program: pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f00000001c0)=ANY=[], 0x1, 0x69a, &(0x7f0000000800)="$eJzs3U9sHFcdB/DvrnfX3oBSp03SgCoRNVJBRCROrKSYSwNCKBIVqsoBcbQSp7GySSvHRU6EIPw/cOHQO0UiNy4gcQ8qZ+DUq4+VkLj0FEBi0czO2mvHcXZd22urn080O+/N+zPv/WZmZ3dWkQN8al09m8aj1HL17OsrRX714Wxn9eHs7X46yWSSetLorVK7k9Q+SK6kt+Rzxcaqu9rT9vPe4tybH368+lEv16iWsn59u3ZPuFzfYuODasnpJBPVegfaW/V3bVN/rZG7ra3NsAjYmX7gYNyaSbobfP/keskzDX/dAgdWrbxvPnnNTydHkkxVnwN6d8XePftQezDuAQAAAMA+eO7X5Vf4o+MeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwmvb//X6zKpd5Pn06t//f/W9W2VOlD7dG4BwAAAAAAAAAAo/v2Zzdt+MLjPM5Kjvbz3Vr5m//LZeZ4+fqZvJu7WchSzmUl81nOcpZyIcl0Wd4sX1sr88vLSxeGaHlxrWUGWl4ccgbtnU8eAAAAAAAAAA6LxuhNfpqr67//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQVBLJnqrcjneT0+n3kgylaRV1HuQ/L2fPpB++5fBXPe/3dIT1R7t55gAAABgTJ57nMdZydF+vlsrv/OfLL/3T+Xd3MlyFrOcThZyvXwW0PvWX199ONtZfTh7u1ie7Pfr/xppGGWP6T172HrPp8oa7dzIYrnlXK7l7XRyPfWyZeFUfzxbj+snxZhqr1WGHNn1al3M/DdpjjSrnagNXXO6jEgxol5EZqq2RTSObR+JEY9Of0/92F9Ife3Jz/HdjPlKb/Xq73vrYj6/HCkme21zJC4OnH0nV1PbJhLJF//8h+/d7Ny5NXnj7tmDM6URTA48QdscidmBSLy4/TmRZqpI3DyskRg0U0bixFr+ar6V7+ZsTueNLGUxP8h8lrOQ0/lm5jOR+ep8Ll6nt4/UlQ25N541klZ5XJrVu+jwY1rOfF4u2x7NYr6Tt3M9C7lc/ruYC3m16jFrR/jEEFd9fbR32jNfGniY/Ksk7eHa7YNiYMfW7k6DZ/1MeR0c27Bl/Tp4fvfvR43PV4liHz8bOCLjtzkSFwYi8cL2kfhd+bZyt3Pn1tLN+XeG3N8r1bq4jn5xoO4SxfnyfHGwytzGs6Moe2Fz2VQvXq3qF5de2cY7blF2Yq3s6VfqpVzKXFn75JY9XSzLXtyybLYsOzVQtuHz1pXe5y0ADrwjXz7Sav+z/bf2++2ft2+2X5/6xuRXJ19qpfnX5tcaMxOv1F+q/Snv50fr3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdu3vv/q35TmdhaVOi2+3++ClFe5hoJ+lvSZ7Vqpln19mbRCtJmWj0E6P1MzlU5db60Xntj59kzM1RWyW7EqhGdZLdu3/r391udyf99M/T3TqCzW3O+fVEt/JEUXeo5mNL/Ke7ex324j4xpvclYO+dX779zvm79+5/ZfH2/FsLby3cmbt0aW5m7tLlf5y/sdhZmOm9jnuUwF5Yv+mPeyQAAAAAAAAAAADAsPbjvyU8Zdf/2+epAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIfU1bOTVercTPG6+nC2Uyz99FrFslo9Se2HSe2D5Ep6S6YHuqs9bT/vLc69+eHHqx/1co1qKevXN7Rr7mQWD6olp5NMVOtBU5+gv2vVekcjK9XWZlgE7Ew/cDBu/w8AAP//6VkMmQ==") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x70000}]) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={0x1, 0xffffffffffffffff}, 0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0xa, &(0x7f0000000140)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x2000005}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x1}, @map_fd={0x18, 0x1, 0x1, 0x0, r0}, @map_val={0x18, 0x6, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}], &(0x7f00000021c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r4, r6, 0x0, 0x0, @void}, 0x10) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r7, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000300)={@local, @link_local={0x1, 0x80, 0xc2, 0x41}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x18, 0x6, 0x0, @dev, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@nop]}}}}}}}}, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f00000001c0)={0x10000, 0xe, {0xffffffffffffffff}, {}, 0x1, 0x80000000}) syz_open_procfs(r8, &(0x7f0000000240)='attr/exec\x00') [ 58.720032][ T5315] loop0: detected capacity change from 0 to 1024 [ 58.797248][ T5315] [ 58.798244][ T5315] ============================================ [ 58.800556][ T5315] WARNING: possible recursive locking detected [ 58.802825][ T5315] 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 Not tainted [ 58.805231][ T5315] -------------------------------------------- [ 58.807414][ T5315] syz.0.0/5315 is trying to acquire lock: [ 58.809304][ T5315] ffff88801b7da0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.812903][ T5315] [ 58.812903][ T5315] but task is already holding lock: [ 58.815516][ T5315] ffff88801b7da0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.819023][ T5315] [ 58.819023][ T5315] other info that might help us debug this: [ 58.821705][ T5315] Possible unsafe locking scenario: [ 58.821705][ T5315] [ 58.824230][ T5315] CPU0 [ 58.825272][ T5315] ---- [ 58.826428][ T5315] lock(&tree->tree_lock/1); [ 58.828078][ T5315] lock(&tree->tree_lock/1); [ 58.829688][ T5315] [ 58.829688][ T5315] *** DEADLOCK *** [ 58.829688][ T5315] [ 58.832619][ T5315] May be due to missing lock nesting notation [ 58.832619][ T5315] [ 58.835541][ T5315] 4 locks held by syz.0.0/5315: [ 58.837299][ T5315] #0: ffff888053286b78 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: generic_file_write_iter+0x82/0x310 [ 58.841373][ T5315] #1: ffff888053286988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 58.845108][ T5315] #2: ffff88801b7da0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 58.848852][ T5315] #3: ffff888053284108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x21b/0x1b70 [ 58.853010][ T5315] [ 58.853010][ T5315] stack backtrace: [ 58.855119][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 [ 58.855135][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.855142][ T5315] Call Trace: [ 58.855149][ T5315] [ 58.855155][ T5315] dump_stack_lvl+0x241/0x360 [ 58.855172][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.855184][ T5315] ? __pfx__printk+0x10/0x10 [ 58.855201][ T5315] ? lockdep_unlock+0x16a/0x300 [ 58.855220][ T5315] print_deadlock_bug+0x483/0x620 [ 58.855232][ T5315] validate_chain+0x15e2/0x5920 [ 58.855244][ T5315] ? mark_lock+0x9a/0x360 [ 58.855265][ T5315] ? __lock_acquire+0x1397/0x2100 [ 58.855280][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 58.855297][ T5315] ? mark_lock+0x9a/0x360 [ 58.855311][ T5315] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.855324][ T5315] ? mark_lock+0x9a/0x360 [ 58.855338][ T5315] __lock_acquire+0x1397/0x2100 [ 58.855355][ T5315] lock_acquire+0x1ed/0x550 [ 58.855367][ T5315] ? hfsplus_find_init+0x14a/0x1c0 [ 58.855385][ T5315] ? __pfx_lock_acquire+0x10/0x10 [ 58.855397][ T5315] ? hfsplus_find_init+0x85/0x1c0 [ 58.855411][ T5315] ? hfsplus_file_extend+0x454/0x1b70 [ 58.855423][ T5315] ? __pfx___might_resched+0x10/0x10 [ 58.855435][ T5315] ? hfsplus_get_block+0x406/0x14f0 [ 58.855446][ T5315] ? __block_write_begin_int+0x692/0x19a0 [ 58.855457][ T5315] ? cont_write_begin+0x77f/0xb40 [ 58.855467][ T5315] ? hfsplus_write_begin+0x68/0xb0 [ 58.855477][ T5315] ? generic_perform_write+0x346/0x990 [ 58.855491][ T5315] ? generic_file_write_iter+0xae/0x310 [ 58.855504][ T5315] ? aio_write+0x56b/0x7c0 [ 58.855519][ T5315] ? io_submit_one+0x8a7/0x18a0 [ 58.855533][ T5315] ? __se_sys_io_submit+0x171/0x2e0 [ 58.855546][ T5315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.855562][ T5315] __mutex_lock+0x19c/0x1010 [ 58.855621][ T5315] ? hfsplus_find_init+0x14a/0x1c0 [ 58.855640][ T5315] ? hfsplus_find_init+0x14a/0x1c0 [ 58.855655][ T5315] ? __pfx___mutex_lock+0x10/0x10 [ 58.855670][ T5315] ? rcu_is_watching+0x15/0xb0 [ 58.855680][ T5315] ? __kmalloc_noprof+0x2a5/0x4c0 [ 58.855691][ T5315] ? hfsplus_find_init+0x85/0x1c0 [ 58.855707][ T5315] hfsplus_find_init+0x14a/0x1c0 [ 58.855723][ T5315] hfsplus_file_extend+0x454/0x1b70 [ 58.855738][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 58.855745][ T5315] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.855753][ T5315] ? trace_contention_end+0x3c/0x120 [ 58.855759][ T5315] ? __mutex_lock+0x397/0x1010 [ 58.855766][ T5315] ? hfsplus_brec_find+0x19d/0x570 [ 58.855776][ T5315] hfsplus_bmap_reserve+0x105/0x4e0 [ 58.855785][ T5315] __hfsplus_ext_write_extent+0x2a4/0x5c0 [ 58.855794][ T5315] __hfsplus_ext_cache_extent+0x84/0xe10 [ 58.855802][ T5315] hfsplus_file_extend+0x48c/0x1b70 [ 58.855811][ T5315] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 58.855820][ T5315] ? clean_bdev_aliases+0x6f8/0x890 [ 58.855831][ T5315] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 58.855842][ T5315] hfsplus_get_block+0x406/0x14f0 [ 58.855857][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.855869][ T5315] ? _raw_spin_unlock+0x28/0x50 [ 58.855879][ T5315] ? create_empty_buffers+0x471/0x530 [ 58.855890][ T5315] __block_write_begin_int+0x692/0x19a0 [ 58.855901][ T5315] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 58.855916][ T5315] ? irqentry_exit+0x63/0x90 [ 58.855928][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.855940][ T5315] ? __pfx___block_write_begin_int+0x10/0x10 [ 58.855953][ T5315] cont_write_begin+0x77f/0xb40 [ 58.855967][ T5315] ? __pfx_cont_write_begin+0x10/0x10 [ 58.855974][ T5315] ? __pfx_fault_in_readable+0x10/0x10 [ 58.855983][ T5315] ? __mark_inode_dirty+0x3db/0xe90 [ 58.855992][ T5315] hfsplus_write_begin+0x68/0xb0 [ 58.855998][ T5315] ? __pfx_hfsplus_get_block+0x10/0x10 [ 58.856009][ T5315] generic_perform_write+0x346/0x990 [ 58.856025][ T5315] ? __pfx_generic_perform_write+0x10/0x10 [ 58.856038][ T5315] ? file_update_time+0x2ab/0x450 [ 58.856052][ T5315] ? __generic_file_write_iter+0x102/0x230 [ 58.856067][ T5315] generic_file_write_iter+0xae/0x310 [ 58.856082][ T5315] aio_write+0x56b/0x7c0 [ 58.856097][ T5315] ? __pfx_aio_write+0x10/0x10 [ 58.856112][ T5315] ? __might_fault+0xaa/0x120 [ 58.856124][ T5315] ? __pfx_lock_release+0x10/0x10 [ 58.856139][ T5315] ? __fget_files+0x2a/0x410 [ 58.856150][ T5315] ? __might_fault+0xaa/0x120 [ 58.856163][ T5315] io_submit_one+0x8a7/0x18a0 [ 58.856180][ T5315] ? __pfx_io_submit_one+0x10/0x10 [ 58.856195][ T5315] ? __might_fault+0xaa/0x120 [ 58.856206][ T5315] ? __pfx_lock_release+0x10/0x10 [ 58.856221][ T5315] ? __might_fault+0xaa/0x120 [ 58.856232][ T5315] ? __might_fault+0xc6/0x120 [ 58.856244][ T5315] __se_sys_io_submit+0x171/0x2e0 [ 58.856259][ T5315] ? __pfx___se_sys_io_submit+0x10/0x10 [ 58.856279][ T5315] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.856295][ T5315] ? do_syscall_64+0x100/0x230 [ 58.856310][ T5315] ? do_syscall_64+0xb6/0x230 [ 58.856325][ T5315] do_syscall_64+0xf3/0x230 [ 58.856337][ T5315] ? clear_bhb_loop+0x35/0x90 [ 58.856354][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.856368][ T5315] RIP: 0033:0x7fc2e938cd29 [ 58.856379][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.856390][ T5315] RSP: 002b:00007fc2ea27a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 58.856402][ T5315] RAX: ffffffffffffffda RBX: 00007fc2e95a5fa0 RCX: 00007fc2e938cd29 [ 58.856411][ T5315] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007fc2ea230000 [ 58.856419][ T5315] RBP: 00007fc2e940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 58.856427][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.856433][ T5315] R13: 0000000000000000 R14: 00007fc2e95a5fa0 R15: 00007ffda1709ee8 [ 58.856444][ T5315] [ 59.058772][ T5300] Bluetooth: hci0: command tx timeout [ 59.539789][ T5316] syz.0.0 (5316) used greatest stack depth: 19760 bytes left [ 61.076016][ T4664] Bluetooth: hci0: command tx timeout [ 63.156442][ T4664] Bluetooth: hci0: command tx timeout [ 65.236143][ T4664] Bluetooth: hci0: command tx timeout