007f88665f5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 74.710028][ T5331] RAX: ffffffffffffffda RBX: 00007f886a415fa0 RCX: 00007f886a19acb9 [ 74.710037][ T5331] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f886a3e7000 [ 74.710044][ T5331] RBP: 00007f886a208bf7 R08: 0000000000000000 R09: 0000000000000000 [ 74.710050][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.710057][ T5331] R13: 00007f886a416038 R14: 00007f886a415fa0 R15: 00007ffe3dda5508 [ 74.710068][ T5331]