program: syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x30008c8, &(0x7f0000000340)=ANY=[@ANYBLOB="71756965742c66696c655f756d61736b3d30303030303030303030303030303030303030303031332c696f636861727365743d69736f383835392d352c71756965742c636f6465706167653d63703837342c00ce03302d0e8237adaa916f2d437760dc5ac21a1103567dc615700d59b68e04289862e154481c777112ead2acf535e34ebb02040d632291528be5cf8c2352077b544ec76b897623cbc3d093816751610a44e984d83b14011d5d536f5df8afcec9f9c2b2799d500b166222abb9fe5f085639eef508dfad09185112528afa4f405786cdfc26a617f92c5c5c85be81356631c2bee75a69c86e5af635ee1ede2a2afdd36c034351e6616dbc275df5d15620f2517df78d8d454db623d8b437cb2698c77c3f3fab7502fe6ec5429ee991f4cb7282dee1097824d1a5b28137dd8bd7237c3e06e885dd83cc790c13c74b46c13d2709ac26c74a3757a9897cf993f31a4cb3120ffda703c07a3d5044fd62f20fe6b4bd"], 0x51, 0x2b8, &(0x7f0000000a40)="$eJzs3ctu00AUxvFvnLQNtCouLUJiWagEGwRlg9gEoTwEKwQ0QaqIioAiLquCWCEEe/a8Ag/BBsQLwIoVD1BWRjOeXBw7dho1MWn/P6mRE/t4zsSXmROpsgAcW7caPz9f+23/jFRRRXp3Qwok1aSqpDM6W3u2s7u9224183ZUcRH2zyiONKlttnZaWaE2zkV4oX1X1VL/Z5iMKIpu/io7CZTOXf0ZAmnBX51ufW3qmeV7PWbc3iHnMWvMvvb1Qstl5wEAKJcf/wM/zi/5+XsQSBt+2P8vx/9x7ZedwMRFuWv7xn9XZUXGHt9TblWv3nMlnF0fdKrEUVqeG3g/r/jMSkwwTVFV6XIJTjzYbrcubz1qNwO9Ud3r22zNvTbjU7ejINv1jNo0xwh9N9kzykXXhznbh804/+eSEvmvjtni2MxX893cMaE+qdmd/1UjYw+TO1LhwJGK878yfI+ul6HdSv62Ua/Xg8QmK66Rc74Fr6CXteyKRJ0zakXJHwjCojxd1OmBqLh3VwuiVjOjNjvvhkStJaJsb7pn8/D2Js18MLfNuv7oixp98//A5reh3Cuzd9WYjXgocN943J/57Oaqbp9hauRIXy7db3FhWOp/8+9pOID3uq/rWn768tXDSrvdemIX7mUsPF7qfjL3VsrcpuQF7fU+WVDkpDbuDErTTOzSoe7Q3j8KN7ZXWcYq2/OyD9MRWmh8m+6JVMZCubcnTEfyFoFjyM67TFz/9eqVajzZsy9h5jx9xB8C/B4jO8fuVnC92CiekUs6eaAKbnF4BZeuuVI1o6u5zl+ULozeYujzPCJMQz90l9//AQAAAAAAAAAAAAAAAAAAZs00/p2g7D4CAAAAAAAAAAAAAAAAAAAAADDrus//Vef5vxrt+b+Dj2I5zOf/ftwRz/8FJu9fAAAA///H5nr/") open(&(0x7f0000000200)='./bus\x00', 0x14d27e, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = open(&(0x7f0000000080)='./file1\x00', 0x10103e, 0x100) ftruncate(r1, 0x20cf01) unlink(&(0x7f0000000000)='./bus\x00') [ 68.993146][ T4676] Bluetooth: hci0: command tx timeout [ 69.085888][ T5330] loop0: detected capacity change from 0 to 64 [ 69.102209][ T5330] ======================================================= [ 69.102209][ T5330] WARNING: The mand mount option has been deprecated and [ 69.102209][ T5330] and is ignored by this kernel. Remove the mand [ 69.102209][ T5330] option from the mount to silence this warning. [ 69.102209][ T5330] ======================================================= [ 69.155044][ T24] audit: type=1800 audit(1732147588.609:2): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=21 res=0 errno=0 [ 69.777817][ T5330] [ 69.778803][ T5330] ============================================ [ 69.781106][ T5330] WARNING: possible recursive locking detected [ 69.783479][ T5330] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted [ 69.786023][ T5330] -------------------------------------------- [ 69.788230][ T5330] syz.0.0/5330 is trying to acquire lock: [ 69.790316][ T5330] ffff88801defa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x16e/0x1f0 [ 69.793780][ T5330] [ 69.793780][ T5330] but task is already holding lock: [ 69.796528][ T5330] ffff88801defa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x16e/0x1f0 [ 69.799832][ T5330] [ 69.799832][ T5330] other info that might help us debug this: [ 69.802888][ T5330] Possible unsafe locking scenario: [ 69.802888][ T5330] [ 69.805687][ T5330] CPU0 [ 69.806942][ T5330] ---- [ 69.808295][ T5330] lock(&tree->tree_lock/1); [ 69.810297][ T5330] lock(&tree->tree_lock/1); [ 69.812171][ T5330] [ 69.812171][ T5330] *** DEADLOCK *** [ 69.812171][ T5330] [ 69.815318][ T5330] May be due to missing lock nesting notation [ 69.815318][ T5330] [ 69.818849][ T5330] 5 locks held by syz.0.0/5330: [ 69.821210][ T5330] #0: ffff88801def8420 (sb_writers#11){.+.+}-{0:0}, at: vfs_write+0x225/0xd30 [ 69.825112][ T5330] #1: ffff888043291ca0 (&sb->s_type->i_mutex_key#19){+.+.}-{4:4}, at: generic_file_write_iter+0x82/0x310 [ 69.829573][ T5330] #2: ffff888043291af8 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xff/0x1450 [ 69.833456][ T5330] #3: ffff88801defa0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x16e/0x1f0 [ 69.837075][ T5330] #4: ffff8880432900f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xff/0x1450 [ 69.841198][ T5330] [ 69.841198][ T5330] stack backtrace: [ 69.843513][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 [ 69.847252][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.851063][ T5330] Call Trace: [ 69.852389][ T5330] [ 69.853553][ T5330] dump_stack_lvl+0x241/0x360 [ 69.855388][ T5330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.857366][ T5330] ? __pfx__printk+0x10/0x10 [ 69.859102][ T5330] ? lockdep_unlock+0x16a/0x300 [ 69.861008][ T5330] print_deadlock_bug+0x483/0x620 [ 69.862948][ T5330] validate_chain+0x15e2/0x5920 [ 69.864804][ T5330] ? mark_lock+0x9a/0x360 [ 69.866474][ T5330] ? __lock_acquire+0x1397/0x2100 [ 69.868371][ T5330] ? __pfx_validate_chain+0x10/0x10 [ 69.870382][ T5330] ? mark_lock+0x9a/0x360 [ 69.872112][ T5330] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.874612][ T5330] ? mark_lock+0x9a/0x360 [ 69.876418][ T5330] __lock_acquire+0x1397/0x2100 [ 69.878419][ T5330] lock_acquire+0x1ed/0x550 [ 69.880142][ T5330] ? hfs_find_init+0x16e/0x1f0 [ 69.881931][ T5330] ? __pfx_lock_acquire+0x10/0x10 [ 69.883790][ T5330] ? hfs_find_init+0x90/0x1f0 [ 69.885647][ T5330] ? hfs_extend_file+0x31b/0x1450 [ 69.887801][ T5330] ? __pfx___might_resched+0x10/0x10 [ 69.889663][ T5330] ? hfs_get_block+0x3e4/0xb60 [ 69.891319][ T5330] ? __block_write_begin_int+0x50c/0x1a70 [ 69.893382][ T5330] ? cont_write_begin+0x6e2/0x9d0 [ 69.895256][ T5330] ? hfs_write_begin+0x68/0xb0 [ 69.897086][ T5330] ? cont_write_begin+0x338/0x9d0 [ 69.898972][ T5330] ? hfs_write_begin+0x68/0xb0 [ 69.900759][ T5330] ? generic_perform_write+0x344/0x6d0 [ 69.902825][ T5330] ? generic_file_write_iter+0xae/0x310 [ 69.905075][ T5330] ? vfs_write+0xaeb/0xd30 [ 69.906778][ T5330] ? do_syscall_64+0xf3/0x230 [ 69.908637][ T5330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.910980][ T5330] __mutex_lock+0x1ac/0xee0 [ 69.912691][ T5330] ? hfs_find_init+0x16e/0x1f0 [ 69.914655][ T5330] ? hfs_find_init+0x16e/0x1f0 [ 69.916794][ T5330] ? __pfx___mutex_lock+0x10/0x10 [ 69.918749][ T5330] ? hfs_find_init+0x90/0x1f0 [ 69.920560][ T5330] ? hfs_find_init+0x90/0x1f0 [ 69.922367][ T5330] ? rcu_is_watching+0x15/0xb0 [ 69.924224][ T5330] ? hfs_find_init+0x90/0x1f0 [ 69.926039][ T5330] ? hfs_find_init+0x90/0x1f0 [ 69.927681][ T5330] ? __kmalloc_noprof+0x21a/0x400 [ 69.929534][ T5330] hfs_find_init+0x16e/0x1f0 [ 69.931225][ T5330] hfs_extend_file+0x31b/0x1450 [ 69.933066][ T5330] ? __pfx_hfs_ext_keycmp+0x10/0x10 [ 69.934975][ T5330] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.936997][ T5330] ? __pfx___hfs_brec_find+0x10/0x10 [ 69.938925][ T5330] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.940867][ T5330] ? hfs_brec_find+0x40f/0x580 [ 69.942712][ T5330] hfs_bmap_reserve+0xd9/0x400 [ 69.944491][ T5330] __hfs_ext_write_extent+0x22e/0x4f0 [ 69.946446][ T5330] __hfs_ext_cache_extent+0x6a/0x990 [ 69.948447][ T5330] ? hfs_find_init+0x16e/0x1f0 [ 69.950219][ T5330] hfs_extend_file+0x344/0x1450 [ 69.952017][ T5330] ? __pfx_hfs_extend_file+0x10/0x10 [ 69.954088][ T5330] ? clean_bdev_aliases+0x654/0x7e0 [ 69.956025][ T5330] ? __pfx_clean_bdev_aliases+0x10/0x10 [ 69.958441][ T5330] hfs_get_block+0x3e4/0xb60 [ 69.960301][ T5330] ? __pfx_hfs_get_block+0x10/0x10 [ 69.962242][ T5330] ? create_empty_buffers+0x53e/0x740 [ 69.964217][ T5330] __block_write_begin_int+0x50c/0x1a70 [ 69.966280][ T5330] ? __pfx_hfs_get_block+0x10/0x10 [ 69.968424][ T5330] ? __pfx___block_write_begin_int+0x10/0x10 [ 69.970986][ T5330] cont_write_begin+0x6e2/0x9d0 [ 69.973019][ T5330] ? __pfx_cont_write_begin+0x10/0x10 [ 69.975189][ T5330] ? rcu_is_watching+0x15/0xb0 [ 69.976997][ T5330] ? __mark_inode_dirty+0x3db/0xe90 [ 69.978909][ T5330] hfs_write_begin+0x68/0xb0 [ 69.980615][ T5330] ? __pfx_hfs_get_block+0x10/0x10 [ 69.982599][ T5330] cont_write_begin+0x338/0x9d0 [ 69.984352][ T5330] ? __pfx_cont_write_begin+0x10/0x10 [ 69.986280][ T5330] ? __pfx_fault_in_readable+0x10/0x10 [ 69.988342][ T5330] hfs_write_begin+0x68/0xb0 [ 69.990181][ T5330] ? __pfx_hfs_get_block+0x10/0x10 [ 69.992120][ T5330] generic_perform_write+0x344/0x6d0 [ 69.994115][ T5330] ? __pfx_generic_perform_write+0x10/0x10 [ 69.996406][ T5330] ? file_update_time+0x2ab/0x450 [ 69.998266][ T5330] ? __generic_file_write_iter+0x102/0x230 [ 70.000470][ T5330] generic_file_write_iter+0xae/0x310 [ 70.002496][ T5330] vfs_write+0xaeb/0xd30 [ 70.004086][ T5330] ? __pfx_generic_file_write_iter+0x10/0x10 [ 70.006414][ T5330] ? __pfx_vfs_write+0x10/0x10 [ 70.008271][ T5330] ? __fget_files+0x2a/0x410 [ 70.010066][ T5330] ? __fget_files+0x2a/0x410 [ 70.011834][ T5330] __x64_sys_pwrite64+0x1ac/0x240 [ 70.013742][ T5330] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 70.015794][ T5330] ? do_syscall_64+0x100/0x230 [ 70.017589][ T5330] ? do_syscall_64+0xb6/0x230 [ 70.019297][ T5330] do_syscall_64+0xf3/0x230 [ 70.021058][ T5330] ? clear_bhb_loop+0x35/0x90 [ 70.022856][ T5330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.025104][ T5330] RIP: 0033:0x7f545df7e819 [ 70.026951][ T5330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.034017][ T5330] RSP: 002b:00007f545d9fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 70.037105][ T5330] RAX: ffffffffffffffda RBX: 00007f545e135fa0 RCX: 00007f545df7e819 [ 70.040286][ T5330] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000005 [ 70.043413][ T5330] RBP: 00007f545dff175e R08: 0000000000000000 R09: 0000000000000000 [ 70.046405][ T5330] R10: 0000000008000c61 R11: 0000000000000246 R12: 0000000000000000 [ 70.049372][ T5330] R13: 0000000000000000 R14: 00007f545e135fa0 R15: 00007fffa387b238 [ 70.052158][ T5330] [ 71.013418][ T4676] Bluetooth: hci0: command tx timeout [ 73.093064][ T4676] Bluetooth: hci0: command tx timeout [ 74.221978][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.221978][ T41] loop0: rw=1048577, sector=4169, nr_sectors = 1 limit=64 [ 74.227320][ T41] Buffer I/O error on dev loop0, logical block 4169, lost async page write [ 74.230684][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.230684][ T41] loop0: rw=1048577, sector=4170, nr_sectors = 1 limit=64 [ 74.237130][ T41] Buffer I/O error on dev loop0, logical block 4170, lost async page write [ 74.240501][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.240501][ T41] loop0: rw=1048577, sector=4172, nr_sectors = 1 limit=64 [ 74.246354][ T41] Buffer I/O error on dev loop0, logical block 4172, lost async page write [ 74.249721][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.249721][ T41] loop0: rw=1048577, sector=4173, nr_sectors = 1 limit=64 [ 74.255827][ T41] Buffer I/O error on dev loop0, logical block 4173, lost async page write [ 74.259846][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.259846][ T41] loop0: rw=1048577, sector=4174, nr_sectors = 1 limit=64 [ 74.265829][ T41] Buffer I/O error on dev loop0, logical block 4174, lost async page write [ 74.269180][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.269180][ T41] loop0: rw=1048577, sector=4175, nr_sectors = 1 limit=64 [ 74.275138][ T41] Buffer I/O error on dev loop0, logical block 4175, lost async page write [ 74.278485][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.278485][ T41] loop0: rw=1048577, sector=4176, nr_sectors = 1 limit=64 [ 74.284086][ T41] Buffer I/O error on dev loop0, logical block 4176, lost async page write [ 74.287357][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.287357][ T41] loop0: rw=1048577, sector=4177, nr_sectors = 1 limit=64 [ 74.292372][ T41] Buffer I/O error on dev loop0, logical block 4177, lost async page write [ 74.296643][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.296643][ T41] loop0: rw=1048577, sector=4178, nr_sectors = 16 limit=64 [ 74.301991][ T41] kworker/u4:3: attempt to access beyond end of device [ 74.301991][ T41] loop0: rw=1048577, sector=4196, nr_sectors = 160 limit=64 [ 74.307721][ T41] Buffer I/O error on dev loop0, logical block 4356, lost async page write [ 74.311054][ T41] Buffer I/O error on dev loop0, logical block 4357, lost async page write [ 75.172887][ T4676] Bluetooth: hci0: command tx timeout