program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x6a2, &(0x7f0000000c40)="$eJzs3U9sHFcdB/DvbnbX3oASp03SgCoRNVJBRCROrKSYSwNCKBIVqsoBcbQSp7GySSvHRU6EIPw/cOFQzhQJ37iAxD2onIFTrz5WQuJATwGkLprZWXv9f53GXlt8PtHbeW/en3nzm5kdz1iRA/zfun4+jcep5fr51xaL8vLSVGd5aepuP59kLEk9afQWqd1Lau8n19JL+UyxshquttV23p2bfuODj5Y/7JUaVSrb17frt8HV+iYrH1UpZ5McqZY7GtuyZs14N9aN1xp6rn21lT0sAnauHzgYtWaS7hrfPb1as6Phr1vgwKqV982N1/xEcjTJeP92+ai3erOb8KHyaNQTAAAAgH1w/JflI/yxUc8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpPe3/8vFmWq9/NnU+v//f9WtS5V/lB7POoJAAAAAAAAAMBaH/9r5zbf/PS6FZ97kidZzLF+uVsrf+f/Ulk4WX5+Ku/kfmYznwtZzEwWspD5XEoyUdY3y8/W4szCwvylIXpeXumZgZ6Xh9zL9pDtAAAAAAAAAOAQa+y+y49zffX3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBDUkiO9RZlO9vMTqTeSjCdpFe0eJX/r5w+k3/x5sNT9b7e0odnj/ZwTAAAAjMjxJ3mSxRzrl7u18pn/dPncP553ci8LmctCOpnNzfJdQO+pv768NNVZXpq6W6SN4371n7uaRjlieu8eNt/ymbJFO7cyV665kBt5K53cTL3sWTjTn8/m8/pRMafaq5Wh5tU93s8Ve/6rNHe1V0+jNnTLiTIixYx6EZms+hbROLF9JHZ5dPpb6sf+Uuorb35OPsuYL/YWr/yutyz25+e7isleWx+JywNn3+nl1LaJRPL5P/3+O7c79+6M3bp//uDs0i6MDbxBWx+JqYFIvLD9OZFmqkjcPqyRGDRZRuLUSvl6vpFv53zO5vXMZy7fy0wWMpuz+XpmciQz1flcfE5sH6lra0qv7zSTVnlcmtW36PBzWshMXir7HstcvpW3cjOzuVr+u5xLeaUaMStH+NQQV319V9+0OfeFgZfJv0jSHq7fPigmdmLl7jR41k+W18GJNWtWr4Pnnvn9KI3PVpliGz8ZOCKjtz4SlwYi8fz2kfht+bVyv3PvzvztmbeH3N7L1bK4jn52oO4SxfnyXHGwytLas6Ooe3593XgvXq3qNy69urV33KLu1Erd1lfqlVzJdNn69KYjXS7rXti0bqqsOzNQt+bnrWu9n7cAOPCOfvFoq/2P9l/b77V/2r7dfm38a2NfHnuxleZfml9pTB55uf5i7Y95Lz9Yff4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACe3v0HD+/MdDqz8+sy3W73h1tU7WGmnaS/JtmpVzM7t9mbTCtJmWn0M7sbZ2zLqtO/Xh2wtXp0Xv3DJ5lzc7e9kmcSqEZ1kj14eOff3W533w/TJpnmNuf8aqZb2VDVHar7yDL/6T67AUf8xQTsuYsLd9++eP/Bwy/N3Z15c/bN2XvTV65MT05fufr3i7fmOrOTvc9RzxLYC6s3/VHPBAAAAAAAAAAAABjWfvy3hC02/fE+7yoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwSF0/P1blLkwWn8tLU50i9fMrDctm9SS17ye195Nr6aVMDAxX22o7785Nv/HBR8sf9kqNKpXt62v6NZ9mLx5VKWeTHKmWg8Y/wXg3quVTzaxUW9nDImDn+oGDUftfAAAA///s9RGv") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) [ 75.194976][ T5296] Bluetooth: hci0: command tx timeout [ 75.275923][ T5311] loop0: detected capacity change from 0 to 1024 [ 75.355050][ T5311] [ 75.356097][ T5311] ============================================ [ 75.358738][ T5311] WARNING: possible recursive locking detected [ 75.361338][ T5311] 6.15.0-syzkaller-01972-g914873bc7df9 #0 Not tainted [ 75.364159][ T5311] -------------------------------------------- [ 75.366649][ T5311] syz.0.0/5311 is trying to acquire lock: [ 75.369057][ T5311] ffff8880362e80b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 75.373155][ T5311] [ 75.373155][ T5311] but task is already holding lock: [ 75.376186][ T5311] ffff8880362e80b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 75.380295][ T5311] [ 75.380295][ T5311] other info that might help us debug this: [ 75.383753][ T5311] Possible unsafe locking scenario: [ 75.383753][ T5311] [ 75.386944][ T5311] CPU0 [ 75.388379][ T5311] ---- [ 75.389940][ T5311] lock(&tree->tree_lock/1); [ 75.392030][ T5311] lock(&tree->tree_lock/1); [ 75.394193][ T5311] [ 75.394193][ T5311] *** DEADLOCK *** [ 75.394193][ T5311] [ 75.397693][ T5311] May be due to missing lock nesting notation [ 75.397693][ T5311] [ 75.401393][ T5311] 4 locks held by syz.0.0/5311: [ 75.403611][ T5311] #0: ffff888052b4ab78 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xe3/0x540 [ 75.408381][ T5311] #1: ffff888052b4a988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 75.412718][ T5311] #2: ffff8880362e80b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 75.416967][ T5311] #3: ffff888052b48108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1fc/0x1990 [ 75.421863][ T5311] [ 75.421863][ T5311] stack backtrace: [ 75.424350][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) [ 75.424366][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.424374][ T5311] Call Trace: [ 75.424381][ T5311] [ 75.424387][ T5311] dump_stack_lvl+0x189/0x250 [ 75.424416][ T5311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.424433][ T5311] ? __pfx__printk+0x10/0x10 [ 75.424446][ T5311] ? print_lock_name+0xde/0x100 [ 75.424458][ T5311] print_deadlock_bug+0x28b/0x2a0 [ 75.424476][ T5311] validate_chain+0x1a3f/0x2140 [ 75.424492][ T5311] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.424551][ T5311] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.424569][ T5311] __lock_acquire+0xab9/0xd20 [ 75.424584][ T5311] ? hfsplus_find_init+0x15a/0x1d0 [ 75.424596][ T5311] lock_acquire+0x120/0x360 [ 75.424609][ T5311] ? hfsplus_find_init+0x15a/0x1d0 [ 75.424621][ T5311] ? __se_sys_io_submit+0x185/0x2f0 [ 75.424634][ T5311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.424648][ T5311] __mutex_lock+0x182/0xe80 [ 75.424661][ T5311] ? hfsplus_find_init+0x15a/0x1d0 [ 75.424675][ T5311] ? hfsplus_find_init+0x15a/0x1d0 [ 75.424686][ T5311] ? __pfx___mutex_lock+0x10/0x10 [ 75.424702][ T5311] ? rcu_is_watching+0x15/0xb0 [ 75.424721][ T5311] ? __kmalloc_noprof+0x29b/0x4f0 [ 75.424734][ T5311] ? hfsplus_find_init+0x8c/0x1d0 [ 75.424746][ T5311] hfsplus_find_init+0x15a/0x1d0 [ 75.424758][ T5311] hfsplus_file_extend+0x416/0x1990 [ 75.424778][ T5311] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.424793][ T5311] ? __mutex_trylock_common+0x153/0x260 [ 75.424811][ T5311] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.424830][ T5311] ? trace_contention_end+0x39/0x120 [ 75.424847][ T5311] ? __mutex_lock+0x330/0xe80 [ 75.424860][ T5311] ? hfsplus_brec_find+0x191/0x500 [ 75.424873][ T5311] hfsplus_bmap_reserve+0x122/0x500 [ 75.424894][ T5311] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 75.424911][ T5311] __hfsplus_ext_cache_extent+0x89/0xe30 [ 75.424929][ T5311] hfsplus_file_extend+0x444/0x1990 [ 75.424947][ T5311] ? __pfx_hfsplus_file_extend+0x10/0x10 [ 75.424963][ T5311] ? clean_bdev_aliases+0x5c9/0x6b0 [ 75.424980][ T5311] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 75.424997][ T5311] hfsplus_get_block+0x411/0x1530 [ 75.425015][ T5311] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.425029][ T5311] ? do_raw_spin_unlock+0x4d/0x240 [ 75.425047][ T5311] ? _raw_spin_unlock+0x28/0x50 [ 75.425060][ T5311] __block_write_begin_int+0x6b5/0x1900 [ 75.425078][ T5311] ? folio_add_lru+0x1b3/0x3d0 [ 75.425096][ T5311] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.425111][ T5311] ? __pfx___block_write_begin_int+0x10/0x10 [ 75.425129][ T5311] cont_write_begin+0x789/0xb50 [ 75.425148][ T5311] ? __pfx_cont_write_begin+0x10/0x10 [ 75.425163][ T5311] ? __pfx___might_resched+0x10/0x10 [ 75.425178][ T5311] ? folio_unlock+0x101/0x160 [ 75.425195][ T5311] hfsplus_write_begin+0x66/0xb0 [ 75.425208][ T5311] ? __pfx_hfsplus_get_block+0x10/0x10 [ 75.425223][ T5311] generic_perform_write+0x2c4/0x910 [ 75.425237][ T5311] ? __pfx_generic_perform_write+0x10/0x10 [ 75.425248][ T5311] ? file_update_time+0x2da/0x490 [ 75.425265][ T5311] ? __generic_file_write_iter+0xf9/0x230 [ 75.425275][ T5311] ? generic_file_write_iter+0xfb/0x540 [ 75.425287][ T5311] generic_file_write_iter+0x10f/0x540 [ 75.425297][ T5311] ? aa_file_perm+0x11f/0xed0 [ 75.425312][ T5311] ? __pfx_generic_file_write_iter+0x10/0x10 [ 75.425329][ T5311] ? __lock_acquire+0xab9/0xd20 [ 75.425346][ T5311] ? aio_write+0x4c4/0x7a0 [ 75.425360][ T5311] aio_write+0x532/0x7a0 [ 75.425375][ T5311] ? __pfx_aio_write+0x10/0x10 [ 75.425391][ T5311] ? __might_fault+0xb0/0x130 [ 75.425418][ T5311] io_submit_one+0x78b/0x1310 [ 75.425437][ T5311] ? __pfx_io_submit_one+0x10/0x10 [ 75.425452][ T5311] ? __might_fault+0xb0/0x130 [ 75.425468][ T5311] ? __might_fault+0xb0/0x130 [ 75.425482][ T5311] __se_sys_io_submit+0x185/0x2f0 [ 75.425496][ T5311] ? __pfx___se_sys_io_submit+0x10/0x10 [ 75.425512][ T5311] ? do_syscall_64+0xba/0x220 [ 75.425527][ T5311] do_syscall_64+0xf6/0x220 [ 75.425541][ T5311] ? clear_bhb_loop+0x60/0xb0 [ 75.425554][ T5311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.425565][ T5311] RIP: 0033:0x7f8e6d78e969 [ 75.425578][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.425588][ T5311] RSP: 002b:00007f8e6e638038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 75.425602][ T5311] RAX: ffffffffffffffda RBX: 00007f8e6d9b5fa0 RCX: 00007f8e6d78e969 [ 75.425610][ T5311] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f8e6e5ee000 [ 75.425618][ T5311] RBP: 00007f8e6d810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 75.425625][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.425632][ T5311] R13: 0000000000000000 R14: 00007f8e6d9b5fa0 R15: 00007fff76c010a8 [ 75.425644][ T5311] [ 76.470092][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.473024][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.268948][ T5296] Bluetooth: hci0: command tx timeout [ 79.348990][ T5296] Bluetooth: hci0: command tx timeout [ 81.428853][ T5296] Bluetooth: hci0: command tx timeout