program: bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x7, 0x4, 0x500, 0x80000003, 0x20}, 0x48) r0 = syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002380)='./file0\x00', 0x4040, &(0x7f0000000000)=ANY=[], 0x3, 0x705, &(0x7f00000003c0)="$eJzs3UtsHGcdAPD/rNfrXQOp06ZJQZG6aqSCsEjsGBfMhYAQ+FChqhw4rxKnsbJxKttFToWow+POoQfEqRx8qzigcuEUCc5UlVCvPnCohNQDPVlcjGZ2Zndt78uP2C78ftbsfDPfc/6z89hdWRPA/63F6Sg/iSQWp1/dSJe3t+aaY1tzE3l2MyIqEVGKKLdmkazkeV+8GrfS+ZfTlfm6pF8/7y4vvP7xZ9ufRMRfxrK2ykX5ZFC9HioHV23mU9QjYqw1Hz9YrMeqzAf7u9/T3u18fnSdLUwDdi2fR/z+WK3Cse0esNnOe/8f2eug6oc5boFzKmldNw+YipiMiGpEZPcE+dmhdLqjO3mbZz0AAAAAOKza4as8sxM7sREXnsZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H9V/vz/JJ9KRboeSfH8/0q+LvL0OTT8QYgfTbTmT57+YAAAAAAAAADgqXtxJ3ZiIy4Uy7tJ9pv/S12/8X8h3oq1WIrVuB4b0Yj1WI/VmI2Iqa6GKhuN9fXV2axmxKUBNW/Ghz1q3uw/xlsnvM0AAAAAAAAAcM5Vh+TfHz+47pex2Pn9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzoMkYqw1y6ZLRXoqSuWIqBblNiM+jIjK2Y72UJJeK5+c/jgAAADgWKp7F5PqCOWfeSd2YiMuFOt2k+wz/+Xs83I13oqVWI/lWI9mLMWd/DN0+qm/tL0119zemnuQTgfb/t6nhxp61mK0vnvo3fMLWYla3I3lbM31uB1J7GZKeSsvbG/NpfMHvcf1OB1T8t3cgNGMdaXvpC9XPsjSv937LUL5UJt4RKW+OVNZ7ng7IjP52NIaF4sI9I7EsL1TLkf8Z7dvT7NRan/zc2lwT71j/nhw95P7SvX85uZM7I/EzSi199DlwZGI+Oqf3//pvebK/Xt316bPzyb19M7QEu1IfLM4zXQicWXkSNROeuBnYCbb9ufby4vxw/hJTMenE6/FaizHz6IR67FUL/Ib+fs5fZ0aHKmPJruXXhs2kvSYrLfPX73GVI89Y4p6/CBLNeKlbJ9eiOVI4mFELMUr2d/NmG2f6Dp7+PkRjvrSCGfaLte+ls3aYYoB740/jtbkSUnjerErrt3n3Kksr3tNJ0rP9oxSca3rPje2vlEfQfkreSJt4VcDrw+nbX8kZrsi8Vy/90srpH/IrjVrzZX7q/cab47Y38v5PD2OfnOurhKVeBzPRjXfuIvZa5IdUzPZ3n+uffOwN16V/BeXltL+vB/9rl2vdaT+OB7GnT1H6rdiPuZjIWvpclZ6/MAVK8270m6pO28uy0vvtMrtH3a677ceRrN1PwTA+Tb59clK7V+1v9feq/26dq/2avX7E9+euFqJ8b+Nf6c8M/Zy6Wryp3gvftH5/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzd2qO37zeazaXV3olS76xkcK1Gc7d4kNiAMnsSSf6onBEKJ2uPdp8ZveWeiYl8eEes3mg245Ab2DdRPEZteOH6sfvqn0g2929Odfi+KJ7yNEIXyYGAp5WPPOai586a8acSluMl6ifXYPGG7coa/d37zy+1Kte691dRfSwietUacuIY29Mi8Dl0Y/3BmzfWHr39jeUHjTeW3lhaGZ+fX5hZmH9l7sbd5ebSTOu1q8KpPPwWOA3dtxNtlYh4cXhdF38AAAAAAAAAAAA4G6fxvxBnvY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA59vidJSfRBKzM9dn0uXtrblmOhXpTslyRJQiIvl5RPLXiFvRmmKqq7mkXz/vLi+8/vFn25902ioX5UvJzmbfeqPZzKeoR8RYPh/Jv4e3d3t4e5VOcqJHdtKOTBqwa0Xg4Kz9NwAA///FB+fl") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000540)='binfmt_misc\x00', 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x100020, 0x0) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000180), &(0x7f0000000140)=0x4) r2 = socket$packet(0x11, 0x3, 0x300) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000380)=0xdb7a21f50cf3cce2) [ 85.318546][ T5339] Bluetooth: hci0: command tx timeout [ 85.409998][ T5361] loop0: detected capacity change from 0 to 1024 [ 85.451377][ T5361] ======================================================= [ 85.451377][ T5361] WARNING: The mand mount option has been deprecated and [ 85.451377][ T5361] and is ignored by this kernel. Remove the mand [ 85.451377][ T5361] option from the mount to silence this warning. [ 85.451377][ T5361] ======================================================= [ 85.505092][ T5361] [ 85.506238][ T5361] ============================================ [ 85.508822][ T5361] WARNING: possible recursive locking detected [ 85.511541][ T5361] syzkaller #0 Not tainted [ 85.513446][ T5361] -------------------------------------------- [ 85.515986][ T5361] syz.0.0/5361 is trying to acquire lock: [ 85.518266][ T5361] ffff888052c91548 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.522831][ T5361] [ 85.522831][ T5361] but task is already holding lock: [ 85.525968][ T5361] ffff888052c907c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 85.530372][ T5361] [ 85.530372][ T5361] other info that might help us debug this: [ 85.533891][ T5361] Possible unsafe locking scenario: [ 85.533891][ T5361] [ 85.536871][ T5361] CPU0 [ 85.538210][ T5361] ---- [ 85.539561][ T5361] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.541907][ T5361] lock(&HFSPLUS_I(inode)->extents_lock); [ 85.544252][ T5361] [ 85.544252][ T5361] *** DEADLOCK *** [ 85.544252][ T5361] [ 85.547369][ T5361] May be due to missing lock nesting notation [ 85.547369][ T5361] [ 85.550911][ T5361] 5 locks held by syz.0.0/5361: [ 85.553048][ T5361] #0: ffff88804036e0e0 (&type->s_umount_key#48/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 85.557339][ T5361] #1: ffff888052c87998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_fill_super+0x1278/0x1b50 [ 85.561494][ T5361] #2: ffff888033a520b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 85.565595][ T5361] #3: ffff888052c907c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 85.570594][ T5361] #4: ffff888052c878f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_allocate+0x94/0x9b0 [ 85.575155][ T5361] [ 85.575155][ T5361] stack backtrace: [ 85.577849][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.577868][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.577877][ T5361] Call Trace: [ 85.577885][ T5361] [ 85.577892][ T5361] dump_stack_lvl+0x189/0x250 [ 85.577911][ T5361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.577925][ T5361] ? __pfx__printk+0x10/0x10 [ 85.577941][ T5361] ? print_lock_name+0xde/0x100 [ 85.577957][ T5361] print_deadlock_bug+0x28b/0x2a0 [ 85.577972][ T5361] validate_chain+0x1a3f/0x2140 [ 85.577984][ T5361] ? lock_release+0x4b/0x3e0 [ 85.578001][ T5361] ? look_up_lock_class+0x74/0x170 [ 85.578066][ T5361] ? register_lock_class+0x51/0x320 [ 85.578083][ T5361] __lock_acquire+0xab9/0xd20 [ 85.578101][ T5361] ? hfsplus_get_block+0x39e/0x1530 [ 85.578112][ T5361] lock_acquire+0x120/0x360 [ 85.578127][ T5361] ? hfsplus_get_block+0x39e/0x1530 [ 85.578141][ T5361] ? stack_trace_save+0x9c/0xe0 [ 85.578154][ T5361] ? __pfx_hlock_conflict+0x10/0x10 [ 85.578166][ T5361] __mutex_lock+0x187/0x1350 [ 85.578184][ T5361] ? hfsplus_get_block+0x39e/0x1530 [ 85.578197][ T5361] ? lockdep_unlock+0x89/0x120 [ 85.578212][ T5361] ? validate_chain+0x897/0x2140 [ 85.578222][ T5361] ? hfsplus_get_block+0x39e/0x1530 [ 85.578234][ T5361] ? __pfx___mutex_lock+0x10/0x10 [ 85.578254][ T5361] hfsplus_get_block+0x39e/0x1530 [ 85.578268][ T5361] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.578279][ T5361] ? do_raw_spin_unlock+0x4d/0x240 [ 85.578292][ T5361] ? _raw_spin_unlock+0x28/0x50 [ 85.578307][ T5361] block_read_full_folio+0x29f/0x830 [ 85.578320][ T5361] ? __pfx_hfsplus_get_block+0x10/0x10 [ 85.578332][ T5361] filemap_read_folio+0x114/0x380 [ 85.578349][ T5361] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.578359][ T5361] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.578386][ T5361] ? filemap_add_folio+0x1af/0x270 [ 85.578402][ T5361] do_read_cache_folio+0x350/0x590 [ 85.578415][ T5361] ? __pfx_hfsplus_read_folio+0x10/0x10 [ 85.578426][ T5361] read_cache_page+0x5d/0x170 [ 85.578438][ T5361] hfsplus_block_allocate+0xe4/0x9b0 [ 85.578461][ T5361] hfsplus_file_extend+0xae3/0x1990 [ 85.578475][ T5361] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 85.578488][ T5361] ? hfsplus_find_init+0x15a/0x1d0 [ 85.578502][ T5361] ? __pfx___mutex_lock+0x10/0x10 [ 85.578520][ T5361] hfsplus_bmap_reserve+0x122/0x500 [ 85.578536][ T5361] hfsplus_create_cat+0x183/0x1000 [ 85.578549][ T5361] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 85.578560][ T5361] ? do_raw_spin_unlock+0x4d/0x240 [ 85.578586][ T5361] ? do_raw_spin_unlock+0x4d/0x240 [ 85.578600][ T5361] ? _raw_spin_unlock+0x28/0x50 [ 85.578611][ T5361] ? hfsplus_new_inode+0x643/0x820 [ 85.578622][ T5361] hfsplus_fill_super+0x12f5/0x1b50 [ 85.578638][ T5361] ? __lock_acquire+0xab9/0xd20 [ 85.578655][ T5361] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.578671][ T5361] ? string+0x279/0x2b0 [ 85.578720][ T5361] ? snprintf+0xda/0x120 [ 85.578737][ T5361] ? sb_set_blocksize+0x104/0x180 [ 85.578752][ T5361] ? setup_bdev_super+0x4c1/0x5b0 [ 85.578767][ T5361] get_tree_bdev_flags+0x40b/0x4d0 [ 85.578780][ T5361] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 85.578796][ T5361] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 85.578811][ T5361] vfs_get_tree+0x92/0x2b0 [ 85.578826][ T5361] do_new_mount+0x2a2/0x9e0 [ 85.578841][ T5361] ? __pfx_do_new_mount+0x10/0x10 [ 85.578853][ T5361] ? path_mount+0x61c/0xfe0 [ 85.578866][ T5361] ? user_path_at+0x44/0x60 [ 85.578878][ T5361] __se_sys_mount+0x317/0x410 [ 85.578893][ T5361] ? __pfx___se_sys_mount+0x10/0x10 [ 85.578908][ T5361] ? do_syscall_64+0xbe/0x3b0 [ 85.578927][ T5361] ? __x64_sys_mount+0x20/0xc0 [ 85.578941][ T5361] do_syscall_64+0xfa/0x3b0 [ 85.578957][ T5361] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.578971][ T5361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.578982][ T5361] ? clear_bhb_loop+0x60/0xb0 [ 85.578994][ T5361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.579006][ T5361] RIP: 0033:0x7f3a91f9038a [ 85.579018][ T5361] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.579028][ T5361] RSP: 002b:00007f3a92e28e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.579041][ T5361] RAX: ffffffffffffffda RBX: 00007f3a92e28ef0 RCX: 00007f3a91f9038a [ 85.579051][ T5361] RDX: 0000200000000100 RSI: 0000200000002380 RDI: 00007f3a92e28eb0 [ 85.579059][ T5361] RBP: 0000200000000100 R08: 00007f3a92e28ef0 R09: 0000000000004040 [ 85.579066][ T5361] R10: 0000000000004040 R11: 0000000000000246 R12: 0000200000002380 [ 85.579073][ T5361] R13: 00007f3a92e28eb0 R14: 0000000000000705 R15: 0000200000000000 [ 85.579084][ T5361]